1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * Copyright(c) 2015 Intel Deutschland GmbH 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "includes.h" 11 12 #include "common.h" 13 #include "crypto/aes_wrap.h" 14 #include "crypto/crypto.h" 15 #include "crypto/random.h" 16 #include "common/ieee802_11_defs.h" 17 #include "eapol_supp/eapol_supp_sm.h" 18 #include "wpa.h" 19 #include "eloop.h" 20 #include "preauth.h" 21 #include "pmksa_cache.h" 22 #include "wpa_i.h" 23 #include "wpa_ie.h" 24 #include "peerkey.h" 25 26 27 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 28 29 30 /** 31 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 32 * @sm: Pointer to WPA state machine data from wpa_sm_init() 33 * @kck: Key Confirmation Key (KCK, part of PTK) 34 * @kck_len: KCK length in octets 35 * @ver: Version field from Key Info 36 * @dest: Destination address for the frame 37 * @proto: Ethertype (usually ETH_P_EAPOL) 38 * @msg: EAPOL-Key message 39 * @msg_len: Length of message 40 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 41 * Returns: >= 0 on success, < 0 on failure 42 */ 43 int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, 44 int ver, const u8 *dest, u16 proto, 45 u8 *msg, size_t msg_len, u8 *key_mic) 46 { 47 int ret = -1; 48 size_t mic_len = wpa_mic_len(sm->key_mgmt); 49 50 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 51 /* 52 * Association event was not yet received; try to fetch 53 * BSSID from the driver. 54 */ 55 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 56 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 57 "WPA: Failed to read BSSID for " 58 "EAPOL-Key destination address"); 59 } else { 60 dest = sm->bssid; 61 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 62 "WPA: Use BSSID (" MACSTR 63 ") as the destination for EAPOL-Key", 64 MAC2STR(dest)); 65 } 66 } 67 if (key_mic && 68 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, 69 key_mic)) { 70 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 71 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 72 ver, sm->key_mgmt); 73 goto out; 74 } 75 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); 76 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len); 77 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 78 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 79 eapol_sm_notify_tx_eapol_key(sm->eapol); 80 out: 81 os_free(msg); 82 return ret; 83 } 84 85 86 /** 87 * wpa_sm_key_request - Send EAPOL-Key Request 88 * @sm: Pointer to WPA state machine data from wpa_sm_init() 89 * @error: Indicate whether this is an Michael MIC error report 90 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 91 * 92 * Send an EAPOL-Key Request to the current authenticator. This function is 93 * used to request rekeying and it is usually called when a local Michael MIC 94 * failure is detected. 95 */ 96 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 97 { 98 size_t mic_len, hdrlen, rlen; 99 struct wpa_eapol_key *reply; 100 struct wpa_eapol_key_192 *reply192; 101 int key_info, ver; 102 u8 bssid[ETH_ALEN], *rbuf, *key_mic; 103 104 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 105 wpa_key_mgmt_suite_b(sm->key_mgmt)) 106 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 107 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 108 wpa_key_mgmt_sha256(sm->key_mgmt)) 109 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 110 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 111 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 112 else 113 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 114 115 if (wpa_sm_get_bssid(sm, bssid) < 0) { 116 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 117 "Failed to read BSSID for EAPOL-Key request"); 118 return; 119 } 120 121 mic_len = wpa_mic_len(sm->key_mgmt); 122 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 123 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 124 hdrlen, &rlen, (void *) &reply); 125 if (rbuf == NULL) 126 return; 127 reply192 = (struct wpa_eapol_key_192 *) reply; 128 129 reply->type = (sm->proto == WPA_PROTO_RSN || 130 sm->proto == WPA_PROTO_OSEN) ? 131 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 132 key_info = WPA_KEY_INFO_REQUEST | ver; 133 if (sm->ptk_set) 134 key_info |= WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 135 if (error) 136 key_info |= WPA_KEY_INFO_ERROR; 137 if (pairwise) 138 key_info |= WPA_KEY_INFO_KEY_TYPE; 139 WPA_PUT_BE16(reply->key_info, key_info); 140 WPA_PUT_BE16(reply->key_length, 0); 141 os_memcpy(reply->replay_counter, sm->request_counter, 142 WPA_REPLAY_COUNTER_LEN); 143 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 144 145 if (mic_len == 24) 146 WPA_PUT_BE16(reply192->key_data_length, 0); 147 else 148 WPA_PUT_BE16(reply->key_data_length, 0); 149 if (!(key_info & WPA_KEY_INFO_MIC)) 150 key_mic = NULL; 151 else 152 key_mic = reply192->key_mic; /* same offset in reply */ 153 154 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 155 "WPA: Sending EAPOL-Key Request (error=%d " 156 "pairwise=%d ptk_set=%d len=%lu)", 157 error, pairwise, sm->ptk_set, (unsigned long) rlen); 158 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 159 ETH_P_EAPOL, rbuf, rlen, key_mic); 160 } 161 162 163 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 164 { 165 #ifdef CONFIG_IEEE80211R 166 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 167 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 168 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 169 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 170 } else { 171 #endif /* CONFIG_IEEE80211R */ 172 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 173 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 174 "RSN: Cannot set PMK for key management offload"); 175 #ifdef CONFIG_IEEE80211R 176 } 177 #endif /* CONFIG_IEEE80211R */ 178 } 179 180 181 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 182 const unsigned char *src_addr, 183 const u8 *pmkid) 184 { 185 int abort_cached = 0; 186 187 if (pmkid && !sm->cur_pmksa) { 188 /* When using drivers that generate RSN IE, wpa_supplicant may 189 * not have enough time to get the association information 190 * event before receiving this 1/4 message, so try to find a 191 * matching PMKSA cache entry here. */ 192 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 193 NULL); 194 if (sm->cur_pmksa) { 195 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 196 "RSN: found matching PMKID from PMKSA cache"); 197 } else { 198 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 199 "RSN: no matching PMKID found"); 200 abort_cached = 1; 201 } 202 } 203 204 if (pmkid && sm->cur_pmksa && 205 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 206 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 207 wpa_sm_set_pmk_from_pmksa(sm); 208 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 209 sm->pmk, sm->pmk_len); 210 eapol_sm_notify_cached(sm->eapol); 211 #ifdef CONFIG_IEEE80211R 212 sm->xxkey_len = 0; 213 #endif /* CONFIG_IEEE80211R */ 214 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 215 int res, pmk_len; 216 217 if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 218 pmk_len = PMK_LEN_SUITE_B_192; 219 else 220 pmk_len = PMK_LEN; 221 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len); 222 if (res) { 223 if (pmk_len == PMK_LEN) { 224 /* 225 * EAP-LEAP is an exception from other EAP 226 * methods: it uses only 16-byte PMK. 227 */ 228 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 229 pmk_len = 16; 230 } 231 } else { 232 #ifdef CONFIG_IEEE80211R 233 u8 buf[2 * PMK_LEN]; 234 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 235 { 236 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 237 sm->xxkey_len = PMK_LEN; 238 os_memset(buf, 0, sizeof(buf)); 239 } 240 #endif /* CONFIG_IEEE80211R */ 241 } 242 if (res == 0) { 243 struct rsn_pmksa_cache_entry *sa = NULL; 244 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 245 "machines", sm->pmk, pmk_len); 246 sm->pmk_len = pmk_len; 247 wpa_supplicant_key_mgmt_set_pmk(sm); 248 if (sm->proto == WPA_PROTO_RSN && 249 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 250 !wpa_key_mgmt_ft(sm->key_mgmt)) { 251 sa = pmksa_cache_add(sm->pmksa, 252 sm->pmk, pmk_len, NULL, 253 NULL, 0, 254 src_addr, sm->own_addr, 255 sm->network_ctx, 256 sm->key_mgmt); 257 } 258 if (!sm->cur_pmksa && pmkid && 259 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 260 { 261 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 262 "RSN: the new PMK matches with the " 263 "PMKID"); 264 abort_cached = 0; 265 } else if (sa && !sm->cur_pmksa && pmkid) { 266 /* 267 * It looks like the authentication server 268 * derived mismatching MSK. This should not 269 * really happen, but bugs happen.. There is not 270 * much we can do here without knowing what 271 * exactly caused the server to misbehave. 272 */ 273 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 274 "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); 275 return -1; 276 } 277 278 if (!sm->cur_pmksa) 279 sm->cur_pmksa = sa; 280 } else { 281 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 282 "WPA: Failed to get master session key from " 283 "EAPOL state machines - key handshake " 284 "aborted"); 285 if (sm->cur_pmksa) { 286 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 287 "RSN: Cancelled PMKSA caching " 288 "attempt"); 289 sm->cur_pmksa = NULL; 290 abort_cached = 1; 291 } else if (!abort_cached) { 292 return -1; 293 } 294 } 295 } 296 297 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 298 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 299 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 300 { 301 /* Send EAPOL-Start to trigger full EAP authentication. */ 302 u8 *buf; 303 size_t buflen; 304 305 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 306 "RSN: no PMKSA entry found - trigger " 307 "full EAP authentication"); 308 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 309 NULL, 0, &buflen, NULL); 310 if (buf) { 311 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 312 buf, buflen); 313 os_free(buf); 314 return -2; 315 } 316 317 return -1; 318 } 319 320 return 0; 321 } 322 323 324 /** 325 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 326 * @sm: Pointer to WPA state machine data from wpa_sm_init() 327 * @dst: Destination address for the frame 328 * @key: Pointer to the EAPOL-Key frame header 329 * @ver: Version bits from EAPOL-Key Key Info 330 * @nonce: Nonce value for the EAPOL-Key frame 331 * @wpa_ie: WPA/RSN IE 332 * @wpa_ie_len: Length of the WPA/RSN IE 333 * @ptk: PTK to use for keyed hash and encryption 334 * Returns: >= 0 on success, < 0 on failure 335 */ 336 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 337 const struct wpa_eapol_key *key, 338 int ver, const u8 *nonce, 339 const u8 *wpa_ie, size_t wpa_ie_len, 340 struct wpa_ptk *ptk) 341 { 342 size_t mic_len, hdrlen, rlen; 343 struct wpa_eapol_key *reply; 344 struct wpa_eapol_key_192 *reply192; 345 u8 *rbuf, *key_mic; 346 u8 *rsn_ie_buf = NULL; 347 348 if (wpa_ie == NULL) { 349 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 350 "cannot generate msg 2/4"); 351 return -1; 352 } 353 354 #ifdef CONFIG_IEEE80211R 355 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 356 int res; 357 358 /* 359 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 360 * FTIE from (Re)Association Response. 361 */ 362 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 363 sm->assoc_resp_ies_len); 364 if (rsn_ie_buf == NULL) 365 return -1; 366 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 367 res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len, 368 sm->pmk_r1_name); 369 if (res < 0) { 370 os_free(rsn_ie_buf); 371 return -1; 372 } 373 374 if (sm->assoc_resp_ies) { 375 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 376 sm->assoc_resp_ies_len); 377 wpa_ie_len += sm->assoc_resp_ies_len; 378 } 379 380 wpa_ie = rsn_ie_buf; 381 } 382 #endif /* CONFIG_IEEE80211R */ 383 384 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 385 386 mic_len = wpa_mic_len(sm->key_mgmt); 387 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 388 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 389 NULL, hdrlen + wpa_ie_len, 390 &rlen, (void *) &reply); 391 if (rbuf == NULL) { 392 os_free(rsn_ie_buf); 393 return -1; 394 } 395 reply192 = (struct wpa_eapol_key_192 *) reply; 396 397 reply->type = (sm->proto == WPA_PROTO_RSN || 398 sm->proto == WPA_PROTO_OSEN) ? 399 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 400 WPA_PUT_BE16(reply->key_info, 401 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 402 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 403 WPA_PUT_BE16(reply->key_length, 0); 404 else 405 os_memcpy(reply->key_length, key->key_length, 2); 406 os_memcpy(reply->replay_counter, key->replay_counter, 407 WPA_REPLAY_COUNTER_LEN); 408 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 409 WPA_REPLAY_COUNTER_LEN); 410 411 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 412 if (mic_len == 24) { 413 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len); 414 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len); 415 } else { 416 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 417 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 418 } 419 os_free(rsn_ie_buf); 420 421 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 422 423 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 424 return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, 425 ETH_P_EAPOL, rbuf, rlen, key_mic); 426 } 427 428 429 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 430 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 431 { 432 #ifdef CONFIG_IEEE80211R 433 if (wpa_key_mgmt_ft(sm->key_mgmt)) 434 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 435 #endif /* CONFIG_IEEE80211R */ 436 437 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 438 sm->own_addr, sm->bssid, sm->snonce, 439 key->key_nonce, ptk, sm->key_mgmt, 440 sm->pairwise_cipher); 441 } 442 443 444 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 445 const unsigned char *src_addr, 446 const struct wpa_eapol_key *key, 447 u16 ver, const u8 *key_data, 448 size_t key_data_len) 449 { 450 struct wpa_eapol_ie_parse ie; 451 struct wpa_ptk *ptk; 452 int res; 453 u8 *kde, *kde_buf = NULL; 454 size_t kde_len; 455 456 if (wpa_sm_get_network_ctx(sm) == NULL) { 457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 458 "found (msg 1 of 4)"); 459 return; 460 } 461 462 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 463 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 464 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 465 466 os_memset(&ie, 0, sizeof(ie)); 467 468 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 469 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 470 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 471 key_data, key_data_len); 472 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 473 goto failed; 474 if (ie.pmkid) { 475 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 476 "Authenticator", ie.pmkid, PMKID_LEN); 477 } 478 } 479 480 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 481 if (res == -2) { 482 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 483 "msg 1/4 - requesting full EAP authentication"); 484 return; 485 } 486 if (res) 487 goto failed; 488 489 if (sm->renew_snonce) { 490 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 491 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 492 "WPA: Failed to get random data for SNonce"); 493 goto failed; 494 } 495 sm->renew_snonce = 0; 496 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 497 sm->snonce, WPA_NONCE_LEN); 498 } 499 500 /* Calculate PTK which will be stored as a temporary PTK until it has 501 * been verified when processing message 3/4. */ 502 ptk = &sm->tptk; 503 wpa_derive_ptk(sm, src_addr, key, ptk); 504 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 505 u8 buf[8]; 506 /* Supplicant: swap tx/rx Mic keys */ 507 os_memcpy(buf, &ptk->tk[16], 8); 508 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 509 os_memcpy(&ptk->tk[24], buf, 8); 510 os_memset(buf, 0, sizeof(buf)); 511 } 512 sm->tptk_set = 1; 513 sm->tk_to_set = 1; 514 515 kde = sm->assoc_wpa_ie; 516 kde_len = sm->assoc_wpa_ie_len; 517 518 #ifdef CONFIG_P2P 519 if (sm->p2p) { 520 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 521 if (kde_buf) { 522 u8 *pos; 523 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 524 "into EAPOL-Key 2/4"); 525 os_memcpy(kde_buf, kde, kde_len); 526 kde = kde_buf; 527 pos = kde + kde_len; 528 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 529 *pos++ = RSN_SELECTOR_LEN + 1; 530 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 531 pos += RSN_SELECTOR_LEN; 532 *pos++ = 0x01; 533 kde_len = pos - kde; 534 } 535 } 536 #endif /* CONFIG_P2P */ 537 538 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 539 kde, kde_len, ptk) < 0) 540 goto failed; 541 542 os_free(kde_buf); 543 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 544 return; 545 546 failed: 547 os_free(kde_buf); 548 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 549 } 550 551 552 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 553 { 554 struct wpa_sm *sm = eloop_ctx; 555 rsn_preauth_candidate_process(sm); 556 } 557 558 559 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 560 const u8 *addr, int secure) 561 { 562 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 563 "WPA: Key negotiation completed with " 564 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 565 wpa_cipher_txt(sm->pairwise_cipher), 566 wpa_cipher_txt(sm->group_cipher)); 567 wpa_sm_cancel_auth_timeout(sm); 568 wpa_sm_set_state(sm, WPA_COMPLETED); 569 570 if (secure) { 571 wpa_sm_mlme_setprotection( 572 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 573 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 574 eapol_sm_notify_portValid(sm->eapol, TRUE); 575 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 576 eapol_sm_notify_eap_success(sm->eapol, TRUE); 577 /* 578 * Start preauthentication after a short wait to avoid a 579 * possible race condition between the data receive and key 580 * configuration after the 4-Way Handshake. This increases the 581 * likelihood of the first preauth EAPOL-Start frame getting to 582 * the target AP. 583 */ 584 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 585 } 586 587 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 588 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 589 "RSN: Authenticator accepted " 590 "opportunistic PMKSA entry - marking it valid"); 591 sm->cur_pmksa->opportunistic = 0; 592 } 593 594 #ifdef CONFIG_IEEE80211R 595 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 596 /* Prepare for the next transition */ 597 wpa_ft_prepare_auth_request(sm, NULL); 598 } 599 #endif /* CONFIG_IEEE80211R */ 600 } 601 602 603 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 604 { 605 struct wpa_sm *sm = eloop_ctx; 606 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 607 wpa_sm_key_request(sm, 0, 1); 608 } 609 610 611 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 612 const struct wpa_eapol_key *key) 613 { 614 int keylen, rsclen; 615 enum wpa_alg alg; 616 const u8 *key_rsc; 617 618 if (sm->ptk.installed) { 619 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 620 "WPA: Do not re-install same PTK to the driver"); 621 return 0; 622 } 623 624 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 625 "WPA: Installing PTK to the driver"); 626 627 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 628 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 629 "Suite: NONE - do not use pairwise keys"); 630 return 0; 631 } 632 633 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 634 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 635 "WPA: Unsupported pairwise cipher %d", 636 sm->pairwise_cipher); 637 return -1; 638 } 639 640 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 641 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 642 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 643 644 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 645 key_rsc = null_rsc; 646 } else { 647 key_rsc = key->key_rsc; 648 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 649 } 650 651 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 652 sm->ptk.tk, keylen) < 0) { 653 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 654 "WPA: Failed to set PTK to the " 655 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 656 alg, keylen, MAC2STR(sm->bssid)); 657 return -1; 658 } 659 660 /* TK is not needed anymore in supplicant */ 661 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 662 sm->ptk.installed = 1; 663 664 if (sm->wpa_ptk_rekey) { 665 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 666 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 667 sm, NULL); 668 } 669 670 return 0; 671 } 672 673 674 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 675 int group_cipher, 676 int keylen, int maxkeylen, 677 int *key_rsc_len, 678 enum wpa_alg *alg) 679 { 680 int klen; 681 682 *alg = wpa_cipher_to_alg(group_cipher); 683 if (*alg == WPA_ALG_NONE) { 684 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 685 "WPA: Unsupported Group Cipher %d", 686 group_cipher); 687 return -1; 688 } 689 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 690 691 klen = wpa_cipher_key_len(group_cipher); 692 if (keylen != klen || maxkeylen < klen) { 693 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 694 "WPA: Unsupported %s Group Cipher key length %d (%d)", 695 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 696 return -1; 697 } 698 return 0; 699 } 700 701 702 struct wpa_gtk_data { 703 enum wpa_alg alg; 704 int tx, key_rsc_len, keyidx; 705 u8 gtk[32]; 706 int gtk_len; 707 }; 708 709 710 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 711 const struct wpa_gtk_data *gd, 712 const u8 *key_rsc, int wnm_sleep) 713 { 714 const u8 *_gtk = gd->gtk; 715 u8 gtk_buf[32]; 716 717 /* Detect possible key reinstallation */ 718 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && 719 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || 720 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && 721 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, 722 sm->gtk_wnm_sleep.gtk_len) == 0)) { 723 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 724 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", 725 gd->keyidx, gd->tx, gd->gtk_len); 726 return 0; 727 } 728 729 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 730 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 731 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 732 gd->keyidx, gd->tx, gd->gtk_len); 733 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 734 if (sm->group_cipher == WPA_CIPHER_TKIP) { 735 /* Swap Tx/Rx keys for Michael MIC */ 736 os_memcpy(gtk_buf, gd->gtk, 16); 737 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 738 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 739 _gtk = gtk_buf; 740 } 741 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 742 if (wpa_sm_set_key(sm, gd->alg, NULL, 743 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 744 _gtk, gd->gtk_len) < 0) { 745 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 746 "WPA: Failed to set GTK to the driver " 747 "(Group only)"); 748 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 749 return -1; 750 } 751 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 752 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 753 _gtk, gd->gtk_len) < 0) { 754 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 755 "WPA: Failed to set GTK to " 756 "the driver (alg=%d keylen=%d keyidx=%d)", 757 gd->alg, gd->gtk_len, gd->keyidx); 758 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 759 return -1; 760 } 761 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 762 763 if (wnm_sleep) { 764 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; 765 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, 766 sm->gtk_wnm_sleep.gtk_len); 767 } else { 768 sm->gtk.gtk_len = gd->gtk_len; 769 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 770 } 771 772 return 0; 773 } 774 775 776 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 777 int tx) 778 { 779 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 780 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 781 * seemed to set this bit (incorrectly, since Tx is only when 782 * doing Group Key only APs) and without this workaround, the 783 * data connection does not work because wpa_supplicant 784 * configured non-zero keyidx to be used for unicast. */ 785 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 786 "WPA: Tx bit set for GTK, but pairwise " 787 "keys are used - ignore Tx bit"); 788 return 0; 789 } 790 return tx; 791 } 792 793 794 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, 795 const u8 *rsc) 796 { 797 int rsclen; 798 799 if (!sm->wpa_rsc_relaxation) 800 return 0; 801 802 rsclen = wpa_cipher_rsc_len(sm->group_cipher); 803 804 /* 805 * Try to detect RSC (endian) corruption issue where the AP sends 806 * the RSC bytes in EAPOL-Key message in the wrong order, both if 807 * it's actually a 6-byte field (as it should be) and if it treats 808 * it as an 8-byte field. 809 * An AP model known to have this bug is the Sapido RB-1632. 810 */ 811 if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) { 812 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 813 "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0", 814 rsc[0], rsc[1], rsc[2], rsc[3], 815 rsc[4], rsc[5], rsc[6], rsc[7]); 816 817 return 1; 818 } 819 820 return 0; 821 } 822 823 824 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 825 const struct wpa_eapol_key *key, 826 const u8 *gtk, size_t gtk_len, 827 int key_info) 828 { 829 struct wpa_gtk_data gd; 830 const u8 *key_rsc; 831 832 /* 833 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 834 * GTK KDE format: 835 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 836 * Reserved [bits 0-7] 837 * GTK 838 */ 839 840 os_memset(&gd, 0, sizeof(gd)); 841 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 842 gtk, gtk_len); 843 844 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 845 return -1; 846 847 gd.keyidx = gtk[0] & 0x3; 848 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 849 !!(gtk[0] & BIT(2))); 850 gtk += 2; 851 gtk_len -= 2; 852 853 os_memcpy(gd.gtk, gtk, gtk_len); 854 gd.gtk_len = gtk_len; 855 856 key_rsc = key->key_rsc; 857 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 858 key_rsc = null_rsc; 859 860 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 861 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 862 gtk_len, gtk_len, 863 &gd.key_rsc_len, &gd.alg) || 864 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) { 865 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 866 "RSN: Failed to install GTK"); 867 os_memset(&gd, 0, sizeof(gd)); 868 return -1; 869 } 870 os_memset(&gd, 0, sizeof(gd)); 871 872 wpa_supplicant_key_neg_complete(sm, sm->bssid, 873 key_info & WPA_KEY_INFO_SECURE); 874 return 0; 875 } 876 877 878 #ifdef CONFIG_IEEE80211W 879 static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 880 const struct wpa_igtk_kde *igtk, 881 int wnm_sleep) 882 { 883 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); 884 u16 keyidx = WPA_GET_LE16(igtk->keyid); 885 886 /* Detect possible key reinstallation */ 887 if ((sm->igtk.igtk_len == len && 888 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || 889 (sm->igtk_wnm_sleep.igtk_len == len && 890 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, 891 sm->igtk_wnm_sleep.igtk_len) == 0)) { 892 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 893 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", 894 keyidx); 895 return 0; 896 } 897 898 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 899 "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", 900 keyidx, MAC2STR(igtk->pn)); 901 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); 902 if (keyidx > 4095) { 903 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 904 "WPA: Invalid IGTK KeyID %d", keyidx); 905 return -1; 906 } 907 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 908 broadcast_ether_addr, 909 keyidx, 0, igtk->pn, sizeof(igtk->pn), 910 igtk->igtk, len) < 0) { 911 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 912 "WPA: Failed to configure IGTK to the driver"); 913 return -1; 914 } 915 916 if (wnm_sleep) { 917 sm->igtk_wnm_sleep.igtk_len = len; 918 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, 919 sm->igtk_wnm_sleep.igtk_len); 920 } else { 921 sm->igtk.igtk_len = len; 922 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 923 } 924 925 return 0; 926 } 927 #endif /* CONFIG_IEEE80211W */ 928 929 930 static int ieee80211w_set_keys(struct wpa_sm *sm, 931 struct wpa_eapol_ie_parse *ie) 932 { 933 #ifdef CONFIG_IEEE80211W 934 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 935 return 0; 936 937 if (ie->igtk) { 938 size_t len; 939 const struct wpa_igtk_kde *igtk; 940 941 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 942 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 943 return -1; 944 945 igtk = (const struct wpa_igtk_kde *) ie->igtk; 946 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) 947 return -1; 948 } 949 950 return 0; 951 #else /* CONFIG_IEEE80211W */ 952 return 0; 953 #endif /* CONFIG_IEEE80211W */ 954 } 955 956 957 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 958 const char *reason, const u8 *src_addr, 959 const u8 *wpa_ie, size_t wpa_ie_len, 960 const u8 *rsn_ie, size_t rsn_ie_len) 961 { 962 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 963 reason, MAC2STR(src_addr)); 964 965 if (sm->ap_wpa_ie) { 966 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 967 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 968 } 969 if (wpa_ie) { 970 if (!sm->ap_wpa_ie) { 971 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 972 "WPA: No WPA IE in Beacon/ProbeResp"); 973 } 974 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 975 wpa_ie, wpa_ie_len); 976 } 977 978 if (sm->ap_rsn_ie) { 979 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 980 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 981 } 982 if (rsn_ie) { 983 if (!sm->ap_rsn_ie) { 984 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 985 "WPA: No RSN IE in Beacon/ProbeResp"); 986 } 987 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 988 rsn_ie, rsn_ie_len); 989 } 990 991 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 992 } 993 994 995 #ifdef CONFIG_IEEE80211R 996 997 static int ft_validate_mdie(struct wpa_sm *sm, 998 const unsigned char *src_addr, 999 struct wpa_eapol_ie_parse *ie, 1000 const u8 *assoc_resp_mdie) 1001 { 1002 struct rsn_mdie *mdie; 1003 1004 mdie = (struct rsn_mdie *) (ie->mdie + 2); 1005 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 1006 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 1007 MOBILITY_DOMAIN_ID_LEN) != 0) { 1008 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 1009 "not match with the current mobility domain"); 1010 return -1; 1011 } 1012 1013 if (assoc_resp_mdie && 1014 (assoc_resp_mdie[1] != ie->mdie[1] || 1015 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 1016 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 1017 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 1018 ie->mdie, 2 + ie->mdie[1]); 1019 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 1020 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 1021 return -1; 1022 } 1023 1024 return 0; 1025 } 1026 1027 1028 static int ft_validate_ftie(struct wpa_sm *sm, 1029 const unsigned char *src_addr, 1030 struct wpa_eapol_ie_parse *ie, 1031 const u8 *assoc_resp_ftie) 1032 { 1033 if (ie->ftie == NULL) { 1034 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1035 "FT: No FTIE in EAPOL-Key msg 3/4"); 1036 return -1; 1037 } 1038 1039 if (assoc_resp_ftie == NULL) 1040 return 0; 1041 1042 if (assoc_resp_ftie[1] != ie->ftie[1] || 1043 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 1044 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 1045 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 1046 ie->ftie, 2 + ie->ftie[1]); 1047 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 1048 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 1049 return -1; 1050 } 1051 1052 return 0; 1053 } 1054 1055 1056 static int ft_validate_rsnie(struct wpa_sm *sm, 1057 const unsigned char *src_addr, 1058 struct wpa_eapol_ie_parse *ie) 1059 { 1060 struct wpa_ie_data rsn; 1061 1062 if (!ie->rsn_ie) 1063 return 0; 1064 1065 /* 1066 * Verify that PMKR1Name from EAPOL-Key message 3/4 1067 * matches with the value we derived. 1068 */ 1069 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 1070 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 1071 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 1072 "FT 4-way handshake message 3/4"); 1073 return -1; 1074 } 1075 1076 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 1077 { 1078 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1079 "FT: PMKR1Name mismatch in " 1080 "FT 4-way handshake message 3/4"); 1081 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 1082 rsn.pmkid, WPA_PMK_NAME_LEN); 1083 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1084 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1085 return -1; 1086 } 1087 1088 return 0; 1089 } 1090 1091 1092 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 1093 const unsigned char *src_addr, 1094 struct wpa_eapol_ie_parse *ie) 1095 { 1096 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 1097 1098 if (sm->assoc_resp_ies) { 1099 pos = sm->assoc_resp_ies; 1100 end = pos + sm->assoc_resp_ies_len; 1101 while (end - pos > 2) { 1102 if (2 + pos[1] > end - pos) 1103 break; 1104 switch (*pos) { 1105 case WLAN_EID_MOBILITY_DOMAIN: 1106 mdie = pos; 1107 break; 1108 case WLAN_EID_FAST_BSS_TRANSITION: 1109 ftie = pos; 1110 break; 1111 } 1112 pos += 2 + pos[1]; 1113 } 1114 } 1115 1116 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 1117 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 1118 ft_validate_rsnie(sm, src_addr, ie) < 0) 1119 return -1; 1120 1121 return 0; 1122 } 1123 1124 #endif /* CONFIG_IEEE80211R */ 1125 1126 1127 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1128 const unsigned char *src_addr, 1129 struct wpa_eapol_ie_parse *ie) 1130 { 1131 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1132 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1133 "WPA: No WPA/RSN IE for this AP known. " 1134 "Trying to get from scan results"); 1135 if (wpa_sm_get_beacon_ie(sm) < 0) { 1136 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1137 "WPA: Could not find AP from " 1138 "the scan results"); 1139 } else { 1140 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1141 "WPA: Found the current AP from " 1142 "updated scan results"); 1143 } 1144 } 1145 1146 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1147 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1148 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1149 "with IE in Beacon/ProbeResp (no IE?)", 1150 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1151 ie->rsn_ie, ie->rsn_ie_len); 1152 return -1; 1153 } 1154 1155 if ((ie->wpa_ie && sm->ap_wpa_ie && 1156 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1157 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1158 (ie->rsn_ie && sm->ap_rsn_ie && 1159 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1160 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1161 ie->rsn_ie, ie->rsn_ie_len))) { 1162 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1163 "with IE in Beacon/ProbeResp", 1164 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1165 ie->rsn_ie, ie->rsn_ie_len); 1166 return -1; 1167 } 1168 1169 if (sm->proto == WPA_PROTO_WPA && 1170 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1171 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1172 "detected - RSN was enabled and RSN IE " 1173 "was in msg 3/4, but not in " 1174 "Beacon/ProbeResp", 1175 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1176 ie->rsn_ie, ie->rsn_ie_len); 1177 return -1; 1178 } 1179 1180 #ifdef CONFIG_IEEE80211R 1181 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1182 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1183 return -1; 1184 #endif /* CONFIG_IEEE80211R */ 1185 1186 return 0; 1187 } 1188 1189 1190 /** 1191 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1192 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1193 * @dst: Destination address for the frame 1194 * @key: Pointer to the EAPOL-Key frame header 1195 * @ver: Version bits from EAPOL-Key Key Info 1196 * @key_info: Key Info 1197 * @ptk: PTK to use for keyed hash and encryption 1198 * Returns: >= 0 on success, < 0 on failure 1199 */ 1200 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1201 const struct wpa_eapol_key *key, 1202 u16 ver, u16 key_info, 1203 struct wpa_ptk *ptk) 1204 { 1205 size_t mic_len, hdrlen, rlen; 1206 struct wpa_eapol_key *reply; 1207 struct wpa_eapol_key_192 *reply192; 1208 u8 *rbuf, *key_mic; 1209 1210 mic_len = wpa_mic_len(sm->key_mgmt); 1211 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1212 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1213 hdrlen, &rlen, (void *) &reply); 1214 if (rbuf == NULL) 1215 return -1; 1216 reply192 = (struct wpa_eapol_key_192 *) reply; 1217 1218 reply->type = (sm->proto == WPA_PROTO_RSN || 1219 sm->proto == WPA_PROTO_OSEN) ? 1220 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1221 key_info &= WPA_KEY_INFO_SECURE; 1222 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1223 WPA_PUT_BE16(reply->key_info, key_info); 1224 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1225 WPA_PUT_BE16(reply->key_length, 0); 1226 else 1227 os_memcpy(reply->key_length, key->key_length, 2); 1228 os_memcpy(reply->replay_counter, key->replay_counter, 1229 WPA_REPLAY_COUNTER_LEN); 1230 1231 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1232 if (mic_len == 24) 1233 WPA_PUT_BE16(reply192->key_data_length, 0); 1234 else 1235 WPA_PUT_BE16(reply->key_data_length, 0); 1236 1237 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1238 return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, 1239 ETH_P_EAPOL, rbuf, rlen, key_mic); 1240 } 1241 1242 1243 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1244 const struct wpa_eapol_key *key, 1245 u16 ver, const u8 *key_data, 1246 size_t key_data_len) 1247 { 1248 u16 key_info, keylen; 1249 struct wpa_eapol_ie_parse ie; 1250 1251 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1252 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1253 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1254 1255 key_info = WPA_GET_BE16(key->key_info); 1256 1257 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1258 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1259 goto failed; 1260 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1261 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1262 "WPA: GTK IE in unencrypted key data"); 1263 goto failed; 1264 } 1265 #ifdef CONFIG_IEEE80211W 1266 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1267 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1268 "WPA: IGTK KDE in unencrypted key data"); 1269 goto failed; 1270 } 1271 1272 if (ie.igtk && 1273 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1274 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1275 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1276 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1277 "WPA: Invalid IGTK KDE length %lu", 1278 (unsigned long) ie.igtk_len); 1279 goto failed; 1280 } 1281 #endif /* CONFIG_IEEE80211W */ 1282 1283 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1284 goto failed; 1285 1286 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1287 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1288 "WPA: ANonce from message 1 of 4-Way Handshake " 1289 "differs from 3 of 4-Way Handshake - drop packet (src=" 1290 MACSTR ")", MAC2STR(sm->bssid)); 1291 goto failed; 1292 } 1293 1294 keylen = WPA_GET_BE16(key->key_length); 1295 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1296 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1297 "WPA: Invalid %s key length %d (src=" MACSTR 1298 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1299 MAC2STR(sm->bssid)); 1300 goto failed; 1301 } 1302 1303 #ifdef CONFIG_P2P 1304 if (ie.ip_addr_alloc) { 1305 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1306 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1307 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1308 } 1309 #endif /* CONFIG_P2P */ 1310 1311 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1312 &sm->ptk) < 0) { 1313 goto failed; 1314 } 1315 1316 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1317 * for the next 4-Way Handshake. If msg 3 is received again, the old 1318 * SNonce will still be used to avoid changing PTK. */ 1319 sm->renew_snonce = 1; 1320 1321 if (key_info & WPA_KEY_INFO_INSTALL) { 1322 if (wpa_supplicant_install_ptk(sm, key)) 1323 goto failed; 1324 } 1325 1326 if (key_info & WPA_KEY_INFO_SECURE) { 1327 wpa_sm_mlme_setprotection( 1328 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1329 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1330 eapol_sm_notify_portValid(sm->eapol, TRUE); 1331 } 1332 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1333 1334 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1335 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1336 key_info & WPA_KEY_INFO_SECURE); 1337 } else if (ie.gtk && 1338 wpa_supplicant_pairwise_gtk(sm, key, 1339 ie.gtk, ie.gtk_len, key_info) < 0) { 1340 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1341 "RSN: Failed to configure GTK"); 1342 goto failed; 1343 } 1344 1345 if (ieee80211w_set_keys(sm, &ie) < 0) { 1346 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1347 "RSN: Failed to configure IGTK"); 1348 goto failed; 1349 } 1350 1351 if (ie.gtk) 1352 wpa_sm_set_rekey_offload(sm); 1353 1354 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1355 struct rsn_pmksa_cache_entry *sa; 1356 1357 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, 1358 sm->ptk.kck, sm->ptk.kck_len, 1359 sm->bssid, sm->own_addr, 1360 sm->network_ctx, sm->key_mgmt); 1361 if (!sm->cur_pmksa) 1362 sm->cur_pmksa = sa; 1363 } 1364 1365 sm->msg_3_of_4_ok = 1; 1366 return; 1367 1368 failed: 1369 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1370 } 1371 1372 1373 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1374 const u8 *keydata, 1375 size_t keydatalen, 1376 u16 key_info, 1377 struct wpa_gtk_data *gd) 1378 { 1379 int maxkeylen; 1380 struct wpa_eapol_ie_parse ie; 1381 1382 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1383 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1384 return -1; 1385 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1386 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1387 "WPA: GTK IE in unencrypted key data"); 1388 return -1; 1389 } 1390 if (ie.gtk == NULL) { 1391 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1392 "WPA: No GTK IE in Group Key msg 1/2"); 1393 return -1; 1394 } 1395 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1396 1397 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1398 gd->gtk_len, maxkeylen, 1399 &gd->key_rsc_len, &gd->alg)) 1400 return -1; 1401 1402 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", 1403 ie.gtk, ie.gtk_len); 1404 gd->keyidx = ie.gtk[0] & 0x3; 1405 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1406 !!(ie.gtk[0] & BIT(2))); 1407 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1408 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1409 "RSN: Too long GTK in GTK IE (len=%lu)", 1410 (unsigned long) ie.gtk_len - 2); 1411 return -1; 1412 } 1413 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1414 1415 if (ieee80211w_set_keys(sm, &ie) < 0) 1416 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1417 "RSN: Failed to configure IGTK"); 1418 1419 return 0; 1420 } 1421 1422 1423 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1424 const struct wpa_eapol_key *key, 1425 const u8 *key_data, 1426 size_t key_data_len, u16 key_info, 1427 u16 ver, struct wpa_gtk_data *gd) 1428 { 1429 size_t maxkeylen; 1430 u16 gtk_len; 1431 1432 gtk_len = WPA_GET_BE16(key->key_length); 1433 maxkeylen = key_data_len; 1434 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1435 if (maxkeylen < 8) { 1436 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1437 "WPA: Too short maxkeylen (%lu)", 1438 (unsigned long) maxkeylen); 1439 return -1; 1440 } 1441 maxkeylen -= 8; 1442 } 1443 1444 if (gtk_len > maxkeylen || 1445 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1446 gtk_len, maxkeylen, 1447 &gd->key_rsc_len, &gd->alg)) 1448 return -1; 1449 1450 gd->gtk_len = gtk_len; 1451 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1452 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1453 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1454 #ifdef CONFIG_NO_RC4 1455 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1456 "WPA: RC4 not supported in the build"); 1457 return -1; 1458 #else /* CONFIG_NO_RC4 */ 1459 u8 ek[32]; 1460 if (key_data_len > sizeof(gd->gtk)) { 1461 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1462 "WPA: RC4 key data too long (%lu)", 1463 (unsigned long) key_data_len); 1464 return -1; 1465 } 1466 os_memcpy(ek, key->key_iv, 16); 1467 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1468 os_memcpy(gd->gtk, key_data, key_data_len); 1469 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1470 os_memset(ek, 0, sizeof(ek)); 1471 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1472 "WPA: RC4 failed"); 1473 return -1; 1474 } 1475 os_memset(ek, 0, sizeof(ek)); 1476 #endif /* CONFIG_NO_RC4 */ 1477 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1478 if (maxkeylen % 8) { 1479 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1480 "WPA: Unsupported AES-WRAP len %lu", 1481 (unsigned long) maxkeylen); 1482 return -1; 1483 } 1484 if (maxkeylen > sizeof(gd->gtk)) { 1485 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1486 "WPA: AES-WRAP key data " 1487 "too long (keydatalen=%lu maxkeylen=%lu)", 1488 (unsigned long) key_data_len, 1489 (unsigned long) maxkeylen); 1490 return -1; 1491 } 1492 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1493 key_data, gd->gtk)) { 1494 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1495 "WPA: AES unwrap failed - could not decrypt " 1496 "GTK"); 1497 return -1; 1498 } 1499 } else { 1500 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1501 "WPA: Unsupported key_info type %d", ver); 1502 return -1; 1503 } 1504 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1505 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1506 return 0; 1507 } 1508 1509 1510 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1511 const struct wpa_eapol_key *key, 1512 int ver, u16 key_info) 1513 { 1514 size_t mic_len, hdrlen, rlen; 1515 struct wpa_eapol_key *reply; 1516 struct wpa_eapol_key_192 *reply192; 1517 u8 *rbuf, *key_mic; 1518 1519 mic_len = wpa_mic_len(sm->key_mgmt); 1520 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1521 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1522 hdrlen, &rlen, (void *) &reply); 1523 if (rbuf == NULL) 1524 return -1; 1525 reply192 = (struct wpa_eapol_key_192 *) reply; 1526 1527 reply->type = (sm->proto == WPA_PROTO_RSN || 1528 sm->proto == WPA_PROTO_OSEN) ? 1529 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1530 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1531 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1532 WPA_PUT_BE16(reply->key_info, key_info); 1533 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1534 WPA_PUT_BE16(reply->key_length, 0); 1535 else 1536 os_memcpy(reply->key_length, key->key_length, 2); 1537 os_memcpy(reply->replay_counter, key->replay_counter, 1538 WPA_REPLAY_COUNTER_LEN); 1539 1540 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1541 if (mic_len == 24) 1542 WPA_PUT_BE16(reply192->key_data_length, 0); 1543 else 1544 WPA_PUT_BE16(reply->key_data_length, 0); 1545 1546 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1547 return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, 1548 sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic); 1549 } 1550 1551 1552 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1553 const unsigned char *src_addr, 1554 const struct wpa_eapol_key *key, 1555 const u8 *key_data, 1556 size_t key_data_len, u16 ver) 1557 { 1558 u16 key_info; 1559 int rekey, ret; 1560 struct wpa_gtk_data gd; 1561 const u8 *key_rsc; 1562 1563 if (!sm->msg_3_of_4_ok) { 1564 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1565 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1566 goto failed; 1567 } 1568 1569 os_memset(&gd, 0, sizeof(gd)); 1570 1571 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1572 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1573 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1574 1575 key_info = WPA_GET_BE16(key->key_info); 1576 1577 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1578 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1579 key_data_len, key_info, 1580 &gd); 1581 } else { 1582 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1583 key_data_len, 1584 key_info, ver, &gd); 1585 } 1586 1587 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1588 1589 if (ret) 1590 goto failed; 1591 1592 key_rsc = key->key_rsc; 1593 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 1594 key_rsc = null_rsc; 1595 1596 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) || 1597 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1598 goto failed; 1599 os_memset(&gd, 0, sizeof(gd)); 1600 1601 if (rekey) { 1602 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying " 1603 "completed with " MACSTR " [GTK=%s]", 1604 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1605 wpa_sm_cancel_auth_timeout(sm); 1606 wpa_sm_set_state(sm, WPA_COMPLETED); 1607 } else { 1608 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1609 key_info & 1610 WPA_KEY_INFO_SECURE); 1611 } 1612 1613 wpa_sm_set_rekey_offload(sm); 1614 1615 return; 1616 1617 failed: 1618 os_memset(&gd, 0, sizeof(gd)); 1619 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1620 } 1621 1622 1623 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1624 struct wpa_eapol_key_192 *key, 1625 u16 ver, 1626 const u8 *buf, size_t len) 1627 { 1628 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1629 int ok = 0; 1630 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1631 1632 os_memcpy(mic, key->key_mic, mic_len); 1633 if (sm->tptk_set) { 1634 os_memset(key->key_mic, 0, mic_len); 1635 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1636 ver, buf, len, key->key_mic); 1637 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1638 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1639 "WPA: Invalid EAPOL-Key MIC " 1640 "when using TPTK - ignoring TPTK"); 1641 } else { 1642 ok = 1; 1643 sm->tptk_set = 0; 1644 sm->ptk_set = 1; 1645 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1646 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1647 } 1648 } 1649 1650 if (!ok && sm->ptk_set) { 1651 os_memset(key->key_mic, 0, mic_len); 1652 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1653 ver, buf, len, key->key_mic); 1654 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1655 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1656 "WPA: Invalid EAPOL-Key MIC - " 1657 "dropping packet"); 1658 return -1; 1659 } 1660 ok = 1; 1661 } 1662 1663 if (!ok) { 1664 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1665 "WPA: Could not verify EAPOL-Key MIC - " 1666 "dropping packet"); 1667 return -1; 1668 } 1669 1670 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1671 WPA_REPLAY_COUNTER_LEN); 1672 sm->rx_replay_counter_set = 1; 1673 return 0; 1674 } 1675 1676 1677 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1678 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1679 struct wpa_eapol_key *key, u16 ver, 1680 u8 *key_data, size_t *key_data_len) 1681 { 1682 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1683 key_data, *key_data_len); 1684 if (!sm->ptk_set) { 1685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1686 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1687 "Data"); 1688 return -1; 1689 } 1690 1691 /* Decrypt key data here so that this operation does not need 1692 * to be implemented separately for each message type. */ 1693 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1694 #ifdef CONFIG_NO_RC4 1695 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1696 "WPA: RC4 not supported in the build"); 1697 return -1; 1698 #else /* CONFIG_NO_RC4 */ 1699 u8 ek[32]; 1700 os_memcpy(ek, key->key_iv, 16); 1701 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1702 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1703 os_memset(ek, 0, sizeof(ek)); 1704 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1705 "WPA: RC4 failed"); 1706 return -1; 1707 } 1708 os_memset(ek, 0, sizeof(ek)); 1709 #endif /* CONFIG_NO_RC4 */ 1710 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1711 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1712 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1713 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1714 u8 *buf; 1715 if (*key_data_len < 8 || *key_data_len % 8) { 1716 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1717 "WPA: Unsupported AES-WRAP len %u", 1718 (unsigned int) *key_data_len); 1719 return -1; 1720 } 1721 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1722 buf = os_malloc(*key_data_len); 1723 if (buf == NULL) { 1724 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1725 "WPA: No memory for AES-UNWRAP buffer"); 1726 return -1; 1727 } 1728 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1729 key_data, buf)) { 1730 bin_clear_free(buf, *key_data_len); 1731 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1732 "WPA: AES unwrap failed - " 1733 "could not decrypt EAPOL-Key key data"); 1734 return -1; 1735 } 1736 os_memcpy(key_data, buf, *key_data_len); 1737 bin_clear_free(buf, *key_data_len); 1738 WPA_PUT_BE16(key->key_data_length, *key_data_len); 1739 } else { 1740 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1741 "WPA: Unsupported key_info type %d", ver); 1742 return -1; 1743 } 1744 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1745 key_data, *key_data_len); 1746 return 0; 1747 } 1748 1749 1750 /** 1751 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1752 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1753 */ 1754 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1755 { 1756 if (sm && sm->cur_pmksa) { 1757 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1758 "RSN: Cancelling PMKSA caching attempt"); 1759 sm->cur_pmksa = NULL; 1760 } 1761 } 1762 1763 1764 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1765 const struct wpa_eapol_key *key, 1766 unsigned int key_data_len, 1767 const u8 *mic, unsigned int mic_len) 1768 { 1769 #ifndef CONFIG_NO_STDOUT_DEBUG 1770 u16 key_info = WPA_GET_BE16(key->key_info); 1771 1772 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1773 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1774 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1775 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1776 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1777 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1778 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1779 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1780 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1781 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1782 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1783 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1784 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1785 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1786 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1787 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1788 " key_length=%u key_data_length=%u", 1789 WPA_GET_BE16(key->key_length), key_data_len); 1790 wpa_hexdump(MSG_DEBUG, " replay_counter", 1791 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1792 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1793 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1794 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1795 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1796 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1797 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1798 } 1799 1800 1801 /** 1802 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1803 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1804 * @src_addr: Source MAC address of the EAPOL packet 1805 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1806 * @len: Length of the EAPOL frame 1807 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1808 * 1809 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1810 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1811 * only processing WPA and WPA2 EAPOL-Key frames. 1812 * 1813 * The received EAPOL-Key packets are validated and valid packets are replied 1814 * to. In addition, key material (PTK, GTK) is configured at the end of a 1815 * successful key handshake. 1816 */ 1817 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1818 const u8 *buf, size_t len) 1819 { 1820 size_t plen, data_len, key_data_len; 1821 const struct ieee802_1x_hdr *hdr; 1822 struct wpa_eapol_key *key; 1823 struct wpa_eapol_key_192 *key192; 1824 u16 key_info, ver; 1825 u8 *tmp = NULL; 1826 int ret = -1; 1827 struct wpa_peerkey *peerkey = NULL; 1828 u8 *key_data; 1829 size_t mic_len, keyhdrlen; 1830 1831 #ifdef CONFIG_IEEE80211R 1832 sm->ft_completed = 0; 1833 #endif /* CONFIG_IEEE80211R */ 1834 1835 mic_len = wpa_mic_len(sm->key_mgmt); 1836 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1837 1838 if (len < sizeof(*hdr) + keyhdrlen) { 1839 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1840 "WPA: EAPOL frame too short to be a WPA " 1841 "EAPOL-Key (len %lu, expecting at least %lu)", 1842 (unsigned long) len, 1843 (unsigned long) sizeof(*hdr) + keyhdrlen); 1844 return 0; 1845 } 1846 1847 hdr = (const struct ieee802_1x_hdr *) buf; 1848 plen = be_to_host16(hdr->length); 1849 data_len = plen + sizeof(*hdr); 1850 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1851 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1852 hdr->version, hdr->type, (unsigned long) plen); 1853 1854 if (hdr->version < EAPOL_VERSION) { 1855 /* TODO: backwards compatibility */ 1856 } 1857 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1858 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1859 "WPA: EAPOL frame (type %u) discarded, " 1860 "not a Key frame", hdr->type); 1861 ret = 0; 1862 goto out; 1863 } 1864 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1865 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1866 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1867 "WPA: EAPOL frame payload size %lu " 1868 "invalid (frame size %lu)", 1869 (unsigned long) plen, (unsigned long) len); 1870 ret = 0; 1871 goto out; 1872 } 1873 if (data_len < len) { 1874 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1875 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1876 (unsigned long) len - data_len); 1877 } 1878 1879 /* 1880 * Make a copy of the frame since we need to modify the buffer during 1881 * MAC validation and Key Data decryption. 1882 */ 1883 tmp = os_malloc(data_len); 1884 if (tmp == NULL) 1885 goto out; 1886 os_memcpy(tmp, buf, data_len); 1887 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1888 key192 = (struct wpa_eapol_key_192 *) 1889 (tmp + sizeof(struct ieee802_1x_hdr)); 1890 if (mic_len == 24) 1891 key_data = (u8 *) (key192 + 1); 1892 else 1893 key_data = (u8 *) (key + 1); 1894 1895 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1896 { 1897 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1898 "WPA: EAPOL-Key type (%d) unknown, discarded", 1899 key->type); 1900 ret = 0; 1901 goto out; 1902 } 1903 1904 if (mic_len == 24) 1905 key_data_len = WPA_GET_BE16(key192->key_data_length); 1906 else 1907 key_data_len = WPA_GET_BE16(key->key_data_length); 1908 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len); 1909 1910 if (key_data_len > plen - keyhdrlen) { 1911 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1912 "frame - key_data overflow (%u > %u)", 1913 (unsigned int) key_data_len, 1914 (unsigned int) (plen - keyhdrlen)); 1915 goto out; 1916 } 1917 1918 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1919 key_info = WPA_GET_BE16(key->key_info); 1920 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1921 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1922 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1923 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1924 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1925 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 1926 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1927 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 1928 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1929 "WPA: Unsupported EAPOL-Key descriptor version %d", 1930 ver); 1931 goto out; 1932 } 1933 1934 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 1935 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1936 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1937 "OSEN: Unsupported EAPOL-Key descriptor version %d", 1938 ver); 1939 goto out; 1940 } 1941 1942 if (wpa_key_mgmt_suite_b(sm->key_mgmt) && 1943 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1944 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1945 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 1946 ver); 1947 goto out; 1948 } 1949 1950 #ifdef CONFIG_IEEE80211R 1951 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1952 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1953 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1954 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1955 "FT: AP did not use AES-128-CMAC"); 1956 goto out; 1957 } 1958 } else 1959 #endif /* CONFIG_IEEE80211R */ 1960 #ifdef CONFIG_IEEE80211W 1961 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1962 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1963 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 1964 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1965 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1966 "WPA: AP did not use the " 1967 "negotiated AES-128-CMAC"); 1968 goto out; 1969 } 1970 } else 1971 #endif /* CONFIG_IEEE80211W */ 1972 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1973 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1974 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1975 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1976 "WPA: CCMP is used, but EAPOL-Key " 1977 "descriptor version (%d) is not 2", ver); 1978 if (sm->group_cipher != WPA_CIPHER_CCMP && 1979 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1980 /* Earlier versions of IEEE 802.11i did not explicitly 1981 * require version 2 descriptor for all EAPOL-Key 1982 * packets, so allow group keys to use version 1 if 1983 * CCMP is not used for them. */ 1984 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1985 "WPA: Backwards compatibility: allow invalid " 1986 "version for non-CCMP group keys"); 1987 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1988 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1989 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 1990 } else 1991 goto out; 1992 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 1993 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1994 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1995 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1996 "WPA: GCMP is used, but EAPOL-Key " 1997 "descriptor version (%d) is not 2", ver); 1998 goto out; 1999 } 2000 2001 #ifdef CONFIG_PEERKEY 2002 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2003 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2004 break; 2005 } 2006 2007 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 2008 if (!peerkey->initiator && peerkey->replay_counter_set && 2009 os_memcmp(key->replay_counter, peerkey->replay_counter, 2010 WPA_REPLAY_COUNTER_LEN) <= 0) { 2011 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2012 "RSN: EAPOL-Key Replay Counter did not " 2013 "increase (STK) - dropping packet"); 2014 goto out; 2015 } else if (peerkey->initiator) { 2016 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 2017 os_memcpy(_tmp, key->replay_counter, 2018 WPA_REPLAY_COUNTER_LEN); 2019 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 2020 if (os_memcmp(_tmp, peerkey->replay_counter, 2021 WPA_REPLAY_COUNTER_LEN) != 0) { 2022 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2023 "RSN: EAPOL-Key Replay " 2024 "Counter did not match (STK) - " 2025 "dropping packet"); 2026 goto out; 2027 } 2028 } 2029 } 2030 2031 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 2032 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2033 "RSN: Ack bit in key_info from STK peer"); 2034 goto out; 2035 } 2036 #endif /* CONFIG_PEERKEY */ 2037 2038 if (!peerkey && sm->rx_replay_counter_set && 2039 os_memcmp(key->replay_counter, sm->rx_replay_counter, 2040 WPA_REPLAY_COUNTER_LEN) <= 0) { 2041 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2042 "WPA: EAPOL-Key Replay Counter did not increase - " 2043 "dropping packet"); 2044 goto out; 2045 } 2046 2047 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 2048 #ifdef CONFIG_PEERKEY 2049 && (peerkey == NULL || !peerkey->initiator) 2050 #endif /* CONFIG_PEERKEY */ 2051 ) { 2052 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2053 "WPA: No Ack bit in key_info"); 2054 goto out; 2055 } 2056 2057 if (key_info & WPA_KEY_INFO_REQUEST) { 2058 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2059 "WPA: EAPOL-Key with Request bit - dropped"); 2060 goto out; 2061 } 2062 2063 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 2064 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len)) 2065 goto out; 2066 2067 #ifdef CONFIG_PEERKEY 2068 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 2069 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp, 2070 data_len)) 2071 goto out; 2072 #endif /* CONFIG_PEERKEY */ 2073 2074 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 2075 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 2076 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, 2077 &key_data_len)) 2078 goto out; 2079 } 2080 2081 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 2082 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 2083 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2084 "WPA: Ignored EAPOL-Key (Pairwise) with " 2085 "non-zero key index"); 2086 goto out; 2087 } 2088 if (peerkey) { 2089 /* PeerKey 4-Way Handshake */ 2090 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 2091 key_data, key_data_len); 2092 } else if (key_info & WPA_KEY_INFO_MIC) { 2093 /* 3/4 4-Way Handshake */ 2094 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 2095 key_data_len); 2096 } else { 2097 /* 1/4 4-Way Handshake */ 2098 wpa_supplicant_process_1_of_4(sm, src_addr, key, 2099 ver, key_data, 2100 key_data_len); 2101 } 2102 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 2103 /* PeerKey SMK Handshake */ 2104 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info, 2105 ver); 2106 } else { 2107 if (key_info & WPA_KEY_INFO_MIC) { 2108 /* 1/2 Group Key Handshake */ 2109 wpa_supplicant_process_1_of_2(sm, src_addr, key, 2110 key_data, key_data_len, 2111 ver); 2112 } else { 2113 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2114 "WPA: EAPOL-Key (Group) without Mic bit - " 2115 "dropped"); 2116 } 2117 } 2118 2119 ret = 1; 2120 2121 out: 2122 bin_clear_free(tmp, data_len); 2123 return ret; 2124 } 2125 2126 2127 #ifdef CONFIG_CTRL_IFACE 2128 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 2129 { 2130 switch (sm->key_mgmt) { 2131 case WPA_KEY_MGMT_IEEE8021X: 2132 return ((sm->proto == WPA_PROTO_RSN || 2133 sm->proto == WPA_PROTO_OSEN) ? 2134 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2135 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2136 case WPA_KEY_MGMT_PSK: 2137 return (sm->proto == WPA_PROTO_RSN ? 2138 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2139 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2140 #ifdef CONFIG_IEEE80211R 2141 case WPA_KEY_MGMT_FT_IEEE8021X: 2142 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2143 case WPA_KEY_MGMT_FT_PSK: 2144 return RSN_AUTH_KEY_MGMT_FT_PSK; 2145 #endif /* CONFIG_IEEE80211R */ 2146 #ifdef CONFIG_IEEE80211W 2147 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2148 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2149 case WPA_KEY_MGMT_PSK_SHA256: 2150 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2151 #endif /* CONFIG_IEEE80211W */ 2152 case WPA_KEY_MGMT_CCKM: 2153 return (sm->proto == WPA_PROTO_RSN ? 2154 RSN_AUTH_KEY_MGMT_CCKM: 2155 WPA_AUTH_KEY_MGMT_CCKM); 2156 case WPA_KEY_MGMT_WPA_NONE: 2157 return WPA_AUTH_KEY_MGMT_NONE; 2158 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2159 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2160 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2161 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2162 default: 2163 return 0; 2164 } 2165 } 2166 2167 2168 #define RSN_SUITE "%02x-%02x-%02x-%d" 2169 #define RSN_SUITE_ARG(s) \ 2170 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2171 2172 /** 2173 * wpa_sm_get_mib - Dump text list of MIB entries 2174 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2175 * @buf: Buffer for the list 2176 * @buflen: Length of the buffer 2177 * Returns: Number of bytes written to buffer 2178 * 2179 * This function is used fetch dot11 MIB variables. 2180 */ 2181 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2182 { 2183 char pmkid_txt[PMKID_LEN * 2 + 1]; 2184 int rsna, ret; 2185 size_t len; 2186 2187 if (sm->cur_pmksa) { 2188 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2189 sm->cur_pmksa->pmkid, PMKID_LEN); 2190 } else 2191 pmkid_txt[0] = '\0'; 2192 2193 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2194 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2195 sm->proto == WPA_PROTO_RSN) 2196 rsna = 1; 2197 else 2198 rsna = 0; 2199 2200 ret = os_snprintf(buf, buflen, 2201 "dot11RSNAOptionImplemented=TRUE\n" 2202 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2203 "dot11RSNAEnabled=%s\n" 2204 "dot11RSNAPreauthenticationEnabled=%s\n" 2205 "dot11RSNAConfigVersion=%d\n" 2206 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2207 "dot11RSNAConfigGroupCipherSize=%d\n" 2208 "dot11RSNAConfigPMKLifetime=%d\n" 2209 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2210 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2211 "dot11RSNAConfigSATimeout=%d\n", 2212 rsna ? "TRUE" : "FALSE", 2213 rsna ? "TRUE" : "FALSE", 2214 RSN_VERSION, 2215 wpa_cipher_key_len(sm->group_cipher) * 8, 2216 sm->dot11RSNAConfigPMKLifetime, 2217 sm->dot11RSNAConfigPMKReauthThreshold, 2218 sm->dot11RSNAConfigSATimeout); 2219 if (os_snprintf_error(buflen, ret)) 2220 return 0; 2221 len = ret; 2222 2223 ret = os_snprintf( 2224 buf + len, buflen - len, 2225 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2226 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2227 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2228 "dot11RSNAPMKIDUsed=%s\n" 2229 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2230 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2231 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2232 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2233 "dot11RSNA4WayHandshakeFailures=%u\n", 2234 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2235 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2236 sm->pairwise_cipher)), 2237 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2238 sm->group_cipher)), 2239 pmkid_txt, 2240 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2241 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2242 sm->pairwise_cipher)), 2243 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2244 sm->group_cipher)), 2245 sm->dot11RSNA4WayHandshakeFailures); 2246 if (!os_snprintf_error(buflen - len, ret)) 2247 len += ret; 2248 2249 return (int) len; 2250 } 2251 #endif /* CONFIG_CTRL_IFACE */ 2252 2253 2254 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2255 void *ctx, enum pmksa_free_reason reason) 2256 { 2257 struct wpa_sm *sm = ctx; 2258 int deauth = 0; 2259 2260 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2261 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2262 2263 if (sm->cur_pmksa == entry) { 2264 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2265 "RSN: %s current PMKSA entry", 2266 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2267 pmksa_cache_clear_current(sm); 2268 2269 /* 2270 * If an entry is simply being replaced, there's no need to 2271 * deauthenticate because it will be immediately re-added. 2272 * This happens when EAP authentication is completed again 2273 * (reauth or failed PMKSA caching attempt). 2274 */ 2275 if (reason != PMKSA_REPLACE) 2276 deauth = 1; 2277 } 2278 2279 if (reason == PMKSA_EXPIRE && 2280 (sm->pmk_len == entry->pmk_len && 2281 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2282 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2283 "RSN: deauthenticating due to expired PMK"); 2284 pmksa_cache_clear_current(sm); 2285 deauth = 1; 2286 } 2287 2288 if (deauth) { 2289 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2290 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2291 } 2292 } 2293 2294 2295 /** 2296 * wpa_sm_init - Initialize WPA state machine 2297 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2298 * Returns: Pointer to the allocated WPA state machine data 2299 * 2300 * This function is used to allocate a new WPA state machine and the returned 2301 * value is passed to all WPA state machine calls. 2302 */ 2303 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2304 { 2305 struct wpa_sm *sm; 2306 2307 sm = os_zalloc(sizeof(*sm)); 2308 if (sm == NULL) 2309 return NULL; 2310 dl_list_init(&sm->pmksa_candidates); 2311 sm->renew_snonce = 1; 2312 sm->ctx = ctx; 2313 2314 sm->dot11RSNAConfigPMKLifetime = 43200; 2315 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2316 sm->dot11RSNAConfigSATimeout = 60; 2317 2318 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2319 if (sm->pmksa == NULL) { 2320 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2321 "RSN: PMKSA cache initialization failed"); 2322 os_free(sm); 2323 return NULL; 2324 } 2325 2326 return sm; 2327 } 2328 2329 2330 /** 2331 * wpa_sm_deinit - Deinitialize WPA state machine 2332 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2333 */ 2334 void wpa_sm_deinit(struct wpa_sm *sm) 2335 { 2336 if (sm == NULL) 2337 return; 2338 pmksa_cache_deinit(sm->pmksa); 2339 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2340 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2341 os_free(sm->assoc_wpa_ie); 2342 os_free(sm->ap_wpa_ie); 2343 os_free(sm->ap_rsn_ie); 2344 wpa_sm_drop_sa(sm); 2345 os_free(sm->ctx); 2346 peerkey_deinit(sm); 2347 #ifdef CONFIG_IEEE80211R 2348 os_free(sm->assoc_resp_ies); 2349 #endif /* CONFIG_IEEE80211R */ 2350 #ifdef CONFIG_TESTING_OPTIONS 2351 wpabuf_free(sm->test_assoc_ie); 2352 #endif /* CONFIG_TESTING_OPTIONS */ 2353 os_free(sm); 2354 } 2355 2356 2357 /** 2358 * wpa_sm_notify_assoc - Notify WPA state machine about association 2359 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2360 * @bssid: The BSSID of the new association 2361 * 2362 * This function is called to let WPA state machine know that the connection 2363 * was established. 2364 */ 2365 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2366 { 2367 int clear_keys = 1; 2368 2369 if (sm == NULL) 2370 return; 2371 2372 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2373 "WPA: Association event - clear replay counter"); 2374 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2375 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2376 sm->rx_replay_counter_set = 0; 2377 sm->renew_snonce = 1; 2378 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2379 rsn_preauth_deinit(sm); 2380 2381 #ifdef CONFIG_IEEE80211R 2382 if (wpa_ft_is_completed(sm)) { 2383 /* 2384 * Clear portValid to kick EAPOL state machine to re-enter 2385 * AUTHENTICATED state to get the EAPOL port Authorized. 2386 */ 2387 eapol_sm_notify_portValid(sm->eapol, FALSE); 2388 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2389 2390 /* Prepare for the next transition */ 2391 wpa_ft_prepare_auth_request(sm, NULL); 2392 2393 clear_keys = 0; 2394 } 2395 #endif /* CONFIG_IEEE80211R */ 2396 2397 if (clear_keys) { 2398 /* 2399 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2400 * this is not part of a Fast BSS Transition. 2401 */ 2402 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2403 sm->ptk_set = 0; 2404 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2405 sm->tptk_set = 0; 2406 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2407 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2408 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2409 #ifdef CONFIG_IEEE80211W 2410 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2411 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2412 #endif /* CONFIG_IEEE80211W */ 2413 } 2414 2415 #ifdef CONFIG_TDLS 2416 wpa_tdls_assoc(sm); 2417 #endif /* CONFIG_TDLS */ 2418 2419 #ifdef CONFIG_P2P 2420 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2421 #endif /* CONFIG_P2P */ 2422 } 2423 2424 2425 /** 2426 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2427 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2428 * 2429 * This function is called to let WPA state machine know that the connection 2430 * was lost. This will abort any existing pre-authentication session. 2431 */ 2432 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2433 { 2434 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2435 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2436 peerkey_deinit(sm); 2437 rsn_preauth_deinit(sm); 2438 pmksa_cache_clear_current(sm); 2439 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2440 sm->dot11RSNA4WayHandshakeFailures++; 2441 #ifdef CONFIG_TDLS 2442 wpa_tdls_disassoc(sm); 2443 #endif /* CONFIG_TDLS */ 2444 #ifdef CONFIG_IEEE80211R 2445 sm->ft_reassoc_completed = 0; 2446 #endif /* CONFIG_IEEE80211R */ 2447 2448 /* Keys are not needed in the WPA state machine anymore */ 2449 wpa_sm_drop_sa(sm); 2450 2451 sm->msg_3_of_4_ok = 0; 2452 } 2453 2454 2455 /** 2456 * wpa_sm_set_pmk - Set PMK 2457 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2458 * @pmk: The new PMK 2459 * @pmk_len: The length of the new PMK in bytes 2460 * @pmkid: Calculated PMKID 2461 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2462 * 2463 * Configure the PMK for WPA state machine. 2464 */ 2465 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2466 const u8 *pmkid, const u8 *bssid) 2467 { 2468 if (sm == NULL) 2469 return; 2470 2471 sm->pmk_len = pmk_len; 2472 os_memcpy(sm->pmk, pmk, pmk_len); 2473 2474 #ifdef CONFIG_IEEE80211R 2475 /* Set XXKey to be PSK for FT key derivation */ 2476 sm->xxkey_len = pmk_len; 2477 os_memcpy(sm->xxkey, pmk, pmk_len); 2478 #endif /* CONFIG_IEEE80211R */ 2479 2480 if (bssid) { 2481 pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, 2482 bssid, sm->own_addr, 2483 sm->network_ctx, sm->key_mgmt); 2484 } 2485 } 2486 2487 2488 /** 2489 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2490 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2491 * 2492 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2493 * will be cleared. 2494 */ 2495 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2496 { 2497 if (sm == NULL) 2498 return; 2499 2500 if (sm->cur_pmksa) { 2501 sm->pmk_len = sm->cur_pmksa->pmk_len; 2502 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2503 } else { 2504 sm->pmk_len = PMK_LEN; 2505 os_memset(sm->pmk, 0, PMK_LEN); 2506 } 2507 } 2508 2509 2510 /** 2511 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2512 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2513 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2514 */ 2515 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2516 { 2517 if (sm) 2518 sm->fast_reauth = fast_reauth; 2519 } 2520 2521 2522 /** 2523 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2524 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2525 * @scard_ctx: Context pointer for smartcard related callback functions 2526 */ 2527 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2528 { 2529 if (sm == NULL) 2530 return; 2531 sm->scard_ctx = scard_ctx; 2532 if (sm->preauth_eapol) 2533 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2534 } 2535 2536 2537 /** 2538 * wpa_sm_set_config - Notification of current configration change 2539 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2540 * @config: Pointer to current network configuration 2541 * 2542 * Notify WPA state machine that configuration has changed. config will be 2543 * stored as a backpointer to network configuration. This can be %NULL to clear 2544 * the stored pointed. 2545 */ 2546 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2547 { 2548 if (!sm) 2549 return; 2550 2551 if (config) { 2552 sm->network_ctx = config->network_ctx; 2553 sm->peerkey_enabled = config->peerkey_enabled; 2554 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2555 sm->proactive_key_caching = config->proactive_key_caching; 2556 sm->eap_workaround = config->eap_workaround; 2557 sm->eap_conf_ctx = config->eap_conf_ctx; 2558 if (config->ssid) { 2559 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2560 sm->ssid_len = config->ssid_len; 2561 } else 2562 sm->ssid_len = 0; 2563 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2564 sm->p2p = config->p2p; 2565 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation; 2566 } else { 2567 sm->network_ctx = NULL; 2568 sm->peerkey_enabled = 0; 2569 sm->allowed_pairwise_cipher = 0; 2570 sm->proactive_key_caching = 0; 2571 sm->eap_workaround = 0; 2572 sm->eap_conf_ctx = NULL; 2573 sm->ssid_len = 0; 2574 sm->wpa_ptk_rekey = 0; 2575 sm->p2p = 0; 2576 sm->wpa_rsc_relaxation = 0; 2577 } 2578 } 2579 2580 2581 /** 2582 * wpa_sm_set_own_addr - Set own MAC address 2583 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2584 * @addr: Own MAC address 2585 */ 2586 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2587 { 2588 if (sm) 2589 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2590 } 2591 2592 2593 /** 2594 * wpa_sm_set_ifname - Set network interface name 2595 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2596 * @ifname: Interface name 2597 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2598 */ 2599 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2600 const char *bridge_ifname) 2601 { 2602 if (sm) { 2603 sm->ifname = ifname; 2604 sm->bridge_ifname = bridge_ifname; 2605 } 2606 } 2607 2608 2609 /** 2610 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2611 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2612 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2613 */ 2614 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2615 { 2616 if (sm) 2617 sm->eapol = eapol; 2618 } 2619 2620 2621 /** 2622 * wpa_sm_set_param - Set WPA state machine parameters 2623 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2624 * @param: Parameter field 2625 * @value: Parameter value 2626 * Returns: 0 on success, -1 on failure 2627 */ 2628 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2629 unsigned int value) 2630 { 2631 int ret = 0; 2632 2633 if (sm == NULL) 2634 return -1; 2635 2636 switch (param) { 2637 case RSNA_PMK_LIFETIME: 2638 if (value > 0) 2639 sm->dot11RSNAConfigPMKLifetime = value; 2640 else 2641 ret = -1; 2642 break; 2643 case RSNA_PMK_REAUTH_THRESHOLD: 2644 if (value > 0 && value <= 100) 2645 sm->dot11RSNAConfigPMKReauthThreshold = value; 2646 else 2647 ret = -1; 2648 break; 2649 case RSNA_SA_TIMEOUT: 2650 if (value > 0) 2651 sm->dot11RSNAConfigSATimeout = value; 2652 else 2653 ret = -1; 2654 break; 2655 case WPA_PARAM_PROTO: 2656 sm->proto = value; 2657 break; 2658 case WPA_PARAM_PAIRWISE: 2659 sm->pairwise_cipher = value; 2660 break; 2661 case WPA_PARAM_GROUP: 2662 sm->group_cipher = value; 2663 break; 2664 case WPA_PARAM_KEY_MGMT: 2665 sm->key_mgmt = value; 2666 break; 2667 #ifdef CONFIG_IEEE80211W 2668 case WPA_PARAM_MGMT_GROUP: 2669 sm->mgmt_group_cipher = value; 2670 break; 2671 #endif /* CONFIG_IEEE80211W */ 2672 case WPA_PARAM_RSN_ENABLED: 2673 sm->rsn_enabled = value; 2674 break; 2675 case WPA_PARAM_MFP: 2676 sm->mfp = value; 2677 break; 2678 default: 2679 break; 2680 } 2681 2682 return ret; 2683 } 2684 2685 2686 /** 2687 * wpa_sm_get_status - Get WPA state machine 2688 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2689 * @buf: Buffer for status information 2690 * @buflen: Maximum buffer length 2691 * @verbose: Whether to include verbose status information 2692 * Returns: Number of bytes written to buf. 2693 * 2694 * Query WPA state machine for status information. This function fills in 2695 * a text area with current status information. If the buffer (buf) is not 2696 * large enough, status information will be truncated to fit the buffer. 2697 */ 2698 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2699 int verbose) 2700 { 2701 char *pos = buf, *end = buf + buflen; 2702 int ret; 2703 2704 ret = os_snprintf(pos, end - pos, 2705 "pairwise_cipher=%s\n" 2706 "group_cipher=%s\n" 2707 "key_mgmt=%s\n", 2708 wpa_cipher_txt(sm->pairwise_cipher), 2709 wpa_cipher_txt(sm->group_cipher), 2710 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2711 if (os_snprintf_error(end - pos, ret)) 2712 return pos - buf; 2713 pos += ret; 2714 2715 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2716 struct wpa_ie_data rsn; 2717 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2718 >= 0 && 2719 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2720 WPA_CAPABILITY_MFPC)) { 2721 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2722 (rsn.capabilities & 2723 WPA_CAPABILITY_MFPR) ? 2 : 1); 2724 if (os_snprintf_error(end - pos, ret)) 2725 return pos - buf; 2726 pos += ret; 2727 } 2728 } 2729 2730 return pos - buf; 2731 } 2732 2733 2734 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2735 { 2736 struct wpa_ie_data rsn; 2737 2738 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2739 return 0; 2740 2741 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2742 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2743 return 1; 2744 2745 return 0; 2746 } 2747 2748 2749 /** 2750 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2751 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2752 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2753 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2754 * Returns: 0 on success, -1 on failure 2755 */ 2756 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2757 size_t *wpa_ie_len) 2758 { 2759 int res; 2760 2761 if (sm == NULL) 2762 return -1; 2763 2764 #ifdef CONFIG_TESTING_OPTIONS 2765 if (sm->test_assoc_ie) { 2766 wpa_printf(MSG_DEBUG, 2767 "TESTING: Replace association WPA/RSN IE"); 2768 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie)) 2769 return -1; 2770 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie), 2771 wpabuf_len(sm->test_assoc_ie)); 2772 res = wpabuf_len(sm->test_assoc_ie); 2773 } else 2774 #endif /* CONFIG_TESTING_OPTIONS */ 2775 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2776 if (res < 0) 2777 return -1; 2778 *wpa_ie_len = res; 2779 2780 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2781 wpa_ie, *wpa_ie_len); 2782 2783 if (sm->assoc_wpa_ie == NULL) { 2784 /* 2785 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2786 * the correct version of the IE even if PMKSA caching is 2787 * aborted (which would remove PMKID from IE generation). 2788 */ 2789 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2790 if (sm->assoc_wpa_ie == NULL) 2791 return -1; 2792 2793 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2794 sm->assoc_wpa_ie_len = *wpa_ie_len; 2795 } 2796 2797 return 0; 2798 } 2799 2800 2801 /** 2802 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2803 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2804 * @ie: Pointer to IE data (starting from id) 2805 * @len: IE length 2806 * Returns: 0 on success, -1 on failure 2807 * 2808 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2809 * Request frame. The IE will be used to override the default value generated 2810 * with wpa_sm_set_assoc_wpa_ie_default(). 2811 */ 2812 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2813 { 2814 if (sm == NULL) 2815 return -1; 2816 2817 os_free(sm->assoc_wpa_ie); 2818 if (ie == NULL || len == 0) { 2819 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2820 "WPA: clearing own WPA/RSN IE"); 2821 sm->assoc_wpa_ie = NULL; 2822 sm->assoc_wpa_ie_len = 0; 2823 } else { 2824 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2825 sm->assoc_wpa_ie = os_malloc(len); 2826 if (sm->assoc_wpa_ie == NULL) 2827 return -1; 2828 2829 os_memcpy(sm->assoc_wpa_ie, ie, len); 2830 sm->assoc_wpa_ie_len = len; 2831 } 2832 2833 return 0; 2834 } 2835 2836 2837 /** 2838 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2839 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2840 * @ie: Pointer to IE data (starting from id) 2841 * @len: IE length 2842 * Returns: 0 on success, -1 on failure 2843 * 2844 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2845 * frame. 2846 */ 2847 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2848 { 2849 if (sm == NULL) 2850 return -1; 2851 2852 os_free(sm->ap_wpa_ie); 2853 if (ie == NULL || len == 0) { 2854 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2855 "WPA: clearing AP WPA IE"); 2856 sm->ap_wpa_ie = NULL; 2857 sm->ap_wpa_ie_len = 0; 2858 } else { 2859 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2860 sm->ap_wpa_ie = os_malloc(len); 2861 if (sm->ap_wpa_ie == NULL) 2862 return -1; 2863 2864 os_memcpy(sm->ap_wpa_ie, ie, len); 2865 sm->ap_wpa_ie_len = len; 2866 } 2867 2868 return 0; 2869 } 2870 2871 2872 /** 2873 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2874 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2875 * @ie: Pointer to IE data (starting from id) 2876 * @len: IE length 2877 * Returns: 0 on success, -1 on failure 2878 * 2879 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2880 * frame. 2881 */ 2882 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2883 { 2884 if (sm == NULL) 2885 return -1; 2886 2887 os_free(sm->ap_rsn_ie); 2888 if (ie == NULL || len == 0) { 2889 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2890 "WPA: clearing AP RSN IE"); 2891 sm->ap_rsn_ie = NULL; 2892 sm->ap_rsn_ie_len = 0; 2893 } else { 2894 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2895 sm->ap_rsn_ie = os_malloc(len); 2896 if (sm->ap_rsn_ie == NULL) 2897 return -1; 2898 2899 os_memcpy(sm->ap_rsn_ie, ie, len); 2900 sm->ap_rsn_ie_len = len; 2901 } 2902 2903 return 0; 2904 } 2905 2906 2907 /** 2908 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2909 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2910 * @data: Pointer to data area for parsing results 2911 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2912 * 2913 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2914 * parsed data into data. 2915 */ 2916 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2917 { 2918 if (sm == NULL) 2919 return -1; 2920 2921 if (sm->assoc_wpa_ie == NULL) { 2922 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2923 "WPA: No WPA/RSN IE available from association info"); 2924 return -1; 2925 } 2926 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2927 return -2; 2928 return 0; 2929 } 2930 2931 2932 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2933 { 2934 return pmksa_cache_list(sm->pmksa, buf, len); 2935 } 2936 2937 2938 void wpa_sm_drop_sa(struct wpa_sm *sm) 2939 { 2940 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2941 sm->ptk_set = 0; 2942 sm->tptk_set = 0; 2943 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2944 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2945 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2946 os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 2947 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 2948 #ifdef CONFIG_IEEE80211W 2949 os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 2950 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 2951 #endif /* CONFIG_IEEE80211W */ 2952 #ifdef CONFIG_IEEE80211R 2953 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2954 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2955 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2956 #endif /* CONFIG_IEEE80211R */ 2957 } 2958 2959 2960 int wpa_sm_has_ptk(struct wpa_sm *sm) 2961 { 2962 if (sm == NULL) 2963 return 0; 2964 return sm->ptk_set; 2965 } 2966 2967 2968 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2969 { 2970 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2971 } 2972 2973 2974 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2975 { 2976 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 2977 } 2978 2979 2980 #ifdef CONFIG_WNM 2981 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 2982 { 2983 u16 keyinfo; 2984 u8 keylen; /* plaintext key len */ 2985 u8 *key_rsc; 2986 2987 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 2988 struct wpa_gtk_data gd; 2989 2990 os_memset(&gd, 0, sizeof(gd)); 2991 keylen = wpa_cipher_key_len(sm->group_cipher); 2992 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 2993 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 2994 if (gd.alg == WPA_ALG_NONE) { 2995 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 2996 return -1; 2997 } 2998 2999 key_rsc = buf + 5; 3000 keyinfo = WPA_GET_LE16(buf + 2); 3001 gd.gtk_len = keylen; 3002 if (gd.gtk_len != buf[4]) { 3003 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 3004 gd.gtk_len, buf[4]); 3005 return -1; 3006 } 3007 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 3008 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 3009 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 3010 3011 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 3012 3013 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 3014 gd.gtk, gd.gtk_len); 3015 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { 3016 os_memset(&gd, 0, sizeof(gd)); 3017 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 3018 "WNM mode"); 3019 return -1; 3020 } 3021 os_memset(&gd, 0, sizeof(gd)); 3022 #ifdef CONFIG_IEEE80211W 3023 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 3024 const struct wpa_igtk_kde *igtk; 3025 3026 igtk = (const struct wpa_igtk_kde *) (buf + 2); 3027 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) 3028 return -1; 3029 #endif /* CONFIG_IEEE80211W */ 3030 } else { 3031 wpa_printf(MSG_DEBUG, "Unknown element id"); 3032 return -1; 3033 } 3034 3035 return 0; 3036 } 3037 #endif /* CONFIG_WNM */ 3038 3039 3040 #ifdef CONFIG_PEERKEY 3041 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 3042 const u8 *buf, size_t len) 3043 { 3044 struct wpa_peerkey *peerkey; 3045 3046 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 3047 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 3048 break; 3049 } 3050 3051 if (!peerkey) 3052 return 0; 3053 3054 wpa_sm_rx_eapol(sm, src_addr, buf, len); 3055 3056 return 1; 3057 } 3058 #endif /* CONFIG_PEERKEY */ 3059 3060 3061 #ifdef CONFIG_P2P 3062 3063 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 3064 { 3065 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 3066 return -1; 3067 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 3068 return 0; 3069 } 3070 3071 #endif /* CONFIG_P2P */ 3072 3073 3074 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 3075 { 3076 if (rx_replay_counter == NULL) 3077 return; 3078 3079 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 3080 WPA_REPLAY_COUNTER_LEN); 3081 sm->rx_replay_counter_set = 1; 3082 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 3083 } 3084 3085 3086 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 3087 const u8 *ptk_kck, size_t ptk_kck_len, 3088 const u8 *ptk_kek, size_t ptk_kek_len) 3089 { 3090 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 3091 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 3092 sm->ptk.kck_len = ptk_kck_len; 3093 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 3094 } 3095 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 3096 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 3097 sm->ptk.kek_len = ptk_kek_len; 3098 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 3099 } 3100 sm->ptk_set = 1; 3101 } 3102 3103 3104 #ifdef CONFIG_TESTING_OPTIONS 3105 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) 3106 { 3107 wpabuf_free(sm->test_assoc_ie); 3108 sm->test_assoc_ie = buf; 3109 } 3110 #endif /* CONFIG_TESTING_OPTIONS */ 3111