1 /* 2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "utils/includes.h" 16 17 #include "utils/common.h" 18 #include "utils/eloop.h" 19 #include "utils/state_machine.h" 20 #include "common/ieee802_11_defs.h" 21 #include "crypto/aes_wrap.h" 22 #include "crypto/crypto.h" 23 #include "crypto/sha1.h" 24 #include "crypto/sha256.h" 25 #include "eapol_auth/eapol_auth_sm.h" 26 #include "ap_config.h" 27 #include "ieee802_11.h" 28 #include "wpa_auth.h" 29 #include "pmksa_cache_auth.h" 30 #include "wpa_auth_i.h" 31 #include "wpa_auth_ie.h" 32 33 #define STATE_MACHINE_DATA struct wpa_state_machine 34 #define STATE_MACHINE_DEBUG_PREFIX "WPA" 35 #define STATE_MACHINE_ADDR sm->addr 36 37 38 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); 39 static int wpa_sm_step(struct wpa_state_machine *sm); 40 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len); 41 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); 42 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 43 struct wpa_group *group); 44 static void wpa_request_new_ptk(struct wpa_state_machine *sm); 45 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 46 struct wpa_group *group); 47 48 static const u32 dot11RSNAConfigGroupUpdateCount = 4; 49 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; 50 static const u32 eapol_key_timeout_first = 100; /* ms */ 51 static const u32 eapol_key_timeout_subseq = 1000; /* ms */ 52 53 /* TODO: make these configurable */ 54 static const int dot11RSNAConfigPMKLifetime = 43200; 55 static const int dot11RSNAConfigPMKReauthThreshold = 70; 56 static const int dot11RSNAConfigSATimeout = 60; 57 58 59 static inline void wpa_auth_mic_failure_report( 60 struct wpa_authenticator *wpa_auth, const u8 *addr) 61 { 62 if (wpa_auth->cb.mic_failure_report) 63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); 64 } 65 66 67 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, 68 const u8 *addr, wpa_eapol_variable var, 69 int value) 70 { 71 if (wpa_auth->cb.set_eapol) 72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); 73 } 74 75 76 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, 77 const u8 *addr, wpa_eapol_variable var) 78 { 79 if (wpa_auth->cb.get_eapol == NULL) 80 return -1; 81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); 82 } 83 84 85 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, 86 const u8 *addr, const u8 *prev_psk) 87 { 88 if (wpa_auth->cb.get_psk == NULL) 89 return NULL; 90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk); 91 } 92 93 94 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth, 95 const u8 *addr, u8 *msk, size_t *len) 96 { 97 if (wpa_auth->cb.get_msk == NULL) 98 return -1; 99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len); 100 } 101 102 103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 104 int vlan_id, 105 enum wpa_alg alg, const u8 *addr, int idx, 106 u8 *key, size_t key_len) 107 { 108 if (wpa_auth->cb.set_key == NULL) 109 return -1; 110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, 111 key, key_len); 112 } 113 114 115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 116 const u8 *addr, int idx, u8 *seq) 117 { 118 if (wpa_auth->cb.get_seqnum == NULL) 119 return -1; 120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); 121 } 122 123 124 static inline int 125 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, 126 const u8 *data, size_t data_len, int encrypt) 127 { 128 if (wpa_auth->cb.send_eapol == NULL) 129 return -1; 130 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, 131 encrypt); 132 } 133 134 135 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, 136 int (*cb)(struct wpa_state_machine *sm, void *ctx), 137 void *cb_ctx) 138 { 139 if (wpa_auth->cb.for_each_sta == NULL) 140 return 0; 141 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); 142 } 143 144 145 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, 146 int (*cb)(struct wpa_authenticator *a, void *ctx), 147 void *cb_ctx) 148 { 149 if (wpa_auth->cb.for_each_auth == NULL) 150 return 0; 151 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx); 152 } 153 154 155 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, 156 logger_level level, const char *txt) 157 { 158 if (wpa_auth->cb.logger == NULL) 159 return; 160 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); 161 } 162 163 164 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, 165 logger_level level, const char *fmt, ...) 166 { 167 char *format; 168 int maxlen; 169 va_list ap; 170 171 if (wpa_auth->cb.logger == NULL) 172 return; 173 174 maxlen = os_strlen(fmt) + 100; 175 format = os_malloc(maxlen); 176 if (!format) 177 return; 178 179 va_start(ap, fmt); 180 vsnprintf(format, maxlen, fmt, ap); 181 va_end(ap); 182 183 wpa_auth_logger(wpa_auth, addr, level, format); 184 185 os_free(format); 186 } 187 188 189 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, 190 const u8 *addr) 191 { 192 if (wpa_auth->cb.disconnect == NULL) 193 return; 194 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, 195 WLAN_REASON_PREV_AUTH_NOT_VALID); 196 } 197 198 199 static int wpa_use_aes_cmac(struct wpa_state_machine *sm) 200 { 201 int ret = 0; 202 #ifdef CONFIG_IEEE80211R 203 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 204 ret = 1; 205 #endif /* CONFIG_IEEE80211R */ 206 #ifdef CONFIG_IEEE80211W 207 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) 208 ret = 1; 209 #endif /* CONFIG_IEEE80211W */ 210 return ret; 211 } 212 213 214 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) 215 { 216 struct wpa_authenticator *wpa_auth = eloop_ctx; 217 218 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) { 219 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 220 "initialization."); 221 } else { 222 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); 223 } 224 225 if (wpa_auth->conf.wpa_gmk_rekey) { 226 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 227 wpa_rekey_gmk, wpa_auth, NULL); 228 } 229 } 230 231 232 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) 233 { 234 struct wpa_authenticator *wpa_auth = eloop_ctx; 235 struct wpa_group *group; 236 237 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); 238 for (group = wpa_auth->group; group; group = group->next) { 239 group->GTKReKey = TRUE; 240 do { 241 group->changed = FALSE; 242 wpa_group_sm_step(wpa_auth, group); 243 } while (group->changed); 244 } 245 246 if (wpa_auth->conf.wpa_group_rekey) { 247 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 248 0, wpa_rekey_gtk, wpa_auth, NULL); 249 } 250 } 251 252 253 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 254 { 255 struct wpa_authenticator *wpa_auth = eloop_ctx; 256 struct wpa_state_machine *sm = timeout_ctx; 257 258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); 259 wpa_request_new_ptk(sm); 260 wpa_sm_step(sm); 261 } 262 263 264 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) 265 { 266 if (sm->pmksa == ctx) 267 sm->pmksa = NULL; 268 return 0; 269 } 270 271 272 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 273 void *ctx) 274 { 275 struct wpa_authenticator *wpa_auth = ctx; 276 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); 277 } 278 279 280 static void wpa_group_set_key_len(struct wpa_group *group, int cipher) 281 { 282 switch (cipher) { 283 case WPA_CIPHER_CCMP: 284 group->GTK_len = 16; 285 break; 286 case WPA_CIPHER_TKIP: 287 group->GTK_len = 32; 288 break; 289 case WPA_CIPHER_WEP104: 290 group->GTK_len = 13; 291 break; 292 case WPA_CIPHER_WEP40: 293 group->GTK_len = 5; 294 break; 295 } 296 } 297 298 299 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, 300 int vlan_id) 301 { 302 struct wpa_group *group; 303 u8 buf[ETH_ALEN + 8 + sizeof(group)]; 304 u8 rkey[32]; 305 306 group = os_zalloc(sizeof(struct wpa_group)); 307 if (group == NULL) 308 return NULL; 309 310 group->GTKAuthenticator = TRUE; 311 group->vlan_id = vlan_id; 312 313 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group); 314 315 /* Counter = PRF-256(Random number, "Init Counter", 316 * Local MAC Address || Time) 317 */ 318 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); 319 wpa_get_ntp_timestamp(buf + ETH_ALEN); 320 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group)); 321 if (os_get_random(rkey, sizeof(rkey)) || 322 os_get_random(group->GMK, WPA_GMK_LEN)) { 323 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 324 "initialization."); 325 os_free(group); 326 return NULL; 327 } 328 329 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), 330 group->Counter, WPA_NONCE_LEN); 331 332 group->GInit = TRUE; 333 wpa_group_sm_step(wpa_auth, group); 334 group->GInit = FALSE; 335 wpa_group_sm_step(wpa_auth, group); 336 337 return group; 338 } 339 340 341 /** 342 * wpa_init - Initialize WPA authenticator 343 * @addr: Authenticator address 344 * @conf: Configuration for WPA authenticator 345 * @cb: Callback functions for WPA authenticator 346 * Returns: Pointer to WPA authenticator data or %NULL on failure 347 */ 348 struct wpa_authenticator * wpa_init(const u8 *addr, 349 struct wpa_auth_config *conf, 350 struct wpa_auth_callbacks *cb) 351 { 352 struct wpa_authenticator *wpa_auth; 353 354 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator)); 355 if (wpa_auth == NULL) 356 return NULL; 357 os_memcpy(wpa_auth->addr, addr, ETH_ALEN); 358 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 359 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb)); 360 361 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 362 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 363 os_free(wpa_auth); 364 return NULL; 365 } 366 367 wpa_auth->group = wpa_group_init(wpa_auth, 0); 368 if (wpa_auth->group == NULL) { 369 os_free(wpa_auth->wpa_ie); 370 os_free(wpa_auth); 371 return NULL; 372 } 373 374 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb, 375 wpa_auth); 376 if (wpa_auth->pmksa == NULL) { 377 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); 378 os_free(wpa_auth->wpa_ie); 379 os_free(wpa_auth); 380 return NULL; 381 } 382 383 #ifdef CONFIG_IEEE80211R 384 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); 385 if (wpa_auth->ft_pmk_cache == NULL) { 386 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed."); 387 os_free(wpa_auth->wpa_ie); 388 pmksa_cache_auth_deinit(wpa_auth->pmksa); 389 os_free(wpa_auth); 390 return NULL; 391 } 392 #endif /* CONFIG_IEEE80211R */ 393 394 if (wpa_auth->conf.wpa_gmk_rekey) { 395 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 396 wpa_rekey_gmk, wpa_auth, NULL); 397 } 398 399 if (wpa_auth->conf.wpa_group_rekey) { 400 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, 401 wpa_rekey_gtk, wpa_auth, NULL); 402 } 403 404 return wpa_auth; 405 } 406 407 408 /** 409 * wpa_deinit - Deinitialize WPA authenticator 410 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 411 */ 412 void wpa_deinit(struct wpa_authenticator *wpa_auth) 413 { 414 struct wpa_group *group, *prev; 415 416 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); 417 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 418 419 #ifdef CONFIG_PEERKEY 420 while (wpa_auth->stsl_negotiations) 421 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); 422 #endif /* CONFIG_PEERKEY */ 423 424 pmksa_cache_auth_deinit(wpa_auth->pmksa); 425 426 #ifdef CONFIG_IEEE80211R 427 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache); 428 wpa_auth->ft_pmk_cache = NULL; 429 #endif /* CONFIG_IEEE80211R */ 430 431 os_free(wpa_auth->wpa_ie); 432 433 group = wpa_auth->group; 434 while (group) { 435 prev = group; 436 group = group->next; 437 os_free(prev); 438 } 439 440 os_free(wpa_auth); 441 } 442 443 444 /** 445 * wpa_reconfig - Update WPA authenticator configuration 446 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 447 * @conf: Configuration for WPA authenticator 448 */ 449 int wpa_reconfig(struct wpa_authenticator *wpa_auth, 450 struct wpa_auth_config *conf) 451 { 452 struct wpa_group *group; 453 if (wpa_auth == NULL) 454 return 0; 455 456 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 457 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 458 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 459 return -1; 460 } 461 462 /* 463 * Reinitialize GTK to make sure it is suitable for the new 464 * configuration. 465 */ 466 group = wpa_auth->group; 467 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group); 468 group->GInit = TRUE; 469 wpa_group_sm_step(wpa_auth, group); 470 group->GInit = FALSE; 471 wpa_group_sm_step(wpa_auth, group); 472 473 return 0; 474 } 475 476 477 struct wpa_state_machine * 478 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr) 479 { 480 struct wpa_state_machine *sm; 481 482 sm = os_zalloc(sizeof(struct wpa_state_machine)); 483 if (sm == NULL) 484 return NULL; 485 os_memcpy(sm->addr, addr, ETH_ALEN); 486 487 sm->wpa_auth = wpa_auth; 488 sm->group = wpa_auth->group; 489 490 return sm; 491 } 492 493 494 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 495 struct wpa_state_machine *sm) 496 { 497 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 498 return -1; 499 500 #ifdef CONFIG_IEEE80211R 501 if (sm->ft_completed) { 502 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 503 "FT authentication already completed - do not " 504 "start 4-way handshake"); 505 return 0; 506 } 507 #endif /* CONFIG_IEEE80211R */ 508 509 if (sm->started) { 510 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); 511 sm->ReAuthenticationRequest = TRUE; 512 return wpa_sm_step(sm); 513 } 514 515 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 516 "start authentication"); 517 sm->started = 1; 518 519 sm->Init = TRUE; 520 if (wpa_sm_step(sm) == 1) 521 return 1; /* should not really happen */ 522 sm->Init = FALSE; 523 sm->AuthenticationRequest = TRUE; 524 return wpa_sm_step(sm); 525 } 526 527 528 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) 529 { 530 /* WPA/RSN was not used - clear WPA state. This is needed if the STA 531 * reassociates back to the same AP while the previous entry for the 532 * STA has not yet been removed. */ 533 if (sm == NULL) 534 return; 535 536 sm->wpa_key_mgmt = 0; 537 } 538 539 540 static void wpa_free_sta_sm(struct wpa_state_machine *sm) 541 { 542 #ifdef CONFIG_IEEE80211R 543 os_free(sm->assoc_resp_ftie); 544 #endif /* CONFIG_IEEE80211R */ 545 os_free(sm->last_rx_eapol_key); 546 os_free(sm->wpa_ie); 547 os_free(sm); 548 } 549 550 551 void wpa_auth_sta_deinit(struct wpa_state_machine *sm) 552 { 553 if (sm == NULL) 554 return; 555 556 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { 557 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 558 "strict rekeying - force GTK rekey since STA " 559 "is leaving"); 560 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); 561 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, 562 NULL); 563 } 564 565 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 566 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); 567 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 568 if (sm->in_step_loop) { 569 /* Must not free state machine while wpa_sm_step() is running. 570 * Freeing will be completed in the end of wpa_sm_step(). */ 571 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " 572 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 573 sm->pending_deinit = 1; 574 } else 575 wpa_free_sta_sm(sm); 576 } 577 578 579 static void wpa_request_new_ptk(struct wpa_state_machine *sm) 580 { 581 if (sm == NULL) 582 return; 583 584 sm->PTKRequest = TRUE; 585 sm->PTK_valid = 0; 586 } 587 588 589 static int wpa_replay_counter_valid(struct wpa_state_machine *sm, 590 const u8 *replay_counter) 591 { 592 int i; 593 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 594 if (!sm->key_replay[i].valid) 595 break; 596 if (os_memcmp(replay_counter, sm->key_replay[i].counter, 597 WPA_REPLAY_COUNTER_LEN) == 0) 598 return 1; 599 } 600 return 0; 601 } 602 603 604 #ifdef CONFIG_IEEE80211R 605 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth, 606 struct wpa_state_machine *sm, 607 struct wpa_eapol_ie_parse *kde) 608 { 609 struct wpa_ie_data ie; 610 struct rsn_mdie *mdie; 611 612 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || 613 ie.num_pmkid != 1 || ie.pmkid == NULL) { 614 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " 615 "FT 4-way handshake message 2/4"); 616 return -1; 617 } 618 619 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); 620 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant", 621 sm->sup_pmk_r1_name, PMKID_LEN); 622 623 if (!kde->mdie || !kde->ftie) { 624 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " 625 "message 2/4", kde->mdie ? "FTIE" : "MDIE"); 626 return -1; 627 } 628 629 mdie = (struct rsn_mdie *) (kde->mdie + 2); 630 if (kde->mdie[1] < sizeof(struct rsn_mdie) || 631 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain, 632 MOBILITY_DOMAIN_ID_LEN) != 0) { 633 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); 634 return -1; 635 } 636 637 if (sm->assoc_resp_ftie && 638 (kde->ftie[1] != sm->assoc_resp_ftie[1] || 639 os_memcmp(kde->ftie, sm->assoc_resp_ftie, 640 2 + sm->assoc_resp_ftie[1]) != 0)) { 641 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); 642 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4", 643 kde->ftie, kde->ftie_len); 644 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp", 645 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); 646 return -1; 647 } 648 649 return 0; 650 } 651 #endif /* CONFIG_IEEE80211R */ 652 653 654 void wpa_receive(struct wpa_authenticator *wpa_auth, 655 struct wpa_state_machine *sm, 656 u8 *data, size_t data_len) 657 { 658 struct ieee802_1x_hdr *hdr; 659 struct wpa_eapol_key *key; 660 u16 key_info, key_data_length; 661 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, 662 SMK_M1, SMK_M3, SMK_ERROR } msg; 663 char *msgtxt; 664 struct wpa_eapol_ie_parse kde; 665 int ft; 666 const u8 *eapol_key_ie; 667 size_t eapol_key_ie_len; 668 669 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 670 return; 671 672 if (data_len < sizeof(*hdr) + sizeof(*key)) 673 return; 674 675 hdr = (struct ieee802_1x_hdr *) data; 676 key = (struct wpa_eapol_key *) (hdr + 1); 677 key_info = WPA_GET_BE16(key->key_info); 678 key_data_length = WPA_GET_BE16(key->key_data_length); 679 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { 680 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " 681 "key_data overflow (%d > %lu)", 682 key_data_length, 683 (unsigned long) (data_len - sizeof(*hdr) - 684 sizeof(*key))); 685 return; 686 } 687 688 if (sm->wpa == WPA_VERSION_WPA2) { 689 if (key->type != EAPOL_KEY_TYPE_RSN) { 690 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 691 "unexpected type %d in RSN mode", 692 key->type); 693 return; 694 } 695 } else { 696 if (key->type != EAPOL_KEY_TYPE_WPA) { 697 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 698 "unexpected type %d in WPA mode", 699 key->type); 700 return; 701 } 702 } 703 704 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys 705 * are set */ 706 707 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == 708 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { 709 if (key_info & WPA_KEY_INFO_ERROR) { 710 msg = SMK_ERROR; 711 msgtxt = "SMK Error"; 712 } else { 713 msg = SMK_M1; 714 msgtxt = "SMK M1"; 715 } 716 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 717 msg = SMK_M3; 718 msgtxt = "SMK M3"; 719 } else if (key_info & WPA_KEY_INFO_REQUEST) { 720 msg = REQUEST; 721 msgtxt = "Request"; 722 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { 723 msg = GROUP_2; 724 msgtxt = "2/2 Group"; 725 } else if (key_data_length == 0) { 726 msg = PAIRWISE_4; 727 msgtxt = "4/4 Pairwise"; 728 } else { 729 msg = PAIRWISE_2; 730 msgtxt = "2/4 Pairwise"; 731 } 732 733 /* TODO: key_info type validation for PeerKey */ 734 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || 735 msg == GROUP_2) { 736 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 737 if (sm->pairwise == WPA_CIPHER_CCMP) { 738 if (wpa_use_aes_cmac(sm) && 739 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 740 wpa_auth_logger(wpa_auth, sm->addr, 741 LOGGER_WARNING, 742 "advertised support for " 743 "AES-128-CMAC, but did not " 744 "use it"); 745 return; 746 } 747 748 if (!wpa_use_aes_cmac(sm) && 749 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 750 wpa_auth_logger(wpa_auth, sm->addr, 751 LOGGER_WARNING, 752 "did not use HMAC-SHA1-AES " 753 "with CCMP"); 754 return; 755 } 756 } 757 } 758 759 if (key_info & WPA_KEY_INFO_REQUEST) { 760 if (sm->req_replay_counter_used && 761 os_memcmp(key->replay_counter, sm->req_replay_counter, 762 WPA_REPLAY_COUNTER_LEN) <= 0) { 763 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 764 "received EAPOL-Key request with " 765 "replayed counter"); 766 return; 767 } 768 } 769 770 if (!(key_info & WPA_KEY_INFO_REQUEST) && 771 !wpa_replay_counter_valid(sm, key->replay_counter)) { 772 int i; 773 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 774 "received EAPOL-Key %s with unexpected " 775 "replay counter", msgtxt); 776 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 777 if (!sm->key_replay[i].valid) 778 break; 779 wpa_hexdump(MSG_DEBUG, "pending replay counter", 780 sm->key_replay[i].counter, 781 WPA_REPLAY_COUNTER_LEN); 782 } 783 wpa_hexdump(MSG_DEBUG, "received replay counter", 784 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 785 return; 786 } 787 788 switch (msg) { 789 case PAIRWISE_2: 790 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && 791 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) { 792 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 793 "received EAPOL-Key msg 2/4 in " 794 "invalid state (%d) - dropped", 795 sm->wpa_ptk_state); 796 return; 797 } 798 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length, 799 &kde) < 0) { 800 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 801 "received EAPOL-Key msg 2/4 with " 802 "invalid Key Data contents"); 803 return; 804 } 805 if (kde.rsn_ie) { 806 eapol_key_ie = kde.rsn_ie; 807 eapol_key_ie_len = kde.rsn_ie_len; 808 } else { 809 eapol_key_ie = kde.wpa_ie; 810 eapol_key_ie_len = kde.wpa_ie_len; 811 } 812 ft = sm->wpa == WPA_VERSION_WPA2 && 813 wpa_key_mgmt_ft(sm->wpa_key_mgmt); 814 if (sm->wpa_ie == NULL || 815 wpa_compare_rsn_ie(ft, 816 sm->wpa_ie, sm->wpa_ie_len, 817 eapol_key_ie, eapol_key_ie_len)) { 818 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 819 "WPA IE from (Re)AssocReq did not " 820 "match with msg 2/4"); 821 if (sm->wpa_ie) { 822 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", 823 sm->wpa_ie, sm->wpa_ie_len); 824 } 825 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", 826 eapol_key_ie, eapol_key_ie_len); 827 /* MLME-DEAUTHENTICATE.request */ 828 wpa_sta_disconnect(wpa_auth, sm->addr); 829 return; 830 } 831 #ifdef CONFIG_IEEE80211R 832 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { 833 wpa_sta_disconnect(wpa_auth, sm->addr); 834 return; 835 } 836 #endif /* CONFIG_IEEE80211R */ 837 break; 838 case PAIRWISE_4: 839 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || 840 !sm->PTK_valid) { 841 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 842 "received EAPOL-Key msg 4/4 in " 843 "invalid state (%d) - dropped", 844 sm->wpa_ptk_state); 845 return; 846 } 847 break; 848 case GROUP_2: 849 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING 850 || !sm->PTK_valid) { 851 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 852 "received EAPOL-Key msg 2/2 in " 853 "invalid state (%d) - dropped", 854 sm->wpa_ptk_group_state); 855 return; 856 } 857 break; 858 #ifdef CONFIG_PEERKEY 859 case SMK_M1: 860 case SMK_M3: 861 case SMK_ERROR: 862 if (!wpa_auth->conf.peerkey) { 863 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " 864 "PeerKey use disabled - ignoring message"); 865 return; 866 } 867 if (!sm->PTK_valid) { 868 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 869 "received EAPOL-Key msg SMK in " 870 "invalid state - dropped"); 871 return; 872 } 873 break; 874 #else /* CONFIG_PEERKEY */ 875 case SMK_M1: 876 case SMK_M3: 877 case SMK_ERROR: 878 return; /* STSL disabled - ignore SMK messages */ 879 #endif /* CONFIG_PEERKEY */ 880 case REQUEST: 881 break; 882 } 883 884 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 885 "received EAPOL-Key frame (%s)", msgtxt); 886 887 if (key_info & WPA_KEY_INFO_ACK) { 888 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 889 "received invalid EAPOL-Key: Key Ack set"); 890 return; 891 } 892 893 if (!(key_info & WPA_KEY_INFO_MIC)) { 894 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 895 "received invalid EAPOL-Key: Key MIC not set"); 896 return; 897 } 898 899 sm->MICVerified = FALSE; 900 if (sm->PTK_valid) { 901 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) { 902 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 903 "received EAPOL-Key with invalid MIC"); 904 return; 905 } 906 sm->MICVerified = TRUE; 907 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 908 } 909 910 if (key_info & WPA_KEY_INFO_REQUEST) { 911 if (sm->MICVerified) { 912 sm->req_replay_counter_used = 1; 913 os_memcpy(sm->req_replay_counter, key->replay_counter, 914 WPA_REPLAY_COUNTER_LEN); 915 } else { 916 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 917 "received EAPOL-Key request with " 918 "invalid MIC"); 919 return; 920 } 921 922 /* 923 * TODO: should decrypt key data field if encryption was used; 924 * even though MAC address KDE is not normally encrypted, 925 * supplicant is allowed to encrypt it. 926 */ 927 if (msg == SMK_ERROR) { 928 #ifdef CONFIG_PEERKEY 929 wpa_smk_error(wpa_auth, sm, key); 930 #endif /* CONFIG_PEERKEY */ 931 return; 932 } else if (key_info & WPA_KEY_INFO_ERROR) { 933 /* Supplicant reported a Michael MIC error */ 934 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 935 "received EAPOL-Key Error Request " 936 "(STA detected Michael MIC failure)"); 937 wpa_auth_mic_failure_report(wpa_auth, sm->addr); 938 sm->dot11RSNAStatsTKIPRemoteMICFailures++; 939 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; 940 /* Error report is not a request for a new key 941 * handshake, but since Authenticator may do it, let's 942 * change the keys now anyway. */ 943 wpa_request_new_ptk(sm); 944 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { 945 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 946 "received EAPOL-Key Request for new " 947 "4-Way Handshake"); 948 wpa_request_new_ptk(sm); 949 #ifdef CONFIG_PEERKEY 950 } else if (msg == SMK_M1) { 951 wpa_smk_m1(wpa_auth, sm, key); 952 #endif /* CONFIG_PEERKEY */ 953 } else if (key_data_length > 0 && 954 wpa_parse_kde_ies((const u8 *) (key + 1), 955 key_data_length, &kde) == 0 && 956 kde.mac_addr) { 957 } else { 958 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 959 "received EAPOL-Key Request for GTK " 960 "rekeying"); 961 /* FIX: why was this triggering PTK rekeying for the 962 * STA that requested Group Key rekeying?? */ 963 /* wpa_request_new_ptk(sta->wpa_sm); */ 964 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 965 wpa_rekey_gtk(wpa_auth, NULL); 966 } 967 } else { 968 /* Do not allow the same key replay counter to be reused. This 969 * does also invalidate all other pending replay counters if 970 * retransmissions were used, i.e., we will only process one of 971 * the pending replies and ignore rest if more than one is 972 * received. */ 973 sm->key_replay[0].valid = FALSE; 974 } 975 976 #ifdef CONFIG_PEERKEY 977 if (msg == SMK_M3) { 978 wpa_smk_m3(wpa_auth, sm, key); 979 return; 980 } 981 #endif /* CONFIG_PEERKEY */ 982 983 os_free(sm->last_rx_eapol_key); 984 sm->last_rx_eapol_key = os_malloc(data_len); 985 if (sm->last_rx_eapol_key == NULL) 986 return; 987 os_memcpy(sm->last_rx_eapol_key, data, data_len); 988 sm->last_rx_eapol_key_len = data_len; 989 990 sm->EAPOLKeyReceived = TRUE; 991 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 992 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); 993 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); 994 wpa_sm_step(sm); 995 } 996 997 998 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce, 999 u8 *gtk, size_t gtk_len) 1000 { 1001 u8 data[ETH_ALEN + WPA_NONCE_LEN]; 1002 1003 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */ 1004 os_memcpy(data, addr, ETH_ALEN); 1005 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); 1006 1007 #ifdef CONFIG_IEEE80211W 1008 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion", 1009 data, sizeof(data), gtk, gtk_len); 1010 #else /* CONFIG_IEEE80211W */ 1011 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion", 1012 data, sizeof(data), gtk, gtk_len); 1013 #endif /* CONFIG_IEEE80211W */ 1014 1015 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN); 1016 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len); 1017 } 1018 1019 1020 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) 1021 { 1022 struct wpa_authenticator *wpa_auth = eloop_ctx; 1023 struct wpa_state_machine *sm = timeout_ctx; 1024 1025 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); 1026 sm->TimeoutEvt = TRUE; 1027 wpa_sm_step(sm); 1028 } 1029 1030 1031 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1032 struct wpa_state_machine *sm, int key_info, 1033 const u8 *key_rsc, const u8 *nonce, 1034 const u8 *kde, size_t kde_len, 1035 int keyidx, int encr, int force_version) 1036 { 1037 struct ieee802_1x_hdr *hdr; 1038 struct wpa_eapol_key *key; 1039 size_t len; 1040 int alg; 1041 int key_data_len, pad_len = 0; 1042 u8 *buf, *pos; 1043 int version, pairwise; 1044 int i; 1045 1046 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key); 1047 1048 if (force_version) 1049 version = force_version; 1050 else if (wpa_use_aes_cmac(sm)) 1051 version = WPA_KEY_INFO_TYPE_AES_128_CMAC; 1052 else if (sm->pairwise == WPA_CIPHER_CCMP) 1053 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1054 else 1055 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1056 1057 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1058 1059 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " 1060 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " 1061 "encr=%d)", 1062 version, 1063 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, 1064 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, 1065 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, 1066 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, 1067 pairwise, (unsigned long) kde_len, keyidx, encr); 1068 1069 key_data_len = kde_len; 1070 1071 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1072 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { 1073 pad_len = key_data_len % 8; 1074 if (pad_len) 1075 pad_len = 8 - pad_len; 1076 key_data_len += pad_len + 8; 1077 } 1078 1079 len += key_data_len; 1080 1081 hdr = os_zalloc(len); 1082 if (hdr == NULL) 1083 return; 1084 hdr->version = wpa_auth->conf.eapol_version; 1085 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1086 hdr->length = host_to_be16(len - sizeof(*hdr)); 1087 key = (struct wpa_eapol_key *) (hdr + 1); 1088 1089 key->type = sm->wpa == WPA_VERSION_WPA2 ? 1090 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1091 key_info |= version; 1092 if (encr && sm->wpa == WPA_VERSION_WPA2) 1093 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 1094 if (sm->wpa != WPA_VERSION_WPA2) 1095 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; 1096 WPA_PUT_BE16(key->key_info, key_info); 1097 1098 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; 1099 switch (alg) { 1100 case WPA_CIPHER_CCMP: 1101 WPA_PUT_BE16(key->key_length, 16); 1102 break; 1103 case WPA_CIPHER_TKIP: 1104 WPA_PUT_BE16(key->key_length, 32); 1105 break; 1106 case WPA_CIPHER_WEP40: 1107 WPA_PUT_BE16(key->key_length, 5); 1108 break; 1109 case WPA_CIPHER_WEP104: 1110 WPA_PUT_BE16(key->key_length, 13); 1111 break; 1112 } 1113 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) 1114 WPA_PUT_BE16(key->key_length, 0); 1115 1116 /* FIX: STSL: what to use as key_replay_counter? */ 1117 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { 1118 sm->key_replay[i].valid = sm->key_replay[i - 1].valid; 1119 os_memcpy(sm->key_replay[i].counter, 1120 sm->key_replay[i - 1].counter, 1121 WPA_REPLAY_COUNTER_LEN); 1122 } 1123 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); 1124 os_memcpy(key->replay_counter, sm->key_replay[0].counter, 1125 WPA_REPLAY_COUNTER_LEN); 1126 sm->key_replay[0].valid = TRUE; 1127 1128 if (nonce) 1129 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); 1130 1131 if (key_rsc) 1132 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); 1133 1134 if (kde && !encr) { 1135 os_memcpy(key + 1, kde, kde_len); 1136 WPA_PUT_BE16(key->key_data_length, kde_len); 1137 } else if (encr && kde) { 1138 buf = os_zalloc(key_data_len); 1139 if (buf == NULL) { 1140 os_free(hdr); 1141 return; 1142 } 1143 pos = buf; 1144 os_memcpy(pos, kde, kde_len); 1145 pos += kde_len; 1146 1147 if (pad_len) 1148 *pos++ = 0xdd; 1149 1150 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", 1151 buf, key_data_len); 1152 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1153 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1154 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf, 1155 (u8 *) (key + 1))) { 1156 os_free(hdr); 1157 os_free(buf); 1158 return; 1159 } 1160 WPA_PUT_BE16(key->key_data_length, key_data_len); 1161 } else { 1162 u8 ek[32]; 1163 os_memcpy(key->key_iv, 1164 sm->group->Counter + WPA_NONCE_LEN - 16, 16); 1165 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1166 os_memcpy(ek, key->key_iv, 16); 1167 os_memcpy(ek + 16, sm->PTK.kek, 16); 1168 os_memcpy(key + 1, buf, key_data_len); 1169 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len); 1170 WPA_PUT_BE16(key->key_data_length, key_data_len); 1171 } 1172 os_free(buf); 1173 } 1174 1175 if (key_info & WPA_KEY_INFO_MIC) { 1176 if (!sm->PTK_valid) { 1177 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 1178 "PTK not valid when sending EAPOL-Key " 1179 "frame"); 1180 os_free(hdr); 1181 return; 1182 } 1183 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len, 1184 key->key_mic); 1185 } 1186 1187 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1188 1); 1189 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, 1190 sm->pairwise_set); 1191 os_free(hdr); 1192 } 1193 1194 1195 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1196 struct wpa_state_machine *sm, int key_info, 1197 const u8 *key_rsc, const u8 *nonce, 1198 const u8 *kde, size_t kde_len, 1199 int keyidx, int encr) 1200 { 1201 int timeout_ms; 1202 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1203 int ctr; 1204 1205 if (sm == NULL) 1206 return; 1207 1208 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, 1209 keyidx, encr, 0); 1210 1211 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; 1212 if (ctr == 1) 1213 timeout_ms = eapol_key_timeout_first; 1214 else 1215 timeout_ms = eapol_key_timeout_subseq; 1216 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, 1217 wpa_send_eapol_timeout, wpa_auth, sm); 1218 } 1219 1220 1221 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len) 1222 { 1223 struct ieee802_1x_hdr *hdr; 1224 struct wpa_eapol_key *key; 1225 u16 key_info; 1226 int ret = 0; 1227 u8 mic[16]; 1228 1229 if (data_len < sizeof(*hdr) + sizeof(*key)) 1230 return -1; 1231 1232 hdr = (struct ieee802_1x_hdr *) data; 1233 key = (struct wpa_eapol_key *) (hdr + 1); 1234 key_info = WPA_GET_BE16(key->key_info); 1235 os_memcpy(mic, key->key_mic, 16); 1236 os_memset(key->key_mic, 0, 16); 1237 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK, 1238 data, data_len, key->key_mic) || 1239 os_memcmp(mic, key->key_mic, 16) != 0) 1240 ret = -1; 1241 os_memcpy(key->key_mic, mic, 16); 1242 return ret; 1243 } 1244 1245 1246 void wpa_remove_ptk(struct wpa_state_machine *sm) 1247 { 1248 sm->PTK_valid = FALSE; 1249 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1250 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "", 1251 0); 1252 sm->pairwise_set = FALSE; 1253 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1254 } 1255 1256 1257 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) 1258 { 1259 int remove_ptk = 1; 1260 1261 if (sm == NULL) 1262 return -1; 1263 1264 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1265 "event %d notification", event); 1266 1267 switch (event) { 1268 case WPA_AUTH: 1269 case WPA_ASSOC: 1270 break; 1271 case WPA_DEAUTH: 1272 case WPA_DISASSOC: 1273 sm->DeauthenticationRequest = TRUE; 1274 break; 1275 case WPA_REAUTH: 1276 case WPA_REAUTH_EAPOL: 1277 if (!sm->started) { 1278 /* 1279 * When using WPS, we may end up here if the STA 1280 * manages to re-associate without the previous STA 1281 * entry getting removed. Consequently, we need to make 1282 * sure that the WPA state machines gets initialized 1283 * properly at this point. 1284 */ 1285 wpa_printf(MSG_DEBUG, "WPA state machine had not been " 1286 "started - initialize now"); 1287 sm->started = 1; 1288 sm->Init = TRUE; 1289 if (wpa_sm_step(sm) == 1) 1290 return 1; /* should not really happen */ 1291 sm->Init = FALSE; 1292 sm->AuthenticationRequest = TRUE; 1293 break; 1294 } 1295 if (sm->GUpdateStationKeys) { 1296 /* 1297 * Reauthentication cancels the pending group key 1298 * update for this STA. 1299 */ 1300 sm->group->GKeyDoneStations--; 1301 sm->GUpdateStationKeys = FALSE; 1302 sm->PtkGroupInit = TRUE; 1303 } 1304 sm->ReAuthenticationRequest = TRUE; 1305 break; 1306 case WPA_ASSOC_FT: 1307 #ifdef CONFIG_IEEE80211R 1308 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " 1309 "after association"); 1310 wpa_ft_install_ptk(sm); 1311 1312 /* Using FT protocol, not WPA auth state machine */ 1313 sm->ft_completed = 1; 1314 return 0; 1315 #else /* CONFIG_IEEE80211R */ 1316 break; 1317 #endif /* CONFIG_IEEE80211R */ 1318 } 1319 1320 #ifdef CONFIG_IEEE80211R 1321 sm->ft_completed = 0; 1322 #endif /* CONFIG_IEEE80211R */ 1323 1324 #ifdef CONFIG_IEEE80211W 1325 if (sm->mgmt_frame_prot && event == WPA_AUTH) 1326 remove_ptk = 0; 1327 #endif /* CONFIG_IEEE80211W */ 1328 1329 if (remove_ptk) { 1330 sm->PTK_valid = FALSE; 1331 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1332 1333 if (event != WPA_REAUTH_EAPOL) 1334 wpa_remove_ptk(sm); 1335 } 1336 1337 return wpa_sm_step(sm); 1338 } 1339 1340 1341 static enum wpa_alg wpa_alg_enum(int alg) 1342 { 1343 switch (alg) { 1344 case WPA_CIPHER_CCMP: 1345 return WPA_ALG_CCMP; 1346 case WPA_CIPHER_TKIP: 1347 return WPA_ALG_TKIP; 1348 case WPA_CIPHER_WEP104: 1349 case WPA_CIPHER_WEP40: 1350 return WPA_ALG_WEP; 1351 default: 1352 return WPA_ALG_NONE; 1353 } 1354 } 1355 1356 1357 SM_STATE(WPA_PTK, INITIALIZE) 1358 { 1359 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); 1360 if (sm->Init) { 1361 /* Init flag is not cleared here, so avoid busy 1362 * loop by claiming nothing changed. */ 1363 sm->changed = FALSE; 1364 } 1365 1366 sm->keycount = 0; 1367 if (sm->GUpdateStationKeys) 1368 sm->group->GKeyDoneStations--; 1369 sm->GUpdateStationKeys = FALSE; 1370 if (sm->wpa == WPA_VERSION_WPA) 1371 sm->PInitAKeys = FALSE; 1372 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and 1373 * Local AA > Remote AA)) */) { 1374 sm->Pair = TRUE; 1375 } 1376 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); 1377 wpa_remove_ptk(sm); 1378 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); 1379 sm->TimeoutCtr = 0; 1380 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1381 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1382 WPA_EAPOL_authorized, 0); 1383 } 1384 } 1385 1386 1387 SM_STATE(WPA_PTK, DISCONNECT) 1388 { 1389 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); 1390 sm->Disconnect = FALSE; 1391 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1392 } 1393 1394 1395 SM_STATE(WPA_PTK, DISCONNECTED) 1396 { 1397 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); 1398 sm->DeauthenticationRequest = FALSE; 1399 } 1400 1401 1402 SM_STATE(WPA_PTK, AUTHENTICATION) 1403 { 1404 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); 1405 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1406 sm->PTK_valid = FALSE; 1407 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, 1408 1); 1409 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); 1410 sm->AuthenticationRequest = FALSE; 1411 } 1412 1413 1414 SM_STATE(WPA_PTK, AUTHENTICATION2) 1415 { 1416 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); 1417 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN); 1418 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1419 sm->ReAuthenticationRequest = FALSE; 1420 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more 1421 * logical place than INITIALIZE since AUTHENTICATION2 can be 1422 * re-entered on ReAuthenticationRequest without going through 1423 * INITIALIZE. */ 1424 sm->TimeoutCtr = 0; 1425 } 1426 1427 1428 SM_STATE(WPA_PTK, INITPMK) 1429 { 1430 u8 msk[2 * PMK_LEN]; 1431 size_t len = 2 * PMK_LEN; 1432 1433 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); 1434 #ifdef CONFIG_IEEE80211R 1435 sm->xxkey_len = 0; 1436 #endif /* CONFIG_IEEE80211R */ 1437 if (sm->pmksa) { 1438 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); 1439 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN); 1440 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { 1441 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " 1442 "(len=%lu)", (unsigned long) len); 1443 os_memcpy(sm->PMK, msk, PMK_LEN); 1444 #ifdef CONFIG_IEEE80211R 1445 if (len >= 2 * PMK_LEN) { 1446 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); 1447 sm->xxkey_len = PMK_LEN; 1448 } 1449 #endif /* CONFIG_IEEE80211R */ 1450 } else { 1451 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK"); 1452 } 1453 1454 sm->req_replay_counter_used = 0; 1455 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this 1456 * will break reauthentication since EAPOL state machines may not be 1457 * get into AUTHENTICATING state that clears keyRun before WPA state 1458 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK 1459 * state and takes PMK from the previously used AAA Key. This will 1460 * eventually fail in 4-Way Handshake because Supplicant uses PMK 1461 * derived from the new AAA Key. Setting keyRun = FALSE here seems to 1462 * be good workaround for this issue. */ 1463 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); 1464 } 1465 1466 1467 SM_STATE(WPA_PTK, INITPSK) 1468 { 1469 const u8 *psk; 1470 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); 1471 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL); 1472 if (psk) { 1473 os_memcpy(sm->PMK, psk, PMK_LEN); 1474 #ifdef CONFIG_IEEE80211R 1475 os_memcpy(sm->xxkey, psk, PMK_LEN); 1476 sm->xxkey_len = PMK_LEN; 1477 #endif /* CONFIG_IEEE80211R */ 1478 } 1479 sm->req_replay_counter_used = 0; 1480 } 1481 1482 1483 SM_STATE(WPA_PTK, PTKSTART) 1484 { 1485 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; 1486 size_t pmkid_len = 0; 1487 1488 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); 1489 sm->PTKRequest = FALSE; 1490 sm->TimeoutEvt = FALSE; 1491 1492 sm->TimeoutCtr++; 1493 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1494 /* No point in sending the EAPOL-Key - we will disconnect 1495 * immediately following this. */ 1496 return; 1497 } 1498 1499 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1500 "sending 1/4 msg of 4-Way Handshake"); 1501 /* 1502 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only 1503 * one possible PSK for this STA. 1504 */ 1505 if (sm->wpa == WPA_VERSION_WPA2 && 1506 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) { 1507 pmkid = buf; 1508 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 1509 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC; 1510 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; 1511 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID); 1512 if (sm->pmksa) 1513 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN], 1514 sm->pmksa->pmkid, PMKID_LEN); 1515 else { 1516 /* 1517 * Calculate PMKID since no PMKSA cache entry was 1518 * available with pre-calculated PMKID. 1519 */ 1520 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr, 1521 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], 1522 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 1523 } 1524 } 1525 wpa_send_eapol(sm->wpa_auth, sm, 1526 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, 1527 sm->ANonce, pmkid, pmkid_len, 0, 0); 1528 } 1529 1530 1531 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk, 1532 struct wpa_ptk *ptk) 1533 { 1534 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64; 1535 #ifdef CONFIG_IEEE80211R 1536 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 1537 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len); 1538 #endif /* CONFIG_IEEE80211R */ 1539 1540 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion", 1541 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce, 1542 (u8 *) ptk, ptk_len, 1543 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 1544 1545 return 0; 1546 } 1547 1548 1549 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) 1550 { 1551 struct wpa_ptk PTK; 1552 int ok = 0; 1553 const u8 *pmk = NULL; 1554 1555 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); 1556 sm->EAPOLKeyReceived = FALSE; 1557 1558 /* WPA with IEEE 802.1X: use the derived PMK from EAP 1559 * WPA-PSK: iterate through possible PSKs and select the one matching 1560 * the packet */ 1561 for (;;) { 1562 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1563 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk); 1564 if (pmk == NULL) 1565 break; 1566 } else 1567 pmk = sm->PMK; 1568 1569 wpa_derive_ptk(sm, pmk, &PTK); 1570 1571 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key, 1572 sm->last_rx_eapol_key_len) == 0) { 1573 ok = 1; 1574 break; 1575 } 1576 1577 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 1578 break; 1579 } 1580 1581 if (!ok) { 1582 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1583 "invalid MIC in msg 2/4 of 4-Way Handshake"); 1584 return; 1585 } 1586 1587 #ifdef CONFIG_IEEE80211R 1588 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1589 /* 1590 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches 1591 * with the value we derived. 1592 */ 1593 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name, 1594 WPA_PMK_NAME_LEN) != 0) { 1595 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1596 "PMKR1Name mismatch in FT 4-way " 1597 "handshake"); 1598 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " 1599 "Supplicant", 1600 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); 1601 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1602 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1603 return; 1604 } 1605 } 1606 #endif /* CONFIG_IEEE80211R */ 1607 1608 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 1609 1610 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1611 /* PSK may have changed from the previous choice, so update 1612 * state machine data based on whatever PSK was selected here. 1613 */ 1614 os_memcpy(sm->PMK, pmk, PMK_LEN); 1615 } 1616 1617 sm->MICVerified = TRUE; 1618 1619 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 1620 sm->PTK_valid = TRUE; 1621 } 1622 1623 1624 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) 1625 { 1626 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); 1627 sm->TimeoutCtr = 0; 1628 } 1629 1630 1631 #ifdef CONFIG_IEEE80211W 1632 1633 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 1634 { 1635 if (sm->mgmt_frame_prot) { 1636 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde); 1637 } 1638 1639 return 0; 1640 } 1641 1642 1643 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 1644 { 1645 struct wpa_igtk_kde igtk; 1646 struct wpa_group *gsm = sm->group; 1647 1648 if (!sm->mgmt_frame_prot) 1649 return pos; 1650 1651 igtk.keyid[0] = gsm->GN_igtk; 1652 igtk.keyid[1] = 0; 1653 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE || 1654 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0) 1655 os_memset(igtk.pn, 0, sizeof(igtk.pn)); 1656 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN); 1657 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, 1658 (const u8 *) &igtk, sizeof(igtk), NULL, 0); 1659 1660 return pos; 1661 } 1662 1663 #else /* CONFIG_IEEE80211W */ 1664 1665 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 1666 { 1667 return 0; 1668 } 1669 1670 1671 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 1672 { 1673 return pos; 1674 } 1675 1676 #endif /* CONFIG_IEEE80211W */ 1677 1678 1679 SM_STATE(WPA_PTK, PTKINITNEGOTIATING) 1680 { 1681 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos; 1682 size_t gtk_len, kde_len; 1683 struct wpa_group *gsm = sm->group; 1684 u8 *wpa_ie; 1685 int wpa_ie_len, secure, keyidx, encr = 0; 1686 1687 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); 1688 sm->TimeoutEvt = FALSE; 1689 1690 sm->TimeoutCtr++; 1691 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1692 /* No point in sending the EAPOL-Key - we will disconnect 1693 * immediately following this. */ 1694 return; 1695 } 1696 1697 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE], 1698 GTK[GN], IGTK, [FTIE], [TIE * 2]) 1699 */ 1700 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 1701 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 1702 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */ 1703 wpa_ie = sm->wpa_auth->wpa_ie; 1704 wpa_ie_len = sm->wpa_auth->wpa_ie_len; 1705 if (sm->wpa == WPA_VERSION_WPA && 1706 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && 1707 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { 1708 /* WPA-only STA, remove RSN IE */ 1709 wpa_ie = wpa_ie + wpa_ie[1] + 2; 1710 wpa_ie_len = wpa_ie[1] + 2; 1711 } 1712 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1713 "sending 3/4 msg of 4-Way Handshake"); 1714 if (sm->wpa == WPA_VERSION_WPA2) { 1715 /* WPA2 send GTK in the 4-way handshake */ 1716 secure = 1; 1717 gtk = gsm->GTK[gsm->GN - 1]; 1718 gtk_len = gsm->GTK_len; 1719 keyidx = gsm->GN; 1720 _rsc = rsc; 1721 encr = 1; 1722 } else { 1723 /* WPA does not include GTK in msg 3/4 */ 1724 secure = 0; 1725 gtk = NULL; 1726 gtk_len = 0; 1727 keyidx = 0; 1728 _rsc = NULL; 1729 } 1730 1731 kde_len = wpa_ie_len + ieee80211w_kde_len(sm); 1732 if (gtk) 1733 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; 1734 #ifdef CONFIG_IEEE80211R 1735 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1736 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */ 1737 kde_len += 300; /* FTIE + 2 * TIE */ 1738 } 1739 #endif /* CONFIG_IEEE80211R */ 1740 kde = os_malloc(kde_len); 1741 if (kde == NULL) 1742 return; 1743 1744 pos = kde; 1745 os_memcpy(pos, wpa_ie, wpa_ie_len); 1746 pos += wpa_ie_len; 1747 #ifdef CONFIG_IEEE80211R 1748 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1749 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); 1750 if (res < 0) { 1751 wpa_printf(MSG_ERROR, "FT: Failed to insert " 1752 "PMKR1Name into RSN IE in EAPOL-Key data"); 1753 os_free(kde); 1754 return; 1755 } 1756 pos += res; 1757 } 1758 #endif /* CONFIG_IEEE80211R */ 1759 if (gtk) { 1760 u8 hdr[2]; 1761 hdr[0] = keyidx & 0x03; 1762 hdr[1] = 0; 1763 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 1764 gtk, gtk_len); 1765 } 1766 pos = ieee80211w_kde_add(sm, pos); 1767 1768 #ifdef CONFIG_IEEE80211R 1769 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1770 int res; 1771 struct wpa_auth_config *conf; 1772 1773 conf = &sm->wpa_auth->conf; 1774 res = wpa_write_ftie(conf, conf->r0_key_holder, 1775 conf->r0_key_holder_len, 1776 NULL, NULL, pos, kde + kde_len - pos, 1777 NULL, 0); 1778 if (res < 0) { 1779 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " 1780 "into EAPOL-Key Key Data"); 1781 os_free(kde); 1782 return; 1783 } 1784 pos += res; 1785 1786 /* TIE[ReassociationDeadline] (TU) */ 1787 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 1788 *pos++ = 5; 1789 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE; 1790 WPA_PUT_LE32(pos, conf->reassociation_deadline); 1791 pos += 4; 1792 1793 /* TIE[KeyLifetime] (seconds) */ 1794 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 1795 *pos++ = 5; 1796 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; 1797 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); 1798 pos += 4; 1799 } 1800 #endif /* CONFIG_IEEE80211R */ 1801 1802 wpa_send_eapol(sm->wpa_auth, sm, 1803 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | 1804 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | 1805 WPA_KEY_INFO_KEY_TYPE, 1806 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); 1807 os_free(kde); 1808 } 1809 1810 1811 SM_STATE(WPA_PTK, PTKINITDONE) 1812 { 1813 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); 1814 sm->EAPOLKeyReceived = FALSE; 1815 if (sm->Pair) { 1816 enum wpa_alg alg; 1817 int klen; 1818 if (sm->pairwise == WPA_CIPHER_TKIP) { 1819 alg = WPA_ALG_TKIP; 1820 klen = 32; 1821 } else { 1822 alg = WPA_ALG_CCMP; 1823 klen = 16; 1824 } 1825 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 1826 sm->PTK.tk1, klen)) { 1827 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1828 return; 1829 } 1830 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 1831 sm->pairwise_set = TRUE; 1832 1833 if (sm->wpa_auth->conf.wpa_ptk_rekey) { 1834 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1835 eloop_register_timeout(sm->wpa_auth->conf. 1836 wpa_ptk_rekey, 0, wpa_rekey_ptk, 1837 sm->wpa_auth, sm); 1838 } 1839 1840 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1841 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1842 WPA_EAPOL_authorized, 1); 1843 } 1844 } 1845 1846 if (0 /* IBSS == TRUE */) { 1847 sm->keycount++; 1848 if (sm->keycount == 2) { 1849 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1850 WPA_EAPOL_portValid, 1); 1851 } 1852 } else { 1853 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 1854 1); 1855 } 1856 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); 1857 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); 1858 if (sm->wpa == WPA_VERSION_WPA) 1859 sm->PInitAKeys = TRUE; 1860 else 1861 sm->has_GTK = TRUE; 1862 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 1863 "pairwise key handshake completed (%s)", 1864 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 1865 1866 #ifdef CONFIG_IEEE80211R 1867 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); 1868 #endif /* CONFIG_IEEE80211R */ 1869 } 1870 1871 1872 SM_STEP(WPA_PTK) 1873 { 1874 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 1875 1876 if (sm->Init) 1877 SM_ENTER(WPA_PTK, INITIALIZE); 1878 else if (sm->Disconnect 1879 /* || FIX: dot11RSNAConfigSALifetime timeout */) 1880 SM_ENTER(WPA_PTK, DISCONNECT); 1881 else if (sm->DeauthenticationRequest) 1882 SM_ENTER(WPA_PTK, DISCONNECTED); 1883 else if (sm->AuthenticationRequest) 1884 SM_ENTER(WPA_PTK, AUTHENTICATION); 1885 else if (sm->ReAuthenticationRequest) 1886 SM_ENTER(WPA_PTK, AUTHENTICATION2); 1887 else if (sm->PTKRequest) 1888 SM_ENTER(WPA_PTK, PTKSTART); 1889 else switch (sm->wpa_ptk_state) { 1890 case WPA_PTK_INITIALIZE: 1891 break; 1892 case WPA_PTK_DISCONNECT: 1893 SM_ENTER(WPA_PTK, DISCONNECTED); 1894 break; 1895 case WPA_PTK_DISCONNECTED: 1896 SM_ENTER(WPA_PTK, INITIALIZE); 1897 break; 1898 case WPA_PTK_AUTHENTICATION: 1899 SM_ENTER(WPA_PTK, AUTHENTICATION2); 1900 break; 1901 case WPA_PTK_AUTHENTICATION2: 1902 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 1903 wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 1904 WPA_EAPOL_keyRun) > 0) 1905 SM_ENTER(WPA_PTK, INITPMK); 1906 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) 1907 /* FIX: && 802.1X::keyRun */) 1908 SM_ENTER(WPA_PTK, INITPSK); 1909 break; 1910 case WPA_PTK_INITPMK: 1911 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 1912 WPA_EAPOL_keyAvailable) > 0) 1913 SM_ENTER(WPA_PTK, PTKSTART); 1914 else { 1915 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1916 SM_ENTER(WPA_PTK, DISCONNECT); 1917 } 1918 break; 1919 case WPA_PTK_INITPSK: 1920 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL)) 1921 SM_ENTER(WPA_PTK, PTKSTART); 1922 else { 1923 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 1924 "no PSK configured for the STA"); 1925 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1926 SM_ENTER(WPA_PTK, DISCONNECT); 1927 } 1928 break; 1929 case WPA_PTK_PTKSTART: 1930 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1931 sm->EAPOLKeyPairwise) 1932 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 1933 else if (sm->TimeoutCtr > 1934 (int) dot11RSNAConfigPairwiseUpdateCount) { 1935 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1936 SM_ENTER(WPA_PTK, DISCONNECT); 1937 } else if (sm->TimeoutEvt) 1938 SM_ENTER(WPA_PTK, PTKSTART); 1939 break; 1940 case WPA_PTK_PTKCALCNEGOTIATING: 1941 if (sm->MICVerified) 1942 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); 1943 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1944 sm->EAPOLKeyPairwise) 1945 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 1946 else if (sm->TimeoutEvt) 1947 SM_ENTER(WPA_PTK, PTKSTART); 1948 break; 1949 case WPA_PTK_PTKCALCNEGOTIATING2: 1950 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 1951 break; 1952 case WPA_PTK_PTKINITNEGOTIATING: 1953 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1954 sm->EAPOLKeyPairwise && sm->MICVerified) 1955 SM_ENTER(WPA_PTK, PTKINITDONE); 1956 else if (sm->TimeoutCtr > 1957 (int) dot11RSNAConfigPairwiseUpdateCount) { 1958 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1959 SM_ENTER(WPA_PTK, DISCONNECT); 1960 } else if (sm->TimeoutEvt) 1961 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 1962 break; 1963 case WPA_PTK_PTKINITDONE: 1964 break; 1965 } 1966 } 1967 1968 1969 SM_STATE(WPA_PTK_GROUP, IDLE) 1970 { 1971 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); 1972 if (sm->Init) { 1973 /* Init flag is not cleared here, so avoid busy 1974 * loop by claiming nothing changed. */ 1975 sm->changed = FALSE; 1976 } 1977 sm->GTimeoutCtr = 0; 1978 } 1979 1980 1981 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) 1982 { 1983 u8 rsc[WPA_KEY_RSC_LEN]; 1984 struct wpa_group *gsm = sm->group; 1985 u8 *kde, *pos, hdr[2]; 1986 size_t kde_len; 1987 1988 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); 1989 1990 sm->GTimeoutCtr++; 1991 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { 1992 /* No point in sending the EAPOL-Key - we will disconnect 1993 * immediately following this. */ 1994 return; 1995 } 1996 1997 if (sm->wpa == WPA_VERSION_WPA) 1998 sm->PInitAKeys = FALSE; 1999 sm->TimeoutEvt = FALSE; 2000 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ 2001 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 2002 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) 2003 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 2004 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2005 "sending 1/2 msg of Group Key Handshake"); 2006 2007 if (sm->wpa == WPA_VERSION_WPA2) { 2008 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + 2009 ieee80211w_kde_len(sm); 2010 kde = os_malloc(kde_len); 2011 if (kde == NULL) 2012 return; 2013 2014 pos = kde; 2015 hdr[0] = gsm->GN & 0x03; 2016 hdr[1] = 0; 2017 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2018 gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2019 pos = ieee80211w_kde_add(sm, pos); 2020 } else { 2021 kde = gsm->GTK[gsm->GN - 1]; 2022 pos = kde + gsm->GTK_len; 2023 } 2024 2025 wpa_send_eapol(sm->wpa_auth, sm, 2026 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | 2027 WPA_KEY_INFO_ACK | 2028 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), 2029 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1); 2030 if (sm->wpa == WPA_VERSION_WPA2) 2031 os_free(kde); 2032 } 2033 2034 2035 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) 2036 { 2037 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); 2038 sm->EAPOLKeyReceived = FALSE; 2039 if (sm->GUpdateStationKeys) 2040 sm->group->GKeyDoneStations--; 2041 sm->GUpdateStationKeys = FALSE; 2042 sm->GTimeoutCtr = 0; 2043 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ 2044 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2045 "group key handshake completed (%s)", 2046 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2047 sm->has_GTK = TRUE; 2048 } 2049 2050 2051 SM_STATE(WPA_PTK_GROUP, KEYERROR) 2052 { 2053 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); 2054 if (sm->GUpdateStationKeys) 2055 sm->group->GKeyDoneStations--; 2056 sm->GUpdateStationKeys = FALSE; 2057 sm->Disconnect = TRUE; 2058 } 2059 2060 2061 SM_STEP(WPA_PTK_GROUP) 2062 { 2063 if (sm->Init || sm->PtkGroupInit) { 2064 SM_ENTER(WPA_PTK_GROUP, IDLE); 2065 sm->PtkGroupInit = FALSE; 2066 } else switch (sm->wpa_ptk_group_state) { 2067 case WPA_PTK_GROUP_IDLE: 2068 if (sm->GUpdateStationKeys || 2069 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) 2070 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2071 break; 2072 case WPA_PTK_GROUP_REKEYNEGOTIATING: 2073 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2074 !sm->EAPOLKeyPairwise && sm->MICVerified) 2075 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); 2076 else if (sm->GTimeoutCtr > 2077 (int) dot11RSNAConfigGroupUpdateCount) 2078 SM_ENTER(WPA_PTK_GROUP, KEYERROR); 2079 else if (sm->TimeoutEvt) 2080 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2081 break; 2082 case WPA_PTK_GROUP_KEYERROR: 2083 SM_ENTER(WPA_PTK_GROUP, IDLE); 2084 break; 2085 case WPA_PTK_GROUP_REKEYESTABLISHED: 2086 SM_ENTER(WPA_PTK_GROUP, IDLE); 2087 break; 2088 } 2089 } 2090 2091 2092 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 2093 struct wpa_group *group) 2094 { 2095 int ret = 0; 2096 2097 /* FIX: is this the correct way of getting GNonce? */ 2098 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2099 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2100 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce, 2101 group->GTK[group->GN - 1], group->GTK_len); 2102 2103 #ifdef CONFIG_IEEE80211W 2104 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2105 if (os_get_random(group->IGTK[group->GN_igtk - 4], 2106 WPA_IGTK_LEN) < 0) { 2107 wpa_printf(MSG_INFO, "RSN: Failed to get new random " 2108 "IGTK"); 2109 ret = -1; 2110 } 2111 wpa_hexdump_key(MSG_DEBUG, "IGTK", 2112 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN); 2113 } 2114 #endif /* CONFIG_IEEE80211W */ 2115 2116 return ret; 2117 } 2118 2119 2120 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, 2121 struct wpa_group *group) 2122 { 2123 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2124 "GTK_INIT (VLAN-ID %d)", group->vlan_id); 2125 group->changed = FALSE; /* GInit is not cleared here; avoid loop */ 2126 group->wpa_group_state = WPA_GROUP_GTK_INIT; 2127 2128 /* GTK[0..N] = 0 */ 2129 os_memset(group->GTK, 0, sizeof(group->GTK)); 2130 group->GN = 1; 2131 group->GM = 2; 2132 #ifdef CONFIG_IEEE80211W 2133 group->GN_igtk = 4; 2134 group->GM_igtk = 5; 2135 #endif /* CONFIG_IEEE80211W */ 2136 /* GTK[GN] = CalcGTK() */ 2137 wpa_gtk_update(wpa_auth, group); 2138 } 2139 2140 2141 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) 2142 { 2143 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { 2144 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2145 "Not in PTKINITDONE; skip Group Key update"); 2146 return 0; 2147 } 2148 if (sm->GUpdateStationKeys) { 2149 /* 2150 * This should not really happen, but just in case, make sure 2151 * we do not count the same STA twice in GKeyDoneStations. 2152 */ 2153 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2154 "GUpdateStationKeys already set - do not " 2155 "increment GKeyDoneStations"); 2156 } else { 2157 sm->group->GKeyDoneStations++; 2158 sm->GUpdateStationKeys = TRUE; 2159 } 2160 wpa_sm_step(sm); 2161 return 0; 2162 } 2163 2164 2165 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, 2166 struct wpa_group *group) 2167 { 2168 int tmp; 2169 2170 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2171 "SETKEYS (VLAN-ID %d)", group->vlan_id); 2172 group->changed = TRUE; 2173 group->wpa_group_state = WPA_GROUP_SETKEYS; 2174 group->GTKReKey = FALSE; 2175 tmp = group->GM; 2176 group->GM = group->GN; 2177 group->GN = tmp; 2178 #ifdef CONFIG_IEEE80211W 2179 tmp = group->GM_igtk; 2180 group->GM_igtk = group->GN_igtk; 2181 group->GN_igtk = tmp; 2182 #endif /* CONFIG_IEEE80211W */ 2183 /* "GKeyDoneStations = GNoStations" is done in more robust way by 2184 * counting the STAs that are marked with GUpdateStationKeys instead of 2185 * including all STAs that could be in not-yet-completed state. */ 2186 wpa_gtk_update(wpa_auth, group); 2187 2188 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL); 2189 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", 2190 group->GKeyDoneStations); 2191 } 2192 2193 2194 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, 2195 struct wpa_group *group) 2196 { 2197 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2198 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); 2199 group->changed = TRUE; 2200 group->wpa_group_state = WPA_GROUP_SETKEYSDONE; 2201 wpa_auth_set_key(wpa_auth, group->vlan_id, 2202 wpa_alg_enum(wpa_auth->conf.wpa_group), 2203 NULL, group->GN, group->GTK[group->GN - 1], 2204 group->GTK_len); 2205 2206 #ifdef CONFIG_IEEE80211W 2207 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2208 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK, 2209 NULL, group->GN_igtk, 2210 group->IGTK[group->GN_igtk - 4], 2211 WPA_IGTK_LEN); 2212 } 2213 #endif /* CONFIG_IEEE80211W */ 2214 } 2215 2216 2217 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 2218 struct wpa_group *group) 2219 { 2220 if (group->GInit) { 2221 wpa_group_gtk_init(wpa_auth, group); 2222 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && 2223 group->GTKAuthenticator) { 2224 wpa_group_setkeysdone(wpa_auth, group); 2225 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && 2226 group->GTKReKey) { 2227 wpa_group_setkeys(wpa_auth, group); 2228 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { 2229 if (group->GKeyDoneStations == 0) 2230 wpa_group_setkeysdone(wpa_auth, group); 2231 else if (group->GTKReKey) 2232 wpa_group_setkeys(wpa_auth, group); 2233 } 2234 } 2235 2236 2237 static int wpa_sm_step(struct wpa_state_machine *sm) 2238 { 2239 if (sm == NULL) 2240 return 0; 2241 2242 if (sm->in_step_loop) { 2243 /* This should not happen, but if it does, make sure we do not 2244 * end up freeing the state machine too early by exiting the 2245 * recursive call. */ 2246 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); 2247 return 0; 2248 } 2249 2250 sm->in_step_loop = 1; 2251 do { 2252 if (sm->pending_deinit) 2253 break; 2254 2255 sm->changed = FALSE; 2256 sm->wpa_auth->group->changed = FALSE; 2257 2258 SM_STEP_RUN(WPA_PTK); 2259 if (sm->pending_deinit) 2260 break; 2261 SM_STEP_RUN(WPA_PTK_GROUP); 2262 if (sm->pending_deinit) 2263 break; 2264 wpa_group_sm_step(sm->wpa_auth, sm->group); 2265 } while (sm->changed || sm->wpa_auth->group->changed); 2266 sm->in_step_loop = 0; 2267 2268 if (sm->pending_deinit) { 2269 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " 2270 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 2271 wpa_free_sta_sm(sm); 2272 return 1; 2273 } 2274 return 0; 2275 } 2276 2277 2278 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) 2279 { 2280 struct wpa_state_machine *sm = eloop_ctx; 2281 wpa_sm_step(sm); 2282 } 2283 2284 2285 void wpa_auth_sm_notify(struct wpa_state_machine *sm) 2286 { 2287 if (sm == NULL) 2288 return; 2289 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); 2290 } 2291 2292 2293 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) 2294 { 2295 int tmp, i; 2296 struct wpa_group *group; 2297 2298 if (wpa_auth == NULL) 2299 return; 2300 2301 group = wpa_auth->group; 2302 2303 for (i = 0; i < 2; i++) { 2304 tmp = group->GM; 2305 group->GM = group->GN; 2306 group->GN = tmp; 2307 #ifdef CONFIG_IEEE80211W 2308 tmp = group->GM_igtk; 2309 group->GM_igtk = group->GN_igtk; 2310 group->GN_igtk = tmp; 2311 #endif /* CONFIG_IEEE80211W */ 2312 wpa_gtk_update(wpa_auth, group); 2313 } 2314 } 2315 2316 2317 static const char * wpa_bool_txt(int bool) 2318 { 2319 return bool ? "TRUE" : "FALSE"; 2320 } 2321 2322 2323 static int wpa_cipher_bits(int cipher) 2324 { 2325 switch (cipher) { 2326 case WPA_CIPHER_CCMP: 2327 return 128; 2328 case WPA_CIPHER_TKIP: 2329 return 256; 2330 case WPA_CIPHER_WEP104: 2331 return 104; 2332 case WPA_CIPHER_WEP40: 2333 return 40; 2334 default: 2335 return 0; 2336 } 2337 } 2338 2339 2340 #define RSN_SUITE "%02x-%02x-%02x-%d" 2341 #define RSN_SUITE_ARG(s) \ 2342 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2343 2344 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) 2345 { 2346 int len = 0, ret; 2347 char pmkid_txt[PMKID_LEN * 2 + 1]; 2348 2349 if (wpa_auth == NULL) 2350 return len; 2351 2352 ret = os_snprintf(buf + len, buflen - len, 2353 "dot11RSNAOptionImplemented=TRUE\n" 2354 #ifdef CONFIG_RSN_PREAUTH 2355 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2356 #else /* CONFIG_RSN_PREAUTH */ 2357 "dot11RSNAPreauthenticationImplemented=FALSE\n" 2358 #endif /* CONFIG_RSN_PREAUTH */ 2359 "dot11RSNAEnabled=%s\n" 2360 "dot11RSNAPreauthenticationEnabled=%s\n", 2361 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN), 2362 wpa_bool_txt(wpa_auth->conf.rsn_preauth)); 2363 if (ret < 0 || (size_t) ret >= buflen - len) 2364 return len; 2365 len += ret; 2366 2367 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2368 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); 2369 2370 ret = os_snprintf( 2371 buf + len, buflen - len, 2372 "dot11RSNAConfigVersion=%u\n" 2373 "dot11RSNAConfigPairwiseKeysSupported=9999\n" 2374 /* FIX: dot11RSNAConfigGroupCipher */ 2375 /* FIX: dot11RSNAConfigGroupRekeyMethod */ 2376 /* FIX: dot11RSNAConfigGroupRekeyTime */ 2377 /* FIX: dot11RSNAConfigGroupRekeyPackets */ 2378 "dot11RSNAConfigGroupRekeyStrict=%u\n" 2379 "dot11RSNAConfigGroupUpdateCount=%u\n" 2380 "dot11RSNAConfigPairwiseUpdateCount=%u\n" 2381 "dot11RSNAConfigGroupCipherSize=%u\n" 2382 "dot11RSNAConfigPMKLifetime=%u\n" 2383 "dot11RSNAConfigPMKReauthThreshold=%u\n" 2384 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" 2385 "dot11RSNAConfigSATimeout=%u\n" 2386 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2387 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2388 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2389 "dot11RSNAPMKIDUsed=%s\n" 2390 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2391 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2392 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2393 "dot11RSNATKIPCounterMeasuresInvoked=%u\n" 2394 "dot11RSNA4WayHandshakeFailures=%u\n" 2395 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", 2396 RSN_VERSION, 2397 !!wpa_auth->conf.wpa_strict_rekey, 2398 dot11RSNAConfigGroupUpdateCount, 2399 dot11RSNAConfigPairwiseUpdateCount, 2400 wpa_cipher_bits(wpa_auth->conf.wpa_group), 2401 dot11RSNAConfigPMKLifetime, 2402 dot11RSNAConfigPMKReauthThreshold, 2403 dot11RSNAConfigSATimeout, 2404 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected), 2405 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected), 2406 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), 2407 pmkid_txt, 2408 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested), 2409 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested), 2410 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), 2411 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, 2412 wpa_auth->dot11RSNA4WayHandshakeFailures); 2413 if (ret < 0 || (size_t) ret >= buflen - len) 2414 return len; 2415 len += ret; 2416 2417 /* TODO: dot11RSNAConfigPairwiseCiphersTable */ 2418 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ 2419 2420 /* Private MIB */ 2421 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", 2422 wpa_auth->group->wpa_group_state); 2423 if (ret < 0 || (size_t) ret >= buflen - len) 2424 return len; 2425 len += ret; 2426 2427 return len; 2428 } 2429 2430 2431 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) 2432 { 2433 int len = 0, ret; 2434 u32 pairwise = 0; 2435 2436 if (sm == NULL) 2437 return 0; 2438 2439 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ 2440 2441 /* dot11RSNAStatsEntry */ 2442 2443 if (sm->wpa == WPA_VERSION_WPA) { 2444 if (sm->pairwise == WPA_CIPHER_CCMP) 2445 pairwise = WPA_CIPHER_SUITE_CCMP; 2446 else if (sm->pairwise == WPA_CIPHER_TKIP) 2447 pairwise = WPA_CIPHER_SUITE_TKIP; 2448 else if (sm->pairwise == WPA_CIPHER_WEP104) 2449 pairwise = WPA_CIPHER_SUITE_WEP104; 2450 else if (sm->pairwise == WPA_CIPHER_WEP40) 2451 pairwise = WPA_CIPHER_SUITE_WEP40; 2452 else if (sm->pairwise == WPA_CIPHER_NONE) 2453 pairwise = WPA_CIPHER_SUITE_NONE; 2454 } else if (sm->wpa == WPA_VERSION_WPA2) { 2455 if (sm->pairwise == WPA_CIPHER_CCMP) 2456 pairwise = RSN_CIPHER_SUITE_CCMP; 2457 else if (sm->pairwise == WPA_CIPHER_TKIP) 2458 pairwise = RSN_CIPHER_SUITE_TKIP; 2459 else if (sm->pairwise == WPA_CIPHER_WEP104) 2460 pairwise = RSN_CIPHER_SUITE_WEP104; 2461 else if (sm->pairwise == WPA_CIPHER_WEP40) 2462 pairwise = RSN_CIPHER_SUITE_WEP40; 2463 else if (sm->pairwise == WPA_CIPHER_NONE) 2464 pairwise = RSN_CIPHER_SUITE_NONE; 2465 } else 2466 return 0; 2467 2468 ret = os_snprintf( 2469 buf + len, buflen - len, 2470 /* TODO: dot11RSNAStatsIndex */ 2471 "dot11RSNAStatsSTAAddress=" MACSTR "\n" 2472 "dot11RSNAStatsVersion=1\n" 2473 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" 2474 /* TODO: dot11RSNAStatsTKIPICVErrors */ 2475 "dot11RSNAStatsTKIPLocalMICFailures=%u\n" 2476 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n" 2477 /* TODO: dot11RSNAStatsCCMPReplays */ 2478 /* TODO: dot11RSNAStatsCCMPDecryptErrors */ 2479 /* TODO: dot11RSNAStatsTKIPReplays */, 2480 MAC2STR(sm->addr), 2481 RSN_SUITE_ARG(pairwise), 2482 sm->dot11RSNAStatsTKIPLocalMICFailures, 2483 sm->dot11RSNAStatsTKIPRemoteMICFailures); 2484 if (ret < 0 || (size_t) ret >= buflen - len) 2485 return len; 2486 len += ret; 2487 2488 /* Private MIB */ 2489 ret = os_snprintf(buf + len, buflen - len, 2490 "hostapdWPAPTKState=%d\n" 2491 "hostapdWPAPTKGroupState=%d\n", 2492 sm->wpa_ptk_state, 2493 sm->wpa_ptk_group_state); 2494 if (ret < 0 || (size_t) ret >= buflen - len) 2495 return len; 2496 len += ret; 2497 2498 return len; 2499 } 2500 2501 2502 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) 2503 { 2504 if (wpa_auth) 2505 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; 2506 } 2507 2508 2509 int wpa_auth_pairwise_set(struct wpa_state_machine *sm) 2510 { 2511 return sm && sm->pairwise_set; 2512 } 2513 2514 2515 int wpa_auth_get_pairwise(struct wpa_state_machine *sm) 2516 { 2517 return sm->pairwise; 2518 } 2519 2520 2521 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) 2522 { 2523 if (sm == NULL) 2524 return -1; 2525 return sm->wpa_key_mgmt; 2526 } 2527 2528 2529 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 2530 { 2531 if (sm == NULL) 2532 return 0; 2533 return sm->wpa; 2534 } 2535 2536 2537 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 2538 struct rsn_pmksa_cache_entry *entry) 2539 { 2540 if (sm == NULL || sm->pmksa != entry) 2541 return -1; 2542 sm->pmksa = NULL; 2543 return 0; 2544 } 2545 2546 2547 struct rsn_pmksa_cache_entry * 2548 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) 2549 { 2550 return sm ? sm->pmksa : NULL; 2551 } 2552 2553 2554 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) 2555 { 2556 if (sm) 2557 sm->dot11RSNAStatsTKIPLocalMICFailures++; 2558 } 2559 2560 2561 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) 2562 { 2563 if (wpa_auth == NULL) 2564 return NULL; 2565 *len = wpa_auth->wpa_ie_len; 2566 return wpa_auth->wpa_ie; 2567 } 2568 2569 2570 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 2571 int session_timeout, struct eapol_state_machine *eapol) 2572 { 2573 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2) 2574 return -1; 2575 2576 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN, 2577 sm->wpa_auth->addr, sm->addr, session_timeout, 2578 eapol, sm->wpa_key_mgmt)) 2579 return 0; 2580 2581 return -1; 2582 } 2583 2584 2585 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 2586 const u8 *pmk, size_t len, const u8 *sta_addr, 2587 int session_timeout, 2588 struct eapol_state_machine *eapol) 2589 { 2590 if (wpa_auth == NULL) 2591 return -1; 2592 2593 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr, 2594 sta_addr, session_timeout, eapol, 2595 WPA_KEY_MGMT_IEEE8021X)) 2596 return 0; 2597 2598 return -1; 2599 } 2600 2601 2602 static struct wpa_group * 2603 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) 2604 { 2605 struct wpa_group *group; 2606 2607 if (wpa_auth == NULL || wpa_auth->group == NULL) 2608 return NULL; 2609 2610 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", 2611 vlan_id); 2612 group = wpa_group_init(wpa_auth, vlan_id); 2613 if (group == NULL) 2614 return NULL; 2615 2616 group->next = wpa_auth->group->next; 2617 wpa_auth->group->next = group; 2618 2619 return group; 2620 } 2621 2622 2623 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) 2624 { 2625 struct wpa_group *group; 2626 2627 if (sm == NULL || sm->wpa_auth == NULL) 2628 return 0; 2629 2630 group = sm->wpa_auth->group; 2631 while (group) { 2632 if (group->vlan_id == vlan_id) 2633 break; 2634 group = group->next; 2635 } 2636 2637 if (group == NULL) { 2638 group = wpa_auth_add_group(sm->wpa_auth, vlan_id); 2639 if (group == NULL) 2640 return -1; 2641 } 2642 2643 if (sm->group == group) 2644 return 0; 2645 2646 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " 2647 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); 2648 2649 sm->group = group; 2650 return 0; 2651 } 2652