1 /* 2 * IEEE 802.11 RSN / WPA Authenticator 3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "utils/state_machine.h" 14 #include "utils/bitfield.h" 15 #include "common/ieee802_11_defs.h" 16 #include "crypto/aes_wrap.h" 17 #include "crypto/crypto.h" 18 #include "crypto/sha1.h" 19 #include "crypto/sha256.h" 20 #include "crypto/random.h" 21 #include "eapol_auth/eapol_auth_sm.h" 22 #include "ap_config.h" 23 #include "ieee802_11.h" 24 #include "wpa_auth.h" 25 #include "pmksa_cache_auth.h" 26 #include "wpa_auth_i.h" 27 #include "wpa_auth_ie.h" 28 29 #define STATE_MACHINE_DATA struct wpa_state_machine 30 #define STATE_MACHINE_DEBUG_PREFIX "WPA" 31 #define STATE_MACHINE_ADDR sm->addr 32 33 34 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); 35 static int wpa_sm_step(struct wpa_state_machine *sm); 36 static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, 37 size_t data_len); 38 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); 39 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 40 struct wpa_group *group); 41 static void wpa_request_new_ptk(struct wpa_state_machine *sm); 42 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 43 struct wpa_group *group); 44 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, 45 struct wpa_group *group); 46 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, 47 const u8 *pmk, struct wpa_ptk *ptk); 48 49 static const u32 dot11RSNAConfigGroupUpdateCount = 4; 50 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; 51 static const u32 eapol_key_timeout_first = 100; /* ms */ 52 static const u32 eapol_key_timeout_subseq = 1000; /* ms */ 53 static const u32 eapol_key_timeout_first_group = 500; /* ms */ 54 55 /* TODO: make these configurable */ 56 static const int dot11RSNAConfigPMKLifetime = 43200; 57 static const int dot11RSNAConfigPMKReauthThreshold = 70; 58 static const int dot11RSNAConfigSATimeout = 60; 59 60 61 static inline int wpa_auth_mic_failure_report( 62 struct wpa_authenticator *wpa_auth, const u8 *addr) 63 { 64 if (wpa_auth->cb.mic_failure_report) 65 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); 66 return 0; 67 } 68 69 70 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, 71 const u8 *addr, wpa_eapol_variable var, 72 int value) 73 { 74 if (wpa_auth->cb.set_eapol) 75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); 76 } 77 78 79 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, 80 const u8 *addr, wpa_eapol_variable var) 81 { 82 if (wpa_auth->cb.get_eapol == NULL) 83 return -1; 84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); 85 } 86 87 88 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, 89 const u8 *addr, 90 const u8 *p2p_dev_addr, 91 const u8 *prev_psk) 92 { 93 if (wpa_auth->cb.get_psk == NULL) 94 return NULL; 95 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr, 96 prev_psk); 97 } 98 99 100 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth, 101 const u8 *addr, u8 *msk, size_t *len) 102 { 103 if (wpa_auth->cb.get_msk == NULL) 104 return -1; 105 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len); 106 } 107 108 109 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 110 int vlan_id, 111 enum wpa_alg alg, const u8 *addr, int idx, 112 u8 *key, size_t key_len) 113 { 114 if (wpa_auth->cb.set_key == NULL) 115 return -1; 116 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, 117 key, key_len); 118 } 119 120 121 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 122 const u8 *addr, int idx, u8 *seq) 123 { 124 if (wpa_auth->cb.get_seqnum == NULL) 125 return -1; 126 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); 127 } 128 129 130 static inline int 131 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, 132 const u8 *data, size_t data_len, int encrypt) 133 { 134 if (wpa_auth->cb.send_eapol == NULL) 135 return -1; 136 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, 137 encrypt); 138 } 139 140 141 #ifdef CONFIG_MESH 142 static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth, 143 const u8 *addr) 144 { 145 if (wpa_auth->cb.start_ampe == NULL) 146 return -1; 147 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr); 148 } 149 #endif /* CONFIG_MESH */ 150 151 152 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, 153 int (*cb)(struct wpa_state_machine *sm, void *ctx), 154 void *cb_ctx) 155 { 156 if (wpa_auth->cb.for_each_sta == NULL) 157 return 0; 158 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); 159 } 160 161 162 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, 163 int (*cb)(struct wpa_authenticator *a, void *ctx), 164 void *cb_ctx) 165 { 166 if (wpa_auth->cb.for_each_auth == NULL) 167 return 0; 168 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx); 169 } 170 171 172 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, 173 logger_level level, const char *txt) 174 { 175 if (wpa_auth->cb.logger == NULL) 176 return; 177 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); 178 } 179 180 181 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, 182 logger_level level, const char *fmt, ...) 183 { 184 char *format; 185 int maxlen; 186 va_list ap; 187 188 if (wpa_auth->cb.logger == NULL) 189 return; 190 191 maxlen = os_strlen(fmt) + 100; 192 format = os_malloc(maxlen); 193 if (!format) 194 return; 195 196 va_start(ap, fmt); 197 vsnprintf(format, maxlen, fmt, ap); 198 va_end(ap); 199 200 wpa_auth_logger(wpa_auth, addr, level, format); 201 202 os_free(format); 203 } 204 205 206 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, 207 const u8 *addr) 208 { 209 if (wpa_auth->cb.disconnect == NULL) 210 return; 211 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr)); 212 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, 213 WLAN_REASON_PREV_AUTH_NOT_VALID); 214 } 215 216 217 static int wpa_use_aes_cmac(struct wpa_state_machine *sm) 218 { 219 int ret = 0; 220 #ifdef CONFIG_IEEE80211R 221 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 222 ret = 1; 223 #endif /* CONFIG_IEEE80211R */ 224 #ifdef CONFIG_IEEE80211W 225 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) 226 ret = 1; 227 #endif /* CONFIG_IEEE80211W */ 228 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) 229 ret = 1; 230 return ret; 231 } 232 233 234 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) 235 { 236 struct wpa_authenticator *wpa_auth = eloop_ctx; 237 238 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { 239 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 240 "initialization."); 241 } else { 242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); 243 wpa_hexdump_key(MSG_DEBUG, "GMK", 244 wpa_auth->group->GMK, WPA_GMK_LEN); 245 } 246 247 if (wpa_auth->conf.wpa_gmk_rekey) { 248 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 249 wpa_rekey_gmk, wpa_auth, NULL); 250 } 251 } 252 253 254 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) 255 { 256 struct wpa_authenticator *wpa_auth = eloop_ctx; 257 struct wpa_group *group; 258 259 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); 260 for (group = wpa_auth->group; group; group = group->next) { 261 group->GTKReKey = TRUE; 262 do { 263 group->changed = FALSE; 264 wpa_group_sm_step(wpa_auth, group); 265 } while (group->changed); 266 } 267 268 if (wpa_auth->conf.wpa_group_rekey) { 269 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 270 0, wpa_rekey_gtk, wpa_auth, NULL); 271 } 272 } 273 274 275 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 276 { 277 struct wpa_authenticator *wpa_auth = eloop_ctx; 278 struct wpa_state_machine *sm = timeout_ctx; 279 280 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); 281 wpa_request_new_ptk(sm); 282 wpa_sm_step(sm); 283 } 284 285 286 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) 287 { 288 if (sm->pmksa == ctx) 289 sm->pmksa = NULL; 290 return 0; 291 } 292 293 294 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 295 void *ctx) 296 { 297 struct wpa_authenticator *wpa_auth = ctx; 298 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); 299 } 300 301 302 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, 303 struct wpa_group *group) 304 { 305 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)]; 306 u8 rkey[32]; 307 unsigned long ptr; 308 309 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0) 310 return -1; 311 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); 312 313 /* 314 * Counter = PRF-256(Random number, "Init Counter", 315 * Local MAC Address || Time) 316 */ 317 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); 318 wpa_get_ntp_timestamp(buf + ETH_ALEN); 319 ptr = (unsigned long) group; 320 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr)); 321 if (random_get_bytes(rkey, sizeof(rkey)) < 0) 322 return -1; 323 324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), 325 group->Counter, WPA_NONCE_LEN) < 0) 326 return -1; 327 wpa_hexdump_key(MSG_DEBUG, "Key Counter", 328 group->Counter, WPA_NONCE_LEN); 329 330 return 0; 331 } 332 333 334 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, 335 int vlan_id, int delay_init) 336 { 337 struct wpa_group *group; 338 339 group = os_zalloc(sizeof(struct wpa_group)); 340 if (group == NULL) 341 return NULL; 342 343 group->GTKAuthenticator = TRUE; 344 group->vlan_id = vlan_id; 345 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); 346 347 if (random_pool_ready() != 1) { 348 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " 349 "for secure operations - update keys later when " 350 "the first station connects"); 351 } 352 353 /* 354 * Set initial GMK/Counter value here. The actual values that will be 355 * used in negotiations will be set once the first station tries to 356 * connect. This allows more time for collecting additional randomness 357 * on embedded devices. 358 */ 359 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) { 360 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 361 "initialization."); 362 os_free(group); 363 return NULL; 364 } 365 366 group->GInit = TRUE; 367 if (delay_init) { 368 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start " 369 "until Beacon frames have been configured"); 370 /* Initialization is completed in wpa_init_keys(). */ 371 } else { 372 wpa_group_sm_step(wpa_auth, group); 373 group->GInit = FALSE; 374 wpa_group_sm_step(wpa_auth, group); 375 } 376 377 return group; 378 } 379 380 381 /** 382 * wpa_init - Initialize WPA authenticator 383 * @addr: Authenticator address 384 * @conf: Configuration for WPA authenticator 385 * @cb: Callback functions for WPA authenticator 386 * Returns: Pointer to WPA authenticator data or %NULL on failure 387 */ 388 struct wpa_authenticator * wpa_init(const u8 *addr, 389 struct wpa_auth_config *conf, 390 struct wpa_auth_callbacks *cb) 391 { 392 struct wpa_authenticator *wpa_auth; 393 394 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator)); 395 if (wpa_auth == NULL) 396 return NULL; 397 os_memcpy(wpa_auth->addr, addr, ETH_ALEN); 398 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 399 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb)); 400 401 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 402 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 403 os_free(wpa_auth); 404 return NULL; 405 } 406 407 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1); 408 if (wpa_auth->group == NULL) { 409 os_free(wpa_auth->wpa_ie); 410 os_free(wpa_auth); 411 return NULL; 412 } 413 414 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb, 415 wpa_auth); 416 if (wpa_auth->pmksa == NULL) { 417 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); 418 os_free(wpa_auth->group); 419 os_free(wpa_auth->wpa_ie); 420 os_free(wpa_auth); 421 return NULL; 422 } 423 424 #ifdef CONFIG_IEEE80211R 425 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); 426 if (wpa_auth->ft_pmk_cache == NULL) { 427 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed."); 428 os_free(wpa_auth->group); 429 os_free(wpa_auth->wpa_ie); 430 pmksa_cache_auth_deinit(wpa_auth->pmksa); 431 os_free(wpa_auth); 432 return NULL; 433 } 434 #endif /* CONFIG_IEEE80211R */ 435 436 if (wpa_auth->conf.wpa_gmk_rekey) { 437 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 438 wpa_rekey_gmk, wpa_auth, NULL); 439 } 440 441 if (wpa_auth->conf.wpa_group_rekey) { 442 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, 443 wpa_rekey_gtk, wpa_auth, NULL); 444 } 445 446 #ifdef CONFIG_P2P 447 if (WPA_GET_BE32(conf->ip_addr_start)) { 448 int count = WPA_GET_BE32(conf->ip_addr_end) - 449 WPA_GET_BE32(conf->ip_addr_start) + 1; 450 if (count > 1000) 451 count = 1000; 452 if (count > 0) 453 wpa_auth->ip_pool = bitfield_alloc(count); 454 } 455 #endif /* CONFIG_P2P */ 456 457 return wpa_auth; 458 } 459 460 461 int wpa_init_keys(struct wpa_authenticator *wpa_auth) 462 { 463 struct wpa_group *group = wpa_auth->group; 464 465 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial " 466 "keys"); 467 wpa_group_sm_step(wpa_auth, group); 468 group->GInit = FALSE; 469 wpa_group_sm_step(wpa_auth, group); 470 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 471 return -1; 472 return 0; 473 } 474 475 476 /** 477 * wpa_deinit - Deinitialize WPA authenticator 478 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 479 */ 480 void wpa_deinit(struct wpa_authenticator *wpa_auth) 481 { 482 struct wpa_group *group, *prev; 483 484 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); 485 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 486 487 #ifdef CONFIG_PEERKEY 488 while (wpa_auth->stsl_negotiations) 489 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); 490 #endif /* CONFIG_PEERKEY */ 491 492 pmksa_cache_auth_deinit(wpa_auth->pmksa); 493 494 #ifdef CONFIG_IEEE80211R 495 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache); 496 wpa_auth->ft_pmk_cache = NULL; 497 #endif /* CONFIG_IEEE80211R */ 498 499 #ifdef CONFIG_P2P 500 bitfield_free(wpa_auth->ip_pool); 501 #endif /* CONFIG_P2P */ 502 503 504 os_free(wpa_auth->wpa_ie); 505 506 group = wpa_auth->group; 507 while (group) { 508 prev = group; 509 group = group->next; 510 os_free(prev); 511 } 512 513 os_free(wpa_auth); 514 } 515 516 517 /** 518 * wpa_reconfig - Update WPA authenticator configuration 519 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 520 * @conf: Configuration for WPA authenticator 521 */ 522 int wpa_reconfig(struct wpa_authenticator *wpa_auth, 523 struct wpa_auth_config *conf) 524 { 525 struct wpa_group *group; 526 if (wpa_auth == NULL) 527 return 0; 528 529 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 530 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 531 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 532 return -1; 533 } 534 535 /* 536 * Reinitialize GTK to make sure it is suitable for the new 537 * configuration. 538 */ 539 group = wpa_auth->group; 540 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); 541 group->GInit = TRUE; 542 wpa_group_sm_step(wpa_auth, group); 543 group->GInit = FALSE; 544 wpa_group_sm_step(wpa_auth, group); 545 546 return 0; 547 } 548 549 550 struct wpa_state_machine * 551 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, 552 const u8 *p2p_dev_addr) 553 { 554 struct wpa_state_machine *sm; 555 556 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 557 return NULL; 558 559 sm = os_zalloc(sizeof(struct wpa_state_machine)); 560 if (sm == NULL) 561 return NULL; 562 os_memcpy(sm->addr, addr, ETH_ALEN); 563 if (p2p_dev_addr) 564 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN); 565 566 sm->wpa_auth = wpa_auth; 567 sm->group = wpa_auth->group; 568 569 return sm; 570 } 571 572 573 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 574 struct wpa_state_machine *sm) 575 { 576 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 577 return -1; 578 579 #ifdef CONFIG_IEEE80211R 580 if (sm->ft_completed) { 581 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 582 "FT authentication already completed - do not " 583 "start 4-way handshake"); 584 /* Go to PTKINITDONE state to allow GTK rekeying */ 585 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; 586 return 0; 587 } 588 #endif /* CONFIG_IEEE80211R */ 589 590 if (sm->started) { 591 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); 592 sm->ReAuthenticationRequest = TRUE; 593 return wpa_sm_step(sm); 594 } 595 596 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 597 "start authentication"); 598 sm->started = 1; 599 600 sm->Init = TRUE; 601 if (wpa_sm_step(sm) == 1) 602 return 1; /* should not really happen */ 603 sm->Init = FALSE; 604 sm->AuthenticationRequest = TRUE; 605 return wpa_sm_step(sm); 606 } 607 608 609 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) 610 { 611 /* WPA/RSN was not used - clear WPA state. This is needed if the STA 612 * reassociates back to the same AP while the previous entry for the 613 * STA has not yet been removed. */ 614 if (sm == NULL) 615 return; 616 617 sm->wpa_key_mgmt = 0; 618 } 619 620 621 static void wpa_free_sta_sm(struct wpa_state_machine *sm) 622 { 623 #ifdef CONFIG_P2P 624 if (WPA_GET_BE32(sm->ip_addr)) { 625 u32 start; 626 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP " 627 "address %u.%u.%u.%u from " MACSTR, 628 sm->ip_addr[0], sm->ip_addr[1], 629 sm->ip_addr[2], sm->ip_addr[3], 630 MAC2STR(sm->addr)); 631 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start); 632 bitfield_clear(sm->wpa_auth->ip_pool, 633 WPA_GET_BE32(sm->ip_addr) - start); 634 } 635 #endif /* CONFIG_P2P */ 636 if (sm->GUpdateStationKeys) { 637 sm->group->GKeyDoneStations--; 638 sm->GUpdateStationKeys = FALSE; 639 } 640 #ifdef CONFIG_IEEE80211R 641 os_free(sm->assoc_resp_ftie); 642 wpabuf_free(sm->ft_pending_req_ies); 643 #endif /* CONFIG_IEEE80211R */ 644 os_free(sm->last_rx_eapol_key); 645 os_free(sm->wpa_ie); 646 os_free(sm); 647 } 648 649 650 void wpa_auth_sta_deinit(struct wpa_state_machine *sm) 651 { 652 if (sm == NULL) 653 return; 654 655 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { 656 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 657 "strict rekeying - force GTK rekey since STA " 658 "is leaving"); 659 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); 660 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, 661 NULL); 662 } 663 664 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 665 sm->pending_1_of_4_timeout = 0; 666 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); 667 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 668 if (sm->in_step_loop) { 669 /* Must not free state machine while wpa_sm_step() is running. 670 * Freeing will be completed in the end of wpa_sm_step(). */ 671 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " 672 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 673 sm->pending_deinit = 1; 674 } else 675 wpa_free_sta_sm(sm); 676 } 677 678 679 static void wpa_request_new_ptk(struct wpa_state_machine *sm) 680 { 681 if (sm == NULL) 682 return; 683 684 sm->PTKRequest = TRUE; 685 sm->PTK_valid = 0; 686 } 687 688 689 static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr, 690 const u8 *replay_counter) 691 { 692 int i; 693 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 694 if (!ctr[i].valid) 695 break; 696 if (os_memcmp(replay_counter, ctr[i].counter, 697 WPA_REPLAY_COUNTER_LEN) == 0) 698 return 1; 699 } 700 return 0; 701 } 702 703 704 static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr, 705 const u8 *replay_counter) 706 { 707 int i; 708 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 709 if (ctr[i].valid && 710 (replay_counter == NULL || 711 os_memcmp(replay_counter, ctr[i].counter, 712 WPA_REPLAY_COUNTER_LEN) == 0)) 713 ctr[i].valid = FALSE; 714 } 715 } 716 717 718 #ifdef CONFIG_IEEE80211R 719 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth, 720 struct wpa_state_machine *sm, 721 struct wpa_eapol_ie_parse *kde) 722 { 723 struct wpa_ie_data ie; 724 struct rsn_mdie *mdie; 725 726 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || 727 ie.num_pmkid != 1 || ie.pmkid == NULL) { 728 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " 729 "FT 4-way handshake message 2/4"); 730 return -1; 731 } 732 733 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); 734 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant", 735 sm->sup_pmk_r1_name, PMKID_LEN); 736 737 if (!kde->mdie || !kde->ftie) { 738 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " 739 "message 2/4", kde->mdie ? "FTIE" : "MDIE"); 740 return -1; 741 } 742 743 mdie = (struct rsn_mdie *) (kde->mdie + 2); 744 if (kde->mdie[1] < sizeof(struct rsn_mdie) || 745 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain, 746 MOBILITY_DOMAIN_ID_LEN) != 0) { 747 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); 748 return -1; 749 } 750 751 if (sm->assoc_resp_ftie && 752 (kde->ftie[1] != sm->assoc_resp_ftie[1] || 753 os_memcmp(kde->ftie, sm->assoc_resp_ftie, 754 2 + sm->assoc_resp_ftie[1]) != 0)) { 755 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); 756 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4", 757 kde->ftie, kde->ftie_len); 758 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp", 759 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); 760 return -1; 761 } 762 763 return 0; 764 } 765 #endif /* CONFIG_IEEE80211R */ 766 767 768 static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth, 769 struct wpa_state_machine *sm, int group) 770 { 771 /* Supplicant reported a Michael MIC error */ 772 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 773 "received EAPOL-Key Error Request " 774 "(STA detected Michael MIC failure (group=%d))", 775 group); 776 777 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) { 778 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 779 "ignore Michael MIC failure report since " 780 "group cipher is not TKIP"); 781 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) { 782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 783 "ignore Michael MIC failure report since " 784 "pairwise cipher is not TKIP"); 785 } else { 786 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0) 787 return 1; /* STA entry was removed */ 788 sm->dot11RSNAStatsTKIPRemoteMICFailures++; 789 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; 790 } 791 792 /* 793 * Error report is not a request for a new key handshake, but since 794 * Authenticator may do it, let's change the keys now anyway. 795 */ 796 wpa_request_new_ptk(sm); 797 return 0; 798 } 799 800 801 static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, 802 size_t data_len) 803 { 804 struct wpa_ptk PTK; 805 int ok = 0; 806 const u8 *pmk = NULL; 807 808 for (;;) { 809 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 810 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, 811 sm->p2p_dev_addr, pmk); 812 if (pmk == NULL) 813 break; 814 } else 815 pmk = sm->PMK; 816 817 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK); 818 819 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len) 820 == 0) { 821 ok = 1; 822 break; 823 } 824 825 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 826 break; 827 } 828 829 if (!ok) { 830 wpa_printf(MSG_DEBUG, 831 "WPA: Earlier SNonce did not result in matching MIC"); 832 return -1; 833 } 834 835 wpa_printf(MSG_DEBUG, 836 "WPA: Earlier SNonce resulted in matching MIC"); 837 sm->alt_snonce_valid = 0; 838 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN); 839 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 840 sm->PTK_valid = TRUE; 841 842 return 0; 843 } 844 845 846 void wpa_receive(struct wpa_authenticator *wpa_auth, 847 struct wpa_state_machine *sm, 848 u8 *data, size_t data_len) 849 { 850 struct ieee802_1x_hdr *hdr; 851 struct wpa_eapol_key *key; 852 struct wpa_eapol_key_192 *key192; 853 u16 key_info, key_data_length; 854 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, 855 SMK_M1, SMK_M3, SMK_ERROR } msg; 856 char *msgtxt; 857 struct wpa_eapol_ie_parse kde; 858 int ft; 859 const u8 *eapol_key_ie, *key_data; 860 size_t eapol_key_ie_len, keyhdrlen, mic_len; 861 862 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 863 return; 864 865 mic_len = wpa_mic_len(sm->wpa_key_mgmt); 866 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 867 868 if (data_len < sizeof(*hdr) + keyhdrlen) 869 return; 870 871 hdr = (struct ieee802_1x_hdr *) data; 872 key = (struct wpa_eapol_key *) (hdr + 1); 873 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 874 key_info = WPA_GET_BE16(key->key_info); 875 if (mic_len == 24) { 876 key_data = (const u8 *) (key192 + 1); 877 key_data_length = WPA_GET_BE16(key192->key_data_length); 878 } else { 879 key_data = (const u8 *) (key + 1); 880 key_data_length = WPA_GET_BE16(key->key_data_length); 881 } 882 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR 883 " key_info=0x%x type=%u key_data_length=%u", 884 MAC2STR(sm->addr), key_info, key->type, key_data_length); 885 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) { 886 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " 887 "key_data overflow (%d > %lu)", 888 key_data_length, 889 (unsigned long) (data_len - sizeof(*hdr) - 890 keyhdrlen)); 891 return; 892 } 893 894 if (sm->wpa == WPA_VERSION_WPA2) { 895 if (key->type == EAPOL_KEY_TYPE_WPA) { 896 /* 897 * Some deployed station implementations seem to send 898 * msg 4/4 with incorrect type value in WPA2 mode. 899 */ 900 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " 901 "with unexpected WPA type in RSN mode"); 902 } else if (key->type != EAPOL_KEY_TYPE_RSN) { 903 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 904 "unexpected type %d in RSN mode", 905 key->type); 906 return; 907 } 908 } else { 909 if (key->type != EAPOL_KEY_TYPE_WPA) { 910 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 911 "unexpected type %d in WPA mode", 912 key->type); 913 return; 914 } 915 } 916 917 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce, 918 WPA_NONCE_LEN); 919 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter", 920 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 921 922 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys 923 * are set */ 924 925 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == 926 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { 927 if (key_info & WPA_KEY_INFO_ERROR) { 928 msg = SMK_ERROR; 929 msgtxt = "SMK Error"; 930 } else { 931 msg = SMK_M1; 932 msgtxt = "SMK M1"; 933 } 934 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 935 msg = SMK_M3; 936 msgtxt = "SMK M3"; 937 } else if (key_info & WPA_KEY_INFO_REQUEST) { 938 msg = REQUEST; 939 msgtxt = "Request"; 940 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { 941 msg = GROUP_2; 942 msgtxt = "2/2 Group"; 943 } else if (key_data_length == 0) { 944 msg = PAIRWISE_4; 945 msgtxt = "4/4 Pairwise"; 946 } else { 947 msg = PAIRWISE_2; 948 msgtxt = "2/4 Pairwise"; 949 } 950 951 /* TODO: key_info type validation for PeerKey */ 952 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || 953 msg == GROUP_2) { 954 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 955 if (sm->pairwise == WPA_CIPHER_CCMP || 956 sm->pairwise == WPA_CIPHER_GCMP) { 957 if (wpa_use_aes_cmac(sm) && 958 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN && 959 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && 960 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 961 wpa_auth_logger(wpa_auth, sm->addr, 962 LOGGER_WARNING, 963 "advertised support for " 964 "AES-128-CMAC, but did not " 965 "use it"); 966 return; 967 } 968 969 if (!wpa_use_aes_cmac(sm) && 970 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 971 wpa_auth_logger(wpa_auth, sm->addr, 972 LOGGER_WARNING, 973 "did not use HMAC-SHA1-AES " 974 "with CCMP/GCMP"); 975 return; 976 } 977 } 978 979 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && 980 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 981 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 982 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases"); 983 return; 984 } 985 } 986 987 if (key_info & WPA_KEY_INFO_REQUEST) { 988 if (sm->req_replay_counter_used && 989 os_memcmp(key->replay_counter, sm->req_replay_counter, 990 WPA_REPLAY_COUNTER_LEN) <= 0) { 991 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 992 "received EAPOL-Key request with " 993 "replayed counter"); 994 return; 995 } 996 } 997 998 if (!(key_info & WPA_KEY_INFO_REQUEST) && 999 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) { 1000 int i; 1001 1002 if (msg == PAIRWISE_2 && 1003 wpa_replay_counter_valid(sm->prev_key_replay, 1004 key->replay_counter) && 1005 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && 1006 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) 1007 { 1008 /* 1009 * Some supplicant implementations (e.g., Windows XP 1010 * WZC) update SNonce for each EAPOL-Key 2/4. This 1011 * breaks the workaround on accepting any of the 1012 * pending requests, so allow the SNonce to be updated 1013 * even if we have already sent out EAPOL-Key 3/4. 1014 */ 1015 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1016 "Process SNonce update from STA " 1017 "based on retransmitted EAPOL-Key " 1018 "1/4"); 1019 sm->update_snonce = 1; 1020 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN); 1021 sm->alt_snonce_valid = TRUE; 1022 os_memcpy(sm->alt_replay_counter, 1023 sm->key_replay[0].counter, 1024 WPA_REPLAY_COUNTER_LEN); 1025 goto continue_processing; 1026 } 1027 1028 if (msg == PAIRWISE_4 && sm->alt_snonce_valid && 1029 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && 1030 os_memcmp(key->replay_counter, sm->alt_replay_counter, 1031 WPA_REPLAY_COUNTER_LEN) == 0) { 1032 /* 1033 * Supplicant may still be using the old SNonce since 1034 * there was two EAPOL-Key 2/4 messages and they had 1035 * different SNonce values. 1036 */ 1037 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1038 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4"); 1039 goto continue_processing; 1040 } 1041 1042 if (msg == PAIRWISE_2 && 1043 wpa_replay_counter_valid(sm->prev_key_replay, 1044 key->replay_counter) && 1045 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) { 1046 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1047 "ignore retransmitted EAPOL-Key %s - " 1048 "SNonce did not change", msgtxt); 1049 } else { 1050 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1051 "received EAPOL-Key %s with " 1052 "unexpected replay counter", msgtxt); 1053 } 1054 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 1055 if (!sm->key_replay[i].valid) 1056 break; 1057 wpa_hexdump(MSG_DEBUG, "pending replay counter", 1058 sm->key_replay[i].counter, 1059 WPA_REPLAY_COUNTER_LEN); 1060 } 1061 wpa_hexdump(MSG_DEBUG, "received replay counter", 1062 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1063 return; 1064 } 1065 1066 continue_processing: 1067 switch (msg) { 1068 case PAIRWISE_2: 1069 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && 1070 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING && 1071 (!sm->update_snonce || 1072 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) { 1073 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1074 "received EAPOL-Key msg 2/4 in " 1075 "invalid state (%d) - dropped", 1076 sm->wpa_ptk_state); 1077 return; 1078 } 1079 random_add_randomness(key->key_nonce, WPA_NONCE_LEN); 1080 if (sm->group->reject_4way_hs_for_entropy) { 1081 /* 1082 * The system did not have enough entropy to generate 1083 * strong random numbers. Reject the first 4-way 1084 * handshake(s) and collect some entropy based on the 1085 * information from it. Once enough entropy is 1086 * available, the next atempt will trigger GMK/Key 1087 * Counter update and the station will be allowed to 1088 * continue. 1089 */ 1090 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to " 1091 "collect more entropy for random number " 1092 "generation"); 1093 random_mark_pool_ready(); 1094 wpa_sta_disconnect(wpa_auth, sm->addr); 1095 return; 1096 } 1097 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) { 1098 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1099 "received EAPOL-Key msg 2/4 with " 1100 "invalid Key Data contents"); 1101 return; 1102 } 1103 if (kde.rsn_ie) { 1104 eapol_key_ie = kde.rsn_ie; 1105 eapol_key_ie_len = kde.rsn_ie_len; 1106 } else if (kde.osen) { 1107 eapol_key_ie = kde.osen; 1108 eapol_key_ie_len = kde.osen_len; 1109 } else { 1110 eapol_key_ie = kde.wpa_ie; 1111 eapol_key_ie_len = kde.wpa_ie_len; 1112 } 1113 ft = sm->wpa == WPA_VERSION_WPA2 && 1114 wpa_key_mgmt_ft(sm->wpa_key_mgmt); 1115 if (sm->wpa_ie == NULL || 1116 wpa_compare_rsn_ie(ft, 1117 sm->wpa_ie, sm->wpa_ie_len, 1118 eapol_key_ie, eapol_key_ie_len)) { 1119 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1120 "WPA IE from (Re)AssocReq did not " 1121 "match with msg 2/4"); 1122 if (sm->wpa_ie) { 1123 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", 1124 sm->wpa_ie, sm->wpa_ie_len); 1125 } 1126 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", 1127 eapol_key_ie, eapol_key_ie_len); 1128 /* MLME-DEAUTHENTICATE.request */ 1129 wpa_sta_disconnect(wpa_auth, sm->addr); 1130 return; 1131 } 1132 #ifdef CONFIG_IEEE80211R 1133 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { 1134 wpa_sta_disconnect(wpa_auth, sm->addr); 1135 return; 1136 } 1137 #endif /* CONFIG_IEEE80211R */ 1138 #ifdef CONFIG_P2P 1139 if (kde.ip_addr_req && kde.ip_addr_req[0] && 1140 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) { 1141 int idx; 1142 wpa_printf(MSG_DEBUG, "P2P: IP address requested in " 1143 "EAPOL-Key exchange"); 1144 idx = bitfield_get_first_zero(wpa_auth->ip_pool); 1145 if (idx >= 0) { 1146 u32 start = WPA_GET_BE32(wpa_auth->conf. 1147 ip_addr_start); 1148 bitfield_set(wpa_auth->ip_pool, idx); 1149 WPA_PUT_BE32(sm->ip_addr, start + idx); 1150 wpa_printf(MSG_DEBUG, "P2P: Assigned IP " 1151 "address %u.%u.%u.%u to " MACSTR, 1152 sm->ip_addr[0], sm->ip_addr[1], 1153 sm->ip_addr[2], sm->ip_addr[3], 1154 MAC2STR(sm->addr)); 1155 } 1156 } 1157 #endif /* CONFIG_P2P */ 1158 break; 1159 case PAIRWISE_4: 1160 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || 1161 !sm->PTK_valid) { 1162 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1163 "received EAPOL-Key msg 4/4 in " 1164 "invalid state (%d) - dropped", 1165 sm->wpa_ptk_state); 1166 return; 1167 } 1168 break; 1169 case GROUP_2: 1170 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING 1171 || !sm->PTK_valid) { 1172 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1173 "received EAPOL-Key msg 2/2 in " 1174 "invalid state (%d) - dropped", 1175 sm->wpa_ptk_group_state); 1176 return; 1177 } 1178 break; 1179 #ifdef CONFIG_PEERKEY 1180 case SMK_M1: 1181 case SMK_M3: 1182 case SMK_ERROR: 1183 if (!wpa_auth->conf.peerkey) { 1184 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " 1185 "PeerKey use disabled - ignoring message"); 1186 return; 1187 } 1188 if (!sm->PTK_valid) { 1189 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1190 "received EAPOL-Key msg SMK in " 1191 "invalid state - dropped"); 1192 return; 1193 } 1194 break; 1195 #else /* CONFIG_PEERKEY */ 1196 case SMK_M1: 1197 case SMK_M3: 1198 case SMK_ERROR: 1199 return; /* STSL disabled - ignore SMK messages */ 1200 #endif /* CONFIG_PEERKEY */ 1201 case REQUEST: 1202 break; 1203 } 1204 1205 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1206 "received EAPOL-Key frame (%s)", msgtxt); 1207 1208 if (key_info & WPA_KEY_INFO_ACK) { 1209 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1210 "received invalid EAPOL-Key: Key Ack set"); 1211 return; 1212 } 1213 1214 if (!(key_info & WPA_KEY_INFO_MIC)) { 1215 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1216 "received invalid EAPOL-Key: Key MIC not set"); 1217 return; 1218 } 1219 1220 sm->MICVerified = FALSE; 1221 if (sm->PTK_valid && !sm->update_snonce) { 1222 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data, 1223 data_len) && 1224 (msg != PAIRWISE_4 || !sm->alt_snonce_valid || 1225 wpa_try_alt_snonce(sm, data, data_len))) { 1226 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1227 "received EAPOL-Key with invalid MIC"); 1228 return; 1229 } 1230 sm->MICVerified = TRUE; 1231 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 1232 sm->pending_1_of_4_timeout = 0; 1233 } 1234 1235 if (key_info & WPA_KEY_INFO_REQUEST) { 1236 if (sm->MICVerified) { 1237 sm->req_replay_counter_used = 1; 1238 os_memcpy(sm->req_replay_counter, key->replay_counter, 1239 WPA_REPLAY_COUNTER_LEN); 1240 } else { 1241 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1242 "received EAPOL-Key request with " 1243 "invalid MIC"); 1244 return; 1245 } 1246 1247 /* 1248 * TODO: should decrypt key data field if encryption was used; 1249 * even though MAC address KDE is not normally encrypted, 1250 * supplicant is allowed to encrypt it. 1251 */ 1252 if (msg == SMK_ERROR) { 1253 #ifdef CONFIG_PEERKEY 1254 wpa_smk_error(wpa_auth, sm, key_data, key_data_length); 1255 #endif /* CONFIG_PEERKEY */ 1256 return; 1257 } else if (key_info & WPA_KEY_INFO_ERROR) { 1258 if (wpa_receive_error_report( 1259 wpa_auth, sm, 1260 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0) 1261 return; /* STA entry was removed */ 1262 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1263 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1264 "received EAPOL-Key Request for new " 1265 "4-Way Handshake"); 1266 wpa_request_new_ptk(sm); 1267 #ifdef CONFIG_PEERKEY 1268 } else if (msg == SMK_M1) { 1269 wpa_smk_m1(wpa_auth, sm, key, key_data, 1270 key_data_length); 1271 #endif /* CONFIG_PEERKEY */ 1272 } else if (key_data_length > 0 && 1273 wpa_parse_kde_ies(key_data, key_data_length, 1274 &kde) == 0 && 1275 kde.mac_addr) { 1276 } else { 1277 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1278 "received EAPOL-Key Request for GTK " 1279 "rekeying"); 1280 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 1281 wpa_rekey_gtk(wpa_auth, NULL); 1282 } 1283 } else { 1284 /* Do not allow the same key replay counter to be reused. */ 1285 wpa_replay_counter_mark_invalid(sm->key_replay, 1286 key->replay_counter); 1287 1288 if (msg == PAIRWISE_2) { 1289 /* 1290 * Maintain a copy of the pending EAPOL-Key frames in 1291 * case the EAPOL-Key frame was retransmitted. This is 1292 * needed to allow EAPOL-Key msg 2/4 reply to another 1293 * pending msg 1/4 to update the SNonce to work around 1294 * unexpected supplicant behavior. 1295 */ 1296 os_memcpy(sm->prev_key_replay, sm->key_replay, 1297 sizeof(sm->key_replay)); 1298 } else { 1299 os_memset(sm->prev_key_replay, 0, 1300 sizeof(sm->prev_key_replay)); 1301 } 1302 1303 /* 1304 * Make sure old valid counters are not accepted anymore and 1305 * do not get copied again. 1306 */ 1307 wpa_replay_counter_mark_invalid(sm->key_replay, NULL); 1308 } 1309 1310 #ifdef CONFIG_PEERKEY 1311 if (msg == SMK_M3) { 1312 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length); 1313 return; 1314 } 1315 #endif /* CONFIG_PEERKEY */ 1316 1317 os_free(sm->last_rx_eapol_key); 1318 sm->last_rx_eapol_key = os_malloc(data_len); 1319 if (sm->last_rx_eapol_key == NULL) 1320 return; 1321 os_memcpy(sm->last_rx_eapol_key, data, data_len); 1322 sm->last_rx_eapol_key_len = data_len; 1323 1324 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE); 1325 sm->EAPOLKeyReceived = TRUE; 1326 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 1327 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); 1328 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); 1329 wpa_sm_step(sm); 1330 } 1331 1332 1333 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, 1334 const u8 *gnonce, u8 *gtk, size_t gtk_len) 1335 { 1336 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16]; 1337 u8 *pos; 1338 int ret = 0; 1339 1340 /* GTK = PRF-X(GMK, "Group key expansion", 1341 * AA || GNonce || Time || random data) 1342 * The example described in the IEEE 802.11 standard uses only AA and 1343 * GNonce as inputs here. Add some more entropy since this derivation 1344 * is done only at the Authenticator and as such, does not need to be 1345 * exactly same. 1346 */ 1347 os_memcpy(data, addr, ETH_ALEN); 1348 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); 1349 pos = data + ETH_ALEN + WPA_NONCE_LEN; 1350 wpa_get_ntp_timestamp(pos); 1351 pos += 8; 1352 if (random_get_bytes(pos, 16) < 0) 1353 ret = -1; 1354 1355 #ifdef CONFIG_IEEE80211W 1356 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); 1357 #else /* CONFIG_IEEE80211W */ 1358 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) 1359 < 0) 1360 ret = -1; 1361 #endif /* CONFIG_IEEE80211W */ 1362 1363 return ret; 1364 } 1365 1366 1367 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) 1368 { 1369 struct wpa_authenticator *wpa_auth = eloop_ctx; 1370 struct wpa_state_machine *sm = timeout_ctx; 1371 1372 sm->pending_1_of_4_timeout = 0; 1373 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); 1374 sm->TimeoutEvt = TRUE; 1375 wpa_sm_step(sm); 1376 } 1377 1378 1379 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1380 struct wpa_state_machine *sm, int key_info, 1381 const u8 *key_rsc, const u8 *nonce, 1382 const u8 *kde, size_t kde_len, 1383 int keyidx, int encr, int force_version) 1384 { 1385 struct ieee802_1x_hdr *hdr; 1386 struct wpa_eapol_key *key; 1387 struct wpa_eapol_key_192 *key192; 1388 size_t len, mic_len, keyhdrlen; 1389 int alg; 1390 int key_data_len, pad_len = 0; 1391 u8 *buf, *pos; 1392 int version, pairwise; 1393 int i; 1394 u8 *key_data; 1395 1396 mic_len = wpa_mic_len(sm->wpa_key_mgmt); 1397 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1398 1399 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen; 1400 1401 if (force_version) 1402 version = force_version; 1403 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1404 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) 1405 version = WPA_KEY_INFO_TYPE_AKM_DEFINED; 1406 else if (wpa_use_aes_cmac(sm)) 1407 version = WPA_KEY_INFO_TYPE_AES_128_CMAC; 1408 else if (sm->pairwise != WPA_CIPHER_TKIP) 1409 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1410 else 1411 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1412 1413 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 1414 1415 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " 1416 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " 1417 "encr=%d)", 1418 version, 1419 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, 1420 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, 1421 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, 1422 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, 1423 pairwise, (unsigned long) kde_len, keyidx, encr); 1424 1425 key_data_len = kde_len; 1426 1427 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1428 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1429 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || 1430 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { 1431 pad_len = key_data_len % 8; 1432 if (pad_len) 1433 pad_len = 8 - pad_len; 1434 key_data_len += pad_len + 8; 1435 } 1436 1437 len += key_data_len; 1438 1439 hdr = os_zalloc(len); 1440 if (hdr == NULL) 1441 return; 1442 hdr->version = wpa_auth->conf.eapol_version; 1443 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1444 hdr->length = host_to_be16(len - sizeof(*hdr)); 1445 key = (struct wpa_eapol_key *) (hdr + 1); 1446 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 1447 key_data = ((u8 *) (hdr + 1)) + keyhdrlen; 1448 1449 key->type = sm->wpa == WPA_VERSION_WPA2 ? 1450 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1451 key_info |= version; 1452 if (encr && sm->wpa == WPA_VERSION_WPA2) 1453 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 1454 if (sm->wpa != WPA_VERSION_WPA2) 1455 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; 1456 WPA_PUT_BE16(key->key_info, key_info); 1457 1458 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; 1459 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg)); 1460 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) 1461 WPA_PUT_BE16(key->key_length, 0); 1462 1463 /* FIX: STSL: what to use as key_replay_counter? */ 1464 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { 1465 sm->key_replay[i].valid = sm->key_replay[i - 1].valid; 1466 os_memcpy(sm->key_replay[i].counter, 1467 sm->key_replay[i - 1].counter, 1468 WPA_REPLAY_COUNTER_LEN); 1469 } 1470 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); 1471 os_memcpy(key->replay_counter, sm->key_replay[0].counter, 1472 WPA_REPLAY_COUNTER_LEN); 1473 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", 1474 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1475 sm->key_replay[0].valid = TRUE; 1476 1477 if (nonce) 1478 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); 1479 1480 if (key_rsc) 1481 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); 1482 1483 if (kde && !encr) { 1484 os_memcpy(key_data, kde, kde_len); 1485 if (mic_len == 24) 1486 WPA_PUT_BE16(key192->key_data_length, kde_len); 1487 else 1488 WPA_PUT_BE16(key->key_data_length, kde_len); 1489 } else if (encr && kde) { 1490 buf = os_zalloc(key_data_len); 1491 if (buf == NULL) { 1492 os_free(hdr); 1493 return; 1494 } 1495 pos = buf; 1496 os_memcpy(pos, kde, kde_len); 1497 pos += kde_len; 1498 1499 if (pad_len) 1500 *pos++ = 0xdd; 1501 1502 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", 1503 buf, key_data_len); 1504 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1505 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1506 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || 1507 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1508 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, 1509 (key_data_len - 8) / 8, buf, key_data)) { 1510 os_free(hdr); 1511 os_free(buf); 1512 return; 1513 } 1514 if (mic_len == 24) 1515 WPA_PUT_BE16(key192->key_data_length, 1516 key_data_len); 1517 else 1518 WPA_PUT_BE16(key->key_data_length, 1519 key_data_len); 1520 } else if (sm->PTK.kek_len == 16) { 1521 u8 ek[32]; 1522 os_memcpy(key->key_iv, 1523 sm->group->Counter + WPA_NONCE_LEN - 16, 16); 1524 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1525 os_memcpy(ek, key->key_iv, 16); 1526 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len); 1527 os_memcpy(key_data, buf, key_data_len); 1528 rc4_skip(ek, 32, 256, key_data, key_data_len); 1529 if (mic_len == 24) 1530 WPA_PUT_BE16(key192->key_data_length, 1531 key_data_len); 1532 else 1533 WPA_PUT_BE16(key->key_data_length, 1534 key_data_len); 1535 } else { 1536 os_free(hdr); 1537 os_free(buf); 1538 return; 1539 } 1540 os_free(buf); 1541 } 1542 1543 if (key_info & WPA_KEY_INFO_MIC) { 1544 u8 *key_mic; 1545 1546 if (!sm->PTK_valid) { 1547 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 1548 "PTK not valid when sending EAPOL-Key " 1549 "frame"); 1550 os_free(hdr); 1551 return; 1552 } 1553 1554 key_mic = key192->key_mic; /* same offset for key and key192 */ 1555 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len, 1556 sm->wpa_key_mgmt, version, 1557 (u8 *) hdr, len, key_mic); 1558 #ifdef CONFIG_TESTING_OPTIONS 1559 if (!pairwise && 1560 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 && 1561 drand48() < 1562 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) { 1563 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1564 "Corrupting group EAPOL-Key Key MIC"); 1565 key_mic[0]++; 1566 } 1567 #endif /* CONFIG_TESTING_OPTIONS */ 1568 } 1569 1570 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1571 1); 1572 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, 1573 sm->pairwise_set); 1574 os_free(hdr); 1575 } 1576 1577 1578 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1579 struct wpa_state_machine *sm, int key_info, 1580 const u8 *key_rsc, const u8 *nonce, 1581 const u8 *kde, size_t kde_len, 1582 int keyidx, int encr) 1583 { 1584 int timeout_ms; 1585 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1586 int ctr; 1587 1588 if (sm == NULL) 1589 return; 1590 1591 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, 1592 keyidx, encr, 0); 1593 1594 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; 1595 if (ctr == 1 && wpa_auth->conf.tx_status) 1596 timeout_ms = pairwise ? eapol_key_timeout_first : 1597 eapol_key_timeout_first_group; 1598 else 1599 timeout_ms = eapol_key_timeout_subseq; 1600 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC)) 1601 sm->pending_1_of_4_timeout = 1; 1602 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry " 1603 "counter %d)", timeout_ms, ctr); 1604 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, 1605 wpa_send_eapol_timeout, wpa_auth, sm); 1606 } 1607 1608 1609 static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, 1610 size_t data_len) 1611 { 1612 struct ieee802_1x_hdr *hdr; 1613 struct wpa_eapol_key *key; 1614 struct wpa_eapol_key_192 *key192; 1615 u16 key_info; 1616 int ret = 0; 1617 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1618 size_t mic_len = wpa_mic_len(akmp); 1619 1620 if (data_len < sizeof(*hdr) + sizeof(*key)) 1621 return -1; 1622 1623 hdr = (struct ieee802_1x_hdr *) data; 1624 key = (struct wpa_eapol_key *) (hdr + 1); 1625 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 1626 key_info = WPA_GET_BE16(key->key_info); 1627 os_memcpy(mic, key192->key_mic, mic_len); 1628 os_memset(key192->key_mic, 0, mic_len); 1629 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp, 1630 key_info & WPA_KEY_INFO_TYPE_MASK, 1631 data, data_len, key192->key_mic) || 1632 os_memcmp_const(mic, key192->key_mic, mic_len) != 0) 1633 ret = -1; 1634 os_memcpy(key192->key_mic, mic, mic_len); 1635 return ret; 1636 } 1637 1638 1639 void wpa_remove_ptk(struct wpa_state_machine *sm) 1640 { 1641 sm->PTK_valid = FALSE; 1642 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1643 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0); 1644 sm->pairwise_set = FALSE; 1645 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1646 } 1647 1648 1649 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) 1650 { 1651 int remove_ptk = 1; 1652 1653 if (sm == NULL) 1654 return -1; 1655 1656 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1657 "event %d notification", event); 1658 1659 switch (event) { 1660 case WPA_AUTH: 1661 #ifdef CONFIG_MESH 1662 /* PTKs are derived through AMPE */ 1663 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) { 1664 /* not mesh */ 1665 break; 1666 } 1667 return 0; 1668 #endif /* CONFIG_MESH */ 1669 case WPA_ASSOC: 1670 break; 1671 case WPA_DEAUTH: 1672 case WPA_DISASSOC: 1673 sm->DeauthenticationRequest = TRUE; 1674 break; 1675 case WPA_REAUTH: 1676 case WPA_REAUTH_EAPOL: 1677 if (!sm->started) { 1678 /* 1679 * When using WPS, we may end up here if the STA 1680 * manages to re-associate without the previous STA 1681 * entry getting removed. Consequently, we need to make 1682 * sure that the WPA state machines gets initialized 1683 * properly at this point. 1684 */ 1685 wpa_printf(MSG_DEBUG, "WPA state machine had not been " 1686 "started - initialize now"); 1687 sm->started = 1; 1688 sm->Init = TRUE; 1689 if (wpa_sm_step(sm) == 1) 1690 return 1; /* should not really happen */ 1691 sm->Init = FALSE; 1692 sm->AuthenticationRequest = TRUE; 1693 break; 1694 } 1695 if (sm->GUpdateStationKeys) { 1696 /* 1697 * Reauthentication cancels the pending group key 1698 * update for this STA. 1699 */ 1700 sm->group->GKeyDoneStations--; 1701 sm->GUpdateStationKeys = FALSE; 1702 sm->PtkGroupInit = TRUE; 1703 } 1704 sm->ReAuthenticationRequest = TRUE; 1705 break; 1706 case WPA_ASSOC_FT: 1707 #ifdef CONFIG_IEEE80211R 1708 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " 1709 "after association"); 1710 wpa_ft_install_ptk(sm); 1711 1712 /* Using FT protocol, not WPA auth state machine */ 1713 sm->ft_completed = 1; 1714 return 0; 1715 #else /* CONFIG_IEEE80211R */ 1716 break; 1717 #endif /* CONFIG_IEEE80211R */ 1718 } 1719 1720 #ifdef CONFIG_IEEE80211R 1721 sm->ft_completed = 0; 1722 #endif /* CONFIG_IEEE80211R */ 1723 1724 #ifdef CONFIG_IEEE80211W 1725 if (sm->mgmt_frame_prot && event == WPA_AUTH) 1726 remove_ptk = 0; 1727 #endif /* CONFIG_IEEE80211W */ 1728 1729 if (remove_ptk) { 1730 sm->PTK_valid = FALSE; 1731 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1732 1733 if (event != WPA_REAUTH_EAPOL) 1734 wpa_remove_ptk(sm); 1735 } 1736 1737 return wpa_sm_step(sm); 1738 } 1739 1740 1741 SM_STATE(WPA_PTK, INITIALIZE) 1742 { 1743 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); 1744 if (sm->Init) { 1745 /* Init flag is not cleared here, so avoid busy 1746 * loop by claiming nothing changed. */ 1747 sm->changed = FALSE; 1748 } 1749 1750 sm->keycount = 0; 1751 if (sm->GUpdateStationKeys) 1752 sm->group->GKeyDoneStations--; 1753 sm->GUpdateStationKeys = FALSE; 1754 if (sm->wpa == WPA_VERSION_WPA) 1755 sm->PInitAKeys = FALSE; 1756 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and 1757 * Local AA > Remote AA)) */) { 1758 sm->Pair = TRUE; 1759 } 1760 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); 1761 wpa_remove_ptk(sm); 1762 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); 1763 sm->TimeoutCtr = 0; 1764 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1765 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1766 WPA_EAPOL_authorized, 0); 1767 } 1768 } 1769 1770 1771 SM_STATE(WPA_PTK, DISCONNECT) 1772 { 1773 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); 1774 sm->Disconnect = FALSE; 1775 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1776 } 1777 1778 1779 SM_STATE(WPA_PTK, DISCONNECTED) 1780 { 1781 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); 1782 sm->DeauthenticationRequest = FALSE; 1783 } 1784 1785 1786 SM_STATE(WPA_PTK, AUTHENTICATION) 1787 { 1788 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); 1789 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1790 sm->PTK_valid = FALSE; 1791 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, 1792 1); 1793 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); 1794 sm->AuthenticationRequest = FALSE; 1795 } 1796 1797 1798 static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth, 1799 struct wpa_group *group) 1800 { 1801 if (group->first_sta_seen) 1802 return; 1803 /* 1804 * System has run bit further than at the time hostapd was started 1805 * potentially very early during boot up. This provides better chances 1806 * of collecting more randomness on embedded systems. Re-initialize the 1807 * GMK and Counter here to improve their strength if there was not 1808 * enough entropy available immediately after system startup. 1809 */ 1810 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first " 1811 "station"); 1812 if (random_pool_ready() != 1) { 1813 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " 1814 "to proceed - reject first 4-way handshake"); 1815 group->reject_4way_hs_for_entropy = TRUE; 1816 } else { 1817 group->first_sta_seen = TRUE; 1818 group->reject_4way_hs_for_entropy = FALSE; 1819 } 1820 1821 wpa_group_init_gmk_and_counter(wpa_auth, group); 1822 wpa_gtk_update(wpa_auth, group); 1823 wpa_group_config_group_keys(wpa_auth, group); 1824 } 1825 1826 1827 SM_STATE(WPA_PTK, AUTHENTICATION2) 1828 { 1829 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); 1830 1831 wpa_group_ensure_init(sm->wpa_auth, sm->group); 1832 sm->ReAuthenticationRequest = FALSE; 1833 1834 /* 1835 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat 1836 * ambiguous. The Authenticator state machine uses a counter that is 1837 * incremented by one for each 4-way handshake. However, the security 1838 * analysis of 4-way handshake points out that unpredictable nonces 1839 * help in preventing precomputation attacks. Instead of the state 1840 * machine definition, use an unpredictable nonce value here to provide 1841 * stronger protection against potential precomputation attacks. 1842 */ 1843 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 1844 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for " 1845 "ANonce."); 1846 sm->Disconnect = TRUE; 1847 return; 1848 } 1849 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, 1850 WPA_NONCE_LEN); 1851 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more 1852 * logical place than INITIALIZE since AUTHENTICATION2 can be 1853 * re-entered on ReAuthenticationRequest without going through 1854 * INITIALIZE. */ 1855 sm->TimeoutCtr = 0; 1856 } 1857 1858 1859 SM_STATE(WPA_PTK, INITPMK) 1860 { 1861 u8 msk[2 * PMK_LEN]; 1862 size_t len = 2 * PMK_LEN; 1863 1864 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); 1865 #ifdef CONFIG_IEEE80211R 1866 sm->xxkey_len = 0; 1867 #endif /* CONFIG_IEEE80211R */ 1868 if (sm->pmksa) { 1869 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); 1870 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN); 1871 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { 1872 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " 1873 "(len=%lu)", (unsigned long) len); 1874 os_memcpy(sm->PMK, msk, PMK_LEN); 1875 #ifdef CONFIG_IEEE80211R 1876 if (len >= 2 * PMK_LEN) { 1877 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); 1878 sm->xxkey_len = PMK_LEN; 1879 } 1880 #endif /* CONFIG_IEEE80211R */ 1881 } else { 1882 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p", 1883 sm->wpa_auth->cb.get_msk); 1884 sm->Disconnect = TRUE; 1885 return; 1886 } 1887 os_memset(msk, 0, sizeof(msk)); 1888 1889 sm->req_replay_counter_used = 0; 1890 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this 1891 * will break reauthentication since EAPOL state machines may not be 1892 * get into AUTHENTICATING state that clears keyRun before WPA state 1893 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK 1894 * state and takes PMK from the previously used AAA Key. This will 1895 * eventually fail in 4-Way Handshake because Supplicant uses PMK 1896 * derived from the new AAA Key. Setting keyRun = FALSE here seems to 1897 * be good workaround for this issue. */ 1898 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); 1899 } 1900 1901 1902 SM_STATE(WPA_PTK, INITPSK) 1903 { 1904 const u8 *psk; 1905 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); 1906 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL); 1907 if (psk) { 1908 os_memcpy(sm->PMK, psk, PMK_LEN); 1909 #ifdef CONFIG_IEEE80211R 1910 os_memcpy(sm->xxkey, psk, PMK_LEN); 1911 sm->xxkey_len = PMK_LEN; 1912 #endif /* CONFIG_IEEE80211R */ 1913 } 1914 sm->req_replay_counter_used = 0; 1915 } 1916 1917 1918 SM_STATE(WPA_PTK, PTKSTART) 1919 { 1920 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; 1921 size_t pmkid_len = 0; 1922 1923 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); 1924 sm->PTKRequest = FALSE; 1925 sm->TimeoutEvt = FALSE; 1926 sm->alt_snonce_valid = FALSE; 1927 1928 sm->TimeoutCtr++; 1929 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1930 /* No point in sending the EAPOL-Key - we will disconnect 1931 * immediately following this. */ 1932 return; 1933 } 1934 1935 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1936 "sending 1/4 msg of 4-Way Handshake"); 1937 /* 1938 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only 1939 * one possible PSK for this STA. 1940 */ 1941 if (sm->wpa == WPA_VERSION_WPA2 && 1942 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 1943 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) { 1944 pmkid = buf; 1945 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 1946 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC; 1947 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; 1948 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID); 1949 if (sm->pmksa) { 1950 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN], 1951 sm->pmksa->pmkid, PMKID_LEN); 1952 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) { 1953 /* No KCK available to derive PMKID */ 1954 pmkid = NULL; 1955 } else { 1956 /* 1957 * Calculate PMKID since no PMKSA cache entry was 1958 * available with pre-calculated PMKID. 1959 */ 1960 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr, 1961 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], 1962 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 1963 } 1964 } 1965 wpa_send_eapol(sm->wpa_auth, sm, 1966 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, 1967 sm->ANonce, pmkid, pmkid_len, 0, 0); 1968 } 1969 1970 1971 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, 1972 const u8 *pmk, struct wpa_ptk *ptk) 1973 { 1974 #ifdef CONFIG_IEEE80211R 1975 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 1976 return wpa_auth_derive_ptk_ft(sm, pmk, ptk); 1977 #endif /* CONFIG_IEEE80211R */ 1978 1979 return wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion", 1980 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce, 1981 ptk, sm->wpa_key_mgmt, sm->pairwise); 1982 } 1983 1984 1985 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) 1986 { 1987 struct wpa_ptk PTK; 1988 int ok = 0; 1989 const u8 *pmk = NULL; 1990 1991 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); 1992 sm->EAPOLKeyReceived = FALSE; 1993 sm->update_snonce = FALSE; 1994 1995 /* WPA with IEEE 802.1X: use the derived PMK from EAP 1996 * WPA-PSK: iterate through possible PSKs and select the one matching 1997 * the packet */ 1998 for (;;) { 1999 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2000 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, 2001 sm->p2p_dev_addr, pmk); 2002 if (pmk == NULL) 2003 break; 2004 } else 2005 pmk = sm->PMK; 2006 2007 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK); 2008 2009 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, 2010 sm->last_rx_eapol_key, 2011 sm->last_rx_eapol_key_len) == 0) { 2012 ok = 1; 2013 break; 2014 } 2015 2016 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 2017 break; 2018 } 2019 2020 if (!ok) { 2021 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2022 "invalid MIC in msg 2/4 of 4-Way Handshake"); 2023 return; 2024 } 2025 2026 #ifdef CONFIG_IEEE80211R 2027 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2028 /* 2029 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches 2030 * with the value we derived. 2031 */ 2032 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name, 2033 WPA_PMK_NAME_LEN) != 0) { 2034 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2035 "PMKR1Name mismatch in FT 4-way " 2036 "handshake"); 2037 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " 2038 "Supplicant", 2039 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); 2040 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 2041 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 2042 return; 2043 } 2044 } 2045 #endif /* CONFIG_IEEE80211R */ 2046 2047 sm->pending_1_of_4_timeout = 0; 2048 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 2049 2050 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2051 /* PSK may have changed from the previous choice, so update 2052 * state machine data based on whatever PSK was selected here. 2053 */ 2054 os_memcpy(sm->PMK, pmk, PMK_LEN); 2055 } 2056 2057 sm->MICVerified = TRUE; 2058 2059 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 2060 sm->PTK_valid = TRUE; 2061 } 2062 2063 2064 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) 2065 { 2066 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); 2067 sm->TimeoutCtr = 0; 2068 } 2069 2070 2071 #ifdef CONFIG_IEEE80211W 2072 2073 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 2074 { 2075 if (sm->mgmt_frame_prot) { 2076 size_t len; 2077 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2078 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len; 2079 } 2080 2081 return 0; 2082 } 2083 2084 2085 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 2086 { 2087 struct wpa_igtk_kde igtk; 2088 struct wpa_group *gsm = sm->group; 2089 u8 rsc[WPA_KEY_RSC_LEN]; 2090 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2091 2092 if (!sm->mgmt_frame_prot) 2093 return pos; 2094 2095 igtk.keyid[0] = gsm->GN_igtk; 2096 igtk.keyid[1] = 0; 2097 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE || 2098 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0) 2099 os_memset(igtk.pn, 0, sizeof(igtk.pn)); 2100 else 2101 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn)); 2102 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len); 2103 if (sm->wpa_auth->conf.disable_gtk) { 2104 /* 2105 * Provide unique random IGTK to each STA to prevent use of 2106 * IGTK in the BSS. 2107 */ 2108 if (random_get_bytes(igtk.igtk, len) < 0) 2109 return pos; 2110 } 2111 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, 2112 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len, 2113 NULL, 0); 2114 2115 return pos; 2116 } 2117 2118 #else /* CONFIG_IEEE80211W */ 2119 2120 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 2121 { 2122 return 0; 2123 } 2124 2125 2126 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 2127 { 2128 return pos; 2129 } 2130 2131 #endif /* CONFIG_IEEE80211W */ 2132 2133 2134 SM_STATE(WPA_PTK, PTKINITNEGOTIATING) 2135 { 2136 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32]; 2137 size_t gtk_len, kde_len; 2138 struct wpa_group *gsm = sm->group; 2139 u8 *wpa_ie; 2140 int wpa_ie_len, secure, keyidx, encr = 0; 2141 2142 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); 2143 sm->TimeoutEvt = FALSE; 2144 2145 sm->TimeoutCtr++; 2146 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 2147 /* No point in sending the EAPOL-Key - we will disconnect 2148 * immediately following this. */ 2149 return; 2150 } 2151 2152 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE], 2153 GTK[GN], IGTK, [FTIE], [TIE * 2]) 2154 */ 2155 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 2156 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 2157 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */ 2158 wpa_ie = sm->wpa_auth->wpa_ie; 2159 wpa_ie_len = sm->wpa_auth->wpa_ie_len; 2160 if (sm->wpa == WPA_VERSION_WPA && 2161 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && 2162 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { 2163 /* WPA-only STA, remove RSN IE and possible MDIE */ 2164 wpa_ie = wpa_ie + wpa_ie[1] + 2; 2165 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN) 2166 wpa_ie = wpa_ie + wpa_ie[1] + 2; 2167 wpa_ie_len = wpa_ie[1] + 2; 2168 } 2169 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2170 "sending 3/4 msg of 4-Way Handshake"); 2171 if (sm->wpa == WPA_VERSION_WPA2) { 2172 /* WPA2 send GTK in the 4-way handshake */ 2173 secure = 1; 2174 gtk = gsm->GTK[gsm->GN - 1]; 2175 gtk_len = gsm->GTK_len; 2176 if (sm->wpa_auth->conf.disable_gtk) { 2177 /* 2178 * Provide unique random GTK to each STA to prevent use 2179 * of GTK in the BSS. 2180 */ 2181 if (random_get_bytes(dummy_gtk, gtk_len) < 0) 2182 return; 2183 gtk = dummy_gtk; 2184 } 2185 keyidx = gsm->GN; 2186 _rsc = rsc; 2187 encr = 1; 2188 } else { 2189 /* WPA does not include GTK in msg 3/4 */ 2190 secure = 0; 2191 gtk = NULL; 2192 gtk_len = 0; 2193 keyidx = 0; 2194 _rsc = NULL; 2195 if (sm->rx_eapol_key_secure) { 2196 /* 2197 * It looks like Windows 7 supplicant tries to use 2198 * Secure bit in msg 2/4 after having reported Michael 2199 * MIC failure and it then rejects the 4-way handshake 2200 * if msg 3/4 does not set Secure bit. Work around this 2201 * by setting the Secure bit here even in the case of 2202 * WPA if the supplicant used it first. 2203 */ 2204 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2205 "STA used Secure bit in WPA msg 2/4 - " 2206 "set Secure for 3/4 as workaround"); 2207 secure = 1; 2208 } 2209 } 2210 2211 kde_len = wpa_ie_len + ieee80211w_kde_len(sm); 2212 if (gtk) 2213 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; 2214 #ifdef CONFIG_IEEE80211R 2215 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2216 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */ 2217 kde_len += 300; /* FTIE + 2 * TIE */ 2218 } 2219 #endif /* CONFIG_IEEE80211R */ 2220 #ifdef CONFIG_P2P 2221 if (WPA_GET_BE32(sm->ip_addr) > 0) 2222 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4; 2223 #endif /* CONFIG_P2P */ 2224 kde = os_malloc(kde_len); 2225 if (kde == NULL) 2226 return; 2227 2228 pos = kde; 2229 os_memcpy(pos, wpa_ie, wpa_ie_len); 2230 pos += wpa_ie_len; 2231 #ifdef CONFIG_IEEE80211R 2232 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2233 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); 2234 if (res < 0) { 2235 wpa_printf(MSG_ERROR, "FT: Failed to insert " 2236 "PMKR1Name into RSN IE in EAPOL-Key data"); 2237 os_free(kde); 2238 return; 2239 } 2240 pos += res; 2241 } 2242 #endif /* CONFIG_IEEE80211R */ 2243 if (gtk) { 2244 u8 hdr[2]; 2245 hdr[0] = keyidx & 0x03; 2246 hdr[1] = 0; 2247 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2248 gtk, gtk_len); 2249 } 2250 pos = ieee80211w_kde_add(sm, pos); 2251 2252 #ifdef CONFIG_IEEE80211R 2253 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2254 int res; 2255 struct wpa_auth_config *conf; 2256 2257 conf = &sm->wpa_auth->conf; 2258 res = wpa_write_ftie(conf, conf->r0_key_holder, 2259 conf->r0_key_holder_len, 2260 NULL, NULL, pos, kde + kde_len - pos, 2261 NULL, 0); 2262 if (res < 0) { 2263 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " 2264 "into EAPOL-Key Key Data"); 2265 os_free(kde); 2266 return; 2267 } 2268 pos += res; 2269 2270 /* TIE[ReassociationDeadline] (TU) */ 2271 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 2272 *pos++ = 5; 2273 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE; 2274 WPA_PUT_LE32(pos, conf->reassociation_deadline); 2275 pos += 4; 2276 2277 /* TIE[KeyLifetime] (seconds) */ 2278 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 2279 *pos++ = 5; 2280 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; 2281 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); 2282 pos += 4; 2283 } 2284 #endif /* CONFIG_IEEE80211R */ 2285 #ifdef CONFIG_P2P 2286 if (WPA_GET_BE32(sm->ip_addr) > 0) { 2287 u8 addr[3 * 4]; 2288 os_memcpy(addr, sm->ip_addr, 4); 2289 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4); 2290 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4); 2291 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC, 2292 addr, sizeof(addr), NULL, 0); 2293 } 2294 #endif /* CONFIG_P2P */ 2295 2296 wpa_send_eapol(sm->wpa_auth, sm, 2297 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | 2298 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | 2299 WPA_KEY_INFO_KEY_TYPE, 2300 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); 2301 os_free(kde); 2302 } 2303 2304 2305 SM_STATE(WPA_PTK, PTKINITDONE) 2306 { 2307 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); 2308 sm->EAPOLKeyReceived = FALSE; 2309 if (sm->Pair) { 2310 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise); 2311 int klen = wpa_cipher_key_len(sm->pairwise); 2312 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 2313 sm->PTK.tk, klen)) { 2314 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 2315 return; 2316 } 2317 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 2318 sm->pairwise_set = TRUE; 2319 2320 if (sm->wpa_auth->conf.wpa_ptk_rekey) { 2321 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 2322 eloop_register_timeout(sm->wpa_auth->conf. 2323 wpa_ptk_rekey, 0, wpa_rekey_ptk, 2324 sm->wpa_auth, sm); 2325 } 2326 2327 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2328 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 2329 WPA_EAPOL_authorized, 1); 2330 } 2331 } 2332 2333 if (0 /* IBSS == TRUE */) { 2334 sm->keycount++; 2335 if (sm->keycount == 2) { 2336 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 2337 WPA_EAPOL_portValid, 1); 2338 } 2339 } else { 2340 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 2341 1); 2342 } 2343 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); 2344 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); 2345 if (sm->wpa == WPA_VERSION_WPA) 2346 sm->PInitAKeys = TRUE; 2347 else 2348 sm->has_GTK = TRUE; 2349 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2350 "pairwise key handshake completed (%s)", 2351 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2352 2353 #ifdef CONFIG_IEEE80211R 2354 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); 2355 #endif /* CONFIG_IEEE80211R */ 2356 } 2357 2358 2359 SM_STEP(WPA_PTK) 2360 { 2361 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 2362 2363 if (sm->Init) 2364 SM_ENTER(WPA_PTK, INITIALIZE); 2365 else if (sm->Disconnect 2366 /* || FIX: dot11RSNAConfigSALifetime timeout */) { 2367 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 2368 "WPA_PTK: sm->Disconnect"); 2369 SM_ENTER(WPA_PTK, DISCONNECT); 2370 } 2371 else if (sm->DeauthenticationRequest) 2372 SM_ENTER(WPA_PTK, DISCONNECTED); 2373 else if (sm->AuthenticationRequest) 2374 SM_ENTER(WPA_PTK, AUTHENTICATION); 2375 else if (sm->ReAuthenticationRequest) 2376 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2377 else if (sm->PTKRequest) 2378 SM_ENTER(WPA_PTK, PTKSTART); 2379 else switch (sm->wpa_ptk_state) { 2380 case WPA_PTK_INITIALIZE: 2381 break; 2382 case WPA_PTK_DISCONNECT: 2383 SM_ENTER(WPA_PTK, DISCONNECTED); 2384 break; 2385 case WPA_PTK_DISCONNECTED: 2386 SM_ENTER(WPA_PTK, INITIALIZE); 2387 break; 2388 case WPA_PTK_AUTHENTICATION: 2389 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2390 break; 2391 case WPA_PTK_AUTHENTICATION2: 2392 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 2393 wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 2394 WPA_EAPOL_keyRun) > 0) 2395 SM_ENTER(WPA_PTK, INITPMK); 2396 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) 2397 /* FIX: && 802.1X::keyRun */) 2398 SM_ENTER(WPA_PTK, INITPSK); 2399 break; 2400 case WPA_PTK_INITPMK: 2401 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 2402 WPA_EAPOL_keyAvailable) > 0) 2403 SM_ENTER(WPA_PTK, PTKSTART); 2404 else { 2405 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2406 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2407 "INITPMK - keyAvailable = false"); 2408 SM_ENTER(WPA_PTK, DISCONNECT); 2409 } 2410 break; 2411 case WPA_PTK_INITPSK: 2412 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, 2413 NULL)) 2414 SM_ENTER(WPA_PTK, PTKSTART); 2415 else { 2416 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2417 "no PSK configured for the STA"); 2418 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2419 SM_ENTER(WPA_PTK, DISCONNECT); 2420 } 2421 break; 2422 case WPA_PTK_PTKSTART: 2423 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2424 sm->EAPOLKeyPairwise) 2425 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2426 else if (sm->TimeoutCtr > 2427 (int) dot11RSNAConfigPairwiseUpdateCount) { 2428 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2429 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2430 "PTKSTART: Retry limit %d reached", 2431 dot11RSNAConfigPairwiseUpdateCount); 2432 SM_ENTER(WPA_PTK, DISCONNECT); 2433 } else if (sm->TimeoutEvt) 2434 SM_ENTER(WPA_PTK, PTKSTART); 2435 break; 2436 case WPA_PTK_PTKCALCNEGOTIATING: 2437 if (sm->MICVerified) 2438 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); 2439 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2440 sm->EAPOLKeyPairwise) 2441 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2442 else if (sm->TimeoutEvt) 2443 SM_ENTER(WPA_PTK, PTKSTART); 2444 break; 2445 case WPA_PTK_PTKCALCNEGOTIATING2: 2446 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 2447 break; 2448 case WPA_PTK_PTKINITNEGOTIATING: 2449 if (sm->update_snonce) 2450 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2451 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2452 sm->EAPOLKeyPairwise && sm->MICVerified) 2453 SM_ENTER(WPA_PTK, PTKINITDONE); 2454 else if (sm->TimeoutCtr > 2455 (int) dot11RSNAConfigPairwiseUpdateCount) { 2456 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2457 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2458 "PTKINITNEGOTIATING: Retry limit %d " 2459 "reached", 2460 dot11RSNAConfigPairwiseUpdateCount); 2461 SM_ENTER(WPA_PTK, DISCONNECT); 2462 } else if (sm->TimeoutEvt) 2463 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 2464 break; 2465 case WPA_PTK_PTKINITDONE: 2466 break; 2467 } 2468 } 2469 2470 2471 SM_STATE(WPA_PTK_GROUP, IDLE) 2472 { 2473 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); 2474 if (sm->Init) { 2475 /* Init flag is not cleared here, so avoid busy 2476 * loop by claiming nothing changed. */ 2477 sm->changed = FALSE; 2478 } 2479 sm->GTimeoutCtr = 0; 2480 } 2481 2482 2483 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) 2484 { 2485 u8 rsc[WPA_KEY_RSC_LEN]; 2486 struct wpa_group *gsm = sm->group; 2487 const u8 *kde; 2488 u8 *kde_buf = NULL, *pos, hdr[2]; 2489 size_t kde_len; 2490 u8 *gtk, dummy_gtk[32]; 2491 2492 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); 2493 2494 sm->GTimeoutCtr++; 2495 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { 2496 /* No point in sending the EAPOL-Key - we will disconnect 2497 * immediately following this. */ 2498 return; 2499 } 2500 2501 if (sm->wpa == WPA_VERSION_WPA) 2502 sm->PInitAKeys = FALSE; 2503 sm->TimeoutEvt = FALSE; 2504 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ 2505 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 2506 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) 2507 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 2508 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2509 "sending 1/2 msg of Group Key Handshake"); 2510 2511 gtk = gsm->GTK[gsm->GN - 1]; 2512 if (sm->wpa_auth->conf.disable_gtk) { 2513 /* 2514 * Provide unique random GTK to each STA to prevent use 2515 * of GTK in the BSS. 2516 */ 2517 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0) 2518 return; 2519 gtk = dummy_gtk; 2520 } 2521 if (sm->wpa == WPA_VERSION_WPA2) { 2522 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + 2523 ieee80211w_kde_len(sm); 2524 kde_buf = os_malloc(kde_len); 2525 if (kde_buf == NULL) 2526 return; 2527 2528 kde = pos = kde_buf; 2529 hdr[0] = gsm->GN & 0x03; 2530 hdr[1] = 0; 2531 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2532 gtk, gsm->GTK_len); 2533 pos = ieee80211w_kde_add(sm, pos); 2534 kde_len = pos - kde; 2535 } else { 2536 kde = gtk; 2537 kde_len = gsm->GTK_len; 2538 } 2539 2540 wpa_send_eapol(sm->wpa_auth, sm, 2541 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | 2542 WPA_KEY_INFO_ACK | 2543 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), 2544 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1); 2545 2546 os_free(kde_buf); 2547 } 2548 2549 2550 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) 2551 { 2552 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); 2553 sm->EAPOLKeyReceived = FALSE; 2554 if (sm->GUpdateStationKeys) 2555 sm->group->GKeyDoneStations--; 2556 sm->GUpdateStationKeys = FALSE; 2557 sm->GTimeoutCtr = 0; 2558 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ 2559 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2560 "group key handshake completed (%s)", 2561 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2562 sm->has_GTK = TRUE; 2563 } 2564 2565 2566 SM_STATE(WPA_PTK_GROUP, KEYERROR) 2567 { 2568 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); 2569 if (sm->GUpdateStationKeys) 2570 sm->group->GKeyDoneStations--; 2571 sm->GUpdateStationKeys = FALSE; 2572 sm->Disconnect = TRUE; 2573 } 2574 2575 2576 SM_STEP(WPA_PTK_GROUP) 2577 { 2578 if (sm->Init || sm->PtkGroupInit) { 2579 SM_ENTER(WPA_PTK_GROUP, IDLE); 2580 sm->PtkGroupInit = FALSE; 2581 } else switch (sm->wpa_ptk_group_state) { 2582 case WPA_PTK_GROUP_IDLE: 2583 if (sm->GUpdateStationKeys || 2584 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) 2585 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2586 break; 2587 case WPA_PTK_GROUP_REKEYNEGOTIATING: 2588 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2589 !sm->EAPOLKeyPairwise && sm->MICVerified) 2590 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); 2591 else if (sm->GTimeoutCtr > 2592 (int) dot11RSNAConfigGroupUpdateCount) 2593 SM_ENTER(WPA_PTK_GROUP, KEYERROR); 2594 else if (sm->TimeoutEvt) 2595 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2596 break; 2597 case WPA_PTK_GROUP_KEYERROR: 2598 SM_ENTER(WPA_PTK_GROUP, IDLE); 2599 break; 2600 case WPA_PTK_GROUP_REKEYESTABLISHED: 2601 SM_ENTER(WPA_PTK_GROUP, IDLE); 2602 break; 2603 } 2604 } 2605 2606 2607 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 2608 struct wpa_group *group) 2609 { 2610 int ret = 0; 2611 2612 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2613 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2614 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion", 2615 wpa_auth->addr, group->GNonce, 2616 group->GTK[group->GN - 1], group->GTK_len) < 0) 2617 ret = -1; 2618 wpa_hexdump_key(MSG_DEBUG, "GTK", 2619 group->GTK[group->GN - 1], group->GTK_len); 2620 2621 #ifdef CONFIG_IEEE80211W 2622 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2623 size_t len; 2624 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); 2625 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2626 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2627 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion", 2628 wpa_auth->addr, group->GNonce, 2629 group->IGTK[group->GN_igtk - 4], len) < 0) 2630 ret = -1; 2631 wpa_hexdump_key(MSG_DEBUG, "IGTK", 2632 group->IGTK[group->GN_igtk - 4], len); 2633 } 2634 #endif /* CONFIG_IEEE80211W */ 2635 2636 return ret; 2637 } 2638 2639 2640 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, 2641 struct wpa_group *group) 2642 { 2643 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2644 "GTK_INIT (VLAN-ID %d)", group->vlan_id); 2645 group->changed = FALSE; /* GInit is not cleared here; avoid loop */ 2646 group->wpa_group_state = WPA_GROUP_GTK_INIT; 2647 2648 /* GTK[0..N] = 0 */ 2649 os_memset(group->GTK, 0, sizeof(group->GTK)); 2650 group->GN = 1; 2651 group->GM = 2; 2652 #ifdef CONFIG_IEEE80211W 2653 group->GN_igtk = 4; 2654 group->GM_igtk = 5; 2655 #endif /* CONFIG_IEEE80211W */ 2656 /* GTK[GN] = CalcGTK() */ 2657 wpa_gtk_update(wpa_auth, group); 2658 } 2659 2660 2661 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) 2662 { 2663 if (ctx != NULL && ctx != sm->group) 2664 return 0; 2665 2666 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { 2667 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2668 "Not in PTKINITDONE; skip Group Key update"); 2669 sm->GUpdateStationKeys = FALSE; 2670 return 0; 2671 } 2672 if (sm->GUpdateStationKeys) { 2673 /* 2674 * This should not really happen, so add a debug log entry. 2675 * Since we clear the GKeyDoneStations before the loop, the 2676 * station needs to be counted here anyway. 2677 */ 2678 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2679 "GUpdateStationKeys was already set when " 2680 "marking station for GTK rekeying"); 2681 } 2682 2683 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */ 2684 if (sm->is_wnmsleep) 2685 return 0; 2686 2687 sm->group->GKeyDoneStations++; 2688 sm->GUpdateStationKeys = TRUE; 2689 2690 wpa_sm_step(sm); 2691 return 0; 2692 } 2693 2694 2695 #ifdef CONFIG_WNM 2696 /* update GTK when exiting WNM-Sleep Mode */ 2697 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm) 2698 { 2699 if (sm == NULL || sm->is_wnmsleep) 2700 return; 2701 2702 wpa_group_update_sta(sm, NULL); 2703 } 2704 2705 2706 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag) 2707 { 2708 if (sm) 2709 sm->is_wnmsleep = !!flag; 2710 } 2711 2712 2713 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos) 2714 { 2715 struct wpa_group *gsm = sm->group; 2716 u8 *start = pos; 2717 2718 /* 2719 * GTK subelement: 2720 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | 2721 * Key[5..32] 2722 */ 2723 *pos++ = WNM_SLEEP_SUBELEM_GTK; 2724 *pos++ = 11 + gsm->GTK_len; 2725 /* Key ID in B0-B1 of Key Info */ 2726 WPA_PUT_LE16(pos, gsm->GN & 0x03); 2727 pos += 2; 2728 *pos++ = gsm->GTK_len; 2729 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0) 2730 return 0; 2731 pos += 8; 2732 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2733 pos += gsm->GTK_len; 2734 2735 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit", 2736 gsm->GN); 2737 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit", 2738 gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2739 2740 return pos - start; 2741 } 2742 2743 2744 #ifdef CONFIG_IEEE80211W 2745 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos) 2746 { 2747 struct wpa_group *gsm = sm->group; 2748 u8 *start = pos; 2749 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2750 2751 /* 2752 * IGTK subelement: 2753 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16] 2754 */ 2755 *pos++ = WNM_SLEEP_SUBELEM_IGTK; 2756 *pos++ = 2 + 6 + len; 2757 WPA_PUT_LE16(pos, gsm->GN_igtk); 2758 pos += 2; 2759 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0) 2760 return 0; 2761 pos += 6; 2762 2763 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len); 2764 pos += len; 2765 2766 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit", 2767 gsm->GN_igtk); 2768 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit", 2769 gsm->IGTK[gsm->GN_igtk - 4], len); 2770 2771 return pos - start; 2772 } 2773 #endif /* CONFIG_IEEE80211W */ 2774 #endif /* CONFIG_WNM */ 2775 2776 2777 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, 2778 struct wpa_group *group) 2779 { 2780 int tmp; 2781 2782 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2783 "SETKEYS (VLAN-ID %d)", group->vlan_id); 2784 group->changed = TRUE; 2785 group->wpa_group_state = WPA_GROUP_SETKEYS; 2786 group->GTKReKey = FALSE; 2787 tmp = group->GM; 2788 group->GM = group->GN; 2789 group->GN = tmp; 2790 #ifdef CONFIG_IEEE80211W 2791 tmp = group->GM_igtk; 2792 group->GM_igtk = group->GN_igtk; 2793 group->GN_igtk = tmp; 2794 #endif /* CONFIG_IEEE80211W */ 2795 /* "GKeyDoneStations = GNoStations" is done in more robust way by 2796 * counting the STAs that are marked with GUpdateStationKeys instead of 2797 * including all STAs that could be in not-yet-completed state. */ 2798 wpa_gtk_update(wpa_auth, group); 2799 2800 if (group->GKeyDoneStations) { 2801 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected " 2802 "GKeyDoneStations=%d when starting new GTK rekey", 2803 group->GKeyDoneStations); 2804 group->GKeyDoneStations = 0; 2805 } 2806 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group); 2807 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", 2808 group->GKeyDoneStations); 2809 } 2810 2811 2812 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, 2813 struct wpa_group *group) 2814 { 2815 int ret = 0; 2816 2817 if (wpa_auth_set_key(wpa_auth, group->vlan_id, 2818 wpa_cipher_to_alg(wpa_auth->conf.wpa_group), 2819 broadcast_ether_addr, group->GN, 2820 group->GTK[group->GN - 1], group->GTK_len) < 0) 2821 ret = -1; 2822 2823 #ifdef CONFIG_IEEE80211W 2824 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2825 enum wpa_alg alg; 2826 size_t len; 2827 2828 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher); 2829 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); 2830 2831 if (ret == 0 && 2832 wpa_auth_set_key(wpa_auth, group->vlan_id, alg, 2833 broadcast_ether_addr, group->GN_igtk, 2834 group->IGTK[group->GN_igtk - 4], len) < 0) 2835 ret = -1; 2836 } 2837 #endif /* CONFIG_IEEE80211W */ 2838 2839 return ret; 2840 } 2841 2842 2843 static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx) 2844 { 2845 if (sm->group == ctx) { 2846 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR 2847 " for discconnection due to fatal failure", 2848 MAC2STR(sm->addr)); 2849 sm->Disconnect = TRUE; 2850 } 2851 2852 return 0; 2853 } 2854 2855 2856 static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth, 2857 struct wpa_group *group) 2858 { 2859 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE"); 2860 group->changed = TRUE; 2861 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE; 2862 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group); 2863 } 2864 2865 2866 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, 2867 struct wpa_group *group) 2868 { 2869 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2870 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); 2871 group->changed = TRUE; 2872 group->wpa_group_state = WPA_GROUP_SETKEYSDONE; 2873 2874 if (wpa_group_config_group_keys(wpa_auth, group) < 0) { 2875 wpa_group_fatal_failure(wpa_auth, group); 2876 return -1; 2877 } 2878 2879 return 0; 2880 } 2881 2882 2883 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 2884 struct wpa_group *group) 2885 { 2886 if (group->GInit) { 2887 wpa_group_gtk_init(wpa_auth, group); 2888 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) { 2889 /* Do not allow group operations */ 2890 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && 2891 group->GTKAuthenticator) { 2892 wpa_group_setkeysdone(wpa_auth, group); 2893 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && 2894 group->GTKReKey) { 2895 wpa_group_setkeys(wpa_auth, group); 2896 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { 2897 if (group->GKeyDoneStations == 0) 2898 wpa_group_setkeysdone(wpa_auth, group); 2899 else if (group->GTKReKey) 2900 wpa_group_setkeys(wpa_auth, group); 2901 } 2902 } 2903 2904 2905 static int wpa_sm_step(struct wpa_state_machine *sm) 2906 { 2907 if (sm == NULL) 2908 return 0; 2909 2910 if (sm->in_step_loop) { 2911 /* This should not happen, but if it does, make sure we do not 2912 * end up freeing the state machine too early by exiting the 2913 * recursive call. */ 2914 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); 2915 return 0; 2916 } 2917 2918 sm->in_step_loop = 1; 2919 do { 2920 if (sm->pending_deinit) 2921 break; 2922 2923 sm->changed = FALSE; 2924 sm->wpa_auth->group->changed = FALSE; 2925 2926 SM_STEP_RUN(WPA_PTK); 2927 if (sm->pending_deinit) 2928 break; 2929 SM_STEP_RUN(WPA_PTK_GROUP); 2930 if (sm->pending_deinit) 2931 break; 2932 wpa_group_sm_step(sm->wpa_auth, sm->group); 2933 } while (sm->changed || sm->wpa_auth->group->changed); 2934 sm->in_step_loop = 0; 2935 2936 if (sm->pending_deinit) { 2937 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " 2938 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 2939 wpa_free_sta_sm(sm); 2940 return 1; 2941 } 2942 return 0; 2943 } 2944 2945 2946 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) 2947 { 2948 struct wpa_state_machine *sm = eloop_ctx; 2949 wpa_sm_step(sm); 2950 } 2951 2952 2953 void wpa_auth_sm_notify(struct wpa_state_machine *sm) 2954 { 2955 if (sm == NULL) 2956 return; 2957 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); 2958 } 2959 2960 2961 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) 2962 { 2963 int tmp, i; 2964 struct wpa_group *group; 2965 2966 if (wpa_auth == NULL) 2967 return; 2968 2969 group = wpa_auth->group; 2970 2971 for (i = 0; i < 2; i++) { 2972 tmp = group->GM; 2973 group->GM = group->GN; 2974 group->GN = tmp; 2975 #ifdef CONFIG_IEEE80211W 2976 tmp = group->GM_igtk; 2977 group->GM_igtk = group->GN_igtk; 2978 group->GN_igtk = tmp; 2979 #endif /* CONFIG_IEEE80211W */ 2980 wpa_gtk_update(wpa_auth, group); 2981 wpa_group_config_group_keys(wpa_auth, group); 2982 } 2983 } 2984 2985 2986 static const char * wpa_bool_txt(int bool) 2987 { 2988 return bool ? "TRUE" : "FALSE"; 2989 } 2990 2991 2992 #define RSN_SUITE "%02x-%02x-%02x-%d" 2993 #define RSN_SUITE_ARG(s) \ 2994 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2995 2996 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) 2997 { 2998 int len = 0, ret; 2999 char pmkid_txt[PMKID_LEN * 2 + 1]; 3000 #ifdef CONFIG_RSN_PREAUTH 3001 const int preauth = 1; 3002 #else /* CONFIG_RSN_PREAUTH */ 3003 const int preauth = 0; 3004 #endif /* CONFIG_RSN_PREAUTH */ 3005 3006 if (wpa_auth == NULL) 3007 return len; 3008 3009 ret = os_snprintf(buf + len, buflen - len, 3010 "dot11RSNAOptionImplemented=TRUE\n" 3011 "dot11RSNAPreauthenticationImplemented=%s\n" 3012 "dot11RSNAEnabled=%s\n" 3013 "dot11RSNAPreauthenticationEnabled=%s\n", 3014 wpa_bool_txt(preauth), 3015 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN), 3016 wpa_bool_txt(wpa_auth->conf.rsn_preauth)); 3017 if (os_snprintf_error(buflen - len, ret)) 3018 return len; 3019 len += ret; 3020 3021 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 3022 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); 3023 3024 ret = os_snprintf( 3025 buf + len, buflen - len, 3026 "dot11RSNAConfigVersion=%u\n" 3027 "dot11RSNAConfigPairwiseKeysSupported=9999\n" 3028 /* FIX: dot11RSNAConfigGroupCipher */ 3029 /* FIX: dot11RSNAConfigGroupRekeyMethod */ 3030 /* FIX: dot11RSNAConfigGroupRekeyTime */ 3031 /* FIX: dot11RSNAConfigGroupRekeyPackets */ 3032 "dot11RSNAConfigGroupRekeyStrict=%u\n" 3033 "dot11RSNAConfigGroupUpdateCount=%u\n" 3034 "dot11RSNAConfigPairwiseUpdateCount=%u\n" 3035 "dot11RSNAConfigGroupCipherSize=%u\n" 3036 "dot11RSNAConfigPMKLifetime=%u\n" 3037 "dot11RSNAConfigPMKReauthThreshold=%u\n" 3038 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" 3039 "dot11RSNAConfigSATimeout=%u\n" 3040 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 3041 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 3042 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 3043 "dot11RSNAPMKIDUsed=%s\n" 3044 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 3045 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 3046 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 3047 "dot11RSNATKIPCounterMeasuresInvoked=%u\n" 3048 "dot11RSNA4WayHandshakeFailures=%u\n" 3049 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", 3050 RSN_VERSION, 3051 !!wpa_auth->conf.wpa_strict_rekey, 3052 dot11RSNAConfigGroupUpdateCount, 3053 dot11RSNAConfigPairwiseUpdateCount, 3054 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8, 3055 dot11RSNAConfigPMKLifetime, 3056 dot11RSNAConfigPMKReauthThreshold, 3057 dot11RSNAConfigSATimeout, 3058 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected), 3059 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected), 3060 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), 3061 pmkid_txt, 3062 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested), 3063 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested), 3064 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), 3065 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, 3066 wpa_auth->dot11RSNA4WayHandshakeFailures); 3067 if (os_snprintf_error(buflen - len, ret)) 3068 return len; 3069 len += ret; 3070 3071 /* TODO: dot11RSNAConfigPairwiseCiphersTable */ 3072 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ 3073 3074 /* Private MIB */ 3075 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", 3076 wpa_auth->group->wpa_group_state); 3077 if (os_snprintf_error(buflen - len, ret)) 3078 return len; 3079 len += ret; 3080 3081 return len; 3082 } 3083 3084 3085 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) 3086 { 3087 int len = 0, ret; 3088 u32 pairwise = 0; 3089 3090 if (sm == NULL) 3091 return 0; 3092 3093 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ 3094 3095 /* dot11RSNAStatsEntry */ 3096 3097 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ? 3098 WPA_PROTO_RSN : WPA_PROTO_WPA, 3099 sm->pairwise); 3100 if (pairwise == 0) 3101 return 0; 3102 3103 ret = os_snprintf( 3104 buf + len, buflen - len, 3105 /* TODO: dot11RSNAStatsIndex */ 3106 "dot11RSNAStatsSTAAddress=" MACSTR "\n" 3107 "dot11RSNAStatsVersion=1\n" 3108 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" 3109 /* TODO: dot11RSNAStatsTKIPICVErrors */ 3110 "dot11RSNAStatsTKIPLocalMICFailures=%u\n" 3111 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n" 3112 /* TODO: dot11RSNAStatsCCMPReplays */ 3113 /* TODO: dot11RSNAStatsCCMPDecryptErrors */ 3114 /* TODO: dot11RSNAStatsTKIPReplays */, 3115 MAC2STR(sm->addr), 3116 RSN_SUITE_ARG(pairwise), 3117 sm->dot11RSNAStatsTKIPLocalMICFailures, 3118 sm->dot11RSNAStatsTKIPRemoteMICFailures); 3119 if (os_snprintf_error(buflen - len, ret)) 3120 return len; 3121 len += ret; 3122 3123 /* Private MIB */ 3124 ret = os_snprintf(buf + len, buflen - len, 3125 "hostapdWPAPTKState=%d\n" 3126 "hostapdWPAPTKGroupState=%d\n", 3127 sm->wpa_ptk_state, 3128 sm->wpa_ptk_group_state); 3129 if (os_snprintf_error(buflen - len, ret)) 3130 return len; 3131 len += ret; 3132 3133 return len; 3134 } 3135 3136 3137 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) 3138 { 3139 if (wpa_auth) 3140 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; 3141 } 3142 3143 3144 int wpa_auth_pairwise_set(struct wpa_state_machine *sm) 3145 { 3146 return sm && sm->pairwise_set; 3147 } 3148 3149 3150 int wpa_auth_get_pairwise(struct wpa_state_machine *sm) 3151 { 3152 return sm->pairwise; 3153 } 3154 3155 3156 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) 3157 { 3158 if (sm == NULL) 3159 return -1; 3160 return sm->wpa_key_mgmt; 3161 } 3162 3163 3164 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 3165 { 3166 if (sm == NULL) 3167 return 0; 3168 return sm->wpa; 3169 } 3170 3171 3172 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 3173 struct rsn_pmksa_cache_entry *entry) 3174 { 3175 if (sm == NULL || sm->pmksa != entry) 3176 return -1; 3177 sm->pmksa = NULL; 3178 return 0; 3179 } 3180 3181 3182 struct rsn_pmksa_cache_entry * 3183 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) 3184 { 3185 return sm ? sm->pmksa : NULL; 3186 } 3187 3188 3189 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) 3190 { 3191 if (sm) 3192 sm->dot11RSNAStatsTKIPLocalMICFailures++; 3193 } 3194 3195 3196 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) 3197 { 3198 if (wpa_auth == NULL) 3199 return NULL; 3200 *len = wpa_auth->wpa_ie_len; 3201 return wpa_auth->wpa_ie; 3202 } 3203 3204 3205 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 3206 int session_timeout, struct eapol_state_machine *eapol) 3207 { 3208 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 || 3209 sm->wpa_auth->conf.disable_pmksa_caching) 3210 return -1; 3211 3212 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN, 3213 sm->PTK.kck, sm->PTK.kck_len, 3214 sm->wpa_auth->addr, sm->addr, session_timeout, 3215 eapol, sm->wpa_key_mgmt)) 3216 return 0; 3217 3218 return -1; 3219 } 3220 3221 3222 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 3223 const u8 *pmk, size_t len, const u8 *sta_addr, 3224 int session_timeout, 3225 struct eapol_state_machine *eapol) 3226 { 3227 if (wpa_auth == NULL) 3228 return -1; 3229 3230 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, 3231 NULL, 0, 3232 wpa_auth->addr, 3233 sta_addr, session_timeout, eapol, 3234 WPA_KEY_MGMT_IEEE8021X)) 3235 return 0; 3236 3237 return -1; 3238 } 3239 3240 3241 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, 3242 const u8 *pmk) 3243 { 3244 if (wpa_auth->conf.disable_pmksa_caching) 3245 return -1; 3246 3247 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, 3248 NULL, 0, 3249 wpa_auth->addr, addr, 0, NULL, 3250 WPA_KEY_MGMT_SAE)) 3251 return 0; 3252 3253 return -1; 3254 } 3255 3256 3257 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, 3258 const u8 *sta_addr) 3259 { 3260 struct rsn_pmksa_cache_entry *pmksa; 3261 3262 if (wpa_auth == NULL || wpa_auth->pmksa == NULL) 3263 return; 3264 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL); 3265 if (pmksa) { 3266 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for " 3267 MACSTR " based on request", MAC2STR(sta_addr)); 3268 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa); 3269 } 3270 } 3271 3272 3273 static struct wpa_group * 3274 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) 3275 { 3276 struct wpa_group *group; 3277 3278 if (wpa_auth == NULL || wpa_auth->group == NULL) 3279 return NULL; 3280 3281 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", 3282 vlan_id); 3283 group = wpa_group_init(wpa_auth, vlan_id, 0); 3284 if (group == NULL) 3285 return NULL; 3286 3287 group->next = wpa_auth->group->next; 3288 wpa_auth->group->next = group; 3289 3290 return group; 3291 } 3292 3293 3294 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) 3295 { 3296 struct wpa_group *group; 3297 3298 if (sm == NULL || sm->wpa_auth == NULL) 3299 return 0; 3300 3301 group = sm->wpa_auth->group; 3302 while (group) { 3303 if (group->vlan_id == vlan_id) 3304 break; 3305 group = group->next; 3306 } 3307 3308 if (group == NULL) { 3309 group = wpa_auth_add_group(sm->wpa_auth, vlan_id); 3310 if (group == NULL) 3311 return -1; 3312 } 3313 3314 if (sm->group == group) 3315 return 0; 3316 3317 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 3318 return -1; 3319 3320 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " 3321 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); 3322 3323 sm->group = group; 3324 return 0; 3325 } 3326 3327 3328 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, 3329 struct wpa_state_machine *sm, int ack) 3330 { 3331 if (wpa_auth == NULL || sm == NULL) 3332 return; 3333 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR 3334 " ack=%d", MAC2STR(sm->addr), ack); 3335 if (sm->pending_1_of_4_timeout && ack) { 3336 /* 3337 * Some deployed supplicant implementations update their SNonce 3338 * for each EAPOL-Key 2/4 message even within the same 4-way 3339 * handshake and then fail to use the first SNonce when 3340 * deriving the PTK. This results in unsuccessful 4-way 3341 * handshake whenever the relatively short initial timeout is 3342 * reached and EAPOL-Key 1/4 is retransmitted. Try to work 3343 * around this by increasing the timeout now that we know that 3344 * the station has received the frame. 3345 */ 3346 int timeout_ms = eapol_key_timeout_subseq; 3347 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 " 3348 "timeout by %u ms because of acknowledged frame", 3349 timeout_ms); 3350 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 3351 eloop_register_timeout(timeout_ms / 1000, 3352 (timeout_ms % 1000) * 1000, 3353 wpa_send_eapol_timeout, wpa_auth, sm); 3354 } 3355 } 3356 3357 3358 int wpa_auth_uses_sae(struct wpa_state_machine *sm) 3359 { 3360 if (sm == NULL) 3361 return 0; 3362 return wpa_key_mgmt_sae(sm->wpa_key_mgmt); 3363 } 3364 3365 3366 int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm) 3367 { 3368 if (sm == NULL) 3369 return 0; 3370 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE; 3371 } 3372 3373 3374 #ifdef CONFIG_P2P 3375 int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr) 3376 { 3377 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0) 3378 return -1; 3379 os_memcpy(addr, sm->ip_addr, 4); 3380 return 0; 3381 } 3382 #endif /* CONFIG_P2P */ 3383 3384 3385 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth, 3386 struct radius_das_attrs *attr) 3387 { 3388 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr); 3389 } 3390 3391 3392 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth) 3393 { 3394 struct wpa_group *group; 3395 3396 if (!wpa_auth) 3397 return; 3398 for (group = wpa_auth->group; group; group = group->next) 3399 wpa_group_config_group_keys(wpa_auth, group); 3400 } 3401