1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/aes_wrap.h" 13 #include "crypto/crypto.h" 14 #include "crypto/random.h" 15 #include "common/ieee802_11_defs.h" 16 #include "eapol_supp/eapol_supp_sm.h" 17 #include "wpa.h" 18 #include "eloop.h" 19 #include "preauth.h" 20 #include "pmksa_cache.h" 21 #include "wpa_i.h" 22 #include "wpa_ie.h" 23 #include "peerkey.h" 24 25 26 /** 27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 28 * @sm: Pointer to WPA state machine data from wpa_sm_init() 29 * @kck: Key Confirmation Key (KCK, part of PTK) 30 * @kck_len: KCK length in octets 31 * @ver: Version field from Key Info 32 * @dest: Destination address for the frame 33 * @proto: Ethertype (usually ETH_P_EAPOL) 34 * @msg: EAPOL-Key message 35 * @msg_len: Length of message 36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 37 */ 38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, 39 int ver, const u8 *dest, u16 proto, 40 u8 *msg, size_t msg_len, u8 *key_mic) 41 { 42 size_t mic_len = wpa_mic_len(sm->key_mgmt); 43 44 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 45 /* 46 * Association event was not yet received; try to fetch 47 * BSSID from the driver. 48 */ 49 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 50 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51 "WPA: Failed to read BSSID for " 52 "EAPOL-Key destination address"); 53 } else { 54 dest = sm->bssid; 55 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 56 "WPA: Use BSSID (" MACSTR 57 ") as the destination for EAPOL-Key", 58 MAC2STR(dest)); 59 } 60 } 61 if (key_mic && 62 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, 63 key_mic)) { 64 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 66 ver, sm->key_mgmt); 67 goto out; 68 } 69 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); 70 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len); 71 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 72 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 73 eapol_sm_notify_tx_eapol_key(sm->eapol); 74 out: 75 os_free(msg); 76 } 77 78 79 /** 80 * wpa_sm_key_request - Send EAPOL-Key Request 81 * @sm: Pointer to WPA state machine data from wpa_sm_init() 82 * @error: Indicate whether this is an Michael MIC error report 83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 84 * 85 * Send an EAPOL-Key Request to the current authenticator. This function is 86 * used to request rekeying and it is usually called when a local Michael MIC 87 * failure is detected. 88 */ 89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 90 { 91 size_t mic_len, hdrlen, rlen; 92 struct wpa_eapol_key *reply; 93 struct wpa_eapol_key_192 *reply192; 94 int key_info, ver; 95 u8 bssid[ETH_ALEN], *rbuf, *key_mic; 96 97 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 98 wpa_key_mgmt_suite_b(sm->key_mgmt)) 99 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 100 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 101 wpa_key_mgmt_sha256(sm->key_mgmt)) 102 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 103 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 104 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 105 else 106 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 107 108 if (wpa_sm_get_bssid(sm, bssid) < 0) { 109 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 110 "Failed to read BSSID for EAPOL-Key request"); 111 return; 112 } 113 114 mic_len = wpa_mic_len(sm->key_mgmt); 115 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 116 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 117 hdrlen, &rlen, (void *) &reply); 118 if (rbuf == NULL) 119 return; 120 reply192 = (struct wpa_eapol_key_192 *) reply; 121 122 reply->type = (sm->proto == WPA_PROTO_RSN || 123 sm->proto == WPA_PROTO_OSEN) ? 124 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 125 key_info = WPA_KEY_INFO_REQUEST | ver; 126 if (sm->ptk_set) 127 key_info |= WPA_KEY_INFO_MIC; 128 if (error) 129 key_info |= WPA_KEY_INFO_ERROR; 130 if (pairwise) 131 key_info |= WPA_KEY_INFO_KEY_TYPE; 132 WPA_PUT_BE16(reply->key_info, key_info); 133 WPA_PUT_BE16(reply->key_length, 0); 134 os_memcpy(reply->replay_counter, sm->request_counter, 135 WPA_REPLAY_COUNTER_LEN); 136 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 137 138 if (mic_len == 24) 139 WPA_PUT_BE16(reply192->key_data_length, 0); 140 else 141 WPA_PUT_BE16(reply->key_data_length, 0); 142 if (!(key_info & WPA_KEY_INFO_MIC)) 143 key_mic = NULL; 144 else 145 key_mic = reply192->key_mic; /* same offset in reply */ 146 147 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 148 "WPA: Sending EAPOL-Key Request (error=%d " 149 "pairwise=%d ptk_set=%d len=%lu)", 150 error, pairwise, sm->ptk_set, (unsigned long) rlen); 151 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 152 ETH_P_EAPOL, rbuf, rlen, key_mic); 153 } 154 155 156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 157 { 158 #ifdef CONFIG_IEEE80211R 159 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 160 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 161 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 162 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 163 } else { 164 #endif /* CONFIG_IEEE80211R */ 165 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 166 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 167 "RSN: Cannot set PMK for key management offload"); 168 #ifdef CONFIG_IEEE80211R 169 } 170 #endif /* CONFIG_IEEE80211R */ 171 } 172 173 174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 175 const unsigned char *src_addr, 176 const u8 *pmkid) 177 { 178 int abort_cached = 0; 179 180 if (pmkid && !sm->cur_pmksa) { 181 /* When using drivers that generate RSN IE, wpa_supplicant may 182 * not have enough time to get the association information 183 * event before receiving this 1/4 message, so try to find a 184 * matching PMKSA cache entry here. */ 185 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 186 NULL); 187 if (sm->cur_pmksa) { 188 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 189 "RSN: found matching PMKID from PMKSA cache"); 190 } else { 191 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 192 "RSN: no matching PMKID found"); 193 abort_cached = 1; 194 } 195 } 196 197 if (pmkid && sm->cur_pmksa && 198 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 199 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 200 wpa_sm_set_pmk_from_pmksa(sm); 201 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 202 sm->pmk, sm->pmk_len); 203 eapol_sm_notify_cached(sm->eapol); 204 #ifdef CONFIG_IEEE80211R 205 sm->xxkey_len = 0; 206 #endif /* CONFIG_IEEE80211R */ 207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 208 int res, pmk_len; 209 pmk_len = PMK_LEN; 210 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 211 if (res) { 212 /* 213 * EAP-LEAP is an exception from other EAP methods: it 214 * uses only 16-byte PMK. 215 */ 216 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 217 pmk_len = 16; 218 } else { 219 #ifdef CONFIG_IEEE80211R 220 u8 buf[2 * PMK_LEN]; 221 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 222 { 223 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 224 sm->xxkey_len = PMK_LEN; 225 os_memset(buf, 0, sizeof(buf)); 226 } 227 #endif /* CONFIG_IEEE80211R */ 228 } 229 if (res == 0) { 230 struct rsn_pmksa_cache_entry *sa = NULL; 231 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 232 "machines", sm->pmk, pmk_len); 233 sm->pmk_len = pmk_len; 234 wpa_supplicant_key_mgmt_set_pmk(sm); 235 if (sm->proto == WPA_PROTO_RSN && 236 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 237 !wpa_key_mgmt_ft(sm->key_mgmt)) { 238 sa = pmksa_cache_add(sm->pmksa, 239 sm->pmk, pmk_len, 240 NULL, 0, 241 src_addr, sm->own_addr, 242 sm->network_ctx, 243 sm->key_mgmt); 244 } 245 if (!sm->cur_pmksa && pmkid && 246 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 247 { 248 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 249 "RSN: the new PMK matches with the " 250 "PMKID"); 251 abort_cached = 0; 252 } else if (sa && !sm->cur_pmksa && pmkid) { 253 /* 254 * It looks like the authentication server 255 * derived mismatching MSK. This should not 256 * really happen, but bugs happen.. There is not 257 * much we can do here without knowing what 258 * exactly caused the server to misbehave. 259 */ 260 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, 261 "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); 262 return -1; 263 } 264 265 if (!sm->cur_pmksa) 266 sm->cur_pmksa = sa; 267 } else { 268 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 269 "WPA: Failed to get master session key from " 270 "EAPOL state machines - key handshake " 271 "aborted"); 272 if (sm->cur_pmksa) { 273 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 274 "RSN: Cancelled PMKSA caching " 275 "attempt"); 276 sm->cur_pmksa = NULL; 277 abort_cached = 1; 278 } else if (!abort_cached) { 279 return -1; 280 } 281 } 282 } 283 284 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 285 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 286 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 287 { 288 /* Send EAPOL-Start to trigger full EAP authentication. */ 289 u8 *buf; 290 size_t buflen; 291 292 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 293 "RSN: no PMKSA entry found - trigger " 294 "full EAP authentication"); 295 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 296 NULL, 0, &buflen, NULL); 297 if (buf) { 298 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 299 buf, buflen); 300 os_free(buf); 301 return -2; 302 } 303 304 return -1; 305 } 306 307 return 0; 308 } 309 310 311 /** 312 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 313 * @sm: Pointer to WPA state machine data from wpa_sm_init() 314 * @dst: Destination address for the frame 315 * @key: Pointer to the EAPOL-Key frame header 316 * @ver: Version bits from EAPOL-Key Key Info 317 * @nonce: Nonce value for the EAPOL-Key frame 318 * @wpa_ie: WPA/RSN IE 319 * @wpa_ie_len: Length of the WPA/RSN IE 320 * @ptk: PTK to use for keyed hash and encryption 321 * Returns: 0 on success, -1 on failure 322 */ 323 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 324 const struct wpa_eapol_key *key, 325 int ver, const u8 *nonce, 326 const u8 *wpa_ie, size_t wpa_ie_len, 327 struct wpa_ptk *ptk) 328 { 329 size_t mic_len, hdrlen, rlen; 330 struct wpa_eapol_key *reply; 331 struct wpa_eapol_key_192 *reply192; 332 u8 *rbuf, *key_mic; 333 u8 *rsn_ie_buf = NULL; 334 335 if (wpa_ie == NULL) { 336 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 337 "cannot generate msg 2/4"); 338 return -1; 339 } 340 341 #ifdef CONFIG_IEEE80211R 342 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 343 int res; 344 345 /* 346 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 347 * FTIE from (Re)Association Response. 348 */ 349 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 350 sm->assoc_resp_ies_len); 351 if (rsn_ie_buf == NULL) 352 return -1; 353 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 354 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 355 sm->pmk_r1_name); 356 if (res < 0) { 357 os_free(rsn_ie_buf); 358 return -1; 359 } 360 wpa_ie_len += res; 361 362 if (sm->assoc_resp_ies) { 363 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 364 sm->assoc_resp_ies_len); 365 wpa_ie_len += sm->assoc_resp_ies_len; 366 } 367 368 wpa_ie = rsn_ie_buf; 369 } 370 #endif /* CONFIG_IEEE80211R */ 371 372 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 373 374 mic_len = wpa_mic_len(sm->key_mgmt); 375 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 376 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 377 NULL, hdrlen + wpa_ie_len, 378 &rlen, (void *) &reply); 379 if (rbuf == NULL) { 380 os_free(rsn_ie_buf); 381 return -1; 382 } 383 reply192 = (struct wpa_eapol_key_192 *) reply; 384 385 reply->type = (sm->proto == WPA_PROTO_RSN || 386 sm->proto == WPA_PROTO_OSEN) ? 387 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 388 WPA_PUT_BE16(reply->key_info, 389 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 390 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 391 WPA_PUT_BE16(reply->key_length, 0); 392 else 393 os_memcpy(reply->key_length, key->key_length, 2); 394 os_memcpy(reply->replay_counter, key->replay_counter, 395 WPA_REPLAY_COUNTER_LEN); 396 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 397 WPA_REPLAY_COUNTER_LEN); 398 399 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 400 if (mic_len == 24) { 401 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len); 402 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len); 403 } else { 404 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 405 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 406 } 407 os_free(rsn_ie_buf); 408 409 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 410 411 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 412 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 413 rbuf, rlen, key_mic); 414 415 return 0; 416 } 417 418 419 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 420 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 421 { 422 #ifdef CONFIG_IEEE80211R 423 if (wpa_key_mgmt_ft(sm->key_mgmt)) 424 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 425 #endif /* CONFIG_IEEE80211R */ 426 427 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 428 sm->own_addr, sm->bssid, sm->snonce, 429 key->key_nonce, ptk, sm->key_mgmt, 430 sm->pairwise_cipher); 431 } 432 433 434 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 435 const unsigned char *src_addr, 436 const struct wpa_eapol_key *key, 437 u16 ver, const u8 *key_data, 438 size_t key_data_len) 439 { 440 struct wpa_eapol_ie_parse ie; 441 struct wpa_ptk *ptk; 442 int res; 443 u8 *kde, *kde_buf = NULL; 444 size_t kde_len; 445 446 if (wpa_sm_get_network_ctx(sm) == NULL) { 447 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 448 "found (msg 1 of 4)"); 449 return; 450 } 451 452 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 453 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 454 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 455 456 os_memset(&ie, 0, sizeof(ie)); 457 458 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 459 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 460 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 461 key_data, key_data_len); 462 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 463 goto failed; 464 if (ie.pmkid) { 465 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 466 "Authenticator", ie.pmkid, PMKID_LEN); 467 } 468 } 469 470 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 471 if (res == -2) { 472 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 473 "msg 1/4 - requesting full EAP authentication"); 474 return; 475 } 476 if (res) 477 goto failed; 478 479 if (sm->renew_snonce) { 480 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 481 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 482 "WPA: Failed to get random data for SNonce"); 483 goto failed; 484 } 485 sm->renew_snonce = 0; 486 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 487 sm->snonce, WPA_NONCE_LEN); 488 } 489 490 /* Calculate PTK which will be stored as a temporary PTK until it has 491 * been verified when processing message 3/4. */ 492 ptk = &sm->tptk; 493 wpa_derive_ptk(sm, src_addr, key, ptk); 494 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 495 u8 buf[8]; 496 /* Supplicant: swap tx/rx Mic keys */ 497 os_memcpy(buf, &ptk->tk[16], 8); 498 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 499 os_memcpy(&ptk->tk[24], buf, 8); 500 os_memset(buf, 0, sizeof(buf)); 501 } 502 sm->tptk_set = 1; 503 504 kde = sm->assoc_wpa_ie; 505 kde_len = sm->assoc_wpa_ie_len; 506 507 #ifdef CONFIG_P2P 508 if (sm->p2p) { 509 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 510 if (kde_buf) { 511 u8 *pos; 512 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 513 "into EAPOL-Key 2/4"); 514 os_memcpy(kde_buf, kde, kde_len); 515 kde = kde_buf; 516 pos = kde + kde_len; 517 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 518 *pos++ = RSN_SELECTOR_LEN + 1; 519 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 520 pos += RSN_SELECTOR_LEN; 521 *pos++ = 0x01; 522 kde_len = pos - kde; 523 } 524 } 525 #endif /* CONFIG_P2P */ 526 527 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 528 kde, kde_len, ptk)) 529 goto failed; 530 531 os_free(kde_buf); 532 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 533 return; 534 535 failed: 536 os_free(kde_buf); 537 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 538 } 539 540 541 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 542 { 543 struct wpa_sm *sm = eloop_ctx; 544 rsn_preauth_candidate_process(sm); 545 } 546 547 548 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 549 const u8 *addr, int secure) 550 { 551 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 552 "WPA: Key negotiation completed with " 553 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 554 wpa_cipher_txt(sm->pairwise_cipher), 555 wpa_cipher_txt(sm->group_cipher)); 556 wpa_sm_cancel_auth_timeout(sm); 557 wpa_sm_set_state(sm, WPA_COMPLETED); 558 559 if (secure) { 560 wpa_sm_mlme_setprotection( 561 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 562 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 563 eapol_sm_notify_portValid(sm->eapol, TRUE); 564 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 565 eapol_sm_notify_eap_success(sm->eapol, TRUE); 566 /* 567 * Start preauthentication after a short wait to avoid a 568 * possible race condition between the data receive and key 569 * configuration after the 4-Way Handshake. This increases the 570 * likelihood of the first preauth EAPOL-Start frame getting to 571 * the target AP. 572 */ 573 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 574 } 575 576 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 577 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 578 "RSN: Authenticator accepted " 579 "opportunistic PMKSA entry - marking it valid"); 580 sm->cur_pmksa->opportunistic = 0; 581 } 582 583 #ifdef CONFIG_IEEE80211R 584 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 585 /* Prepare for the next transition */ 586 wpa_ft_prepare_auth_request(sm, NULL); 587 } 588 #endif /* CONFIG_IEEE80211R */ 589 } 590 591 592 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 593 { 594 struct wpa_sm *sm = eloop_ctx; 595 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 596 wpa_sm_key_request(sm, 0, 1); 597 } 598 599 600 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 601 const struct wpa_eapol_key *key) 602 { 603 int keylen, rsclen; 604 enum wpa_alg alg; 605 const u8 *key_rsc; 606 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 607 608 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 609 "WPA: Installing PTK to the driver"); 610 611 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 612 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 613 "Suite: NONE - do not use pairwise keys"); 614 return 0; 615 } 616 617 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 618 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 619 "WPA: Unsupported pairwise cipher %d", 620 sm->pairwise_cipher); 621 return -1; 622 } 623 624 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 625 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 626 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 627 628 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 629 key_rsc = null_rsc; 630 } else { 631 key_rsc = key->key_rsc; 632 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 633 } 634 635 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 636 sm->ptk.tk, keylen) < 0) { 637 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 638 "WPA: Failed to set PTK to the " 639 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 640 alg, keylen, MAC2STR(sm->bssid)); 641 return -1; 642 } 643 644 /* TK is not needed anymore in supplicant */ 645 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 646 647 if (sm->wpa_ptk_rekey) { 648 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 649 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 650 sm, NULL); 651 } 652 653 return 0; 654 } 655 656 657 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 658 int group_cipher, 659 int keylen, int maxkeylen, 660 int *key_rsc_len, 661 enum wpa_alg *alg) 662 { 663 int klen; 664 665 *alg = wpa_cipher_to_alg(group_cipher); 666 if (*alg == WPA_ALG_NONE) { 667 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 668 "WPA: Unsupported Group Cipher %d", 669 group_cipher); 670 return -1; 671 } 672 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 673 674 klen = wpa_cipher_key_len(group_cipher); 675 if (keylen != klen || maxkeylen < klen) { 676 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 677 "WPA: Unsupported %s Group Cipher key length %d (%d)", 678 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 679 return -1; 680 } 681 return 0; 682 } 683 684 685 struct wpa_gtk_data { 686 enum wpa_alg alg; 687 int tx, key_rsc_len, keyidx; 688 u8 gtk[32]; 689 int gtk_len; 690 }; 691 692 693 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 694 const struct wpa_gtk_data *gd, 695 const u8 *key_rsc) 696 { 697 const u8 *_gtk = gd->gtk; 698 u8 gtk_buf[32]; 699 700 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 701 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 702 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 703 gd->keyidx, gd->tx, gd->gtk_len); 704 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 705 if (sm->group_cipher == WPA_CIPHER_TKIP) { 706 /* Swap Tx/Rx keys for Michael MIC */ 707 os_memcpy(gtk_buf, gd->gtk, 16); 708 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 709 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 710 _gtk = gtk_buf; 711 } 712 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 713 if (wpa_sm_set_key(sm, gd->alg, NULL, 714 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 715 _gtk, gd->gtk_len) < 0) { 716 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 717 "WPA: Failed to set GTK to the driver " 718 "(Group only)"); 719 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 720 return -1; 721 } 722 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 723 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 724 _gtk, gd->gtk_len) < 0) { 725 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 726 "WPA: Failed to set GTK to " 727 "the driver (alg=%d keylen=%d keyidx=%d)", 728 gd->alg, gd->gtk_len, gd->keyidx); 729 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 730 return -1; 731 } 732 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 733 734 return 0; 735 } 736 737 738 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 739 int tx) 740 { 741 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 742 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 743 * seemed to set this bit (incorrectly, since Tx is only when 744 * doing Group Key only APs) and without this workaround, the 745 * data connection does not work because wpa_supplicant 746 * configured non-zero keyidx to be used for unicast. */ 747 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 748 "WPA: Tx bit set for GTK, but pairwise " 749 "keys are used - ignore Tx bit"); 750 return 0; 751 } 752 return tx; 753 } 754 755 756 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 757 const struct wpa_eapol_key *key, 758 const u8 *gtk, size_t gtk_len, 759 int key_info) 760 { 761 struct wpa_gtk_data gd; 762 763 /* 764 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 765 * GTK KDE format: 766 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 767 * Reserved [bits 0-7] 768 * GTK 769 */ 770 771 os_memset(&gd, 0, sizeof(gd)); 772 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 773 gtk, gtk_len); 774 775 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 776 return -1; 777 778 gd.keyidx = gtk[0] & 0x3; 779 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 780 !!(gtk[0] & BIT(2))); 781 gtk += 2; 782 gtk_len -= 2; 783 784 os_memcpy(gd.gtk, gtk, gtk_len); 785 gd.gtk_len = gtk_len; 786 787 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 788 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 789 gtk_len, gtk_len, 790 &gd.key_rsc_len, &gd.alg) || 791 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) { 792 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 793 "RSN: Failed to install GTK"); 794 os_memset(&gd, 0, sizeof(gd)); 795 return -1; 796 } 797 os_memset(&gd, 0, sizeof(gd)); 798 799 wpa_supplicant_key_neg_complete(sm, sm->bssid, 800 key_info & WPA_KEY_INFO_SECURE); 801 return 0; 802 } 803 804 805 static int ieee80211w_set_keys(struct wpa_sm *sm, 806 struct wpa_eapol_ie_parse *ie) 807 { 808 #ifdef CONFIG_IEEE80211W 809 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 810 return 0; 811 812 if (ie->igtk) { 813 size_t len; 814 const struct wpa_igtk_kde *igtk; 815 u16 keyidx; 816 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 817 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 818 return -1; 819 igtk = (const struct wpa_igtk_kde *) ie->igtk; 820 keyidx = WPA_GET_LE16(igtk->keyid); 821 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 822 "pn %02x%02x%02x%02x%02x%02x", 823 keyidx, MAC2STR(igtk->pn)); 824 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 825 igtk->igtk, len); 826 if (keyidx > 4095) { 827 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 828 "WPA: Invalid IGTK KeyID %d", keyidx); 829 return -1; 830 } 831 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 832 broadcast_ether_addr, 833 keyidx, 0, igtk->pn, sizeof(igtk->pn), 834 igtk->igtk, len) < 0) { 835 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 836 "WPA: Failed to configure IGTK to the driver"); 837 return -1; 838 } 839 } 840 841 return 0; 842 #else /* CONFIG_IEEE80211W */ 843 return 0; 844 #endif /* CONFIG_IEEE80211W */ 845 } 846 847 848 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 849 const char *reason, const u8 *src_addr, 850 const u8 *wpa_ie, size_t wpa_ie_len, 851 const u8 *rsn_ie, size_t rsn_ie_len) 852 { 853 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 854 reason, MAC2STR(src_addr)); 855 856 if (sm->ap_wpa_ie) { 857 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 858 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 859 } 860 if (wpa_ie) { 861 if (!sm->ap_wpa_ie) { 862 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 863 "WPA: No WPA IE in Beacon/ProbeResp"); 864 } 865 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 866 wpa_ie, wpa_ie_len); 867 } 868 869 if (sm->ap_rsn_ie) { 870 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 871 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 872 } 873 if (rsn_ie) { 874 if (!sm->ap_rsn_ie) { 875 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 876 "WPA: No RSN IE in Beacon/ProbeResp"); 877 } 878 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 879 rsn_ie, rsn_ie_len); 880 } 881 882 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 883 } 884 885 886 #ifdef CONFIG_IEEE80211R 887 888 static int ft_validate_mdie(struct wpa_sm *sm, 889 const unsigned char *src_addr, 890 struct wpa_eapol_ie_parse *ie, 891 const u8 *assoc_resp_mdie) 892 { 893 struct rsn_mdie *mdie; 894 895 mdie = (struct rsn_mdie *) (ie->mdie + 2); 896 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 897 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 898 MOBILITY_DOMAIN_ID_LEN) != 0) { 899 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 900 "not match with the current mobility domain"); 901 return -1; 902 } 903 904 if (assoc_resp_mdie && 905 (assoc_resp_mdie[1] != ie->mdie[1] || 906 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 907 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 908 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 909 ie->mdie, 2 + ie->mdie[1]); 910 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 911 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 912 return -1; 913 } 914 915 return 0; 916 } 917 918 919 static int ft_validate_ftie(struct wpa_sm *sm, 920 const unsigned char *src_addr, 921 struct wpa_eapol_ie_parse *ie, 922 const u8 *assoc_resp_ftie) 923 { 924 if (ie->ftie == NULL) { 925 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 926 "FT: No FTIE in EAPOL-Key msg 3/4"); 927 return -1; 928 } 929 930 if (assoc_resp_ftie == NULL) 931 return 0; 932 933 if (assoc_resp_ftie[1] != ie->ftie[1] || 934 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 935 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 936 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 937 ie->ftie, 2 + ie->ftie[1]); 938 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 939 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 940 return -1; 941 } 942 943 return 0; 944 } 945 946 947 static int ft_validate_rsnie(struct wpa_sm *sm, 948 const unsigned char *src_addr, 949 struct wpa_eapol_ie_parse *ie) 950 { 951 struct wpa_ie_data rsn; 952 953 if (!ie->rsn_ie) 954 return 0; 955 956 /* 957 * Verify that PMKR1Name from EAPOL-Key message 3/4 958 * matches with the value we derived. 959 */ 960 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 961 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 962 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 963 "FT 4-way handshake message 3/4"); 964 return -1; 965 } 966 967 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 968 { 969 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 970 "FT: PMKR1Name mismatch in " 971 "FT 4-way handshake message 3/4"); 972 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 973 rsn.pmkid, WPA_PMK_NAME_LEN); 974 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 975 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 976 return -1; 977 } 978 979 return 0; 980 } 981 982 983 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 984 const unsigned char *src_addr, 985 struct wpa_eapol_ie_parse *ie) 986 { 987 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 988 989 if (sm->assoc_resp_ies) { 990 pos = sm->assoc_resp_ies; 991 end = pos + sm->assoc_resp_ies_len; 992 while (pos + 2 < end) { 993 if (pos + 2 + pos[1] > end) 994 break; 995 switch (*pos) { 996 case WLAN_EID_MOBILITY_DOMAIN: 997 mdie = pos; 998 break; 999 case WLAN_EID_FAST_BSS_TRANSITION: 1000 ftie = pos; 1001 break; 1002 } 1003 pos += 2 + pos[1]; 1004 } 1005 } 1006 1007 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 1008 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 1009 ft_validate_rsnie(sm, src_addr, ie) < 0) 1010 return -1; 1011 1012 return 0; 1013 } 1014 1015 #endif /* CONFIG_IEEE80211R */ 1016 1017 1018 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1019 const unsigned char *src_addr, 1020 struct wpa_eapol_ie_parse *ie) 1021 { 1022 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1023 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1024 "WPA: No WPA/RSN IE for this AP known. " 1025 "Trying to get from scan results"); 1026 if (wpa_sm_get_beacon_ie(sm) < 0) { 1027 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1028 "WPA: Could not find AP from " 1029 "the scan results"); 1030 } else { 1031 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1032 "WPA: Found the current AP from " 1033 "updated scan results"); 1034 } 1035 } 1036 1037 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1038 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1039 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1040 "with IE in Beacon/ProbeResp (no IE?)", 1041 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1042 ie->rsn_ie, ie->rsn_ie_len); 1043 return -1; 1044 } 1045 1046 if ((ie->wpa_ie && sm->ap_wpa_ie && 1047 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1048 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1049 (ie->rsn_ie && sm->ap_rsn_ie && 1050 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1051 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1052 ie->rsn_ie, ie->rsn_ie_len))) { 1053 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1054 "with IE in Beacon/ProbeResp", 1055 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1056 ie->rsn_ie, ie->rsn_ie_len); 1057 return -1; 1058 } 1059 1060 if (sm->proto == WPA_PROTO_WPA && 1061 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1062 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1063 "detected - RSN was enabled and RSN IE " 1064 "was in msg 3/4, but not in " 1065 "Beacon/ProbeResp", 1066 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1067 ie->rsn_ie, ie->rsn_ie_len); 1068 return -1; 1069 } 1070 1071 #ifdef CONFIG_IEEE80211R 1072 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1073 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1074 return -1; 1075 #endif /* CONFIG_IEEE80211R */ 1076 1077 return 0; 1078 } 1079 1080 1081 /** 1082 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1083 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1084 * @dst: Destination address for the frame 1085 * @key: Pointer to the EAPOL-Key frame header 1086 * @ver: Version bits from EAPOL-Key Key Info 1087 * @key_info: Key Info 1088 * @ptk: PTK to use for keyed hash and encryption 1089 * Returns: 0 on success, -1 on failure 1090 */ 1091 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1092 const struct wpa_eapol_key *key, 1093 u16 ver, u16 key_info, 1094 struct wpa_ptk *ptk) 1095 { 1096 size_t mic_len, hdrlen, rlen; 1097 struct wpa_eapol_key *reply; 1098 struct wpa_eapol_key_192 *reply192; 1099 u8 *rbuf, *key_mic; 1100 1101 mic_len = wpa_mic_len(sm->key_mgmt); 1102 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1103 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1104 hdrlen, &rlen, (void *) &reply); 1105 if (rbuf == NULL) 1106 return -1; 1107 reply192 = (struct wpa_eapol_key_192 *) reply; 1108 1109 reply->type = (sm->proto == WPA_PROTO_RSN || 1110 sm->proto == WPA_PROTO_OSEN) ? 1111 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1112 key_info &= WPA_KEY_INFO_SECURE; 1113 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1114 WPA_PUT_BE16(reply->key_info, key_info); 1115 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1116 WPA_PUT_BE16(reply->key_length, 0); 1117 else 1118 os_memcpy(reply->key_length, key->key_length, 2); 1119 os_memcpy(reply->replay_counter, key->replay_counter, 1120 WPA_REPLAY_COUNTER_LEN); 1121 1122 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1123 if (mic_len == 24) 1124 WPA_PUT_BE16(reply192->key_data_length, 0); 1125 else 1126 WPA_PUT_BE16(reply->key_data_length, 0); 1127 1128 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1129 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 1130 rbuf, rlen, key_mic); 1131 1132 return 0; 1133 } 1134 1135 1136 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1137 const struct wpa_eapol_key *key, 1138 u16 ver, const u8 *key_data, 1139 size_t key_data_len) 1140 { 1141 u16 key_info, keylen; 1142 struct wpa_eapol_ie_parse ie; 1143 1144 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1145 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1146 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1147 1148 key_info = WPA_GET_BE16(key->key_info); 1149 1150 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1151 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1152 goto failed; 1153 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1154 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1155 "WPA: GTK IE in unencrypted key data"); 1156 goto failed; 1157 } 1158 #ifdef CONFIG_IEEE80211W 1159 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1160 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1161 "WPA: IGTK KDE in unencrypted key data"); 1162 goto failed; 1163 } 1164 1165 if (ie.igtk && 1166 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1167 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1168 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1169 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1170 "WPA: Invalid IGTK KDE length %lu", 1171 (unsigned long) ie.igtk_len); 1172 goto failed; 1173 } 1174 #endif /* CONFIG_IEEE80211W */ 1175 1176 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1177 goto failed; 1178 1179 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1180 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1181 "WPA: ANonce from message 1 of 4-Way Handshake " 1182 "differs from 3 of 4-Way Handshake - drop packet (src=" 1183 MACSTR ")", MAC2STR(sm->bssid)); 1184 goto failed; 1185 } 1186 1187 keylen = WPA_GET_BE16(key->key_length); 1188 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1189 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1190 "WPA: Invalid %s key length %d (src=" MACSTR 1191 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1192 MAC2STR(sm->bssid)); 1193 goto failed; 1194 } 1195 1196 #ifdef CONFIG_P2P 1197 if (ie.ip_addr_alloc) { 1198 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1199 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1200 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1201 } 1202 #endif /* CONFIG_P2P */ 1203 1204 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1205 &sm->ptk)) { 1206 goto failed; 1207 } 1208 1209 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1210 * for the next 4-Way Handshake. If msg 3 is received again, the old 1211 * SNonce will still be used to avoid changing PTK. */ 1212 sm->renew_snonce = 1; 1213 1214 if (key_info & WPA_KEY_INFO_INSTALL) { 1215 if (wpa_supplicant_install_ptk(sm, key)) 1216 goto failed; 1217 } 1218 1219 if (key_info & WPA_KEY_INFO_SECURE) { 1220 wpa_sm_mlme_setprotection( 1221 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1222 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1223 eapol_sm_notify_portValid(sm->eapol, TRUE); 1224 } 1225 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1226 1227 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1228 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1229 key_info & WPA_KEY_INFO_SECURE); 1230 } else if (ie.gtk && 1231 wpa_supplicant_pairwise_gtk(sm, key, 1232 ie.gtk, ie.gtk_len, key_info) < 0) { 1233 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1234 "RSN: Failed to configure GTK"); 1235 goto failed; 1236 } 1237 1238 if (ieee80211w_set_keys(sm, &ie) < 0) { 1239 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1240 "RSN: Failed to configure IGTK"); 1241 goto failed; 1242 } 1243 1244 if (ie.gtk) 1245 wpa_sm_set_rekey_offload(sm); 1246 1247 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1248 struct rsn_pmksa_cache_entry *sa; 1249 1250 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, 1251 sm->ptk.kck, sm->ptk.kck_len, 1252 sm->bssid, sm->own_addr, 1253 sm->network_ctx, sm->key_mgmt); 1254 if (!sm->cur_pmksa) 1255 sm->cur_pmksa = sa; 1256 } 1257 1258 sm->msg_3_of_4_ok = 1; 1259 return; 1260 1261 failed: 1262 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1263 } 1264 1265 1266 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1267 const u8 *keydata, 1268 size_t keydatalen, 1269 u16 key_info, 1270 struct wpa_gtk_data *gd) 1271 { 1272 int maxkeylen; 1273 struct wpa_eapol_ie_parse ie; 1274 1275 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1276 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1277 return -1; 1278 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1279 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1280 "WPA: GTK IE in unencrypted key data"); 1281 return -1; 1282 } 1283 if (ie.gtk == NULL) { 1284 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1285 "WPA: No GTK IE in Group Key msg 1/2"); 1286 return -1; 1287 } 1288 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1289 1290 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1291 gd->gtk_len, maxkeylen, 1292 &gd->key_rsc_len, &gd->alg)) 1293 return -1; 1294 1295 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", 1296 ie.gtk, ie.gtk_len); 1297 gd->keyidx = ie.gtk[0] & 0x3; 1298 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1299 !!(ie.gtk[0] & BIT(2))); 1300 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1301 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1302 "RSN: Too long GTK in GTK IE (len=%lu)", 1303 (unsigned long) ie.gtk_len - 2); 1304 return -1; 1305 } 1306 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1307 1308 if (ieee80211w_set_keys(sm, &ie) < 0) 1309 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1310 "RSN: Failed to configure IGTK"); 1311 1312 return 0; 1313 } 1314 1315 1316 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1317 const struct wpa_eapol_key *key, 1318 const u8 *key_data, 1319 size_t key_data_len, u16 key_info, 1320 u16 ver, struct wpa_gtk_data *gd) 1321 { 1322 size_t maxkeylen; 1323 u16 gtk_len; 1324 1325 gtk_len = WPA_GET_BE16(key->key_length); 1326 maxkeylen = key_data_len; 1327 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1328 if (maxkeylen < 8) { 1329 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1330 "WPA: Too short maxkeylen (%lu)", 1331 (unsigned long) maxkeylen); 1332 return -1; 1333 } 1334 maxkeylen -= 8; 1335 } 1336 1337 if (gtk_len > maxkeylen || 1338 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1339 gtk_len, maxkeylen, 1340 &gd->key_rsc_len, &gd->alg)) 1341 return -1; 1342 1343 gd->gtk_len = gtk_len; 1344 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1345 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1346 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1347 #ifdef CONFIG_NO_RC4 1348 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1349 "WPA: RC4 not supported in the build"); 1350 return -1; 1351 #else /* CONFIG_NO_RC4 */ 1352 u8 ek[32]; 1353 if (key_data_len > sizeof(gd->gtk)) { 1354 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1355 "WPA: RC4 key data too long (%lu)", 1356 (unsigned long) key_data_len); 1357 return -1; 1358 } 1359 os_memcpy(ek, key->key_iv, 16); 1360 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1361 os_memcpy(gd->gtk, key_data, key_data_len); 1362 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1363 os_memset(ek, 0, sizeof(ek)); 1364 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1365 "WPA: RC4 failed"); 1366 return -1; 1367 } 1368 os_memset(ek, 0, sizeof(ek)); 1369 #endif /* CONFIG_NO_RC4 */ 1370 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1371 if (maxkeylen % 8) { 1372 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1373 "WPA: Unsupported AES-WRAP len %lu", 1374 (unsigned long) maxkeylen); 1375 return -1; 1376 } 1377 if (maxkeylen > sizeof(gd->gtk)) { 1378 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1379 "WPA: AES-WRAP key data " 1380 "too long (keydatalen=%lu maxkeylen=%lu)", 1381 (unsigned long) key_data_len, 1382 (unsigned long) maxkeylen); 1383 return -1; 1384 } 1385 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1386 key_data, gd->gtk)) { 1387 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1388 "WPA: AES unwrap failed - could not decrypt " 1389 "GTK"); 1390 return -1; 1391 } 1392 } else { 1393 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1394 "WPA: Unsupported key_info type %d", ver); 1395 return -1; 1396 } 1397 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1398 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1399 return 0; 1400 } 1401 1402 1403 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1404 const struct wpa_eapol_key *key, 1405 int ver, u16 key_info) 1406 { 1407 size_t mic_len, hdrlen, rlen; 1408 struct wpa_eapol_key *reply; 1409 struct wpa_eapol_key_192 *reply192; 1410 u8 *rbuf, *key_mic; 1411 1412 mic_len = wpa_mic_len(sm->key_mgmt); 1413 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1414 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1415 hdrlen, &rlen, (void *) &reply); 1416 if (rbuf == NULL) 1417 return -1; 1418 reply192 = (struct wpa_eapol_key_192 *) reply; 1419 1420 reply->type = (sm->proto == WPA_PROTO_RSN || 1421 sm->proto == WPA_PROTO_OSEN) ? 1422 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1423 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1424 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1425 WPA_PUT_BE16(reply->key_info, key_info); 1426 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1427 WPA_PUT_BE16(reply->key_length, 0); 1428 else 1429 os_memcpy(reply->key_length, key->key_length, 2); 1430 os_memcpy(reply->replay_counter, key->replay_counter, 1431 WPA_REPLAY_COUNTER_LEN); 1432 1433 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1434 if (mic_len == 24) 1435 WPA_PUT_BE16(reply192->key_data_length, 0); 1436 else 1437 WPA_PUT_BE16(reply->key_data_length, 0); 1438 1439 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1440 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid, 1441 ETH_P_EAPOL, rbuf, rlen, key_mic); 1442 1443 return 0; 1444 } 1445 1446 1447 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1448 const unsigned char *src_addr, 1449 const struct wpa_eapol_key *key, 1450 const u8 *key_data, 1451 size_t key_data_len, u16 ver) 1452 { 1453 u16 key_info; 1454 int rekey, ret; 1455 struct wpa_gtk_data gd; 1456 1457 if (!sm->msg_3_of_4_ok) { 1458 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1459 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1460 goto failed; 1461 } 1462 1463 os_memset(&gd, 0, sizeof(gd)); 1464 1465 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1466 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1467 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1468 1469 key_info = WPA_GET_BE16(key->key_info); 1470 1471 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1472 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1473 key_data_len, key_info, 1474 &gd); 1475 } else { 1476 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1477 key_data_len, 1478 key_info, ver, &gd); 1479 } 1480 1481 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1482 1483 if (ret) 1484 goto failed; 1485 1486 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1487 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1488 goto failed; 1489 os_memset(&gd, 0, sizeof(gd)); 1490 1491 if (rekey) { 1492 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying " 1493 "completed with " MACSTR " [GTK=%s]", 1494 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1495 wpa_sm_cancel_auth_timeout(sm); 1496 wpa_sm_set_state(sm, WPA_COMPLETED); 1497 } else { 1498 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1499 key_info & 1500 WPA_KEY_INFO_SECURE); 1501 } 1502 1503 wpa_sm_set_rekey_offload(sm); 1504 1505 return; 1506 1507 failed: 1508 os_memset(&gd, 0, sizeof(gd)); 1509 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1510 } 1511 1512 1513 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1514 struct wpa_eapol_key_192 *key, 1515 u16 ver, 1516 const u8 *buf, size_t len) 1517 { 1518 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1519 int ok = 0; 1520 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1521 1522 os_memcpy(mic, key->key_mic, mic_len); 1523 if (sm->tptk_set) { 1524 os_memset(key->key_mic, 0, mic_len); 1525 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1526 ver, buf, len, key->key_mic); 1527 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1528 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1529 "WPA: Invalid EAPOL-Key MIC " 1530 "when using TPTK - ignoring TPTK"); 1531 } else { 1532 ok = 1; 1533 sm->tptk_set = 0; 1534 sm->ptk_set = 1; 1535 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1536 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1537 } 1538 } 1539 1540 if (!ok && sm->ptk_set) { 1541 os_memset(key->key_mic, 0, mic_len); 1542 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1543 ver, buf, len, key->key_mic); 1544 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1545 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1546 "WPA: Invalid EAPOL-Key MIC - " 1547 "dropping packet"); 1548 return -1; 1549 } 1550 ok = 1; 1551 } 1552 1553 if (!ok) { 1554 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1555 "WPA: Could not verify EAPOL-Key MIC - " 1556 "dropping packet"); 1557 return -1; 1558 } 1559 1560 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1561 WPA_REPLAY_COUNTER_LEN); 1562 sm->rx_replay_counter_set = 1; 1563 return 0; 1564 } 1565 1566 1567 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1568 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1569 struct wpa_eapol_key *key, u16 ver, 1570 u8 *key_data, size_t *key_data_len) 1571 { 1572 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1573 key_data, *key_data_len); 1574 if (!sm->ptk_set) { 1575 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1576 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1577 "Data"); 1578 return -1; 1579 } 1580 1581 /* Decrypt key data here so that this operation does not need 1582 * to be implemented separately for each message type. */ 1583 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1584 #ifdef CONFIG_NO_RC4 1585 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1586 "WPA: RC4 not supported in the build"); 1587 return -1; 1588 #else /* CONFIG_NO_RC4 */ 1589 u8 ek[32]; 1590 os_memcpy(ek, key->key_iv, 16); 1591 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1592 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1593 os_memset(ek, 0, sizeof(ek)); 1594 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1595 "WPA: RC4 failed"); 1596 return -1; 1597 } 1598 os_memset(ek, 0, sizeof(ek)); 1599 #endif /* CONFIG_NO_RC4 */ 1600 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1601 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1602 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1603 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1604 u8 *buf; 1605 if (*key_data_len < 8 || *key_data_len % 8) { 1606 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1607 "WPA: Unsupported AES-WRAP len %u", 1608 (unsigned int) *key_data_len); 1609 return -1; 1610 } 1611 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1612 buf = os_malloc(*key_data_len); 1613 if (buf == NULL) { 1614 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1615 "WPA: No memory for AES-UNWRAP buffer"); 1616 return -1; 1617 } 1618 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1619 key_data, buf)) { 1620 os_free(buf); 1621 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1622 "WPA: AES unwrap failed - " 1623 "could not decrypt EAPOL-Key key data"); 1624 return -1; 1625 } 1626 os_memcpy(key_data, buf, *key_data_len); 1627 os_free(buf); 1628 WPA_PUT_BE16(key->key_data_length, *key_data_len); 1629 } else { 1630 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1631 "WPA: Unsupported key_info type %d", ver); 1632 return -1; 1633 } 1634 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1635 key_data, *key_data_len); 1636 return 0; 1637 } 1638 1639 1640 /** 1641 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1642 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1643 */ 1644 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1645 { 1646 if (sm && sm->cur_pmksa) { 1647 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1648 "RSN: Cancelling PMKSA caching attempt"); 1649 sm->cur_pmksa = NULL; 1650 } 1651 } 1652 1653 1654 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1655 const struct wpa_eapol_key *key, 1656 unsigned int key_data_len, 1657 const u8 *mic, unsigned int mic_len) 1658 { 1659 #ifndef CONFIG_NO_STDOUT_DEBUG 1660 u16 key_info = WPA_GET_BE16(key->key_info); 1661 1662 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1663 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1664 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1665 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1666 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1667 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1668 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1669 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1670 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1671 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1672 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1673 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1674 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1675 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1676 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1677 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1678 " key_length=%u key_data_length=%u", 1679 WPA_GET_BE16(key->key_length), key_data_len); 1680 wpa_hexdump(MSG_DEBUG, " replay_counter", 1681 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1682 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1683 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1684 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1685 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1686 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1687 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1688 } 1689 1690 1691 /** 1692 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1693 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1694 * @src_addr: Source MAC address of the EAPOL packet 1695 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1696 * @len: Length of the EAPOL frame 1697 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1698 * 1699 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1700 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1701 * only processing WPA and WPA2 EAPOL-Key frames. 1702 * 1703 * The received EAPOL-Key packets are validated and valid packets are replied 1704 * to. In addition, key material (PTK, GTK) is configured at the end of a 1705 * successful key handshake. 1706 */ 1707 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1708 const u8 *buf, size_t len) 1709 { 1710 size_t plen, data_len, key_data_len; 1711 const struct ieee802_1x_hdr *hdr; 1712 struct wpa_eapol_key *key; 1713 struct wpa_eapol_key_192 *key192; 1714 u16 key_info, ver; 1715 u8 *tmp = NULL; 1716 int ret = -1; 1717 struct wpa_peerkey *peerkey = NULL; 1718 u8 *key_data; 1719 size_t mic_len, keyhdrlen; 1720 1721 #ifdef CONFIG_IEEE80211R 1722 sm->ft_completed = 0; 1723 #endif /* CONFIG_IEEE80211R */ 1724 1725 mic_len = wpa_mic_len(sm->key_mgmt); 1726 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1727 1728 if (len < sizeof(*hdr) + keyhdrlen) { 1729 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1730 "WPA: EAPOL frame too short to be a WPA " 1731 "EAPOL-Key (len %lu, expecting at least %lu)", 1732 (unsigned long) len, 1733 (unsigned long) sizeof(*hdr) + keyhdrlen); 1734 return 0; 1735 } 1736 1737 hdr = (const struct ieee802_1x_hdr *) buf; 1738 plen = be_to_host16(hdr->length); 1739 data_len = plen + sizeof(*hdr); 1740 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1741 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1742 hdr->version, hdr->type, (unsigned long) plen); 1743 1744 if (hdr->version < EAPOL_VERSION) { 1745 /* TODO: backwards compatibility */ 1746 } 1747 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1748 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1749 "WPA: EAPOL frame (type %u) discarded, " 1750 "not a Key frame", hdr->type); 1751 ret = 0; 1752 goto out; 1753 } 1754 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1755 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1756 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1757 "WPA: EAPOL frame payload size %lu " 1758 "invalid (frame size %lu)", 1759 (unsigned long) plen, (unsigned long) len); 1760 ret = 0; 1761 goto out; 1762 } 1763 if (data_len < len) { 1764 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1765 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1766 (unsigned long) len - data_len); 1767 } 1768 1769 /* 1770 * Make a copy of the frame since we need to modify the buffer during 1771 * MAC validation and Key Data decryption. 1772 */ 1773 tmp = os_malloc(data_len); 1774 if (tmp == NULL) 1775 goto out; 1776 os_memcpy(tmp, buf, data_len); 1777 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1778 key192 = (struct wpa_eapol_key_192 *) 1779 (tmp + sizeof(struct ieee802_1x_hdr)); 1780 if (mic_len == 24) 1781 key_data = (u8 *) (key192 + 1); 1782 else 1783 key_data = (u8 *) (key + 1); 1784 1785 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1786 { 1787 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1788 "WPA: EAPOL-Key type (%d) unknown, discarded", 1789 key->type); 1790 ret = 0; 1791 goto out; 1792 } 1793 1794 if (mic_len == 24) 1795 key_data_len = WPA_GET_BE16(key192->key_data_length); 1796 else 1797 key_data_len = WPA_GET_BE16(key->key_data_length); 1798 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len); 1799 1800 if (key_data_len > plen - keyhdrlen) { 1801 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1802 "frame - key_data overflow (%u > %u)", 1803 (unsigned int) key_data_len, 1804 (unsigned int) (plen - keyhdrlen)); 1805 goto out; 1806 } 1807 1808 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1809 key_info = WPA_GET_BE16(key->key_info); 1810 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1811 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1812 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1813 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1814 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1815 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 1816 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1817 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 1818 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1819 "WPA: Unsupported EAPOL-Key descriptor version %d", 1820 ver); 1821 goto out; 1822 } 1823 1824 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 1825 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1826 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1827 "OSEN: Unsupported EAPOL-Key descriptor version %d", 1828 ver); 1829 goto out; 1830 } 1831 1832 if (wpa_key_mgmt_suite_b(sm->key_mgmt) && 1833 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1834 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1835 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 1836 ver); 1837 goto out; 1838 } 1839 1840 #ifdef CONFIG_IEEE80211R 1841 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1842 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1843 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1844 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1845 "FT: AP did not use AES-128-CMAC"); 1846 goto out; 1847 } 1848 } else 1849 #endif /* CONFIG_IEEE80211R */ 1850 #ifdef CONFIG_IEEE80211W 1851 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1852 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1853 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 1854 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1855 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1856 "WPA: AP did not use the " 1857 "negotiated AES-128-CMAC"); 1858 goto out; 1859 } 1860 } else 1861 #endif /* CONFIG_IEEE80211W */ 1862 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1863 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1864 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1865 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1866 "WPA: CCMP is used, but EAPOL-Key " 1867 "descriptor version (%d) is not 2", ver); 1868 if (sm->group_cipher != WPA_CIPHER_CCMP && 1869 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1870 /* Earlier versions of IEEE 802.11i did not explicitly 1871 * require version 2 descriptor for all EAPOL-Key 1872 * packets, so allow group keys to use version 1 if 1873 * CCMP is not used for them. */ 1874 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1875 "WPA: Backwards compatibility: allow invalid " 1876 "version for non-CCMP group keys"); 1877 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1878 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1879 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 1880 } else 1881 goto out; 1882 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 1883 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1884 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1885 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1886 "WPA: GCMP is used, but EAPOL-Key " 1887 "descriptor version (%d) is not 2", ver); 1888 goto out; 1889 } 1890 1891 #ifdef CONFIG_PEERKEY 1892 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1893 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1894 break; 1895 } 1896 1897 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1898 if (!peerkey->initiator && peerkey->replay_counter_set && 1899 os_memcmp(key->replay_counter, peerkey->replay_counter, 1900 WPA_REPLAY_COUNTER_LEN) <= 0) { 1901 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1902 "RSN: EAPOL-Key Replay Counter did not " 1903 "increase (STK) - dropping packet"); 1904 goto out; 1905 } else if (peerkey->initiator) { 1906 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1907 os_memcpy(_tmp, key->replay_counter, 1908 WPA_REPLAY_COUNTER_LEN); 1909 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1910 if (os_memcmp(_tmp, peerkey->replay_counter, 1911 WPA_REPLAY_COUNTER_LEN) != 0) { 1912 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1913 "RSN: EAPOL-Key Replay " 1914 "Counter did not match (STK) - " 1915 "dropping packet"); 1916 goto out; 1917 } 1918 } 1919 } 1920 1921 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1922 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1923 "RSN: Ack bit in key_info from STK peer"); 1924 goto out; 1925 } 1926 #endif /* CONFIG_PEERKEY */ 1927 1928 if (!peerkey && sm->rx_replay_counter_set && 1929 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1930 WPA_REPLAY_COUNTER_LEN) <= 0) { 1931 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1932 "WPA: EAPOL-Key Replay Counter did not increase - " 1933 "dropping packet"); 1934 goto out; 1935 } 1936 1937 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1938 #ifdef CONFIG_PEERKEY 1939 && (peerkey == NULL || !peerkey->initiator) 1940 #endif /* CONFIG_PEERKEY */ 1941 ) { 1942 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1943 "WPA: No Ack bit in key_info"); 1944 goto out; 1945 } 1946 1947 if (key_info & WPA_KEY_INFO_REQUEST) { 1948 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1949 "WPA: EAPOL-Key with Request bit - dropped"); 1950 goto out; 1951 } 1952 1953 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1954 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len)) 1955 goto out; 1956 1957 #ifdef CONFIG_PEERKEY 1958 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1959 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp, 1960 data_len)) 1961 goto out; 1962 #endif /* CONFIG_PEERKEY */ 1963 1964 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 1965 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1966 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, 1967 &key_data_len)) 1968 goto out; 1969 } 1970 1971 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1972 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1973 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1974 "WPA: Ignored EAPOL-Key (Pairwise) with " 1975 "non-zero key index"); 1976 goto out; 1977 } 1978 if (peerkey) { 1979 /* PeerKey 4-Way Handshake */ 1980 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 1981 key_data, key_data_len); 1982 } else if (key_info & WPA_KEY_INFO_MIC) { 1983 /* 3/4 4-Way Handshake */ 1984 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 1985 key_data_len); 1986 } else { 1987 /* 1/4 4-Way Handshake */ 1988 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1989 ver, key_data, 1990 key_data_len); 1991 } 1992 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1993 /* PeerKey SMK Handshake */ 1994 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info, 1995 ver); 1996 } else { 1997 if (key_info & WPA_KEY_INFO_MIC) { 1998 /* 1/2 Group Key Handshake */ 1999 wpa_supplicant_process_1_of_2(sm, src_addr, key, 2000 key_data, key_data_len, 2001 ver); 2002 } else { 2003 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2004 "WPA: EAPOL-Key (Group) without Mic bit - " 2005 "dropped"); 2006 } 2007 } 2008 2009 ret = 1; 2010 2011 out: 2012 bin_clear_free(tmp, data_len); 2013 return ret; 2014 } 2015 2016 2017 #ifdef CONFIG_CTRL_IFACE 2018 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 2019 { 2020 switch (sm->key_mgmt) { 2021 case WPA_KEY_MGMT_IEEE8021X: 2022 return ((sm->proto == WPA_PROTO_RSN || 2023 sm->proto == WPA_PROTO_OSEN) ? 2024 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2025 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2026 case WPA_KEY_MGMT_PSK: 2027 return (sm->proto == WPA_PROTO_RSN ? 2028 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2029 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2030 #ifdef CONFIG_IEEE80211R 2031 case WPA_KEY_MGMT_FT_IEEE8021X: 2032 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2033 case WPA_KEY_MGMT_FT_PSK: 2034 return RSN_AUTH_KEY_MGMT_FT_PSK; 2035 #endif /* CONFIG_IEEE80211R */ 2036 #ifdef CONFIG_IEEE80211W 2037 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2038 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2039 case WPA_KEY_MGMT_PSK_SHA256: 2040 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2041 #endif /* CONFIG_IEEE80211W */ 2042 case WPA_KEY_MGMT_CCKM: 2043 return (sm->proto == WPA_PROTO_RSN ? 2044 RSN_AUTH_KEY_MGMT_CCKM: 2045 WPA_AUTH_KEY_MGMT_CCKM); 2046 case WPA_KEY_MGMT_WPA_NONE: 2047 return WPA_AUTH_KEY_MGMT_NONE; 2048 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2049 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2050 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2051 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2052 default: 2053 return 0; 2054 } 2055 } 2056 2057 2058 #define RSN_SUITE "%02x-%02x-%02x-%d" 2059 #define RSN_SUITE_ARG(s) \ 2060 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2061 2062 /** 2063 * wpa_sm_get_mib - Dump text list of MIB entries 2064 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2065 * @buf: Buffer for the list 2066 * @buflen: Length of the buffer 2067 * Returns: Number of bytes written to buffer 2068 * 2069 * This function is used fetch dot11 MIB variables. 2070 */ 2071 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2072 { 2073 char pmkid_txt[PMKID_LEN * 2 + 1]; 2074 int rsna, ret; 2075 size_t len; 2076 2077 if (sm->cur_pmksa) { 2078 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2079 sm->cur_pmksa->pmkid, PMKID_LEN); 2080 } else 2081 pmkid_txt[0] = '\0'; 2082 2083 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2084 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2085 sm->proto == WPA_PROTO_RSN) 2086 rsna = 1; 2087 else 2088 rsna = 0; 2089 2090 ret = os_snprintf(buf, buflen, 2091 "dot11RSNAOptionImplemented=TRUE\n" 2092 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2093 "dot11RSNAEnabled=%s\n" 2094 "dot11RSNAPreauthenticationEnabled=%s\n" 2095 "dot11RSNAConfigVersion=%d\n" 2096 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2097 "dot11RSNAConfigGroupCipherSize=%d\n" 2098 "dot11RSNAConfigPMKLifetime=%d\n" 2099 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2100 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2101 "dot11RSNAConfigSATimeout=%d\n", 2102 rsna ? "TRUE" : "FALSE", 2103 rsna ? "TRUE" : "FALSE", 2104 RSN_VERSION, 2105 wpa_cipher_key_len(sm->group_cipher) * 8, 2106 sm->dot11RSNAConfigPMKLifetime, 2107 sm->dot11RSNAConfigPMKReauthThreshold, 2108 sm->dot11RSNAConfigSATimeout); 2109 if (os_snprintf_error(buflen, ret)) 2110 return 0; 2111 len = ret; 2112 2113 ret = os_snprintf( 2114 buf + len, buflen - len, 2115 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2116 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2117 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2118 "dot11RSNAPMKIDUsed=%s\n" 2119 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2120 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2121 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2122 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2123 "dot11RSNA4WayHandshakeFailures=%u\n", 2124 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2125 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2126 sm->pairwise_cipher)), 2127 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2128 sm->group_cipher)), 2129 pmkid_txt, 2130 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2131 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2132 sm->pairwise_cipher)), 2133 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2134 sm->group_cipher)), 2135 sm->dot11RSNA4WayHandshakeFailures); 2136 if (!os_snprintf_error(buflen - len, ret)) 2137 len += ret; 2138 2139 return (int) len; 2140 } 2141 #endif /* CONFIG_CTRL_IFACE */ 2142 2143 2144 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2145 void *ctx, enum pmksa_free_reason reason) 2146 { 2147 struct wpa_sm *sm = ctx; 2148 int deauth = 0; 2149 2150 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2151 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2152 2153 if (sm->cur_pmksa == entry) { 2154 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2155 "RSN: %s current PMKSA entry", 2156 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2157 pmksa_cache_clear_current(sm); 2158 2159 /* 2160 * If an entry is simply being replaced, there's no need to 2161 * deauthenticate because it will be immediately re-added. 2162 * This happens when EAP authentication is completed again 2163 * (reauth or failed PMKSA caching attempt). 2164 */ 2165 if (reason != PMKSA_REPLACE) 2166 deauth = 1; 2167 } 2168 2169 if (reason == PMKSA_EXPIRE && 2170 (sm->pmk_len == entry->pmk_len && 2171 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2172 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2173 "RSN: deauthenticating due to expired PMK"); 2174 pmksa_cache_clear_current(sm); 2175 deauth = 1; 2176 } 2177 2178 if (deauth) { 2179 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2180 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2181 } 2182 } 2183 2184 2185 /** 2186 * wpa_sm_init - Initialize WPA state machine 2187 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2188 * Returns: Pointer to the allocated WPA state machine data 2189 * 2190 * This function is used to allocate a new WPA state machine and the returned 2191 * value is passed to all WPA state machine calls. 2192 */ 2193 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2194 { 2195 struct wpa_sm *sm; 2196 2197 sm = os_zalloc(sizeof(*sm)); 2198 if (sm == NULL) 2199 return NULL; 2200 dl_list_init(&sm->pmksa_candidates); 2201 sm->renew_snonce = 1; 2202 sm->ctx = ctx; 2203 2204 sm->dot11RSNAConfigPMKLifetime = 43200; 2205 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2206 sm->dot11RSNAConfigSATimeout = 60; 2207 2208 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2209 if (sm->pmksa == NULL) { 2210 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2211 "RSN: PMKSA cache initialization failed"); 2212 os_free(sm); 2213 return NULL; 2214 } 2215 2216 return sm; 2217 } 2218 2219 2220 /** 2221 * wpa_sm_deinit - Deinitialize WPA state machine 2222 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2223 */ 2224 void wpa_sm_deinit(struct wpa_sm *sm) 2225 { 2226 if (sm == NULL) 2227 return; 2228 pmksa_cache_deinit(sm->pmksa); 2229 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2230 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2231 os_free(sm->assoc_wpa_ie); 2232 os_free(sm->ap_wpa_ie); 2233 os_free(sm->ap_rsn_ie); 2234 wpa_sm_drop_sa(sm); 2235 os_free(sm->ctx); 2236 peerkey_deinit(sm); 2237 #ifdef CONFIG_IEEE80211R 2238 os_free(sm->assoc_resp_ies); 2239 #endif /* CONFIG_IEEE80211R */ 2240 os_free(sm); 2241 } 2242 2243 2244 /** 2245 * wpa_sm_notify_assoc - Notify WPA state machine about association 2246 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2247 * @bssid: The BSSID of the new association 2248 * 2249 * This function is called to let WPA state machine know that the connection 2250 * was established. 2251 */ 2252 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2253 { 2254 int clear_ptk = 1; 2255 2256 if (sm == NULL) 2257 return; 2258 2259 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2260 "WPA: Association event - clear replay counter"); 2261 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2262 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2263 sm->rx_replay_counter_set = 0; 2264 sm->renew_snonce = 1; 2265 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2266 rsn_preauth_deinit(sm); 2267 2268 #ifdef CONFIG_IEEE80211R 2269 if (wpa_ft_is_completed(sm)) { 2270 /* 2271 * Clear portValid to kick EAPOL state machine to re-enter 2272 * AUTHENTICATED state to get the EAPOL port Authorized. 2273 */ 2274 eapol_sm_notify_portValid(sm->eapol, FALSE); 2275 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2276 2277 /* Prepare for the next transition */ 2278 wpa_ft_prepare_auth_request(sm, NULL); 2279 2280 clear_ptk = 0; 2281 } 2282 #endif /* CONFIG_IEEE80211R */ 2283 2284 if (clear_ptk) { 2285 /* 2286 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2287 * this is not part of a Fast BSS Transition. 2288 */ 2289 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2290 sm->ptk_set = 0; 2291 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2292 sm->tptk_set = 0; 2293 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2294 } 2295 2296 #ifdef CONFIG_TDLS 2297 wpa_tdls_assoc(sm); 2298 #endif /* CONFIG_TDLS */ 2299 2300 #ifdef CONFIG_P2P 2301 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2302 #endif /* CONFIG_P2P */ 2303 } 2304 2305 2306 /** 2307 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2308 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2309 * 2310 * This function is called to let WPA state machine know that the connection 2311 * was lost. This will abort any existing pre-authentication session. 2312 */ 2313 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2314 { 2315 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2316 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2317 peerkey_deinit(sm); 2318 rsn_preauth_deinit(sm); 2319 pmksa_cache_clear_current(sm); 2320 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2321 sm->dot11RSNA4WayHandshakeFailures++; 2322 #ifdef CONFIG_TDLS 2323 wpa_tdls_disassoc(sm); 2324 #endif /* CONFIG_TDLS */ 2325 2326 /* Keys are not needed in the WPA state machine anymore */ 2327 wpa_sm_drop_sa(sm); 2328 2329 sm->msg_3_of_4_ok = 0; 2330 } 2331 2332 2333 /** 2334 * wpa_sm_set_pmk - Set PMK 2335 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2336 * @pmk: The new PMK 2337 * @pmk_len: The length of the new PMK in bytes 2338 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2339 * 2340 * Configure the PMK for WPA state machine. 2341 */ 2342 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2343 const u8 *bssid) 2344 { 2345 if (sm == NULL) 2346 return; 2347 2348 sm->pmk_len = pmk_len; 2349 os_memcpy(sm->pmk, pmk, pmk_len); 2350 2351 #ifdef CONFIG_IEEE80211R 2352 /* Set XXKey to be PSK for FT key derivation */ 2353 sm->xxkey_len = pmk_len; 2354 os_memcpy(sm->xxkey, pmk, pmk_len); 2355 #endif /* CONFIG_IEEE80211R */ 2356 2357 if (bssid) { 2358 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0, 2359 bssid, sm->own_addr, 2360 sm->network_ctx, sm->key_mgmt); 2361 } 2362 } 2363 2364 2365 /** 2366 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2367 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2368 * 2369 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2370 * will be cleared. 2371 */ 2372 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2373 { 2374 if (sm == NULL) 2375 return; 2376 2377 if (sm->cur_pmksa) { 2378 sm->pmk_len = sm->cur_pmksa->pmk_len; 2379 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2380 } else { 2381 sm->pmk_len = PMK_LEN; 2382 os_memset(sm->pmk, 0, PMK_LEN); 2383 } 2384 } 2385 2386 2387 /** 2388 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2389 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2390 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2391 */ 2392 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2393 { 2394 if (sm) 2395 sm->fast_reauth = fast_reauth; 2396 } 2397 2398 2399 /** 2400 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2401 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2402 * @scard_ctx: Context pointer for smartcard related callback functions 2403 */ 2404 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2405 { 2406 if (sm == NULL) 2407 return; 2408 sm->scard_ctx = scard_ctx; 2409 if (sm->preauth_eapol) 2410 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2411 } 2412 2413 2414 /** 2415 * wpa_sm_set_config - Notification of current configration change 2416 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2417 * @config: Pointer to current network configuration 2418 * 2419 * Notify WPA state machine that configuration has changed. config will be 2420 * stored as a backpointer to network configuration. This can be %NULL to clear 2421 * the stored pointed. 2422 */ 2423 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2424 { 2425 if (!sm) 2426 return; 2427 2428 if (config) { 2429 sm->network_ctx = config->network_ctx; 2430 sm->peerkey_enabled = config->peerkey_enabled; 2431 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2432 sm->proactive_key_caching = config->proactive_key_caching; 2433 sm->eap_workaround = config->eap_workaround; 2434 sm->eap_conf_ctx = config->eap_conf_ctx; 2435 if (config->ssid) { 2436 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2437 sm->ssid_len = config->ssid_len; 2438 } else 2439 sm->ssid_len = 0; 2440 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2441 sm->p2p = config->p2p; 2442 } else { 2443 sm->network_ctx = NULL; 2444 sm->peerkey_enabled = 0; 2445 sm->allowed_pairwise_cipher = 0; 2446 sm->proactive_key_caching = 0; 2447 sm->eap_workaround = 0; 2448 sm->eap_conf_ctx = NULL; 2449 sm->ssid_len = 0; 2450 sm->wpa_ptk_rekey = 0; 2451 sm->p2p = 0; 2452 } 2453 } 2454 2455 2456 /** 2457 * wpa_sm_set_own_addr - Set own MAC address 2458 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2459 * @addr: Own MAC address 2460 */ 2461 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2462 { 2463 if (sm) 2464 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2465 } 2466 2467 2468 /** 2469 * wpa_sm_set_ifname - Set network interface name 2470 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2471 * @ifname: Interface name 2472 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2473 */ 2474 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2475 const char *bridge_ifname) 2476 { 2477 if (sm) { 2478 sm->ifname = ifname; 2479 sm->bridge_ifname = bridge_ifname; 2480 } 2481 } 2482 2483 2484 /** 2485 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2486 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2487 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2488 */ 2489 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2490 { 2491 if (sm) 2492 sm->eapol = eapol; 2493 } 2494 2495 2496 /** 2497 * wpa_sm_set_param - Set WPA state machine parameters 2498 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2499 * @param: Parameter field 2500 * @value: Parameter value 2501 * Returns: 0 on success, -1 on failure 2502 */ 2503 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2504 unsigned int value) 2505 { 2506 int ret = 0; 2507 2508 if (sm == NULL) 2509 return -1; 2510 2511 switch (param) { 2512 case RSNA_PMK_LIFETIME: 2513 if (value > 0) 2514 sm->dot11RSNAConfigPMKLifetime = value; 2515 else 2516 ret = -1; 2517 break; 2518 case RSNA_PMK_REAUTH_THRESHOLD: 2519 if (value > 0 && value <= 100) 2520 sm->dot11RSNAConfigPMKReauthThreshold = value; 2521 else 2522 ret = -1; 2523 break; 2524 case RSNA_SA_TIMEOUT: 2525 if (value > 0) 2526 sm->dot11RSNAConfigSATimeout = value; 2527 else 2528 ret = -1; 2529 break; 2530 case WPA_PARAM_PROTO: 2531 sm->proto = value; 2532 break; 2533 case WPA_PARAM_PAIRWISE: 2534 sm->pairwise_cipher = value; 2535 break; 2536 case WPA_PARAM_GROUP: 2537 sm->group_cipher = value; 2538 break; 2539 case WPA_PARAM_KEY_MGMT: 2540 sm->key_mgmt = value; 2541 break; 2542 #ifdef CONFIG_IEEE80211W 2543 case WPA_PARAM_MGMT_GROUP: 2544 sm->mgmt_group_cipher = value; 2545 break; 2546 #endif /* CONFIG_IEEE80211W */ 2547 case WPA_PARAM_RSN_ENABLED: 2548 sm->rsn_enabled = value; 2549 break; 2550 case WPA_PARAM_MFP: 2551 sm->mfp = value; 2552 break; 2553 default: 2554 break; 2555 } 2556 2557 return ret; 2558 } 2559 2560 2561 /** 2562 * wpa_sm_get_status - Get WPA state machine 2563 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2564 * @buf: Buffer for status information 2565 * @buflen: Maximum buffer length 2566 * @verbose: Whether to include verbose status information 2567 * Returns: Number of bytes written to buf. 2568 * 2569 * Query WPA state machine for status information. This function fills in 2570 * a text area with current status information. If the buffer (buf) is not 2571 * large enough, status information will be truncated to fit the buffer. 2572 */ 2573 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2574 int verbose) 2575 { 2576 char *pos = buf, *end = buf + buflen; 2577 int ret; 2578 2579 ret = os_snprintf(pos, end - pos, 2580 "pairwise_cipher=%s\n" 2581 "group_cipher=%s\n" 2582 "key_mgmt=%s\n", 2583 wpa_cipher_txt(sm->pairwise_cipher), 2584 wpa_cipher_txt(sm->group_cipher), 2585 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2586 if (os_snprintf_error(end - pos, ret)) 2587 return pos - buf; 2588 pos += ret; 2589 2590 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2591 struct wpa_ie_data rsn; 2592 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2593 >= 0 && 2594 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2595 WPA_CAPABILITY_MFPC)) { 2596 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2597 (rsn.capabilities & 2598 WPA_CAPABILITY_MFPR) ? 2 : 1); 2599 if (os_snprintf_error(end - pos, ret)) 2600 return pos - buf; 2601 pos += ret; 2602 } 2603 } 2604 2605 return pos - buf; 2606 } 2607 2608 2609 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2610 { 2611 struct wpa_ie_data rsn; 2612 2613 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2614 return 0; 2615 2616 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2617 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2618 return 1; 2619 2620 return 0; 2621 } 2622 2623 2624 /** 2625 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2626 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2627 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2628 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2629 * Returns: 0 on success, -1 on failure 2630 */ 2631 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2632 size_t *wpa_ie_len) 2633 { 2634 int res; 2635 2636 if (sm == NULL) 2637 return -1; 2638 2639 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2640 if (res < 0) 2641 return -1; 2642 *wpa_ie_len = res; 2643 2644 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2645 wpa_ie, *wpa_ie_len); 2646 2647 if (sm->assoc_wpa_ie == NULL) { 2648 /* 2649 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2650 * the correct version of the IE even if PMKSA caching is 2651 * aborted (which would remove PMKID from IE generation). 2652 */ 2653 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2654 if (sm->assoc_wpa_ie == NULL) 2655 return -1; 2656 2657 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2658 sm->assoc_wpa_ie_len = *wpa_ie_len; 2659 } 2660 2661 return 0; 2662 } 2663 2664 2665 /** 2666 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2667 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2668 * @ie: Pointer to IE data (starting from id) 2669 * @len: IE length 2670 * Returns: 0 on success, -1 on failure 2671 * 2672 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2673 * Request frame. The IE will be used to override the default value generated 2674 * with wpa_sm_set_assoc_wpa_ie_default(). 2675 */ 2676 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2677 { 2678 if (sm == NULL) 2679 return -1; 2680 2681 os_free(sm->assoc_wpa_ie); 2682 if (ie == NULL || len == 0) { 2683 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2684 "WPA: clearing own WPA/RSN IE"); 2685 sm->assoc_wpa_ie = NULL; 2686 sm->assoc_wpa_ie_len = 0; 2687 } else { 2688 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2689 sm->assoc_wpa_ie = os_malloc(len); 2690 if (sm->assoc_wpa_ie == NULL) 2691 return -1; 2692 2693 os_memcpy(sm->assoc_wpa_ie, ie, len); 2694 sm->assoc_wpa_ie_len = len; 2695 } 2696 2697 return 0; 2698 } 2699 2700 2701 /** 2702 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2703 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2704 * @ie: Pointer to IE data (starting from id) 2705 * @len: IE length 2706 * Returns: 0 on success, -1 on failure 2707 * 2708 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2709 * frame. 2710 */ 2711 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2712 { 2713 if (sm == NULL) 2714 return -1; 2715 2716 os_free(sm->ap_wpa_ie); 2717 if (ie == NULL || len == 0) { 2718 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2719 "WPA: clearing AP WPA IE"); 2720 sm->ap_wpa_ie = NULL; 2721 sm->ap_wpa_ie_len = 0; 2722 } else { 2723 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2724 sm->ap_wpa_ie = os_malloc(len); 2725 if (sm->ap_wpa_ie == NULL) 2726 return -1; 2727 2728 os_memcpy(sm->ap_wpa_ie, ie, len); 2729 sm->ap_wpa_ie_len = len; 2730 } 2731 2732 return 0; 2733 } 2734 2735 2736 /** 2737 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2738 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2739 * @ie: Pointer to IE data (starting from id) 2740 * @len: IE length 2741 * Returns: 0 on success, -1 on failure 2742 * 2743 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2744 * frame. 2745 */ 2746 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2747 { 2748 if (sm == NULL) 2749 return -1; 2750 2751 os_free(sm->ap_rsn_ie); 2752 if (ie == NULL || len == 0) { 2753 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2754 "WPA: clearing AP RSN IE"); 2755 sm->ap_rsn_ie = NULL; 2756 sm->ap_rsn_ie_len = 0; 2757 } else { 2758 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2759 sm->ap_rsn_ie = os_malloc(len); 2760 if (sm->ap_rsn_ie == NULL) 2761 return -1; 2762 2763 os_memcpy(sm->ap_rsn_ie, ie, len); 2764 sm->ap_rsn_ie_len = len; 2765 } 2766 2767 return 0; 2768 } 2769 2770 2771 /** 2772 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2773 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2774 * @data: Pointer to data area for parsing results 2775 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2776 * 2777 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2778 * parsed data into data. 2779 */ 2780 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2781 { 2782 if (sm == NULL) 2783 return -1; 2784 2785 if (sm->assoc_wpa_ie == NULL) { 2786 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2787 "WPA: No WPA/RSN IE available from association info"); 2788 return -1; 2789 } 2790 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2791 return -2; 2792 return 0; 2793 } 2794 2795 2796 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2797 { 2798 return pmksa_cache_list(sm->pmksa, buf, len); 2799 } 2800 2801 2802 void wpa_sm_drop_sa(struct wpa_sm *sm) 2803 { 2804 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2805 sm->ptk_set = 0; 2806 sm->tptk_set = 0; 2807 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2808 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2809 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2810 #ifdef CONFIG_IEEE80211R 2811 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2812 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2813 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2814 #endif /* CONFIG_IEEE80211R */ 2815 } 2816 2817 2818 int wpa_sm_has_ptk(struct wpa_sm *sm) 2819 { 2820 if (sm == NULL) 2821 return 0; 2822 return sm->ptk_set; 2823 } 2824 2825 2826 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2827 { 2828 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2829 } 2830 2831 2832 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2833 { 2834 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 2835 } 2836 2837 2838 #ifdef CONFIG_WNM 2839 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 2840 { 2841 u16 keyinfo; 2842 u8 keylen; /* plaintext key len */ 2843 u8 *key_rsc; 2844 2845 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 2846 struct wpa_gtk_data gd; 2847 2848 os_memset(&gd, 0, sizeof(gd)); 2849 keylen = wpa_cipher_key_len(sm->group_cipher); 2850 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 2851 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 2852 if (gd.alg == WPA_ALG_NONE) { 2853 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 2854 return -1; 2855 } 2856 2857 key_rsc = buf + 5; 2858 keyinfo = WPA_GET_LE16(buf + 2); 2859 gd.gtk_len = keylen; 2860 if (gd.gtk_len != buf[4]) { 2861 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 2862 gd.gtk_len, buf[4]); 2863 return -1; 2864 } 2865 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 2866 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 2867 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 2868 2869 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 2870 2871 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 2872 gd.gtk, gd.gtk_len); 2873 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { 2874 os_memset(&gd, 0, sizeof(gd)); 2875 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 2876 "WNM mode"); 2877 return -1; 2878 } 2879 os_memset(&gd, 0, sizeof(gd)); 2880 #ifdef CONFIG_IEEE80211W 2881 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 2882 struct wpa_igtk_kde igd; 2883 u16 keyidx; 2884 2885 os_memset(&igd, 0, sizeof(igd)); 2886 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); 2887 os_memcpy(igd.keyid, buf + 2, 2); 2888 os_memcpy(igd.pn, buf + 4, 6); 2889 2890 keyidx = WPA_GET_LE16(igd.keyid); 2891 os_memcpy(igd.igtk, buf + 10, keylen); 2892 2893 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", 2894 igd.igtk, keylen); 2895 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 2896 broadcast_ether_addr, 2897 keyidx, 0, igd.pn, sizeof(igd.pn), 2898 igd.igtk, keylen) < 0) { 2899 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " 2900 "WNM mode"); 2901 os_memset(&igd, 0, sizeof(igd)); 2902 return -1; 2903 } 2904 os_memset(&igd, 0, sizeof(igd)); 2905 #endif /* CONFIG_IEEE80211W */ 2906 } else { 2907 wpa_printf(MSG_DEBUG, "Unknown element id"); 2908 return -1; 2909 } 2910 2911 return 0; 2912 } 2913 #endif /* CONFIG_WNM */ 2914 2915 2916 #ifdef CONFIG_PEERKEY 2917 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 2918 const u8 *buf, size_t len) 2919 { 2920 struct wpa_peerkey *peerkey; 2921 2922 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2923 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2924 break; 2925 } 2926 2927 if (!peerkey) 2928 return 0; 2929 2930 wpa_sm_rx_eapol(sm, src_addr, buf, len); 2931 2932 return 1; 2933 } 2934 #endif /* CONFIG_PEERKEY */ 2935 2936 2937 #ifdef CONFIG_P2P 2938 2939 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 2940 { 2941 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 2942 return -1; 2943 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 2944 return 0; 2945 } 2946 2947 #endif /* CONFIG_P2P */ 2948 2949 2950 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 2951 { 2952 if (rx_replay_counter == NULL) 2953 return; 2954 2955 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 2956 WPA_REPLAY_COUNTER_LEN); 2957 sm->rx_replay_counter_set = 1; 2958 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 2959 } 2960 2961 2962 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 2963 const u8 *ptk_kck, size_t ptk_kck_len, 2964 const u8 *ptk_kek, size_t ptk_kek_len) 2965 { 2966 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 2967 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 2968 sm->ptk.kck_len = ptk_kck_len; 2969 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 2970 } 2971 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 2972 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 2973 sm->ptk.kek_len = ptk_kek_len; 2974 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 2975 } 2976 sm->ptk_set = 1; 2977 } 2978