1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/aes_wrap.h" 13 #include "crypto/crypto.h" 14 #include "crypto/random.h" 15 #include "common/ieee802_11_defs.h" 16 #include "eapol_supp/eapol_supp_sm.h" 17 #include "wpa.h" 18 #include "eloop.h" 19 #include "preauth.h" 20 #include "pmksa_cache.h" 21 #include "wpa_i.h" 22 #include "wpa_ie.h" 23 #include "peerkey.h" 24 25 26 /** 27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 28 * @sm: Pointer to WPA state machine data from wpa_sm_init() 29 * @kck: Key Confirmation Key (KCK, part of PTK) 30 * @kck_len: KCK length in octets 31 * @ver: Version field from Key Info 32 * @dest: Destination address for the frame 33 * @proto: Ethertype (usually ETH_P_EAPOL) 34 * @msg: EAPOL-Key message 35 * @msg_len: Length of message 36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 37 */ 38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, 39 int ver, const u8 *dest, u16 proto, 40 u8 *msg, size_t msg_len, u8 *key_mic) 41 { 42 size_t mic_len = wpa_mic_len(sm->key_mgmt); 43 44 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 45 /* 46 * Association event was not yet received; try to fetch 47 * BSSID from the driver. 48 */ 49 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 50 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51 "WPA: Failed to read BSSID for " 52 "EAPOL-Key destination address"); 53 } else { 54 dest = sm->bssid; 55 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 56 "WPA: Use BSSID (" MACSTR 57 ") as the destination for EAPOL-Key", 58 MAC2STR(dest)); 59 } 60 } 61 if (key_mic && 62 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, 63 key_mic)) { 64 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 66 ver, sm->key_mgmt); 67 goto out; 68 } 69 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); 70 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len); 71 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 72 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 73 eapol_sm_notify_tx_eapol_key(sm->eapol); 74 out: 75 os_free(msg); 76 } 77 78 79 /** 80 * wpa_sm_key_request - Send EAPOL-Key Request 81 * @sm: Pointer to WPA state machine data from wpa_sm_init() 82 * @error: Indicate whether this is an Michael MIC error report 83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 84 * 85 * Send an EAPOL-Key Request to the current authenticator. This function is 86 * used to request rekeying and it is usually called when a local Michael MIC 87 * failure is detected. 88 */ 89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 90 { 91 size_t mic_len, hdrlen, rlen; 92 struct wpa_eapol_key *reply; 93 struct wpa_eapol_key_192 *reply192; 94 int key_info, ver; 95 u8 bssid[ETH_ALEN], *rbuf, *key_mic; 96 97 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 98 wpa_key_mgmt_suite_b(sm->key_mgmt)) 99 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 100 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 101 wpa_key_mgmt_sha256(sm->key_mgmt)) 102 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 103 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 104 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 105 else 106 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 107 108 if (wpa_sm_get_bssid(sm, bssid) < 0) { 109 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 110 "Failed to read BSSID for EAPOL-Key request"); 111 return; 112 } 113 114 mic_len = wpa_mic_len(sm->key_mgmt); 115 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 116 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 117 hdrlen, &rlen, (void *) &reply); 118 if (rbuf == NULL) 119 return; 120 reply192 = (struct wpa_eapol_key_192 *) reply; 121 122 reply->type = (sm->proto == WPA_PROTO_RSN || 123 sm->proto == WPA_PROTO_OSEN) ? 124 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 125 key_info = WPA_KEY_INFO_REQUEST | ver; 126 if (sm->ptk_set) 127 key_info |= WPA_KEY_INFO_MIC; 128 if (error) 129 key_info |= WPA_KEY_INFO_ERROR; 130 if (pairwise) 131 key_info |= WPA_KEY_INFO_KEY_TYPE; 132 WPA_PUT_BE16(reply->key_info, key_info); 133 WPA_PUT_BE16(reply->key_length, 0); 134 os_memcpy(reply->replay_counter, sm->request_counter, 135 WPA_REPLAY_COUNTER_LEN); 136 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 137 138 if (mic_len == 24) 139 WPA_PUT_BE16(reply192->key_data_length, 0); 140 else 141 WPA_PUT_BE16(reply->key_data_length, 0); 142 if (!(key_info & WPA_KEY_INFO_MIC)) 143 key_mic = NULL; 144 else 145 key_mic = reply192->key_mic; /* same offset in reply */ 146 147 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 148 "WPA: Sending EAPOL-Key Request (error=%d " 149 "pairwise=%d ptk_set=%d len=%lu)", 150 error, pairwise, sm->ptk_set, (unsigned long) rlen); 151 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 152 ETH_P_EAPOL, rbuf, rlen, key_mic); 153 } 154 155 156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 157 { 158 #ifdef CONFIG_IEEE80211R 159 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 160 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 161 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 162 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 163 } else { 164 #endif /* CONFIG_IEEE80211R */ 165 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 166 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 167 "RSN: Cannot set PMK for key management offload"); 168 #ifdef CONFIG_IEEE80211R 169 } 170 #endif /* CONFIG_IEEE80211R */ 171 } 172 173 174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 175 const unsigned char *src_addr, 176 const u8 *pmkid) 177 { 178 int abort_cached = 0; 179 180 if (pmkid && !sm->cur_pmksa) { 181 /* When using drivers that generate RSN IE, wpa_supplicant may 182 * not have enough time to get the association information 183 * event before receiving this 1/4 message, so try to find a 184 * matching PMKSA cache entry here. */ 185 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 186 NULL); 187 if (sm->cur_pmksa) { 188 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 189 "RSN: found matching PMKID from PMKSA cache"); 190 } else { 191 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 192 "RSN: no matching PMKID found"); 193 abort_cached = 1; 194 } 195 } 196 197 if (pmkid && sm->cur_pmksa && 198 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 199 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 200 wpa_sm_set_pmk_from_pmksa(sm); 201 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 202 sm->pmk, sm->pmk_len); 203 eapol_sm_notify_cached(sm->eapol); 204 #ifdef CONFIG_IEEE80211R 205 sm->xxkey_len = 0; 206 #endif /* CONFIG_IEEE80211R */ 207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 208 int res, pmk_len; 209 pmk_len = PMK_LEN; 210 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 211 if (res) { 212 /* 213 * EAP-LEAP is an exception from other EAP methods: it 214 * uses only 16-byte PMK. 215 */ 216 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 217 pmk_len = 16; 218 } else { 219 #ifdef CONFIG_IEEE80211R 220 u8 buf[2 * PMK_LEN]; 221 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 222 { 223 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 224 sm->xxkey_len = PMK_LEN; 225 os_memset(buf, 0, sizeof(buf)); 226 } 227 #endif /* CONFIG_IEEE80211R */ 228 } 229 if (res == 0) { 230 struct rsn_pmksa_cache_entry *sa = NULL; 231 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 232 "machines", sm->pmk, pmk_len); 233 sm->pmk_len = pmk_len; 234 wpa_supplicant_key_mgmt_set_pmk(sm); 235 if (sm->proto == WPA_PROTO_RSN && 236 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 237 !wpa_key_mgmt_ft(sm->key_mgmt)) { 238 sa = pmksa_cache_add(sm->pmksa, 239 sm->pmk, pmk_len, 240 NULL, 0, 241 src_addr, sm->own_addr, 242 sm->network_ctx, 243 sm->key_mgmt); 244 } 245 if (!sm->cur_pmksa && pmkid && 246 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 247 { 248 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 249 "RSN: the new PMK matches with the " 250 "PMKID"); 251 abort_cached = 0; 252 } 253 254 if (!sm->cur_pmksa) 255 sm->cur_pmksa = sa; 256 } else { 257 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 258 "WPA: Failed to get master session key from " 259 "EAPOL state machines - key handshake " 260 "aborted"); 261 if (sm->cur_pmksa) { 262 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 263 "RSN: Cancelled PMKSA caching " 264 "attempt"); 265 sm->cur_pmksa = NULL; 266 abort_cached = 1; 267 } else if (!abort_cached) { 268 return -1; 269 } 270 } 271 } 272 273 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 274 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 275 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 276 { 277 /* Send EAPOL-Start to trigger full EAP authentication. */ 278 u8 *buf; 279 size_t buflen; 280 281 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 282 "RSN: no PMKSA entry found - trigger " 283 "full EAP authentication"); 284 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 285 NULL, 0, &buflen, NULL); 286 if (buf) { 287 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 288 buf, buflen); 289 os_free(buf); 290 return -2; 291 } 292 293 return -1; 294 } 295 296 return 0; 297 } 298 299 300 /** 301 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 302 * @sm: Pointer to WPA state machine data from wpa_sm_init() 303 * @dst: Destination address for the frame 304 * @key: Pointer to the EAPOL-Key frame header 305 * @ver: Version bits from EAPOL-Key Key Info 306 * @nonce: Nonce value for the EAPOL-Key frame 307 * @wpa_ie: WPA/RSN IE 308 * @wpa_ie_len: Length of the WPA/RSN IE 309 * @ptk: PTK to use for keyed hash and encryption 310 * Returns: 0 on success, -1 on failure 311 */ 312 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 313 const struct wpa_eapol_key *key, 314 int ver, const u8 *nonce, 315 const u8 *wpa_ie, size_t wpa_ie_len, 316 struct wpa_ptk *ptk) 317 { 318 size_t mic_len, hdrlen, rlen; 319 struct wpa_eapol_key *reply; 320 struct wpa_eapol_key_192 *reply192; 321 u8 *rbuf, *key_mic; 322 u8 *rsn_ie_buf = NULL; 323 324 if (wpa_ie == NULL) { 325 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 326 "cannot generate msg 2/4"); 327 return -1; 328 } 329 330 #ifdef CONFIG_IEEE80211R 331 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 332 int res; 333 334 /* 335 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 336 * FTIE from (Re)Association Response. 337 */ 338 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 339 sm->assoc_resp_ies_len); 340 if (rsn_ie_buf == NULL) 341 return -1; 342 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 343 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 344 sm->pmk_r1_name); 345 if (res < 0) { 346 os_free(rsn_ie_buf); 347 return -1; 348 } 349 wpa_ie_len += res; 350 351 if (sm->assoc_resp_ies) { 352 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 353 sm->assoc_resp_ies_len); 354 wpa_ie_len += sm->assoc_resp_ies_len; 355 } 356 357 wpa_ie = rsn_ie_buf; 358 } 359 #endif /* CONFIG_IEEE80211R */ 360 361 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 362 363 mic_len = wpa_mic_len(sm->key_mgmt); 364 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 365 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 366 NULL, hdrlen + wpa_ie_len, 367 &rlen, (void *) &reply); 368 if (rbuf == NULL) { 369 os_free(rsn_ie_buf); 370 return -1; 371 } 372 reply192 = (struct wpa_eapol_key_192 *) reply; 373 374 reply->type = (sm->proto == WPA_PROTO_RSN || 375 sm->proto == WPA_PROTO_OSEN) ? 376 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 377 WPA_PUT_BE16(reply->key_info, 378 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 379 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 380 WPA_PUT_BE16(reply->key_length, 0); 381 else 382 os_memcpy(reply->key_length, key->key_length, 2); 383 os_memcpy(reply->replay_counter, key->replay_counter, 384 WPA_REPLAY_COUNTER_LEN); 385 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 386 WPA_REPLAY_COUNTER_LEN); 387 388 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 389 if (mic_len == 24) { 390 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len); 391 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len); 392 } else { 393 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 394 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 395 } 396 os_free(rsn_ie_buf); 397 398 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 399 400 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 401 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 402 rbuf, rlen, key_mic); 403 404 return 0; 405 } 406 407 408 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 409 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 410 { 411 #ifdef CONFIG_IEEE80211R 412 if (wpa_key_mgmt_ft(sm->key_mgmt)) 413 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 414 #endif /* CONFIG_IEEE80211R */ 415 416 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 417 sm->own_addr, sm->bssid, sm->snonce, 418 key->key_nonce, ptk, sm->key_mgmt, 419 sm->pairwise_cipher); 420 } 421 422 423 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 424 const unsigned char *src_addr, 425 const struct wpa_eapol_key *key, 426 u16 ver, const u8 *key_data, 427 size_t key_data_len) 428 { 429 struct wpa_eapol_ie_parse ie; 430 struct wpa_ptk *ptk; 431 int res; 432 u8 *kde, *kde_buf = NULL; 433 size_t kde_len; 434 435 if (wpa_sm_get_network_ctx(sm) == NULL) { 436 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 437 "found (msg 1 of 4)"); 438 return; 439 } 440 441 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 442 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 443 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 444 445 os_memset(&ie, 0, sizeof(ie)); 446 447 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 448 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 449 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 450 key_data, key_data_len); 451 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 452 goto failed; 453 if (ie.pmkid) { 454 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 455 "Authenticator", ie.pmkid, PMKID_LEN); 456 } 457 } 458 459 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 460 if (res == -2) { 461 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 462 "msg 1/4 - requesting full EAP authentication"); 463 return; 464 } 465 if (res) 466 goto failed; 467 468 if (sm->renew_snonce) { 469 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 470 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 471 "WPA: Failed to get random data for SNonce"); 472 goto failed; 473 } 474 sm->renew_snonce = 0; 475 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 476 sm->snonce, WPA_NONCE_LEN); 477 } 478 479 /* Calculate PTK which will be stored as a temporary PTK until it has 480 * been verified when processing message 3/4. */ 481 ptk = &sm->tptk; 482 wpa_derive_ptk(sm, src_addr, key, ptk); 483 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 484 u8 buf[8]; 485 /* Supplicant: swap tx/rx Mic keys */ 486 os_memcpy(buf, &ptk->tk[16], 8); 487 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 488 os_memcpy(&ptk->tk[24], buf, 8); 489 os_memset(buf, 0, sizeof(buf)); 490 } 491 sm->tptk_set = 1; 492 493 kde = sm->assoc_wpa_ie; 494 kde_len = sm->assoc_wpa_ie_len; 495 496 #ifdef CONFIG_P2P 497 if (sm->p2p) { 498 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 499 if (kde_buf) { 500 u8 *pos; 501 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 502 "into EAPOL-Key 2/4"); 503 os_memcpy(kde_buf, kde, kde_len); 504 kde = kde_buf; 505 pos = kde + kde_len; 506 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 507 *pos++ = RSN_SELECTOR_LEN + 1; 508 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 509 pos += RSN_SELECTOR_LEN; 510 *pos++ = 0x01; 511 kde_len = pos - kde; 512 } 513 } 514 #endif /* CONFIG_P2P */ 515 516 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 517 kde, kde_len, ptk)) 518 goto failed; 519 520 os_free(kde_buf); 521 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 522 return; 523 524 failed: 525 os_free(kde_buf); 526 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 527 } 528 529 530 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 531 { 532 struct wpa_sm *sm = eloop_ctx; 533 rsn_preauth_candidate_process(sm); 534 } 535 536 537 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 538 const u8 *addr, int secure) 539 { 540 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 541 "WPA: Key negotiation completed with " 542 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 543 wpa_cipher_txt(sm->pairwise_cipher), 544 wpa_cipher_txt(sm->group_cipher)); 545 wpa_sm_cancel_auth_timeout(sm); 546 wpa_sm_set_state(sm, WPA_COMPLETED); 547 548 if (secure) { 549 wpa_sm_mlme_setprotection( 550 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 551 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 552 eapol_sm_notify_portValid(sm->eapol, TRUE); 553 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 554 eapol_sm_notify_eap_success(sm->eapol, TRUE); 555 /* 556 * Start preauthentication after a short wait to avoid a 557 * possible race condition between the data receive and key 558 * configuration after the 4-Way Handshake. This increases the 559 * likelihood of the first preauth EAPOL-Start frame getting to 560 * the target AP. 561 */ 562 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 563 } 564 565 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 566 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 567 "RSN: Authenticator accepted " 568 "opportunistic PMKSA entry - marking it valid"); 569 sm->cur_pmksa->opportunistic = 0; 570 } 571 572 #ifdef CONFIG_IEEE80211R 573 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 574 /* Prepare for the next transition */ 575 wpa_ft_prepare_auth_request(sm, NULL); 576 } 577 #endif /* CONFIG_IEEE80211R */ 578 } 579 580 581 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 582 { 583 struct wpa_sm *sm = eloop_ctx; 584 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 585 wpa_sm_key_request(sm, 0, 1); 586 } 587 588 589 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 590 const struct wpa_eapol_key *key) 591 { 592 int keylen, rsclen; 593 enum wpa_alg alg; 594 const u8 *key_rsc; 595 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 596 597 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 598 "WPA: Installing PTK to the driver"); 599 600 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 601 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 602 "Suite: NONE - do not use pairwise keys"); 603 return 0; 604 } 605 606 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 607 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 608 "WPA: Unsupported pairwise cipher %d", 609 sm->pairwise_cipher); 610 return -1; 611 } 612 613 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 614 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 615 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 616 617 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 618 key_rsc = null_rsc; 619 } else { 620 key_rsc = key->key_rsc; 621 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 622 } 623 624 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 625 sm->ptk.tk, keylen) < 0) { 626 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 627 "WPA: Failed to set PTK to the " 628 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 629 alg, keylen, MAC2STR(sm->bssid)); 630 return -1; 631 } 632 633 /* TK is not needed anymore in supplicant */ 634 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 635 636 if (sm->wpa_ptk_rekey) { 637 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 638 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 639 sm, NULL); 640 } 641 642 return 0; 643 } 644 645 646 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 647 int group_cipher, 648 int keylen, int maxkeylen, 649 int *key_rsc_len, 650 enum wpa_alg *alg) 651 { 652 int klen; 653 654 *alg = wpa_cipher_to_alg(group_cipher); 655 if (*alg == WPA_ALG_NONE) { 656 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 657 "WPA: Unsupported Group Cipher %d", 658 group_cipher); 659 return -1; 660 } 661 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 662 663 klen = wpa_cipher_key_len(group_cipher); 664 if (keylen != klen || maxkeylen < klen) { 665 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 666 "WPA: Unsupported %s Group Cipher key length %d (%d)", 667 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 668 return -1; 669 } 670 return 0; 671 } 672 673 674 struct wpa_gtk_data { 675 enum wpa_alg alg; 676 int tx, key_rsc_len, keyidx; 677 u8 gtk[32]; 678 int gtk_len; 679 }; 680 681 682 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 683 const struct wpa_gtk_data *gd, 684 const u8 *key_rsc) 685 { 686 const u8 *_gtk = gd->gtk; 687 u8 gtk_buf[32]; 688 689 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 690 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 691 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 692 gd->keyidx, gd->tx, gd->gtk_len); 693 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 694 if (sm->group_cipher == WPA_CIPHER_TKIP) { 695 /* Swap Tx/Rx keys for Michael MIC */ 696 os_memcpy(gtk_buf, gd->gtk, 16); 697 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 698 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 699 _gtk = gtk_buf; 700 } 701 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 702 if (wpa_sm_set_key(sm, gd->alg, NULL, 703 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 704 _gtk, gd->gtk_len) < 0) { 705 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 706 "WPA: Failed to set GTK to the driver " 707 "(Group only)"); 708 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 709 return -1; 710 } 711 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 712 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 713 _gtk, gd->gtk_len) < 0) { 714 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 715 "WPA: Failed to set GTK to " 716 "the driver (alg=%d keylen=%d keyidx=%d)", 717 gd->alg, gd->gtk_len, gd->keyidx); 718 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 719 return -1; 720 } 721 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 722 723 return 0; 724 } 725 726 727 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 728 int tx) 729 { 730 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 731 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 732 * seemed to set this bit (incorrectly, since Tx is only when 733 * doing Group Key only APs) and without this workaround, the 734 * data connection does not work because wpa_supplicant 735 * configured non-zero keyidx to be used for unicast. */ 736 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 737 "WPA: Tx bit set for GTK, but pairwise " 738 "keys are used - ignore Tx bit"); 739 return 0; 740 } 741 return tx; 742 } 743 744 745 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 746 const struct wpa_eapol_key *key, 747 const u8 *gtk, size_t gtk_len, 748 int key_info) 749 { 750 struct wpa_gtk_data gd; 751 752 /* 753 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 754 * GTK KDE format: 755 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 756 * Reserved [bits 0-7] 757 * GTK 758 */ 759 760 os_memset(&gd, 0, sizeof(gd)); 761 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 762 gtk, gtk_len); 763 764 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 765 return -1; 766 767 gd.keyidx = gtk[0] & 0x3; 768 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 769 !!(gtk[0] & BIT(2))); 770 gtk += 2; 771 gtk_len -= 2; 772 773 os_memcpy(gd.gtk, gtk, gtk_len); 774 gd.gtk_len = gtk_len; 775 776 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 777 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 778 gtk_len, gtk_len, 779 &gd.key_rsc_len, &gd.alg) || 780 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) { 781 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 782 "RSN: Failed to install GTK"); 783 os_memset(&gd, 0, sizeof(gd)); 784 return -1; 785 } 786 os_memset(&gd, 0, sizeof(gd)); 787 788 wpa_supplicant_key_neg_complete(sm, sm->bssid, 789 key_info & WPA_KEY_INFO_SECURE); 790 return 0; 791 } 792 793 794 static int ieee80211w_set_keys(struct wpa_sm *sm, 795 struct wpa_eapol_ie_parse *ie) 796 { 797 #ifdef CONFIG_IEEE80211W 798 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 799 return 0; 800 801 if (ie->igtk) { 802 size_t len; 803 const struct wpa_igtk_kde *igtk; 804 u16 keyidx; 805 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 806 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 807 return -1; 808 igtk = (const struct wpa_igtk_kde *) ie->igtk; 809 keyidx = WPA_GET_LE16(igtk->keyid); 810 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 811 "pn %02x%02x%02x%02x%02x%02x", 812 keyidx, MAC2STR(igtk->pn)); 813 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 814 igtk->igtk, len); 815 if (keyidx > 4095) { 816 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 817 "WPA: Invalid IGTK KeyID %d", keyidx); 818 return -1; 819 } 820 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 821 broadcast_ether_addr, 822 keyidx, 0, igtk->pn, sizeof(igtk->pn), 823 igtk->igtk, len) < 0) { 824 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 825 "WPA: Failed to configure IGTK to the driver"); 826 return -1; 827 } 828 } 829 830 return 0; 831 #else /* CONFIG_IEEE80211W */ 832 return 0; 833 #endif /* CONFIG_IEEE80211W */ 834 } 835 836 837 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 838 const char *reason, const u8 *src_addr, 839 const u8 *wpa_ie, size_t wpa_ie_len, 840 const u8 *rsn_ie, size_t rsn_ie_len) 841 { 842 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 843 reason, MAC2STR(src_addr)); 844 845 if (sm->ap_wpa_ie) { 846 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 847 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 848 } 849 if (wpa_ie) { 850 if (!sm->ap_wpa_ie) { 851 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 852 "WPA: No WPA IE in Beacon/ProbeResp"); 853 } 854 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 855 wpa_ie, wpa_ie_len); 856 } 857 858 if (sm->ap_rsn_ie) { 859 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 860 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 861 } 862 if (rsn_ie) { 863 if (!sm->ap_rsn_ie) { 864 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 865 "WPA: No RSN IE in Beacon/ProbeResp"); 866 } 867 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 868 rsn_ie, rsn_ie_len); 869 } 870 871 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 872 } 873 874 875 #ifdef CONFIG_IEEE80211R 876 877 static int ft_validate_mdie(struct wpa_sm *sm, 878 const unsigned char *src_addr, 879 struct wpa_eapol_ie_parse *ie, 880 const u8 *assoc_resp_mdie) 881 { 882 struct rsn_mdie *mdie; 883 884 mdie = (struct rsn_mdie *) (ie->mdie + 2); 885 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 886 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 887 MOBILITY_DOMAIN_ID_LEN) != 0) { 888 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 889 "not match with the current mobility domain"); 890 return -1; 891 } 892 893 if (assoc_resp_mdie && 894 (assoc_resp_mdie[1] != ie->mdie[1] || 895 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 896 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 897 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 898 ie->mdie, 2 + ie->mdie[1]); 899 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 900 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 901 return -1; 902 } 903 904 return 0; 905 } 906 907 908 static int ft_validate_ftie(struct wpa_sm *sm, 909 const unsigned char *src_addr, 910 struct wpa_eapol_ie_parse *ie, 911 const u8 *assoc_resp_ftie) 912 { 913 if (ie->ftie == NULL) { 914 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 915 "FT: No FTIE in EAPOL-Key msg 3/4"); 916 return -1; 917 } 918 919 if (assoc_resp_ftie == NULL) 920 return 0; 921 922 if (assoc_resp_ftie[1] != ie->ftie[1] || 923 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 924 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 925 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 926 ie->ftie, 2 + ie->ftie[1]); 927 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 928 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 929 return -1; 930 } 931 932 return 0; 933 } 934 935 936 static int ft_validate_rsnie(struct wpa_sm *sm, 937 const unsigned char *src_addr, 938 struct wpa_eapol_ie_parse *ie) 939 { 940 struct wpa_ie_data rsn; 941 942 if (!ie->rsn_ie) 943 return 0; 944 945 /* 946 * Verify that PMKR1Name from EAPOL-Key message 3/4 947 * matches with the value we derived. 948 */ 949 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 950 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 951 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 952 "FT 4-way handshake message 3/4"); 953 return -1; 954 } 955 956 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 957 { 958 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 959 "FT: PMKR1Name mismatch in " 960 "FT 4-way handshake message 3/4"); 961 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 962 rsn.pmkid, WPA_PMK_NAME_LEN); 963 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 964 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 965 return -1; 966 } 967 968 return 0; 969 } 970 971 972 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 973 const unsigned char *src_addr, 974 struct wpa_eapol_ie_parse *ie) 975 { 976 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 977 978 if (sm->assoc_resp_ies) { 979 pos = sm->assoc_resp_ies; 980 end = pos + sm->assoc_resp_ies_len; 981 while (pos + 2 < end) { 982 if (pos + 2 + pos[1] > end) 983 break; 984 switch (*pos) { 985 case WLAN_EID_MOBILITY_DOMAIN: 986 mdie = pos; 987 break; 988 case WLAN_EID_FAST_BSS_TRANSITION: 989 ftie = pos; 990 break; 991 } 992 pos += 2 + pos[1]; 993 } 994 } 995 996 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 997 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 998 ft_validate_rsnie(sm, src_addr, ie) < 0) 999 return -1; 1000 1001 return 0; 1002 } 1003 1004 #endif /* CONFIG_IEEE80211R */ 1005 1006 1007 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1008 const unsigned char *src_addr, 1009 struct wpa_eapol_ie_parse *ie) 1010 { 1011 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1012 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1013 "WPA: No WPA/RSN IE for this AP known. " 1014 "Trying to get from scan results"); 1015 if (wpa_sm_get_beacon_ie(sm) < 0) { 1016 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1017 "WPA: Could not find AP from " 1018 "the scan results"); 1019 } else { 1020 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1021 "WPA: Found the current AP from " 1022 "updated scan results"); 1023 } 1024 } 1025 1026 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1027 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1028 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1029 "with IE in Beacon/ProbeResp (no IE?)", 1030 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1031 ie->rsn_ie, ie->rsn_ie_len); 1032 return -1; 1033 } 1034 1035 if ((ie->wpa_ie && sm->ap_wpa_ie && 1036 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1037 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1038 (ie->rsn_ie && sm->ap_rsn_ie && 1039 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1040 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1041 ie->rsn_ie, ie->rsn_ie_len))) { 1042 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1043 "with IE in Beacon/ProbeResp", 1044 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1045 ie->rsn_ie, ie->rsn_ie_len); 1046 return -1; 1047 } 1048 1049 if (sm->proto == WPA_PROTO_WPA && 1050 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1051 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1052 "detected - RSN was enabled and RSN IE " 1053 "was in msg 3/4, but not in " 1054 "Beacon/ProbeResp", 1055 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1056 ie->rsn_ie, ie->rsn_ie_len); 1057 return -1; 1058 } 1059 1060 #ifdef CONFIG_IEEE80211R 1061 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1062 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1063 return -1; 1064 #endif /* CONFIG_IEEE80211R */ 1065 1066 return 0; 1067 } 1068 1069 1070 /** 1071 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1072 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1073 * @dst: Destination address for the frame 1074 * @key: Pointer to the EAPOL-Key frame header 1075 * @ver: Version bits from EAPOL-Key Key Info 1076 * @key_info: Key Info 1077 * @ptk: PTK to use for keyed hash and encryption 1078 * Returns: 0 on success, -1 on failure 1079 */ 1080 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1081 const struct wpa_eapol_key *key, 1082 u16 ver, u16 key_info, 1083 struct wpa_ptk *ptk) 1084 { 1085 size_t mic_len, hdrlen, rlen; 1086 struct wpa_eapol_key *reply; 1087 struct wpa_eapol_key_192 *reply192; 1088 u8 *rbuf, *key_mic; 1089 1090 mic_len = wpa_mic_len(sm->key_mgmt); 1091 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1092 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1093 hdrlen, &rlen, (void *) &reply); 1094 if (rbuf == NULL) 1095 return -1; 1096 reply192 = (struct wpa_eapol_key_192 *) reply; 1097 1098 reply->type = (sm->proto == WPA_PROTO_RSN || 1099 sm->proto == WPA_PROTO_OSEN) ? 1100 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1101 key_info &= WPA_KEY_INFO_SECURE; 1102 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1103 WPA_PUT_BE16(reply->key_info, key_info); 1104 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1105 WPA_PUT_BE16(reply->key_length, 0); 1106 else 1107 os_memcpy(reply->key_length, key->key_length, 2); 1108 os_memcpy(reply->replay_counter, key->replay_counter, 1109 WPA_REPLAY_COUNTER_LEN); 1110 1111 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1112 if (mic_len == 24) 1113 WPA_PUT_BE16(reply192->key_data_length, 0); 1114 else 1115 WPA_PUT_BE16(reply->key_data_length, 0); 1116 1117 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1118 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL, 1119 rbuf, rlen, key_mic); 1120 1121 return 0; 1122 } 1123 1124 1125 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1126 const struct wpa_eapol_key *key, 1127 u16 ver, const u8 *key_data, 1128 size_t key_data_len) 1129 { 1130 u16 key_info, keylen; 1131 struct wpa_eapol_ie_parse ie; 1132 1133 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1134 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1135 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1136 1137 key_info = WPA_GET_BE16(key->key_info); 1138 1139 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1140 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1141 goto failed; 1142 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1143 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1144 "WPA: GTK IE in unencrypted key data"); 1145 goto failed; 1146 } 1147 #ifdef CONFIG_IEEE80211W 1148 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1149 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1150 "WPA: IGTK KDE in unencrypted key data"); 1151 goto failed; 1152 } 1153 1154 if (ie.igtk && 1155 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1156 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1157 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1158 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1159 "WPA: Invalid IGTK KDE length %lu", 1160 (unsigned long) ie.igtk_len); 1161 goto failed; 1162 } 1163 #endif /* CONFIG_IEEE80211W */ 1164 1165 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1166 goto failed; 1167 1168 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1169 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1170 "WPA: ANonce from message 1 of 4-Way Handshake " 1171 "differs from 3 of 4-Way Handshake - drop packet (src=" 1172 MACSTR ")", MAC2STR(sm->bssid)); 1173 goto failed; 1174 } 1175 1176 keylen = WPA_GET_BE16(key->key_length); 1177 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1178 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1179 "WPA: Invalid %s key length %d (src=" MACSTR 1180 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1181 MAC2STR(sm->bssid)); 1182 goto failed; 1183 } 1184 1185 #ifdef CONFIG_P2P 1186 if (ie.ip_addr_alloc) { 1187 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1188 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1189 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1190 } 1191 #endif /* CONFIG_P2P */ 1192 1193 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1194 &sm->ptk)) { 1195 goto failed; 1196 } 1197 1198 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1199 * for the next 4-Way Handshake. If msg 3 is received again, the old 1200 * SNonce will still be used to avoid changing PTK. */ 1201 sm->renew_snonce = 1; 1202 1203 if (key_info & WPA_KEY_INFO_INSTALL) { 1204 if (wpa_supplicant_install_ptk(sm, key)) 1205 goto failed; 1206 } 1207 1208 if (key_info & WPA_KEY_INFO_SECURE) { 1209 wpa_sm_mlme_setprotection( 1210 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1211 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1212 eapol_sm_notify_portValid(sm->eapol, TRUE); 1213 } 1214 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1215 1216 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1217 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1218 key_info & WPA_KEY_INFO_SECURE); 1219 } else if (ie.gtk && 1220 wpa_supplicant_pairwise_gtk(sm, key, 1221 ie.gtk, ie.gtk_len, key_info) < 0) { 1222 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1223 "RSN: Failed to configure GTK"); 1224 goto failed; 1225 } 1226 1227 if (ieee80211w_set_keys(sm, &ie) < 0) { 1228 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1229 "RSN: Failed to configure IGTK"); 1230 goto failed; 1231 } 1232 1233 if (ie.gtk) 1234 wpa_sm_set_rekey_offload(sm); 1235 1236 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1237 struct rsn_pmksa_cache_entry *sa; 1238 1239 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, 1240 sm->ptk.kck, sm->ptk.kck_len, 1241 sm->bssid, sm->own_addr, 1242 sm->network_ctx, sm->key_mgmt); 1243 if (!sm->cur_pmksa) 1244 sm->cur_pmksa = sa; 1245 } 1246 1247 sm->msg_3_of_4_ok = 1; 1248 return; 1249 1250 failed: 1251 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1252 } 1253 1254 1255 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1256 const u8 *keydata, 1257 size_t keydatalen, 1258 u16 key_info, 1259 struct wpa_gtk_data *gd) 1260 { 1261 int maxkeylen; 1262 struct wpa_eapol_ie_parse ie; 1263 1264 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1265 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1266 return -1; 1267 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1268 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1269 "WPA: GTK IE in unencrypted key data"); 1270 return -1; 1271 } 1272 if (ie.gtk == NULL) { 1273 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1274 "WPA: No GTK IE in Group Key msg 1/2"); 1275 return -1; 1276 } 1277 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1278 1279 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1280 gd->gtk_len, maxkeylen, 1281 &gd->key_rsc_len, &gd->alg)) 1282 return -1; 1283 1284 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake", 1285 ie.gtk, ie.gtk_len); 1286 gd->keyidx = ie.gtk[0] & 0x3; 1287 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1288 !!(ie.gtk[0] & BIT(2))); 1289 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1290 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1291 "RSN: Too long GTK in GTK IE (len=%lu)", 1292 (unsigned long) ie.gtk_len - 2); 1293 return -1; 1294 } 1295 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1296 1297 if (ieee80211w_set_keys(sm, &ie) < 0) 1298 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1299 "RSN: Failed to configure IGTK"); 1300 1301 return 0; 1302 } 1303 1304 1305 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1306 const struct wpa_eapol_key *key, 1307 const u8 *key_data, 1308 size_t key_data_len, u16 key_info, 1309 u16 ver, struct wpa_gtk_data *gd) 1310 { 1311 size_t maxkeylen; 1312 u16 gtk_len; 1313 1314 gtk_len = WPA_GET_BE16(key->key_length); 1315 maxkeylen = key_data_len; 1316 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1317 if (maxkeylen < 8) { 1318 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1319 "WPA: Too short maxkeylen (%lu)", 1320 (unsigned long) maxkeylen); 1321 return -1; 1322 } 1323 maxkeylen -= 8; 1324 } 1325 1326 if (gtk_len > maxkeylen || 1327 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1328 gtk_len, maxkeylen, 1329 &gd->key_rsc_len, &gd->alg)) 1330 return -1; 1331 1332 gd->gtk_len = gtk_len; 1333 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1334 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1335 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1336 u8 ek[32]; 1337 if (key_data_len > sizeof(gd->gtk)) { 1338 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1339 "WPA: RC4 key data too long (%lu)", 1340 (unsigned long) key_data_len); 1341 return -1; 1342 } 1343 os_memcpy(ek, key->key_iv, 16); 1344 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1345 os_memcpy(gd->gtk, key_data, key_data_len); 1346 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1347 os_memset(ek, 0, sizeof(ek)); 1348 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1349 "WPA: RC4 failed"); 1350 return -1; 1351 } 1352 os_memset(ek, 0, sizeof(ek)); 1353 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1354 if (maxkeylen % 8) { 1355 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1356 "WPA: Unsupported AES-WRAP len %lu", 1357 (unsigned long) maxkeylen); 1358 return -1; 1359 } 1360 if (maxkeylen > sizeof(gd->gtk)) { 1361 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1362 "WPA: AES-WRAP key data " 1363 "too long (keydatalen=%lu maxkeylen=%lu)", 1364 (unsigned long) key_data_len, 1365 (unsigned long) maxkeylen); 1366 return -1; 1367 } 1368 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1369 key_data, gd->gtk)) { 1370 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1371 "WPA: AES unwrap failed - could not decrypt " 1372 "GTK"); 1373 return -1; 1374 } 1375 } else { 1376 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1377 "WPA: Unsupported key_info type %d", ver); 1378 return -1; 1379 } 1380 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1381 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1382 return 0; 1383 } 1384 1385 1386 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1387 const struct wpa_eapol_key *key, 1388 int ver, u16 key_info) 1389 { 1390 size_t mic_len, hdrlen, rlen; 1391 struct wpa_eapol_key *reply; 1392 struct wpa_eapol_key_192 *reply192; 1393 u8 *rbuf, *key_mic; 1394 1395 mic_len = wpa_mic_len(sm->key_mgmt); 1396 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply); 1397 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1398 hdrlen, &rlen, (void *) &reply); 1399 if (rbuf == NULL) 1400 return -1; 1401 reply192 = (struct wpa_eapol_key_192 *) reply; 1402 1403 reply->type = (sm->proto == WPA_PROTO_RSN || 1404 sm->proto == WPA_PROTO_OSEN) ? 1405 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1406 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1407 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1408 WPA_PUT_BE16(reply->key_info, key_info); 1409 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1410 WPA_PUT_BE16(reply->key_length, 0); 1411 else 1412 os_memcpy(reply->key_length, key->key_length, 2); 1413 os_memcpy(reply->replay_counter, key->replay_counter, 1414 WPA_REPLAY_COUNTER_LEN); 1415 1416 key_mic = reply192->key_mic; /* same offset for reply and reply192 */ 1417 if (mic_len == 24) 1418 WPA_PUT_BE16(reply192->key_data_length, 0); 1419 else 1420 WPA_PUT_BE16(reply->key_data_length, 0); 1421 1422 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1423 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid, 1424 ETH_P_EAPOL, rbuf, rlen, key_mic); 1425 1426 return 0; 1427 } 1428 1429 1430 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1431 const unsigned char *src_addr, 1432 const struct wpa_eapol_key *key, 1433 const u8 *key_data, 1434 size_t key_data_len, u16 ver) 1435 { 1436 u16 key_info; 1437 int rekey, ret; 1438 struct wpa_gtk_data gd; 1439 1440 if (!sm->msg_3_of_4_ok) { 1441 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1442 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1443 goto failed; 1444 } 1445 1446 os_memset(&gd, 0, sizeof(gd)); 1447 1448 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1449 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1450 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1451 1452 key_info = WPA_GET_BE16(key->key_info); 1453 1454 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1455 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1456 key_data_len, key_info, 1457 &gd); 1458 } else { 1459 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1460 key_data_len, 1461 key_info, ver, &gd); 1462 } 1463 1464 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1465 1466 if (ret) 1467 goto failed; 1468 1469 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1470 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1471 goto failed; 1472 os_memset(&gd, 0, sizeof(gd)); 1473 1474 if (rekey) { 1475 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying " 1476 "completed with " MACSTR " [GTK=%s]", 1477 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1478 wpa_sm_cancel_auth_timeout(sm); 1479 wpa_sm_set_state(sm, WPA_COMPLETED); 1480 } else { 1481 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1482 key_info & 1483 WPA_KEY_INFO_SECURE); 1484 } 1485 1486 wpa_sm_set_rekey_offload(sm); 1487 1488 return; 1489 1490 failed: 1491 os_memset(&gd, 0, sizeof(gd)); 1492 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1493 } 1494 1495 1496 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1497 struct wpa_eapol_key_192 *key, 1498 u16 ver, 1499 const u8 *buf, size_t len) 1500 { 1501 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1502 int ok = 0; 1503 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1504 1505 os_memcpy(mic, key->key_mic, mic_len); 1506 if (sm->tptk_set) { 1507 os_memset(key->key_mic, 0, mic_len); 1508 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1509 ver, buf, len, key->key_mic); 1510 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1511 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1512 "WPA: Invalid EAPOL-Key MIC " 1513 "when using TPTK - ignoring TPTK"); 1514 } else { 1515 ok = 1; 1516 sm->tptk_set = 0; 1517 sm->ptk_set = 1; 1518 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1519 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1520 } 1521 } 1522 1523 if (!ok && sm->ptk_set) { 1524 os_memset(key->key_mic, 0, mic_len); 1525 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1526 ver, buf, len, key->key_mic); 1527 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 1528 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1529 "WPA: Invalid EAPOL-Key MIC - " 1530 "dropping packet"); 1531 return -1; 1532 } 1533 ok = 1; 1534 } 1535 1536 if (!ok) { 1537 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1538 "WPA: Could not verify EAPOL-Key MIC - " 1539 "dropping packet"); 1540 return -1; 1541 } 1542 1543 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1544 WPA_REPLAY_COUNTER_LEN); 1545 sm->rx_replay_counter_set = 1; 1546 return 0; 1547 } 1548 1549 1550 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1551 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1552 struct wpa_eapol_key *key, u16 ver, 1553 u8 *key_data, size_t *key_data_len) 1554 { 1555 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1556 key_data, *key_data_len); 1557 if (!sm->ptk_set) { 1558 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1559 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1560 "Data"); 1561 return -1; 1562 } 1563 1564 /* Decrypt key data here so that this operation does not need 1565 * to be implemented separately for each message type. */ 1566 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1567 u8 ek[32]; 1568 os_memcpy(ek, key->key_iv, 16); 1569 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1570 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1571 os_memset(ek, 0, sizeof(ek)); 1572 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1573 "WPA: RC4 failed"); 1574 return -1; 1575 } 1576 os_memset(ek, 0, sizeof(ek)); 1577 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1578 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1579 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1580 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1581 u8 *buf; 1582 if (*key_data_len < 8 || *key_data_len % 8) { 1583 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1584 "WPA: Unsupported AES-WRAP len %u", 1585 (unsigned int) *key_data_len); 1586 return -1; 1587 } 1588 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1589 buf = os_malloc(*key_data_len); 1590 if (buf == NULL) { 1591 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1592 "WPA: No memory for AES-UNWRAP buffer"); 1593 return -1; 1594 } 1595 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1596 key_data, buf)) { 1597 os_free(buf); 1598 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1599 "WPA: AES unwrap failed - " 1600 "could not decrypt EAPOL-Key key data"); 1601 return -1; 1602 } 1603 os_memcpy(key_data, buf, *key_data_len); 1604 os_free(buf); 1605 WPA_PUT_BE16(key->key_data_length, *key_data_len); 1606 } else { 1607 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1608 "WPA: Unsupported key_info type %d", ver); 1609 return -1; 1610 } 1611 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1612 key_data, *key_data_len); 1613 return 0; 1614 } 1615 1616 1617 /** 1618 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1619 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1620 */ 1621 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1622 { 1623 if (sm && sm->cur_pmksa) { 1624 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1625 "RSN: Cancelling PMKSA caching attempt"); 1626 sm->cur_pmksa = NULL; 1627 } 1628 } 1629 1630 1631 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1632 const struct wpa_eapol_key *key, 1633 unsigned int key_data_len, 1634 const u8 *mic, unsigned int mic_len) 1635 { 1636 #ifndef CONFIG_NO_STDOUT_DEBUG 1637 u16 key_info = WPA_GET_BE16(key->key_info); 1638 1639 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1640 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1641 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1642 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1643 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1644 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1645 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1646 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1647 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1648 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1649 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1650 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1651 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1652 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1653 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1654 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1655 " key_length=%u key_data_length=%u", 1656 WPA_GET_BE16(key->key_length), key_data_len); 1657 wpa_hexdump(MSG_DEBUG, " replay_counter", 1658 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1659 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1660 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1661 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1662 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1663 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1664 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1665 } 1666 1667 1668 /** 1669 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1670 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1671 * @src_addr: Source MAC address of the EAPOL packet 1672 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1673 * @len: Length of the EAPOL frame 1674 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1675 * 1676 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1677 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1678 * only processing WPA and WPA2 EAPOL-Key frames. 1679 * 1680 * The received EAPOL-Key packets are validated and valid packets are replied 1681 * to. In addition, key material (PTK, GTK) is configured at the end of a 1682 * successful key handshake. 1683 */ 1684 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1685 const u8 *buf, size_t len) 1686 { 1687 size_t plen, data_len, key_data_len; 1688 const struct ieee802_1x_hdr *hdr; 1689 struct wpa_eapol_key *key; 1690 struct wpa_eapol_key_192 *key192; 1691 u16 key_info, ver; 1692 u8 *tmp = NULL; 1693 int ret = -1; 1694 struct wpa_peerkey *peerkey = NULL; 1695 u8 *key_data; 1696 size_t mic_len, keyhdrlen; 1697 1698 #ifdef CONFIG_IEEE80211R 1699 sm->ft_completed = 0; 1700 #endif /* CONFIG_IEEE80211R */ 1701 1702 mic_len = wpa_mic_len(sm->key_mgmt); 1703 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1704 1705 if (len < sizeof(*hdr) + keyhdrlen) { 1706 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1707 "WPA: EAPOL frame too short to be a WPA " 1708 "EAPOL-Key (len %lu, expecting at least %lu)", 1709 (unsigned long) len, 1710 (unsigned long) sizeof(*hdr) + keyhdrlen); 1711 return 0; 1712 } 1713 1714 hdr = (const struct ieee802_1x_hdr *) buf; 1715 plen = be_to_host16(hdr->length); 1716 data_len = plen + sizeof(*hdr); 1717 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1718 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1719 hdr->version, hdr->type, (unsigned long) plen); 1720 1721 if (hdr->version < EAPOL_VERSION) { 1722 /* TODO: backwards compatibility */ 1723 } 1724 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1725 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1726 "WPA: EAPOL frame (type %u) discarded, " 1727 "not a Key frame", hdr->type); 1728 ret = 0; 1729 goto out; 1730 } 1731 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1732 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1733 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1734 "WPA: EAPOL frame payload size %lu " 1735 "invalid (frame size %lu)", 1736 (unsigned long) plen, (unsigned long) len); 1737 ret = 0; 1738 goto out; 1739 } 1740 if (data_len < len) { 1741 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1742 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1743 (unsigned long) len - data_len); 1744 } 1745 1746 /* 1747 * Make a copy of the frame since we need to modify the buffer during 1748 * MAC validation and Key Data decryption. 1749 */ 1750 tmp = os_malloc(data_len); 1751 if (tmp == NULL) 1752 goto out; 1753 os_memcpy(tmp, buf, data_len); 1754 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1755 key192 = (struct wpa_eapol_key_192 *) 1756 (tmp + sizeof(struct ieee802_1x_hdr)); 1757 if (mic_len == 24) 1758 key_data = (u8 *) (key192 + 1); 1759 else 1760 key_data = (u8 *) (key + 1); 1761 1762 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1763 { 1764 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1765 "WPA: EAPOL-Key type (%d) unknown, discarded", 1766 key->type); 1767 ret = 0; 1768 goto out; 1769 } 1770 1771 if (mic_len == 24) 1772 key_data_len = WPA_GET_BE16(key192->key_data_length); 1773 else 1774 key_data_len = WPA_GET_BE16(key->key_data_length); 1775 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len); 1776 1777 if (key_data_len > plen - keyhdrlen) { 1778 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1779 "frame - key_data overflow (%u > %u)", 1780 (unsigned int) key_data_len, 1781 (unsigned int) (plen - keyhdrlen)); 1782 goto out; 1783 } 1784 1785 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1786 key_info = WPA_GET_BE16(key->key_info); 1787 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1788 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1789 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1790 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1791 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1792 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 1793 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1794 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 1795 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1796 "WPA: Unsupported EAPOL-Key descriptor version %d", 1797 ver); 1798 goto out; 1799 } 1800 1801 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 1802 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1803 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1804 "OSEN: Unsupported EAPOL-Key descriptor version %d", 1805 ver); 1806 goto out; 1807 } 1808 1809 if (wpa_key_mgmt_suite_b(sm->key_mgmt) && 1810 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1811 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1812 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 1813 ver); 1814 goto out; 1815 } 1816 1817 #ifdef CONFIG_IEEE80211R 1818 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1819 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1820 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1821 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1822 "FT: AP did not use AES-128-CMAC"); 1823 goto out; 1824 } 1825 } else 1826 #endif /* CONFIG_IEEE80211R */ 1827 #ifdef CONFIG_IEEE80211W 1828 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1829 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1830 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 1831 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1832 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1833 "WPA: AP did not use the " 1834 "negotiated AES-128-CMAC"); 1835 goto out; 1836 } 1837 } else 1838 #endif /* CONFIG_IEEE80211W */ 1839 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1840 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1841 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1842 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1843 "WPA: CCMP is used, but EAPOL-Key " 1844 "descriptor version (%d) is not 2", ver); 1845 if (sm->group_cipher != WPA_CIPHER_CCMP && 1846 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1847 /* Earlier versions of IEEE 802.11i did not explicitly 1848 * require version 2 descriptor for all EAPOL-Key 1849 * packets, so allow group keys to use version 1 if 1850 * CCMP is not used for them. */ 1851 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1852 "WPA: Backwards compatibility: allow invalid " 1853 "version for non-CCMP group keys"); 1854 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1855 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1856 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 1857 } else 1858 goto out; 1859 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 1860 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 1861 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1862 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1863 "WPA: GCMP is used, but EAPOL-Key " 1864 "descriptor version (%d) is not 2", ver); 1865 goto out; 1866 } 1867 1868 #ifdef CONFIG_PEERKEY 1869 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1870 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1871 break; 1872 } 1873 1874 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1875 if (!peerkey->initiator && peerkey->replay_counter_set && 1876 os_memcmp(key->replay_counter, peerkey->replay_counter, 1877 WPA_REPLAY_COUNTER_LEN) <= 0) { 1878 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1879 "RSN: EAPOL-Key Replay Counter did not " 1880 "increase (STK) - dropping packet"); 1881 goto out; 1882 } else if (peerkey->initiator) { 1883 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1884 os_memcpy(_tmp, key->replay_counter, 1885 WPA_REPLAY_COUNTER_LEN); 1886 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1887 if (os_memcmp(_tmp, peerkey->replay_counter, 1888 WPA_REPLAY_COUNTER_LEN) != 0) { 1889 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1890 "RSN: EAPOL-Key Replay " 1891 "Counter did not match (STK) - " 1892 "dropping packet"); 1893 goto out; 1894 } 1895 } 1896 } 1897 1898 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1899 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1900 "RSN: Ack bit in key_info from STK peer"); 1901 goto out; 1902 } 1903 #endif /* CONFIG_PEERKEY */ 1904 1905 if (!peerkey && sm->rx_replay_counter_set && 1906 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1907 WPA_REPLAY_COUNTER_LEN) <= 0) { 1908 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1909 "WPA: EAPOL-Key Replay Counter did not increase - " 1910 "dropping packet"); 1911 goto out; 1912 } 1913 1914 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1915 #ifdef CONFIG_PEERKEY 1916 && (peerkey == NULL || !peerkey->initiator) 1917 #endif /* CONFIG_PEERKEY */ 1918 ) { 1919 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1920 "WPA: No Ack bit in key_info"); 1921 goto out; 1922 } 1923 1924 if (key_info & WPA_KEY_INFO_REQUEST) { 1925 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1926 "WPA: EAPOL-Key with Request bit - dropped"); 1927 goto out; 1928 } 1929 1930 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1931 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len)) 1932 goto out; 1933 1934 #ifdef CONFIG_PEERKEY 1935 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1936 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp, 1937 data_len)) 1938 goto out; 1939 #endif /* CONFIG_PEERKEY */ 1940 1941 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 1942 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1943 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, 1944 &key_data_len)) 1945 goto out; 1946 } 1947 1948 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1949 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1950 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1951 "WPA: Ignored EAPOL-Key (Pairwise) with " 1952 "non-zero key index"); 1953 goto out; 1954 } 1955 if (peerkey) { 1956 /* PeerKey 4-Way Handshake */ 1957 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 1958 key_data, key_data_len); 1959 } else if (key_info & WPA_KEY_INFO_MIC) { 1960 /* 3/4 4-Way Handshake */ 1961 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 1962 key_data_len); 1963 } else { 1964 /* 1/4 4-Way Handshake */ 1965 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1966 ver, key_data, 1967 key_data_len); 1968 } 1969 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1970 /* PeerKey SMK Handshake */ 1971 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info, 1972 ver); 1973 } else { 1974 if (key_info & WPA_KEY_INFO_MIC) { 1975 /* 1/2 Group Key Handshake */ 1976 wpa_supplicant_process_1_of_2(sm, src_addr, key, 1977 key_data, key_data_len, 1978 ver); 1979 } else { 1980 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1981 "WPA: EAPOL-Key (Group) without Mic bit - " 1982 "dropped"); 1983 } 1984 } 1985 1986 ret = 1; 1987 1988 out: 1989 bin_clear_free(tmp, data_len); 1990 return ret; 1991 } 1992 1993 1994 #ifdef CONFIG_CTRL_IFACE 1995 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 1996 { 1997 switch (sm->key_mgmt) { 1998 case WPA_KEY_MGMT_IEEE8021X: 1999 return ((sm->proto == WPA_PROTO_RSN || 2000 sm->proto == WPA_PROTO_OSEN) ? 2001 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2002 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2003 case WPA_KEY_MGMT_PSK: 2004 return (sm->proto == WPA_PROTO_RSN ? 2005 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2006 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2007 #ifdef CONFIG_IEEE80211R 2008 case WPA_KEY_MGMT_FT_IEEE8021X: 2009 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2010 case WPA_KEY_MGMT_FT_PSK: 2011 return RSN_AUTH_KEY_MGMT_FT_PSK; 2012 #endif /* CONFIG_IEEE80211R */ 2013 #ifdef CONFIG_IEEE80211W 2014 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2015 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2016 case WPA_KEY_MGMT_PSK_SHA256: 2017 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2018 #endif /* CONFIG_IEEE80211W */ 2019 case WPA_KEY_MGMT_CCKM: 2020 return (sm->proto == WPA_PROTO_RSN ? 2021 RSN_AUTH_KEY_MGMT_CCKM: 2022 WPA_AUTH_KEY_MGMT_CCKM); 2023 case WPA_KEY_MGMT_WPA_NONE: 2024 return WPA_AUTH_KEY_MGMT_NONE; 2025 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2026 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2027 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2028 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2029 default: 2030 return 0; 2031 } 2032 } 2033 2034 2035 #define RSN_SUITE "%02x-%02x-%02x-%d" 2036 #define RSN_SUITE_ARG(s) \ 2037 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2038 2039 /** 2040 * wpa_sm_get_mib - Dump text list of MIB entries 2041 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2042 * @buf: Buffer for the list 2043 * @buflen: Length of the buffer 2044 * Returns: Number of bytes written to buffer 2045 * 2046 * This function is used fetch dot11 MIB variables. 2047 */ 2048 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2049 { 2050 char pmkid_txt[PMKID_LEN * 2 + 1]; 2051 int rsna, ret; 2052 size_t len; 2053 2054 if (sm->cur_pmksa) { 2055 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2056 sm->cur_pmksa->pmkid, PMKID_LEN); 2057 } else 2058 pmkid_txt[0] = '\0'; 2059 2060 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2061 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2062 sm->proto == WPA_PROTO_RSN) 2063 rsna = 1; 2064 else 2065 rsna = 0; 2066 2067 ret = os_snprintf(buf, buflen, 2068 "dot11RSNAOptionImplemented=TRUE\n" 2069 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2070 "dot11RSNAEnabled=%s\n" 2071 "dot11RSNAPreauthenticationEnabled=%s\n" 2072 "dot11RSNAConfigVersion=%d\n" 2073 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2074 "dot11RSNAConfigGroupCipherSize=%d\n" 2075 "dot11RSNAConfigPMKLifetime=%d\n" 2076 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2077 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2078 "dot11RSNAConfigSATimeout=%d\n", 2079 rsna ? "TRUE" : "FALSE", 2080 rsna ? "TRUE" : "FALSE", 2081 RSN_VERSION, 2082 wpa_cipher_key_len(sm->group_cipher) * 8, 2083 sm->dot11RSNAConfigPMKLifetime, 2084 sm->dot11RSNAConfigPMKReauthThreshold, 2085 sm->dot11RSNAConfigSATimeout); 2086 if (os_snprintf_error(buflen, ret)) 2087 return 0; 2088 len = ret; 2089 2090 ret = os_snprintf( 2091 buf + len, buflen - len, 2092 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2093 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2094 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2095 "dot11RSNAPMKIDUsed=%s\n" 2096 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2097 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2098 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2099 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2100 "dot11RSNA4WayHandshakeFailures=%u\n", 2101 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2102 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2103 sm->pairwise_cipher)), 2104 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2105 sm->group_cipher)), 2106 pmkid_txt, 2107 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2108 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2109 sm->pairwise_cipher)), 2110 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2111 sm->group_cipher)), 2112 sm->dot11RSNA4WayHandshakeFailures); 2113 if (!os_snprintf_error(buflen - len, ret)) 2114 len += ret; 2115 2116 return (int) len; 2117 } 2118 #endif /* CONFIG_CTRL_IFACE */ 2119 2120 2121 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2122 void *ctx, enum pmksa_free_reason reason) 2123 { 2124 struct wpa_sm *sm = ctx; 2125 int deauth = 0; 2126 2127 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2128 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2129 2130 if (sm->cur_pmksa == entry) { 2131 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2132 "RSN: %s current PMKSA entry", 2133 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2134 pmksa_cache_clear_current(sm); 2135 2136 /* 2137 * If an entry is simply being replaced, there's no need to 2138 * deauthenticate because it will be immediately re-added. 2139 * This happens when EAP authentication is completed again 2140 * (reauth or failed PMKSA caching attempt). 2141 */ 2142 if (reason != PMKSA_REPLACE) 2143 deauth = 1; 2144 } 2145 2146 if (reason == PMKSA_EXPIRE && 2147 (sm->pmk_len == entry->pmk_len && 2148 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2149 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2150 "RSN: deauthenticating due to expired PMK"); 2151 pmksa_cache_clear_current(sm); 2152 deauth = 1; 2153 } 2154 2155 if (deauth) { 2156 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2157 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2158 } 2159 } 2160 2161 2162 /** 2163 * wpa_sm_init - Initialize WPA state machine 2164 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2165 * Returns: Pointer to the allocated WPA state machine data 2166 * 2167 * This function is used to allocate a new WPA state machine and the returned 2168 * value is passed to all WPA state machine calls. 2169 */ 2170 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2171 { 2172 struct wpa_sm *sm; 2173 2174 sm = os_zalloc(sizeof(*sm)); 2175 if (sm == NULL) 2176 return NULL; 2177 dl_list_init(&sm->pmksa_candidates); 2178 sm->renew_snonce = 1; 2179 sm->ctx = ctx; 2180 2181 sm->dot11RSNAConfigPMKLifetime = 43200; 2182 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2183 sm->dot11RSNAConfigSATimeout = 60; 2184 2185 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2186 if (sm->pmksa == NULL) { 2187 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2188 "RSN: PMKSA cache initialization failed"); 2189 os_free(sm); 2190 return NULL; 2191 } 2192 2193 return sm; 2194 } 2195 2196 2197 /** 2198 * wpa_sm_deinit - Deinitialize WPA state machine 2199 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2200 */ 2201 void wpa_sm_deinit(struct wpa_sm *sm) 2202 { 2203 if (sm == NULL) 2204 return; 2205 pmksa_cache_deinit(sm->pmksa); 2206 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2207 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2208 os_free(sm->assoc_wpa_ie); 2209 os_free(sm->ap_wpa_ie); 2210 os_free(sm->ap_rsn_ie); 2211 wpa_sm_drop_sa(sm); 2212 os_free(sm->ctx); 2213 peerkey_deinit(sm); 2214 #ifdef CONFIG_IEEE80211R 2215 os_free(sm->assoc_resp_ies); 2216 #endif /* CONFIG_IEEE80211R */ 2217 os_free(sm); 2218 } 2219 2220 2221 /** 2222 * wpa_sm_notify_assoc - Notify WPA state machine about association 2223 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2224 * @bssid: The BSSID of the new association 2225 * 2226 * This function is called to let WPA state machine know that the connection 2227 * was established. 2228 */ 2229 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2230 { 2231 int clear_ptk = 1; 2232 2233 if (sm == NULL) 2234 return; 2235 2236 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2237 "WPA: Association event - clear replay counter"); 2238 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2239 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2240 sm->rx_replay_counter_set = 0; 2241 sm->renew_snonce = 1; 2242 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2243 rsn_preauth_deinit(sm); 2244 2245 #ifdef CONFIG_IEEE80211R 2246 if (wpa_ft_is_completed(sm)) { 2247 /* 2248 * Clear portValid to kick EAPOL state machine to re-enter 2249 * AUTHENTICATED state to get the EAPOL port Authorized. 2250 */ 2251 eapol_sm_notify_portValid(sm->eapol, FALSE); 2252 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2253 2254 /* Prepare for the next transition */ 2255 wpa_ft_prepare_auth_request(sm, NULL); 2256 2257 clear_ptk = 0; 2258 } 2259 #endif /* CONFIG_IEEE80211R */ 2260 2261 if (clear_ptk) { 2262 /* 2263 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2264 * this is not part of a Fast BSS Transition. 2265 */ 2266 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2267 sm->ptk_set = 0; 2268 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2269 sm->tptk_set = 0; 2270 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2271 } 2272 2273 #ifdef CONFIG_TDLS 2274 wpa_tdls_assoc(sm); 2275 #endif /* CONFIG_TDLS */ 2276 2277 #ifdef CONFIG_P2P 2278 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2279 #endif /* CONFIG_P2P */ 2280 } 2281 2282 2283 /** 2284 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2285 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2286 * 2287 * This function is called to let WPA state machine know that the connection 2288 * was lost. This will abort any existing pre-authentication session. 2289 */ 2290 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2291 { 2292 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2293 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2294 peerkey_deinit(sm); 2295 rsn_preauth_deinit(sm); 2296 pmksa_cache_clear_current(sm); 2297 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2298 sm->dot11RSNA4WayHandshakeFailures++; 2299 #ifdef CONFIG_TDLS 2300 wpa_tdls_disassoc(sm); 2301 #endif /* CONFIG_TDLS */ 2302 2303 /* Keys are not needed in the WPA state machine anymore */ 2304 wpa_sm_drop_sa(sm); 2305 2306 sm->msg_3_of_4_ok = 0; 2307 } 2308 2309 2310 /** 2311 * wpa_sm_set_pmk - Set PMK 2312 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2313 * @pmk: The new PMK 2314 * @pmk_len: The length of the new PMK in bytes 2315 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2316 * 2317 * Configure the PMK for WPA state machine. 2318 */ 2319 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2320 const u8 *bssid) 2321 { 2322 if (sm == NULL) 2323 return; 2324 2325 sm->pmk_len = pmk_len; 2326 os_memcpy(sm->pmk, pmk, pmk_len); 2327 2328 #ifdef CONFIG_IEEE80211R 2329 /* Set XXKey to be PSK for FT key derivation */ 2330 sm->xxkey_len = pmk_len; 2331 os_memcpy(sm->xxkey, pmk, pmk_len); 2332 #endif /* CONFIG_IEEE80211R */ 2333 2334 if (bssid) { 2335 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0, 2336 bssid, sm->own_addr, 2337 sm->network_ctx, sm->key_mgmt); 2338 } 2339 } 2340 2341 2342 /** 2343 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2344 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2345 * 2346 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2347 * will be cleared. 2348 */ 2349 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2350 { 2351 if (sm == NULL) 2352 return; 2353 2354 if (sm->cur_pmksa) { 2355 sm->pmk_len = sm->cur_pmksa->pmk_len; 2356 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2357 } else { 2358 sm->pmk_len = PMK_LEN; 2359 os_memset(sm->pmk, 0, PMK_LEN); 2360 } 2361 } 2362 2363 2364 /** 2365 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2366 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2367 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2368 */ 2369 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2370 { 2371 if (sm) 2372 sm->fast_reauth = fast_reauth; 2373 } 2374 2375 2376 /** 2377 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2378 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2379 * @scard_ctx: Context pointer for smartcard related callback functions 2380 */ 2381 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2382 { 2383 if (sm == NULL) 2384 return; 2385 sm->scard_ctx = scard_ctx; 2386 if (sm->preauth_eapol) 2387 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2388 } 2389 2390 2391 /** 2392 * wpa_sm_set_config - Notification of current configration change 2393 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2394 * @config: Pointer to current network configuration 2395 * 2396 * Notify WPA state machine that configuration has changed. config will be 2397 * stored as a backpointer to network configuration. This can be %NULL to clear 2398 * the stored pointed. 2399 */ 2400 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2401 { 2402 if (!sm) 2403 return; 2404 2405 if (config) { 2406 sm->network_ctx = config->network_ctx; 2407 sm->peerkey_enabled = config->peerkey_enabled; 2408 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2409 sm->proactive_key_caching = config->proactive_key_caching; 2410 sm->eap_workaround = config->eap_workaround; 2411 sm->eap_conf_ctx = config->eap_conf_ctx; 2412 if (config->ssid) { 2413 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2414 sm->ssid_len = config->ssid_len; 2415 } else 2416 sm->ssid_len = 0; 2417 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2418 sm->p2p = config->p2p; 2419 } else { 2420 sm->network_ctx = NULL; 2421 sm->peerkey_enabled = 0; 2422 sm->allowed_pairwise_cipher = 0; 2423 sm->proactive_key_caching = 0; 2424 sm->eap_workaround = 0; 2425 sm->eap_conf_ctx = NULL; 2426 sm->ssid_len = 0; 2427 sm->wpa_ptk_rekey = 0; 2428 sm->p2p = 0; 2429 } 2430 } 2431 2432 2433 /** 2434 * wpa_sm_set_own_addr - Set own MAC address 2435 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2436 * @addr: Own MAC address 2437 */ 2438 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2439 { 2440 if (sm) 2441 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2442 } 2443 2444 2445 /** 2446 * wpa_sm_set_ifname - Set network interface name 2447 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2448 * @ifname: Interface name 2449 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2450 */ 2451 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2452 const char *bridge_ifname) 2453 { 2454 if (sm) { 2455 sm->ifname = ifname; 2456 sm->bridge_ifname = bridge_ifname; 2457 } 2458 } 2459 2460 2461 /** 2462 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2463 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2464 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2465 */ 2466 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2467 { 2468 if (sm) 2469 sm->eapol = eapol; 2470 } 2471 2472 2473 /** 2474 * wpa_sm_set_param - Set WPA state machine parameters 2475 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2476 * @param: Parameter field 2477 * @value: Parameter value 2478 * Returns: 0 on success, -1 on failure 2479 */ 2480 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2481 unsigned int value) 2482 { 2483 int ret = 0; 2484 2485 if (sm == NULL) 2486 return -1; 2487 2488 switch (param) { 2489 case RSNA_PMK_LIFETIME: 2490 if (value > 0) 2491 sm->dot11RSNAConfigPMKLifetime = value; 2492 else 2493 ret = -1; 2494 break; 2495 case RSNA_PMK_REAUTH_THRESHOLD: 2496 if (value > 0 && value <= 100) 2497 sm->dot11RSNAConfigPMKReauthThreshold = value; 2498 else 2499 ret = -1; 2500 break; 2501 case RSNA_SA_TIMEOUT: 2502 if (value > 0) 2503 sm->dot11RSNAConfigSATimeout = value; 2504 else 2505 ret = -1; 2506 break; 2507 case WPA_PARAM_PROTO: 2508 sm->proto = value; 2509 break; 2510 case WPA_PARAM_PAIRWISE: 2511 sm->pairwise_cipher = value; 2512 break; 2513 case WPA_PARAM_GROUP: 2514 sm->group_cipher = value; 2515 break; 2516 case WPA_PARAM_KEY_MGMT: 2517 sm->key_mgmt = value; 2518 break; 2519 #ifdef CONFIG_IEEE80211W 2520 case WPA_PARAM_MGMT_GROUP: 2521 sm->mgmt_group_cipher = value; 2522 break; 2523 #endif /* CONFIG_IEEE80211W */ 2524 case WPA_PARAM_RSN_ENABLED: 2525 sm->rsn_enabled = value; 2526 break; 2527 case WPA_PARAM_MFP: 2528 sm->mfp = value; 2529 break; 2530 default: 2531 break; 2532 } 2533 2534 return ret; 2535 } 2536 2537 2538 /** 2539 * wpa_sm_get_status - Get WPA state machine 2540 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2541 * @buf: Buffer for status information 2542 * @buflen: Maximum buffer length 2543 * @verbose: Whether to include verbose status information 2544 * Returns: Number of bytes written to buf. 2545 * 2546 * Query WPA state machine for status information. This function fills in 2547 * a text area with current status information. If the buffer (buf) is not 2548 * large enough, status information will be truncated to fit the buffer. 2549 */ 2550 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2551 int verbose) 2552 { 2553 char *pos = buf, *end = buf + buflen; 2554 int ret; 2555 2556 ret = os_snprintf(pos, end - pos, 2557 "pairwise_cipher=%s\n" 2558 "group_cipher=%s\n" 2559 "key_mgmt=%s\n", 2560 wpa_cipher_txt(sm->pairwise_cipher), 2561 wpa_cipher_txt(sm->group_cipher), 2562 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2563 if (os_snprintf_error(end - pos, ret)) 2564 return pos - buf; 2565 pos += ret; 2566 2567 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2568 struct wpa_ie_data rsn; 2569 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2570 >= 0 && 2571 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2572 WPA_CAPABILITY_MFPC)) { 2573 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2574 (rsn.capabilities & 2575 WPA_CAPABILITY_MFPR) ? 2 : 1); 2576 if (os_snprintf_error(end - pos, ret)) 2577 return pos - buf; 2578 pos += ret; 2579 } 2580 } 2581 2582 return pos - buf; 2583 } 2584 2585 2586 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2587 { 2588 struct wpa_ie_data rsn; 2589 2590 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2591 return 0; 2592 2593 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2594 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2595 return 1; 2596 2597 return 0; 2598 } 2599 2600 2601 /** 2602 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2603 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2604 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2605 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2606 * Returns: 0 on success, -1 on failure 2607 */ 2608 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2609 size_t *wpa_ie_len) 2610 { 2611 int res; 2612 2613 if (sm == NULL) 2614 return -1; 2615 2616 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2617 if (res < 0) 2618 return -1; 2619 *wpa_ie_len = res; 2620 2621 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2622 wpa_ie, *wpa_ie_len); 2623 2624 if (sm->assoc_wpa_ie == NULL) { 2625 /* 2626 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2627 * the correct version of the IE even if PMKSA caching is 2628 * aborted (which would remove PMKID from IE generation). 2629 */ 2630 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2631 if (sm->assoc_wpa_ie == NULL) 2632 return -1; 2633 2634 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2635 sm->assoc_wpa_ie_len = *wpa_ie_len; 2636 } 2637 2638 return 0; 2639 } 2640 2641 2642 /** 2643 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2644 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2645 * @ie: Pointer to IE data (starting from id) 2646 * @len: IE length 2647 * Returns: 0 on success, -1 on failure 2648 * 2649 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2650 * Request frame. The IE will be used to override the default value generated 2651 * with wpa_sm_set_assoc_wpa_ie_default(). 2652 */ 2653 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2654 { 2655 if (sm == NULL) 2656 return -1; 2657 2658 os_free(sm->assoc_wpa_ie); 2659 if (ie == NULL || len == 0) { 2660 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2661 "WPA: clearing own WPA/RSN IE"); 2662 sm->assoc_wpa_ie = NULL; 2663 sm->assoc_wpa_ie_len = 0; 2664 } else { 2665 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2666 sm->assoc_wpa_ie = os_malloc(len); 2667 if (sm->assoc_wpa_ie == NULL) 2668 return -1; 2669 2670 os_memcpy(sm->assoc_wpa_ie, ie, len); 2671 sm->assoc_wpa_ie_len = len; 2672 } 2673 2674 return 0; 2675 } 2676 2677 2678 /** 2679 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2680 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2681 * @ie: Pointer to IE data (starting from id) 2682 * @len: IE length 2683 * Returns: 0 on success, -1 on failure 2684 * 2685 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2686 * frame. 2687 */ 2688 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2689 { 2690 if (sm == NULL) 2691 return -1; 2692 2693 os_free(sm->ap_wpa_ie); 2694 if (ie == NULL || len == 0) { 2695 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2696 "WPA: clearing AP WPA IE"); 2697 sm->ap_wpa_ie = NULL; 2698 sm->ap_wpa_ie_len = 0; 2699 } else { 2700 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2701 sm->ap_wpa_ie = os_malloc(len); 2702 if (sm->ap_wpa_ie == NULL) 2703 return -1; 2704 2705 os_memcpy(sm->ap_wpa_ie, ie, len); 2706 sm->ap_wpa_ie_len = len; 2707 } 2708 2709 return 0; 2710 } 2711 2712 2713 /** 2714 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2715 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2716 * @ie: Pointer to IE data (starting from id) 2717 * @len: IE length 2718 * Returns: 0 on success, -1 on failure 2719 * 2720 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2721 * frame. 2722 */ 2723 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2724 { 2725 if (sm == NULL) 2726 return -1; 2727 2728 os_free(sm->ap_rsn_ie); 2729 if (ie == NULL || len == 0) { 2730 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2731 "WPA: clearing AP RSN IE"); 2732 sm->ap_rsn_ie = NULL; 2733 sm->ap_rsn_ie_len = 0; 2734 } else { 2735 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2736 sm->ap_rsn_ie = os_malloc(len); 2737 if (sm->ap_rsn_ie == NULL) 2738 return -1; 2739 2740 os_memcpy(sm->ap_rsn_ie, ie, len); 2741 sm->ap_rsn_ie_len = len; 2742 } 2743 2744 return 0; 2745 } 2746 2747 2748 /** 2749 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2750 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2751 * @data: Pointer to data area for parsing results 2752 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2753 * 2754 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2755 * parsed data into data. 2756 */ 2757 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2758 { 2759 if (sm == NULL) 2760 return -1; 2761 2762 if (sm->assoc_wpa_ie == NULL) { 2763 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2764 "WPA: No WPA/RSN IE available from association info"); 2765 return -1; 2766 } 2767 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2768 return -2; 2769 return 0; 2770 } 2771 2772 2773 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2774 { 2775 return pmksa_cache_list(sm->pmksa, buf, len); 2776 } 2777 2778 2779 void wpa_sm_drop_sa(struct wpa_sm *sm) 2780 { 2781 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2782 sm->ptk_set = 0; 2783 sm->tptk_set = 0; 2784 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2785 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2786 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2787 #ifdef CONFIG_IEEE80211R 2788 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2789 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2790 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2791 #endif /* CONFIG_IEEE80211R */ 2792 } 2793 2794 2795 int wpa_sm_has_ptk(struct wpa_sm *sm) 2796 { 2797 if (sm == NULL) 2798 return 0; 2799 return sm->ptk_set; 2800 } 2801 2802 2803 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2804 { 2805 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2806 } 2807 2808 2809 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2810 { 2811 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 2812 } 2813 2814 2815 #ifdef CONFIG_WNM 2816 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 2817 { 2818 u16 keyinfo; 2819 u8 keylen; /* plaintext key len */ 2820 u8 *key_rsc; 2821 2822 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 2823 struct wpa_gtk_data gd; 2824 2825 os_memset(&gd, 0, sizeof(gd)); 2826 keylen = wpa_cipher_key_len(sm->group_cipher); 2827 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 2828 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 2829 if (gd.alg == WPA_ALG_NONE) { 2830 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 2831 return -1; 2832 } 2833 2834 key_rsc = buf + 5; 2835 keyinfo = WPA_GET_LE16(buf + 2); 2836 gd.gtk_len = keylen; 2837 if (gd.gtk_len != buf[4]) { 2838 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 2839 gd.gtk_len, buf[4]); 2840 return -1; 2841 } 2842 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 2843 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 2844 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 2845 2846 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 2847 2848 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 2849 gd.gtk, gd.gtk_len); 2850 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { 2851 os_memset(&gd, 0, sizeof(gd)); 2852 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 2853 "WNM mode"); 2854 return -1; 2855 } 2856 os_memset(&gd, 0, sizeof(gd)); 2857 #ifdef CONFIG_IEEE80211W 2858 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 2859 struct wpa_igtk_kde igd; 2860 u16 keyidx; 2861 2862 os_memset(&igd, 0, sizeof(igd)); 2863 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); 2864 os_memcpy(igd.keyid, buf + 2, 2); 2865 os_memcpy(igd.pn, buf + 4, 6); 2866 2867 keyidx = WPA_GET_LE16(igd.keyid); 2868 os_memcpy(igd.igtk, buf + 10, keylen); 2869 2870 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", 2871 igd.igtk, keylen); 2872 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 2873 broadcast_ether_addr, 2874 keyidx, 0, igd.pn, sizeof(igd.pn), 2875 igd.igtk, keylen) < 0) { 2876 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " 2877 "WNM mode"); 2878 os_memset(&igd, 0, sizeof(igd)); 2879 return -1; 2880 } 2881 os_memset(&igd, 0, sizeof(igd)); 2882 #endif /* CONFIG_IEEE80211W */ 2883 } else { 2884 wpa_printf(MSG_DEBUG, "Unknown element id"); 2885 return -1; 2886 } 2887 2888 return 0; 2889 } 2890 #endif /* CONFIG_WNM */ 2891 2892 2893 #ifdef CONFIG_PEERKEY 2894 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 2895 const u8 *buf, size_t len) 2896 { 2897 struct wpa_peerkey *peerkey; 2898 2899 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2900 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2901 break; 2902 } 2903 2904 if (!peerkey) 2905 return 0; 2906 2907 wpa_sm_rx_eapol(sm, src_addr, buf, len); 2908 2909 return 1; 2910 } 2911 #endif /* CONFIG_PEERKEY */ 2912 2913 2914 #ifdef CONFIG_P2P 2915 2916 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 2917 { 2918 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 2919 return -1; 2920 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 2921 return 0; 2922 } 2923 2924 #endif /* CONFIG_P2P */ 2925 2926 2927 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 2928 { 2929 if (rx_replay_counter == NULL) 2930 return; 2931 2932 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 2933 WPA_REPLAY_COUNTER_LEN); 2934 sm->rx_replay_counter_set = 1; 2935 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 2936 } 2937 2938 2939 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 2940 const u8 *ptk_kck, size_t ptk_kck_len, 2941 const u8 *ptk_kek, size_t ptk_kek_len) 2942 { 2943 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 2944 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 2945 sm->ptk.kck_len = ptk_kck_len; 2946 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 2947 } 2948 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 2949 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 2950 sm->ptk.kek_len = ptk_kek_len; 2951 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 2952 } 2953 sm->ptk_set = 1; 2954 } 2955