1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * Copyright(c) 2015 Intel Deutschland GmbH 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "includes.h" 11 12 #include "common.h" 13 #include "crypto/aes_wrap.h" 14 #include "crypto/crypto.h" 15 #include "crypto/random.h" 16 #include "common/ieee802_11_defs.h" 17 #include "eapol_supp/eapol_supp_sm.h" 18 #include "wpa.h" 19 #include "eloop.h" 20 #include "preauth.h" 21 #include "pmksa_cache.h" 22 #include "wpa_i.h" 23 #include "wpa_ie.h" 24 #include "peerkey.h" 25 26 27 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 28 29 30 /** 31 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 32 * @sm: Pointer to WPA state machine data from wpa_sm_init() 33 * @kck: Key Confirmation Key (KCK, part of PTK) 34 * @kck_len: KCK length in octets 35 * @ver: Version field from Key Info 36 * @dest: Destination address for the frame 37 * @proto: Ethertype (usually ETH_P_EAPOL) 38 * @msg: EAPOL-Key message 39 * @msg_len: Length of message 40 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 41 * Returns: >= 0 on success, < 0 on failure 42 */ 43 int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, 44 int ver, const u8 *dest, u16 proto, 45 u8 *msg, size_t msg_len, u8 *key_mic) 46 { 47 int ret = -1; 48 size_t mic_len = wpa_mic_len(sm->key_mgmt); 49 50 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 51 /* 52 * Association event was not yet received; try to fetch 53 * BSSID from the driver. 54 */ 55 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 56 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 57 "WPA: Failed to read BSSID for " 58 "EAPOL-Key destination address"); 59 } else { 60 dest = sm->bssid; 61 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 62 "WPA: Use BSSID (" MACSTR 63 ") as the destination for EAPOL-Key", 64 MAC2STR(dest)); 65 } 66 } 67 if (key_mic && 68 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, 69 key_mic)) { 70 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 71 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 72 ver, sm->key_mgmt); 73 goto out; 74 } 75 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); 76 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len); 77 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 78 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 79 eapol_sm_notify_tx_eapol_key(sm->eapol); 80 out: 81 os_free(msg); 82 return ret; 83 } 84 85 86 /** 87 * wpa_sm_key_request - Send EAPOL-Key Request 88 * @sm: Pointer to WPA state machine data from wpa_sm_init() 89 * @error: Indicate whether this is an Michael MIC error report 90 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 91 * 92 * Send an EAPOL-Key Request to the current authenticator. This function is 93 * used to request rekeying and it is usually called when a local Michael MIC 94 * failure is detected. 95 */ 96 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 97 { 98 size_t mic_len, hdrlen, rlen; 99 struct wpa_eapol_key *reply; 100 struct wpa_eapol_key_192 *reply192; 101 int key_info, ver; 102 u8 bssid[ETH_ALEN], *rbuf, *key_mic; 103 104 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 105 wpa_key_mgmt_suite_b(sm->key_mgmt)) 106 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 107 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 108 wpa_key_mgmt_sha256(sm->key_mgmt)) 109 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 110 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 111 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 112 else 113 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 114 115 if (wpa_sm_get_bssid(sm, bssid) < 0) { 116 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 117 "Failed to read BSSID for EAPOL-Key request"); 118 return; 119 } 120 121 mic_len = wpa_mic_len(sm->key_mgmt); 122 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 123 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 124 hdrlen, &rlen, (void *) &reply); 125 if (rbuf == NULL) 126 return; 127 reply192 = (struct wpa_eapol_key_192 *) reply; 128 129 reply->type = (sm->proto == WPA_PROTO_RSN || 130 sm->proto == WPA_PROTO_OSEN) ? 131 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 132 key_info = WPA_KEY_INFO_REQUEST | ver; 133 if (sm->ptk_set) 134 key_info |= WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 135 if (error) 136 key_info |= WPA_KEY_INFO_ERROR; 137 if (pairwise) 138 key_info |= WPA_KEY_INFO_KEY_TYPE; 139 WPA_PUT_BE16(reply->key_info, key_info); 140 WPA_PUT_BE16(reply->key_length, 0); 141 os_memcpy(reply->replay_counter, sm->request_counter, 142 WPA_REPLAY_COUNTER_LEN); 143 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 144 145 if (mic_len == 24) 146 WPA_PUT_BE16(reply192->key_data_length, 0); 147 else 148 WPA_PUT_BE16(reply->key_data_length, 0); 149 if (!(key_info & WPA_KEY_INFO_MIC)) 150 key_mic = NULL; 151 else 152 key_mic = reply192->key_mic; /* same offset in reply */ 153 154 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 155 "WPA: Sending EAPOL-Key Request (error=%d " 156 "pairwise=%d ptk_set=%d len=%lu)", 157 error, pairwise, sm->ptk_set, (unsigned long) rlen); 158 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 159 ETH_P_EAPOL, rbuf, rlen, key_mic); 160 } 161 162 163 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 164 { 165 #ifdef CONFIG_IEEE80211R 166 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 167 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 168 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 169 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 170 } else { 171 #endif /* CONFIG_IEEE80211R */ 172 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 173 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 174 "RSN: Cannot set PMK for key management offload"); 175 #ifdef CONFIG_IEEE80211R 176 } 177 #endif /* CONFIG_IEEE80211R */ 178 } 179 180 181 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 182 const unsigned char *src_addr, 183 const u8 *pmkid) 184 { 185 int abort_cached = 0; 186 187 if (pmkid && !sm->cur_pmksa) { 188 /* When using drivers that generate RSN IE, wpa_supplicant may 189 * not have enough time to get the association information 190 * event before receiving this 1/4 message, so try to find a 191 * matching PMKSA cache entry here. */ 192 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 193 NULL); 194 if (sm->cur_pmksa) { 195 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 196 "RSN: found matching PMKID from PMKSA cache"); 197 } else { 198 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 199 "RSN: no matching PMKID found"); 200 abort_cached = 1; 201 } 202 } 203 204 if (pmkid && sm->cur_pmksa && 205 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 206 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 207 wpa_sm_set_pmk_from_pmksa(sm); 208 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 209 sm->pmk, sm->pmk_len); 210 eapol_sm_notify_cached(sm->eapol); 211 #ifdef CONFIG_IEEE80211R 212 sm->xxkey_len = 0; 213 #endif /* CONFIG_IEEE80211R */ 214 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 215 int res, pmk_len; 216 217 if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 218 pmk_len = PMK_LEN_SUITE_B_192; 219 else 220 pmk_len = PMK_LEN; 221 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len); 222 if (res) { 223 if (pmk_len == PMK_LEN) { 224 /* 225 * EAP-LEAP is an exception from other EAP 226 * methods: it uses only 16-byte PMK. 227 */ 228 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 229 pmk_len = 16; 230 } 231 } else { 232 #ifdef CONFIG_IEEE80211R 233 u8 buf[2 * PMK_LEN]; 234 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 235 { 236 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 237 sm->xxkey_len = PMK_LEN; 238 os_memset(buf, 0, sizeof(buf)); 239 } 240 #endif /* CONFIG_IEEE80211R */ 241 } 242 if (res == 0) { 243 struct rsn_pmksa_cache_entry *sa = NULL; 244 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 245 "machines", sm->pmk, pmk_len); 246 sm->pmk_len = pmk_len; 247 wpa_supplicant_key_mgmt_set_pmk(sm); 248 if (sm->proto == WPA_PROTO_RSN && 249 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 250 !wpa_key_mgmt_ft(sm->key_mgmt)) { 251 sa = pmksa_cache_add(sm->pmksa, 252 sm->pmk, pmk_len, NULL, 253 NULL, 0, 254 src_addr, sm->own_addr, 255 sm->network_ctx, 256 sm->key_mgmt); 257 } 258 if (!sm->cur_pmksa && pmkid && 259 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 260 { 261 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 262 "RSN: the new PMK matches with the " 263 "PMKID"); 264 abort_cached = 0; 265 } else if (sa && !sm->cur_pmksa && pmkid) { 266 /* 267 * It looks like the authentication server 268 * derived mismatching MSK. This should not 269 * really happen, but bugs happen.. There is not 270 * much we can do here without knowing what 271 * exactly caused the server to misbehave. 272 */ 273 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 274 "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); 275 return -1; 276 } 277 278 if (!sm->cur_pmksa) 279 sm->cur_pmksa = sa; 280 } else { 281 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 282 "WPA: Failed to get master session key from " 283 "EAPOL state machines - key handshake " 284 "aborted"); 285 if (sm->cur_pmksa) { 286 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 287 "RSN: Cancelled PMKSA caching " 288 "attempt"); 289 sm->cur_pmksa = NULL; 290 abort_cached = 1; 291 } else if (!abort_cached) { 292 return -1; 293 } 294 } 295 } 296 297 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 298 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 299 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 300 { 301 /* Send EAPOL-Start to trigger full EAP authentication. */ 302 u8 *buf; 303 size_t buflen; 304 305 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 306 "RSN: no PMKSA entry found - trigger " 307 "full EAP authentication"); 308 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 309 NULL, 0, &buflen, NULL); 310 if (buf) { 311 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 312 buf, buflen); 313 os_free(buf); 314 return -2; 315 } 316 317 return -1; 318 } 319 320 return 0; 321 } 322 323 324 /** 325 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 326 * @sm: Pointer to WPA state machine data from wpa_sm_init() 327 * @dst: Destination address for the frame 328 * @key: Pointer to the EAPOL-Key frame header 329 * @ver: Version bits from EAPOL-Key Key Info 330 * @nonce: Nonce value for the EAPOL-Key frame 331 * @wpa_ie: WPA/RSN IE 332 * @wpa_ie_len: Length of the WPA/RSN IE 333 * @ptk: PTK to use for keyed hash and encryption 334 * Returns: >= 0 on success, < 0 on failure 335 */ 336 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 337 const struct wpa_eapol_key *key, 338 int ver, const u8 *nonce, 339 const u8 *wpa_ie, size_t wpa_ie_len, 340 struct wpa_ptk *ptk) 341 { 342 size_t mic_len, hdrlen, rlen; 343 struct wpa_eapol_key *reply; 344 struct wpa_eapol_key_192 *reply192; 345 u8 *rbuf, *key_mic; 346 u8 *rsn_ie_buf = NULL; 347 348 if (wpa_ie == NULL) { 349 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 350 "cannot generate msg 2/4"); 351 return -1; 352 } 353 354 #ifdef CONFIG_IEEE80211R 355 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 356 int res; 357 358 /* 359 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 360 * FTIE from (Re)Association Response. 361 */ 362 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 363 sm->assoc_resp_ies_len); 364 if (rsn_ie_buf == NULL) 365 return -1; 366 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 367 res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len, 368 sm->pmk_r1_name); 369 if (res < 0) { 370 os_free(rsn_ie_buf); 371 return -1; 372 } 373 374 if (sm->assoc_resp_ies) { 375 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 376 sm->assoc_resp_ies_len); 377 wpa_ie_len += sm->assoc_resp_ies_len; 378 } 379 380 wpa_ie = rsn_ie_buf; 381 } 382 #endif /* CONFIG_IEEE80211R */ 383 384 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 385 386 mic_len = wpa_mic_len(sm->key_mgmt); 387 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 388 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 389 NULL, hdrlen + wpa_ie_len, 390 &rlen, (void *) &reply); 391 if (rbuf == NULL) { 392 os_free(rsn_ie_buf); 393 return -1; 394 } 395 reply192 = (struct wpa_eapol_key_192 *) reply; 396 397 reply->type = (sm->proto == WPA_PROTO_RSN || 398 sm->proto == WPA_PROTO_OSEN) ? 399 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 400 WPA_PUT_BE16(reply->key_info, 401 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 402 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 403 WPA_PUT_BE16(reply->key_length, 0); 404 else 405 os_memcpy(reply->key_length, key->key_length, 2); 406 os_memcpy(reply->replay_counter, key->replay_counter, 407 WPA_REPLAY_COUNTER_LEN); 408 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 409 WPA_REPLAY_COUNTER_LEN); 410 411 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 412 if (mic_len == 24) { 413 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len); 414 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len); 415 } else { 416 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 417 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 418 } 419 os_free(rsn_ie_buf); 420 421 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 422 423 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 424 return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, 425 ETH_P_EAPOL, rbuf, rlen, key_mic); 426 } 427 428 429 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 430 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 431 { 432 #ifdef CONFIG_IEEE80211R 433 if (wpa_key_mgmt_ft(sm->key_mgmt)) 434 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 435 #endif /* CONFIG_IEEE80211R */ 436 437 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 438 sm->own_addr, sm->bssid, sm->snonce, 439 key->key_nonce, ptk, sm->key_mgmt, 440 sm->pairwise_cipher); 441 } 442 443 444 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 445 const unsigned char *src_addr, 446 const struct wpa_eapol_key *key, 447 u16 ver, const u8 *key_data, 448 size_t key_data_len) 449 { 450 struct wpa_eapol_ie_parse ie; 451 struct wpa_ptk *ptk; 452 int res; 453 u8 *kde, *kde_buf = NULL; 454 size_t kde_len; 455 456 if (wpa_sm_get_network_ctx(sm) == NULL) { 457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 458 "found (msg 1 of 4)"); 459 return; 460 } 461 462 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 463 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 464 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 465 466 os_memset(&ie, 0, sizeof(ie)); 467 468 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 469 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 470 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 471 key_data, key_data_len); 472 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 473 goto failed; 474 if (ie.pmkid) { 475 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 476 "Authenticator", ie.pmkid, PMKID_LEN); 477 } 478 } 479 480 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 481 if (res == -2) { 482 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 483 "msg 1/4 - requesting full EAP authentication"); 484 return; 485 } 486 if (res) 487 goto failed; 488 489 if (sm->renew_snonce) { 490 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 491 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 492 "WPA: Failed to get random data for SNonce"); 493 goto failed; 494 } 495 sm->renew_snonce = 0; 496 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 497 sm->snonce, WPA_NONCE_LEN); 498 } 499 500 /* Calculate PTK which will be stored as a temporary PTK until it has 501 * been verified when processing message 3/4. */ 502 ptk = &sm->tptk; 503 wpa_derive_ptk(sm, src_addr, key, ptk); 504 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 505 u8 buf[8]; 506 /* Supplicant: swap tx/rx Mic keys */ 507 os_memcpy(buf, &ptk->tk[16], 8); 508 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 509 os_memcpy(&ptk->tk[24], buf, 8); 510 os_memset(buf, 0, sizeof(buf)); 511 } 512 sm->tptk_set = 1; 513 514 kde = sm->assoc_wpa_ie; 515 kde_len = sm->assoc_wpa_ie_len; 516 517 #ifdef CONFIG_P2P 518 if (sm->p2p) { 519 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 520 if (kde_buf) { 521 u8 *pos; 522 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 523 "into EAPOL-Key 2/4"); 524 os_memcpy(kde_buf, kde, kde_len); 525 kde = kde_buf; 526 pos = kde + kde_len; 527 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 528 *pos++ = RSN_SELECTOR_LEN + 1; 529 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 530 pos += RSN_SELECTOR_LEN; 531 *pos++ = 0x01; 532 kde_len = pos - kde; 533 } 534 } 535 #endif /* CONFIG_P2P */ 536 537 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 538 kde, kde_len, ptk) < 0) 539 goto failed; 540 541 os_free(kde_buf); 542 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 543 return; 544 545 failed: 546 os_free(kde_buf); 547 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 548 } 549 550 551 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 552 { 553 struct wpa_sm *sm = eloop_ctx; 554 rsn_preauth_candidate_process(sm); 555 } 556 557 558 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 559 const u8 *addr, int secure) 560 { 561 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 562 "WPA: Key negotiation completed with " 563 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 564 wpa_cipher_txt(sm->pairwise_cipher), 565 wpa_cipher_txt(sm->group_cipher)); 566 wpa_sm_cancel_auth_timeout(sm); 567 wpa_sm_set_state(sm, WPA_COMPLETED); 568 569 if (secure) { 570 wpa_sm_mlme_setprotection( 571 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 572 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 573 eapol_sm_notify_portValid(sm->eapol, TRUE); 574 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 575 eapol_sm_notify_eap_success(sm->eapol, TRUE); 576 /* 577 * Start preauthentication after a short wait to avoid a 578 * possible race condition between the data receive and key 579 * configuration after the 4-Way Handshake. This increases the 580 * likelihood of the first preauth EAPOL-Start frame getting to 581 * the target AP. 582 */ 583 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 584 } 585 586 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 587 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 588 "RSN: Authenticator accepted " 589 "opportunistic PMKSA entry - marking it valid"); 590 sm->cur_pmksa->opportunistic = 0; 591 } 592 593 #ifdef CONFIG_IEEE80211R 594 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 595 /* Prepare for the next transition */ 596 wpa_ft_prepare_auth_request(sm, NULL); 597 } 598 #endif /* CONFIG_IEEE80211R */ 599 } 600 601 602 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 603 { 604 struct wpa_sm *sm = eloop_ctx; 605 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 606 wpa_sm_key_request(sm, 0, 1); 607 } 608 609 610 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 611 const struct wpa_eapol_key *key) 612 { 613 int keylen, rsclen; 614 enum wpa_alg alg; 615 const u8 *key_rsc; 616 617 if (sm->ptk.installed) { 618 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 619 "WPA: Do not re-install same PTK to the driver"); 620 return 0; 621 } 622 623 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 624 "WPA: Installing PTK to the driver"); 625 626 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 627 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 628 "Suite: NONE - do not use pairwise keys"); 629 return 0; 630 } 631 632 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 633 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 634 "WPA: Unsupported pairwise cipher %d", 635 sm->pairwise_cipher); 636 return -1; 637 } 638 639 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 640 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 641 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 642 643 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 644 key_rsc = null_rsc; 645 } else { 646 key_rsc = key->key_rsc; 647 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 648 } 649 650 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 651 sm->ptk.tk, keylen) < 0) { 652 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 653 "WPA: Failed to set PTK to the " 654 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 655 alg, keylen, MAC2STR(sm->bssid)); 656 return -1; 657 } 658 659 /* TK is not needed anymore in supplicant */ 660 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 661 sm->ptk.installed = 1; 662 663 if (sm->wpa_ptk_rekey) { 664 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 665 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 666 sm, NULL); 667 } 668 669 return 0; 670 } 671 672 673 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 674 int group_cipher, 675 int keylen, int maxkeylen, 676 int *key_rsc_len, 677 enum wpa_alg *alg) 678 { 679 int klen; 680 681 *alg = wpa_cipher_to_alg(group_cipher); 682 if (*alg == WPA_ALG_NONE) { 683 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 684 "WPA: Unsupported Group Cipher %d", 685 group_cipher); 686 return -1; 687 } 688 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 689 690 klen = wpa_cipher_key_len(group_cipher); 691 if (keylen != klen || maxkeylen < klen) { 692 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 693 "WPA: Unsupported %s Group Cipher key length %d (%d)", 694 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 695 return -1; 696 } 697 return 0; 698 } 699 700 701 struct wpa_gtk_data { 702 enum wpa_alg alg; 703 int tx, key_rsc_len, keyidx; 704 u8 gtk[32]; 705 int gtk_len; 706 }; 707 708 709 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 710 const struct wpa_gtk_data *gd, 711 const u8 *key_rsc, int wnm_sleep) 712 { 713 const u8 *_gtk = gd->gtk; 714 u8 gtk_buf[32]; 715 716 /* Detect possible key reinstallation */ 717 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && 718 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || 719 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && 720 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, 721 sm->gtk_wnm_sleep.gtk_len) == 0)) { 722 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 723 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", 724 gd->keyidx, gd->tx, gd->gtk_len); 725 return 0; 726 } 727 728 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 729 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 730 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 731 gd->keyidx, gd->tx, gd->gtk_len); 732 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 733 if (sm->group_cipher == WPA_CIPHER_TKIP) { 734 /* Swap Tx/Rx keys for Michael MIC */ 735 os_memcpy(gtk_buf, gd->gtk, 16); 736 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 737 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 738 _gtk = gtk_buf; 739 } 740 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 741 if (wpa_sm_set_key(sm, gd->alg, NULL, 742 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 743 _gtk, gd->gtk_len) < 0) { 744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 745 "WPA: Failed to set GTK to the driver " 746 "(Group only)"); 747 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 748 return -1; 749 } 750 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 751 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 752 _gtk, gd->gtk_len) < 0) { 753 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 754 "WPA: Failed to set GTK to " 755 "the driver (alg=%d keylen=%d keyidx=%d)", 756 gd->alg, gd->gtk_len, gd->keyidx); 757 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 758 return -1; 759 } 760 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 761 762 if (wnm_sleep) { 763 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; 764 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, 765 sm->gtk_wnm_sleep.gtk_len); 766 } else { 767 sm->gtk.gtk_len = gd->gtk_len; 768 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 769 } 770 771 return 0; 772 } 773 774 775 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 776 int tx) 777 { 778 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 779 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 780 * seemed to set this bit (incorrectly, since Tx is only when 781 * doing Group Key only APs) and without this workaround, the 782 * data connection does not work because wpa_supplicant 783 * configured non-zero keyidx to be used for unicast. */ 784 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 785 "WPA: Tx bit set for GTK, but pairwise " 786 "keys are used - ignore Tx bit"); 787 return 0; 788 } 789 return tx; 790 } 791 792 793 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, 794 const u8 *rsc) 795 { 796 int rsclen; 797 798 if (!sm->wpa_rsc_relaxation) 799 return 0; 800 801 rsclen = wpa_cipher_rsc_len(sm->group_cipher); 802 803 /* 804 * Try to detect RSC (endian) corruption issue where the AP sends 805 * the RSC bytes in EAPOL-Key message in the wrong order, both if 806 * it's actually a 6-byte field (as it should be) and if it treats 807 * it as an 8-byte field. 808 * An AP model known to have this bug is the Sapido RB-1632. 809 */ 810 if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) { 811 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 812 "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0", 813 rsc[0], rsc[1], rsc[2], rsc[3], 814 rsc[4], rsc[5], rsc[6], rsc[7]); 815 816 return 1; 817 } 818 819 return 0; 820 } 821 822 823 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 824 const struct wpa_eapol_key *key, 825 const u8 *gtk, size_t gtk_len, 826 int key_info) 827 { 828 struct wpa_gtk_data gd; 829 const u8 *key_rsc; 830 831 /* 832 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 833 * GTK KDE format: 834 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 835 * Reserved [bits 0-7] 836 * GTK 837 */ 838 839 os_memset(&gd, 0, sizeof(gd)); 840 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 841 gtk, gtk_len); 842 843 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 844 return -1; 845 846 gd.keyidx = gtk[0] & 0x3; 847 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 848 !!(gtk[0] & BIT(2))); 849 gtk += 2; 850 gtk_len -= 2; 851 852 os_memcpy(gd.gtk, gtk, gtk_len); 853 gd.gtk_len = gtk_len; 854 855 key_rsc = key->key_rsc; 856 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 857 key_rsc = null_rsc; 858 859 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 860 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 861 gtk_len, gtk_len, 862 &gd.key_rsc_len, &gd.alg) || 863 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { 864 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 865 "RSN: Failed to install GTK"); 866 os_memset(&gd, 0, sizeof(gd)); 867 return -1; 868 } 869 os_memset(&gd, 0, sizeof(gd)); 870 871 wpa_supplicant_key_neg_complete(sm, sm->bssid, 872 key_info & WPA_KEY_INFO_SECURE); 873 return 0; 874 } 875 876 877 #ifdef CONFIG_IEEE80211W 878 static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 879 const struct wpa_igtk_kde *igtk, 880 int wnm_sleep) 881 { 882 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); 883 u16 keyidx = WPA_GET_LE16(igtk->keyid); 884 885 /* Detect possible key reinstallation */ 886 if ((sm->igtk.igtk_len == len && 887 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || 888 (sm->igtk_wnm_sleep.igtk_len == len && 889 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, 890 sm->igtk_wnm_sleep.igtk_len) == 0)) { 891 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 892 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", 893 keyidx); 894 return 0; 895 } 896 897 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 898 "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", 899 keyidx, MAC2STR(igtk->pn)); 900 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); 901 if (keyidx > 4095) { 902 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 903 "WPA: Invalid IGTK KeyID %d", keyidx); 904 return -1; 905 } 906 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 907 broadcast_ether_addr, 908 keyidx, 0, igtk->pn, sizeof(igtk->pn), 909 igtk->igtk, len) < 0) { 910 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 911 "WPA: Failed to configure IGTK to the driver"); 912 return -1; 913 } 914 915 if (wnm_sleep) { 916 sm->igtk_wnm_sleep.igtk_len = len; 917 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, 918 sm->igtk_wnm_sleep.igtk_len); 919 } else { 920 sm->igtk.igtk_len = len; 921 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 922 } 923 924 return 0; 925 } 926 #endif /* CONFIG_IEEE80211W */ 927 928 929 static int ieee80211w_set_keys(struct wpa_sm *sm, 930 struct wpa_eapol_ie_parse *ie) 931 { 932 #ifdef CONFIG_IEEE80211W 933 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 934 return 0; 935 936 if (ie->igtk) { 937 size_t len; 938 const struct wpa_igtk_kde *igtk; 939 940 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 941 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 942 return -1; 943 944 igtk = (const struct wpa_igtk_kde *) ie->igtk; 945 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) 946 return -1; 947 } 948 949 return 0; 950 #else /* CONFIG_IEEE80211W */ 951 return 0; 952 #endif /* CONFIG_IEEE80211W */ 953 } 954 955 956 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 957 const char *reason, const u8 *src_addr, 958 const u8 *wpa_ie, size_t wpa_ie_len, 959 const u8 *rsn_ie, size_t rsn_ie_len) 960 { 961 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 962 reason, MAC2STR(src_addr)); 963 964 if (sm->ap_wpa_ie) { 965 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 966 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 967 } 968 if (wpa_ie) { 969 if (!sm->ap_wpa_ie) { 970 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 971 "WPA: No WPA IE in Beacon/ProbeResp"); 972 } 973 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 974 wpa_ie, wpa_ie_len); 975 } 976 977 if (sm->ap_rsn_ie) { 978 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 979 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 980 } 981 if (rsn_ie) { 982 if (!sm->ap_rsn_ie) { 983 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 984 "WPA: No RSN IE in Beacon/ProbeResp"); 985 } 986 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 987 rsn_ie, rsn_ie_len); 988 } 989 990 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 991 } 992 993 994 #ifdef CONFIG_IEEE80211R 995 996 static int ft_validate_mdie(struct wpa_sm *sm, 997 const unsigned char *src_addr, 998 struct wpa_eapol_ie_parse *ie, 999 const u8 *assoc_resp_mdie) 1000 { 1001 struct rsn_mdie *mdie; 1002 1003 mdie = (struct rsn_mdie *) (ie->mdie + 2); 1004 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 1005 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 1006 MOBILITY_DOMAIN_ID_LEN) != 0) { 1007 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 1008 "not match with the current mobility domain"); 1009 return -1; 1010 } 1011 1012 if (assoc_resp_mdie && 1013 (assoc_resp_mdie[1] != ie->mdie[1] || 1014 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 1015 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 1016 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 1017 ie->mdie, 2 + ie->mdie[1]); 1018 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 1019 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 1020 return -1; 1021 } 1022 1023 return 0; 1024 } 1025 1026 1027 static int ft_validate_ftie(struct wpa_sm *sm, 1028 const unsigned char *src_addr, 1029 struct wpa_eapol_ie_parse *ie, 1030 const u8 *assoc_resp_ftie) 1031 { 1032 if (ie->ftie == NULL) { 1033 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1034 "FT: No FTIE in EAPOL-Key msg 3/4"); 1035 return -1; 1036 } 1037 1038 if (assoc_resp_ftie == NULL) 1039 return 0; 1040 1041 if (assoc_resp_ftie[1] != ie->ftie[1] || 1042 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 1043 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 1044 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 1045 ie->ftie, 2 + ie->ftie[1]); 1046 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 1047 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 1048 return -1; 1049 } 1050 1051 return 0; 1052 } 1053 1054 1055 static int ft_validate_rsnie(struct wpa_sm *sm, 1056 const unsigned char *src_addr, 1057 struct wpa_eapol_ie_parse *ie) 1058 { 1059 struct wpa_ie_data rsn; 1060 1061 if (!ie->rsn_ie) 1062 return 0; 1063 1064 /* 1065 * Verify that PMKR1Name from EAPOL-Key message 3/4 1066 * matches with the value we derived. 1067 */ 1068 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 1069 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 1070 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 1071 "FT 4-way handshake message 3/4"); 1072 return -1; 1073 } 1074 1075 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 1076 { 1077 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1078 "FT: PMKR1Name mismatch in " 1079 "FT 4-way handshake message 3/4"); 1080 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 1081 rsn.pmkid, WPA_PMK_NAME_LEN); 1082 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1083 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1084 return -1; 1085 } 1086 1087 return 0; 1088 } 1089 1090 1091 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 1092 const unsigned char *src_addr, 1093 struct wpa_eapol_ie_parse *ie) 1094 { 1095 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 1096 1097 if (sm->assoc_resp_ies) { 1098 pos = sm->assoc_resp_ies; 1099 end = pos + sm->assoc_resp_ies_len; 1100 while (end - pos > 2) { 1101 if (2 + pos[1] > end - pos) 1102 break; 1103 switch (*pos) { 1104 case WLAN_EID_MOBILITY_DOMAIN: 1105 mdie = pos; 1106 break; 1107 case WLAN_EID_FAST_BSS_TRANSITION: 1108 ftie = pos; 1109 break; 1110 } 1111 pos += 2 + pos[1]; 1112 } 1113 } 1114 1115 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 1116 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 1117 ft_validate_rsnie(sm, src_addr, ie) < 0) 1118 return -1; 1119 1120 return 0; 1121 } 1122 1123 #endif /* CONFIG_IEEE80211R */ 1124 1125 1126 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1127 const unsigned char *src_addr, 1128 struct wpa_eapol_ie_parse *ie) 1129 { 1130 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1131 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1132 "WPA: No WPA/RSN IE for this AP known. " 1133 "Trying to get from scan results"); 1134 if (wpa_sm_get_beacon_ie(sm) < 0) { 1135 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1136 "WPA: Could not find AP from " 1137 "the scan results"); 1138 } else { 1139 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1140 "WPA: Found the current AP from " 1141 "updated scan results"); 1142 } 1143 } 1144 1145 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1146 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1147 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1148 "with IE in Beacon/ProbeResp (no IE?)", 1149 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1150 ie->rsn_ie, ie->rsn_ie_len); 1151 return -1; 1152 } 1153 1154 if ((ie->wpa_ie && sm->ap_wpa_ie && 1155 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1156 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1157 (ie->rsn_ie && sm->ap_rsn_ie && 1158 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1159 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1160 ie->rsn_ie, ie->rsn_ie_len))) { 1161 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1162 "with IE in Beacon/ProbeResp", 1163 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1164 ie->rsn_ie, ie->rsn_ie_len); 1165 return -1; 1166 } 1167 1168 if (sm->proto == WPA_PROTO_WPA && 1169 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1170 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1171 "detected - RSN was enabled and RSN IE " 1172 "was in msg 3/4, but not in " 1173 "Beacon/ProbeResp", 1174 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1175 ie->rsn_ie, ie->rsn_ie_len); 1176 return -1; 1177 } 1178 1179 #ifdef CONFIG_IEEE80211R 1180 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1181 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1182 return -1; 1183 #endif /* CONFIG_IEEE80211R */ 1184 1185 return 0; 1186 } 1187 1188 1189 /** 1190 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1191 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1192 * @dst: Destination address for the frame 1193 * @key: Pointer to the EAPOL-Key frame header 1194 * @ver: Version bits from EAPOL-Key Key Info 1195 * @key_info: Key Info 1196 * @ptk: PTK to use for keyed hash and encryption 1197 * Returns: >= 0 on success, < 0 on failure 1198 */ 1199 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1200 const struct wpa_eapol_key *key, 1201 u16 ver, u16 key_info, 1202 struct wpa_ptk *ptk) 1203 { 1204 size_t mic_len, hdrlen, rlen; 1205 struct wpa_eapol_key *reply; 1206 struct wpa_eapol_key_192 *reply192; 1207 u8 *rbuf, *key_mic; 1208 1209 mic_len = wpa_mic_len(sm->key_mgmt); 1210 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1211 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1212 hdrlen, &rlen, (void *) &reply); 1213 if (rbuf == NULL) 1214 return -1; 1215 reply192 = (struct wpa_eapol_key_192 *) reply; 1216 1217 reply->type = (sm->proto == WPA_PROTO_RSN || 1218 sm->proto == WPA_PROTO_OSEN) ? 1219 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1220 key_info &= WPA_KEY_INFO_SECURE; 1221 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1222 WPA_PUT_BE16(reply->key_info, key_info); 1223 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1224 WPA_PUT_BE16(reply->key_length, 0); 1225 else 1226 os_memcpy(reply->key_length, key->key_length, 2); 1227 os_memcpy(reply->replay_counter, key->replay_counter, 1228 WPA_REPLAY_COUNTER_LEN); 1229 1230 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1231 if (mic_len == 24) 1232 WPA_PUT_BE16(reply192->key_data_length, 0); 1233 else 1234 WPA_PUT_BE16(reply->key_data_length, 0); 1235 1236 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1237 return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, 1238 ETH_P_EAPOL, rbuf, rlen, key_mic); 1239 } 1240 1241 1242 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1243 const struct wpa_eapol_key *key, 1244 u16 ver, const u8 *key_data, 1245 size_t key_data_len) 1246 { 1247 u16 key_info, keylen; 1248 struct wpa_eapol_ie_parse ie; 1249 1250 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1251 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1252 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1253 1254 key_info = WPA_GET_BE16(key->key_info); 1255 1256 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1257 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1258 goto failed; 1259 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1260 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1261 "WPA: GTK IE in unencrypted key data"); 1262 goto failed; 1263 } 1264 #ifdef CONFIG_IEEE80211W 1265 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1266 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1267 "WPA: IGTK KDE in unencrypted key data"); 1268 goto failed; 1269 } 1270 1271 if (ie.igtk && 1272 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1273 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1274 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1275 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1276 "WPA: Invalid IGTK KDE length %lu", 1277 (unsigned long) ie.igtk_len); 1278 goto failed; 1279 } 1280 #endif /* CONFIG_IEEE80211W */ 1281 1282 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1283 goto failed; 1284 1285 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1286 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1287 "WPA: ANonce from message 1 of 4-Way Handshake " 1288 "differs from 3 of 4-Way Handshake - drop packet (src=" 1289 MACSTR ")", MAC2STR(sm->bssid)); 1290 goto failed; 1291 } 1292 1293 keylen = WPA_GET_BE16(key->key_length); 1294 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1295 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1296 "WPA: Invalid %s key length %d (src=" MACSTR 1297 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1298 MAC2STR(sm->bssid)); 1299 goto failed; 1300 } 1301 1302 #ifdef CONFIG_P2P 1303 if (ie.ip_addr_alloc) { 1304 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1305 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1306 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1307 } 1308 #endif /* CONFIG_P2P */ 1309 1310 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1311 &sm->ptk) < 0) { 1312 goto failed; 1313 } 1314 1315 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1316 * for the next 4-Way Handshake. If msg 3 is received again, the old 1317 * SNonce will still be used to avoid changing PTK. */ 1318 sm->renew_snonce = 1; 1319 1320 if (key_info & WPA_KEY_INFO_INSTALL) { 1321 if (wpa_supplicant_install_ptk(sm, key)) 1322 goto failed; 1323 } 1324 1325 if (key_info & WPA_KEY_INFO_SECURE) { 1326 wpa_sm_mlme_setprotection( 1327 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1328 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1329 eapol_sm_notify_portValid(sm->eapol, TRUE); 1330 } 1331 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1332 1333 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1334 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1335 key_info & WPA_KEY_INFO_SECURE); 1336 } else if (ie.gtk && 1337 wpa_supplicant_pairwise_gtk(sm, key, 1338 ie.gtk, ie.gtk_len, key_info) < 0) { 1339 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1340 "RSN: Failed to configure GTK"); 1341 goto failed; 1342 } 1343 1344 if (ieee80211w_set_keys(sm, &ie) < 0) { 1345 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1346 "RSN: Failed to configure IGTK"); 1347 goto failed; 1348 } 1349 1350 if (ie.gtk) 1351 wpa_sm_set_rekey_offload(sm); 1352 1353 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1354 struct rsn_pmksa_cache_entry *sa; 1355 1356 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, 1357 sm->ptk.kck, sm->ptk.kck_len, 1358 sm->bssid, sm->own_addr, 1359 sm->network_ctx, sm->key_mgmt); 1360 if (!sm->cur_pmksa) 1361 sm->cur_pmksa = sa; 1362 } 1363 1364 sm->msg_3_of_4_ok = 1; 1365 return; 1366 1367 failed: 1368 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1369 } 1370 1371 1372 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1373 const u8 *keydata, 1374 size_t keydatalen, 1375 u16 key_info, 1376 struct wpa_gtk_data *gd) 1377 { 1378 int maxkeylen; 1379 struct wpa_eapol_ie_parse ie; 1380 1381 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1382 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1383 return -1; 1384 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1385 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1386 "WPA: GTK IE in unencrypted key data"); 1387 return -1; 1388 } 1389 if (ie.gtk == NULL) { 1390 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1391 "WPA: No GTK IE in Group Key msg 1/2"); 1392 return -1; 1393 } 1394 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1395 1396 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1397 gd->gtk_len, maxkeylen, 1398 &gd->key_rsc_len, &gd->alg)) 1399 return -1; 1400 1401 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", 1402 ie.gtk, ie.gtk_len); 1403 gd->keyidx = ie.gtk[0] & 0x3; 1404 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1405 !!(ie.gtk[0] & BIT(2))); 1406 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1407 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1408 "RSN: Too long GTK in GTK IE (len=%lu)", 1409 (unsigned long) ie.gtk_len - 2); 1410 return -1; 1411 } 1412 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1413 1414 if (ieee80211w_set_keys(sm, &ie) < 0) 1415 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1416 "RSN: Failed to configure IGTK"); 1417 1418 return 0; 1419 } 1420 1421 1422 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1423 const struct wpa_eapol_key *key, 1424 const u8 *key_data, 1425 size_t key_data_len, u16 key_info, 1426 u16 ver, struct wpa_gtk_data *gd) 1427 { 1428 size_t maxkeylen; 1429 u16 gtk_len; 1430 1431 gtk_len = WPA_GET_BE16(key->key_length); 1432 maxkeylen = key_data_len; 1433 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1434 if (maxkeylen < 8) { 1435 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1436 "WPA: Too short maxkeylen (%lu)", 1437 (unsigned long) maxkeylen); 1438 return -1; 1439 } 1440 maxkeylen -= 8; 1441 } 1442 1443 if (gtk_len > maxkeylen || 1444 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1445 gtk_len, maxkeylen, 1446 &gd->key_rsc_len, &gd->alg)) 1447 return -1; 1448 1449 gd->gtk_len = gtk_len; 1450 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1451 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1452 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1453 #ifdef CONFIG_NO_RC4 1454 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1455 "WPA: RC4 not supported in the build"); 1456 return -1; 1457 #else /* CONFIG_NO_RC4 */ 1458 u8 ek[32]; 1459 if (key_data_len > sizeof(gd->gtk)) { 1460 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1461 "WPA: RC4 key data too long (%lu)", 1462 (unsigned long) key_data_len); 1463 return -1; 1464 } 1465 os_memcpy(ek, key->key_iv, 16); 1466 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1467 os_memcpy(gd->gtk, key_data, key_data_len); 1468 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1469 os_memset(ek, 0, sizeof(ek)); 1470 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1471 "WPA: RC4 failed"); 1472 return -1; 1473 } 1474 os_memset(ek, 0, sizeof(ek)); 1475 #endif /* CONFIG_NO_RC4 */ 1476 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1477 if (maxkeylen % 8) { 1478 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1479 "WPA: Unsupported AES-WRAP len %lu", 1480 (unsigned long) maxkeylen); 1481 return -1; 1482 } 1483 if (maxkeylen > sizeof(gd->gtk)) { 1484 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1485 "WPA: AES-WRAP key data " 1486 "too long (keydatalen=%lu maxkeylen=%lu)", 1487 (unsigned long) key_data_len, 1488 (unsigned long) maxkeylen); 1489 return -1; 1490 } 1491 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1492 key_data, gd->gtk)) { 1493 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1494 "WPA: AES unwrap failed - could not decrypt " 1495 "GTK"); 1496 return -1; 1497 } 1498 } else { 1499 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1500 "WPA: Unsupported key_info type %d", ver); 1501 return -1; 1502 } 1503 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1504 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1505 return 0; 1506 } 1507 1508 1509 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1510 const struct wpa_eapol_key *key, 1511 int ver, u16 key_info) 1512 { 1513 size_t mic_len, hdrlen, rlen; 1514 struct wpa_eapol_key *reply; 1515 struct wpa_eapol_key_192 *reply192; 1516 u8 *rbuf, *key_mic; 1517 1518 mic_len = wpa_mic_len(sm->key_mgmt); 1519 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1520 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1521 hdrlen, &rlen, (void *) &reply); 1522 if (rbuf == NULL) 1523 return -1; 1524 reply192 = (struct wpa_eapol_key_192 *) reply; 1525 1526 reply->type = (sm->proto == WPA_PROTO_RSN || 1527 sm->proto == WPA_PROTO_OSEN) ? 1528 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1529 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1530 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1531 WPA_PUT_BE16(reply->key_info, key_info); 1532 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1533 WPA_PUT_BE16(reply->key_length, 0); 1534 else 1535 os_memcpy(reply->key_length, key->key_length, 2); 1536 os_memcpy(reply->replay_counter, key->replay_counter, 1537 WPA_REPLAY_COUNTER_LEN); 1538 1539 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1540 if (mic_len == 24) 1541 WPA_PUT_BE16(reply192->key_data_length, 0); 1542 else 1543 WPA_PUT_BE16(reply->key_data_length, 0); 1544 1545 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1546 return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, 1547 sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic); 1548 } 1549 1550 1551 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1552 const unsigned char *src_addr, 1553 const struct wpa_eapol_key *key, 1554 const u8 *key_data, 1555 size_t key_data_len, u16 ver) 1556 { 1557 u16 key_info; 1558 int rekey, ret; 1559 struct wpa_gtk_data gd; 1560 const u8 *key_rsc; 1561 1562 if (!sm->msg_3_of_4_ok) { 1563 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1564 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1565 goto failed; 1566 } 1567 1568 os_memset(&gd, 0, sizeof(gd)); 1569 1570 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1571 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1572 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1573 1574 key_info = WPA_GET_BE16(key->key_info); 1575 1576 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1577 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1578 key_data_len, key_info, 1579 &gd); 1580 } else { 1581 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1582 key_data_len, 1583 key_info, ver, &gd); 1584 } 1585 1586 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1587 1588 if (ret) 1589 goto failed; 1590 1591 key_rsc = key->key_rsc; 1592 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 1593 key_rsc = null_rsc; 1594 1595 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || 1596 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) 1597 goto failed; 1598 os_memset(&gd, 0, sizeof(gd)); 1599 1600 if (rekey) { 1601 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1602 "completed with " MACSTR " [GTK=%s]", 1603 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1604 wpa_sm_cancel_auth_timeout(sm); 1605 wpa_sm_set_state(sm, WPA_COMPLETED); 1606 } else { 1607 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1608 key_info & 1609 WPA_KEY_INFO_SECURE); 1610 } 1611 1612 wpa_sm_set_rekey_offload(sm); 1613 1614 return; 1615 1616 failed: 1617 os_memset(&gd, 0, sizeof(gd)); 1618 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1619 } 1620 1621 1622 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1623 struct wpa_eapol_key_192 *key, 1624 u16 ver, 1625 const u8 *buf, size_t len) 1626 { 1627 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1628 int ok = 0; 1629 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1630 1631 os_memcpy(mic, key->key_mic, mic_len); 1632 if (sm->tptk_set) { 1633 os_memset(key->key_mic, 0, mic_len); 1634 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1635 ver, buf, len, key->key_mic); 1636 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1637 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1638 "WPA: Invalid EAPOL-Key MIC " 1639 "when using TPTK - ignoring TPTK"); 1640 } else { 1641 ok = 1; 1642 sm->tptk_set = 0; 1643 sm->ptk_set = 1; 1644 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1645 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1646 } 1647 } 1648 1649 if (!ok && sm->ptk_set) { 1650 os_memset(key->key_mic, 0, mic_len); 1651 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1652 ver, buf, len, key->key_mic); 1653 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1654 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1655 "WPA: Invalid EAPOL-Key MIC - " 1656 "dropping packet"); 1657 return -1; 1658 } 1659 ok = 1; 1660 } 1661 1662 if (!ok) { 1663 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1664 "WPA: Could not verify EAPOL-Key MIC - " 1665 "dropping packet"); 1666 return -1; 1667 } 1668 1669 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1670 WPA_REPLAY_COUNTER_LEN); 1671 sm->rx_replay_counter_set = 1; 1672 return 0; 1673 } 1674 1675 1676 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1677 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1678 struct wpa_eapol_key *key, u16 ver, 1679 u8 *key_data, size_t *key_data_len) 1680 { 1681 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1682 key_data, *key_data_len); 1683 if (!sm->ptk_set) { 1684 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1685 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1686 "Data"); 1687 return -1; 1688 } 1689 1690 /* Decrypt key data here so that this operation does not need 1691 * to be implemented separately for each message type. */ 1692 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1693 #ifdef CONFIG_NO_RC4 1694 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1695 "WPA: RC4 not supported in the build"); 1696 return -1; 1697 #else /* CONFIG_NO_RC4 */ 1698 u8 ek[32]; 1699 os_memcpy(ek, key->key_iv, 16); 1700 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1701 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1702 os_memset(ek, 0, sizeof(ek)); 1703 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1704 "WPA: RC4 failed"); 1705 return -1; 1706 } 1707 os_memset(ek, 0, sizeof(ek)); 1708 #endif /* CONFIG_NO_RC4 */ 1709 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1710 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1711 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1712 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1713 u8 *buf; 1714 if (*key_data_len < 8 || *key_data_len % 8) { 1715 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1716 "WPA: Unsupported AES-WRAP len %u", 1717 (unsigned int) *key_data_len); 1718 return -1; 1719 } 1720 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1721 buf = os_malloc(*key_data_len); 1722 if (buf == NULL) { 1723 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1724 "WPA: No memory for AES-UNWRAP buffer"); 1725 return -1; 1726 } 1727 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1728 key_data, buf)) { 1729 bin_clear_free(buf, *key_data_len); 1730 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1731 "WPA: AES unwrap failed - " 1732 "could not decrypt EAPOL-Key key data"); 1733 return -1; 1734 } 1735 os_memcpy(key_data, buf, *key_data_len); 1736 bin_clear_free(buf, *key_data_len); 1737 WPA_PUT_BE16(key->key_data_length, *key_data_len); 1738 } else { 1739 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1740 "WPA: Unsupported key_info type %d", ver); 1741 return -1; 1742 } 1743 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1744 key_data, *key_data_len); 1745 return 0; 1746 } 1747 1748 1749 /** 1750 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1751 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1752 */ 1753 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1754 { 1755 if (sm && sm->cur_pmksa) { 1756 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1757 "RSN: Cancelling PMKSA caching attempt"); 1758 sm->cur_pmksa = NULL; 1759 } 1760 } 1761 1762 1763 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1764 const struct wpa_eapol_key *key, 1765 unsigned int key_data_len, 1766 const u8 *mic, unsigned int mic_len) 1767 { 1768 #ifndef CONFIG_NO_STDOUT_DEBUG 1769 u16 key_info = WPA_GET_BE16(key->key_info); 1770 1771 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1772 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1773 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1774 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1775 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1776 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1777 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1778 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1779 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1780 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1781 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1782 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1783 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1784 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1785 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1786 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1787 " key_length=%u key_data_length=%u", 1788 WPA_GET_BE16(key->key_length), key_data_len); 1789 wpa_hexdump(MSG_DEBUG, " replay_counter", 1790 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1791 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1792 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1793 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1794 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1795 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1796 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1797 } 1798 1799 1800 /** 1801 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1802 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1803 * @src_addr: Source MAC address of the EAPOL packet 1804 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1805 * @len: Length of the EAPOL frame 1806 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1807 * 1808 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1809 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1810 * only processing WPA and WPA2 EAPOL-Key frames. 1811 * 1812 * The received EAPOL-Key packets are validated and valid packets are replied 1813 * to. In addition, key material (PTK, GTK) is configured at the end of a 1814 * successful key handshake. 1815 */ 1816 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1817 const u8 *buf, size_t len) 1818 { 1819 size_t plen, data_len, key_data_len; 1820 const struct ieee802_1x_hdr *hdr; 1821 struct wpa_eapol_key *key; 1822 struct wpa_eapol_key_192 *key192; 1823 u16 key_info, ver; 1824 u8 *tmp = NULL; 1825 int ret = -1; 1826 struct wpa_peerkey *peerkey = NULL; 1827 u8 *key_data; 1828 size_t mic_len, keyhdrlen; 1829 1830 #ifdef CONFIG_IEEE80211R 1831 sm->ft_completed = 0; 1832 #endif /* CONFIG_IEEE80211R */ 1833 1834 mic_len = wpa_mic_len(sm->key_mgmt); 1835 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1836 1837 if (len < sizeof(*hdr) + keyhdrlen) { 1838 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1839 "WPA: EAPOL frame too short to be a WPA " 1840 "EAPOL-Key (len %lu, expecting at least %lu)", 1841 (unsigned long) len, 1842 (unsigned long) sizeof(*hdr) + keyhdrlen); 1843 return 0; 1844 } 1845 1846 hdr = (const struct ieee802_1x_hdr *) buf; 1847 plen = be_to_host16(hdr->length); 1848 data_len = plen + sizeof(*hdr); 1849 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1850 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1851 hdr->version, hdr->type, (unsigned long) plen); 1852 1853 if (hdr->version < EAPOL_VERSION) { 1854 /* TODO: backwards compatibility */ 1855 } 1856 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1857 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1858 "WPA: EAPOL frame (type %u) discarded, " 1859 "not a Key frame", hdr->type); 1860 ret = 0; 1861 goto out; 1862 } 1863 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1864 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1865 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1866 "WPA: EAPOL frame payload size %lu " 1867 "invalid (frame size %lu)", 1868 (unsigned long) plen, (unsigned long) len); 1869 ret = 0; 1870 goto out; 1871 } 1872 if (data_len < len) { 1873 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1874 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1875 (unsigned long) len - data_len); 1876 } 1877 1878 /* 1879 * Make a copy of the frame since we need to modify the buffer during 1880 * MAC validation and Key Data decryption. 1881 */ 1882 tmp = os_malloc(data_len); 1883 if (tmp == NULL) 1884 goto out; 1885 os_memcpy(tmp, buf, data_len); 1886 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1887 key192 = (struct wpa_eapol_key_192 *) 1888 (tmp + sizeof(struct ieee802_1x_hdr)); 1889 if (mic_len == 24) 1890 key_data = (u8 *) (key192 + 1); 1891 else 1892 key_data = (u8 *) (key + 1); 1893 1894 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1895 { 1896 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1897 "WPA: EAPOL-Key type (%d) unknown, discarded", 1898 key->type); 1899 ret = 0; 1900 goto out; 1901 } 1902 1903 if (mic_len == 24) 1904 key_data_len = WPA_GET_BE16(key192->key_data_length); 1905 else 1906 key_data_len = WPA_GET_BE16(key->key_data_length); 1907 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len); 1908 1909 if (key_data_len > plen - keyhdrlen) { 1910 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1911 "frame - key_data overflow (%u > %u)", 1912 (unsigned int) key_data_len, 1913 (unsigned int) (plen - keyhdrlen)); 1914 goto out; 1915 } 1916 1917 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1918 key_info = WPA_GET_BE16(key->key_info); 1919 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1920 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1921 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1922 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1923 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1924 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 1925 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1926 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 1927 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1928 "WPA: Unsupported EAPOL-Key descriptor version %d", 1929 ver); 1930 goto out; 1931 } 1932 1933 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 1934 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1935 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1936 "OSEN: Unsupported EAPOL-Key descriptor version %d", 1937 ver); 1938 goto out; 1939 } 1940 1941 if (wpa_key_mgmt_suite_b(sm->key_mgmt) && 1942 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1943 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1944 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 1945 ver); 1946 goto out; 1947 } 1948 1949 #ifdef CONFIG_IEEE80211R 1950 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1951 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1952 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1953 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1954 "FT: AP did not use AES-128-CMAC"); 1955 goto out; 1956 } 1957 } else 1958 #endif /* CONFIG_IEEE80211R */ 1959 #ifdef CONFIG_IEEE80211W 1960 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1961 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1962 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 1963 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1964 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1965 "WPA: AP did not use the " 1966 "negotiated AES-128-CMAC"); 1967 goto out; 1968 } 1969 } else 1970 #endif /* CONFIG_IEEE80211W */ 1971 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1972 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1973 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1974 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1975 "WPA: CCMP is used, but EAPOL-Key " 1976 "descriptor version (%d) is not 2", ver); 1977 if (sm->group_cipher != WPA_CIPHER_CCMP && 1978 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1979 /* Earlier versions of IEEE 802.11i did not explicitly 1980 * require version 2 descriptor for all EAPOL-Key 1981 * packets, so allow group keys to use version 1 if 1982 * CCMP is not used for them. */ 1983 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1984 "WPA: Backwards compatibility: allow invalid " 1985 "version for non-CCMP group keys"); 1986 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1987 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1988 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 1989 } else 1990 goto out; 1991 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 1992 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1993 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1994 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1995 "WPA: GCMP is used, but EAPOL-Key " 1996 "descriptor version (%d) is not 2", ver); 1997 goto out; 1998 } 1999 2000 #ifdef CONFIG_PEERKEY 2001 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2002 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2003 break; 2004 } 2005 2006 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 2007 if (!peerkey->initiator && peerkey->replay_counter_set && 2008 os_memcmp(key->replay_counter, peerkey->replay_counter, 2009 WPA_REPLAY_COUNTER_LEN) <= 0) { 2010 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2011 "RSN: EAPOL-Key Replay Counter did not " 2012 "increase (STK) - dropping packet"); 2013 goto out; 2014 } else if (peerkey->initiator) { 2015 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 2016 os_memcpy(_tmp, key->replay_counter, 2017 WPA_REPLAY_COUNTER_LEN); 2018 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 2019 if (os_memcmp(_tmp, peerkey->replay_counter, 2020 WPA_REPLAY_COUNTER_LEN) != 0) { 2021 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2022 "RSN: EAPOL-Key Replay " 2023 "Counter did not match (STK) - " 2024 "dropping packet"); 2025 goto out; 2026 } 2027 } 2028 } 2029 2030 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 2031 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2032 "RSN: Ack bit in key_info from STK peer"); 2033 goto out; 2034 } 2035 #endif /* CONFIG_PEERKEY */ 2036 2037 if (!peerkey && sm->rx_replay_counter_set && 2038 os_memcmp(key->replay_counter, sm->rx_replay_counter, 2039 WPA_REPLAY_COUNTER_LEN) <= 0) { 2040 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2041 "WPA: EAPOL-Key Replay Counter did not increase - " 2042 "dropping packet"); 2043 goto out; 2044 } 2045 2046 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 2047 #ifdef CONFIG_PEERKEY 2048 && (peerkey == NULL || !peerkey->initiator) 2049 #endif /* CONFIG_PEERKEY */ 2050 ) { 2051 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2052 "WPA: No Ack bit in key_info"); 2053 goto out; 2054 } 2055 2056 if (key_info & WPA_KEY_INFO_REQUEST) { 2057 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2058 "WPA: EAPOL-Key with Request bit - dropped"); 2059 goto out; 2060 } 2061 2062 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 2063 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len)) 2064 goto out; 2065 2066 #ifdef CONFIG_PEERKEY 2067 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 2068 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp, 2069 data_len)) 2070 goto out; 2071 #endif /* CONFIG_PEERKEY */ 2072 2073 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 2074 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 2075 /* 2076 * Only decrypt the Key Data field if the frame's authenticity 2077 * was verified. When using AES-SIV (FILS), the MIC flag is not 2078 * set, so this check should only be performed if mic_len != 0 2079 * which is the case in this code branch. 2080 */ 2081 if (!(key_info & WPA_KEY_INFO_MIC)) { 2082 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2083 "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); 2084 goto out; 2085 } 2086 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, 2087 &key_data_len)) 2088 goto out; 2089 } 2090 2091 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 2092 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 2093 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2094 "WPA: Ignored EAPOL-Key (Pairwise) with " 2095 "non-zero key index"); 2096 goto out; 2097 } 2098 if (peerkey) { 2099 /* PeerKey 4-Way Handshake */ 2100 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 2101 key_data, key_data_len); 2102 } else if (key_info & WPA_KEY_INFO_MIC) { 2103 /* 3/4 4-Way Handshake */ 2104 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 2105 key_data_len); 2106 } else { 2107 /* 1/4 4-Way Handshake */ 2108 wpa_supplicant_process_1_of_4(sm, src_addr, key, 2109 ver, key_data, 2110 key_data_len); 2111 } 2112 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 2113 /* PeerKey SMK Handshake */ 2114 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info, 2115 ver); 2116 } else { 2117 if (key_info & WPA_KEY_INFO_MIC) { 2118 /* 1/2 Group Key Handshake */ 2119 wpa_supplicant_process_1_of_2(sm, src_addr, key, 2120 key_data, key_data_len, 2121 ver); 2122 } else { 2123 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2124 "WPA: EAPOL-Key (Group) without Mic bit - " 2125 "dropped"); 2126 } 2127 } 2128 2129 ret = 1; 2130 2131 out: 2132 bin_clear_free(tmp, data_len); 2133 return ret; 2134 } 2135 2136 2137 #ifdef CONFIG_CTRL_IFACE 2138 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 2139 { 2140 switch (sm->key_mgmt) { 2141 case WPA_KEY_MGMT_IEEE8021X: 2142 return ((sm->proto == WPA_PROTO_RSN || 2143 sm->proto == WPA_PROTO_OSEN) ? 2144 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2145 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2146 case WPA_KEY_MGMT_PSK: 2147 return (sm->proto == WPA_PROTO_RSN ? 2148 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2149 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2150 #ifdef CONFIG_IEEE80211R 2151 case WPA_KEY_MGMT_FT_IEEE8021X: 2152 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2153 case WPA_KEY_MGMT_FT_PSK: 2154 return RSN_AUTH_KEY_MGMT_FT_PSK; 2155 #endif /* CONFIG_IEEE80211R */ 2156 #ifdef CONFIG_IEEE80211W 2157 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2158 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2159 case WPA_KEY_MGMT_PSK_SHA256: 2160 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2161 #endif /* CONFIG_IEEE80211W */ 2162 case WPA_KEY_MGMT_CCKM: 2163 return (sm->proto == WPA_PROTO_RSN ? 2164 RSN_AUTH_KEY_MGMT_CCKM: 2165 WPA_AUTH_KEY_MGMT_CCKM); 2166 case WPA_KEY_MGMT_WPA_NONE: 2167 return WPA_AUTH_KEY_MGMT_NONE; 2168 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2169 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2170 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2171 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2172 default: 2173 return 0; 2174 } 2175 } 2176 2177 2178 #define RSN_SUITE "%02x-%02x-%02x-%d" 2179 #define RSN_SUITE_ARG(s) \ 2180 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2181 2182 /** 2183 * wpa_sm_get_mib - Dump text list of MIB entries 2184 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2185 * @buf: Buffer for the list 2186 * @buflen: Length of the buffer 2187 * Returns: Number of bytes written to buffer 2188 * 2189 * This function is used fetch dot11 MIB variables. 2190 */ 2191 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2192 { 2193 char pmkid_txt[PMKID_LEN * 2 + 1]; 2194 int rsna, ret; 2195 size_t len; 2196 2197 if (sm->cur_pmksa) { 2198 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2199 sm->cur_pmksa->pmkid, PMKID_LEN); 2200 } else 2201 pmkid_txt[0] = '\0'; 2202 2203 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2204 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2205 sm->proto == WPA_PROTO_RSN) 2206 rsna = 1; 2207 else 2208 rsna = 0; 2209 2210 ret = os_snprintf(buf, buflen, 2211 "dot11RSNAOptionImplemented=TRUE\n" 2212 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2213 "dot11RSNAEnabled=%s\n" 2214 "dot11RSNAPreauthenticationEnabled=%s\n" 2215 "dot11RSNAConfigVersion=%d\n" 2216 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2217 "dot11RSNAConfigGroupCipherSize=%d\n" 2218 "dot11RSNAConfigPMKLifetime=%d\n" 2219 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2220 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2221 "dot11RSNAConfigSATimeout=%d\n", 2222 rsna ? "TRUE" : "FALSE", 2223 rsna ? "TRUE" : "FALSE", 2224 RSN_VERSION, 2225 wpa_cipher_key_len(sm->group_cipher) * 8, 2226 sm->dot11RSNAConfigPMKLifetime, 2227 sm->dot11RSNAConfigPMKReauthThreshold, 2228 sm->dot11RSNAConfigSATimeout); 2229 if (os_snprintf_error(buflen, ret)) 2230 return 0; 2231 len = ret; 2232 2233 ret = os_snprintf( 2234 buf + len, buflen - len, 2235 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2236 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2237 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2238 "dot11RSNAPMKIDUsed=%s\n" 2239 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2240 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2241 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2242 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2243 "dot11RSNA4WayHandshakeFailures=%u\n", 2244 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2245 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2246 sm->pairwise_cipher)), 2247 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2248 sm->group_cipher)), 2249 pmkid_txt, 2250 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2251 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2252 sm->pairwise_cipher)), 2253 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2254 sm->group_cipher)), 2255 sm->dot11RSNA4WayHandshakeFailures); 2256 if (!os_snprintf_error(buflen - len, ret)) 2257 len += ret; 2258 2259 return (int) len; 2260 } 2261 #endif /* CONFIG_CTRL_IFACE */ 2262 2263 2264 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2265 void *ctx, enum pmksa_free_reason reason) 2266 { 2267 struct wpa_sm *sm = ctx; 2268 int deauth = 0; 2269 2270 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2271 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2272 2273 if (sm->cur_pmksa == entry) { 2274 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2275 "RSN: %s current PMKSA entry", 2276 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2277 pmksa_cache_clear_current(sm); 2278 2279 /* 2280 * If an entry is simply being replaced, there's no need to 2281 * deauthenticate because it will be immediately re-added. 2282 * This happens when EAP authentication is completed again 2283 * (reauth or failed PMKSA caching attempt). 2284 */ 2285 if (reason != PMKSA_REPLACE) 2286 deauth = 1; 2287 } 2288 2289 if (reason == PMKSA_EXPIRE && 2290 (sm->pmk_len == entry->pmk_len && 2291 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2292 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2293 "RSN: deauthenticating due to expired PMK"); 2294 pmksa_cache_clear_current(sm); 2295 deauth = 1; 2296 } 2297 2298 if (deauth) { 2299 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2300 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2301 } 2302 } 2303 2304 2305 /** 2306 * wpa_sm_init - Initialize WPA state machine 2307 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2308 * Returns: Pointer to the allocated WPA state machine data 2309 * 2310 * This function is used to allocate a new WPA state machine and the returned 2311 * value is passed to all WPA state machine calls. 2312 */ 2313 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2314 { 2315 struct wpa_sm *sm; 2316 2317 sm = os_zalloc(sizeof(*sm)); 2318 if (sm == NULL) 2319 return NULL; 2320 dl_list_init(&sm->pmksa_candidates); 2321 sm->renew_snonce = 1; 2322 sm->ctx = ctx; 2323 2324 sm->dot11RSNAConfigPMKLifetime = 43200; 2325 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2326 sm->dot11RSNAConfigSATimeout = 60; 2327 2328 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2329 if (sm->pmksa == NULL) { 2330 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2331 "RSN: PMKSA cache initialization failed"); 2332 os_free(sm); 2333 return NULL; 2334 } 2335 2336 return sm; 2337 } 2338 2339 2340 /** 2341 * wpa_sm_deinit - Deinitialize WPA state machine 2342 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2343 */ 2344 void wpa_sm_deinit(struct wpa_sm *sm) 2345 { 2346 if (sm == NULL) 2347 return; 2348 pmksa_cache_deinit(sm->pmksa); 2349 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2350 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2351 os_free(sm->assoc_wpa_ie); 2352 os_free(sm->ap_wpa_ie); 2353 os_free(sm->ap_rsn_ie); 2354 wpa_sm_drop_sa(sm); 2355 os_free(sm->ctx); 2356 peerkey_deinit(sm); 2357 #ifdef CONFIG_IEEE80211R 2358 os_free(sm->assoc_resp_ies); 2359 #endif /* CONFIG_IEEE80211R */ 2360 #ifdef CONFIG_TESTING_OPTIONS 2361 wpabuf_free(sm->test_assoc_ie); 2362 #endif /* CONFIG_TESTING_OPTIONS */ 2363 os_free(sm); 2364 } 2365 2366 2367 /** 2368 * wpa_sm_notify_assoc - Notify WPA state machine about association 2369 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2370 * @bssid: The BSSID of the new association 2371 * 2372 * This function is called to let WPA state machine know that the connection 2373 * was established. 2374 */ 2375 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2376 { 2377 int clear_keys = 1; 2378 2379 if (sm == NULL) 2380 return; 2381 2382 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2383 "WPA: Association event - clear replay counter"); 2384 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2385 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2386 sm->rx_replay_counter_set = 0; 2387 sm->renew_snonce = 1; 2388 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2389 rsn_preauth_deinit(sm); 2390 2391 #ifdef CONFIG_IEEE80211R 2392 if (wpa_ft_is_completed(sm)) { 2393 /* 2394 * Clear portValid to kick EAPOL state machine to re-enter 2395 * AUTHENTICATED state to get the EAPOL port Authorized. 2396 */ 2397 eapol_sm_notify_portValid(sm->eapol, FALSE); 2398 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2399 2400 /* Prepare for the next transition */ 2401 wpa_ft_prepare_auth_request(sm, NULL); 2402 2403 clear_keys = 0; 2404 } 2405 #endif /* CONFIG_IEEE80211R */ 2406 2407 if (clear_keys) { 2408 /* 2409 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2410 * this is not part of a Fast BSS Transition. 2411 */ 2412 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2413 sm->ptk_set = 0; 2414 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2415 sm->tptk_set = 0; 2416 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2417 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2418 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2419 #ifdef CONFIG_IEEE80211W 2420 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2421 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2422 #endif /* CONFIG_IEEE80211W */ 2423 } 2424 2425 #ifdef CONFIG_TDLS 2426 wpa_tdls_assoc(sm); 2427 #endif /* CONFIG_TDLS */ 2428 2429 #ifdef CONFIG_P2P 2430 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2431 #endif /* CONFIG_P2P */ 2432 } 2433 2434 2435 /** 2436 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2437 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2438 * 2439 * This function is called to let WPA state machine know that the connection 2440 * was lost. This will abort any existing pre-authentication session. 2441 */ 2442 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2443 { 2444 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2445 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2446 peerkey_deinit(sm); 2447 rsn_preauth_deinit(sm); 2448 pmksa_cache_clear_current(sm); 2449 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2450 sm->dot11RSNA4WayHandshakeFailures++; 2451 #ifdef CONFIG_TDLS 2452 wpa_tdls_disassoc(sm); 2453 #endif /* CONFIG_TDLS */ 2454 #ifdef CONFIG_IEEE80211R 2455 sm->ft_reassoc_completed = 0; 2456 #endif /* CONFIG_IEEE80211R */ 2457 2458 /* Keys are not needed in the WPA state machine anymore */ 2459 wpa_sm_drop_sa(sm); 2460 2461 sm->msg_3_of_4_ok = 0; 2462 } 2463 2464 2465 /** 2466 * wpa_sm_set_pmk - Set PMK 2467 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2468 * @pmk: The new PMK 2469 * @pmk_len: The length of the new PMK in bytes 2470 * @pmkid: Calculated PMKID 2471 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2472 * 2473 * Configure the PMK for WPA state machine. 2474 */ 2475 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2476 const u8 *pmkid, const u8 *bssid) 2477 { 2478 if (sm == NULL) 2479 return; 2480 2481 sm->pmk_len = pmk_len; 2482 os_memcpy(sm->pmk, pmk, pmk_len); 2483 2484 #ifdef CONFIG_IEEE80211R 2485 /* Set XXKey to be PSK for FT key derivation */ 2486 sm->xxkey_len = pmk_len; 2487 os_memcpy(sm->xxkey, pmk, pmk_len); 2488 #endif /* CONFIG_IEEE80211R */ 2489 2490 if (bssid) { 2491 pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, 2492 bssid, sm->own_addr, 2493 sm->network_ctx, sm->key_mgmt); 2494 } 2495 } 2496 2497 2498 /** 2499 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2500 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2501 * 2502 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2503 * will be cleared. 2504 */ 2505 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2506 { 2507 if (sm == NULL) 2508 return; 2509 2510 if (sm->cur_pmksa) { 2511 sm->pmk_len = sm->cur_pmksa->pmk_len; 2512 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2513 } else { 2514 sm->pmk_len = PMK_LEN; 2515 os_memset(sm->pmk, 0, PMK_LEN); 2516 } 2517 } 2518 2519 2520 /** 2521 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2522 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2523 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2524 */ 2525 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2526 { 2527 if (sm) 2528 sm->fast_reauth = fast_reauth; 2529 } 2530 2531 2532 /** 2533 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2534 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2535 * @scard_ctx: Context pointer for smartcard related callback functions 2536 */ 2537 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2538 { 2539 if (sm == NULL) 2540 return; 2541 sm->scard_ctx = scard_ctx; 2542 if (sm->preauth_eapol) 2543 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2544 } 2545 2546 2547 /** 2548 * wpa_sm_set_config - Notification of current configration change 2549 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2550 * @config: Pointer to current network configuration 2551 * 2552 * Notify WPA state machine that configuration has changed. config will be 2553 * stored as a backpointer to network configuration. This can be %NULL to clear 2554 * the stored pointed. 2555 */ 2556 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2557 { 2558 if (!sm) 2559 return; 2560 2561 if (config) { 2562 sm->network_ctx = config->network_ctx; 2563 sm->peerkey_enabled = config->peerkey_enabled; 2564 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2565 sm->proactive_key_caching = config->proactive_key_caching; 2566 sm->eap_workaround = config->eap_workaround; 2567 sm->eap_conf_ctx = config->eap_conf_ctx; 2568 if (config->ssid) { 2569 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2570 sm->ssid_len = config->ssid_len; 2571 } else 2572 sm->ssid_len = 0; 2573 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2574 sm->p2p = config->p2p; 2575 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation; 2576 } else { 2577 sm->network_ctx = NULL; 2578 sm->peerkey_enabled = 0; 2579 sm->allowed_pairwise_cipher = 0; 2580 sm->proactive_key_caching = 0; 2581 sm->eap_workaround = 0; 2582 sm->eap_conf_ctx = NULL; 2583 sm->ssid_len = 0; 2584 sm->wpa_ptk_rekey = 0; 2585 sm->p2p = 0; 2586 sm->wpa_rsc_relaxation = 0; 2587 } 2588 } 2589 2590 2591 /** 2592 * wpa_sm_set_own_addr - Set own MAC address 2593 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2594 * @addr: Own MAC address 2595 */ 2596 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2597 { 2598 if (sm) 2599 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2600 } 2601 2602 2603 /** 2604 * wpa_sm_set_ifname - Set network interface name 2605 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2606 * @ifname: Interface name 2607 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2608 */ 2609 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2610 const char *bridge_ifname) 2611 { 2612 if (sm) { 2613 sm->ifname = ifname; 2614 sm->bridge_ifname = bridge_ifname; 2615 } 2616 } 2617 2618 2619 /** 2620 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2621 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2622 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2623 */ 2624 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2625 { 2626 if (sm) 2627 sm->eapol = eapol; 2628 } 2629 2630 2631 /** 2632 * wpa_sm_set_param - Set WPA state machine parameters 2633 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2634 * @param: Parameter field 2635 * @value: Parameter value 2636 * Returns: 0 on success, -1 on failure 2637 */ 2638 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2639 unsigned int value) 2640 { 2641 int ret = 0; 2642 2643 if (sm == NULL) 2644 return -1; 2645 2646 switch (param) { 2647 case RSNA_PMK_LIFETIME: 2648 if (value > 0) 2649 sm->dot11RSNAConfigPMKLifetime = value; 2650 else 2651 ret = -1; 2652 break; 2653 case RSNA_PMK_REAUTH_THRESHOLD: 2654 if (value > 0 && value <= 100) 2655 sm->dot11RSNAConfigPMKReauthThreshold = value; 2656 else 2657 ret = -1; 2658 break; 2659 case RSNA_SA_TIMEOUT: 2660 if (value > 0) 2661 sm->dot11RSNAConfigSATimeout = value; 2662 else 2663 ret = -1; 2664 break; 2665 case WPA_PARAM_PROTO: 2666 sm->proto = value; 2667 break; 2668 case WPA_PARAM_PAIRWISE: 2669 sm->pairwise_cipher = value; 2670 break; 2671 case WPA_PARAM_GROUP: 2672 sm->group_cipher = value; 2673 break; 2674 case WPA_PARAM_KEY_MGMT: 2675 sm->key_mgmt = value; 2676 break; 2677 #ifdef CONFIG_IEEE80211W 2678 case WPA_PARAM_MGMT_GROUP: 2679 sm->mgmt_group_cipher = value; 2680 break; 2681 #endif /* CONFIG_IEEE80211W */ 2682 case WPA_PARAM_RSN_ENABLED: 2683 sm->rsn_enabled = value; 2684 break; 2685 case WPA_PARAM_MFP: 2686 sm->mfp = value; 2687 break; 2688 default: 2689 break; 2690 } 2691 2692 return ret; 2693 } 2694 2695 2696 /** 2697 * wpa_sm_get_status - Get WPA state machine 2698 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2699 * @buf: Buffer for status information 2700 * @buflen: Maximum buffer length 2701 * @verbose: Whether to include verbose status information 2702 * Returns: Number of bytes written to buf. 2703 * 2704 * Query WPA state machine for status information. This function fills in 2705 * a text area with current status information. If the buffer (buf) is not 2706 * large enough, status information will be truncated to fit the buffer. 2707 */ 2708 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2709 int verbose) 2710 { 2711 char *pos = buf, *end = buf + buflen; 2712 int ret; 2713 2714 ret = os_snprintf(pos, end - pos, 2715 "pairwise_cipher=%s\n" 2716 "group_cipher=%s\n" 2717 "key_mgmt=%s\n", 2718 wpa_cipher_txt(sm->pairwise_cipher), 2719 wpa_cipher_txt(sm->group_cipher), 2720 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2721 if (os_snprintf_error(end - pos, ret)) 2722 return pos - buf; 2723 pos += ret; 2724 2725 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2726 struct wpa_ie_data rsn; 2727 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2728 >= 0 && 2729 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2730 WPA_CAPABILITY_MFPC)) { 2731 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2732 (rsn.capabilities & 2733 WPA_CAPABILITY_MFPR) ? 2 : 1); 2734 if (os_snprintf_error(end - pos, ret)) 2735 return pos - buf; 2736 pos += ret; 2737 } 2738 } 2739 2740 return pos - buf; 2741 } 2742 2743 2744 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2745 { 2746 struct wpa_ie_data rsn; 2747 2748 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2749 return 0; 2750 2751 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2752 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2753 return 1; 2754 2755 return 0; 2756 } 2757 2758 2759 /** 2760 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2761 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2762 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2763 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2764 * Returns: 0 on success, -1 on failure 2765 */ 2766 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2767 size_t *wpa_ie_len) 2768 { 2769 int res; 2770 2771 if (sm == NULL) 2772 return -1; 2773 2774 #ifdef CONFIG_TESTING_OPTIONS 2775 if (sm->test_assoc_ie) { 2776 wpa_printf(MSG_DEBUG, 2777 "TESTING: Replace association WPA/RSN IE"); 2778 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie)) 2779 return -1; 2780 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie), 2781 wpabuf_len(sm->test_assoc_ie)); 2782 res = wpabuf_len(sm->test_assoc_ie); 2783 } else 2784 #endif /* CONFIG_TESTING_OPTIONS */ 2785 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2786 if (res < 0) 2787 return -1; 2788 *wpa_ie_len = res; 2789 2790 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2791 wpa_ie, *wpa_ie_len); 2792 2793 if (sm->assoc_wpa_ie == NULL) { 2794 /* 2795 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2796 * the correct version of the IE even if PMKSA caching is 2797 * aborted (which would remove PMKID from IE generation). 2798 */ 2799 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2800 if (sm->assoc_wpa_ie == NULL) 2801 return -1; 2802 2803 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2804 sm->assoc_wpa_ie_len = *wpa_ie_len; 2805 } 2806 2807 return 0; 2808 } 2809 2810 2811 /** 2812 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2813 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2814 * @ie: Pointer to IE data (starting from id) 2815 * @len: IE length 2816 * Returns: 0 on success, -1 on failure 2817 * 2818 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2819 * Request frame. The IE will be used to override the default value generated 2820 * with wpa_sm_set_assoc_wpa_ie_default(). 2821 */ 2822 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2823 { 2824 if (sm == NULL) 2825 return -1; 2826 2827 os_free(sm->assoc_wpa_ie); 2828 if (ie == NULL || len == 0) { 2829 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2830 "WPA: clearing own WPA/RSN IE"); 2831 sm->assoc_wpa_ie = NULL; 2832 sm->assoc_wpa_ie_len = 0; 2833 } else { 2834 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2835 sm->assoc_wpa_ie = os_malloc(len); 2836 if (sm->assoc_wpa_ie == NULL) 2837 return -1; 2838 2839 os_memcpy(sm->assoc_wpa_ie, ie, len); 2840 sm->assoc_wpa_ie_len = len; 2841 } 2842 2843 return 0; 2844 } 2845 2846 2847 /** 2848 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2849 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2850 * @ie: Pointer to IE data (starting from id) 2851 * @len: IE length 2852 * Returns: 0 on success, -1 on failure 2853 * 2854 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2855 * frame. 2856 */ 2857 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2858 { 2859 if (sm == NULL) 2860 return -1; 2861 2862 os_free(sm->ap_wpa_ie); 2863 if (ie == NULL || len == 0) { 2864 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2865 "WPA: clearing AP WPA IE"); 2866 sm->ap_wpa_ie = NULL; 2867 sm->ap_wpa_ie_len = 0; 2868 } else { 2869 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2870 sm->ap_wpa_ie = os_malloc(len); 2871 if (sm->ap_wpa_ie == NULL) 2872 return -1; 2873 2874 os_memcpy(sm->ap_wpa_ie, ie, len); 2875 sm->ap_wpa_ie_len = len; 2876 } 2877 2878 return 0; 2879 } 2880 2881 2882 /** 2883 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2884 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2885 * @ie: Pointer to IE data (starting from id) 2886 * @len: IE length 2887 * Returns: 0 on success, -1 on failure 2888 * 2889 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2890 * frame. 2891 */ 2892 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2893 { 2894 if (sm == NULL) 2895 return -1; 2896 2897 os_free(sm->ap_rsn_ie); 2898 if (ie == NULL || len == 0) { 2899 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2900 "WPA: clearing AP RSN IE"); 2901 sm->ap_rsn_ie = NULL; 2902 sm->ap_rsn_ie_len = 0; 2903 } else { 2904 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2905 sm->ap_rsn_ie = os_malloc(len); 2906 if (sm->ap_rsn_ie == NULL) 2907 return -1; 2908 2909 os_memcpy(sm->ap_rsn_ie, ie, len); 2910 sm->ap_rsn_ie_len = len; 2911 } 2912 2913 return 0; 2914 } 2915 2916 2917 /** 2918 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2919 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2920 * @data: Pointer to data area for parsing results 2921 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2922 * 2923 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2924 * parsed data into data. 2925 */ 2926 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2927 { 2928 if (sm == NULL) 2929 return -1; 2930 2931 if (sm->assoc_wpa_ie == NULL) { 2932 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2933 "WPA: No WPA/RSN IE available from association info"); 2934 return -1; 2935 } 2936 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2937 return -2; 2938 return 0; 2939 } 2940 2941 2942 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2943 { 2944 return pmksa_cache_list(sm->pmksa, buf, len); 2945 } 2946 2947 2948 void wpa_sm_drop_sa(struct wpa_sm *sm) 2949 { 2950 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2951 sm->ptk_set = 0; 2952 sm->tptk_set = 0; 2953 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2954 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2955 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2956 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2957 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2958 #ifdef CONFIG_IEEE80211W 2959 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2960 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2961 #endif /* CONFIG_IEEE80211W */ 2962 #ifdef CONFIG_IEEE80211R 2963 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2964 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2965 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2966 #endif /* CONFIG_IEEE80211R */ 2967 } 2968 2969 2970 int wpa_sm_has_ptk(struct wpa_sm *sm) 2971 { 2972 if (sm == NULL) 2973 return 0; 2974 return sm->ptk_set; 2975 } 2976 2977 2978 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2979 { 2980 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2981 } 2982 2983 2984 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2985 { 2986 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 2987 } 2988 2989 2990 #ifdef CONFIG_WNM 2991 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 2992 { 2993 u16 keyinfo; 2994 u8 keylen; /* plaintext key len */ 2995 u8 *key_rsc; 2996 2997 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 2998 struct wpa_gtk_data gd; 2999 3000 os_memset(&gd, 0, sizeof(gd)); 3001 keylen = wpa_cipher_key_len(sm->group_cipher); 3002 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 3003 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 3004 if (gd.alg == WPA_ALG_NONE) { 3005 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 3006 return -1; 3007 } 3008 3009 key_rsc = buf + 5; 3010 keyinfo = WPA_GET_LE16(buf + 2); 3011 gd.gtk_len = keylen; 3012 if (gd.gtk_len != buf[4]) { 3013 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 3014 gd.gtk_len, buf[4]); 3015 return -1; 3016 } 3017 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 3018 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 3019 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 3020 3021 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 3022 3023 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 3024 gd.gtk, gd.gtk_len); 3025 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { 3026 os_memset(&gd, 0, sizeof(gd)); 3027 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 3028 "WNM mode"); 3029 return -1; 3030 } 3031 os_memset(&gd, 0, sizeof(gd)); 3032 #ifdef CONFIG_IEEE80211W 3033 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 3034 const struct wpa_igtk_kde *igtk; 3035 3036 igtk = (const struct wpa_igtk_kde *) (buf + 2); 3037 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) 3038 return -1; 3039 #endif /* CONFIG_IEEE80211W */ 3040 } else { 3041 wpa_printf(MSG_DEBUG, "Unknown element id"); 3042 return -1; 3043 } 3044 3045 return 0; 3046 } 3047 #endif /* CONFIG_WNM */ 3048 3049 3050 #ifdef CONFIG_PEERKEY 3051 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 3052 const u8 *buf, size_t len) 3053 { 3054 struct wpa_peerkey *peerkey; 3055 3056 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 3057 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 3058 break; 3059 } 3060 3061 if (!peerkey) 3062 return 0; 3063 3064 wpa_sm_rx_eapol(sm, src_addr, buf, len); 3065 3066 return 1; 3067 } 3068 #endif /* CONFIG_PEERKEY */ 3069 3070 3071 #ifdef CONFIG_P2P 3072 3073 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 3074 { 3075 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 3076 return -1; 3077 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 3078 return 0; 3079 } 3080 3081 #endif /* CONFIG_P2P */ 3082 3083 3084 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 3085 { 3086 if (rx_replay_counter == NULL) 3087 return; 3088 3089 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 3090 WPA_REPLAY_COUNTER_LEN); 3091 sm->rx_replay_counter_set = 1; 3092 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 3093 } 3094 3095 3096 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 3097 const u8 *ptk_kck, size_t ptk_kck_len, 3098 const u8 *ptk_kek, size_t ptk_kek_len) 3099 { 3100 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 3101 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 3102 sm->ptk.kck_len = ptk_kck_len; 3103 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 3104 } 3105 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 3106 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 3107 sm->ptk.kek_len = ptk_kek_len; 3108 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 3109 } 3110 sm->ptk_set = 1; 3111 } 3112 3113 3114 #ifdef CONFIG_TESTING_OPTIONS 3115 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) 3116 { 3117 wpabuf_free(sm->test_assoc_ie); 3118 sm->test_assoc_ie = buf; 3119 } 3120 #endif /* CONFIG_TESTING_OPTIONS */ 3121