1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/aes_wrap.h" 13 #include "crypto/crypto.h" 14 #include "crypto/random.h" 15 #include "common/ieee802_11_defs.h" 16 #include "eapol_supp/eapol_supp_sm.h" 17 #include "wpa.h" 18 #include "eloop.h" 19 #include "preauth.h" 20 #include "pmksa_cache.h" 21 #include "wpa_i.h" 22 #include "wpa_ie.h" 23 #include "peerkey.h" 24 25 26 /** 27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 28 * @sm: Pointer to WPA state machine data from wpa_sm_init() 29 * @kck: Key Confirmation Key (KCK, part of PTK) 30 * @kck_len: KCK length in octets 31 * @ver: Version field from Key Info 32 * @dest: Destination address for the frame 33 * @proto: Ethertype (usually ETH_P_EAPOL) 34 * @msg: EAPOL-Key message 35 * @msg_len: Length of message 36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 37 */ 38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, 39 int ver, const u8 *dest, u16 proto, 40 u8 *msg, size_t msg_len, u8 *key_mic) 41 { 42 size_t mic_len = wpa_mic_len(sm->key_mgmt); 43 44 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 45 /* 46 * Association event was not yet received; try to fetch 47 * BSSID from the driver. 48 */ 49 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 50 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51 "WPA: Failed to read BSSID for " 52 "EAPOL-Key destination address"); 53 } else { 54 dest = sm->bssid; 55 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 56 "WPA: Use BSSID (" MACSTR 57 ") as the destination for EAPOL-Key", 58 MAC2STR(dest)); 59 } 60 } 61 if (key_mic && 62 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, 63 key_mic)) { 64 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 66 ver, sm->key_mgmt); 67 goto out; 68 } 69 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); 70 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len); 71 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 72 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 73 eapol_sm_notify_tx_eapol_key(sm->eapol); 74 out: 75 os_free(msg); 76 } 77 78 79 /** 80 * wpa_sm_key_request - Send EAPOL-Key Request 81 * @sm: Pointer to WPA state machine data from wpa_sm_init() 82 * @error: Indicate whether this is an Michael MIC error report 83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 84 * 85 * Send an EAPOL-Key Request to the current authenticator. This function is 86 * used to request rekeying and it is usually called when a local Michael MIC 87 * failure is detected. 88 */ 89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 90 { 91 size_t mic_len, hdrlen, rlen; 92 struct wpa_eapol_key *reply; 93 struct wpa_eapol_key_192 *reply192; 94 int key_info, ver; 95 u8 bssid[ETH_ALEN], *rbuf, *key_mic; 96 97 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 98 wpa_key_mgmt_suite_b(sm->key_mgmt)) 99 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 100 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 101 wpa_key_mgmt_sha256(sm->key_mgmt)) 102 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 103 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 104 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 105 else 106 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 107 108 if (wpa_sm_get_bssid(sm, bssid) < 0) { 109 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 110 "Failed to read BSSID for EAPOL-Key request"); 111 return; 112 } 113 114 mic_len = wpa_mic_len(sm->key_mgmt); 115 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 116 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 117 hdrlen, &rlen, (void *) &reply); 118 if (rbuf == NULL) 119 return; 120 reply192 = (struct wpa_eapol_key_192 *) reply; 121 122 reply->type = (sm->proto == WPA_PROTO_RSN || 123 sm->proto == WPA_PROTO_OSEN) ? 124 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 125 key_info = WPA_KEY_INFO_REQUEST | ver; 126 if (sm->ptk_set) 127 key_info |= WPA_KEY_INFO_MIC; 128 if (error) 129 key_info |= WPA_KEY_INFO_ERROR; 130 if (pairwise) 131 key_info |= WPA_KEY_INFO_KEY_TYPE; 132 WPA_PUT_BE16(reply->key_info, key_info); 133 WPA_PUT_BE16(reply->key_length, 0); 134 os_memcpy(reply->replay_counter, sm->request_counter, 135 WPA_REPLAY_COUNTER_LEN); 136 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 137 138 if (mic_len == 24) 139 WPA_PUT_BE16(reply192->key_data_length, 0); 140 else 141 WPA_PUT_BE16(reply->key_data_length, 0); 142 if (!(key_info & WPA_KEY_INFO_MIC)) 143 key_mic = NULL; 144 else 145 key_mic = reply192->key_mic; /* same offset in reply */ 146 147 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 148 "WPA: Sending EAPOL-Key Request (error=%d " 149 "pairwise=%d ptk_set=%d len=%lu)", 150 error, pairwise, sm->ptk_set, (unsigned long) rlen); 151 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 152 ETH_P_EAPOL, rbuf, rlen, key_mic); 153 } 154 155 156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 157 { 158 #ifdef CONFIG_IEEE80211R 159 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 160 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 161 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 162 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 163 } else { 164 #endif /* CONFIG_IEEE80211R */ 165 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 166 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 167 "RSN: Cannot set PMK for key management offload"); 168 #ifdef CONFIG_IEEE80211R 169 } 170 #endif /* CONFIG_IEEE80211R */ 171 } 172 173 174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 175 const unsigned char *src_addr, 176 const u8 *pmkid) 177 { 178 int abort_cached = 0; 179 180 if (pmkid && !sm->cur_pmksa) { 181 /* When using drivers that generate RSN IE, wpa_supplicant may 182 * not have enough time to get the association information 183 * event before receiving this 1/4 message, so try to find a 184 * matching PMKSA cache entry here. */ 185 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 186 NULL); 187 if (sm->cur_pmksa) { 188 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 189 "RSN: found matching PMKID from PMKSA cache"); 190 } else { 191 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 192 "RSN: no matching PMKID found"); 193 abort_cached = 1; 194 } 195 } 196 197 if (pmkid && sm->cur_pmksa && 198 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 199 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 200 wpa_sm_set_pmk_from_pmksa(sm); 201 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 202 sm->pmk, sm->pmk_len); 203 eapol_sm_notify_cached(sm->eapol); 204 #ifdef CONFIG_IEEE80211R 205 sm->xxkey_len = 0; 206 #endif /* CONFIG_IEEE80211R */ 207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 208 int res, pmk_len; 209 pmk_len = PMK_LEN; 210 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 211 if (res) { 212 /* 213 * EAP-LEAP is an exception from other EAP methods: it 214 * uses only 16-byte PMK. 215 */ 216 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 217 pmk_len = 16; 218 } else { 219 #ifdef CONFIG_IEEE80211R 220 u8 buf[2 * PMK_LEN]; 221 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 222 { 223 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 224 sm->xxkey_len = PMK_LEN; 225 os_memset(buf, 0, sizeof(buf)); 226 } 227 #endif /* CONFIG_IEEE80211R */ 228 } 229 if (res == 0) { 230 struct rsn_pmksa_cache_entry *sa = NULL; 231 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 232 "machines", sm->pmk, pmk_len); 233 sm->pmk_len = pmk_len; 234 wpa_supplicant_key_mgmt_set_pmk(sm); 235 if (sm->proto == WPA_PROTO_RSN && 236 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 237 !wpa_key_mgmt_ft(sm->key_mgmt)) { 238 sa = pmksa_cache_add(sm->pmksa, 239 sm->pmk, pmk_len, 240 NULL, 0, 241 src_addr, sm->own_addr, 242 sm->network_ctx, 243 sm->key_mgmt); 244 } 245 if (!sm->cur_pmksa && pmkid && 246 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 247 { 248 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 249 "RSN: the new PMK matches with the " 250 "PMKID"); 251 abort_cached = 0; 252 } else if (sa && !sm->cur_pmksa && pmkid) { 253 /* 254 * It looks like the authentication server 255 * derived mismatching MSK. This should not 256 * really happen, but bugs happen.. There is not 257 * much we can do here without knowing what 258 * exactly caused the server to misbehave. 259 */ 260 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, 261 "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); 262 return -1; 263 } 264 265 if (!sm->cur_pmksa) 266 sm->cur_pmksa = sa; 267 } else { 268 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 269 "WPA: Failed to get master session key from " 270 "EAPOL state machines - key handshake " 271 "aborted"); 272 if (sm->cur_pmksa) { 273 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 274 "RSN: Cancelled PMKSA caching " 275 "attempt"); 276 sm->cur_pmksa = NULL; 277 abort_cached = 1; 278 } else if (!abort_cached) { 279 return -1; 280 } 281 } 282 } 283 284 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 285 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 286 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 287 { 288 /* Send EAPOL-Start to trigger full EAP authentication. */ 289 u8 *buf; 290 size_t buflen; 291 292 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 293 "RSN: no PMKSA entry found - trigger " 294 "full EAP authentication"); 295 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 296 NULL, 0, &buflen, NULL); 297 if (buf) { 298 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 299 buf, buflen); 300 os_free(buf); 301 return -2; 302 } 303 304 return -1; 305 } 306 307 return 0; 308 } 309 310 311 /** 312 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 313 * @sm: Pointer to WPA state machine data from wpa_sm_init() 314 * @dst: Destination address for the frame 315 * @key: Pointer to the EAPOL-Key frame header 316 * @ver: Version bits from EAPOL-Key Key Info 317 * @nonce: Nonce value for the EAPOL-Key frame 318 * @wpa_ie: WPA/RSN IE 319 * @wpa_ie_len: Length of the WPA/RSN IE 320 * @ptk: PTK to use for keyed hash and encryption 321 * Returns: 0 on success, -1 on failure 322 */ 323 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 324 const struct wpa_eapol_key *key, 325 int ver, const u8 *nonce, 326 const u8 *wpa_ie, size_t wpa_ie_len, 327 struct wpa_ptk *ptk) 328 { 329 size_t mic_len, hdrlen, rlen; 330 struct wpa_eapol_key *reply; 331 struct wpa_eapol_key_192 *reply192; 332 u8 *rbuf, *key_mic; 333 u8 *rsn_ie_buf = NULL; 334 335 if (wpa_ie == NULL) { 336 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 337 "cannot generate msg 2/4"); 338 return -1; 339 } 340 341 #ifdef CONFIG_IEEE80211R 342 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 343 int res; 344 345 /* 346 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 347 * FTIE from (Re)Association Response. 348 */ 349 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 350 sm->assoc_resp_ies_len); 351 if (rsn_ie_buf == NULL) 352 return -1; 353 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 354 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 355 sm->pmk_r1_name); 356 if (res < 0) { 357 os_free(rsn_ie_buf); 358 return -1; 359 } 360 wpa_ie_len += res; 361 362 if (sm->assoc_resp_ies) { 363 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 364 sm->assoc_resp_ies_len); 365 wpa_ie_len += sm->assoc_resp_ies_len; 366 } 367 368 wpa_ie = rsn_ie_buf; 369 } 370 #endif /* CONFIG_IEEE80211R */ 371 372 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 373 374 mic_len = wpa_mic_len(sm->key_mgmt); 375 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 376 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 377 NULL, hdrlen + wpa_ie_len, 378 &rlen, (void *) &reply); 379 if (rbuf == NULL) { 380 os_free(rsn_ie_buf); 381 return -1; 382 } 383 reply192 = (struct wpa_eapol_key_192 *) reply; 384 385 reply->type = (sm->proto == WPA_PROTO_RSN || 386 sm->proto == WPA_PROTO_OSEN) ? 387 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 388 WPA_PUT_BE16(reply->key_info, 389 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 390 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 391 WPA_PUT_BE16(reply->key_length, 0); 392 else 393 os_memcpy(reply->key_length, key->key_length, 2); 394 os_memcpy(reply->replay_counter, key->replay_counter, 395 WPA_REPLAY_COUNTER_LEN); 396 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 397 WPA_REPLAY_COUNTER_LEN); 398 399 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 400 if (mic_len == 24) { 401 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len); 402 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len); 403 } else { 404 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 405 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 406 } 407 os_free(rsn_ie_buf); 408 409 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 410 411 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 412 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 413 rbuf, rlen, key_mic); 414 415 return 0; 416 } 417 418 419 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 420 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 421 { 422 #ifdef CONFIG_IEEE80211R 423 if (wpa_key_mgmt_ft(sm->key_mgmt)) 424 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 425 #endif /* CONFIG_IEEE80211R */ 426 427 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 428 sm->own_addr, sm->bssid, sm->snonce, 429 key->key_nonce, ptk, sm->key_mgmt, 430 sm->pairwise_cipher); 431 } 432 433 434 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 435 const unsigned char *src_addr, 436 const struct wpa_eapol_key *key, 437 u16 ver, const u8 *key_data, 438 size_t key_data_len) 439 { 440 struct wpa_eapol_ie_parse ie; 441 struct wpa_ptk *ptk; 442 int res; 443 u8 *kde, *kde_buf = NULL; 444 size_t kde_len; 445 446 if (wpa_sm_get_network_ctx(sm) == NULL) { 447 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 448 "found (msg 1 of 4)"); 449 return; 450 } 451 452 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 453 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 454 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 455 456 os_memset(&ie, 0, sizeof(ie)); 457 458 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 459 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 460 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 461 key_data, key_data_len); 462 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 463 goto failed; 464 if (ie.pmkid) { 465 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 466 "Authenticator", ie.pmkid, PMKID_LEN); 467 } 468 } 469 470 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 471 if (res == -2) { 472 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 473 "msg 1/4 - requesting full EAP authentication"); 474 return; 475 } 476 if (res) 477 goto failed; 478 479 if (sm->renew_snonce) { 480 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 481 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 482 "WPA: Failed to get random data for SNonce"); 483 goto failed; 484 } 485 sm->renew_snonce = 0; 486 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 487 sm->snonce, WPA_NONCE_LEN); 488 } 489 490 /* Calculate PTK which will be stored as a temporary PTK until it has 491 * been verified when processing message 3/4. */ 492 ptk = &sm->tptk; 493 wpa_derive_ptk(sm, src_addr, key, ptk); 494 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 495 u8 buf[8]; 496 /* Supplicant: swap tx/rx Mic keys */ 497 os_memcpy(buf, &ptk->tk[16], 8); 498 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 499 os_memcpy(&ptk->tk[24], buf, 8); 500 os_memset(buf, 0, sizeof(buf)); 501 } 502 sm->tptk_set = 1; 503 504 kde = sm->assoc_wpa_ie; 505 kde_len = sm->assoc_wpa_ie_len; 506 507 #ifdef CONFIG_P2P 508 if (sm->p2p) { 509 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 510 if (kde_buf) { 511 u8 *pos; 512 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 513 "into EAPOL-Key 2/4"); 514 os_memcpy(kde_buf, kde, kde_len); 515 kde = kde_buf; 516 pos = kde + kde_len; 517 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 518 *pos++ = RSN_SELECTOR_LEN + 1; 519 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 520 pos += RSN_SELECTOR_LEN; 521 *pos++ = 0x01; 522 kde_len = pos - kde; 523 } 524 } 525 #endif /* CONFIG_P2P */ 526 527 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 528 kde, kde_len, ptk)) 529 goto failed; 530 531 os_free(kde_buf); 532 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 533 return; 534 535 failed: 536 os_free(kde_buf); 537 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 538 } 539 540 541 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 542 { 543 struct wpa_sm *sm = eloop_ctx; 544 rsn_preauth_candidate_process(sm); 545 } 546 547 548 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 549 const u8 *addr, int secure) 550 { 551 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 552 "WPA: Key negotiation completed with " 553 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 554 wpa_cipher_txt(sm->pairwise_cipher), 555 wpa_cipher_txt(sm->group_cipher)); 556 wpa_sm_cancel_auth_timeout(sm); 557 wpa_sm_set_state(sm, WPA_COMPLETED); 558 559 if (secure) { 560 wpa_sm_mlme_setprotection( 561 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 562 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 563 eapol_sm_notify_portValid(sm->eapol, TRUE); 564 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 565 eapol_sm_notify_eap_success(sm->eapol, TRUE); 566 /* 567 * Start preauthentication after a short wait to avoid a 568 * possible race condition between the data receive and key 569 * configuration after the 4-Way Handshake. This increases the 570 * likelihood of the first preauth EAPOL-Start frame getting to 571 * the target AP. 572 */ 573 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 574 } 575 576 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 577 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 578 "RSN: Authenticator accepted " 579 "opportunistic PMKSA entry - marking it valid"); 580 sm->cur_pmksa->opportunistic = 0; 581 } 582 583 #ifdef CONFIG_IEEE80211R 584 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 585 /* Prepare for the next transition */ 586 wpa_ft_prepare_auth_request(sm, NULL); 587 } 588 #endif /* CONFIG_IEEE80211R */ 589 } 590 591 592 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 593 { 594 struct wpa_sm *sm = eloop_ctx; 595 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 596 wpa_sm_key_request(sm, 0, 1); 597 } 598 599 600 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 601 const struct wpa_eapol_key *key) 602 { 603 int keylen, rsclen; 604 enum wpa_alg alg; 605 const u8 *key_rsc; 606 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 607 608 if (sm->ptk.installed) { 609 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 610 "WPA: Do not re-install same PTK to the driver"); 611 return 0; 612 } 613 614 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 615 "WPA: Installing PTK to the driver"); 616 617 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 618 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 619 "Suite: NONE - do not use pairwise keys"); 620 return 0; 621 } 622 623 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 624 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 625 "WPA: Unsupported pairwise cipher %d", 626 sm->pairwise_cipher); 627 return -1; 628 } 629 630 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 631 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 632 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 633 634 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 635 key_rsc = null_rsc; 636 } else { 637 key_rsc = key->key_rsc; 638 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 639 } 640 641 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 642 sm->ptk.tk, keylen) < 0) { 643 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 644 "WPA: Failed to set PTK to the " 645 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 646 alg, keylen, MAC2STR(sm->bssid)); 647 return -1; 648 } 649 650 /* TK is not needed anymore in supplicant */ 651 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 652 sm->ptk.installed = 1; 653 654 if (sm->wpa_ptk_rekey) { 655 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 656 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 657 sm, NULL); 658 } 659 660 return 0; 661 } 662 663 664 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 665 int group_cipher, 666 int keylen, int maxkeylen, 667 int *key_rsc_len, 668 enum wpa_alg *alg) 669 { 670 int klen; 671 672 *alg = wpa_cipher_to_alg(group_cipher); 673 if (*alg == WPA_ALG_NONE) { 674 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 675 "WPA: Unsupported Group Cipher %d", 676 group_cipher); 677 return -1; 678 } 679 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 680 681 klen = wpa_cipher_key_len(group_cipher); 682 if (keylen != klen || maxkeylen < klen) { 683 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 684 "WPA: Unsupported %s Group Cipher key length %d (%d)", 685 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 686 return -1; 687 } 688 return 0; 689 } 690 691 692 struct wpa_gtk_data { 693 enum wpa_alg alg; 694 int tx, key_rsc_len, keyidx; 695 u8 gtk[32]; 696 int gtk_len; 697 }; 698 699 700 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 701 const struct wpa_gtk_data *gd, 702 const u8 *key_rsc, int wnm_sleep) 703 { 704 const u8 *_gtk = gd->gtk; 705 u8 gtk_buf[32]; 706 707 /* Detect possible key reinstallation */ 708 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && 709 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || 710 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && 711 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, 712 sm->gtk_wnm_sleep.gtk_len) == 0)) { 713 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 714 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", 715 gd->keyidx, gd->tx, gd->gtk_len); 716 return 0; 717 } 718 719 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 720 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 721 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 722 gd->keyidx, gd->tx, gd->gtk_len); 723 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 724 if (sm->group_cipher == WPA_CIPHER_TKIP) { 725 /* Swap Tx/Rx keys for Michael MIC */ 726 os_memcpy(gtk_buf, gd->gtk, 16); 727 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 728 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 729 _gtk = gtk_buf; 730 } 731 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 732 if (wpa_sm_set_key(sm, gd->alg, NULL, 733 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 734 _gtk, gd->gtk_len) < 0) { 735 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 736 "WPA: Failed to set GTK to the driver " 737 "(Group only)"); 738 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 739 return -1; 740 } 741 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 742 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 743 _gtk, gd->gtk_len) < 0) { 744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 745 "WPA: Failed to set GTK to " 746 "the driver (alg=%d keylen=%d keyidx=%d)", 747 gd->alg, gd->gtk_len, gd->keyidx); 748 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 749 return -1; 750 } 751 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 752 753 if (wnm_sleep) { 754 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; 755 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, 756 sm->gtk_wnm_sleep.gtk_len); 757 } else { 758 sm->gtk.gtk_len = gd->gtk_len; 759 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 760 } 761 762 return 0; 763 } 764 765 766 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 767 int tx) 768 { 769 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 770 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 771 * seemed to set this bit (incorrectly, since Tx is only when 772 * doing Group Key only APs) and without this workaround, the 773 * data connection does not work because wpa_supplicant 774 * configured non-zero keyidx to be used for unicast. */ 775 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 776 "WPA: Tx bit set for GTK, but pairwise " 777 "keys are used - ignore Tx bit"); 778 return 0; 779 } 780 return tx; 781 } 782 783 784 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 785 const struct wpa_eapol_key *key, 786 const u8 *gtk, size_t gtk_len, 787 int key_info) 788 { 789 struct wpa_gtk_data gd; 790 791 /* 792 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 793 * GTK KDE format: 794 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 795 * Reserved [bits 0-7] 796 * GTK 797 */ 798 799 os_memset(&gd, 0, sizeof(gd)); 800 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 801 gtk, gtk_len); 802 803 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 804 return -1; 805 806 gd.keyidx = gtk[0] & 0x3; 807 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 808 !!(gtk[0] & BIT(2))); 809 gtk += 2; 810 gtk_len -= 2; 811 812 os_memcpy(gd.gtk, gtk, gtk_len); 813 gd.gtk_len = gtk_len; 814 815 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 816 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 817 gtk_len, gtk_len, 818 &gd.key_rsc_len, &gd.alg) || 819 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) { 820 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 821 "RSN: Failed to install GTK"); 822 os_memset(&gd, 0, sizeof(gd)); 823 return -1; 824 } 825 os_memset(&gd, 0, sizeof(gd)); 826 827 wpa_supplicant_key_neg_complete(sm, sm->bssid, 828 key_info & WPA_KEY_INFO_SECURE); 829 return 0; 830 } 831 832 833 #ifdef CONFIG_IEEE80211W 834 static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 835 const struct wpa_igtk_kde *igtk, 836 int wnm_sleep) 837 { 838 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); 839 u16 keyidx = WPA_GET_LE16(igtk->keyid); 840 841 /* Detect possible key reinstallation */ 842 if ((sm->igtk.igtk_len == len && 843 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || 844 (sm->igtk_wnm_sleep.igtk_len == len && 845 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, 846 sm->igtk_wnm_sleep.igtk_len) == 0)) { 847 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 848 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", 849 keyidx); 850 return 0; 851 } 852 853 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 854 "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", 855 keyidx, MAC2STR(igtk->pn)); 856 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); 857 if (keyidx > 4095) { 858 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 859 "WPA: Invalid IGTK KeyID %d", keyidx); 860 return -1; 861 } 862 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 863 broadcast_ether_addr, 864 keyidx, 0, igtk->pn, sizeof(igtk->pn), 865 igtk->igtk, len) < 0) { 866 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 867 "WPA: Failed to configure IGTK to the driver"); 868 return -1; 869 } 870 871 if (wnm_sleep) { 872 sm->igtk_wnm_sleep.igtk_len = len; 873 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, 874 sm->igtk_wnm_sleep.igtk_len); 875 } else { 876 sm->igtk.igtk_len = len; 877 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 878 } 879 880 return 0; 881 } 882 #endif /* CONFIG_IEEE80211W */ 883 884 885 static int ieee80211w_set_keys(struct wpa_sm *sm, 886 struct wpa_eapol_ie_parse *ie) 887 { 888 #ifdef CONFIG_IEEE80211W 889 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 890 return 0; 891 892 if (ie->igtk) { 893 size_t len; 894 const struct wpa_igtk_kde *igtk; 895 896 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 897 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 898 return -1; 899 900 igtk = (const struct wpa_igtk_kde *) ie->igtk; 901 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) 902 return -1; 903 } 904 905 return 0; 906 #else /* CONFIG_IEEE80211W */ 907 return 0; 908 #endif /* CONFIG_IEEE80211W */ 909 } 910 911 912 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 913 const char *reason, const u8 *src_addr, 914 const u8 *wpa_ie, size_t wpa_ie_len, 915 const u8 *rsn_ie, size_t rsn_ie_len) 916 { 917 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 918 reason, MAC2STR(src_addr)); 919 920 if (sm->ap_wpa_ie) { 921 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 922 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 923 } 924 if (wpa_ie) { 925 if (!sm->ap_wpa_ie) { 926 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 927 "WPA: No WPA IE in Beacon/ProbeResp"); 928 } 929 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 930 wpa_ie, wpa_ie_len); 931 } 932 933 if (sm->ap_rsn_ie) { 934 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 935 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 936 } 937 if (rsn_ie) { 938 if (!sm->ap_rsn_ie) { 939 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 940 "WPA: No RSN IE in Beacon/ProbeResp"); 941 } 942 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 943 rsn_ie, rsn_ie_len); 944 } 945 946 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 947 } 948 949 950 #ifdef CONFIG_IEEE80211R 951 952 static int ft_validate_mdie(struct wpa_sm *sm, 953 const unsigned char *src_addr, 954 struct wpa_eapol_ie_parse *ie, 955 const u8 *assoc_resp_mdie) 956 { 957 struct rsn_mdie *mdie; 958 959 mdie = (struct rsn_mdie *) (ie->mdie + 2); 960 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 961 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 962 MOBILITY_DOMAIN_ID_LEN) != 0) { 963 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 964 "not match with the current mobility domain"); 965 return -1; 966 } 967 968 if (assoc_resp_mdie && 969 (assoc_resp_mdie[1] != ie->mdie[1] || 970 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 971 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 972 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 973 ie->mdie, 2 + ie->mdie[1]); 974 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 975 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 976 return -1; 977 } 978 979 return 0; 980 } 981 982 983 static int ft_validate_ftie(struct wpa_sm *sm, 984 const unsigned char *src_addr, 985 struct wpa_eapol_ie_parse *ie, 986 const u8 *assoc_resp_ftie) 987 { 988 if (ie->ftie == NULL) { 989 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 990 "FT: No FTIE in EAPOL-Key msg 3/4"); 991 return -1; 992 } 993 994 if (assoc_resp_ftie == NULL) 995 return 0; 996 997 if (assoc_resp_ftie[1] != ie->ftie[1] || 998 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 999 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 1000 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 1001 ie->ftie, 2 + ie->ftie[1]); 1002 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 1003 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 1004 return -1; 1005 } 1006 1007 return 0; 1008 } 1009 1010 1011 static int ft_validate_rsnie(struct wpa_sm *sm, 1012 const unsigned char *src_addr, 1013 struct wpa_eapol_ie_parse *ie) 1014 { 1015 struct wpa_ie_data rsn; 1016 1017 if (!ie->rsn_ie) 1018 return 0; 1019 1020 /* 1021 * Verify that PMKR1Name from EAPOL-Key message 3/4 1022 * matches with the value we derived. 1023 */ 1024 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 1025 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 1026 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 1027 "FT 4-way handshake message 3/4"); 1028 return -1; 1029 } 1030 1031 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 1032 { 1033 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1034 "FT: PMKR1Name mismatch in " 1035 "FT 4-way handshake message 3/4"); 1036 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 1037 rsn.pmkid, WPA_PMK_NAME_LEN); 1038 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1039 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1040 return -1; 1041 } 1042 1043 return 0; 1044 } 1045 1046 1047 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 1048 const unsigned char *src_addr, 1049 struct wpa_eapol_ie_parse *ie) 1050 { 1051 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 1052 1053 if (sm->assoc_resp_ies) { 1054 pos = sm->assoc_resp_ies; 1055 end = pos + sm->assoc_resp_ies_len; 1056 while (pos + 2 < end) { 1057 if (pos + 2 + pos[1] > end) 1058 break; 1059 switch (*pos) { 1060 case WLAN_EID_MOBILITY_DOMAIN: 1061 mdie = pos; 1062 break; 1063 case WLAN_EID_FAST_BSS_TRANSITION: 1064 ftie = pos; 1065 break; 1066 } 1067 pos += 2 + pos[1]; 1068 } 1069 } 1070 1071 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 1072 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 1073 ft_validate_rsnie(sm, src_addr, ie) < 0) 1074 return -1; 1075 1076 return 0; 1077 } 1078 1079 #endif /* CONFIG_IEEE80211R */ 1080 1081 1082 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1083 const unsigned char *src_addr, 1084 struct wpa_eapol_ie_parse *ie) 1085 { 1086 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1087 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1088 "WPA: No WPA/RSN IE for this AP known. " 1089 "Trying to get from scan results"); 1090 if (wpa_sm_get_beacon_ie(sm) < 0) { 1091 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1092 "WPA: Could not find AP from " 1093 "the scan results"); 1094 } else { 1095 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1096 "WPA: Found the current AP from " 1097 "updated scan results"); 1098 } 1099 } 1100 1101 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1102 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1103 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1104 "with IE in Beacon/ProbeResp (no IE?)", 1105 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1106 ie->rsn_ie, ie->rsn_ie_len); 1107 return -1; 1108 } 1109 1110 if ((ie->wpa_ie && sm->ap_wpa_ie && 1111 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1112 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1113 (ie->rsn_ie && sm->ap_rsn_ie && 1114 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1115 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1116 ie->rsn_ie, ie->rsn_ie_len))) { 1117 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1118 "with IE in Beacon/ProbeResp", 1119 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1120 ie->rsn_ie, ie->rsn_ie_len); 1121 return -1; 1122 } 1123 1124 if (sm->proto == WPA_PROTO_WPA && 1125 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1126 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1127 "detected - RSN was enabled and RSN IE " 1128 "was in msg 3/4, but not in " 1129 "Beacon/ProbeResp", 1130 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1131 ie->rsn_ie, ie->rsn_ie_len); 1132 return -1; 1133 } 1134 1135 #ifdef CONFIG_IEEE80211R 1136 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1137 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1138 return -1; 1139 #endif /* CONFIG_IEEE80211R */ 1140 1141 return 0; 1142 } 1143 1144 1145 /** 1146 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1147 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1148 * @dst: Destination address for the frame 1149 * @key: Pointer to the EAPOL-Key frame header 1150 * @ver: Version bits from EAPOL-Key Key Info 1151 * @key_info: Key Info 1152 * @ptk: PTK to use for keyed hash and encryption 1153 * Returns: 0 on success, -1 on failure 1154 */ 1155 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1156 const struct wpa_eapol_key *key, 1157 u16 ver, u16 key_info, 1158 struct wpa_ptk *ptk) 1159 { 1160 size_t mic_len, hdrlen, rlen; 1161 struct wpa_eapol_key *reply; 1162 struct wpa_eapol_key_192 *reply192; 1163 u8 *rbuf, *key_mic; 1164 1165 mic_len = wpa_mic_len(sm->key_mgmt); 1166 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1167 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1168 hdrlen, &rlen, (void *) &reply); 1169 if (rbuf == NULL) 1170 return -1; 1171 reply192 = (struct wpa_eapol_key_192 *) reply; 1172 1173 reply->type = (sm->proto == WPA_PROTO_RSN || 1174 sm->proto == WPA_PROTO_OSEN) ? 1175 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1176 key_info &= WPA_KEY_INFO_SECURE; 1177 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1178 WPA_PUT_BE16(reply->key_info, key_info); 1179 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1180 WPA_PUT_BE16(reply->key_length, 0); 1181 else 1182 os_memcpy(reply->key_length, key->key_length, 2); 1183 os_memcpy(reply->replay_counter, key->replay_counter, 1184 WPA_REPLAY_COUNTER_LEN); 1185 1186 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1187 if (mic_len == 24) 1188 WPA_PUT_BE16(reply192->key_data_length, 0); 1189 else 1190 WPA_PUT_BE16(reply->key_data_length, 0); 1191 1192 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1193 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 1194 rbuf, rlen, key_mic); 1195 1196 return 0; 1197 } 1198 1199 1200 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1201 const struct wpa_eapol_key *key, 1202 u16 ver, const u8 *key_data, 1203 size_t key_data_len) 1204 { 1205 u16 key_info, keylen; 1206 struct wpa_eapol_ie_parse ie; 1207 1208 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1209 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1210 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1211 1212 key_info = WPA_GET_BE16(key->key_info); 1213 1214 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1215 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1216 goto failed; 1217 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1218 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1219 "WPA: GTK IE in unencrypted key data"); 1220 goto failed; 1221 } 1222 #ifdef CONFIG_IEEE80211W 1223 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1224 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1225 "WPA: IGTK KDE in unencrypted key data"); 1226 goto failed; 1227 } 1228 1229 if (ie.igtk && 1230 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1231 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1232 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1233 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1234 "WPA: Invalid IGTK KDE length %lu", 1235 (unsigned long) ie.igtk_len); 1236 goto failed; 1237 } 1238 #endif /* CONFIG_IEEE80211W */ 1239 1240 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1241 goto failed; 1242 1243 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1244 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1245 "WPA: ANonce from message 1 of 4-Way Handshake " 1246 "differs from 3 of 4-Way Handshake - drop packet (src=" 1247 MACSTR ")", MAC2STR(sm->bssid)); 1248 goto failed; 1249 } 1250 1251 keylen = WPA_GET_BE16(key->key_length); 1252 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1253 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1254 "WPA: Invalid %s key length %d (src=" MACSTR 1255 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1256 MAC2STR(sm->bssid)); 1257 goto failed; 1258 } 1259 1260 #ifdef CONFIG_P2P 1261 if (ie.ip_addr_alloc) { 1262 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1263 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1264 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1265 } 1266 #endif /* CONFIG_P2P */ 1267 1268 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1269 &sm->ptk)) { 1270 goto failed; 1271 } 1272 1273 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1274 * for the next 4-Way Handshake. If msg 3 is received again, the old 1275 * SNonce will still be used to avoid changing PTK. */ 1276 sm->renew_snonce = 1; 1277 1278 if (key_info & WPA_KEY_INFO_INSTALL) { 1279 if (wpa_supplicant_install_ptk(sm, key)) 1280 goto failed; 1281 } 1282 1283 if (key_info & WPA_KEY_INFO_SECURE) { 1284 wpa_sm_mlme_setprotection( 1285 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1286 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1287 eapol_sm_notify_portValid(sm->eapol, TRUE); 1288 } 1289 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1290 1291 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1292 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1293 key_info & WPA_KEY_INFO_SECURE); 1294 } else if (ie.gtk && 1295 wpa_supplicant_pairwise_gtk(sm, key, 1296 ie.gtk, ie.gtk_len, key_info) < 0) { 1297 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1298 "RSN: Failed to configure GTK"); 1299 goto failed; 1300 } 1301 1302 if (ieee80211w_set_keys(sm, &ie) < 0) { 1303 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1304 "RSN: Failed to configure IGTK"); 1305 goto failed; 1306 } 1307 1308 if (ie.gtk) 1309 wpa_sm_set_rekey_offload(sm); 1310 1311 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1312 struct rsn_pmksa_cache_entry *sa; 1313 1314 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, 1315 sm->ptk.kck, sm->ptk.kck_len, 1316 sm->bssid, sm->own_addr, 1317 sm->network_ctx, sm->key_mgmt); 1318 if (!sm->cur_pmksa) 1319 sm->cur_pmksa = sa; 1320 } 1321 1322 sm->msg_3_of_4_ok = 1; 1323 return; 1324 1325 failed: 1326 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1327 } 1328 1329 1330 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1331 const u8 *keydata, 1332 size_t keydatalen, 1333 u16 key_info, 1334 struct wpa_gtk_data *gd) 1335 { 1336 int maxkeylen; 1337 struct wpa_eapol_ie_parse ie; 1338 1339 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1340 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1341 return -1; 1342 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1343 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1344 "WPA: GTK IE in unencrypted key data"); 1345 return -1; 1346 } 1347 if (ie.gtk == NULL) { 1348 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1349 "WPA: No GTK IE in Group Key msg 1/2"); 1350 return -1; 1351 } 1352 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1353 1354 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1355 gd->gtk_len, maxkeylen, 1356 &gd->key_rsc_len, &gd->alg)) 1357 return -1; 1358 1359 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", 1360 ie.gtk, ie.gtk_len); 1361 gd->keyidx = ie.gtk[0] & 0x3; 1362 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1363 !!(ie.gtk[0] & BIT(2))); 1364 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1365 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1366 "RSN: Too long GTK in GTK IE (len=%lu)", 1367 (unsigned long) ie.gtk_len - 2); 1368 return -1; 1369 } 1370 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1371 1372 if (ieee80211w_set_keys(sm, &ie) < 0) 1373 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1374 "RSN: Failed to configure IGTK"); 1375 1376 return 0; 1377 } 1378 1379 1380 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1381 const struct wpa_eapol_key *key, 1382 const u8 *key_data, 1383 size_t key_data_len, u16 key_info, 1384 u16 ver, struct wpa_gtk_data *gd) 1385 { 1386 size_t maxkeylen; 1387 u16 gtk_len; 1388 1389 gtk_len = WPA_GET_BE16(key->key_length); 1390 maxkeylen = key_data_len; 1391 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1392 if (maxkeylen < 8) { 1393 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1394 "WPA: Too short maxkeylen (%lu)", 1395 (unsigned long) maxkeylen); 1396 return -1; 1397 } 1398 maxkeylen -= 8; 1399 } 1400 1401 if (gtk_len > maxkeylen || 1402 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1403 gtk_len, maxkeylen, 1404 &gd->key_rsc_len, &gd->alg)) 1405 return -1; 1406 1407 gd->gtk_len = gtk_len; 1408 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1409 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1410 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1411 #ifdef CONFIG_NO_RC4 1412 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1413 "WPA: RC4 not supported in the build"); 1414 return -1; 1415 #else /* CONFIG_NO_RC4 */ 1416 u8 ek[32]; 1417 if (key_data_len > sizeof(gd->gtk)) { 1418 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1419 "WPA: RC4 key data too long (%lu)", 1420 (unsigned long) key_data_len); 1421 return -1; 1422 } 1423 os_memcpy(ek, key->key_iv, 16); 1424 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1425 os_memcpy(gd->gtk, key_data, key_data_len); 1426 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1427 os_memset(ek, 0, sizeof(ek)); 1428 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1429 "WPA: RC4 failed"); 1430 return -1; 1431 } 1432 os_memset(ek, 0, sizeof(ek)); 1433 #endif /* CONFIG_NO_RC4 */ 1434 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1435 if (maxkeylen % 8) { 1436 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1437 "WPA: Unsupported AES-WRAP len %lu", 1438 (unsigned long) maxkeylen); 1439 return -1; 1440 } 1441 if (maxkeylen > sizeof(gd->gtk)) { 1442 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1443 "WPA: AES-WRAP key data " 1444 "too long (keydatalen=%lu maxkeylen=%lu)", 1445 (unsigned long) key_data_len, 1446 (unsigned long) maxkeylen); 1447 return -1; 1448 } 1449 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1450 key_data, gd->gtk)) { 1451 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1452 "WPA: AES unwrap failed - could not decrypt " 1453 "GTK"); 1454 return -1; 1455 } 1456 } else { 1457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1458 "WPA: Unsupported key_info type %d", ver); 1459 return -1; 1460 } 1461 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1462 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1463 return 0; 1464 } 1465 1466 1467 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1468 const struct wpa_eapol_key *key, 1469 int ver, u16 key_info) 1470 { 1471 size_t mic_len, hdrlen, rlen; 1472 struct wpa_eapol_key *reply; 1473 struct wpa_eapol_key_192 *reply192; 1474 u8 *rbuf, *key_mic; 1475 1476 mic_len = wpa_mic_len(sm->key_mgmt); 1477 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1478 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1479 hdrlen, &rlen, (void *) &reply); 1480 if (rbuf == NULL) 1481 return -1; 1482 reply192 = (struct wpa_eapol_key_192 *) reply; 1483 1484 reply->type = (sm->proto == WPA_PROTO_RSN || 1485 sm->proto == WPA_PROTO_OSEN) ? 1486 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1487 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1488 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1489 WPA_PUT_BE16(reply->key_info, key_info); 1490 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1491 WPA_PUT_BE16(reply->key_length, 0); 1492 else 1493 os_memcpy(reply->key_length, key->key_length, 2); 1494 os_memcpy(reply->replay_counter, key->replay_counter, 1495 WPA_REPLAY_COUNTER_LEN); 1496 1497 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1498 if (mic_len == 24) 1499 WPA_PUT_BE16(reply192->key_data_length, 0); 1500 else 1501 WPA_PUT_BE16(reply->key_data_length, 0); 1502 1503 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1504 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid, 1505 ETH_P_EAPOL, rbuf, rlen, key_mic); 1506 1507 return 0; 1508 } 1509 1510 1511 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1512 const unsigned char *src_addr, 1513 const struct wpa_eapol_key *key, 1514 const u8 *key_data, 1515 size_t key_data_len, u16 ver) 1516 { 1517 u16 key_info; 1518 int rekey, ret; 1519 struct wpa_gtk_data gd; 1520 1521 if (!sm->msg_3_of_4_ok) { 1522 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1523 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1524 goto failed; 1525 } 1526 1527 os_memset(&gd, 0, sizeof(gd)); 1528 1529 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1530 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1531 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1532 1533 key_info = WPA_GET_BE16(key->key_info); 1534 1535 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1536 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1537 key_data_len, key_info, 1538 &gd); 1539 } else { 1540 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1541 key_data_len, 1542 key_info, ver, &gd); 1543 } 1544 1545 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1546 1547 if (ret) 1548 goto failed; 1549 1550 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) || 1551 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1552 goto failed; 1553 os_memset(&gd, 0, sizeof(gd)); 1554 1555 if (rekey) { 1556 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying " 1557 "completed with " MACSTR " [GTK=%s]", 1558 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1559 wpa_sm_cancel_auth_timeout(sm); 1560 wpa_sm_set_state(sm, WPA_COMPLETED); 1561 } else { 1562 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1563 key_info & 1564 WPA_KEY_INFO_SECURE); 1565 } 1566 1567 wpa_sm_set_rekey_offload(sm); 1568 1569 return; 1570 1571 failed: 1572 os_memset(&gd, 0, sizeof(gd)); 1573 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1574 } 1575 1576 1577 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1578 struct wpa_eapol_key_192 *key, 1579 u16 ver, 1580 const u8 *buf, size_t len) 1581 { 1582 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1583 int ok = 0; 1584 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1585 1586 os_memcpy(mic, key->key_mic, mic_len); 1587 if (sm->tptk_set) { 1588 os_memset(key->key_mic, 0, mic_len); 1589 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1590 ver, buf, len, key->key_mic); 1591 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1592 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1593 "WPA: Invalid EAPOL-Key MIC " 1594 "when using TPTK - ignoring TPTK"); 1595 } else { 1596 ok = 1; 1597 sm->tptk_set = 0; 1598 sm->ptk_set = 1; 1599 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1600 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1601 } 1602 } 1603 1604 if (!ok && sm->ptk_set) { 1605 os_memset(key->key_mic, 0, mic_len); 1606 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1607 ver, buf, len, key->key_mic); 1608 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1609 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1610 "WPA: Invalid EAPOL-Key MIC - " 1611 "dropping packet"); 1612 return -1; 1613 } 1614 ok = 1; 1615 } 1616 1617 if (!ok) { 1618 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1619 "WPA: Could not verify EAPOL-Key MIC - " 1620 "dropping packet"); 1621 return -1; 1622 } 1623 1624 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1625 WPA_REPLAY_COUNTER_LEN); 1626 sm->rx_replay_counter_set = 1; 1627 return 0; 1628 } 1629 1630 1631 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1632 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1633 struct wpa_eapol_key *key, u16 ver, 1634 u8 *key_data, size_t *key_data_len) 1635 { 1636 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1637 key_data, *key_data_len); 1638 if (!sm->ptk_set) { 1639 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1640 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1641 "Data"); 1642 return -1; 1643 } 1644 1645 /* Decrypt key data here so that this operation does not need 1646 * to be implemented separately for each message type. */ 1647 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1648 #ifdef CONFIG_NO_RC4 1649 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1650 "WPA: RC4 not supported in the build"); 1651 return -1; 1652 #else /* CONFIG_NO_RC4 */ 1653 u8 ek[32]; 1654 os_memcpy(ek, key->key_iv, 16); 1655 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1656 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1657 os_memset(ek, 0, sizeof(ek)); 1658 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1659 "WPA: RC4 failed"); 1660 return -1; 1661 } 1662 os_memset(ek, 0, sizeof(ek)); 1663 #endif /* CONFIG_NO_RC4 */ 1664 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1665 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1666 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1667 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1668 u8 *buf; 1669 if (*key_data_len < 8 || *key_data_len % 8) { 1670 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1671 "WPA: Unsupported AES-WRAP len %u", 1672 (unsigned int) *key_data_len); 1673 return -1; 1674 } 1675 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1676 buf = os_malloc(*key_data_len); 1677 if (buf == NULL) { 1678 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1679 "WPA: No memory for AES-UNWRAP buffer"); 1680 return -1; 1681 } 1682 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1683 key_data, buf)) { 1684 os_free(buf); 1685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1686 "WPA: AES unwrap failed - " 1687 "could not decrypt EAPOL-Key key data"); 1688 return -1; 1689 } 1690 os_memcpy(key_data, buf, *key_data_len); 1691 os_free(buf); 1692 WPA_PUT_BE16(key->key_data_length, *key_data_len); 1693 } else { 1694 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1695 "WPA: Unsupported key_info type %d", ver); 1696 return -1; 1697 } 1698 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1699 key_data, *key_data_len); 1700 return 0; 1701 } 1702 1703 1704 /** 1705 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1706 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1707 */ 1708 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1709 { 1710 if (sm && sm->cur_pmksa) { 1711 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1712 "RSN: Cancelling PMKSA caching attempt"); 1713 sm->cur_pmksa = NULL; 1714 } 1715 } 1716 1717 1718 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1719 const struct wpa_eapol_key *key, 1720 unsigned int key_data_len, 1721 const u8 *mic, unsigned int mic_len) 1722 { 1723 #ifndef CONFIG_NO_STDOUT_DEBUG 1724 u16 key_info = WPA_GET_BE16(key->key_info); 1725 1726 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1727 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1728 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1729 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1730 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1731 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1732 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1733 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1734 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1735 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1736 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1737 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1738 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1739 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1740 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1741 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1742 " key_length=%u key_data_length=%u", 1743 WPA_GET_BE16(key->key_length), key_data_len); 1744 wpa_hexdump(MSG_DEBUG, " replay_counter", 1745 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1746 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1747 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1748 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1749 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1750 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1751 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1752 } 1753 1754 1755 /** 1756 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1757 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1758 * @src_addr: Source MAC address of the EAPOL packet 1759 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1760 * @len: Length of the EAPOL frame 1761 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1762 * 1763 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1764 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1765 * only processing WPA and WPA2 EAPOL-Key frames. 1766 * 1767 * The received EAPOL-Key packets are validated and valid packets are replied 1768 * to. In addition, key material (PTK, GTK) is configured at the end of a 1769 * successful key handshake. 1770 */ 1771 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1772 const u8 *buf, size_t len) 1773 { 1774 size_t plen, data_len, key_data_len; 1775 const struct ieee802_1x_hdr *hdr; 1776 struct wpa_eapol_key *key; 1777 struct wpa_eapol_key_192 *key192; 1778 u16 key_info, ver; 1779 u8 *tmp = NULL; 1780 int ret = -1; 1781 struct wpa_peerkey *peerkey = NULL; 1782 u8 *key_data; 1783 size_t mic_len, keyhdrlen; 1784 1785 #ifdef CONFIG_IEEE80211R 1786 sm->ft_completed = 0; 1787 #endif /* CONFIG_IEEE80211R */ 1788 1789 mic_len = wpa_mic_len(sm->key_mgmt); 1790 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1791 1792 if (len < sizeof(*hdr) + keyhdrlen) { 1793 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1794 "WPA: EAPOL frame too short to be a WPA " 1795 "EAPOL-Key (len %lu, expecting at least %lu)", 1796 (unsigned long) len, 1797 (unsigned long) sizeof(*hdr) + keyhdrlen); 1798 return 0; 1799 } 1800 1801 hdr = (const struct ieee802_1x_hdr *) buf; 1802 plen = be_to_host16(hdr->length); 1803 data_len = plen + sizeof(*hdr); 1804 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1805 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1806 hdr->version, hdr->type, (unsigned long) plen); 1807 1808 if (hdr->version < EAPOL_VERSION) { 1809 /* TODO: backwards compatibility */ 1810 } 1811 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1812 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1813 "WPA: EAPOL frame (type %u) discarded, " 1814 "not a Key frame", hdr->type); 1815 ret = 0; 1816 goto out; 1817 } 1818 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1819 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1820 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1821 "WPA: EAPOL frame payload size %lu " 1822 "invalid (frame size %lu)", 1823 (unsigned long) plen, (unsigned long) len); 1824 ret = 0; 1825 goto out; 1826 } 1827 if (data_len < len) { 1828 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1829 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1830 (unsigned long) len - data_len); 1831 } 1832 1833 /* 1834 * Make a copy of the frame since we need to modify the buffer during 1835 * MAC validation and Key Data decryption. 1836 */ 1837 tmp = os_malloc(data_len); 1838 if (tmp == NULL) 1839 goto out; 1840 os_memcpy(tmp, buf, data_len); 1841 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1842 key192 = (struct wpa_eapol_key_192 *) 1843 (tmp + sizeof(struct ieee802_1x_hdr)); 1844 if (mic_len == 24) 1845 key_data = (u8 *) (key192 + 1); 1846 else 1847 key_data = (u8 *) (key + 1); 1848 1849 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1850 { 1851 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1852 "WPA: EAPOL-Key type (%d) unknown, discarded", 1853 key->type); 1854 ret = 0; 1855 goto out; 1856 } 1857 1858 if (mic_len == 24) 1859 key_data_len = WPA_GET_BE16(key192->key_data_length); 1860 else 1861 key_data_len = WPA_GET_BE16(key->key_data_length); 1862 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len); 1863 1864 if (key_data_len > plen - keyhdrlen) { 1865 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1866 "frame - key_data overflow (%u > %u)", 1867 (unsigned int) key_data_len, 1868 (unsigned int) (plen - keyhdrlen)); 1869 goto out; 1870 } 1871 1872 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1873 key_info = WPA_GET_BE16(key->key_info); 1874 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1875 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1876 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1877 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1878 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1879 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 1880 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1881 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 1882 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1883 "WPA: Unsupported EAPOL-Key descriptor version %d", 1884 ver); 1885 goto out; 1886 } 1887 1888 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 1889 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1890 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1891 "OSEN: Unsupported EAPOL-Key descriptor version %d", 1892 ver); 1893 goto out; 1894 } 1895 1896 if (wpa_key_mgmt_suite_b(sm->key_mgmt) && 1897 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1898 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1899 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 1900 ver); 1901 goto out; 1902 } 1903 1904 #ifdef CONFIG_IEEE80211R 1905 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1906 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1907 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1908 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1909 "FT: AP did not use AES-128-CMAC"); 1910 goto out; 1911 } 1912 } else 1913 #endif /* CONFIG_IEEE80211R */ 1914 #ifdef CONFIG_IEEE80211W 1915 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1916 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1917 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 1918 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1919 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1920 "WPA: AP did not use the " 1921 "negotiated AES-128-CMAC"); 1922 goto out; 1923 } 1924 } else 1925 #endif /* CONFIG_IEEE80211W */ 1926 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1927 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1928 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1929 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1930 "WPA: CCMP is used, but EAPOL-Key " 1931 "descriptor version (%d) is not 2", ver); 1932 if (sm->group_cipher != WPA_CIPHER_CCMP && 1933 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1934 /* Earlier versions of IEEE 802.11i did not explicitly 1935 * require version 2 descriptor for all EAPOL-Key 1936 * packets, so allow group keys to use version 1 if 1937 * CCMP is not used for them. */ 1938 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1939 "WPA: Backwards compatibility: allow invalid " 1940 "version for non-CCMP group keys"); 1941 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1942 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1943 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 1944 } else 1945 goto out; 1946 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 1947 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1948 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1949 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1950 "WPA: GCMP is used, but EAPOL-Key " 1951 "descriptor version (%d) is not 2", ver); 1952 goto out; 1953 } 1954 1955 #ifdef CONFIG_PEERKEY 1956 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1957 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1958 break; 1959 } 1960 1961 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1962 if (!peerkey->initiator && peerkey->replay_counter_set && 1963 os_memcmp(key->replay_counter, peerkey->replay_counter, 1964 WPA_REPLAY_COUNTER_LEN) <= 0) { 1965 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1966 "RSN: EAPOL-Key Replay Counter did not " 1967 "increase (STK) - dropping packet"); 1968 goto out; 1969 } else if (peerkey->initiator) { 1970 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1971 os_memcpy(_tmp, key->replay_counter, 1972 WPA_REPLAY_COUNTER_LEN); 1973 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1974 if (os_memcmp(_tmp, peerkey->replay_counter, 1975 WPA_REPLAY_COUNTER_LEN) != 0) { 1976 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1977 "RSN: EAPOL-Key Replay " 1978 "Counter did not match (STK) - " 1979 "dropping packet"); 1980 goto out; 1981 } 1982 } 1983 } 1984 1985 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1986 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1987 "RSN: Ack bit in key_info from STK peer"); 1988 goto out; 1989 } 1990 #endif /* CONFIG_PEERKEY */ 1991 1992 if (!peerkey && sm->rx_replay_counter_set && 1993 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1994 WPA_REPLAY_COUNTER_LEN) <= 0) { 1995 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1996 "WPA: EAPOL-Key Replay Counter did not increase - " 1997 "dropping packet"); 1998 goto out; 1999 } 2000 2001 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 2002 #ifdef CONFIG_PEERKEY 2003 && (peerkey == NULL || !peerkey->initiator) 2004 #endif /* CONFIG_PEERKEY */ 2005 ) { 2006 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2007 "WPA: No Ack bit in key_info"); 2008 goto out; 2009 } 2010 2011 if (key_info & WPA_KEY_INFO_REQUEST) { 2012 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2013 "WPA: EAPOL-Key with Request bit - dropped"); 2014 goto out; 2015 } 2016 2017 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 2018 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len)) 2019 goto out; 2020 2021 #ifdef CONFIG_PEERKEY 2022 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 2023 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp, 2024 data_len)) 2025 goto out; 2026 #endif /* CONFIG_PEERKEY */ 2027 2028 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 2029 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 2030 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, 2031 &key_data_len)) 2032 goto out; 2033 } 2034 2035 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 2036 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 2037 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2038 "WPA: Ignored EAPOL-Key (Pairwise) with " 2039 "non-zero key index"); 2040 goto out; 2041 } 2042 if (peerkey) { 2043 /* PeerKey 4-Way Handshake */ 2044 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 2045 key_data, key_data_len); 2046 } else if (key_info & WPA_KEY_INFO_MIC) { 2047 /* 3/4 4-Way Handshake */ 2048 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 2049 key_data_len); 2050 } else { 2051 /* 1/4 4-Way Handshake */ 2052 wpa_supplicant_process_1_of_4(sm, src_addr, key, 2053 ver, key_data, 2054 key_data_len); 2055 } 2056 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 2057 /* PeerKey SMK Handshake */ 2058 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info, 2059 ver); 2060 } else { 2061 if (key_info & WPA_KEY_INFO_MIC) { 2062 /* 1/2 Group Key Handshake */ 2063 wpa_supplicant_process_1_of_2(sm, src_addr, key, 2064 key_data, key_data_len, 2065 ver); 2066 } else { 2067 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2068 "WPA: EAPOL-Key (Group) without Mic bit - " 2069 "dropped"); 2070 } 2071 } 2072 2073 ret = 1; 2074 2075 out: 2076 bin_clear_free(tmp, data_len); 2077 return ret; 2078 } 2079 2080 2081 #ifdef CONFIG_CTRL_IFACE 2082 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 2083 { 2084 switch (sm->key_mgmt) { 2085 case WPA_KEY_MGMT_IEEE8021X: 2086 return ((sm->proto == WPA_PROTO_RSN || 2087 sm->proto == WPA_PROTO_OSEN) ? 2088 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2089 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2090 case WPA_KEY_MGMT_PSK: 2091 return (sm->proto == WPA_PROTO_RSN ? 2092 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2093 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2094 #ifdef CONFIG_IEEE80211R 2095 case WPA_KEY_MGMT_FT_IEEE8021X: 2096 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2097 case WPA_KEY_MGMT_FT_PSK: 2098 return RSN_AUTH_KEY_MGMT_FT_PSK; 2099 #endif /* CONFIG_IEEE80211R */ 2100 #ifdef CONFIG_IEEE80211W 2101 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2102 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2103 case WPA_KEY_MGMT_PSK_SHA256: 2104 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2105 #endif /* CONFIG_IEEE80211W */ 2106 case WPA_KEY_MGMT_CCKM: 2107 return (sm->proto == WPA_PROTO_RSN ? 2108 RSN_AUTH_KEY_MGMT_CCKM: 2109 WPA_AUTH_KEY_MGMT_CCKM); 2110 case WPA_KEY_MGMT_WPA_NONE: 2111 return WPA_AUTH_KEY_MGMT_NONE; 2112 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2113 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2114 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2115 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2116 default: 2117 return 0; 2118 } 2119 } 2120 2121 2122 #define RSN_SUITE "%02x-%02x-%02x-%d" 2123 #define RSN_SUITE_ARG(s) \ 2124 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2125 2126 /** 2127 * wpa_sm_get_mib - Dump text list of MIB entries 2128 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2129 * @buf: Buffer for the list 2130 * @buflen: Length of the buffer 2131 * Returns: Number of bytes written to buffer 2132 * 2133 * This function is used fetch dot11 MIB variables. 2134 */ 2135 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2136 { 2137 char pmkid_txt[PMKID_LEN * 2 + 1]; 2138 int rsna, ret; 2139 size_t len; 2140 2141 if (sm->cur_pmksa) { 2142 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2143 sm->cur_pmksa->pmkid, PMKID_LEN); 2144 } else 2145 pmkid_txt[0] = '\0'; 2146 2147 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2148 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2149 sm->proto == WPA_PROTO_RSN) 2150 rsna = 1; 2151 else 2152 rsna = 0; 2153 2154 ret = os_snprintf(buf, buflen, 2155 "dot11RSNAOptionImplemented=TRUE\n" 2156 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2157 "dot11RSNAEnabled=%s\n" 2158 "dot11RSNAPreauthenticationEnabled=%s\n" 2159 "dot11RSNAConfigVersion=%d\n" 2160 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2161 "dot11RSNAConfigGroupCipherSize=%d\n" 2162 "dot11RSNAConfigPMKLifetime=%d\n" 2163 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2164 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2165 "dot11RSNAConfigSATimeout=%d\n", 2166 rsna ? "TRUE" : "FALSE", 2167 rsna ? "TRUE" : "FALSE", 2168 RSN_VERSION, 2169 wpa_cipher_key_len(sm->group_cipher) * 8, 2170 sm->dot11RSNAConfigPMKLifetime, 2171 sm->dot11RSNAConfigPMKReauthThreshold, 2172 sm->dot11RSNAConfigSATimeout); 2173 if (os_snprintf_error(buflen, ret)) 2174 return 0; 2175 len = ret; 2176 2177 ret = os_snprintf( 2178 buf + len, buflen - len, 2179 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2180 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2181 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2182 "dot11RSNAPMKIDUsed=%s\n" 2183 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2184 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2185 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2186 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2187 "dot11RSNA4WayHandshakeFailures=%u\n", 2188 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2189 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2190 sm->pairwise_cipher)), 2191 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2192 sm->group_cipher)), 2193 pmkid_txt, 2194 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2195 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2196 sm->pairwise_cipher)), 2197 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2198 sm->group_cipher)), 2199 sm->dot11RSNA4WayHandshakeFailures); 2200 if (!os_snprintf_error(buflen - len, ret)) 2201 len += ret; 2202 2203 return (int) len; 2204 } 2205 #endif /* CONFIG_CTRL_IFACE */ 2206 2207 2208 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2209 void *ctx, enum pmksa_free_reason reason) 2210 { 2211 struct wpa_sm *sm = ctx; 2212 int deauth = 0; 2213 2214 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2215 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2216 2217 if (sm->cur_pmksa == entry) { 2218 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2219 "RSN: %s current PMKSA entry", 2220 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2221 pmksa_cache_clear_current(sm); 2222 2223 /* 2224 * If an entry is simply being replaced, there's no need to 2225 * deauthenticate because it will be immediately re-added. 2226 * This happens when EAP authentication is completed again 2227 * (reauth or failed PMKSA caching attempt). 2228 */ 2229 if (reason != PMKSA_REPLACE) 2230 deauth = 1; 2231 } 2232 2233 if (reason == PMKSA_EXPIRE && 2234 (sm->pmk_len == entry->pmk_len && 2235 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2236 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2237 "RSN: deauthenticating due to expired PMK"); 2238 pmksa_cache_clear_current(sm); 2239 deauth = 1; 2240 } 2241 2242 if (deauth) { 2243 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2244 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2245 } 2246 } 2247 2248 2249 /** 2250 * wpa_sm_init - Initialize WPA state machine 2251 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2252 * Returns: Pointer to the allocated WPA state machine data 2253 * 2254 * This function is used to allocate a new WPA state machine and the returned 2255 * value is passed to all WPA state machine calls. 2256 */ 2257 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2258 { 2259 struct wpa_sm *sm; 2260 2261 sm = os_zalloc(sizeof(*sm)); 2262 if (sm == NULL) 2263 return NULL; 2264 dl_list_init(&sm->pmksa_candidates); 2265 sm->renew_snonce = 1; 2266 sm->ctx = ctx; 2267 2268 sm->dot11RSNAConfigPMKLifetime = 43200; 2269 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2270 sm->dot11RSNAConfigSATimeout = 60; 2271 2272 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2273 if (sm->pmksa == NULL) { 2274 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2275 "RSN: PMKSA cache initialization failed"); 2276 os_free(sm); 2277 return NULL; 2278 } 2279 2280 return sm; 2281 } 2282 2283 2284 /** 2285 * wpa_sm_deinit - Deinitialize WPA state machine 2286 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2287 */ 2288 void wpa_sm_deinit(struct wpa_sm *sm) 2289 { 2290 if (sm == NULL) 2291 return; 2292 pmksa_cache_deinit(sm->pmksa); 2293 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2294 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2295 os_free(sm->assoc_wpa_ie); 2296 os_free(sm->ap_wpa_ie); 2297 os_free(sm->ap_rsn_ie); 2298 wpa_sm_drop_sa(sm); 2299 os_free(sm->ctx); 2300 peerkey_deinit(sm); 2301 #ifdef CONFIG_IEEE80211R 2302 os_free(sm->assoc_resp_ies); 2303 #endif /* CONFIG_IEEE80211R */ 2304 os_free(sm); 2305 } 2306 2307 2308 /** 2309 * wpa_sm_notify_assoc - Notify WPA state machine about association 2310 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2311 * @bssid: The BSSID of the new association 2312 * 2313 * This function is called to let WPA state machine know that the connection 2314 * was established. 2315 */ 2316 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2317 { 2318 int clear_keys = 1; 2319 2320 if (sm == NULL) 2321 return; 2322 2323 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2324 "WPA: Association event - clear replay counter"); 2325 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2326 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2327 sm->rx_replay_counter_set = 0; 2328 sm->renew_snonce = 1; 2329 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2330 rsn_preauth_deinit(sm); 2331 2332 #ifdef CONFIG_IEEE80211R 2333 if (wpa_ft_is_completed(sm)) { 2334 /* 2335 * Clear portValid to kick EAPOL state machine to re-enter 2336 * AUTHENTICATED state to get the EAPOL port Authorized. 2337 */ 2338 eapol_sm_notify_portValid(sm->eapol, FALSE); 2339 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2340 2341 /* Prepare for the next transition */ 2342 wpa_ft_prepare_auth_request(sm, NULL); 2343 2344 clear_keys = 0; 2345 } 2346 #endif /* CONFIG_IEEE80211R */ 2347 2348 if (clear_keys) { 2349 /* 2350 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2351 * this is not part of a Fast BSS Transition. 2352 */ 2353 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2354 sm->ptk_set = 0; 2355 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2356 sm->tptk_set = 0; 2357 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2358 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2359 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2360 #ifdef CONFIG_IEEE80211W 2361 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2362 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2363 #endif /* CONFIG_IEEE80211W */ 2364 } 2365 2366 #ifdef CONFIG_TDLS 2367 wpa_tdls_assoc(sm); 2368 #endif /* CONFIG_TDLS */ 2369 2370 #ifdef CONFIG_P2P 2371 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2372 #endif /* CONFIG_P2P */ 2373 } 2374 2375 2376 /** 2377 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2378 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2379 * 2380 * This function is called to let WPA state machine know that the connection 2381 * was lost. This will abort any existing pre-authentication session. 2382 */ 2383 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2384 { 2385 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2386 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2387 peerkey_deinit(sm); 2388 rsn_preauth_deinit(sm); 2389 pmksa_cache_clear_current(sm); 2390 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2391 sm->dot11RSNA4WayHandshakeFailures++; 2392 #ifdef CONFIG_TDLS 2393 wpa_tdls_disassoc(sm); 2394 #endif /* CONFIG_TDLS */ 2395 #ifdef CONFIG_IEEE80211R 2396 sm->ft_reassoc_completed = 0; 2397 #endif /* CONFIG_IEEE80211R */ 2398 2399 /* Keys are not needed in the WPA state machine anymore */ 2400 wpa_sm_drop_sa(sm); 2401 2402 sm->msg_3_of_4_ok = 0; 2403 } 2404 2405 2406 /** 2407 * wpa_sm_set_pmk - Set PMK 2408 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2409 * @pmk: The new PMK 2410 * @pmk_len: The length of the new PMK in bytes 2411 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2412 * 2413 * Configure the PMK for WPA state machine. 2414 */ 2415 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2416 const u8 *bssid) 2417 { 2418 if (sm == NULL) 2419 return; 2420 2421 sm->pmk_len = pmk_len; 2422 os_memcpy(sm->pmk, pmk, pmk_len); 2423 2424 #ifdef CONFIG_IEEE80211R 2425 /* Set XXKey to be PSK for FT key derivation */ 2426 sm->xxkey_len = pmk_len; 2427 os_memcpy(sm->xxkey, pmk, pmk_len); 2428 #endif /* CONFIG_IEEE80211R */ 2429 2430 if (bssid) { 2431 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0, 2432 bssid, sm->own_addr, 2433 sm->network_ctx, sm->key_mgmt); 2434 } 2435 } 2436 2437 2438 /** 2439 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2440 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2441 * 2442 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2443 * will be cleared. 2444 */ 2445 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2446 { 2447 if (sm == NULL) 2448 return; 2449 2450 if (sm->cur_pmksa) { 2451 sm->pmk_len = sm->cur_pmksa->pmk_len; 2452 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2453 } else { 2454 sm->pmk_len = PMK_LEN; 2455 os_memset(sm->pmk, 0, PMK_LEN); 2456 } 2457 } 2458 2459 2460 /** 2461 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2462 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2463 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2464 */ 2465 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2466 { 2467 if (sm) 2468 sm->fast_reauth = fast_reauth; 2469 } 2470 2471 2472 /** 2473 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2474 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2475 * @scard_ctx: Context pointer for smartcard related callback functions 2476 */ 2477 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2478 { 2479 if (sm == NULL) 2480 return; 2481 sm->scard_ctx = scard_ctx; 2482 if (sm->preauth_eapol) 2483 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2484 } 2485 2486 2487 /** 2488 * wpa_sm_set_config - Notification of current configration change 2489 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2490 * @config: Pointer to current network configuration 2491 * 2492 * Notify WPA state machine that configuration has changed. config will be 2493 * stored as a backpointer to network configuration. This can be %NULL to clear 2494 * the stored pointed. 2495 */ 2496 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2497 { 2498 if (!sm) 2499 return; 2500 2501 if (config) { 2502 sm->network_ctx = config->network_ctx; 2503 sm->peerkey_enabled = config->peerkey_enabled; 2504 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2505 sm->proactive_key_caching = config->proactive_key_caching; 2506 sm->eap_workaround = config->eap_workaround; 2507 sm->eap_conf_ctx = config->eap_conf_ctx; 2508 if (config->ssid) { 2509 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2510 sm->ssid_len = config->ssid_len; 2511 } else 2512 sm->ssid_len = 0; 2513 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2514 sm->p2p = config->p2p; 2515 } else { 2516 sm->network_ctx = NULL; 2517 sm->peerkey_enabled = 0; 2518 sm->allowed_pairwise_cipher = 0; 2519 sm->proactive_key_caching = 0; 2520 sm->eap_workaround = 0; 2521 sm->eap_conf_ctx = NULL; 2522 sm->ssid_len = 0; 2523 sm->wpa_ptk_rekey = 0; 2524 sm->p2p = 0; 2525 } 2526 } 2527 2528 2529 /** 2530 * wpa_sm_set_own_addr - Set own MAC address 2531 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2532 * @addr: Own MAC address 2533 */ 2534 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2535 { 2536 if (sm) 2537 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2538 } 2539 2540 2541 /** 2542 * wpa_sm_set_ifname - Set network interface name 2543 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2544 * @ifname: Interface name 2545 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2546 */ 2547 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2548 const char *bridge_ifname) 2549 { 2550 if (sm) { 2551 sm->ifname = ifname; 2552 sm->bridge_ifname = bridge_ifname; 2553 } 2554 } 2555 2556 2557 /** 2558 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2559 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2560 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2561 */ 2562 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2563 { 2564 if (sm) 2565 sm->eapol = eapol; 2566 } 2567 2568 2569 /** 2570 * wpa_sm_set_param - Set WPA state machine parameters 2571 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2572 * @param: Parameter field 2573 * @value: Parameter value 2574 * Returns: 0 on success, -1 on failure 2575 */ 2576 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2577 unsigned int value) 2578 { 2579 int ret = 0; 2580 2581 if (sm == NULL) 2582 return -1; 2583 2584 switch (param) { 2585 case RSNA_PMK_LIFETIME: 2586 if (value > 0) 2587 sm->dot11RSNAConfigPMKLifetime = value; 2588 else 2589 ret = -1; 2590 break; 2591 case RSNA_PMK_REAUTH_THRESHOLD: 2592 if (value > 0 && value <= 100) 2593 sm->dot11RSNAConfigPMKReauthThreshold = value; 2594 else 2595 ret = -1; 2596 break; 2597 case RSNA_SA_TIMEOUT: 2598 if (value > 0) 2599 sm->dot11RSNAConfigSATimeout = value; 2600 else 2601 ret = -1; 2602 break; 2603 case WPA_PARAM_PROTO: 2604 sm->proto = value; 2605 break; 2606 case WPA_PARAM_PAIRWISE: 2607 sm->pairwise_cipher = value; 2608 break; 2609 case WPA_PARAM_GROUP: 2610 sm->group_cipher = value; 2611 break; 2612 case WPA_PARAM_KEY_MGMT: 2613 sm->key_mgmt = value; 2614 break; 2615 #ifdef CONFIG_IEEE80211W 2616 case WPA_PARAM_MGMT_GROUP: 2617 sm->mgmt_group_cipher = value; 2618 break; 2619 #endif /* CONFIG_IEEE80211W */ 2620 case WPA_PARAM_RSN_ENABLED: 2621 sm->rsn_enabled = value; 2622 break; 2623 case WPA_PARAM_MFP: 2624 sm->mfp = value; 2625 break; 2626 default: 2627 break; 2628 } 2629 2630 return ret; 2631 } 2632 2633 2634 /** 2635 * wpa_sm_get_status - Get WPA state machine 2636 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2637 * @buf: Buffer for status information 2638 * @buflen: Maximum buffer length 2639 * @verbose: Whether to include verbose status information 2640 * Returns: Number of bytes written to buf. 2641 * 2642 * Query WPA state machine for status information. This function fills in 2643 * a text area with current status information. If the buffer (buf) is not 2644 * large enough, status information will be truncated to fit the buffer. 2645 */ 2646 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2647 int verbose) 2648 { 2649 char *pos = buf, *end = buf + buflen; 2650 int ret; 2651 2652 ret = os_snprintf(pos, end - pos, 2653 "pairwise_cipher=%s\n" 2654 "group_cipher=%s\n" 2655 "key_mgmt=%s\n", 2656 wpa_cipher_txt(sm->pairwise_cipher), 2657 wpa_cipher_txt(sm->group_cipher), 2658 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2659 if (os_snprintf_error(end - pos, ret)) 2660 return pos - buf; 2661 pos += ret; 2662 2663 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2664 struct wpa_ie_data rsn; 2665 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2666 >= 0 && 2667 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2668 WPA_CAPABILITY_MFPC)) { 2669 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2670 (rsn.capabilities & 2671 WPA_CAPABILITY_MFPR) ? 2 : 1); 2672 if (os_snprintf_error(end - pos, ret)) 2673 return pos - buf; 2674 pos += ret; 2675 } 2676 } 2677 2678 return pos - buf; 2679 } 2680 2681 2682 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2683 { 2684 struct wpa_ie_data rsn; 2685 2686 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2687 return 0; 2688 2689 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2690 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2691 return 1; 2692 2693 return 0; 2694 } 2695 2696 2697 /** 2698 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2699 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2700 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2701 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2702 * Returns: 0 on success, -1 on failure 2703 */ 2704 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2705 size_t *wpa_ie_len) 2706 { 2707 int res; 2708 2709 if (sm == NULL) 2710 return -1; 2711 2712 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2713 if (res < 0) 2714 return -1; 2715 *wpa_ie_len = res; 2716 2717 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2718 wpa_ie, *wpa_ie_len); 2719 2720 if (sm->assoc_wpa_ie == NULL) { 2721 /* 2722 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2723 * the correct version of the IE even if PMKSA caching is 2724 * aborted (which would remove PMKID from IE generation). 2725 */ 2726 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2727 if (sm->assoc_wpa_ie == NULL) 2728 return -1; 2729 2730 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2731 sm->assoc_wpa_ie_len = *wpa_ie_len; 2732 } 2733 2734 return 0; 2735 } 2736 2737 2738 /** 2739 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2740 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2741 * @ie: Pointer to IE data (starting from id) 2742 * @len: IE length 2743 * Returns: 0 on success, -1 on failure 2744 * 2745 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2746 * Request frame. The IE will be used to override the default value generated 2747 * with wpa_sm_set_assoc_wpa_ie_default(). 2748 */ 2749 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2750 { 2751 if (sm == NULL) 2752 return -1; 2753 2754 os_free(sm->assoc_wpa_ie); 2755 if (ie == NULL || len == 0) { 2756 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2757 "WPA: clearing own WPA/RSN IE"); 2758 sm->assoc_wpa_ie = NULL; 2759 sm->assoc_wpa_ie_len = 0; 2760 } else { 2761 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2762 sm->assoc_wpa_ie = os_malloc(len); 2763 if (sm->assoc_wpa_ie == NULL) 2764 return -1; 2765 2766 os_memcpy(sm->assoc_wpa_ie, ie, len); 2767 sm->assoc_wpa_ie_len = len; 2768 } 2769 2770 return 0; 2771 } 2772 2773 2774 /** 2775 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2776 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2777 * @ie: Pointer to IE data (starting from id) 2778 * @len: IE length 2779 * Returns: 0 on success, -1 on failure 2780 * 2781 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2782 * frame. 2783 */ 2784 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2785 { 2786 if (sm == NULL) 2787 return -1; 2788 2789 os_free(sm->ap_wpa_ie); 2790 if (ie == NULL || len == 0) { 2791 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2792 "WPA: clearing AP WPA IE"); 2793 sm->ap_wpa_ie = NULL; 2794 sm->ap_wpa_ie_len = 0; 2795 } else { 2796 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2797 sm->ap_wpa_ie = os_malloc(len); 2798 if (sm->ap_wpa_ie == NULL) 2799 return -1; 2800 2801 os_memcpy(sm->ap_wpa_ie, ie, len); 2802 sm->ap_wpa_ie_len = len; 2803 } 2804 2805 return 0; 2806 } 2807 2808 2809 /** 2810 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2811 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2812 * @ie: Pointer to IE data (starting from id) 2813 * @len: IE length 2814 * Returns: 0 on success, -1 on failure 2815 * 2816 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2817 * frame. 2818 */ 2819 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2820 { 2821 if (sm == NULL) 2822 return -1; 2823 2824 os_free(sm->ap_rsn_ie); 2825 if (ie == NULL || len == 0) { 2826 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2827 "WPA: clearing AP RSN IE"); 2828 sm->ap_rsn_ie = NULL; 2829 sm->ap_rsn_ie_len = 0; 2830 } else { 2831 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2832 sm->ap_rsn_ie = os_malloc(len); 2833 if (sm->ap_rsn_ie == NULL) 2834 return -1; 2835 2836 os_memcpy(sm->ap_rsn_ie, ie, len); 2837 sm->ap_rsn_ie_len = len; 2838 } 2839 2840 return 0; 2841 } 2842 2843 2844 /** 2845 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2846 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2847 * @data: Pointer to data area for parsing results 2848 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2849 * 2850 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2851 * parsed data into data. 2852 */ 2853 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2854 { 2855 if (sm == NULL) 2856 return -1; 2857 2858 if (sm->assoc_wpa_ie == NULL) { 2859 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2860 "WPA: No WPA/RSN IE available from association info"); 2861 return -1; 2862 } 2863 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2864 return -2; 2865 return 0; 2866 } 2867 2868 2869 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2870 { 2871 return pmksa_cache_list(sm->pmksa, buf, len); 2872 } 2873 2874 2875 void wpa_sm_drop_sa(struct wpa_sm *sm) 2876 { 2877 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2878 sm->ptk_set = 0; 2879 sm->tptk_set = 0; 2880 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2881 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2882 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2883 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2884 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2885 #ifdef CONFIG_IEEE80211W 2886 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2887 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2888 #endif /* CONFIG_IEEE80211W */ 2889 #ifdef CONFIG_IEEE80211R 2890 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2891 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2892 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2893 #endif /* CONFIG_IEEE80211R */ 2894 } 2895 2896 2897 int wpa_sm_has_ptk(struct wpa_sm *sm) 2898 { 2899 if (sm == NULL) 2900 return 0; 2901 return sm->ptk_set; 2902 } 2903 2904 2905 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2906 { 2907 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2908 } 2909 2910 2911 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2912 { 2913 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 2914 } 2915 2916 2917 #ifdef CONFIG_WNM 2918 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 2919 { 2920 u16 keyinfo; 2921 u8 keylen; /* plaintext key len */ 2922 u8 *key_rsc; 2923 2924 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 2925 struct wpa_gtk_data gd; 2926 2927 os_memset(&gd, 0, sizeof(gd)); 2928 keylen = wpa_cipher_key_len(sm->group_cipher); 2929 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 2930 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 2931 if (gd.alg == WPA_ALG_NONE) { 2932 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 2933 return -1; 2934 } 2935 2936 key_rsc = buf + 5; 2937 keyinfo = WPA_GET_LE16(buf + 2); 2938 gd.gtk_len = keylen; 2939 if (gd.gtk_len != buf[4]) { 2940 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 2941 gd.gtk_len, buf[4]); 2942 return -1; 2943 } 2944 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 2945 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 2946 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 2947 2948 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 2949 2950 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 2951 gd.gtk, gd.gtk_len); 2952 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { 2953 os_memset(&gd, 0, sizeof(gd)); 2954 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 2955 "WNM mode"); 2956 return -1; 2957 } 2958 os_memset(&gd, 0, sizeof(gd)); 2959 #ifdef CONFIG_IEEE80211W 2960 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 2961 const struct wpa_igtk_kde *igtk; 2962 2963 igtk = (const struct wpa_igtk_kde *) (buf + 2); 2964 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) 2965 return -1; 2966 #endif /* CONFIG_IEEE80211W */ 2967 } else { 2968 wpa_printf(MSG_DEBUG, "Unknown element id"); 2969 return -1; 2970 } 2971 2972 return 0; 2973 } 2974 #endif /* CONFIG_WNM */ 2975 2976 2977 #ifdef CONFIG_PEERKEY 2978 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 2979 const u8 *buf, size_t len) 2980 { 2981 struct wpa_peerkey *peerkey; 2982 2983 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2984 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2985 break; 2986 } 2987 2988 if (!peerkey) 2989 return 0; 2990 2991 wpa_sm_rx_eapol(sm, src_addr, buf, len); 2992 2993 return 1; 2994 } 2995 #endif /* CONFIG_PEERKEY */ 2996 2997 2998 #ifdef CONFIG_P2P 2999 3000 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 3001 { 3002 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 3003 return -1; 3004 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 3005 return 0; 3006 } 3007 3008 #endif /* CONFIG_P2P */ 3009 3010 3011 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 3012 { 3013 if (rx_replay_counter == NULL) 3014 return; 3015 3016 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 3017 WPA_REPLAY_COUNTER_LEN); 3018 sm->rx_replay_counter_set = 1; 3019 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 3020 } 3021 3022 3023 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 3024 const u8 *ptk_kck, size_t ptk_kck_len, 3025 const u8 *ptk_kek, size_t ptk_kek_len) 3026 { 3027 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 3028 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 3029 sm->ptk.kck_len = ptk_kck_len; 3030 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 3031 } 3032 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 3033 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 3034 sm->ptk.kek_len = ptk_kek_len; 3035 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 3036 } 3037 sm->ptk_set = 1; 3038 } 3039