1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "rc4.h" 19 #include "aes_wrap.h" 20 #include "wpa.h" 21 #include "eloop.h" 22 #include "eapol_supp/eapol_supp_sm.h" 23 #include "preauth.h" 24 #include "pmksa_cache.h" 25 #include "wpa_i.h" 26 #include "wpa_ie.h" 27 #include "peerkey.h" 28 #include "ieee802_11_defs.h" 29 30 31 /** 32 * wpa_cipher_txt - Convert cipher suite to a text string 33 * @cipher: Cipher suite (WPA_CIPHER_* enum) 34 * Returns: Pointer to a text string of the cipher suite name 35 */ 36 static const char * wpa_cipher_txt(int cipher) 37 { 38 switch (cipher) { 39 case WPA_CIPHER_NONE: 40 return "NONE"; 41 case WPA_CIPHER_WEP40: 42 return "WEP-40"; 43 case WPA_CIPHER_WEP104: 44 return "WEP-104"; 45 case WPA_CIPHER_TKIP: 46 return "TKIP"; 47 case WPA_CIPHER_CCMP: 48 return "CCMP"; 49 default: 50 return "UNKNOWN"; 51 } 52 } 53 54 55 /** 56 * wpa_key_mgmt_txt - Convert key management suite to a text string 57 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum) 58 * @proto: WPA/WPA2 version (WPA_PROTO_*) 59 * Returns: Pointer to a text string of the key management suite name 60 */ 61 static const char * wpa_key_mgmt_txt(int key_mgmt, int proto) 62 { 63 switch (key_mgmt) { 64 case WPA_KEY_MGMT_IEEE8021X: 65 return proto == WPA_PROTO_RSN ? 66 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP"; 67 case WPA_KEY_MGMT_PSK: 68 return proto == WPA_PROTO_RSN ? 69 "WPA2-PSK" : "WPA-PSK"; 70 case WPA_KEY_MGMT_NONE: 71 return "NONE"; 72 case WPA_KEY_MGMT_IEEE8021X_NO_WPA: 73 return "IEEE 802.1X (no WPA)"; 74 #ifdef CONFIG_IEEE80211R 75 case WPA_KEY_MGMT_FT_IEEE8021X: 76 return "FT-EAP"; 77 case WPA_KEY_MGMT_FT_PSK: 78 return "FT-PSK"; 79 #endif /* CONFIG_IEEE80211R */ 80 #ifdef CONFIG_IEEE80211W 81 case WPA_KEY_MGMT_IEEE8021X_SHA256: 82 return "WPA2-EAP-SHA256"; 83 case WPA_KEY_MGMT_PSK_SHA256: 84 return "WPA2-PSK-SHA256"; 85 #endif /* CONFIG_IEEE80211W */ 86 default: 87 return "UNKNOWN"; 88 } 89 } 90 91 92 /** 93 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 94 * @sm: Pointer to WPA state machine data from wpa_sm_init() 95 * @kck: Key Confirmation Key (KCK, part of PTK) 96 * @ver: Version field from Key Info 97 * @dest: Destination address for the frame 98 * @proto: Ethertype (usually ETH_P_EAPOL) 99 * @msg: EAPOL-Key message 100 * @msg_len: Length of message 101 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 102 */ 103 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, 104 int ver, const u8 *dest, u16 proto, 105 u8 *msg, size_t msg_len, u8 *key_mic) 106 { 107 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 108 /* 109 * Association event was not yet received; try to fetch 110 * BSSID from the driver. 111 */ 112 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 113 wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for " 114 "EAPOL-Key destination address"); 115 } else { 116 dest = sm->bssid; 117 wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR 118 ") as the destination for EAPOL-Key", 119 MAC2STR(dest)); 120 } 121 } 122 if (key_mic) 123 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic); 124 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 125 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 126 eapol_sm_notify_tx_eapol_key(sm->eapol); 127 os_free(msg); 128 } 129 130 131 /** 132 * wpa_sm_key_request - Send EAPOL-Key Request 133 * @sm: Pointer to WPA state machine data from wpa_sm_init() 134 * @error: Indicate whether this is an Michael MIC error report 135 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 136 * 137 * Send an EAPOL-Key Request to the current authenticator. This function is 138 * used to request rekeying and it is usually called when a local Michael MIC 139 * failure is detected. 140 */ 141 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 142 { 143 size_t rlen; 144 struct wpa_eapol_key *reply; 145 int key_info, ver; 146 u8 bssid[ETH_ALEN], *rbuf; 147 148 if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt)) 149 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 150 else if (sm->pairwise_cipher == WPA_CIPHER_CCMP) 151 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 152 else 153 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 154 155 if (wpa_sm_get_bssid(sm, bssid) < 0) { 156 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key " 157 "request"); 158 return; 159 } 160 161 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 162 sizeof(*reply), &rlen, (void *) &reply); 163 if (rbuf == NULL) 164 return; 165 166 reply->type = sm->proto == WPA_PROTO_RSN ? 167 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 168 key_info = WPA_KEY_INFO_REQUEST | ver; 169 if (sm->ptk_set) 170 key_info |= WPA_KEY_INFO_MIC; 171 if (error) 172 key_info |= WPA_KEY_INFO_ERROR; 173 if (pairwise) 174 key_info |= WPA_KEY_INFO_KEY_TYPE; 175 WPA_PUT_BE16(reply->key_info, key_info); 176 WPA_PUT_BE16(reply->key_length, 0); 177 os_memcpy(reply->replay_counter, sm->request_counter, 178 WPA_REPLAY_COUNTER_LEN); 179 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 180 181 WPA_PUT_BE16(reply->key_data_length, 0); 182 183 wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d " 184 "pairwise=%d ptk_set=%d len=%lu)", 185 error, pairwise, sm->ptk_set, (unsigned long) rlen); 186 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL, 187 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ? 188 reply->key_mic : NULL); 189 } 190 191 192 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 193 const unsigned char *src_addr, 194 const u8 *pmkid) 195 { 196 int abort_cached = 0; 197 198 if (pmkid && !sm->cur_pmksa) { 199 /* When using drivers that generate RSN IE, wpa_supplicant may 200 * not have enough time to get the association information 201 * event before receiving this 1/4 message, so try to find a 202 * matching PMKSA cache entry here. */ 203 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid); 204 if (sm->cur_pmksa) { 205 wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from " 206 "PMKSA cache"); 207 } else { 208 wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found"); 209 abort_cached = 1; 210 } 211 } 212 213 if (pmkid && sm->cur_pmksa && 214 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 215 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 216 wpa_sm_set_pmk_from_pmksa(sm); 217 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 218 sm->pmk, sm->pmk_len); 219 eapol_sm_notify_cached(sm->eapol); 220 #ifdef CONFIG_IEEE80211R 221 sm->xxkey_len = 0; 222 #endif /* CONFIG_IEEE80211R */ 223 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 224 int res, pmk_len; 225 pmk_len = PMK_LEN; 226 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 227 if (res) { 228 /* 229 * EAP-LEAP is an exception from other EAP methods: it 230 * uses only 16-byte PMK. 231 */ 232 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 233 pmk_len = 16; 234 } else { 235 #ifdef CONFIG_IEEE80211R 236 u8 buf[2 * PMK_LEN]; 237 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 238 { 239 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 240 sm->xxkey_len = PMK_LEN; 241 os_memset(buf, 0, sizeof(buf)); 242 } 243 #endif /* CONFIG_IEEE80211R */ 244 } 245 if (res == 0) { 246 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 247 "machines", sm->pmk, pmk_len); 248 sm->pmk_len = pmk_len; 249 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr, 250 sm->own_addr, sm->network_ctx, 251 sm->key_mgmt); 252 if (!sm->cur_pmksa && pmkid && 253 pmksa_cache_get(sm->pmksa, src_addr, pmkid)) { 254 wpa_printf(MSG_DEBUG, "RSN: the new PMK " 255 "matches with the PMKID"); 256 abort_cached = 0; 257 } 258 } else { 259 wpa_msg(sm->ctx->ctx, MSG_WARNING, 260 "WPA: Failed to get master session key from " 261 "EAPOL state machines"); 262 wpa_msg(sm->ctx->ctx, MSG_WARNING, 263 "WPA: Key handshake aborted"); 264 if (sm->cur_pmksa) { 265 wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA " 266 "caching attempt"); 267 sm->cur_pmksa = NULL; 268 abort_cached = 1; 269 } else if (!abort_cached) { 270 return -1; 271 } 272 } 273 } 274 275 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { 276 /* Send EAPOL-Start to trigger full EAP authentication. */ 277 u8 *buf; 278 size_t buflen; 279 280 wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger " 281 "full EAP authentication"); 282 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 283 NULL, 0, &buflen, NULL); 284 if (buf) { 285 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 286 buf, buflen); 287 os_free(buf); 288 } 289 290 return -1; 291 } 292 293 return 0; 294 } 295 296 297 /** 298 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 299 * @sm: Pointer to WPA state machine data from wpa_sm_init() 300 * @dst: Destination address for the frame 301 * @key: Pointer to the EAPOL-Key frame header 302 * @ver: Version bits from EAPOL-Key Key Info 303 * @nonce: Nonce value for the EAPOL-Key frame 304 * @wpa_ie: WPA/RSN IE 305 * @wpa_ie_len: Length of the WPA/RSN IE 306 * @ptk: PTK to use for keyed hash and encryption 307 * Returns: 0 on success, -1 on failure 308 */ 309 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 310 const struct wpa_eapol_key *key, 311 int ver, const u8 *nonce, 312 const u8 *wpa_ie, size_t wpa_ie_len, 313 struct wpa_ptk *ptk) 314 { 315 size_t rlen; 316 struct wpa_eapol_key *reply; 317 u8 *rbuf; 318 319 if (wpa_ie == NULL) { 320 wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot " 321 "generate msg 2/4"); 322 return -1; 323 } 324 325 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 326 327 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 328 NULL, sizeof(*reply) + wpa_ie_len, 329 &rlen, (void *) &reply); 330 if (rbuf == NULL) 331 return -1; 332 333 reply->type = sm->proto == WPA_PROTO_RSN ? 334 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 335 WPA_PUT_BE16(reply->key_info, 336 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 337 if (sm->proto == WPA_PROTO_RSN) 338 WPA_PUT_BE16(reply->key_length, 0); 339 else 340 os_memcpy(reply->key_length, key->key_length, 2); 341 os_memcpy(reply->replay_counter, key->replay_counter, 342 WPA_REPLAY_COUNTER_LEN); 343 344 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 345 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 346 347 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 348 349 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 350 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 351 rbuf, rlen, reply->key_mic); 352 353 return 0; 354 } 355 356 357 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 358 const struct wpa_eapol_key *key, 359 struct wpa_ptk *ptk) 360 { 361 #ifdef CONFIG_IEEE80211R 362 if (wpa_key_mgmt_ft(sm->key_mgmt)) 363 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 364 #endif /* CONFIG_IEEE80211R */ 365 366 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 367 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce, 368 (u8 *) ptk, sizeof(*ptk), 369 wpa_key_mgmt_sha256(sm->key_mgmt)); 370 return 0; 371 } 372 373 374 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 375 const unsigned char *src_addr, 376 const struct wpa_eapol_key *key, 377 u16 ver) 378 { 379 struct wpa_eapol_ie_parse ie; 380 struct wpa_ptk *ptk; 381 u8 buf[8]; 382 383 if (wpa_sm_get_network_ctx(sm) == NULL) { 384 wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of " 385 "4)."); 386 return; 387 } 388 389 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 390 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from " 391 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 392 393 os_memset(&ie, 0, sizeof(ie)); 394 395 #ifndef CONFIG_NO_WPA2 396 if (sm->proto == WPA_PROTO_RSN) { 397 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 398 const u8 *_buf = (const u8 *) (key + 1); 399 size_t len = WPA_GET_BE16(key->key_data_length); 400 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len); 401 wpa_supplicant_parse_ies(_buf, len, &ie); 402 if (ie.pmkid) { 403 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 404 "Authenticator", ie.pmkid, PMKID_LEN); 405 } 406 } 407 #endif /* CONFIG_NO_WPA2 */ 408 409 if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid)) 410 return; 411 412 if (sm->renew_snonce) { 413 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { 414 wpa_msg(sm->ctx->ctx, MSG_WARNING, 415 "WPA: Failed to get random data for SNonce"); 416 return; 417 } 418 sm->renew_snonce = 0; 419 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 420 sm->snonce, WPA_NONCE_LEN); 421 } 422 423 /* Calculate PTK which will be stored as a temporary PTK until it has 424 * been verified when processing message 3/4. */ 425 ptk = &sm->tptk; 426 wpa_derive_ptk(sm, src_addr, key, ptk); 427 /* Supplicant: swap tx/rx Mic keys */ 428 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8); 429 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8); 430 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8); 431 sm->tptk_set = 1; 432 433 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 434 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, 435 ptk)) 436 return; 437 438 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 439 } 440 441 442 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 443 { 444 struct wpa_sm *sm = eloop_ctx; 445 rsn_preauth_candidate_process(sm); 446 } 447 448 449 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 450 const u8 *addr, int secure) 451 { 452 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Key negotiation completed with " 453 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 454 wpa_cipher_txt(sm->pairwise_cipher), 455 wpa_cipher_txt(sm->group_cipher)); 456 wpa_sm_cancel_auth_timeout(sm); 457 wpa_sm_set_state(sm, WPA_COMPLETED); 458 459 if (secure) { 460 wpa_sm_mlme_setprotection( 461 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 462 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 463 eapol_sm_notify_portValid(sm->eapol, TRUE); 464 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 465 eapol_sm_notify_eap_success(sm->eapol, TRUE); 466 /* 467 * Start preauthentication after a short wait to avoid a 468 * possible race condition between the data receive and key 469 * configuration after the 4-Way Handshake. This increases the 470 * likelyhood of the first preauth EAPOL-Start frame getting to 471 * the target AP. 472 */ 473 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 474 } 475 476 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 477 wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted " 478 "opportunistic PMKSA entry - marking it valid"); 479 sm->cur_pmksa->opportunistic = 0; 480 } 481 482 #ifdef CONFIG_IEEE80211R 483 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 484 /* Prepare for the next transition */ 485 wpa_ft_prepare_auth_request(sm); 486 } 487 #endif /* CONFIG_IEEE80211R */ 488 } 489 490 491 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 492 { 493 struct wpa_sm *sm = eloop_ctx; 494 wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying"); 495 wpa_sm_key_request(sm, 0, 1); 496 } 497 498 499 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 500 const struct wpa_eapol_key *key) 501 { 502 int keylen, rsclen; 503 wpa_alg alg; 504 const u8 *key_rsc; 505 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 506 507 wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver."); 508 509 switch (sm->pairwise_cipher) { 510 case WPA_CIPHER_CCMP: 511 alg = WPA_ALG_CCMP; 512 keylen = 16; 513 rsclen = 6; 514 break; 515 case WPA_CIPHER_TKIP: 516 alg = WPA_ALG_TKIP; 517 keylen = 32; 518 rsclen = 6; 519 break; 520 case WPA_CIPHER_NONE: 521 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: " 522 "NONE - do not use pairwise keys"); 523 return 0; 524 default: 525 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d", 526 sm->pairwise_cipher); 527 return -1; 528 } 529 530 if (sm->proto == WPA_PROTO_RSN) { 531 key_rsc = null_rsc; 532 } else { 533 key_rsc = key->key_rsc; 534 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 535 } 536 537 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 538 (u8 *) sm->ptk.tk1, keylen) < 0) { 539 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the " 540 "driver."); 541 return -1; 542 } 543 544 if (sm->wpa_ptk_rekey) { 545 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 546 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 547 sm, NULL); 548 } 549 550 return 0; 551 } 552 553 554 static int wpa_supplicant_check_group_cipher(int group_cipher, 555 int keylen, int maxkeylen, 556 int *key_rsc_len, wpa_alg *alg) 557 { 558 int ret = 0; 559 560 switch (group_cipher) { 561 case WPA_CIPHER_CCMP: 562 if (keylen != 16 || maxkeylen < 16) { 563 ret = -1; 564 break; 565 } 566 *key_rsc_len = 6; 567 *alg = WPA_ALG_CCMP; 568 break; 569 case WPA_CIPHER_TKIP: 570 if (keylen != 32 || maxkeylen < 32) { 571 ret = -1; 572 break; 573 } 574 *key_rsc_len = 6; 575 *alg = WPA_ALG_TKIP; 576 break; 577 case WPA_CIPHER_WEP104: 578 if (keylen != 13 || maxkeylen < 13) { 579 ret = -1; 580 break; 581 } 582 *key_rsc_len = 0; 583 *alg = WPA_ALG_WEP; 584 break; 585 case WPA_CIPHER_WEP40: 586 if (keylen != 5 || maxkeylen < 5) { 587 ret = -1; 588 break; 589 } 590 *key_rsc_len = 0; 591 *alg = WPA_ALG_WEP; 592 break; 593 default: 594 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d", 595 group_cipher); 596 return -1; 597 } 598 599 if (ret < 0 ) { 600 wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key " 601 "length %d (%d).", 602 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 603 } 604 605 return ret; 606 } 607 608 609 struct wpa_gtk_data { 610 wpa_alg alg; 611 int tx, key_rsc_len, keyidx; 612 u8 gtk[32]; 613 int gtk_len; 614 }; 615 616 617 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 618 const struct wpa_gtk_data *gd, 619 const u8 *key_rsc) 620 { 621 const u8 *_gtk = gd->gtk; 622 u8 gtk_buf[32]; 623 624 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 625 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver " 626 "(keyidx=%d tx=%d len=%d).", gd->keyidx, gd->tx, 627 gd->gtk_len); 628 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 629 if (sm->group_cipher == WPA_CIPHER_TKIP) { 630 /* Swap Tx/Rx keys for Michael MIC */ 631 os_memcpy(gtk_buf, gd->gtk, 16); 632 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 633 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 634 _gtk = gtk_buf; 635 } 636 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 637 if (wpa_sm_set_key(sm, gd->alg, 638 (u8 *) "\xff\xff\xff\xff\xff\xff", 639 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 640 _gtk, gd->gtk_len) < 0) { 641 wpa_printf(MSG_WARNING, "WPA: Failed to set " 642 "GTK to the driver (Group only)."); 643 return -1; 644 } 645 } else if (wpa_sm_set_key(sm, gd->alg, 646 (u8 *) "\xff\xff\xff\xff\xff\xff", 647 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 648 _gtk, gd->gtk_len) < 0) { 649 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to " 650 "the driver."); 651 return -1; 652 } 653 654 return 0; 655 } 656 657 658 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 659 int tx) 660 { 661 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 662 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 663 * seemed to set this bit (incorrectly, since Tx is only when 664 * doing Group Key only APs) and without this workaround, the 665 * data connection does not work because wpa_supplicant 666 * configured non-zero keyidx to be used for unicast. */ 667 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise " 668 "keys are used - ignore Tx bit"); 669 return 0; 670 } 671 return tx; 672 } 673 674 675 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 676 const struct wpa_eapol_key *key, 677 const u8 *gtk, size_t gtk_len, 678 int key_info) 679 { 680 #ifndef CONFIG_NO_WPA2 681 struct wpa_gtk_data gd; 682 683 /* 684 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 685 * GTK KDE format: 686 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 687 * Reserved [bits 0-7] 688 * GTK 689 */ 690 691 os_memset(&gd, 0, sizeof(gd)); 692 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 693 gtk, gtk_len); 694 695 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 696 return -1; 697 698 gd.keyidx = gtk[0] & 0x3; 699 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 700 !!(gtk[0] & BIT(2))); 701 gtk += 2; 702 gtk_len -= 2; 703 704 os_memcpy(gd.gtk, gtk, gtk_len); 705 gd.gtk_len = gtk_len; 706 707 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 708 gtk_len, gtk_len, 709 &gd.key_rsc_len, &gd.alg) || 710 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) { 711 wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK"); 712 return -1; 713 } 714 715 wpa_supplicant_key_neg_complete(sm, sm->bssid, 716 key_info & WPA_KEY_INFO_SECURE); 717 return 0; 718 #else /* CONFIG_NO_WPA2 */ 719 return -1; 720 #endif /* CONFIG_NO_WPA2 */ 721 } 722 723 724 static int ieee80211w_set_keys(struct wpa_sm *sm, 725 struct wpa_eapol_ie_parse *ie) 726 { 727 #ifdef CONFIG_IEEE80211W 728 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) 729 return 0; 730 731 if (ie->igtk) { 732 const struct wpa_igtk_kde *igtk; 733 u16 keyidx; 734 if (ie->igtk_len != sizeof(*igtk)) 735 return -1; 736 igtk = (const struct wpa_igtk_kde *) ie->igtk; 737 keyidx = WPA_GET_LE16(igtk->keyid); 738 wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d " 739 "pn %02x%02x%02x%02x%02x%02x", 740 keyidx, MAC2STR(igtk->pn)); 741 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 742 igtk->igtk, WPA_IGTK_LEN); 743 if (keyidx > 4095) { 744 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d", 745 keyidx); 746 return -1; 747 } 748 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, 749 (u8 *) "\xff\xff\xff\xff\xff\xff", 750 keyidx, 0, igtk->pn, sizeof(igtk->pn), 751 igtk->igtk, WPA_IGTK_LEN) < 0) { 752 wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK" 753 " to the driver"); 754 return -1; 755 } 756 } 757 758 return 0; 759 #else /* CONFIG_IEEE80211W */ 760 return 0; 761 #endif /* CONFIG_IEEE80211W */ 762 } 763 764 765 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 766 const char *reason, const u8 *src_addr, 767 const u8 *wpa_ie, size_t wpa_ie_len, 768 const u8 *rsn_ie, size_t rsn_ie_len) 769 { 770 wpa_msg(sm->ctx->ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 771 reason, MAC2STR(src_addr)); 772 773 if (sm->ap_wpa_ie) { 774 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 775 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 776 } 777 if (wpa_ie) { 778 if (!sm->ap_wpa_ie) { 779 wpa_printf(MSG_INFO, "WPA: No WPA IE in " 780 "Beacon/ProbeResp"); 781 } 782 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 783 wpa_ie, wpa_ie_len); 784 } 785 786 if (sm->ap_rsn_ie) { 787 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 788 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 789 } 790 if (rsn_ie) { 791 if (!sm->ap_rsn_ie) { 792 wpa_printf(MSG_INFO, "WPA: No RSN IE in " 793 "Beacon/ProbeResp"); 794 } 795 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 796 rsn_ie, rsn_ie_len); 797 } 798 799 wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 800 } 801 802 803 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 804 const unsigned char *src_addr, 805 struct wpa_eapol_ie_parse *ie) 806 { 807 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 808 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. " 809 "Trying to get from scan results"); 810 if (wpa_sm_get_beacon_ie(sm) < 0) { 811 wpa_printf(MSG_WARNING, "WPA: Could not find AP from " 812 "the scan results"); 813 } else { 814 wpa_printf(MSG_DEBUG, "WPA: Found the current AP from " 815 "updated scan results"); 816 } 817 } 818 819 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 820 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 821 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 822 "with IE in Beacon/ProbeResp (no IE?)", 823 src_addr, ie->wpa_ie, ie->wpa_ie_len, 824 ie->rsn_ie, ie->rsn_ie_len); 825 return -1; 826 } 827 828 if ((ie->wpa_ie && sm->ap_wpa_ie && 829 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 830 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 831 (ie->rsn_ie && sm->ap_rsn_ie && 832 (ie->rsn_ie_len != sm->ap_rsn_ie_len || 833 os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) { 834 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 835 "with IE in Beacon/ProbeResp", 836 src_addr, ie->wpa_ie, ie->wpa_ie_len, 837 ie->rsn_ie, ie->rsn_ie_len); 838 return -1; 839 } 840 841 if (sm->proto == WPA_PROTO_WPA && 842 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 843 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 844 "detected - RSN was enabled and RSN IE " 845 "was in msg 3/4, but not in " 846 "Beacon/ProbeResp", 847 src_addr, ie->wpa_ie, ie->wpa_ie_len, 848 ie->rsn_ie, ie->rsn_ie_len); 849 return -1; 850 } 851 852 #ifdef CONFIG_IEEE80211R 853 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 854 struct rsn_mdie *mdie; 855 /* TODO: verify that full MDIE matches with the one from scan 856 * results, not only mobility domain */ 857 mdie = (struct rsn_mdie *) (ie->mdie + 2); 858 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 859 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 860 MOBILITY_DOMAIN_ID_LEN) != 0) { 861 wpa_printf(MSG_DEBUG, "FT: MDIE in msg 3/4 did not " 862 "match with the current mobility domain"); 863 return -1; 864 } 865 } 866 #endif /* CONFIG_IEEE80211R */ 867 868 return 0; 869 } 870 871 872 /** 873 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 874 * @sm: Pointer to WPA state machine data from wpa_sm_init() 875 * @dst: Destination address for the frame 876 * @key: Pointer to the EAPOL-Key frame header 877 * @ver: Version bits from EAPOL-Key Key Info 878 * @key_info: Key Info 879 * @kde: KDEs to include the EAPOL-Key frame 880 * @kde_len: Length of KDEs 881 * @ptk: PTK to use for keyed hash and encryption 882 * Returns: 0 on success, -1 on failure 883 */ 884 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 885 const struct wpa_eapol_key *key, 886 u16 ver, u16 key_info, 887 const u8 *kde, size_t kde_len, 888 struct wpa_ptk *ptk) 889 { 890 size_t rlen; 891 struct wpa_eapol_key *reply; 892 u8 *rbuf; 893 894 if (kde) 895 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len); 896 897 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 898 sizeof(*reply) + kde_len, 899 &rlen, (void *) &reply); 900 if (rbuf == NULL) 901 return -1; 902 903 reply->type = sm->proto == WPA_PROTO_RSN ? 904 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 905 key_info &= WPA_KEY_INFO_SECURE; 906 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 907 WPA_PUT_BE16(reply->key_info, key_info); 908 if (sm->proto == WPA_PROTO_RSN) 909 WPA_PUT_BE16(reply->key_length, 0); 910 else 911 os_memcpy(reply->key_length, key->key_length, 2); 912 os_memcpy(reply->replay_counter, key->replay_counter, 913 WPA_REPLAY_COUNTER_LEN); 914 915 WPA_PUT_BE16(reply->key_data_length, kde_len); 916 if (kde) 917 os_memcpy(reply + 1, kde, kde_len); 918 919 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 920 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 921 rbuf, rlen, reply->key_mic); 922 923 return 0; 924 } 925 926 927 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 928 const struct wpa_eapol_key *key, 929 u16 ver) 930 { 931 u16 key_info, keylen, len; 932 const u8 *pos; 933 struct wpa_eapol_ie_parse ie; 934 935 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 936 wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from " 937 MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 938 939 key_info = WPA_GET_BE16(key->key_info); 940 941 pos = (const u8 *) (key + 1); 942 len = WPA_GET_BE16(key->key_data_length); 943 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len); 944 wpa_supplicant_parse_ies(pos, len, &ie); 945 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 946 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data"); 947 return; 948 } 949 #ifdef CONFIG_IEEE80211W 950 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 951 wpa_printf(MSG_WARNING, "WPA: IGTK KDE in unencrypted key " 952 "data"); 953 return; 954 } 955 956 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) { 957 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu", 958 (unsigned long) ie.igtk_len); 959 return; 960 } 961 #endif /* CONFIG_IEEE80211W */ 962 963 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 964 return; 965 966 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 967 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way " 968 "Handshake differs from 3 of 4-Way Handshake - drop" 969 " packet (src=" MACSTR ")", MAC2STR(sm->bssid)); 970 return; 971 } 972 973 keylen = WPA_GET_BE16(key->key_length); 974 switch (sm->pairwise_cipher) { 975 case WPA_CIPHER_CCMP: 976 if (keylen != 16) { 977 wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length " 978 "%d (src=" MACSTR ")", 979 keylen, MAC2STR(sm->bssid)); 980 return; 981 } 982 break; 983 case WPA_CIPHER_TKIP: 984 if (keylen != 32) { 985 wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length " 986 "%d (src=" MACSTR ")", 987 keylen, MAC2STR(sm->bssid)); 988 return; 989 } 990 break; 991 } 992 993 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 994 NULL, 0, &sm->ptk)) 995 return; 996 997 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 998 * for the next 4-Way Handshake. If msg 3 is received again, the old 999 * SNonce will still be used to avoid changing PTK. */ 1000 sm->renew_snonce = 1; 1001 1002 if (key_info & WPA_KEY_INFO_INSTALL) { 1003 wpa_supplicant_install_ptk(sm, key); 1004 } 1005 1006 if (key_info & WPA_KEY_INFO_SECURE) { 1007 wpa_sm_mlme_setprotection( 1008 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1009 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1010 eapol_sm_notify_portValid(sm->eapol, TRUE); 1011 } 1012 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1013 1014 if (ie.gtk && 1015 wpa_supplicant_pairwise_gtk(sm, key, 1016 ie.gtk, ie.gtk_len, key_info) < 0) { 1017 wpa_printf(MSG_INFO, "RSN: Failed to configure GTK"); 1018 } 1019 1020 if (ieee80211w_set_keys(sm, &ie) < 0) 1021 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK"); 1022 } 1023 1024 1025 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1026 const u8 *keydata, 1027 size_t keydatalen, 1028 u16 key_info, 1029 struct wpa_gtk_data *gd) 1030 { 1031 int maxkeylen; 1032 struct wpa_eapol_ie_parse ie; 1033 1034 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1035 wpa_supplicant_parse_ies(keydata, keydatalen, &ie); 1036 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1037 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data"); 1038 return -1; 1039 } 1040 if (ie.gtk == NULL) { 1041 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2"); 1042 return -1; 1043 } 1044 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1045 1046 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 1047 gd->gtk_len, maxkeylen, 1048 &gd->key_rsc_len, &gd->alg)) 1049 return -1; 1050 1051 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake", 1052 ie.gtk, ie.gtk_len); 1053 gd->keyidx = ie.gtk[0] & 0x3; 1054 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1055 !!(ie.gtk[0] & BIT(2))); 1056 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1057 wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE " 1058 "(len=%lu)", (unsigned long) ie.gtk_len - 2); 1059 return -1; 1060 } 1061 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1062 1063 if (ieee80211w_set_keys(sm, &ie) < 0) 1064 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK"); 1065 1066 return 0; 1067 } 1068 1069 1070 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1071 const struct wpa_eapol_key *key, 1072 size_t keydatalen, int key_info, 1073 size_t extra_len, u16 ver, 1074 struct wpa_gtk_data *gd) 1075 { 1076 size_t maxkeylen; 1077 u8 ek[32]; 1078 1079 gd->gtk_len = WPA_GET_BE16(key->key_length); 1080 maxkeylen = keydatalen; 1081 if (keydatalen > extra_len) { 1082 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:" 1083 " key_data_length=%lu > extra_len=%lu", 1084 (unsigned long) keydatalen, 1085 (unsigned long) extra_len); 1086 return -1; 1087 } 1088 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1089 if (maxkeylen < 8) { 1090 wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)", 1091 (unsigned long) maxkeylen); 1092 return -1; 1093 } 1094 maxkeylen -= 8; 1095 } 1096 1097 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 1098 gd->gtk_len, maxkeylen, 1099 &gd->key_rsc_len, &gd->alg)) 1100 return -1; 1101 1102 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1103 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1104 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1105 os_memcpy(ek, key->key_iv, 16); 1106 os_memcpy(ek + 16, sm->ptk.kek, 16); 1107 if (keydatalen > sizeof(gd->gtk)) { 1108 wpa_printf(MSG_WARNING, "WPA: RC4 key data " 1109 "too long (%lu)", 1110 (unsigned long) keydatalen); 1111 return -1; 1112 } 1113 os_memcpy(gd->gtk, key + 1, keydatalen); 1114 rc4_skip(ek, 32, 256, gd->gtk, keydatalen); 1115 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1116 if (keydatalen % 8) { 1117 wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP " 1118 "len %lu", (unsigned long) keydatalen); 1119 return -1; 1120 } 1121 if (maxkeylen > sizeof(gd->gtk)) { 1122 wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data " 1123 "too long (keydatalen=%lu maxkeylen=%lu)", 1124 (unsigned long) keydatalen, 1125 (unsigned long) maxkeylen); 1126 return -1; 1127 } 1128 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8, 1129 (const u8 *) (key + 1), gd->gtk)) { 1130 wpa_printf(MSG_WARNING, "WPA: AES unwrap " 1131 "failed - could not decrypt GTK"); 1132 return -1; 1133 } 1134 } else { 1135 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d", 1136 ver); 1137 return -1; 1138 } 1139 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1140 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1141 return 0; 1142 } 1143 1144 1145 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1146 const struct wpa_eapol_key *key, 1147 int ver, u16 key_info) 1148 { 1149 size_t rlen; 1150 struct wpa_eapol_key *reply; 1151 u8 *rbuf; 1152 1153 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1154 sizeof(*reply), &rlen, (void *) &reply); 1155 if (rbuf == NULL) 1156 return -1; 1157 1158 reply->type = sm->proto == WPA_PROTO_RSN ? 1159 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1160 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1161 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1162 WPA_PUT_BE16(reply->key_info, key_info); 1163 if (sm->proto == WPA_PROTO_RSN) 1164 WPA_PUT_BE16(reply->key_length, 0); 1165 else 1166 os_memcpy(reply->key_length, key->key_length, 2); 1167 os_memcpy(reply->replay_counter, key->replay_counter, 1168 WPA_REPLAY_COUNTER_LEN); 1169 1170 WPA_PUT_BE16(reply->key_data_length, 0); 1171 1172 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1173 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL, 1174 rbuf, rlen, reply->key_mic); 1175 1176 return 0; 1177 } 1178 1179 1180 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1181 const unsigned char *src_addr, 1182 const struct wpa_eapol_key *key, 1183 int extra_len, u16 ver) 1184 { 1185 u16 key_info, keydatalen; 1186 int rekey, ret; 1187 struct wpa_gtk_data gd; 1188 1189 os_memset(&gd, 0, sizeof(gd)); 1190 1191 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1192 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from " 1193 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1194 1195 key_info = WPA_GET_BE16(key->key_info); 1196 keydatalen = WPA_GET_BE16(key->key_data_length); 1197 1198 if (sm->proto == WPA_PROTO_RSN) { 1199 ret = wpa_supplicant_process_1_of_2_rsn(sm, 1200 (const u8 *) (key + 1), 1201 keydatalen, key_info, 1202 &gd); 1203 } else { 1204 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen, 1205 key_info, extra_len, 1206 ver, &gd); 1207 } 1208 1209 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1210 1211 if (ret) 1212 return; 1213 1214 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1215 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1216 return; 1217 1218 if (rekey) { 1219 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying " 1220 "completed with " MACSTR " [GTK=%s]", 1221 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1222 wpa_sm_cancel_auth_timeout(sm); 1223 wpa_sm_set_state(sm, WPA_COMPLETED); 1224 } else { 1225 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1226 key_info & 1227 WPA_KEY_INFO_SECURE); 1228 } 1229 } 1230 1231 1232 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1233 struct wpa_eapol_key *key, 1234 u16 ver, 1235 const u8 *buf, size_t len) 1236 { 1237 u8 mic[16]; 1238 int ok = 0; 1239 1240 os_memcpy(mic, key->key_mic, 16); 1241 if (sm->tptk_set) { 1242 os_memset(key->key_mic, 0, 16); 1243 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len, 1244 key->key_mic); 1245 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1246 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1247 "when using TPTK - ignoring TPTK"); 1248 } else { 1249 ok = 1; 1250 sm->tptk_set = 0; 1251 sm->ptk_set = 1; 1252 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1253 } 1254 } 1255 1256 if (!ok && sm->ptk_set) { 1257 os_memset(key->key_mic, 0, 16); 1258 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len, 1259 key->key_mic); 1260 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1261 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1262 "- dropping packet"); 1263 return -1; 1264 } 1265 ok = 1; 1266 } 1267 1268 if (!ok) { 1269 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC " 1270 "- dropping packet"); 1271 return -1; 1272 } 1273 1274 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1275 WPA_REPLAY_COUNTER_LEN); 1276 sm->rx_replay_counter_set = 1; 1277 return 0; 1278 } 1279 1280 1281 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1282 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1283 struct wpa_eapol_key *key, u16 ver) 1284 { 1285 u16 keydatalen = WPA_GET_BE16(key->key_data_length); 1286 1287 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1288 (u8 *) (key + 1), keydatalen); 1289 if (!sm->ptk_set) { 1290 wpa_printf(MSG_WARNING, "WPA: PTK not available, " 1291 "cannot decrypt EAPOL-Key key data."); 1292 return -1; 1293 } 1294 1295 /* Decrypt key data here so that this operation does not need 1296 * to be implemented separately for each message type. */ 1297 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1298 u8 ek[32]; 1299 os_memcpy(ek, key->key_iv, 16); 1300 os_memcpy(ek + 16, sm->ptk.kek, 16); 1301 rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen); 1302 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1303 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1304 u8 *buf; 1305 if (keydatalen % 8) { 1306 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1307 "AES-WRAP len %d", keydatalen); 1308 return -1; 1309 } 1310 keydatalen -= 8; /* AES-WRAP adds 8 bytes */ 1311 buf = os_malloc(keydatalen); 1312 if (buf == NULL) { 1313 wpa_printf(MSG_WARNING, "WPA: No memory for " 1314 "AES-UNWRAP buffer"); 1315 return -1; 1316 } 1317 if (aes_unwrap(sm->ptk.kek, keydatalen / 8, 1318 (u8 *) (key + 1), buf)) { 1319 os_free(buf); 1320 wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - " 1321 "could not decrypt EAPOL-Key key data"); 1322 return -1; 1323 } 1324 os_memcpy(key + 1, buf, keydatalen); 1325 os_free(buf); 1326 WPA_PUT_BE16(key->key_data_length, keydatalen); 1327 } else { 1328 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d", 1329 ver); 1330 return -1; 1331 } 1332 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1333 (u8 *) (key + 1), keydatalen); 1334 return 0; 1335 } 1336 1337 1338 /** 1339 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1340 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1341 */ 1342 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1343 { 1344 if (sm && sm->cur_pmksa) { 1345 wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt"); 1346 sm->cur_pmksa = NULL; 1347 } 1348 } 1349 1350 1351 static void wpa_eapol_key_dump(const struct wpa_eapol_key *key) 1352 { 1353 #ifndef CONFIG_NO_STDOUT_DEBUG 1354 u16 key_info = WPA_GET_BE16(key->key_info); 1355 1356 wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1357 wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s" 1358 "%s%s%s%s%s%s%s)", 1359 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1360 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1361 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1362 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1363 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1364 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1365 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1366 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1367 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1368 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1369 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1370 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1371 wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u", 1372 WPA_GET_BE16(key->key_length), 1373 WPA_GET_BE16(key->key_data_length)); 1374 wpa_hexdump(MSG_DEBUG, " replay_counter", 1375 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1376 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1377 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1378 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1379 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1380 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16); 1381 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1382 } 1383 1384 1385 /** 1386 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1387 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1388 * @src_addr: Source MAC address of the EAPOL packet 1389 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1390 * @len: Length of the EAPOL frame 1391 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1392 * 1393 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1394 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1395 * only processing WPA and WPA2 EAPOL-Key frames. 1396 * 1397 * The received EAPOL-Key packets are validated and valid packets are replied 1398 * to. In addition, key material (PTK, GTK) is configured at the end of a 1399 * successful key handshake. 1400 */ 1401 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1402 const u8 *buf, size_t len) 1403 { 1404 size_t plen, data_len, extra_len; 1405 struct ieee802_1x_hdr *hdr; 1406 struct wpa_eapol_key *key; 1407 u16 key_info, ver; 1408 u8 *tmp; 1409 int ret = -1; 1410 struct wpa_peerkey *peerkey = NULL; 1411 1412 #ifdef CONFIG_IEEE80211R 1413 sm->ft_completed = 0; 1414 #endif /* CONFIG_IEEE80211R */ 1415 1416 if (len < sizeof(*hdr) + sizeof(*key)) { 1417 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " 1418 "EAPOL-Key (len %lu, expecting at least %lu)", 1419 (unsigned long) len, 1420 (unsigned long) sizeof(*hdr) + sizeof(*key)); 1421 return 0; 1422 } 1423 1424 tmp = os_malloc(len); 1425 if (tmp == NULL) 1426 return -1; 1427 os_memcpy(tmp, buf, len); 1428 1429 hdr = (struct ieee802_1x_hdr *) tmp; 1430 key = (struct wpa_eapol_key *) (hdr + 1); 1431 plen = be_to_host16(hdr->length); 1432 data_len = plen + sizeof(*hdr); 1433 wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu", 1434 hdr->version, hdr->type, (unsigned long) plen); 1435 1436 if (hdr->version < EAPOL_VERSION) { 1437 /* TODO: backwards compatibility */ 1438 } 1439 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1440 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, " 1441 "not a Key frame", hdr->type); 1442 ret = 0; 1443 goto out; 1444 } 1445 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 1446 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu " 1447 "invalid (frame size %lu)", 1448 (unsigned long) plen, (unsigned long) len); 1449 ret = 0; 1450 goto out; 1451 } 1452 1453 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1454 { 1455 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, " 1456 "discarded", key->type); 1457 ret = 0; 1458 goto out; 1459 } 1460 wpa_eapol_key_dump(key); 1461 1462 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1463 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len); 1464 if (data_len < len) { 1465 wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " 1466 "802.1X data", (unsigned long) len - data_len); 1467 } 1468 key_info = WPA_GET_BE16(key->key_info); 1469 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1470 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1471 #ifdef CONFIG_IEEE80211R 1472 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1473 #endif /* CONFIG_IEEE80211R */ 1474 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1475 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor " 1476 "version %d.", ver); 1477 goto out; 1478 } 1479 1480 #ifdef CONFIG_IEEE80211R 1481 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1482 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1483 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1484 wpa_printf(MSG_INFO, "FT: AP did not use " 1485 "AES-128-CMAC."); 1486 goto out; 1487 } 1488 } else 1489 #endif /* CONFIG_IEEE80211R */ 1490 #ifdef CONFIG_IEEE80211W 1491 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1492 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1493 wpa_printf(MSG_INFO, "WPA: AP did not use the " 1494 "negotiated AES-128-CMAC."); 1495 goto out; 1496 } 1497 } else 1498 #endif /* CONFIG_IEEE80211W */ 1499 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1500 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1501 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key " 1502 "descriptor version (%d) is not 2.", ver); 1503 if (sm->group_cipher != WPA_CIPHER_CCMP && 1504 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1505 /* Earlier versions of IEEE 802.11i did not explicitly 1506 * require version 2 descriptor for all EAPOL-Key 1507 * packets, so allow group keys to use version 1 if 1508 * CCMP is not used for them. */ 1509 wpa_printf(MSG_INFO, "WPA: Backwards compatibility: " 1510 "allow invalid version for non-CCMP group " 1511 "keys"); 1512 } else 1513 goto out; 1514 } 1515 1516 #ifdef CONFIG_PEERKEY 1517 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1518 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1519 break; 1520 } 1521 1522 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1523 if (!peerkey->initiator && peerkey->replay_counter_set && 1524 os_memcmp(key->replay_counter, peerkey->replay_counter, 1525 WPA_REPLAY_COUNTER_LEN) <= 0) { 1526 wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay " 1527 "Counter did not increase (STK) - dropping " 1528 "packet"); 1529 goto out; 1530 } else if (peerkey->initiator) { 1531 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1532 os_memcpy(_tmp, key->replay_counter, 1533 WPA_REPLAY_COUNTER_LEN); 1534 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1535 if (os_memcmp(_tmp, peerkey->replay_counter, 1536 WPA_REPLAY_COUNTER_LEN) != 0) { 1537 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay " 1538 "Counter did not match (STK) - " 1539 "dropping packet"); 1540 goto out; 1541 } 1542 } 1543 } 1544 1545 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1546 wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer"); 1547 goto out; 1548 } 1549 #endif /* CONFIG_PEERKEY */ 1550 1551 if (!peerkey && sm->rx_replay_counter_set && 1552 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1553 WPA_REPLAY_COUNTER_LEN) <= 0) { 1554 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not" 1555 " increase - dropping packet"); 1556 goto out; 1557 } 1558 1559 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1560 #ifdef CONFIG_PEERKEY 1561 && (peerkey == NULL || !peerkey->initiator) 1562 #endif /* CONFIG_PEERKEY */ 1563 ) { 1564 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info"); 1565 goto out; 1566 } 1567 1568 if (key_info & WPA_KEY_INFO_REQUEST) { 1569 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - " 1570 "dropped"); 1571 goto out; 1572 } 1573 1574 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1575 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) 1576 goto out; 1577 1578 #ifdef CONFIG_PEERKEY 1579 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1580 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len)) 1581 goto out; 1582 #endif /* CONFIG_PEERKEY */ 1583 1584 extra_len = data_len - sizeof(*hdr) - sizeof(*key); 1585 1586 if (WPA_GET_BE16(key->key_data_length) > extra_len) { 1587 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1588 "frame - key_data overflow (%d > %lu)", 1589 WPA_GET_BE16(key->key_data_length), 1590 (unsigned long) extra_len); 1591 goto out; 1592 } 1593 extra_len = WPA_GET_BE16(key->key_data_length); 1594 1595 if (sm->proto == WPA_PROTO_RSN && 1596 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1597 if (wpa_supplicant_decrypt_key_data(sm, key, ver)) 1598 goto out; 1599 extra_len = WPA_GET_BE16(key->key_data_length); 1600 } 1601 1602 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1603 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1604 wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key " 1605 "(Pairwise) with non-zero key index"); 1606 goto out; 1607 } 1608 if (peerkey) { 1609 /* PeerKey 4-Way Handshake */ 1610 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver); 1611 } else if (key_info & WPA_KEY_INFO_MIC) { 1612 /* 3/4 4-Way Handshake */ 1613 wpa_supplicant_process_3_of_4(sm, key, ver); 1614 } else { 1615 /* 1/4 4-Way Handshake */ 1616 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1617 ver); 1618 } 1619 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1620 /* PeerKey SMK Handshake */ 1621 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info, 1622 ver); 1623 } else { 1624 if (key_info & WPA_KEY_INFO_MIC) { 1625 /* 1/2 Group Key Handshake */ 1626 wpa_supplicant_process_1_of_2(sm, src_addr, key, 1627 extra_len, ver); 1628 } else { 1629 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) " 1630 "without Mic bit - dropped"); 1631 } 1632 } 1633 1634 ret = 1; 1635 1636 out: 1637 os_free(tmp); 1638 return ret; 1639 } 1640 1641 1642 #ifdef CONFIG_CTRL_IFACE 1643 static int wpa_cipher_bits(int cipher) 1644 { 1645 switch (cipher) { 1646 case WPA_CIPHER_CCMP: 1647 return 128; 1648 case WPA_CIPHER_TKIP: 1649 return 256; 1650 case WPA_CIPHER_WEP104: 1651 return 104; 1652 case WPA_CIPHER_WEP40: 1653 return 40; 1654 default: 1655 return 0; 1656 } 1657 } 1658 1659 1660 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 1661 { 1662 switch (sm->key_mgmt) { 1663 case WPA_KEY_MGMT_IEEE8021X: 1664 return (sm->proto == WPA_PROTO_RSN ? 1665 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 1666 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 1667 case WPA_KEY_MGMT_PSK: 1668 return (sm->proto == WPA_PROTO_RSN ? 1669 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 1670 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 1671 #ifdef CONFIG_IEEE80211R 1672 case WPA_KEY_MGMT_FT_IEEE8021X: 1673 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1674 case WPA_KEY_MGMT_FT_PSK: 1675 return RSN_AUTH_KEY_MGMT_FT_PSK; 1676 #endif /* CONFIG_IEEE80211R */ 1677 #ifdef CONFIG_IEEE80211W 1678 case WPA_KEY_MGMT_IEEE8021X_SHA256: 1679 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1680 case WPA_KEY_MGMT_PSK_SHA256: 1681 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1682 #endif /* CONFIG_IEEE80211W */ 1683 case WPA_KEY_MGMT_WPA_NONE: 1684 return WPA_AUTH_KEY_MGMT_NONE; 1685 default: 1686 return 0; 1687 } 1688 } 1689 1690 1691 static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher) 1692 { 1693 switch (cipher) { 1694 case WPA_CIPHER_CCMP: 1695 return (sm->proto == WPA_PROTO_RSN ? 1696 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); 1697 case WPA_CIPHER_TKIP: 1698 return (sm->proto == WPA_PROTO_RSN ? 1699 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); 1700 case WPA_CIPHER_WEP104: 1701 return (sm->proto == WPA_PROTO_RSN ? 1702 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); 1703 case WPA_CIPHER_WEP40: 1704 return (sm->proto == WPA_PROTO_RSN ? 1705 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); 1706 case WPA_CIPHER_NONE: 1707 return (sm->proto == WPA_PROTO_RSN ? 1708 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); 1709 default: 1710 return 0; 1711 } 1712 } 1713 1714 1715 #define RSN_SUITE "%02x-%02x-%02x-%d" 1716 #define RSN_SUITE_ARG(s) \ 1717 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 1718 1719 /** 1720 * wpa_sm_get_mib - Dump text list of MIB entries 1721 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1722 * @buf: Buffer for the list 1723 * @buflen: Length of the buffer 1724 * Returns: Number of bytes written to buffer 1725 * 1726 * This function is used fetch dot11 MIB variables. 1727 */ 1728 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 1729 { 1730 char pmkid_txt[PMKID_LEN * 2 + 1]; 1731 int rsna, ret; 1732 size_t len; 1733 1734 if (sm->cur_pmksa) { 1735 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 1736 sm->cur_pmksa->pmkid, PMKID_LEN); 1737 } else 1738 pmkid_txt[0] = '\0'; 1739 1740 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 1741 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 1742 sm->proto == WPA_PROTO_RSN) 1743 rsna = 1; 1744 else 1745 rsna = 0; 1746 1747 ret = os_snprintf(buf, buflen, 1748 "dot11RSNAOptionImplemented=TRUE\n" 1749 "dot11RSNAPreauthenticationImplemented=TRUE\n" 1750 "dot11RSNAEnabled=%s\n" 1751 "dot11RSNAPreauthenticationEnabled=%s\n" 1752 "dot11RSNAConfigVersion=%d\n" 1753 "dot11RSNAConfigPairwiseKeysSupported=5\n" 1754 "dot11RSNAConfigGroupCipherSize=%d\n" 1755 "dot11RSNAConfigPMKLifetime=%d\n" 1756 "dot11RSNAConfigPMKReauthThreshold=%d\n" 1757 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 1758 "dot11RSNAConfigSATimeout=%d\n", 1759 rsna ? "TRUE" : "FALSE", 1760 rsna ? "TRUE" : "FALSE", 1761 RSN_VERSION, 1762 wpa_cipher_bits(sm->group_cipher), 1763 sm->dot11RSNAConfigPMKLifetime, 1764 sm->dot11RSNAConfigPMKReauthThreshold, 1765 sm->dot11RSNAConfigSATimeout); 1766 if (ret < 0 || (size_t) ret >= buflen) 1767 return 0; 1768 len = ret; 1769 1770 ret = os_snprintf( 1771 buf + len, buflen - len, 1772 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 1773 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 1774 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 1775 "dot11RSNAPMKIDUsed=%s\n" 1776 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 1777 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 1778 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 1779 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 1780 "dot11RSNA4WayHandshakeFailures=%u\n", 1781 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1782 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1783 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1784 pmkid_txt, 1785 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1786 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1787 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1788 sm->dot11RSNA4WayHandshakeFailures); 1789 if (ret >= 0 && (size_t) ret < buflen) 1790 len += ret; 1791 1792 return (int) len; 1793 } 1794 #endif /* CONFIG_CTRL_IFACE */ 1795 1796 1797 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 1798 void *ctx, int replace) 1799 { 1800 struct wpa_sm *sm = ctx; 1801 1802 if (sm->cur_pmksa == entry || 1803 (sm->pmk_len == entry->pmk_len && 1804 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 1805 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry"); 1806 sm->cur_pmksa = NULL; 1807 1808 if (replace) { 1809 /* A new entry is being added, so no need to 1810 * deauthenticate in this case. This happens when EAP 1811 * authentication is completed again (reauth or failed 1812 * PMKSA caching attempt). */ 1813 return; 1814 } 1815 1816 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 1817 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1818 } 1819 } 1820 1821 1822 /** 1823 * wpa_sm_init - Initialize WPA state machine 1824 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 1825 * Returns: Pointer to the allocated WPA state machine data 1826 * 1827 * This function is used to allocate a new WPA state machine and the returned 1828 * value is passed to all WPA state machine calls. 1829 */ 1830 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 1831 { 1832 struct wpa_sm *sm; 1833 1834 sm = os_zalloc(sizeof(*sm)); 1835 if (sm == NULL) 1836 return NULL; 1837 sm->renew_snonce = 1; 1838 sm->ctx = ctx; 1839 1840 sm->dot11RSNAConfigPMKLifetime = 43200; 1841 sm->dot11RSNAConfigPMKReauthThreshold = 70; 1842 sm->dot11RSNAConfigSATimeout = 60; 1843 1844 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 1845 if (sm->pmksa == NULL) { 1846 wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization " 1847 "failed"); 1848 os_free(sm); 1849 return NULL; 1850 } 1851 1852 return sm; 1853 } 1854 1855 1856 /** 1857 * wpa_sm_deinit - Deinitialize WPA state machine 1858 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1859 */ 1860 void wpa_sm_deinit(struct wpa_sm *sm) 1861 { 1862 if (sm == NULL) 1863 return; 1864 pmksa_cache_deinit(sm->pmksa); 1865 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 1866 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 1867 os_free(sm->assoc_wpa_ie); 1868 os_free(sm->ap_wpa_ie); 1869 os_free(sm->ap_rsn_ie); 1870 os_free(sm->ctx); 1871 peerkey_deinit(sm); 1872 os_free(sm); 1873 } 1874 1875 1876 /** 1877 * wpa_sm_notify_assoc - Notify WPA state machine about association 1878 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1879 * @bssid: The BSSID of the new association 1880 * 1881 * This function is called to let WPA state machine know that the connection 1882 * was established. 1883 */ 1884 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 1885 { 1886 int clear_ptk = 1; 1887 1888 if (sm == NULL) 1889 return; 1890 1891 wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter"); 1892 os_memcpy(sm->bssid, bssid, ETH_ALEN); 1893 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 1894 sm->rx_replay_counter_set = 0; 1895 sm->renew_snonce = 1; 1896 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 1897 rsn_preauth_deinit(sm); 1898 1899 #ifdef CONFIG_IEEE80211R 1900 if (wpa_ft_is_completed(sm)) { 1901 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 1902 1903 /* Prepare for the next transition */ 1904 wpa_ft_prepare_auth_request(sm); 1905 1906 clear_ptk = 0; 1907 } 1908 #endif /* CONFIG_IEEE80211R */ 1909 1910 if (clear_ptk) { 1911 /* 1912 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 1913 * this is not part of a Fast BSS Transition. 1914 */ 1915 wpa_printf(MSG_DEBUG, "WPA: Clear old PTK"); 1916 sm->ptk_set = 0; 1917 sm->tptk_set = 0; 1918 } 1919 } 1920 1921 1922 /** 1923 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 1924 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1925 * 1926 * This function is called to let WPA state machine know that the connection 1927 * was lost. This will abort any existing pre-authentication session. 1928 */ 1929 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 1930 { 1931 rsn_preauth_deinit(sm); 1932 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 1933 sm->dot11RSNA4WayHandshakeFailures++; 1934 } 1935 1936 1937 /** 1938 * wpa_sm_set_pmk - Set PMK 1939 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1940 * @pmk: The new PMK 1941 * @pmk_len: The length of the new PMK in bytes 1942 * 1943 * Configure the PMK for WPA state machine. 1944 */ 1945 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len) 1946 { 1947 if (sm == NULL) 1948 return; 1949 1950 sm->pmk_len = pmk_len; 1951 os_memcpy(sm->pmk, pmk, pmk_len); 1952 1953 #ifdef CONFIG_IEEE80211R 1954 /* Set XXKey to be PSK for FT key derivation */ 1955 sm->xxkey_len = pmk_len; 1956 os_memcpy(sm->xxkey, pmk, pmk_len); 1957 #endif /* CONFIG_IEEE80211R */ 1958 } 1959 1960 1961 /** 1962 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 1963 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1964 * 1965 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 1966 * will be cleared. 1967 */ 1968 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 1969 { 1970 if (sm == NULL) 1971 return; 1972 1973 if (sm->cur_pmksa) { 1974 sm->pmk_len = sm->cur_pmksa->pmk_len; 1975 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 1976 } else { 1977 sm->pmk_len = PMK_LEN; 1978 os_memset(sm->pmk, 0, PMK_LEN); 1979 } 1980 } 1981 1982 1983 /** 1984 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 1985 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1986 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 1987 */ 1988 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 1989 { 1990 if (sm) 1991 sm->fast_reauth = fast_reauth; 1992 } 1993 1994 1995 /** 1996 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 1997 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1998 * @scard_ctx: Context pointer for smartcard related callback functions 1999 */ 2000 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2001 { 2002 if (sm == NULL) 2003 return; 2004 sm->scard_ctx = scard_ctx; 2005 if (sm->preauth_eapol) 2006 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2007 } 2008 2009 2010 /** 2011 * wpa_sm_set_config - Notification of current configration change 2012 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2013 * @config: Pointer to current network configuration 2014 * 2015 * Notify WPA state machine that configuration has changed. config will be 2016 * stored as a backpointer to network configuration. This can be %NULL to clear 2017 * the stored pointed. 2018 */ 2019 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2020 { 2021 if (!sm) 2022 return; 2023 2024 if (config) { 2025 sm->network_ctx = config->network_ctx; 2026 sm->peerkey_enabled = config->peerkey_enabled; 2027 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2028 sm->proactive_key_caching = config->proactive_key_caching; 2029 sm->eap_workaround = config->eap_workaround; 2030 sm->eap_conf_ctx = config->eap_conf_ctx; 2031 if (config->ssid) { 2032 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2033 sm->ssid_len = config->ssid_len; 2034 } else 2035 sm->ssid_len = 0; 2036 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2037 } else { 2038 sm->network_ctx = NULL; 2039 sm->peerkey_enabled = 0; 2040 sm->allowed_pairwise_cipher = 0; 2041 sm->proactive_key_caching = 0; 2042 sm->eap_workaround = 0; 2043 sm->eap_conf_ctx = NULL; 2044 sm->ssid_len = 0; 2045 sm->wpa_ptk_rekey = 0; 2046 } 2047 if (config == NULL || config->network_ctx != sm->network_ctx) 2048 pmksa_cache_notify_reconfig(sm->pmksa); 2049 } 2050 2051 2052 /** 2053 * wpa_sm_set_own_addr - Set own MAC address 2054 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2055 * @addr: Own MAC address 2056 */ 2057 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2058 { 2059 if (sm) 2060 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2061 } 2062 2063 2064 /** 2065 * wpa_sm_set_ifname - Set network interface name 2066 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2067 * @ifname: Interface name 2068 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2069 */ 2070 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2071 const char *bridge_ifname) 2072 { 2073 if (sm) { 2074 sm->ifname = ifname; 2075 sm->bridge_ifname = bridge_ifname; 2076 } 2077 } 2078 2079 2080 /** 2081 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2082 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2083 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2084 */ 2085 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2086 { 2087 if (sm) 2088 sm->eapol = eapol; 2089 } 2090 2091 2092 /** 2093 * wpa_sm_set_param - Set WPA state machine parameters 2094 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2095 * @param: Parameter field 2096 * @value: Parameter value 2097 * Returns: 0 on success, -1 on failure 2098 */ 2099 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2100 unsigned int value) 2101 { 2102 int ret = 0; 2103 2104 if (sm == NULL) 2105 return -1; 2106 2107 switch (param) { 2108 case RSNA_PMK_LIFETIME: 2109 if (value > 0) 2110 sm->dot11RSNAConfigPMKLifetime = value; 2111 else 2112 ret = -1; 2113 break; 2114 case RSNA_PMK_REAUTH_THRESHOLD: 2115 if (value > 0 && value <= 100) 2116 sm->dot11RSNAConfigPMKReauthThreshold = value; 2117 else 2118 ret = -1; 2119 break; 2120 case RSNA_SA_TIMEOUT: 2121 if (value > 0) 2122 sm->dot11RSNAConfigSATimeout = value; 2123 else 2124 ret = -1; 2125 break; 2126 case WPA_PARAM_PROTO: 2127 sm->proto = value; 2128 break; 2129 case WPA_PARAM_PAIRWISE: 2130 sm->pairwise_cipher = value; 2131 break; 2132 case WPA_PARAM_GROUP: 2133 sm->group_cipher = value; 2134 break; 2135 case WPA_PARAM_KEY_MGMT: 2136 sm->key_mgmt = value; 2137 break; 2138 #ifdef CONFIG_IEEE80211W 2139 case WPA_PARAM_MGMT_GROUP: 2140 sm->mgmt_group_cipher = value; 2141 break; 2142 #endif /* CONFIG_IEEE80211W */ 2143 case WPA_PARAM_RSN_ENABLED: 2144 sm->rsn_enabled = value; 2145 break; 2146 default: 2147 break; 2148 } 2149 2150 return ret; 2151 } 2152 2153 2154 /** 2155 * wpa_sm_get_param - Get WPA state machine parameters 2156 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2157 * @param: Parameter field 2158 * Returns: Parameter value 2159 */ 2160 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param) 2161 { 2162 if (sm == NULL) 2163 return 0; 2164 2165 switch (param) { 2166 case RSNA_PMK_LIFETIME: 2167 return sm->dot11RSNAConfigPMKLifetime; 2168 case RSNA_PMK_REAUTH_THRESHOLD: 2169 return sm->dot11RSNAConfigPMKReauthThreshold; 2170 case RSNA_SA_TIMEOUT: 2171 return sm->dot11RSNAConfigSATimeout; 2172 case WPA_PARAM_PROTO: 2173 return sm->proto; 2174 case WPA_PARAM_PAIRWISE: 2175 return sm->pairwise_cipher; 2176 case WPA_PARAM_GROUP: 2177 return sm->group_cipher; 2178 case WPA_PARAM_KEY_MGMT: 2179 return sm->key_mgmt; 2180 #ifdef CONFIG_IEEE80211W 2181 case WPA_PARAM_MGMT_GROUP: 2182 return sm->mgmt_group_cipher; 2183 #endif /* CONFIG_IEEE80211W */ 2184 case WPA_PARAM_RSN_ENABLED: 2185 return sm->rsn_enabled; 2186 default: 2187 return 0; 2188 } 2189 } 2190 2191 2192 /** 2193 * wpa_sm_get_status - Get WPA state machine 2194 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2195 * @buf: Buffer for status information 2196 * @buflen: Maximum buffer length 2197 * @verbose: Whether to include verbose status information 2198 * Returns: Number of bytes written to buf. 2199 * 2200 * Query WPA state machine for status information. This function fills in 2201 * a text area with current status information. If the buffer (buf) is not 2202 * large enough, status information will be truncated to fit the buffer. 2203 */ 2204 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2205 int verbose) 2206 { 2207 char *pos = buf, *end = buf + buflen; 2208 int ret; 2209 2210 ret = os_snprintf(pos, end - pos, 2211 "pairwise_cipher=%s\n" 2212 "group_cipher=%s\n" 2213 "key_mgmt=%s\n", 2214 wpa_cipher_txt(sm->pairwise_cipher), 2215 wpa_cipher_txt(sm->group_cipher), 2216 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2217 if (ret < 0 || ret >= end - pos) 2218 return pos - buf; 2219 pos += ret; 2220 return pos - buf; 2221 } 2222 2223 2224 /** 2225 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2226 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2227 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2228 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2229 * Returns: 0 on success, -1 on failure 2230 */ 2231 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2232 size_t *wpa_ie_len) 2233 { 2234 int res; 2235 2236 if (sm == NULL) 2237 return -1; 2238 2239 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2240 if (res < 0) 2241 return -1; 2242 *wpa_ie_len = res; 2243 2244 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2245 wpa_ie, *wpa_ie_len); 2246 2247 if (sm->assoc_wpa_ie == NULL) { 2248 /* 2249 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2250 * the correct version of the IE even if PMKSA caching is 2251 * aborted (which would remove PMKID from IE generation). 2252 */ 2253 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2254 if (sm->assoc_wpa_ie == NULL) 2255 return -1; 2256 2257 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2258 sm->assoc_wpa_ie_len = *wpa_ie_len; 2259 } 2260 2261 return 0; 2262 } 2263 2264 2265 /** 2266 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2267 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2268 * @ie: Pointer to IE data (starting from id) 2269 * @len: IE length 2270 * Returns: 0 on success, -1 on failure 2271 * 2272 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2273 * Request frame. The IE will be used to override the default value generated 2274 * with wpa_sm_set_assoc_wpa_ie_default(). 2275 */ 2276 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2277 { 2278 if (sm == NULL) 2279 return -1; 2280 2281 os_free(sm->assoc_wpa_ie); 2282 if (ie == NULL || len == 0) { 2283 wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE"); 2284 sm->assoc_wpa_ie = NULL; 2285 sm->assoc_wpa_ie_len = 0; 2286 } else { 2287 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2288 sm->assoc_wpa_ie = os_malloc(len); 2289 if (sm->assoc_wpa_ie == NULL) 2290 return -1; 2291 2292 os_memcpy(sm->assoc_wpa_ie, ie, len); 2293 sm->assoc_wpa_ie_len = len; 2294 } 2295 2296 return 0; 2297 } 2298 2299 2300 /** 2301 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2302 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2303 * @ie: Pointer to IE data (starting from id) 2304 * @len: IE length 2305 * Returns: 0 on success, -1 on failure 2306 * 2307 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2308 * frame. 2309 */ 2310 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2311 { 2312 if (sm == NULL) 2313 return -1; 2314 2315 os_free(sm->ap_wpa_ie); 2316 if (ie == NULL || len == 0) { 2317 wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE"); 2318 sm->ap_wpa_ie = NULL; 2319 sm->ap_wpa_ie_len = 0; 2320 } else { 2321 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2322 sm->ap_wpa_ie = os_malloc(len); 2323 if (sm->ap_wpa_ie == NULL) 2324 return -1; 2325 2326 os_memcpy(sm->ap_wpa_ie, ie, len); 2327 sm->ap_wpa_ie_len = len; 2328 } 2329 2330 return 0; 2331 } 2332 2333 2334 /** 2335 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2336 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2337 * @ie: Pointer to IE data (starting from id) 2338 * @len: IE length 2339 * Returns: 0 on success, -1 on failure 2340 * 2341 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2342 * frame. 2343 */ 2344 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2345 { 2346 if (sm == NULL) 2347 return -1; 2348 2349 os_free(sm->ap_rsn_ie); 2350 if (ie == NULL || len == 0) { 2351 wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE"); 2352 sm->ap_rsn_ie = NULL; 2353 sm->ap_rsn_ie_len = 0; 2354 } else { 2355 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2356 sm->ap_rsn_ie = os_malloc(len); 2357 if (sm->ap_rsn_ie == NULL) 2358 return -1; 2359 2360 os_memcpy(sm->ap_rsn_ie, ie, len); 2361 sm->ap_rsn_ie_len = len; 2362 } 2363 2364 return 0; 2365 } 2366 2367 2368 /** 2369 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2370 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2371 * @data: Pointer to data area for parsing results 2372 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2373 * 2374 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2375 * parsed data into data. 2376 */ 2377 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2378 { 2379 if (sm == NULL || sm->assoc_wpa_ie == NULL) { 2380 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from " 2381 "association info"); 2382 return -1; 2383 } 2384 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2385 return -2; 2386 return 0; 2387 } 2388