xref: /freebsd/contrib/wpa/src/rsn_supp/wpa.c (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1 /*
2  * WPA Supplicant - WPA state machine and EAPOL-Key processing
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "eapol_supp/eapol_supp_sm.h"
17 #include "wpa.h"
18 #include "eloop.h"
19 #include "preauth.h"
20 #include "pmksa_cache.h"
21 #include "wpa_i.h"
22 #include "wpa_ie.h"
23 #include "peerkey.h"
24 
25 
26 /**
27  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28  * @sm: Pointer to WPA state machine data from wpa_sm_init()
29  * @kck: Key Confirmation Key (KCK, part of PTK)
30  * @kck_len: KCK length in octets
31  * @ver: Version field from Key Info
32  * @dest: Destination address for the frame
33  * @proto: Ethertype (usually ETH_P_EAPOL)
34  * @msg: EAPOL-Key message
35  * @msg_len: Length of message
36  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
37  */
38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
39 			int ver, const u8 *dest, u16 proto,
40 			u8 *msg, size_t msg_len, u8 *key_mic)
41 {
42 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
43 
44 	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
45 		/*
46 		 * Association event was not yet received; try to fetch
47 		 * BSSID from the driver.
48 		 */
49 		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
50 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
51 				"WPA: Failed to read BSSID for "
52 				"EAPOL-Key destination address");
53 		} else {
54 			dest = sm->bssid;
55 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56 				"WPA: Use BSSID (" MACSTR
57 				") as the destination for EAPOL-Key",
58 				MAC2STR(dest));
59 		}
60 	}
61 	if (key_mic &&
62 	    wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
63 			      key_mic)) {
64 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
65 			"WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
66 			ver, sm->key_mgmt);
67 		goto out;
68 	}
69 	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
70 	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
71 	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
72 	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
73 	eapol_sm_notify_tx_eapol_key(sm->eapol);
74 out:
75 	os_free(msg);
76 }
77 
78 
79 /**
80  * wpa_sm_key_request - Send EAPOL-Key Request
81  * @sm: Pointer to WPA state machine data from wpa_sm_init()
82  * @error: Indicate whether this is an Michael MIC error report
83  * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
84  *
85  * Send an EAPOL-Key Request to the current authenticator. This function is
86  * used to request rekeying and it is usually called when a local Michael MIC
87  * failure is detected.
88  */
89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
90 {
91 	size_t mic_len, hdrlen, rlen;
92 	struct wpa_eapol_key *reply;
93 	struct wpa_eapol_key_192 *reply192;
94 	int key_info, ver;
95 	u8 bssid[ETH_ALEN], *rbuf, *key_mic;
96 
97 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
98 	    wpa_key_mgmt_suite_b(sm->key_mgmt))
99 		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
100 	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
101 		 wpa_key_mgmt_sha256(sm->key_mgmt))
102 		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
103 	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
104 		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
105 	else
106 		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
107 
108 	if (wpa_sm_get_bssid(sm, bssid) < 0) {
109 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
110 			"Failed to read BSSID for EAPOL-Key request");
111 		return;
112 	}
113 
114 	mic_len = wpa_mic_len(sm->key_mgmt);
115 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
116 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
117 				  hdrlen, &rlen, (void *) &reply);
118 	if (rbuf == NULL)
119 		return;
120 	reply192 = (struct wpa_eapol_key_192 *) reply;
121 
122 	reply->type = (sm->proto == WPA_PROTO_RSN ||
123 		       sm->proto == WPA_PROTO_OSEN) ?
124 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
125 	key_info = WPA_KEY_INFO_REQUEST | ver;
126 	if (sm->ptk_set)
127 		key_info |= WPA_KEY_INFO_MIC;
128 	if (error)
129 		key_info |= WPA_KEY_INFO_ERROR;
130 	if (pairwise)
131 		key_info |= WPA_KEY_INFO_KEY_TYPE;
132 	WPA_PUT_BE16(reply->key_info, key_info);
133 	WPA_PUT_BE16(reply->key_length, 0);
134 	os_memcpy(reply->replay_counter, sm->request_counter,
135 		  WPA_REPLAY_COUNTER_LEN);
136 	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
137 
138 	if (mic_len == 24)
139 		WPA_PUT_BE16(reply192->key_data_length, 0);
140 	else
141 		WPA_PUT_BE16(reply->key_data_length, 0);
142 	if (!(key_info & WPA_KEY_INFO_MIC))
143 		key_mic = NULL;
144 	else
145 		key_mic = reply192->key_mic; /* same offset in reply */
146 
147 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
148 		"WPA: Sending EAPOL-Key Request (error=%d "
149 		"pairwise=%d ptk_set=%d len=%lu)",
150 		error, pairwise, sm->ptk_set, (unsigned long) rlen);
151 	wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
152 			   ETH_P_EAPOL, rbuf, rlen, key_mic);
153 }
154 
155 
156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
157 {
158 #ifdef CONFIG_IEEE80211R
159 	if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
160 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
161 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
162 				"RSN: Cannot set low order 256 bits of MSK for key management offload");
163 	} else {
164 #endif /* CONFIG_IEEE80211R */
165 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
166 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
167 				"RSN: Cannot set PMK for key management offload");
168 #ifdef CONFIG_IEEE80211R
169 	}
170 #endif /* CONFIG_IEEE80211R */
171 }
172 
173 
174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
175 				  const unsigned char *src_addr,
176 				  const u8 *pmkid)
177 {
178 	int abort_cached = 0;
179 
180 	if (pmkid && !sm->cur_pmksa) {
181 		/* When using drivers that generate RSN IE, wpa_supplicant may
182 		 * not have enough time to get the association information
183 		 * event before receiving this 1/4 message, so try to find a
184 		 * matching PMKSA cache entry here. */
185 		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
186 						NULL);
187 		if (sm->cur_pmksa) {
188 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
189 				"RSN: found matching PMKID from PMKSA cache");
190 		} else {
191 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
192 				"RSN: no matching PMKID found");
193 			abort_cached = 1;
194 		}
195 	}
196 
197 	if (pmkid && sm->cur_pmksa &&
198 	    os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
199 		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
200 		wpa_sm_set_pmk_from_pmksa(sm);
201 		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
202 				sm->pmk, sm->pmk_len);
203 		eapol_sm_notify_cached(sm->eapol);
204 #ifdef CONFIG_IEEE80211R
205 		sm->xxkey_len = 0;
206 #endif /* CONFIG_IEEE80211R */
207 	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
208 		int res, pmk_len;
209 		pmk_len = PMK_LEN;
210 		res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
211 		if (res) {
212 			/*
213 			 * EAP-LEAP is an exception from other EAP methods: it
214 			 * uses only 16-byte PMK.
215 			 */
216 			res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
217 			pmk_len = 16;
218 		} else {
219 #ifdef CONFIG_IEEE80211R
220 			u8 buf[2 * PMK_LEN];
221 			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
222 			{
223 				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
224 				sm->xxkey_len = PMK_LEN;
225 				os_memset(buf, 0, sizeof(buf));
226 			}
227 #endif /* CONFIG_IEEE80211R */
228 		}
229 		if (res == 0) {
230 			struct rsn_pmksa_cache_entry *sa = NULL;
231 			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
232 					"machines", sm->pmk, pmk_len);
233 			sm->pmk_len = pmk_len;
234 			wpa_supplicant_key_mgmt_set_pmk(sm);
235 			if (sm->proto == WPA_PROTO_RSN &&
236 			    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
237 			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
238 				sa = pmksa_cache_add(sm->pmksa,
239 						     sm->pmk, pmk_len,
240 						     NULL, 0,
241 						     src_addr, sm->own_addr,
242 						     sm->network_ctx,
243 						     sm->key_mgmt);
244 			}
245 			if (!sm->cur_pmksa && pmkid &&
246 			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
247 			{
248 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
249 					"RSN: the new PMK matches with the "
250 					"PMKID");
251 				abort_cached = 0;
252 			} else if (sa && !sm->cur_pmksa && pmkid) {
253 				/*
254 				 * It looks like the authentication server
255 				 * derived mismatching MSK. This should not
256 				 * really happen, but bugs happen.. There is not
257 				 * much we can do here without knowing what
258 				 * exactly caused the server to misbehave.
259 				 */
260 				wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
261 					"RSN: PMKID mismatch - authentication server may have derived different MSK?!");
262 				return -1;
263 			}
264 
265 			if (!sm->cur_pmksa)
266 				sm->cur_pmksa = sa;
267 		} else {
268 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
269 				"WPA: Failed to get master session key from "
270 				"EAPOL state machines - key handshake "
271 				"aborted");
272 			if (sm->cur_pmksa) {
273 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
274 					"RSN: Cancelled PMKSA caching "
275 					"attempt");
276 				sm->cur_pmksa = NULL;
277 				abort_cached = 1;
278 			} else if (!abort_cached) {
279 				return -1;
280 			}
281 		}
282 	}
283 
284 	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
285 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
286 	    !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
287 	{
288 		/* Send EAPOL-Start to trigger full EAP authentication. */
289 		u8 *buf;
290 		size_t buflen;
291 
292 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
293 			"RSN: no PMKSA entry found - trigger "
294 			"full EAP authentication");
295 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
296 					 NULL, 0, &buflen, NULL);
297 		if (buf) {
298 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
299 					  buf, buflen);
300 			os_free(buf);
301 			return -2;
302 		}
303 
304 		return -1;
305 	}
306 
307 	return 0;
308 }
309 
310 
311 /**
312  * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
313  * @sm: Pointer to WPA state machine data from wpa_sm_init()
314  * @dst: Destination address for the frame
315  * @key: Pointer to the EAPOL-Key frame header
316  * @ver: Version bits from EAPOL-Key Key Info
317  * @nonce: Nonce value for the EAPOL-Key frame
318  * @wpa_ie: WPA/RSN IE
319  * @wpa_ie_len: Length of the WPA/RSN IE
320  * @ptk: PTK to use for keyed hash and encryption
321  * Returns: 0 on success, -1 on failure
322  */
323 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
324 			       const struct wpa_eapol_key *key,
325 			       int ver, const u8 *nonce,
326 			       const u8 *wpa_ie, size_t wpa_ie_len,
327 			       struct wpa_ptk *ptk)
328 {
329 	size_t mic_len, hdrlen, rlen;
330 	struct wpa_eapol_key *reply;
331 	struct wpa_eapol_key_192 *reply192;
332 	u8 *rbuf, *key_mic;
333 	u8 *rsn_ie_buf = NULL;
334 
335 	if (wpa_ie == NULL) {
336 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
337 			"cannot generate msg 2/4");
338 		return -1;
339 	}
340 
341 #ifdef CONFIG_IEEE80211R
342 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
343 		int res;
344 
345 		/*
346 		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
347 		 * FTIE from (Re)Association Response.
348 		 */
349 		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
350 				       sm->assoc_resp_ies_len);
351 		if (rsn_ie_buf == NULL)
352 			return -1;
353 		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
354 		res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
355 				       sm->pmk_r1_name);
356 		if (res < 0) {
357 			os_free(rsn_ie_buf);
358 			return -1;
359 		}
360 		wpa_ie_len += res;
361 
362 		if (sm->assoc_resp_ies) {
363 			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
364 				  sm->assoc_resp_ies_len);
365 			wpa_ie_len += sm->assoc_resp_ies_len;
366 		}
367 
368 		wpa_ie = rsn_ie_buf;
369 	}
370 #endif /* CONFIG_IEEE80211R */
371 
372 	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
373 
374 	mic_len = wpa_mic_len(sm->key_mgmt);
375 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
376 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
377 				  NULL, hdrlen + wpa_ie_len,
378 				  &rlen, (void *) &reply);
379 	if (rbuf == NULL) {
380 		os_free(rsn_ie_buf);
381 		return -1;
382 	}
383 	reply192 = (struct wpa_eapol_key_192 *) reply;
384 
385 	reply->type = (sm->proto == WPA_PROTO_RSN ||
386 		       sm->proto == WPA_PROTO_OSEN) ?
387 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
388 	WPA_PUT_BE16(reply->key_info,
389 		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
390 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
391 		WPA_PUT_BE16(reply->key_length, 0);
392 	else
393 		os_memcpy(reply->key_length, key->key_length, 2);
394 	os_memcpy(reply->replay_counter, key->replay_counter,
395 		  WPA_REPLAY_COUNTER_LEN);
396 	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
397 		    WPA_REPLAY_COUNTER_LEN);
398 
399 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
400 	if (mic_len == 24) {
401 		WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
402 		os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
403 	} else {
404 		WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
405 		os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
406 	}
407 	os_free(rsn_ie_buf);
408 
409 	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
410 
411 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
412 	wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
413 			   rbuf, rlen, key_mic);
414 
415 	return 0;
416 }
417 
418 
419 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
420 			  const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
421 {
422 #ifdef CONFIG_IEEE80211R
423 	if (wpa_key_mgmt_ft(sm->key_mgmt))
424 		return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
425 #endif /* CONFIG_IEEE80211R */
426 
427 	return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
428 			      sm->own_addr, sm->bssid, sm->snonce,
429 			      key->key_nonce, ptk, sm->key_mgmt,
430 			      sm->pairwise_cipher);
431 }
432 
433 
434 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
435 					  const unsigned char *src_addr,
436 					  const struct wpa_eapol_key *key,
437 					  u16 ver, const u8 *key_data,
438 					  size_t key_data_len)
439 {
440 	struct wpa_eapol_ie_parse ie;
441 	struct wpa_ptk *ptk;
442 	int res;
443 	u8 *kde, *kde_buf = NULL;
444 	size_t kde_len;
445 
446 	if (wpa_sm_get_network_ctx(sm) == NULL) {
447 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
448 			"found (msg 1 of 4)");
449 		return;
450 	}
451 
452 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
453 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
454 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
455 
456 	os_memset(&ie, 0, sizeof(ie));
457 
458 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
459 		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
460 		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
461 			    key_data, key_data_len);
462 		if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
463 			goto failed;
464 		if (ie.pmkid) {
465 			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
466 				    "Authenticator", ie.pmkid, PMKID_LEN);
467 		}
468 	}
469 
470 	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
471 	if (res == -2) {
472 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
473 			"msg 1/4 - requesting full EAP authentication");
474 		return;
475 	}
476 	if (res)
477 		goto failed;
478 
479 	if (sm->renew_snonce) {
480 		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
481 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
482 				"WPA: Failed to get random data for SNonce");
483 			goto failed;
484 		}
485 		sm->renew_snonce = 0;
486 		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
487 			    sm->snonce, WPA_NONCE_LEN);
488 	}
489 
490 	/* Calculate PTK which will be stored as a temporary PTK until it has
491 	 * been verified when processing message 3/4. */
492 	ptk = &sm->tptk;
493 	wpa_derive_ptk(sm, src_addr, key, ptk);
494 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
495 		u8 buf[8];
496 		/* Supplicant: swap tx/rx Mic keys */
497 		os_memcpy(buf, &ptk->tk[16], 8);
498 		os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
499 		os_memcpy(&ptk->tk[24], buf, 8);
500 		os_memset(buf, 0, sizeof(buf));
501 	}
502 	sm->tptk_set = 1;
503 
504 	kde = sm->assoc_wpa_ie;
505 	kde_len = sm->assoc_wpa_ie_len;
506 
507 #ifdef CONFIG_P2P
508 	if (sm->p2p) {
509 		kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
510 		if (kde_buf) {
511 			u8 *pos;
512 			wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
513 				   "into EAPOL-Key 2/4");
514 			os_memcpy(kde_buf, kde, kde_len);
515 			kde = kde_buf;
516 			pos = kde + kde_len;
517 			*pos++ = WLAN_EID_VENDOR_SPECIFIC;
518 			*pos++ = RSN_SELECTOR_LEN + 1;
519 			RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
520 			pos += RSN_SELECTOR_LEN;
521 			*pos++ = 0x01;
522 			kde_len = pos - kde;
523 		}
524 	}
525 #endif /* CONFIG_P2P */
526 
527 	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
528 				       kde, kde_len, ptk))
529 		goto failed;
530 
531 	os_free(kde_buf);
532 	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
533 	return;
534 
535 failed:
536 	os_free(kde_buf);
537 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
538 }
539 
540 
541 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
542 {
543 	struct wpa_sm *sm = eloop_ctx;
544 	rsn_preauth_candidate_process(sm);
545 }
546 
547 
548 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
549 					    const u8 *addr, int secure)
550 {
551 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
552 		"WPA: Key negotiation completed with "
553 		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
554 		wpa_cipher_txt(sm->pairwise_cipher),
555 		wpa_cipher_txt(sm->group_cipher));
556 	wpa_sm_cancel_auth_timeout(sm);
557 	wpa_sm_set_state(sm, WPA_COMPLETED);
558 
559 	if (secure) {
560 		wpa_sm_mlme_setprotection(
561 			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
562 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
563 		eapol_sm_notify_portValid(sm->eapol, TRUE);
564 		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
565 			eapol_sm_notify_eap_success(sm->eapol, TRUE);
566 		/*
567 		 * Start preauthentication after a short wait to avoid a
568 		 * possible race condition between the data receive and key
569 		 * configuration after the 4-Way Handshake. This increases the
570 		 * likelihood of the first preauth EAPOL-Start frame getting to
571 		 * the target AP.
572 		 */
573 		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
574 	}
575 
576 	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
577 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
578 			"RSN: Authenticator accepted "
579 			"opportunistic PMKSA entry - marking it valid");
580 		sm->cur_pmksa->opportunistic = 0;
581 	}
582 
583 #ifdef CONFIG_IEEE80211R
584 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
585 		/* Prepare for the next transition */
586 		wpa_ft_prepare_auth_request(sm, NULL);
587 	}
588 #endif /* CONFIG_IEEE80211R */
589 }
590 
591 
592 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
593 {
594 	struct wpa_sm *sm = eloop_ctx;
595 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
596 	wpa_sm_key_request(sm, 0, 1);
597 }
598 
599 
600 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
601 				      const struct wpa_eapol_key *key)
602 {
603 	int keylen, rsclen;
604 	enum wpa_alg alg;
605 	const u8 *key_rsc;
606 	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
607 
608 	if (sm->ptk.installed) {
609 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
610 			"WPA: Do not re-install same PTK to the driver");
611 		return 0;
612 	}
613 
614 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
615 		"WPA: Installing PTK to the driver");
616 
617 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
618 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
619 			"Suite: NONE - do not use pairwise keys");
620 		return 0;
621 	}
622 
623 	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
624 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
625 			"WPA: Unsupported pairwise cipher %d",
626 			sm->pairwise_cipher);
627 		return -1;
628 	}
629 
630 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
631 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
632 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
633 
634 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
635 		key_rsc = null_rsc;
636 	} else {
637 		key_rsc = key->key_rsc;
638 		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
639 	}
640 
641 	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
642 			   sm->ptk.tk, keylen) < 0) {
643 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
644 			"WPA: Failed to set PTK to the "
645 			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
646 			alg, keylen, MAC2STR(sm->bssid));
647 		return -1;
648 	}
649 
650 	/* TK is not needed anymore in supplicant */
651 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
652 	sm->ptk.installed = 1;
653 
654 	if (sm->wpa_ptk_rekey) {
655 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
656 		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
657 				       sm, NULL);
658 	}
659 
660 	return 0;
661 }
662 
663 
664 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
665 					     int group_cipher,
666 					     int keylen, int maxkeylen,
667 					     int *key_rsc_len,
668 					     enum wpa_alg *alg)
669 {
670 	int klen;
671 
672 	*alg = wpa_cipher_to_alg(group_cipher);
673 	if (*alg == WPA_ALG_NONE) {
674 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
675 			"WPA: Unsupported Group Cipher %d",
676 			group_cipher);
677 		return -1;
678 	}
679 	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
680 
681 	klen = wpa_cipher_key_len(group_cipher);
682 	if (keylen != klen || maxkeylen < klen) {
683 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
684 			"WPA: Unsupported %s Group Cipher key length %d (%d)",
685 			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
686 		return -1;
687 	}
688 	return 0;
689 }
690 
691 
692 struct wpa_gtk_data {
693 	enum wpa_alg alg;
694 	int tx, key_rsc_len, keyidx;
695 	u8 gtk[32];
696 	int gtk_len;
697 };
698 
699 
700 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
701 				      const struct wpa_gtk_data *gd,
702 				      const u8 *key_rsc, int wnm_sleep)
703 {
704 	const u8 *_gtk = gd->gtk;
705 	u8 gtk_buf[32];
706 
707 	/* Detect possible key reinstallation */
708 	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
709 	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
710 	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
711 	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
712 		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
713 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
714 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
715 			gd->keyidx, gd->tx, gd->gtk_len);
716 		return 0;
717 	}
718 
719 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
720 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
721 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
722 		gd->keyidx, gd->tx, gd->gtk_len);
723 	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
724 	if (sm->group_cipher == WPA_CIPHER_TKIP) {
725 		/* Swap Tx/Rx keys for Michael MIC */
726 		os_memcpy(gtk_buf, gd->gtk, 16);
727 		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
728 		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
729 		_gtk = gtk_buf;
730 	}
731 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
732 		if (wpa_sm_set_key(sm, gd->alg, NULL,
733 				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
734 				   _gtk, gd->gtk_len) < 0) {
735 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
736 				"WPA: Failed to set GTK to the driver "
737 				"(Group only)");
738 			os_memset(gtk_buf, 0, sizeof(gtk_buf));
739 			return -1;
740 		}
741 	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
742 				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
743 				  _gtk, gd->gtk_len) < 0) {
744 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
745 			"WPA: Failed to set GTK to "
746 			"the driver (alg=%d keylen=%d keyidx=%d)",
747 			gd->alg, gd->gtk_len, gd->keyidx);
748 		os_memset(gtk_buf, 0, sizeof(gtk_buf));
749 		return -1;
750 	}
751 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
752 
753 	if (wnm_sleep) {
754 		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
755 		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
756 			  sm->gtk_wnm_sleep.gtk_len);
757 	} else {
758 		sm->gtk.gtk_len = gd->gtk_len;
759 		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
760 	}
761 
762 	return 0;
763 }
764 
765 
766 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
767 						int tx)
768 {
769 	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
770 		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
771 		 * seemed to set this bit (incorrectly, since Tx is only when
772 		 * doing Group Key only APs) and without this workaround, the
773 		 * data connection does not work because wpa_supplicant
774 		 * configured non-zero keyidx to be used for unicast. */
775 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
776 			"WPA: Tx bit set for GTK, but pairwise "
777 			"keys are used - ignore Tx bit");
778 		return 0;
779 	}
780 	return tx;
781 }
782 
783 
784 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
785 				       const struct wpa_eapol_key *key,
786 				       const u8 *gtk, size_t gtk_len,
787 				       int key_info)
788 {
789 	struct wpa_gtk_data gd;
790 
791 	/*
792 	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
793 	 * GTK KDE format:
794 	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
795 	 * Reserved [bits 0-7]
796 	 * GTK
797 	 */
798 
799 	os_memset(&gd, 0, sizeof(gd));
800 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
801 			gtk, gtk_len);
802 
803 	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
804 		return -1;
805 
806 	gd.keyidx = gtk[0] & 0x3;
807 	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
808 						     !!(gtk[0] & BIT(2)));
809 	gtk += 2;
810 	gtk_len -= 2;
811 
812 	os_memcpy(gd.gtk, gtk, gtk_len);
813 	gd.gtk_len = gtk_len;
814 
815 	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
816 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
817 					       gtk_len, gtk_len,
818 					       &gd.key_rsc_len, &gd.alg) ||
819 	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
820 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
821 			"RSN: Failed to install GTK");
822 		os_memset(&gd, 0, sizeof(gd));
823 		return -1;
824 	}
825 	os_memset(&gd, 0, sizeof(gd));
826 
827 	wpa_supplicant_key_neg_complete(sm, sm->bssid,
828 					key_info & WPA_KEY_INFO_SECURE);
829 	return 0;
830 }
831 
832 
833 #ifdef CONFIG_IEEE80211W
834 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
835 				       const struct wpa_igtk_kde *igtk,
836 				       int wnm_sleep)
837 {
838 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
839 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
840 
841 	/* Detect possible key reinstallation */
842 	if ((sm->igtk.igtk_len == len &&
843 	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
844 	    (sm->igtk_wnm_sleep.igtk_len == len &&
845 	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
846 		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
847 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
848 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
849 			keyidx);
850 		return  0;
851 	}
852 
853 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
854 		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
855 		keyidx, MAC2STR(igtk->pn));
856 	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
857 	if (keyidx > 4095) {
858 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
859 			"WPA: Invalid IGTK KeyID %d", keyidx);
860 		return -1;
861 	}
862 	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
863 			   broadcast_ether_addr,
864 			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
865 			   igtk->igtk, len) < 0) {
866 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
867 			"WPA: Failed to configure IGTK to the driver");
868 		return -1;
869 	}
870 
871 	if (wnm_sleep) {
872 		sm->igtk_wnm_sleep.igtk_len = len;
873 		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
874 			  sm->igtk_wnm_sleep.igtk_len);
875 	} else {
876 		sm->igtk.igtk_len = len;
877 		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
878 	}
879 
880 	return 0;
881 }
882 #endif /* CONFIG_IEEE80211W */
883 
884 
885 static int ieee80211w_set_keys(struct wpa_sm *sm,
886 			       struct wpa_eapol_ie_parse *ie)
887 {
888 #ifdef CONFIG_IEEE80211W
889 	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
890 		return 0;
891 
892 	if (ie->igtk) {
893 		size_t len;
894 		const struct wpa_igtk_kde *igtk;
895 
896 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
897 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
898 			return -1;
899 
900 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
901 		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
902 			return -1;
903 	}
904 
905 	return 0;
906 #else /* CONFIG_IEEE80211W */
907 	return 0;
908 #endif /* CONFIG_IEEE80211W */
909 }
910 
911 
912 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
913 				   const char *reason, const u8 *src_addr,
914 				   const u8 *wpa_ie, size_t wpa_ie_len,
915 				   const u8 *rsn_ie, size_t rsn_ie_len)
916 {
917 	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
918 		reason, MAC2STR(src_addr));
919 
920 	if (sm->ap_wpa_ie) {
921 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
922 			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
923 	}
924 	if (wpa_ie) {
925 		if (!sm->ap_wpa_ie) {
926 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
927 				"WPA: No WPA IE in Beacon/ProbeResp");
928 		}
929 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
930 			    wpa_ie, wpa_ie_len);
931 	}
932 
933 	if (sm->ap_rsn_ie) {
934 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
935 			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
936 	}
937 	if (rsn_ie) {
938 		if (!sm->ap_rsn_ie) {
939 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
940 				"WPA: No RSN IE in Beacon/ProbeResp");
941 		}
942 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
943 			    rsn_ie, rsn_ie_len);
944 	}
945 
946 	wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
947 }
948 
949 
950 #ifdef CONFIG_IEEE80211R
951 
952 static int ft_validate_mdie(struct wpa_sm *sm,
953 			    const unsigned char *src_addr,
954 			    struct wpa_eapol_ie_parse *ie,
955 			    const u8 *assoc_resp_mdie)
956 {
957 	struct rsn_mdie *mdie;
958 
959 	mdie = (struct rsn_mdie *) (ie->mdie + 2);
960 	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
961 	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
962 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
963 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
964 			"not match with the current mobility domain");
965 		return -1;
966 	}
967 
968 	if (assoc_resp_mdie &&
969 	    (assoc_resp_mdie[1] != ie->mdie[1] ||
970 	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
971 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
972 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
973 			    ie->mdie, 2 + ie->mdie[1]);
974 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
975 			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
976 		return -1;
977 	}
978 
979 	return 0;
980 }
981 
982 
983 static int ft_validate_ftie(struct wpa_sm *sm,
984 			    const unsigned char *src_addr,
985 			    struct wpa_eapol_ie_parse *ie,
986 			    const u8 *assoc_resp_ftie)
987 {
988 	if (ie->ftie == NULL) {
989 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
990 			"FT: No FTIE in EAPOL-Key msg 3/4");
991 		return -1;
992 	}
993 
994 	if (assoc_resp_ftie == NULL)
995 		return 0;
996 
997 	if (assoc_resp_ftie[1] != ie->ftie[1] ||
998 	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
999 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
1000 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
1001 			    ie->ftie, 2 + ie->ftie[1]);
1002 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
1003 			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
1004 		return -1;
1005 	}
1006 
1007 	return 0;
1008 }
1009 
1010 
1011 static int ft_validate_rsnie(struct wpa_sm *sm,
1012 			     const unsigned char *src_addr,
1013 			     struct wpa_eapol_ie_parse *ie)
1014 {
1015 	struct wpa_ie_data rsn;
1016 
1017 	if (!ie->rsn_ie)
1018 		return 0;
1019 
1020 	/*
1021 	 * Verify that PMKR1Name from EAPOL-Key message 3/4
1022 	 * matches with the value we derived.
1023 	 */
1024 	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
1025 	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
1026 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
1027 			"FT 4-way handshake message 3/4");
1028 		return -1;
1029 	}
1030 
1031 	if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
1032 	{
1033 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1034 			"FT: PMKR1Name mismatch in "
1035 			"FT 4-way handshake message 3/4");
1036 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
1037 			    rsn.pmkid, WPA_PMK_NAME_LEN);
1038 		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1039 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1040 		return -1;
1041 	}
1042 
1043 	return 0;
1044 }
1045 
1046 
1047 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
1048 					 const unsigned char *src_addr,
1049 					 struct wpa_eapol_ie_parse *ie)
1050 {
1051 	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
1052 
1053 	if (sm->assoc_resp_ies) {
1054 		pos = sm->assoc_resp_ies;
1055 		end = pos + sm->assoc_resp_ies_len;
1056 		while (pos + 2 < end) {
1057 			if (pos + 2 + pos[1] > end)
1058 				break;
1059 			switch (*pos) {
1060 			case WLAN_EID_MOBILITY_DOMAIN:
1061 				mdie = pos;
1062 				break;
1063 			case WLAN_EID_FAST_BSS_TRANSITION:
1064 				ftie = pos;
1065 				break;
1066 			}
1067 			pos += 2 + pos[1];
1068 		}
1069 	}
1070 
1071 	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1072 	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1073 	    ft_validate_rsnie(sm, src_addr, ie) < 0)
1074 		return -1;
1075 
1076 	return 0;
1077 }
1078 
1079 #endif /* CONFIG_IEEE80211R */
1080 
1081 
1082 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1083 				      const unsigned char *src_addr,
1084 				      struct wpa_eapol_ie_parse *ie)
1085 {
1086 	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1087 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1088 			"WPA: No WPA/RSN IE for this AP known. "
1089 			"Trying to get from scan results");
1090 		if (wpa_sm_get_beacon_ie(sm) < 0) {
1091 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1092 				"WPA: Could not find AP from "
1093 				"the scan results");
1094 		} else {
1095 			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1096 				"WPA: Found the current AP from "
1097 				"updated scan results");
1098 		}
1099 	}
1100 
1101 	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1102 	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1103 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1104 				       "with IE in Beacon/ProbeResp (no IE?)",
1105 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1106 				       ie->rsn_ie, ie->rsn_ie_len);
1107 		return -1;
1108 	}
1109 
1110 	if ((ie->wpa_ie && sm->ap_wpa_ie &&
1111 	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1112 	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1113 	    (ie->rsn_ie && sm->ap_rsn_ie &&
1114 	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1115 				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1116 				ie->rsn_ie, ie->rsn_ie_len))) {
1117 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1118 				       "with IE in Beacon/ProbeResp",
1119 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1120 				       ie->rsn_ie, ie->rsn_ie_len);
1121 		return -1;
1122 	}
1123 
1124 	if (sm->proto == WPA_PROTO_WPA &&
1125 	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1126 		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1127 				       "detected - RSN was enabled and RSN IE "
1128 				       "was in msg 3/4, but not in "
1129 				       "Beacon/ProbeResp",
1130 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1131 				       ie->rsn_ie, ie->rsn_ie_len);
1132 		return -1;
1133 	}
1134 
1135 #ifdef CONFIG_IEEE80211R
1136 	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1137 	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1138 		return -1;
1139 #endif /* CONFIG_IEEE80211R */
1140 
1141 	return 0;
1142 }
1143 
1144 
1145 /**
1146  * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1147  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1148  * @dst: Destination address for the frame
1149  * @key: Pointer to the EAPOL-Key frame header
1150  * @ver: Version bits from EAPOL-Key Key Info
1151  * @key_info: Key Info
1152  * @ptk: PTK to use for keyed hash and encryption
1153  * Returns: 0 on success, -1 on failure
1154  */
1155 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1156 			       const struct wpa_eapol_key *key,
1157 			       u16 ver, u16 key_info,
1158 			       struct wpa_ptk *ptk)
1159 {
1160 	size_t mic_len, hdrlen, rlen;
1161 	struct wpa_eapol_key *reply;
1162 	struct wpa_eapol_key_192 *reply192;
1163 	u8 *rbuf, *key_mic;
1164 
1165 	mic_len = wpa_mic_len(sm->key_mgmt);
1166 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1167 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1168 				  hdrlen, &rlen, (void *) &reply);
1169 	if (rbuf == NULL)
1170 		return -1;
1171 	reply192 = (struct wpa_eapol_key_192 *) reply;
1172 
1173 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1174 		       sm->proto == WPA_PROTO_OSEN) ?
1175 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1176 	key_info &= WPA_KEY_INFO_SECURE;
1177 	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1178 	WPA_PUT_BE16(reply->key_info, key_info);
1179 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1180 		WPA_PUT_BE16(reply->key_length, 0);
1181 	else
1182 		os_memcpy(reply->key_length, key->key_length, 2);
1183 	os_memcpy(reply->replay_counter, key->replay_counter,
1184 		  WPA_REPLAY_COUNTER_LEN);
1185 
1186 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1187 	if (mic_len == 24)
1188 		WPA_PUT_BE16(reply192->key_data_length, 0);
1189 	else
1190 		WPA_PUT_BE16(reply->key_data_length, 0);
1191 
1192 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1193 	wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
1194 			   rbuf, rlen, key_mic);
1195 
1196 	return 0;
1197 }
1198 
1199 
1200 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1201 					  const struct wpa_eapol_key *key,
1202 					  u16 ver, const u8 *key_data,
1203 					  size_t key_data_len)
1204 {
1205 	u16 key_info, keylen;
1206 	struct wpa_eapol_ie_parse ie;
1207 
1208 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1209 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1210 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1211 
1212 	key_info = WPA_GET_BE16(key->key_info);
1213 
1214 	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1215 	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1216 		goto failed;
1217 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1218 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1219 			"WPA: GTK IE in unencrypted key data");
1220 		goto failed;
1221 	}
1222 #ifdef CONFIG_IEEE80211W
1223 	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1224 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1225 			"WPA: IGTK KDE in unencrypted key data");
1226 		goto failed;
1227 	}
1228 
1229 	if (ie.igtk &&
1230 	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1231 	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1232 	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1233 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1234 			"WPA: Invalid IGTK KDE length %lu",
1235 			(unsigned long) ie.igtk_len);
1236 		goto failed;
1237 	}
1238 #endif /* CONFIG_IEEE80211W */
1239 
1240 	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1241 		goto failed;
1242 
1243 	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1244 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1245 			"WPA: ANonce from message 1 of 4-Way Handshake "
1246 			"differs from 3 of 4-Way Handshake - drop packet (src="
1247 			MACSTR ")", MAC2STR(sm->bssid));
1248 		goto failed;
1249 	}
1250 
1251 	keylen = WPA_GET_BE16(key->key_length);
1252 	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1253 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1254 			"WPA: Invalid %s key length %d (src=" MACSTR
1255 			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1256 			MAC2STR(sm->bssid));
1257 		goto failed;
1258 	}
1259 
1260 #ifdef CONFIG_P2P
1261 	if (ie.ip_addr_alloc) {
1262 		os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1263 		wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1264 			    sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1265 	}
1266 #endif /* CONFIG_P2P */
1267 
1268 	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1269 				       &sm->ptk)) {
1270 		goto failed;
1271 	}
1272 
1273 	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
1274 	 * for the next 4-Way Handshake. If msg 3 is received again, the old
1275 	 * SNonce will still be used to avoid changing PTK. */
1276 	sm->renew_snonce = 1;
1277 
1278 	if (key_info & WPA_KEY_INFO_INSTALL) {
1279 		if (wpa_supplicant_install_ptk(sm, key))
1280 			goto failed;
1281 	}
1282 
1283 	if (key_info & WPA_KEY_INFO_SECURE) {
1284 		wpa_sm_mlme_setprotection(
1285 			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1286 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1287 		eapol_sm_notify_portValid(sm->eapol, TRUE);
1288 	}
1289 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1290 
1291 	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1292 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1293 						key_info & WPA_KEY_INFO_SECURE);
1294 	} else if (ie.gtk &&
1295 	    wpa_supplicant_pairwise_gtk(sm, key,
1296 					ie.gtk, ie.gtk_len, key_info) < 0) {
1297 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1298 			"RSN: Failed to configure GTK");
1299 		goto failed;
1300 	}
1301 
1302 	if (ieee80211w_set_keys(sm, &ie) < 0) {
1303 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1304 			"RSN: Failed to configure IGTK");
1305 		goto failed;
1306 	}
1307 
1308 	if (ie.gtk)
1309 		wpa_sm_set_rekey_offload(sm);
1310 
1311 	if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1312 		struct rsn_pmksa_cache_entry *sa;
1313 
1314 		sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
1315 				     sm->ptk.kck, sm->ptk.kck_len,
1316 				     sm->bssid, sm->own_addr,
1317 				     sm->network_ctx, sm->key_mgmt);
1318 		if (!sm->cur_pmksa)
1319 			sm->cur_pmksa = sa;
1320 	}
1321 
1322 	sm->msg_3_of_4_ok = 1;
1323 	return;
1324 
1325 failed:
1326 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1327 }
1328 
1329 
1330 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1331 					     const u8 *keydata,
1332 					     size_t keydatalen,
1333 					     u16 key_info,
1334 					     struct wpa_gtk_data *gd)
1335 {
1336 	int maxkeylen;
1337 	struct wpa_eapol_ie_parse ie;
1338 
1339 	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1340 	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1341 		return -1;
1342 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1343 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1344 			"WPA: GTK IE in unencrypted key data");
1345 		return -1;
1346 	}
1347 	if (ie.gtk == NULL) {
1348 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1349 			"WPA: No GTK IE in Group Key msg 1/2");
1350 		return -1;
1351 	}
1352 	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1353 
1354 	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1355 					      gd->gtk_len, maxkeylen,
1356 					      &gd->key_rsc_len, &gd->alg))
1357 		return -1;
1358 
1359 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1360 			ie.gtk, ie.gtk_len);
1361 	gd->keyidx = ie.gtk[0] & 0x3;
1362 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1363 						      !!(ie.gtk[0] & BIT(2)));
1364 	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1365 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1366 			"RSN: Too long GTK in GTK IE (len=%lu)",
1367 			(unsigned long) ie.gtk_len - 2);
1368 		return -1;
1369 	}
1370 	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1371 
1372 	if (ieee80211w_set_keys(sm, &ie) < 0)
1373 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1374 			"RSN: Failed to configure IGTK");
1375 
1376 	return 0;
1377 }
1378 
1379 
1380 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1381 					     const struct wpa_eapol_key *key,
1382 					     const u8 *key_data,
1383 					     size_t key_data_len, u16 key_info,
1384 					     u16 ver, struct wpa_gtk_data *gd)
1385 {
1386 	size_t maxkeylen;
1387 	u16 gtk_len;
1388 
1389 	gtk_len = WPA_GET_BE16(key->key_length);
1390 	maxkeylen = key_data_len;
1391 	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1392 		if (maxkeylen < 8) {
1393 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1394 				"WPA: Too short maxkeylen (%lu)",
1395 				(unsigned long) maxkeylen);
1396 			return -1;
1397 		}
1398 		maxkeylen -= 8;
1399 	}
1400 
1401 	if (gtk_len > maxkeylen ||
1402 	    wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1403 					      gtk_len, maxkeylen,
1404 					      &gd->key_rsc_len, &gd->alg))
1405 		return -1;
1406 
1407 	gd->gtk_len = gtk_len;
1408 	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1409 		WPA_KEY_INFO_KEY_INDEX_SHIFT;
1410 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1411 #ifdef CONFIG_NO_RC4
1412 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1413 			"WPA: RC4 not supported in the build");
1414 		return -1;
1415 #else /* CONFIG_NO_RC4 */
1416 		u8 ek[32];
1417 		if (key_data_len > sizeof(gd->gtk)) {
1418 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1419 				"WPA: RC4 key data too long (%lu)",
1420 				(unsigned long) key_data_len);
1421 			return -1;
1422 		}
1423 		os_memcpy(ek, key->key_iv, 16);
1424 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1425 		os_memcpy(gd->gtk, key_data, key_data_len);
1426 		if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1427 			os_memset(ek, 0, sizeof(ek));
1428 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1429 				"WPA: RC4 failed");
1430 			return -1;
1431 		}
1432 		os_memset(ek, 0, sizeof(ek));
1433 #endif /* CONFIG_NO_RC4 */
1434 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1435 		if (maxkeylen % 8) {
1436 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1437 				"WPA: Unsupported AES-WRAP len %lu",
1438 				(unsigned long) maxkeylen);
1439 			return -1;
1440 		}
1441 		if (maxkeylen > sizeof(gd->gtk)) {
1442 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1443 				"WPA: AES-WRAP key data "
1444 				"too long (keydatalen=%lu maxkeylen=%lu)",
1445 				(unsigned long) key_data_len,
1446 				(unsigned long) maxkeylen);
1447 			return -1;
1448 		}
1449 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1450 			       key_data, gd->gtk)) {
1451 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1452 				"WPA: AES unwrap failed - could not decrypt "
1453 				"GTK");
1454 			return -1;
1455 		}
1456 	} else {
1457 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1458 			"WPA: Unsupported key_info type %d", ver);
1459 		return -1;
1460 	}
1461 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1462 		sm, !!(key_info & WPA_KEY_INFO_TXRX));
1463 	return 0;
1464 }
1465 
1466 
1467 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1468 				      const struct wpa_eapol_key *key,
1469 				      int ver, u16 key_info)
1470 {
1471 	size_t mic_len, hdrlen, rlen;
1472 	struct wpa_eapol_key *reply;
1473 	struct wpa_eapol_key_192 *reply192;
1474 	u8 *rbuf, *key_mic;
1475 
1476 	mic_len = wpa_mic_len(sm->key_mgmt);
1477 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1478 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1479 				  hdrlen, &rlen, (void *) &reply);
1480 	if (rbuf == NULL)
1481 		return -1;
1482 	reply192 = (struct wpa_eapol_key_192 *) reply;
1483 
1484 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1485 		       sm->proto == WPA_PROTO_OSEN) ?
1486 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1487 	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1488 	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1489 	WPA_PUT_BE16(reply->key_info, key_info);
1490 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1491 		WPA_PUT_BE16(reply->key_length, 0);
1492 	else
1493 		os_memcpy(reply->key_length, key->key_length, 2);
1494 	os_memcpy(reply->replay_counter, key->replay_counter,
1495 		  WPA_REPLAY_COUNTER_LEN);
1496 
1497 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1498 	if (mic_len == 24)
1499 		WPA_PUT_BE16(reply192->key_data_length, 0);
1500 	else
1501 		WPA_PUT_BE16(reply->key_data_length, 0);
1502 
1503 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1504 	wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
1505 			   ETH_P_EAPOL, rbuf, rlen, key_mic);
1506 
1507 	return 0;
1508 }
1509 
1510 
1511 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1512 					  const unsigned char *src_addr,
1513 					  const struct wpa_eapol_key *key,
1514 					  const u8 *key_data,
1515 					  size_t key_data_len, u16 ver)
1516 {
1517 	u16 key_info;
1518 	int rekey, ret;
1519 	struct wpa_gtk_data gd;
1520 
1521 	if (!sm->msg_3_of_4_ok) {
1522 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1523 			"WPA: Group Key Handshake started prior to completion of 4-way handshake");
1524 		goto failed;
1525 	}
1526 
1527 	os_memset(&gd, 0, sizeof(gd));
1528 
1529 	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1530 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1531 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1532 
1533 	key_info = WPA_GET_BE16(key->key_info);
1534 
1535 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1536 		ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1537 							key_data_len, key_info,
1538 							&gd);
1539 	} else {
1540 		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1541 							key_data_len,
1542 							key_info, ver, &gd);
1543 	}
1544 
1545 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1546 
1547 	if (ret)
1548 		goto failed;
1549 
1550 	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) ||
1551 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1552 		goto failed;
1553 	os_memset(&gd, 0, sizeof(gd));
1554 
1555 	if (rekey) {
1556 		wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying "
1557 			"completed with " MACSTR " [GTK=%s]",
1558 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1559 		wpa_sm_cancel_auth_timeout(sm);
1560 		wpa_sm_set_state(sm, WPA_COMPLETED);
1561 	} else {
1562 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1563 						key_info &
1564 						WPA_KEY_INFO_SECURE);
1565 	}
1566 
1567 	wpa_sm_set_rekey_offload(sm);
1568 
1569 	return;
1570 
1571 failed:
1572 	os_memset(&gd, 0, sizeof(gd));
1573 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1574 }
1575 
1576 
1577 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1578 					       struct wpa_eapol_key_192 *key,
1579 					       u16 ver,
1580 					       const u8 *buf, size_t len)
1581 {
1582 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1583 	int ok = 0;
1584 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
1585 
1586 	os_memcpy(mic, key->key_mic, mic_len);
1587 	if (sm->tptk_set) {
1588 		os_memset(key->key_mic, 0, mic_len);
1589 		wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1590 				  ver, buf, len, key->key_mic);
1591 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1592 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1593 				"WPA: Invalid EAPOL-Key MIC "
1594 				"when using TPTK - ignoring TPTK");
1595 		} else {
1596 			ok = 1;
1597 			sm->tptk_set = 0;
1598 			sm->ptk_set = 1;
1599 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1600 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1601 		}
1602 	}
1603 
1604 	if (!ok && sm->ptk_set) {
1605 		os_memset(key->key_mic, 0, mic_len);
1606 		wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1607 				  ver, buf, len, key->key_mic);
1608 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1609 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1610 				"WPA: Invalid EAPOL-Key MIC - "
1611 				"dropping packet");
1612 			return -1;
1613 		}
1614 		ok = 1;
1615 	}
1616 
1617 	if (!ok) {
1618 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1619 			"WPA: Could not verify EAPOL-Key MIC - "
1620 			"dropping packet");
1621 		return -1;
1622 	}
1623 
1624 	os_memcpy(sm->rx_replay_counter, key->replay_counter,
1625 		  WPA_REPLAY_COUNTER_LEN);
1626 	sm->rx_replay_counter_set = 1;
1627 	return 0;
1628 }
1629 
1630 
1631 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1632 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1633 					   struct wpa_eapol_key *key, u16 ver,
1634 					   u8 *key_data, size_t *key_data_len)
1635 {
1636 	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1637 		    key_data, *key_data_len);
1638 	if (!sm->ptk_set) {
1639 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1640 			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1641 			"Data");
1642 		return -1;
1643 	}
1644 
1645 	/* Decrypt key data here so that this operation does not need
1646 	 * to be implemented separately for each message type. */
1647 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1648 #ifdef CONFIG_NO_RC4
1649 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1650 			"WPA: RC4 not supported in the build");
1651 		return -1;
1652 #else /* CONFIG_NO_RC4 */
1653 		u8 ek[32];
1654 		os_memcpy(ek, key->key_iv, 16);
1655 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1656 		if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1657 			os_memset(ek, 0, sizeof(ek));
1658 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1659 				"WPA: RC4 failed");
1660 			return -1;
1661 		}
1662 		os_memset(ek, 0, sizeof(ek));
1663 #endif /* CONFIG_NO_RC4 */
1664 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1665 		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1666 		   sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1667 		   wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1668 		u8 *buf;
1669 		if (*key_data_len < 8 || *key_data_len % 8) {
1670 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1671 				"WPA: Unsupported AES-WRAP len %u",
1672 				(unsigned int) *key_data_len);
1673 			return -1;
1674 		}
1675 		*key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1676 		buf = os_malloc(*key_data_len);
1677 		if (buf == NULL) {
1678 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1679 				"WPA: No memory for AES-UNWRAP buffer");
1680 			return -1;
1681 		}
1682 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1683 			       key_data, buf)) {
1684 			os_free(buf);
1685 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1686 				"WPA: AES unwrap failed - "
1687 				"could not decrypt EAPOL-Key key data");
1688 			return -1;
1689 		}
1690 		os_memcpy(key_data, buf, *key_data_len);
1691 		os_free(buf);
1692 		WPA_PUT_BE16(key->key_data_length, *key_data_len);
1693 	} else {
1694 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1695 			"WPA: Unsupported key_info type %d", ver);
1696 		return -1;
1697 	}
1698 	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1699 			key_data, *key_data_len);
1700 	return 0;
1701 }
1702 
1703 
1704 /**
1705  * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1706  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1707  */
1708 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1709 {
1710 	if (sm && sm->cur_pmksa) {
1711 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1712 			"RSN: Cancelling PMKSA caching attempt");
1713 		sm->cur_pmksa = NULL;
1714 	}
1715 }
1716 
1717 
1718 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1719 			       const struct wpa_eapol_key *key,
1720 			       unsigned int key_data_len,
1721 			       const u8 *mic, unsigned int mic_len)
1722 {
1723 #ifndef CONFIG_NO_STDOUT_DEBUG
1724 	u16 key_info = WPA_GET_BE16(key->key_info);
1725 
1726 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1727 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1728 		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1729 		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1730 		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1731 		WPA_KEY_INFO_KEY_INDEX_SHIFT,
1732 		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1733 		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1734 		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1735 		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1736 		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1737 		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1738 		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1739 		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1740 		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1741 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1742 		"  key_length=%u key_data_length=%u",
1743 		WPA_GET_BE16(key->key_length), key_data_len);
1744 	wpa_hexdump(MSG_DEBUG, "  replay_counter",
1745 		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1746 	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1747 	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1748 	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1749 	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1750 	wpa_hexdump(MSG_DEBUG, "  key_mic", mic, mic_len);
1751 #endif /* CONFIG_NO_STDOUT_DEBUG */
1752 }
1753 
1754 
1755 /**
1756  * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1757  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1758  * @src_addr: Source MAC address of the EAPOL packet
1759  * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1760  * @len: Length of the EAPOL frame
1761  * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1762  *
1763  * This function is called for each received EAPOL frame. Other than EAPOL-Key
1764  * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1765  * only processing WPA and WPA2 EAPOL-Key frames.
1766  *
1767  * The received EAPOL-Key packets are validated and valid packets are replied
1768  * to. In addition, key material (PTK, GTK) is configured at the end of a
1769  * successful key handshake.
1770  */
1771 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1772 		    const u8 *buf, size_t len)
1773 {
1774 	size_t plen, data_len, key_data_len;
1775 	const struct ieee802_1x_hdr *hdr;
1776 	struct wpa_eapol_key *key;
1777 	struct wpa_eapol_key_192 *key192;
1778 	u16 key_info, ver;
1779 	u8 *tmp = NULL;
1780 	int ret = -1;
1781 	struct wpa_peerkey *peerkey = NULL;
1782 	u8 *key_data;
1783 	size_t mic_len, keyhdrlen;
1784 
1785 #ifdef CONFIG_IEEE80211R
1786 	sm->ft_completed = 0;
1787 #endif /* CONFIG_IEEE80211R */
1788 
1789 	mic_len = wpa_mic_len(sm->key_mgmt);
1790 	keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1791 
1792 	if (len < sizeof(*hdr) + keyhdrlen) {
1793 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1794 			"WPA: EAPOL frame too short to be a WPA "
1795 			"EAPOL-Key (len %lu, expecting at least %lu)",
1796 			(unsigned long) len,
1797 			(unsigned long) sizeof(*hdr) + keyhdrlen);
1798 		return 0;
1799 	}
1800 
1801 	hdr = (const struct ieee802_1x_hdr *) buf;
1802 	plen = be_to_host16(hdr->length);
1803 	data_len = plen + sizeof(*hdr);
1804 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1805 		"IEEE 802.1X RX: version=%d type=%d length=%lu",
1806 		hdr->version, hdr->type, (unsigned long) plen);
1807 
1808 	if (hdr->version < EAPOL_VERSION) {
1809 		/* TODO: backwards compatibility */
1810 	}
1811 	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1812 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1813 			"WPA: EAPOL frame (type %u) discarded, "
1814 			"not a Key frame", hdr->type);
1815 		ret = 0;
1816 		goto out;
1817 	}
1818 	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1819 	if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1820 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1821 			"WPA: EAPOL frame payload size %lu "
1822 			"invalid (frame size %lu)",
1823 			(unsigned long) plen, (unsigned long) len);
1824 		ret = 0;
1825 		goto out;
1826 	}
1827 	if (data_len < len) {
1828 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1829 			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
1830 			(unsigned long) len - data_len);
1831 	}
1832 
1833 	/*
1834 	 * Make a copy of the frame since we need to modify the buffer during
1835 	 * MAC validation and Key Data decryption.
1836 	 */
1837 	tmp = os_malloc(data_len);
1838 	if (tmp == NULL)
1839 		goto out;
1840 	os_memcpy(tmp, buf, data_len);
1841 	key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1842 	key192 = (struct wpa_eapol_key_192 *)
1843 		(tmp + sizeof(struct ieee802_1x_hdr));
1844 	if (mic_len == 24)
1845 		key_data = (u8 *) (key192 + 1);
1846 	else
1847 		key_data = (u8 *) (key + 1);
1848 
1849 	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1850 	{
1851 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1852 			"WPA: EAPOL-Key type (%d) unknown, discarded",
1853 			key->type);
1854 		ret = 0;
1855 		goto out;
1856 	}
1857 
1858 	if (mic_len == 24)
1859 		key_data_len = WPA_GET_BE16(key192->key_data_length);
1860 	else
1861 		key_data_len = WPA_GET_BE16(key->key_data_length);
1862 	wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1863 
1864 	if (key_data_len > plen - keyhdrlen) {
1865 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1866 			"frame - key_data overflow (%u > %u)",
1867 			(unsigned int) key_data_len,
1868 			(unsigned int) (plen - keyhdrlen));
1869 		goto out;
1870 	}
1871 
1872 	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1873 	key_info = WPA_GET_BE16(key->key_info);
1874 	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1875 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1876 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1877 	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1878 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1879 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1880 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1881 	    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1882 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1883 			"WPA: Unsupported EAPOL-Key descriptor version %d",
1884 			ver);
1885 		goto out;
1886 	}
1887 
1888 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1889 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1890 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1891 			"OSEN: Unsupported EAPOL-Key descriptor version %d",
1892 			ver);
1893 		goto out;
1894 	}
1895 
1896 	if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1897 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1898 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1899 			"RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1900 			ver);
1901 		goto out;
1902 	}
1903 
1904 #ifdef CONFIG_IEEE80211R
1905 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1906 		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1907 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1908 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1909 				"FT: AP did not use AES-128-CMAC");
1910 			goto out;
1911 		}
1912 	} else
1913 #endif /* CONFIG_IEEE80211R */
1914 #ifdef CONFIG_IEEE80211W
1915 	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1916 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1917 		    sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1918 		    !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1919 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1920 				"WPA: AP did not use the "
1921 				"negotiated AES-128-CMAC");
1922 			goto out;
1923 		}
1924 	} else
1925 #endif /* CONFIG_IEEE80211W */
1926 	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1927 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1928 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1929 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1930 			"WPA: CCMP is used, but EAPOL-Key "
1931 			"descriptor version (%d) is not 2", ver);
1932 		if (sm->group_cipher != WPA_CIPHER_CCMP &&
1933 		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1934 			/* Earlier versions of IEEE 802.11i did not explicitly
1935 			 * require version 2 descriptor for all EAPOL-Key
1936 			 * packets, so allow group keys to use version 1 if
1937 			 * CCMP is not used for them. */
1938 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1939 				"WPA: Backwards compatibility: allow invalid "
1940 				"version for non-CCMP group keys");
1941 		} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1942 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1943 				"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1944 		} else
1945 			goto out;
1946 	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1947 		   !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1948 		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1949 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1950 			"WPA: GCMP is used, but EAPOL-Key "
1951 			"descriptor version (%d) is not 2", ver);
1952 		goto out;
1953 	}
1954 
1955 #ifdef CONFIG_PEERKEY
1956 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1957 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1958 			break;
1959 	}
1960 
1961 	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1962 		if (!peerkey->initiator && peerkey->replay_counter_set &&
1963 		    os_memcmp(key->replay_counter, peerkey->replay_counter,
1964 			      WPA_REPLAY_COUNTER_LEN) <= 0) {
1965 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1966 				"RSN: EAPOL-Key Replay Counter did not "
1967 				"increase (STK) - dropping packet");
1968 			goto out;
1969 		} else if (peerkey->initiator) {
1970 			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1971 			os_memcpy(_tmp, key->replay_counter,
1972 				  WPA_REPLAY_COUNTER_LEN);
1973 			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1974 			if (os_memcmp(_tmp, peerkey->replay_counter,
1975 				      WPA_REPLAY_COUNTER_LEN) != 0) {
1976 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1977 					"RSN: EAPOL-Key Replay "
1978 					"Counter did not match (STK) - "
1979 					"dropping packet");
1980 				goto out;
1981 			}
1982 		}
1983 	}
1984 
1985 	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1986 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1987 			"RSN: Ack bit in key_info from STK peer");
1988 		goto out;
1989 	}
1990 #endif /* CONFIG_PEERKEY */
1991 
1992 	if (!peerkey && sm->rx_replay_counter_set &&
1993 	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
1994 		      WPA_REPLAY_COUNTER_LEN) <= 0) {
1995 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1996 			"WPA: EAPOL-Key Replay Counter did not increase - "
1997 			"dropping packet");
1998 		goto out;
1999 	}
2000 
2001 	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
2002 #ifdef CONFIG_PEERKEY
2003 	    && (peerkey == NULL || !peerkey->initiator)
2004 #endif /* CONFIG_PEERKEY */
2005 		) {
2006 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2007 			"WPA: No Ack bit in key_info");
2008 		goto out;
2009 	}
2010 
2011 	if (key_info & WPA_KEY_INFO_REQUEST) {
2012 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2013 			"WPA: EAPOL-Key with Request bit - dropped");
2014 		goto out;
2015 	}
2016 
2017 	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
2018 	    wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
2019 		goto out;
2020 
2021 #ifdef CONFIG_PEERKEY
2022 	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
2023 	    peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
2024 					 data_len))
2025 		goto out;
2026 #endif /* CONFIG_PEERKEY */
2027 
2028 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
2029 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2030 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
2031 						    &key_data_len))
2032 			goto out;
2033 	}
2034 
2035 	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
2036 		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
2037 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2038 				"WPA: Ignored EAPOL-Key (Pairwise) with "
2039 				"non-zero key index");
2040 			goto out;
2041 		}
2042 		if (peerkey) {
2043 			/* PeerKey 4-Way Handshake */
2044 			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
2045 					      key_data, key_data_len);
2046 		} else if (key_info & WPA_KEY_INFO_MIC) {
2047 			/* 3/4 4-Way Handshake */
2048 			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
2049 						      key_data_len);
2050 		} else {
2051 			/* 1/4 4-Way Handshake */
2052 			wpa_supplicant_process_1_of_4(sm, src_addr, key,
2053 						      ver, key_data,
2054 						      key_data_len);
2055 		}
2056 	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2057 		/* PeerKey SMK Handshake */
2058 		peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
2059 				     ver);
2060 	} else {
2061 		if (key_info & WPA_KEY_INFO_MIC) {
2062 			/* 1/2 Group Key Handshake */
2063 			wpa_supplicant_process_1_of_2(sm, src_addr, key,
2064 						      key_data, key_data_len,
2065 						      ver);
2066 		} else {
2067 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2068 				"WPA: EAPOL-Key (Group) without Mic bit - "
2069 				"dropped");
2070 		}
2071 	}
2072 
2073 	ret = 1;
2074 
2075 out:
2076 	bin_clear_free(tmp, data_len);
2077 	return ret;
2078 }
2079 
2080 
2081 #ifdef CONFIG_CTRL_IFACE
2082 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2083 {
2084 	switch (sm->key_mgmt) {
2085 	case WPA_KEY_MGMT_IEEE8021X:
2086 		return ((sm->proto == WPA_PROTO_RSN ||
2087 			 sm->proto == WPA_PROTO_OSEN) ?
2088 			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2089 			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2090 	case WPA_KEY_MGMT_PSK:
2091 		return (sm->proto == WPA_PROTO_RSN ?
2092 			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2093 			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2094 #ifdef CONFIG_IEEE80211R
2095 	case WPA_KEY_MGMT_FT_IEEE8021X:
2096 		return RSN_AUTH_KEY_MGMT_FT_802_1X;
2097 	case WPA_KEY_MGMT_FT_PSK:
2098 		return RSN_AUTH_KEY_MGMT_FT_PSK;
2099 #endif /* CONFIG_IEEE80211R */
2100 #ifdef CONFIG_IEEE80211W
2101 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
2102 		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2103 	case WPA_KEY_MGMT_PSK_SHA256:
2104 		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2105 #endif /* CONFIG_IEEE80211W */
2106 	case WPA_KEY_MGMT_CCKM:
2107 		return (sm->proto == WPA_PROTO_RSN ?
2108 			RSN_AUTH_KEY_MGMT_CCKM:
2109 			WPA_AUTH_KEY_MGMT_CCKM);
2110 	case WPA_KEY_MGMT_WPA_NONE:
2111 		return WPA_AUTH_KEY_MGMT_NONE;
2112 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2113 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2114 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2115 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2116 	default:
2117 		return 0;
2118 	}
2119 }
2120 
2121 
2122 #define RSN_SUITE "%02x-%02x-%02x-%d"
2123 #define RSN_SUITE_ARG(s) \
2124 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2125 
2126 /**
2127  * wpa_sm_get_mib - Dump text list of MIB entries
2128  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2129  * @buf: Buffer for the list
2130  * @buflen: Length of the buffer
2131  * Returns: Number of bytes written to buffer
2132  *
2133  * This function is used fetch dot11 MIB variables.
2134  */
2135 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2136 {
2137 	char pmkid_txt[PMKID_LEN * 2 + 1];
2138 	int rsna, ret;
2139 	size_t len;
2140 
2141 	if (sm->cur_pmksa) {
2142 		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2143 				 sm->cur_pmksa->pmkid, PMKID_LEN);
2144 	} else
2145 		pmkid_txt[0] = '\0';
2146 
2147 	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2148 	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2149 	    sm->proto == WPA_PROTO_RSN)
2150 		rsna = 1;
2151 	else
2152 		rsna = 0;
2153 
2154 	ret = os_snprintf(buf, buflen,
2155 			  "dot11RSNAOptionImplemented=TRUE\n"
2156 			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
2157 			  "dot11RSNAEnabled=%s\n"
2158 			  "dot11RSNAPreauthenticationEnabled=%s\n"
2159 			  "dot11RSNAConfigVersion=%d\n"
2160 			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
2161 			  "dot11RSNAConfigGroupCipherSize=%d\n"
2162 			  "dot11RSNAConfigPMKLifetime=%d\n"
2163 			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
2164 			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2165 			  "dot11RSNAConfigSATimeout=%d\n",
2166 			  rsna ? "TRUE" : "FALSE",
2167 			  rsna ? "TRUE" : "FALSE",
2168 			  RSN_VERSION,
2169 			  wpa_cipher_key_len(sm->group_cipher) * 8,
2170 			  sm->dot11RSNAConfigPMKLifetime,
2171 			  sm->dot11RSNAConfigPMKReauthThreshold,
2172 			  sm->dot11RSNAConfigSATimeout);
2173 	if (os_snprintf_error(buflen, ret))
2174 		return 0;
2175 	len = ret;
2176 
2177 	ret = os_snprintf(
2178 		buf + len, buflen - len,
2179 		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2180 		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2181 		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2182 		"dot11RSNAPMKIDUsed=%s\n"
2183 		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2184 		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2185 		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2186 		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2187 		"dot11RSNA4WayHandshakeFailures=%u\n",
2188 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2189 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2190 						  sm->pairwise_cipher)),
2191 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2192 						  sm->group_cipher)),
2193 		pmkid_txt,
2194 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2195 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2196 						  sm->pairwise_cipher)),
2197 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2198 						  sm->group_cipher)),
2199 		sm->dot11RSNA4WayHandshakeFailures);
2200 	if (!os_snprintf_error(buflen - len, ret))
2201 		len += ret;
2202 
2203 	return (int) len;
2204 }
2205 #endif /* CONFIG_CTRL_IFACE */
2206 
2207 
2208 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2209 				 void *ctx, enum pmksa_free_reason reason)
2210 {
2211 	struct wpa_sm *sm = ctx;
2212 	int deauth = 0;
2213 
2214 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2215 		MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2216 
2217 	if (sm->cur_pmksa == entry) {
2218 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2219 			"RSN: %s current PMKSA entry",
2220 			reason == PMKSA_REPLACE ? "replaced" : "removed");
2221 		pmksa_cache_clear_current(sm);
2222 
2223 		/*
2224 		 * If an entry is simply being replaced, there's no need to
2225 		 * deauthenticate because it will be immediately re-added.
2226 		 * This happens when EAP authentication is completed again
2227 		 * (reauth or failed PMKSA caching attempt).
2228 		 */
2229 		if (reason != PMKSA_REPLACE)
2230 			deauth = 1;
2231 	}
2232 
2233 	if (reason == PMKSA_EXPIRE &&
2234 	    (sm->pmk_len == entry->pmk_len &&
2235 	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2236 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2237 			"RSN: deauthenticating due to expired PMK");
2238 		pmksa_cache_clear_current(sm);
2239 		deauth = 1;
2240 	}
2241 
2242 	if (deauth) {
2243 		os_memset(sm->pmk, 0, sizeof(sm->pmk));
2244 		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2245 	}
2246 }
2247 
2248 
2249 /**
2250  * wpa_sm_init - Initialize WPA state machine
2251  * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2252  * Returns: Pointer to the allocated WPA state machine data
2253  *
2254  * This function is used to allocate a new WPA state machine and the returned
2255  * value is passed to all WPA state machine calls.
2256  */
2257 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2258 {
2259 	struct wpa_sm *sm;
2260 
2261 	sm = os_zalloc(sizeof(*sm));
2262 	if (sm == NULL)
2263 		return NULL;
2264 	dl_list_init(&sm->pmksa_candidates);
2265 	sm->renew_snonce = 1;
2266 	sm->ctx = ctx;
2267 
2268 	sm->dot11RSNAConfigPMKLifetime = 43200;
2269 	sm->dot11RSNAConfigPMKReauthThreshold = 70;
2270 	sm->dot11RSNAConfigSATimeout = 60;
2271 
2272 	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2273 	if (sm->pmksa == NULL) {
2274 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2275 			"RSN: PMKSA cache initialization failed");
2276 		os_free(sm);
2277 		return NULL;
2278 	}
2279 
2280 	return sm;
2281 }
2282 
2283 
2284 /**
2285  * wpa_sm_deinit - Deinitialize WPA state machine
2286  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2287  */
2288 void wpa_sm_deinit(struct wpa_sm *sm)
2289 {
2290 	if (sm == NULL)
2291 		return;
2292 	pmksa_cache_deinit(sm->pmksa);
2293 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2294 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2295 	os_free(sm->assoc_wpa_ie);
2296 	os_free(sm->ap_wpa_ie);
2297 	os_free(sm->ap_rsn_ie);
2298 	wpa_sm_drop_sa(sm);
2299 	os_free(sm->ctx);
2300 	peerkey_deinit(sm);
2301 #ifdef CONFIG_IEEE80211R
2302 	os_free(sm->assoc_resp_ies);
2303 #endif /* CONFIG_IEEE80211R */
2304 	os_free(sm);
2305 }
2306 
2307 
2308 /**
2309  * wpa_sm_notify_assoc - Notify WPA state machine about association
2310  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2311  * @bssid: The BSSID of the new association
2312  *
2313  * This function is called to let WPA state machine know that the connection
2314  * was established.
2315  */
2316 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2317 {
2318 	int clear_keys = 1;
2319 
2320 	if (sm == NULL)
2321 		return;
2322 
2323 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2324 		"WPA: Association event - clear replay counter");
2325 	os_memcpy(sm->bssid, bssid, ETH_ALEN);
2326 	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2327 	sm->rx_replay_counter_set = 0;
2328 	sm->renew_snonce = 1;
2329 	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2330 		rsn_preauth_deinit(sm);
2331 
2332 #ifdef CONFIG_IEEE80211R
2333 	if (wpa_ft_is_completed(sm)) {
2334 		/*
2335 		 * Clear portValid to kick EAPOL state machine to re-enter
2336 		 * AUTHENTICATED state to get the EAPOL port Authorized.
2337 		 */
2338 		eapol_sm_notify_portValid(sm->eapol, FALSE);
2339 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2340 
2341 		/* Prepare for the next transition */
2342 		wpa_ft_prepare_auth_request(sm, NULL);
2343 
2344 		clear_keys = 0;
2345 	}
2346 #endif /* CONFIG_IEEE80211R */
2347 
2348 	if (clear_keys) {
2349 		/*
2350 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2351 		 * this is not part of a Fast BSS Transition.
2352 		 */
2353 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2354 		sm->ptk_set = 0;
2355 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2356 		sm->tptk_set = 0;
2357 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2358 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2359 		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2360 #ifdef CONFIG_IEEE80211W
2361 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2362 		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2363 #endif /* CONFIG_IEEE80211W */
2364 	}
2365 
2366 #ifdef CONFIG_TDLS
2367 	wpa_tdls_assoc(sm);
2368 #endif /* CONFIG_TDLS */
2369 
2370 #ifdef CONFIG_P2P
2371 	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2372 #endif /* CONFIG_P2P */
2373 }
2374 
2375 
2376 /**
2377  * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2378  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2379  *
2380  * This function is called to let WPA state machine know that the connection
2381  * was lost. This will abort any existing pre-authentication session.
2382  */
2383 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2384 {
2385 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2386 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2387 	peerkey_deinit(sm);
2388 	rsn_preauth_deinit(sm);
2389 	pmksa_cache_clear_current(sm);
2390 	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2391 		sm->dot11RSNA4WayHandshakeFailures++;
2392 #ifdef CONFIG_TDLS
2393 	wpa_tdls_disassoc(sm);
2394 #endif /* CONFIG_TDLS */
2395 #ifdef CONFIG_IEEE80211R
2396 	sm->ft_reassoc_completed = 0;
2397 #endif /* CONFIG_IEEE80211R */
2398 
2399 	/* Keys are not needed in the WPA state machine anymore */
2400 	wpa_sm_drop_sa(sm);
2401 
2402 	sm->msg_3_of_4_ok = 0;
2403 }
2404 
2405 
2406 /**
2407  * wpa_sm_set_pmk - Set PMK
2408  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2409  * @pmk: The new PMK
2410  * @pmk_len: The length of the new PMK in bytes
2411  * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2412  *
2413  * Configure the PMK for WPA state machine.
2414  */
2415 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2416 		    const u8 *bssid)
2417 {
2418 	if (sm == NULL)
2419 		return;
2420 
2421 	sm->pmk_len = pmk_len;
2422 	os_memcpy(sm->pmk, pmk, pmk_len);
2423 
2424 #ifdef CONFIG_IEEE80211R
2425 	/* Set XXKey to be PSK for FT key derivation */
2426 	sm->xxkey_len = pmk_len;
2427 	os_memcpy(sm->xxkey, pmk, pmk_len);
2428 #endif /* CONFIG_IEEE80211R */
2429 
2430 	if (bssid) {
2431 		pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
2432 				bssid, sm->own_addr,
2433 				sm->network_ctx, sm->key_mgmt);
2434 	}
2435 }
2436 
2437 
2438 /**
2439  * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2440  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2441  *
2442  * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2443  * will be cleared.
2444  */
2445 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2446 {
2447 	if (sm == NULL)
2448 		return;
2449 
2450 	if (sm->cur_pmksa) {
2451 		sm->pmk_len = sm->cur_pmksa->pmk_len;
2452 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2453 	} else {
2454 		sm->pmk_len = PMK_LEN;
2455 		os_memset(sm->pmk, 0, PMK_LEN);
2456 	}
2457 }
2458 
2459 
2460 /**
2461  * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2462  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2463  * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2464  */
2465 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2466 {
2467 	if (sm)
2468 		sm->fast_reauth = fast_reauth;
2469 }
2470 
2471 
2472 /**
2473  * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2474  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2475  * @scard_ctx: Context pointer for smartcard related callback functions
2476  */
2477 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2478 {
2479 	if (sm == NULL)
2480 		return;
2481 	sm->scard_ctx = scard_ctx;
2482 	if (sm->preauth_eapol)
2483 		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2484 }
2485 
2486 
2487 /**
2488  * wpa_sm_set_config - Notification of current configration change
2489  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2490  * @config: Pointer to current network configuration
2491  *
2492  * Notify WPA state machine that configuration has changed. config will be
2493  * stored as a backpointer to network configuration. This can be %NULL to clear
2494  * the stored pointed.
2495  */
2496 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2497 {
2498 	if (!sm)
2499 		return;
2500 
2501 	if (config) {
2502 		sm->network_ctx = config->network_ctx;
2503 		sm->peerkey_enabled = config->peerkey_enabled;
2504 		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2505 		sm->proactive_key_caching = config->proactive_key_caching;
2506 		sm->eap_workaround = config->eap_workaround;
2507 		sm->eap_conf_ctx = config->eap_conf_ctx;
2508 		if (config->ssid) {
2509 			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2510 			sm->ssid_len = config->ssid_len;
2511 		} else
2512 			sm->ssid_len = 0;
2513 		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2514 		sm->p2p = config->p2p;
2515 	} else {
2516 		sm->network_ctx = NULL;
2517 		sm->peerkey_enabled = 0;
2518 		sm->allowed_pairwise_cipher = 0;
2519 		sm->proactive_key_caching = 0;
2520 		sm->eap_workaround = 0;
2521 		sm->eap_conf_ctx = NULL;
2522 		sm->ssid_len = 0;
2523 		sm->wpa_ptk_rekey = 0;
2524 		sm->p2p = 0;
2525 	}
2526 }
2527 
2528 
2529 /**
2530  * wpa_sm_set_own_addr - Set own MAC address
2531  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2532  * @addr: Own MAC address
2533  */
2534 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2535 {
2536 	if (sm)
2537 		os_memcpy(sm->own_addr, addr, ETH_ALEN);
2538 }
2539 
2540 
2541 /**
2542  * wpa_sm_set_ifname - Set network interface name
2543  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2544  * @ifname: Interface name
2545  * @bridge_ifname: Optional bridge interface name (for pre-auth)
2546  */
2547 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2548 		       const char *bridge_ifname)
2549 {
2550 	if (sm) {
2551 		sm->ifname = ifname;
2552 		sm->bridge_ifname = bridge_ifname;
2553 	}
2554 }
2555 
2556 
2557 /**
2558  * wpa_sm_set_eapol - Set EAPOL state machine pointer
2559  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2560  * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2561  */
2562 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2563 {
2564 	if (sm)
2565 		sm->eapol = eapol;
2566 }
2567 
2568 
2569 /**
2570  * wpa_sm_set_param - Set WPA state machine parameters
2571  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2572  * @param: Parameter field
2573  * @value: Parameter value
2574  * Returns: 0 on success, -1 on failure
2575  */
2576 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2577 		     unsigned int value)
2578 {
2579 	int ret = 0;
2580 
2581 	if (sm == NULL)
2582 		return -1;
2583 
2584 	switch (param) {
2585 	case RSNA_PMK_LIFETIME:
2586 		if (value > 0)
2587 			sm->dot11RSNAConfigPMKLifetime = value;
2588 		else
2589 			ret = -1;
2590 		break;
2591 	case RSNA_PMK_REAUTH_THRESHOLD:
2592 		if (value > 0 && value <= 100)
2593 			sm->dot11RSNAConfigPMKReauthThreshold = value;
2594 		else
2595 			ret = -1;
2596 		break;
2597 	case RSNA_SA_TIMEOUT:
2598 		if (value > 0)
2599 			sm->dot11RSNAConfigSATimeout = value;
2600 		else
2601 			ret = -1;
2602 		break;
2603 	case WPA_PARAM_PROTO:
2604 		sm->proto = value;
2605 		break;
2606 	case WPA_PARAM_PAIRWISE:
2607 		sm->pairwise_cipher = value;
2608 		break;
2609 	case WPA_PARAM_GROUP:
2610 		sm->group_cipher = value;
2611 		break;
2612 	case WPA_PARAM_KEY_MGMT:
2613 		sm->key_mgmt = value;
2614 		break;
2615 #ifdef CONFIG_IEEE80211W
2616 	case WPA_PARAM_MGMT_GROUP:
2617 		sm->mgmt_group_cipher = value;
2618 		break;
2619 #endif /* CONFIG_IEEE80211W */
2620 	case WPA_PARAM_RSN_ENABLED:
2621 		sm->rsn_enabled = value;
2622 		break;
2623 	case WPA_PARAM_MFP:
2624 		sm->mfp = value;
2625 		break;
2626 	default:
2627 		break;
2628 	}
2629 
2630 	return ret;
2631 }
2632 
2633 
2634 /**
2635  * wpa_sm_get_status - Get WPA state machine
2636  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2637  * @buf: Buffer for status information
2638  * @buflen: Maximum buffer length
2639  * @verbose: Whether to include verbose status information
2640  * Returns: Number of bytes written to buf.
2641  *
2642  * Query WPA state machine for status information. This function fills in
2643  * a text area with current status information. If the buffer (buf) is not
2644  * large enough, status information will be truncated to fit the buffer.
2645  */
2646 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2647 		      int verbose)
2648 {
2649 	char *pos = buf, *end = buf + buflen;
2650 	int ret;
2651 
2652 	ret = os_snprintf(pos, end - pos,
2653 			  "pairwise_cipher=%s\n"
2654 			  "group_cipher=%s\n"
2655 			  "key_mgmt=%s\n",
2656 			  wpa_cipher_txt(sm->pairwise_cipher),
2657 			  wpa_cipher_txt(sm->group_cipher),
2658 			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2659 	if (os_snprintf_error(end - pos, ret))
2660 		return pos - buf;
2661 	pos += ret;
2662 
2663 	if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2664 		struct wpa_ie_data rsn;
2665 		if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2666 		    >= 0 &&
2667 		    rsn.capabilities & (WPA_CAPABILITY_MFPR |
2668 					WPA_CAPABILITY_MFPC)) {
2669 			ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2670 					  (rsn.capabilities &
2671 					   WPA_CAPABILITY_MFPR) ? 2 : 1);
2672 			if (os_snprintf_error(end - pos, ret))
2673 				return pos - buf;
2674 			pos += ret;
2675 		}
2676 	}
2677 
2678 	return pos - buf;
2679 }
2680 
2681 
2682 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2683 {
2684 	struct wpa_ie_data rsn;
2685 
2686 	if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2687 		return 0;
2688 
2689 	if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2690 	    rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2691 		return 1;
2692 
2693 	return 0;
2694 }
2695 
2696 
2697 /**
2698  * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2699  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2700  * @wpa_ie: Pointer to buffer for WPA/RSN IE
2701  * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2702  * Returns: 0 on success, -1 on failure
2703  */
2704 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2705 				    size_t *wpa_ie_len)
2706 {
2707 	int res;
2708 
2709 	if (sm == NULL)
2710 		return -1;
2711 
2712 	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2713 	if (res < 0)
2714 		return -1;
2715 	*wpa_ie_len = res;
2716 
2717 	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2718 		    wpa_ie, *wpa_ie_len);
2719 
2720 	if (sm->assoc_wpa_ie == NULL) {
2721 		/*
2722 		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2723 		 * the correct version of the IE even if PMKSA caching is
2724 		 * aborted (which would remove PMKID from IE generation).
2725 		 */
2726 		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2727 		if (sm->assoc_wpa_ie == NULL)
2728 			return -1;
2729 
2730 		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2731 		sm->assoc_wpa_ie_len = *wpa_ie_len;
2732 	}
2733 
2734 	return 0;
2735 }
2736 
2737 
2738 /**
2739  * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2740  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2741  * @ie: Pointer to IE data (starting from id)
2742  * @len: IE length
2743  * Returns: 0 on success, -1 on failure
2744  *
2745  * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2746  * Request frame. The IE will be used to override the default value generated
2747  * with wpa_sm_set_assoc_wpa_ie_default().
2748  */
2749 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2750 {
2751 	if (sm == NULL)
2752 		return -1;
2753 
2754 	os_free(sm->assoc_wpa_ie);
2755 	if (ie == NULL || len == 0) {
2756 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2757 			"WPA: clearing own WPA/RSN IE");
2758 		sm->assoc_wpa_ie = NULL;
2759 		sm->assoc_wpa_ie_len = 0;
2760 	} else {
2761 		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2762 		sm->assoc_wpa_ie = os_malloc(len);
2763 		if (sm->assoc_wpa_ie == NULL)
2764 			return -1;
2765 
2766 		os_memcpy(sm->assoc_wpa_ie, ie, len);
2767 		sm->assoc_wpa_ie_len = len;
2768 	}
2769 
2770 	return 0;
2771 }
2772 
2773 
2774 /**
2775  * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2776  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2777  * @ie: Pointer to IE data (starting from id)
2778  * @len: IE length
2779  * Returns: 0 on success, -1 on failure
2780  *
2781  * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2782  * frame.
2783  */
2784 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2785 {
2786 	if (sm == NULL)
2787 		return -1;
2788 
2789 	os_free(sm->ap_wpa_ie);
2790 	if (ie == NULL || len == 0) {
2791 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2792 			"WPA: clearing AP WPA IE");
2793 		sm->ap_wpa_ie = NULL;
2794 		sm->ap_wpa_ie_len = 0;
2795 	} else {
2796 		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2797 		sm->ap_wpa_ie = os_malloc(len);
2798 		if (sm->ap_wpa_ie == NULL)
2799 			return -1;
2800 
2801 		os_memcpy(sm->ap_wpa_ie, ie, len);
2802 		sm->ap_wpa_ie_len = len;
2803 	}
2804 
2805 	return 0;
2806 }
2807 
2808 
2809 /**
2810  * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2811  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2812  * @ie: Pointer to IE data (starting from id)
2813  * @len: IE length
2814  * Returns: 0 on success, -1 on failure
2815  *
2816  * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2817  * frame.
2818  */
2819 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2820 {
2821 	if (sm == NULL)
2822 		return -1;
2823 
2824 	os_free(sm->ap_rsn_ie);
2825 	if (ie == NULL || len == 0) {
2826 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2827 			"WPA: clearing AP RSN IE");
2828 		sm->ap_rsn_ie = NULL;
2829 		sm->ap_rsn_ie_len = 0;
2830 	} else {
2831 		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2832 		sm->ap_rsn_ie = os_malloc(len);
2833 		if (sm->ap_rsn_ie == NULL)
2834 			return -1;
2835 
2836 		os_memcpy(sm->ap_rsn_ie, ie, len);
2837 		sm->ap_rsn_ie_len = len;
2838 	}
2839 
2840 	return 0;
2841 }
2842 
2843 
2844 /**
2845  * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2846  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2847  * @data: Pointer to data area for parsing results
2848  * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2849  *
2850  * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2851  * parsed data into data.
2852  */
2853 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2854 {
2855 	if (sm == NULL)
2856 		return -1;
2857 
2858 	if (sm->assoc_wpa_ie == NULL) {
2859 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2860 			"WPA: No WPA/RSN IE available from association info");
2861 		return -1;
2862 	}
2863 	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2864 		return -2;
2865 	return 0;
2866 }
2867 
2868 
2869 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2870 {
2871 	return pmksa_cache_list(sm->pmksa, buf, len);
2872 }
2873 
2874 
2875 void wpa_sm_drop_sa(struct wpa_sm *sm)
2876 {
2877 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2878 	sm->ptk_set = 0;
2879 	sm->tptk_set = 0;
2880 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
2881 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2882 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2883 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2884 	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2885 #ifdef CONFIG_IEEE80211W
2886 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2887 	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2888 #endif /* CONFIG_IEEE80211W */
2889 #ifdef CONFIG_IEEE80211R
2890 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2891 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2892 	os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2893 #endif /* CONFIG_IEEE80211R */
2894 }
2895 
2896 
2897 int wpa_sm_has_ptk(struct wpa_sm *sm)
2898 {
2899 	if (sm == NULL)
2900 		return 0;
2901 	return sm->ptk_set;
2902 }
2903 
2904 
2905 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2906 {
2907 	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2908 }
2909 
2910 
2911 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2912 {
2913 	pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2914 }
2915 
2916 
2917 #ifdef CONFIG_WNM
2918 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2919 {
2920 	u16 keyinfo;
2921 	u8 keylen;  /* plaintext key len */
2922 	u8 *key_rsc;
2923 
2924 	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2925 		struct wpa_gtk_data gd;
2926 
2927 		os_memset(&gd, 0, sizeof(gd));
2928 		keylen = wpa_cipher_key_len(sm->group_cipher);
2929 		gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2930 		gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2931 		if (gd.alg == WPA_ALG_NONE) {
2932 			wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2933 			return -1;
2934 		}
2935 
2936 		key_rsc = buf + 5;
2937 		keyinfo = WPA_GET_LE16(buf + 2);
2938 		gd.gtk_len = keylen;
2939 		if (gd.gtk_len != buf[4]) {
2940 			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2941 				   gd.gtk_len, buf[4]);
2942 			return -1;
2943 		}
2944 		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2945 		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2946 		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2947 
2948 		os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2949 
2950 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2951 				gd.gtk, gd.gtk_len);
2952 		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
2953 			os_memset(&gd, 0, sizeof(gd));
2954 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2955 				   "WNM mode");
2956 			return -1;
2957 		}
2958 		os_memset(&gd, 0, sizeof(gd));
2959 #ifdef CONFIG_IEEE80211W
2960 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2961 		const struct wpa_igtk_kde *igtk;
2962 
2963 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
2964 		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
2965 			return -1;
2966 #endif /* CONFIG_IEEE80211W */
2967 	} else {
2968 		wpa_printf(MSG_DEBUG, "Unknown element id");
2969 		return -1;
2970 	}
2971 
2972 	return 0;
2973 }
2974 #endif /* CONFIG_WNM */
2975 
2976 
2977 #ifdef CONFIG_PEERKEY
2978 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2979 			    const u8 *buf, size_t len)
2980 {
2981 	struct wpa_peerkey *peerkey;
2982 
2983 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2984 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2985 			break;
2986 	}
2987 
2988 	if (!peerkey)
2989 		return 0;
2990 
2991 	wpa_sm_rx_eapol(sm, src_addr, buf, len);
2992 
2993 	return 1;
2994 }
2995 #endif /* CONFIG_PEERKEY */
2996 
2997 
2998 #ifdef CONFIG_P2P
2999 
3000 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
3001 {
3002 	if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
3003 		return -1;
3004 	os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
3005 	return 0;
3006 }
3007 
3008 #endif /* CONFIG_P2P */
3009 
3010 
3011 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
3012 {
3013 	if (rx_replay_counter == NULL)
3014 		return;
3015 
3016 	os_memcpy(sm->rx_replay_counter, rx_replay_counter,
3017 		  WPA_REPLAY_COUNTER_LEN);
3018 	sm->rx_replay_counter_set = 1;
3019 	wpa_printf(MSG_DEBUG, "Updated key replay counter");
3020 }
3021 
3022 
3023 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
3024 			    const u8 *ptk_kck, size_t ptk_kck_len,
3025 			    const u8 *ptk_kek, size_t ptk_kek_len)
3026 {
3027 	if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
3028 		os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
3029 		sm->ptk.kck_len = ptk_kck_len;
3030 		wpa_printf(MSG_DEBUG, "Updated PTK KCK");
3031 	}
3032 	if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
3033 		os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
3034 		sm->ptk.kek_len = ptk_kek_len;
3035 		wpa_printf(MSG_DEBUG, "Updated PTK KEK");
3036 	}
3037 	sm->ptk_set = 1;
3038 }
3039