xref: /freebsd/contrib/wpa/src/rsn_supp/wpa.c (revision fed1ca4b719c56c930f2259d80663cd34be812bb)
1 /*
2  * WPA Supplicant - WPA state machine and EAPOL-Key processing
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "eapol_supp/eapol_supp_sm.h"
17 #include "wpa.h"
18 #include "eloop.h"
19 #include "preauth.h"
20 #include "pmksa_cache.h"
21 #include "wpa_i.h"
22 #include "wpa_ie.h"
23 #include "peerkey.h"
24 
25 
26 /**
27  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28  * @sm: Pointer to WPA state machine data from wpa_sm_init()
29  * @kck: Key Confirmation Key (KCK, part of PTK)
30  * @kck_len: KCK length in octets
31  * @ver: Version field from Key Info
32  * @dest: Destination address for the frame
33  * @proto: Ethertype (usually ETH_P_EAPOL)
34  * @msg: EAPOL-Key message
35  * @msg_len: Length of message
36  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
37  */
38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
39 			int ver, const u8 *dest, u16 proto,
40 			u8 *msg, size_t msg_len, u8 *key_mic)
41 {
42 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
43 
44 	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
45 		/*
46 		 * Association event was not yet received; try to fetch
47 		 * BSSID from the driver.
48 		 */
49 		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
50 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
51 				"WPA: Failed to read BSSID for "
52 				"EAPOL-Key destination address");
53 		} else {
54 			dest = sm->bssid;
55 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56 				"WPA: Use BSSID (" MACSTR
57 				") as the destination for EAPOL-Key",
58 				MAC2STR(dest));
59 		}
60 	}
61 	if (key_mic &&
62 	    wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
63 			      key_mic)) {
64 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
65 			"WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
66 			ver, sm->key_mgmt);
67 		goto out;
68 	}
69 	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
70 	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
71 	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
72 	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
73 	eapol_sm_notify_tx_eapol_key(sm->eapol);
74 out:
75 	os_free(msg);
76 }
77 
78 
79 /**
80  * wpa_sm_key_request - Send EAPOL-Key Request
81  * @sm: Pointer to WPA state machine data from wpa_sm_init()
82  * @error: Indicate whether this is an Michael MIC error report
83  * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
84  *
85  * Send an EAPOL-Key Request to the current authenticator. This function is
86  * used to request rekeying and it is usually called when a local Michael MIC
87  * failure is detected.
88  */
89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
90 {
91 	size_t mic_len, hdrlen, rlen;
92 	struct wpa_eapol_key *reply;
93 	struct wpa_eapol_key_192 *reply192;
94 	int key_info, ver;
95 	u8 bssid[ETH_ALEN], *rbuf, *key_mic;
96 
97 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
98 	    wpa_key_mgmt_suite_b(sm->key_mgmt))
99 		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
100 	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
101 		 wpa_key_mgmt_sha256(sm->key_mgmt))
102 		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
103 	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
104 		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
105 	else
106 		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
107 
108 	if (wpa_sm_get_bssid(sm, bssid) < 0) {
109 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
110 			"Failed to read BSSID for EAPOL-Key request");
111 		return;
112 	}
113 
114 	mic_len = wpa_mic_len(sm->key_mgmt);
115 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
116 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
117 				  hdrlen, &rlen, (void *) &reply);
118 	if (rbuf == NULL)
119 		return;
120 	reply192 = (struct wpa_eapol_key_192 *) reply;
121 
122 	reply->type = (sm->proto == WPA_PROTO_RSN ||
123 		       sm->proto == WPA_PROTO_OSEN) ?
124 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
125 	key_info = WPA_KEY_INFO_REQUEST | ver;
126 	if (sm->ptk_set)
127 		key_info |= WPA_KEY_INFO_MIC;
128 	if (error)
129 		key_info |= WPA_KEY_INFO_ERROR;
130 	if (pairwise)
131 		key_info |= WPA_KEY_INFO_KEY_TYPE;
132 	WPA_PUT_BE16(reply->key_info, key_info);
133 	WPA_PUT_BE16(reply->key_length, 0);
134 	os_memcpy(reply->replay_counter, sm->request_counter,
135 		  WPA_REPLAY_COUNTER_LEN);
136 	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
137 
138 	if (mic_len == 24)
139 		WPA_PUT_BE16(reply192->key_data_length, 0);
140 	else
141 		WPA_PUT_BE16(reply->key_data_length, 0);
142 	if (!(key_info & WPA_KEY_INFO_MIC))
143 		key_mic = NULL;
144 	else
145 		key_mic = reply192->key_mic; /* same offset in reply */
146 
147 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
148 		"WPA: Sending EAPOL-Key Request (error=%d "
149 		"pairwise=%d ptk_set=%d len=%lu)",
150 		error, pairwise, sm->ptk_set, (unsigned long) rlen);
151 	wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
152 			   ETH_P_EAPOL, rbuf, rlen, key_mic);
153 }
154 
155 
156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
157 {
158 #ifdef CONFIG_IEEE80211R
159 	if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
160 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
161 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
162 				"RSN: Cannot set low order 256 bits of MSK for key management offload");
163 	} else {
164 #endif /* CONFIG_IEEE80211R */
165 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
166 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
167 				"RSN: Cannot set PMK for key management offload");
168 #ifdef CONFIG_IEEE80211R
169 	}
170 #endif /* CONFIG_IEEE80211R */
171 }
172 
173 
174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
175 				  const unsigned char *src_addr,
176 				  const u8 *pmkid)
177 {
178 	int abort_cached = 0;
179 
180 	if (pmkid && !sm->cur_pmksa) {
181 		/* When using drivers that generate RSN IE, wpa_supplicant may
182 		 * not have enough time to get the association information
183 		 * event before receiving this 1/4 message, so try to find a
184 		 * matching PMKSA cache entry here. */
185 		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
186 						NULL);
187 		if (sm->cur_pmksa) {
188 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
189 				"RSN: found matching PMKID from PMKSA cache");
190 		} else {
191 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
192 				"RSN: no matching PMKID found");
193 			abort_cached = 1;
194 		}
195 	}
196 
197 	if (pmkid && sm->cur_pmksa &&
198 	    os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
199 		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
200 		wpa_sm_set_pmk_from_pmksa(sm);
201 		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
202 				sm->pmk, sm->pmk_len);
203 		eapol_sm_notify_cached(sm->eapol);
204 #ifdef CONFIG_IEEE80211R
205 		sm->xxkey_len = 0;
206 #endif /* CONFIG_IEEE80211R */
207 	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
208 		int res, pmk_len;
209 		pmk_len = PMK_LEN;
210 		res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
211 		if (res) {
212 			/*
213 			 * EAP-LEAP is an exception from other EAP methods: it
214 			 * uses only 16-byte PMK.
215 			 */
216 			res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
217 			pmk_len = 16;
218 		} else {
219 #ifdef CONFIG_IEEE80211R
220 			u8 buf[2 * PMK_LEN];
221 			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
222 			{
223 				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
224 				sm->xxkey_len = PMK_LEN;
225 				os_memset(buf, 0, sizeof(buf));
226 			}
227 #endif /* CONFIG_IEEE80211R */
228 		}
229 		if (res == 0) {
230 			struct rsn_pmksa_cache_entry *sa = NULL;
231 			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
232 					"machines", sm->pmk, pmk_len);
233 			sm->pmk_len = pmk_len;
234 			wpa_supplicant_key_mgmt_set_pmk(sm);
235 			if (sm->proto == WPA_PROTO_RSN &&
236 			    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
237 			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
238 				sa = pmksa_cache_add(sm->pmksa,
239 						     sm->pmk, pmk_len,
240 						     NULL, 0,
241 						     src_addr, sm->own_addr,
242 						     sm->network_ctx,
243 						     sm->key_mgmt);
244 			}
245 			if (!sm->cur_pmksa && pmkid &&
246 			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
247 			{
248 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
249 					"RSN: the new PMK matches with the "
250 					"PMKID");
251 				abort_cached = 0;
252 			} else if (sa && !sm->cur_pmksa && pmkid) {
253 				/*
254 				 * It looks like the authentication server
255 				 * derived mismatching MSK. This should not
256 				 * really happen, but bugs happen.. There is not
257 				 * much we can do here without knowing what
258 				 * exactly caused the server to misbehave.
259 				 */
260 				wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
261 					"RSN: PMKID mismatch - authentication server may have derived different MSK?!");
262 				return -1;
263 			}
264 
265 			if (!sm->cur_pmksa)
266 				sm->cur_pmksa = sa;
267 		} else {
268 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
269 				"WPA: Failed to get master session key from "
270 				"EAPOL state machines - key handshake "
271 				"aborted");
272 			if (sm->cur_pmksa) {
273 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
274 					"RSN: Cancelled PMKSA caching "
275 					"attempt");
276 				sm->cur_pmksa = NULL;
277 				abort_cached = 1;
278 			} else if (!abort_cached) {
279 				return -1;
280 			}
281 		}
282 	}
283 
284 	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
285 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
286 	    !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
287 	{
288 		/* Send EAPOL-Start to trigger full EAP authentication. */
289 		u8 *buf;
290 		size_t buflen;
291 
292 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
293 			"RSN: no PMKSA entry found - trigger "
294 			"full EAP authentication");
295 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
296 					 NULL, 0, &buflen, NULL);
297 		if (buf) {
298 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
299 					  buf, buflen);
300 			os_free(buf);
301 			return -2;
302 		}
303 
304 		return -1;
305 	}
306 
307 	return 0;
308 }
309 
310 
311 /**
312  * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
313  * @sm: Pointer to WPA state machine data from wpa_sm_init()
314  * @dst: Destination address for the frame
315  * @key: Pointer to the EAPOL-Key frame header
316  * @ver: Version bits from EAPOL-Key Key Info
317  * @nonce: Nonce value for the EAPOL-Key frame
318  * @wpa_ie: WPA/RSN IE
319  * @wpa_ie_len: Length of the WPA/RSN IE
320  * @ptk: PTK to use for keyed hash and encryption
321  * Returns: 0 on success, -1 on failure
322  */
323 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
324 			       const struct wpa_eapol_key *key,
325 			       int ver, const u8 *nonce,
326 			       const u8 *wpa_ie, size_t wpa_ie_len,
327 			       struct wpa_ptk *ptk)
328 {
329 	size_t mic_len, hdrlen, rlen;
330 	struct wpa_eapol_key *reply;
331 	struct wpa_eapol_key_192 *reply192;
332 	u8 *rbuf, *key_mic;
333 	u8 *rsn_ie_buf = NULL;
334 
335 	if (wpa_ie == NULL) {
336 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
337 			"cannot generate msg 2/4");
338 		return -1;
339 	}
340 
341 #ifdef CONFIG_IEEE80211R
342 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
343 		int res;
344 
345 		/*
346 		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
347 		 * FTIE from (Re)Association Response.
348 		 */
349 		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
350 				       sm->assoc_resp_ies_len);
351 		if (rsn_ie_buf == NULL)
352 			return -1;
353 		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
354 		res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
355 				       sm->pmk_r1_name);
356 		if (res < 0) {
357 			os_free(rsn_ie_buf);
358 			return -1;
359 		}
360 		wpa_ie_len += res;
361 
362 		if (sm->assoc_resp_ies) {
363 			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
364 				  sm->assoc_resp_ies_len);
365 			wpa_ie_len += sm->assoc_resp_ies_len;
366 		}
367 
368 		wpa_ie = rsn_ie_buf;
369 	}
370 #endif /* CONFIG_IEEE80211R */
371 
372 	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
373 
374 	mic_len = wpa_mic_len(sm->key_mgmt);
375 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
376 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
377 				  NULL, hdrlen + wpa_ie_len,
378 				  &rlen, (void *) &reply);
379 	if (rbuf == NULL) {
380 		os_free(rsn_ie_buf);
381 		return -1;
382 	}
383 	reply192 = (struct wpa_eapol_key_192 *) reply;
384 
385 	reply->type = (sm->proto == WPA_PROTO_RSN ||
386 		       sm->proto == WPA_PROTO_OSEN) ?
387 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
388 	WPA_PUT_BE16(reply->key_info,
389 		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
390 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
391 		WPA_PUT_BE16(reply->key_length, 0);
392 	else
393 		os_memcpy(reply->key_length, key->key_length, 2);
394 	os_memcpy(reply->replay_counter, key->replay_counter,
395 		  WPA_REPLAY_COUNTER_LEN);
396 	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
397 		    WPA_REPLAY_COUNTER_LEN);
398 
399 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
400 	if (mic_len == 24) {
401 		WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
402 		os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
403 	} else {
404 		WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
405 		os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
406 	}
407 	os_free(rsn_ie_buf);
408 
409 	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
410 
411 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
412 	wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
413 			   rbuf, rlen, key_mic);
414 
415 	return 0;
416 }
417 
418 
419 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
420 			  const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
421 {
422 #ifdef CONFIG_IEEE80211R
423 	if (wpa_key_mgmt_ft(sm->key_mgmt))
424 		return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
425 #endif /* CONFIG_IEEE80211R */
426 
427 	return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
428 			      sm->own_addr, sm->bssid, sm->snonce,
429 			      key->key_nonce, ptk, sm->key_mgmt,
430 			      sm->pairwise_cipher);
431 }
432 
433 
434 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
435 					  const unsigned char *src_addr,
436 					  const struct wpa_eapol_key *key,
437 					  u16 ver, const u8 *key_data,
438 					  size_t key_data_len)
439 {
440 	struct wpa_eapol_ie_parse ie;
441 	struct wpa_ptk *ptk;
442 	int res;
443 	u8 *kde, *kde_buf = NULL;
444 	size_t kde_len;
445 
446 	if (wpa_sm_get_network_ctx(sm) == NULL) {
447 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
448 			"found (msg 1 of 4)");
449 		return;
450 	}
451 
452 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
453 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
454 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
455 
456 	os_memset(&ie, 0, sizeof(ie));
457 
458 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
459 		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
460 		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
461 			    key_data, key_data_len);
462 		if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
463 			goto failed;
464 		if (ie.pmkid) {
465 			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
466 				    "Authenticator", ie.pmkid, PMKID_LEN);
467 		}
468 	}
469 
470 	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
471 	if (res == -2) {
472 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
473 			"msg 1/4 - requesting full EAP authentication");
474 		return;
475 	}
476 	if (res)
477 		goto failed;
478 
479 	if (sm->renew_snonce) {
480 		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
481 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
482 				"WPA: Failed to get random data for SNonce");
483 			goto failed;
484 		}
485 		sm->renew_snonce = 0;
486 		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
487 			    sm->snonce, WPA_NONCE_LEN);
488 	}
489 
490 	/* Calculate PTK which will be stored as a temporary PTK until it has
491 	 * been verified when processing message 3/4. */
492 	ptk = &sm->tptk;
493 	wpa_derive_ptk(sm, src_addr, key, ptk);
494 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
495 		u8 buf[8];
496 		/* Supplicant: swap tx/rx Mic keys */
497 		os_memcpy(buf, &ptk->tk[16], 8);
498 		os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
499 		os_memcpy(&ptk->tk[24], buf, 8);
500 		os_memset(buf, 0, sizeof(buf));
501 	}
502 	sm->tptk_set = 1;
503 
504 	kde = sm->assoc_wpa_ie;
505 	kde_len = sm->assoc_wpa_ie_len;
506 
507 #ifdef CONFIG_P2P
508 	if (sm->p2p) {
509 		kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
510 		if (kde_buf) {
511 			u8 *pos;
512 			wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
513 				   "into EAPOL-Key 2/4");
514 			os_memcpy(kde_buf, kde, kde_len);
515 			kde = kde_buf;
516 			pos = kde + kde_len;
517 			*pos++ = WLAN_EID_VENDOR_SPECIFIC;
518 			*pos++ = RSN_SELECTOR_LEN + 1;
519 			RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
520 			pos += RSN_SELECTOR_LEN;
521 			*pos++ = 0x01;
522 			kde_len = pos - kde;
523 		}
524 	}
525 #endif /* CONFIG_P2P */
526 
527 	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
528 				       kde, kde_len, ptk))
529 		goto failed;
530 
531 	os_free(kde_buf);
532 	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
533 	return;
534 
535 failed:
536 	os_free(kde_buf);
537 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
538 }
539 
540 
541 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
542 {
543 	struct wpa_sm *sm = eloop_ctx;
544 	rsn_preauth_candidate_process(sm);
545 }
546 
547 
548 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
549 					    const u8 *addr, int secure)
550 {
551 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
552 		"WPA: Key negotiation completed with "
553 		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
554 		wpa_cipher_txt(sm->pairwise_cipher),
555 		wpa_cipher_txt(sm->group_cipher));
556 	wpa_sm_cancel_auth_timeout(sm);
557 	wpa_sm_set_state(sm, WPA_COMPLETED);
558 
559 	if (secure) {
560 		wpa_sm_mlme_setprotection(
561 			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
562 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
563 		eapol_sm_notify_portValid(sm->eapol, TRUE);
564 		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
565 			eapol_sm_notify_eap_success(sm->eapol, TRUE);
566 		/*
567 		 * Start preauthentication after a short wait to avoid a
568 		 * possible race condition between the data receive and key
569 		 * configuration after the 4-Way Handshake. This increases the
570 		 * likelihood of the first preauth EAPOL-Start frame getting to
571 		 * the target AP.
572 		 */
573 		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
574 	}
575 
576 	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
577 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
578 			"RSN: Authenticator accepted "
579 			"opportunistic PMKSA entry - marking it valid");
580 		sm->cur_pmksa->opportunistic = 0;
581 	}
582 
583 #ifdef CONFIG_IEEE80211R
584 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
585 		/* Prepare for the next transition */
586 		wpa_ft_prepare_auth_request(sm, NULL);
587 	}
588 #endif /* CONFIG_IEEE80211R */
589 }
590 
591 
592 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
593 {
594 	struct wpa_sm *sm = eloop_ctx;
595 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
596 	wpa_sm_key_request(sm, 0, 1);
597 }
598 
599 
600 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
601 				      const struct wpa_eapol_key *key)
602 {
603 	int keylen, rsclen;
604 	enum wpa_alg alg;
605 	const u8 *key_rsc;
606 	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
607 
608 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
609 		"WPA: Installing PTK to the driver");
610 
611 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
612 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
613 			"Suite: NONE - do not use pairwise keys");
614 		return 0;
615 	}
616 
617 	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
618 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
619 			"WPA: Unsupported pairwise cipher %d",
620 			sm->pairwise_cipher);
621 		return -1;
622 	}
623 
624 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
625 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
626 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
627 
628 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
629 		key_rsc = null_rsc;
630 	} else {
631 		key_rsc = key->key_rsc;
632 		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
633 	}
634 
635 	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
636 			   sm->ptk.tk, keylen) < 0) {
637 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
638 			"WPA: Failed to set PTK to the "
639 			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
640 			alg, keylen, MAC2STR(sm->bssid));
641 		return -1;
642 	}
643 
644 	/* TK is not needed anymore in supplicant */
645 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
646 
647 	if (sm->wpa_ptk_rekey) {
648 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
649 		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
650 				       sm, NULL);
651 	}
652 
653 	return 0;
654 }
655 
656 
657 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
658 					     int group_cipher,
659 					     int keylen, int maxkeylen,
660 					     int *key_rsc_len,
661 					     enum wpa_alg *alg)
662 {
663 	int klen;
664 
665 	*alg = wpa_cipher_to_alg(group_cipher);
666 	if (*alg == WPA_ALG_NONE) {
667 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
668 			"WPA: Unsupported Group Cipher %d",
669 			group_cipher);
670 		return -1;
671 	}
672 	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
673 
674 	klen = wpa_cipher_key_len(group_cipher);
675 	if (keylen != klen || maxkeylen < klen) {
676 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
677 			"WPA: Unsupported %s Group Cipher key length %d (%d)",
678 			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
679 		return -1;
680 	}
681 	return 0;
682 }
683 
684 
685 struct wpa_gtk_data {
686 	enum wpa_alg alg;
687 	int tx, key_rsc_len, keyidx;
688 	u8 gtk[32];
689 	int gtk_len;
690 };
691 
692 
693 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
694 				      const struct wpa_gtk_data *gd,
695 				      const u8 *key_rsc)
696 {
697 	const u8 *_gtk = gd->gtk;
698 	u8 gtk_buf[32];
699 
700 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
701 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
702 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
703 		gd->keyidx, gd->tx, gd->gtk_len);
704 	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
705 	if (sm->group_cipher == WPA_CIPHER_TKIP) {
706 		/* Swap Tx/Rx keys for Michael MIC */
707 		os_memcpy(gtk_buf, gd->gtk, 16);
708 		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
709 		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
710 		_gtk = gtk_buf;
711 	}
712 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
713 		if (wpa_sm_set_key(sm, gd->alg, NULL,
714 				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
715 				   _gtk, gd->gtk_len) < 0) {
716 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
717 				"WPA: Failed to set GTK to the driver "
718 				"(Group only)");
719 			os_memset(gtk_buf, 0, sizeof(gtk_buf));
720 			return -1;
721 		}
722 	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
723 				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
724 				  _gtk, gd->gtk_len) < 0) {
725 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
726 			"WPA: Failed to set GTK to "
727 			"the driver (alg=%d keylen=%d keyidx=%d)",
728 			gd->alg, gd->gtk_len, gd->keyidx);
729 		os_memset(gtk_buf, 0, sizeof(gtk_buf));
730 		return -1;
731 	}
732 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
733 
734 	return 0;
735 }
736 
737 
738 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
739 						int tx)
740 {
741 	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
742 		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
743 		 * seemed to set this bit (incorrectly, since Tx is only when
744 		 * doing Group Key only APs) and without this workaround, the
745 		 * data connection does not work because wpa_supplicant
746 		 * configured non-zero keyidx to be used for unicast. */
747 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
748 			"WPA: Tx bit set for GTK, but pairwise "
749 			"keys are used - ignore Tx bit");
750 		return 0;
751 	}
752 	return tx;
753 }
754 
755 
756 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
757 				       const struct wpa_eapol_key *key,
758 				       const u8 *gtk, size_t gtk_len,
759 				       int key_info)
760 {
761 	struct wpa_gtk_data gd;
762 
763 	/*
764 	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
765 	 * GTK KDE format:
766 	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
767 	 * Reserved [bits 0-7]
768 	 * GTK
769 	 */
770 
771 	os_memset(&gd, 0, sizeof(gd));
772 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
773 			gtk, gtk_len);
774 
775 	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
776 		return -1;
777 
778 	gd.keyidx = gtk[0] & 0x3;
779 	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
780 						     !!(gtk[0] & BIT(2)));
781 	gtk += 2;
782 	gtk_len -= 2;
783 
784 	os_memcpy(gd.gtk, gtk, gtk_len);
785 	gd.gtk_len = gtk_len;
786 
787 	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
788 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
789 					       gtk_len, gtk_len,
790 					       &gd.key_rsc_len, &gd.alg) ||
791 	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
792 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
793 			"RSN: Failed to install GTK");
794 		os_memset(&gd, 0, sizeof(gd));
795 		return -1;
796 	}
797 	os_memset(&gd, 0, sizeof(gd));
798 
799 	wpa_supplicant_key_neg_complete(sm, sm->bssid,
800 					key_info & WPA_KEY_INFO_SECURE);
801 	return 0;
802 }
803 
804 
805 static int ieee80211w_set_keys(struct wpa_sm *sm,
806 			       struct wpa_eapol_ie_parse *ie)
807 {
808 #ifdef CONFIG_IEEE80211W
809 	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
810 		return 0;
811 
812 	if (ie->igtk) {
813 		size_t len;
814 		const struct wpa_igtk_kde *igtk;
815 		u16 keyidx;
816 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
817 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
818 			return -1;
819 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
820 		keyidx = WPA_GET_LE16(igtk->keyid);
821 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
822 			"pn %02x%02x%02x%02x%02x%02x",
823 			keyidx, MAC2STR(igtk->pn));
824 		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
825 				igtk->igtk, len);
826 		if (keyidx > 4095) {
827 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
828 				"WPA: Invalid IGTK KeyID %d", keyidx);
829 			return -1;
830 		}
831 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
832 				   broadcast_ether_addr,
833 				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
834 				   igtk->igtk, len) < 0) {
835 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
836 				"WPA: Failed to configure IGTK to the driver");
837 			return -1;
838 		}
839 	}
840 
841 	return 0;
842 #else /* CONFIG_IEEE80211W */
843 	return 0;
844 #endif /* CONFIG_IEEE80211W */
845 }
846 
847 
848 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
849 				   const char *reason, const u8 *src_addr,
850 				   const u8 *wpa_ie, size_t wpa_ie_len,
851 				   const u8 *rsn_ie, size_t rsn_ie_len)
852 {
853 	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
854 		reason, MAC2STR(src_addr));
855 
856 	if (sm->ap_wpa_ie) {
857 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
858 			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
859 	}
860 	if (wpa_ie) {
861 		if (!sm->ap_wpa_ie) {
862 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
863 				"WPA: No WPA IE in Beacon/ProbeResp");
864 		}
865 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
866 			    wpa_ie, wpa_ie_len);
867 	}
868 
869 	if (sm->ap_rsn_ie) {
870 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
871 			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
872 	}
873 	if (rsn_ie) {
874 		if (!sm->ap_rsn_ie) {
875 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
876 				"WPA: No RSN IE in Beacon/ProbeResp");
877 		}
878 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
879 			    rsn_ie, rsn_ie_len);
880 	}
881 
882 	wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
883 }
884 
885 
886 #ifdef CONFIG_IEEE80211R
887 
888 static int ft_validate_mdie(struct wpa_sm *sm,
889 			    const unsigned char *src_addr,
890 			    struct wpa_eapol_ie_parse *ie,
891 			    const u8 *assoc_resp_mdie)
892 {
893 	struct rsn_mdie *mdie;
894 
895 	mdie = (struct rsn_mdie *) (ie->mdie + 2);
896 	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
897 	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
898 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
899 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
900 			"not match with the current mobility domain");
901 		return -1;
902 	}
903 
904 	if (assoc_resp_mdie &&
905 	    (assoc_resp_mdie[1] != ie->mdie[1] ||
906 	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
907 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
908 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
909 			    ie->mdie, 2 + ie->mdie[1]);
910 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
911 			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
912 		return -1;
913 	}
914 
915 	return 0;
916 }
917 
918 
919 static int ft_validate_ftie(struct wpa_sm *sm,
920 			    const unsigned char *src_addr,
921 			    struct wpa_eapol_ie_parse *ie,
922 			    const u8 *assoc_resp_ftie)
923 {
924 	if (ie->ftie == NULL) {
925 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
926 			"FT: No FTIE in EAPOL-Key msg 3/4");
927 		return -1;
928 	}
929 
930 	if (assoc_resp_ftie == NULL)
931 		return 0;
932 
933 	if (assoc_resp_ftie[1] != ie->ftie[1] ||
934 	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
935 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
936 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
937 			    ie->ftie, 2 + ie->ftie[1]);
938 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
939 			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
940 		return -1;
941 	}
942 
943 	return 0;
944 }
945 
946 
947 static int ft_validate_rsnie(struct wpa_sm *sm,
948 			     const unsigned char *src_addr,
949 			     struct wpa_eapol_ie_parse *ie)
950 {
951 	struct wpa_ie_data rsn;
952 
953 	if (!ie->rsn_ie)
954 		return 0;
955 
956 	/*
957 	 * Verify that PMKR1Name from EAPOL-Key message 3/4
958 	 * matches with the value we derived.
959 	 */
960 	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
961 	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
962 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
963 			"FT 4-way handshake message 3/4");
964 		return -1;
965 	}
966 
967 	if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
968 	{
969 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
970 			"FT: PMKR1Name mismatch in "
971 			"FT 4-way handshake message 3/4");
972 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
973 			    rsn.pmkid, WPA_PMK_NAME_LEN);
974 		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
975 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
976 		return -1;
977 	}
978 
979 	return 0;
980 }
981 
982 
983 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
984 					 const unsigned char *src_addr,
985 					 struct wpa_eapol_ie_parse *ie)
986 {
987 	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
988 
989 	if (sm->assoc_resp_ies) {
990 		pos = sm->assoc_resp_ies;
991 		end = pos + sm->assoc_resp_ies_len;
992 		while (pos + 2 < end) {
993 			if (pos + 2 + pos[1] > end)
994 				break;
995 			switch (*pos) {
996 			case WLAN_EID_MOBILITY_DOMAIN:
997 				mdie = pos;
998 				break;
999 			case WLAN_EID_FAST_BSS_TRANSITION:
1000 				ftie = pos;
1001 				break;
1002 			}
1003 			pos += 2 + pos[1];
1004 		}
1005 	}
1006 
1007 	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1008 	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1009 	    ft_validate_rsnie(sm, src_addr, ie) < 0)
1010 		return -1;
1011 
1012 	return 0;
1013 }
1014 
1015 #endif /* CONFIG_IEEE80211R */
1016 
1017 
1018 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1019 				      const unsigned char *src_addr,
1020 				      struct wpa_eapol_ie_parse *ie)
1021 {
1022 	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1023 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1024 			"WPA: No WPA/RSN IE for this AP known. "
1025 			"Trying to get from scan results");
1026 		if (wpa_sm_get_beacon_ie(sm) < 0) {
1027 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1028 				"WPA: Could not find AP from "
1029 				"the scan results");
1030 		} else {
1031 			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1032 				"WPA: Found the current AP from "
1033 				"updated scan results");
1034 		}
1035 	}
1036 
1037 	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1038 	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1039 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1040 				       "with IE in Beacon/ProbeResp (no IE?)",
1041 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1042 				       ie->rsn_ie, ie->rsn_ie_len);
1043 		return -1;
1044 	}
1045 
1046 	if ((ie->wpa_ie && sm->ap_wpa_ie &&
1047 	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1048 	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1049 	    (ie->rsn_ie && sm->ap_rsn_ie &&
1050 	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1051 				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1052 				ie->rsn_ie, ie->rsn_ie_len))) {
1053 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1054 				       "with IE in Beacon/ProbeResp",
1055 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1056 				       ie->rsn_ie, ie->rsn_ie_len);
1057 		return -1;
1058 	}
1059 
1060 	if (sm->proto == WPA_PROTO_WPA &&
1061 	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1062 		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1063 				       "detected - RSN was enabled and RSN IE "
1064 				       "was in msg 3/4, but not in "
1065 				       "Beacon/ProbeResp",
1066 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1067 				       ie->rsn_ie, ie->rsn_ie_len);
1068 		return -1;
1069 	}
1070 
1071 #ifdef CONFIG_IEEE80211R
1072 	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1073 	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1074 		return -1;
1075 #endif /* CONFIG_IEEE80211R */
1076 
1077 	return 0;
1078 }
1079 
1080 
1081 /**
1082  * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1083  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1084  * @dst: Destination address for the frame
1085  * @key: Pointer to the EAPOL-Key frame header
1086  * @ver: Version bits from EAPOL-Key Key Info
1087  * @key_info: Key Info
1088  * @ptk: PTK to use for keyed hash and encryption
1089  * Returns: 0 on success, -1 on failure
1090  */
1091 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1092 			       const struct wpa_eapol_key *key,
1093 			       u16 ver, u16 key_info,
1094 			       struct wpa_ptk *ptk)
1095 {
1096 	size_t mic_len, hdrlen, rlen;
1097 	struct wpa_eapol_key *reply;
1098 	struct wpa_eapol_key_192 *reply192;
1099 	u8 *rbuf, *key_mic;
1100 
1101 	mic_len = wpa_mic_len(sm->key_mgmt);
1102 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1103 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1104 				  hdrlen, &rlen, (void *) &reply);
1105 	if (rbuf == NULL)
1106 		return -1;
1107 	reply192 = (struct wpa_eapol_key_192 *) reply;
1108 
1109 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1110 		       sm->proto == WPA_PROTO_OSEN) ?
1111 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1112 	key_info &= WPA_KEY_INFO_SECURE;
1113 	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1114 	WPA_PUT_BE16(reply->key_info, key_info);
1115 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1116 		WPA_PUT_BE16(reply->key_length, 0);
1117 	else
1118 		os_memcpy(reply->key_length, key->key_length, 2);
1119 	os_memcpy(reply->replay_counter, key->replay_counter,
1120 		  WPA_REPLAY_COUNTER_LEN);
1121 
1122 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1123 	if (mic_len == 24)
1124 		WPA_PUT_BE16(reply192->key_data_length, 0);
1125 	else
1126 		WPA_PUT_BE16(reply->key_data_length, 0);
1127 
1128 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1129 	wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
1130 			   rbuf, rlen, key_mic);
1131 
1132 	return 0;
1133 }
1134 
1135 
1136 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1137 					  const struct wpa_eapol_key *key,
1138 					  u16 ver, const u8 *key_data,
1139 					  size_t key_data_len)
1140 {
1141 	u16 key_info, keylen;
1142 	struct wpa_eapol_ie_parse ie;
1143 
1144 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1145 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1146 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1147 
1148 	key_info = WPA_GET_BE16(key->key_info);
1149 
1150 	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1151 	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1152 		goto failed;
1153 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1154 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1155 			"WPA: GTK IE in unencrypted key data");
1156 		goto failed;
1157 	}
1158 #ifdef CONFIG_IEEE80211W
1159 	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1160 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1161 			"WPA: IGTK KDE in unencrypted key data");
1162 		goto failed;
1163 	}
1164 
1165 	if (ie.igtk &&
1166 	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1167 	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1168 	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1169 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1170 			"WPA: Invalid IGTK KDE length %lu",
1171 			(unsigned long) ie.igtk_len);
1172 		goto failed;
1173 	}
1174 #endif /* CONFIG_IEEE80211W */
1175 
1176 	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1177 		goto failed;
1178 
1179 	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1180 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1181 			"WPA: ANonce from message 1 of 4-Way Handshake "
1182 			"differs from 3 of 4-Way Handshake - drop packet (src="
1183 			MACSTR ")", MAC2STR(sm->bssid));
1184 		goto failed;
1185 	}
1186 
1187 	keylen = WPA_GET_BE16(key->key_length);
1188 	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1189 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1190 			"WPA: Invalid %s key length %d (src=" MACSTR
1191 			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1192 			MAC2STR(sm->bssid));
1193 		goto failed;
1194 	}
1195 
1196 #ifdef CONFIG_P2P
1197 	if (ie.ip_addr_alloc) {
1198 		os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1199 		wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1200 			    sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1201 	}
1202 #endif /* CONFIG_P2P */
1203 
1204 	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1205 				       &sm->ptk)) {
1206 		goto failed;
1207 	}
1208 
1209 	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
1210 	 * for the next 4-Way Handshake. If msg 3 is received again, the old
1211 	 * SNonce will still be used to avoid changing PTK. */
1212 	sm->renew_snonce = 1;
1213 
1214 	if (key_info & WPA_KEY_INFO_INSTALL) {
1215 		if (wpa_supplicant_install_ptk(sm, key))
1216 			goto failed;
1217 	}
1218 
1219 	if (key_info & WPA_KEY_INFO_SECURE) {
1220 		wpa_sm_mlme_setprotection(
1221 			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1222 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1223 		eapol_sm_notify_portValid(sm->eapol, TRUE);
1224 	}
1225 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1226 
1227 	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1228 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1229 						key_info & WPA_KEY_INFO_SECURE);
1230 	} else if (ie.gtk &&
1231 	    wpa_supplicant_pairwise_gtk(sm, key,
1232 					ie.gtk, ie.gtk_len, key_info) < 0) {
1233 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1234 			"RSN: Failed to configure GTK");
1235 		goto failed;
1236 	}
1237 
1238 	if (ieee80211w_set_keys(sm, &ie) < 0) {
1239 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1240 			"RSN: Failed to configure IGTK");
1241 		goto failed;
1242 	}
1243 
1244 	if (ie.gtk)
1245 		wpa_sm_set_rekey_offload(sm);
1246 
1247 	if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1248 		struct rsn_pmksa_cache_entry *sa;
1249 
1250 		sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
1251 				     sm->ptk.kck, sm->ptk.kck_len,
1252 				     sm->bssid, sm->own_addr,
1253 				     sm->network_ctx, sm->key_mgmt);
1254 		if (!sm->cur_pmksa)
1255 			sm->cur_pmksa = sa;
1256 	}
1257 
1258 	sm->msg_3_of_4_ok = 1;
1259 	return;
1260 
1261 failed:
1262 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1263 }
1264 
1265 
1266 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1267 					     const u8 *keydata,
1268 					     size_t keydatalen,
1269 					     u16 key_info,
1270 					     struct wpa_gtk_data *gd)
1271 {
1272 	int maxkeylen;
1273 	struct wpa_eapol_ie_parse ie;
1274 
1275 	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1276 	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1277 		return -1;
1278 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1279 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1280 			"WPA: GTK IE in unencrypted key data");
1281 		return -1;
1282 	}
1283 	if (ie.gtk == NULL) {
1284 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1285 			"WPA: No GTK IE in Group Key msg 1/2");
1286 		return -1;
1287 	}
1288 	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1289 
1290 	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1291 					      gd->gtk_len, maxkeylen,
1292 					      &gd->key_rsc_len, &gd->alg))
1293 		return -1;
1294 
1295 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1296 			ie.gtk, ie.gtk_len);
1297 	gd->keyidx = ie.gtk[0] & 0x3;
1298 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1299 						      !!(ie.gtk[0] & BIT(2)));
1300 	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1301 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1302 			"RSN: Too long GTK in GTK IE (len=%lu)",
1303 			(unsigned long) ie.gtk_len - 2);
1304 		return -1;
1305 	}
1306 	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1307 
1308 	if (ieee80211w_set_keys(sm, &ie) < 0)
1309 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1310 			"RSN: Failed to configure IGTK");
1311 
1312 	return 0;
1313 }
1314 
1315 
1316 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1317 					     const struct wpa_eapol_key *key,
1318 					     const u8 *key_data,
1319 					     size_t key_data_len, u16 key_info,
1320 					     u16 ver, struct wpa_gtk_data *gd)
1321 {
1322 	size_t maxkeylen;
1323 	u16 gtk_len;
1324 
1325 	gtk_len = WPA_GET_BE16(key->key_length);
1326 	maxkeylen = key_data_len;
1327 	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1328 		if (maxkeylen < 8) {
1329 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1330 				"WPA: Too short maxkeylen (%lu)",
1331 				(unsigned long) maxkeylen);
1332 			return -1;
1333 		}
1334 		maxkeylen -= 8;
1335 	}
1336 
1337 	if (gtk_len > maxkeylen ||
1338 	    wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1339 					      gtk_len, maxkeylen,
1340 					      &gd->key_rsc_len, &gd->alg))
1341 		return -1;
1342 
1343 	gd->gtk_len = gtk_len;
1344 	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1345 		WPA_KEY_INFO_KEY_INDEX_SHIFT;
1346 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1347 #ifdef CONFIG_NO_RC4
1348 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1349 			"WPA: RC4 not supported in the build");
1350 		return -1;
1351 #else /* CONFIG_NO_RC4 */
1352 		u8 ek[32];
1353 		if (key_data_len > sizeof(gd->gtk)) {
1354 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1355 				"WPA: RC4 key data too long (%lu)",
1356 				(unsigned long) key_data_len);
1357 			return -1;
1358 		}
1359 		os_memcpy(ek, key->key_iv, 16);
1360 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1361 		os_memcpy(gd->gtk, key_data, key_data_len);
1362 		if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1363 			os_memset(ek, 0, sizeof(ek));
1364 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1365 				"WPA: RC4 failed");
1366 			return -1;
1367 		}
1368 		os_memset(ek, 0, sizeof(ek));
1369 #endif /* CONFIG_NO_RC4 */
1370 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1371 		if (maxkeylen % 8) {
1372 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1373 				"WPA: Unsupported AES-WRAP len %lu",
1374 				(unsigned long) maxkeylen);
1375 			return -1;
1376 		}
1377 		if (maxkeylen > sizeof(gd->gtk)) {
1378 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1379 				"WPA: AES-WRAP key data "
1380 				"too long (keydatalen=%lu maxkeylen=%lu)",
1381 				(unsigned long) key_data_len,
1382 				(unsigned long) maxkeylen);
1383 			return -1;
1384 		}
1385 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1386 			       key_data, gd->gtk)) {
1387 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1388 				"WPA: AES unwrap failed - could not decrypt "
1389 				"GTK");
1390 			return -1;
1391 		}
1392 	} else {
1393 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1394 			"WPA: Unsupported key_info type %d", ver);
1395 		return -1;
1396 	}
1397 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1398 		sm, !!(key_info & WPA_KEY_INFO_TXRX));
1399 	return 0;
1400 }
1401 
1402 
1403 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1404 				      const struct wpa_eapol_key *key,
1405 				      int ver, u16 key_info)
1406 {
1407 	size_t mic_len, hdrlen, rlen;
1408 	struct wpa_eapol_key *reply;
1409 	struct wpa_eapol_key_192 *reply192;
1410 	u8 *rbuf, *key_mic;
1411 
1412 	mic_len = wpa_mic_len(sm->key_mgmt);
1413 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1414 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1415 				  hdrlen, &rlen, (void *) &reply);
1416 	if (rbuf == NULL)
1417 		return -1;
1418 	reply192 = (struct wpa_eapol_key_192 *) reply;
1419 
1420 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1421 		       sm->proto == WPA_PROTO_OSEN) ?
1422 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1423 	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1424 	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1425 	WPA_PUT_BE16(reply->key_info, key_info);
1426 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1427 		WPA_PUT_BE16(reply->key_length, 0);
1428 	else
1429 		os_memcpy(reply->key_length, key->key_length, 2);
1430 	os_memcpy(reply->replay_counter, key->replay_counter,
1431 		  WPA_REPLAY_COUNTER_LEN);
1432 
1433 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1434 	if (mic_len == 24)
1435 		WPA_PUT_BE16(reply192->key_data_length, 0);
1436 	else
1437 		WPA_PUT_BE16(reply->key_data_length, 0);
1438 
1439 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1440 	wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
1441 			   ETH_P_EAPOL, rbuf, rlen, key_mic);
1442 
1443 	return 0;
1444 }
1445 
1446 
1447 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1448 					  const unsigned char *src_addr,
1449 					  const struct wpa_eapol_key *key,
1450 					  const u8 *key_data,
1451 					  size_t key_data_len, u16 ver)
1452 {
1453 	u16 key_info;
1454 	int rekey, ret;
1455 	struct wpa_gtk_data gd;
1456 
1457 	if (!sm->msg_3_of_4_ok) {
1458 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1459 			"WPA: Group Key Handshake started prior to completion of 4-way handshake");
1460 		goto failed;
1461 	}
1462 
1463 	os_memset(&gd, 0, sizeof(gd));
1464 
1465 	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1466 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1467 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1468 
1469 	key_info = WPA_GET_BE16(key->key_info);
1470 
1471 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1472 		ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1473 							key_data_len, key_info,
1474 							&gd);
1475 	} else {
1476 		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1477 							key_data_len,
1478 							key_info, ver, &gd);
1479 	}
1480 
1481 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1482 
1483 	if (ret)
1484 		goto failed;
1485 
1486 	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1487 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1488 		goto failed;
1489 	os_memset(&gd, 0, sizeof(gd));
1490 
1491 	if (rekey) {
1492 		wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying "
1493 			"completed with " MACSTR " [GTK=%s]",
1494 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1495 		wpa_sm_cancel_auth_timeout(sm);
1496 		wpa_sm_set_state(sm, WPA_COMPLETED);
1497 	} else {
1498 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1499 						key_info &
1500 						WPA_KEY_INFO_SECURE);
1501 	}
1502 
1503 	wpa_sm_set_rekey_offload(sm);
1504 
1505 	return;
1506 
1507 failed:
1508 	os_memset(&gd, 0, sizeof(gd));
1509 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1510 }
1511 
1512 
1513 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1514 					       struct wpa_eapol_key_192 *key,
1515 					       u16 ver,
1516 					       const u8 *buf, size_t len)
1517 {
1518 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1519 	int ok = 0;
1520 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
1521 
1522 	os_memcpy(mic, key->key_mic, mic_len);
1523 	if (sm->tptk_set) {
1524 		os_memset(key->key_mic, 0, mic_len);
1525 		wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1526 				  ver, buf, len, key->key_mic);
1527 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1528 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1529 				"WPA: Invalid EAPOL-Key MIC "
1530 				"when using TPTK - ignoring TPTK");
1531 		} else {
1532 			ok = 1;
1533 			sm->tptk_set = 0;
1534 			sm->ptk_set = 1;
1535 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1536 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1537 		}
1538 	}
1539 
1540 	if (!ok && sm->ptk_set) {
1541 		os_memset(key->key_mic, 0, mic_len);
1542 		wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1543 				  ver, buf, len, key->key_mic);
1544 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1545 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1546 				"WPA: Invalid EAPOL-Key MIC - "
1547 				"dropping packet");
1548 			return -1;
1549 		}
1550 		ok = 1;
1551 	}
1552 
1553 	if (!ok) {
1554 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1555 			"WPA: Could not verify EAPOL-Key MIC - "
1556 			"dropping packet");
1557 		return -1;
1558 	}
1559 
1560 	os_memcpy(sm->rx_replay_counter, key->replay_counter,
1561 		  WPA_REPLAY_COUNTER_LEN);
1562 	sm->rx_replay_counter_set = 1;
1563 	return 0;
1564 }
1565 
1566 
1567 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1568 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1569 					   struct wpa_eapol_key *key, u16 ver,
1570 					   u8 *key_data, size_t *key_data_len)
1571 {
1572 	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1573 		    key_data, *key_data_len);
1574 	if (!sm->ptk_set) {
1575 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1576 			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1577 			"Data");
1578 		return -1;
1579 	}
1580 
1581 	/* Decrypt key data here so that this operation does not need
1582 	 * to be implemented separately for each message type. */
1583 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1584 #ifdef CONFIG_NO_RC4
1585 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1586 			"WPA: RC4 not supported in the build");
1587 		return -1;
1588 #else /* CONFIG_NO_RC4 */
1589 		u8 ek[32];
1590 		os_memcpy(ek, key->key_iv, 16);
1591 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1592 		if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1593 			os_memset(ek, 0, sizeof(ek));
1594 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1595 				"WPA: RC4 failed");
1596 			return -1;
1597 		}
1598 		os_memset(ek, 0, sizeof(ek));
1599 #endif /* CONFIG_NO_RC4 */
1600 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1601 		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1602 		   sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1603 		   wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1604 		u8 *buf;
1605 		if (*key_data_len < 8 || *key_data_len % 8) {
1606 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1607 				"WPA: Unsupported AES-WRAP len %u",
1608 				(unsigned int) *key_data_len);
1609 			return -1;
1610 		}
1611 		*key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1612 		buf = os_malloc(*key_data_len);
1613 		if (buf == NULL) {
1614 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1615 				"WPA: No memory for AES-UNWRAP buffer");
1616 			return -1;
1617 		}
1618 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1619 			       key_data, buf)) {
1620 			os_free(buf);
1621 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1622 				"WPA: AES unwrap failed - "
1623 				"could not decrypt EAPOL-Key key data");
1624 			return -1;
1625 		}
1626 		os_memcpy(key_data, buf, *key_data_len);
1627 		os_free(buf);
1628 		WPA_PUT_BE16(key->key_data_length, *key_data_len);
1629 	} else {
1630 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1631 			"WPA: Unsupported key_info type %d", ver);
1632 		return -1;
1633 	}
1634 	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1635 			key_data, *key_data_len);
1636 	return 0;
1637 }
1638 
1639 
1640 /**
1641  * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1642  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1643  */
1644 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1645 {
1646 	if (sm && sm->cur_pmksa) {
1647 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1648 			"RSN: Cancelling PMKSA caching attempt");
1649 		sm->cur_pmksa = NULL;
1650 	}
1651 }
1652 
1653 
1654 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1655 			       const struct wpa_eapol_key *key,
1656 			       unsigned int key_data_len,
1657 			       const u8 *mic, unsigned int mic_len)
1658 {
1659 #ifndef CONFIG_NO_STDOUT_DEBUG
1660 	u16 key_info = WPA_GET_BE16(key->key_info);
1661 
1662 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1663 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1664 		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1665 		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1666 		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1667 		WPA_KEY_INFO_KEY_INDEX_SHIFT,
1668 		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1669 		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1670 		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1671 		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1672 		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1673 		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1674 		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1675 		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1676 		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1677 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1678 		"  key_length=%u key_data_length=%u",
1679 		WPA_GET_BE16(key->key_length), key_data_len);
1680 	wpa_hexdump(MSG_DEBUG, "  replay_counter",
1681 		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1682 	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1683 	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1684 	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1685 	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1686 	wpa_hexdump(MSG_DEBUG, "  key_mic", mic, mic_len);
1687 #endif /* CONFIG_NO_STDOUT_DEBUG */
1688 }
1689 
1690 
1691 /**
1692  * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1693  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1694  * @src_addr: Source MAC address of the EAPOL packet
1695  * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1696  * @len: Length of the EAPOL frame
1697  * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1698  *
1699  * This function is called for each received EAPOL frame. Other than EAPOL-Key
1700  * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1701  * only processing WPA and WPA2 EAPOL-Key frames.
1702  *
1703  * The received EAPOL-Key packets are validated and valid packets are replied
1704  * to. In addition, key material (PTK, GTK) is configured at the end of a
1705  * successful key handshake.
1706  */
1707 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1708 		    const u8 *buf, size_t len)
1709 {
1710 	size_t plen, data_len, key_data_len;
1711 	const struct ieee802_1x_hdr *hdr;
1712 	struct wpa_eapol_key *key;
1713 	struct wpa_eapol_key_192 *key192;
1714 	u16 key_info, ver;
1715 	u8 *tmp = NULL;
1716 	int ret = -1;
1717 	struct wpa_peerkey *peerkey = NULL;
1718 	u8 *key_data;
1719 	size_t mic_len, keyhdrlen;
1720 
1721 #ifdef CONFIG_IEEE80211R
1722 	sm->ft_completed = 0;
1723 #endif /* CONFIG_IEEE80211R */
1724 
1725 	mic_len = wpa_mic_len(sm->key_mgmt);
1726 	keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1727 
1728 	if (len < sizeof(*hdr) + keyhdrlen) {
1729 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1730 			"WPA: EAPOL frame too short to be a WPA "
1731 			"EAPOL-Key (len %lu, expecting at least %lu)",
1732 			(unsigned long) len,
1733 			(unsigned long) sizeof(*hdr) + keyhdrlen);
1734 		return 0;
1735 	}
1736 
1737 	hdr = (const struct ieee802_1x_hdr *) buf;
1738 	plen = be_to_host16(hdr->length);
1739 	data_len = plen + sizeof(*hdr);
1740 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1741 		"IEEE 802.1X RX: version=%d type=%d length=%lu",
1742 		hdr->version, hdr->type, (unsigned long) plen);
1743 
1744 	if (hdr->version < EAPOL_VERSION) {
1745 		/* TODO: backwards compatibility */
1746 	}
1747 	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1748 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1749 			"WPA: EAPOL frame (type %u) discarded, "
1750 			"not a Key frame", hdr->type);
1751 		ret = 0;
1752 		goto out;
1753 	}
1754 	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1755 	if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1756 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1757 			"WPA: EAPOL frame payload size %lu "
1758 			"invalid (frame size %lu)",
1759 			(unsigned long) plen, (unsigned long) len);
1760 		ret = 0;
1761 		goto out;
1762 	}
1763 	if (data_len < len) {
1764 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1765 			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
1766 			(unsigned long) len - data_len);
1767 	}
1768 
1769 	/*
1770 	 * Make a copy of the frame since we need to modify the buffer during
1771 	 * MAC validation and Key Data decryption.
1772 	 */
1773 	tmp = os_malloc(data_len);
1774 	if (tmp == NULL)
1775 		goto out;
1776 	os_memcpy(tmp, buf, data_len);
1777 	key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1778 	key192 = (struct wpa_eapol_key_192 *)
1779 		(tmp + sizeof(struct ieee802_1x_hdr));
1780 	if (mic_len == 24)
1781 		key_data = (u8 *) (key192 + 1);
1782 	else
1783 		key_data = (u8 *) (key + 1);
1784 
1785 	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1786 	{
1787 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1788 			"WPA: EAPOL-Key type (%d) unknown, discarded",
1789 			key->type);
1790 		ret = 0;
1791 		goto out;
1792 	}
1793 
1794 	if (mic_len == 24)
1795 		key_data_len = WPA_GET_BE16(key192->key_data_length);
1796 	else
1797 		key_data_len = WPA_GET_BE16(key->key_data_length);
1798 	wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1799 
1800 	if (key_data_len > plen - keyhdrlen) {
1801 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1802 			"frame - key_data overflow (%u > %u)",
1803 			(unsigned int) key_data_len,
1804 			(unsigned int) (plen - keyhdrlen));
1805 		goto out;
1806 	}
1807 
1808 	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1809 	key_info = WPA_GET_BE16(key->key_info);
1810 	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1811 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1812 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1813 	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1814 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1815 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1816 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1817 	    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1818 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1819 			"WPA: Unsupported EAPOL-Key descriptor version %d",
1820 			ver);
1821 		goto out;
1822 	}
1823 
1824 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1825 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1826 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1827 			"OSEN: Unsupported EAPOL-Key descriptor version %d",
1828 			ver);
1829 		goto out;
1830 	}
1831 
1832 	if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1833 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1834 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1835 			"RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1836 			ver);
1837 		goto out;
1838 	}
1839 
1840 #ifdef CONFIG_IEEE80211R
1841 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1842 		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1843 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1844 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1845 				"FT: AP did not use AES-128-CMAC");
1846 			goto out;
1847 		}
1848 	} else
1849 #endif /* CONFIG_IEEE80211R */
1850 #ifdef CONFIG_IEEE80211W
1851 	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1852 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1853 		    sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1854 		    !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1855 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1856 				"WPA: AP did not use the "
1857 				"negotiated AES-128-CMAC");
1858 			goto out;
1859 		}
1860 	} else
1861 #endif /* CONFIG_IEEE80211W */
1862 	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1863 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1864 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1865 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1866 			"WPA: CCMP is used, but EAPOL-Key "
1867 			"descriptor version (%d) is not 2", ver);
1868 		if (sm->group_cipher != WPA_CIPHER_CCMP &&
1869 		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1870 			/* Earlier versions of IEEE 802.11i did not explicitly
1871 			 * require version 2 descriptor for all EAPOL-Key
1872 			 * packets, so allow group keys to use version 1 if
1873 			 * CCMP is not used for them. */
1874 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1875 				"WPA: Backwards compatibility: allow invalid "
1876 				"version for non-CCMP group keys");
1877 		} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1878 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1879 				"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1880 		} else
1881 			goto out;
1882 	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1883 		   !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1884 		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1885 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1886 			"WPA: GCMP is used, but EAPOL-Key "
1887 			"descriptor version (%d) is not 2", ver);
1888 		goto out;
1889 	}
1890 
1891 #ifdef CONFIG_PEERKEY
1892 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1893 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1894 			break;
1895 	}
1896 
1897 	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1898 		if (!peerkey->initiator && peerkey->replay_counter_set &&
1899 		    os_memcmp(key->replay_counter, peerkey->replay_counter,
1900 			      WPA_REPLAY_COUNTER_LEN) <= 0) {
1901 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1902 				"RSN: EAPOL-Key Replay Counter did not "
1903 				"increase (STK) - dropping packet");
1904 			goto out;
1905 		} else if (peerkey->initiator) {
1906 			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1907 			os_memcpy(_tmp, key->replay_counter,
1908 				  WPA_REPLAY_COUNTER_LEN);
1909 			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1910 			if (os_memcmp(_tmp, peerkey->replay_counter,
1911 				      WPA_REPLAY_COUNTER_LEN) != 0) {
1912 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1913 					"RSN: EAPOL-Key Replay "
1914 					"Counter did not match (STK) - "
1915 					"dropping packet");
1916 				goto out;
1917 			}
1918 		}
1919 	}
1920 
1921 	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1922 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1923 			"RSN: Ack bit in key_info from STK peer");
1924 		goto out;
1925 	}
1926 #endif /* CONFIG_PEERKEY */
1927 
1928 	if (!peerkey && sm->rx_replay_counter_set &&
1929 	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
1930 		      WPA_REPLAY_COUNTER_LEN) <= 0) {
1931 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1932 			"WPA: EAPOL-Key Replay Counter did not increase - "
1933 			"dropping packet");
1934 		goto out;
1935 	}
1936 
1937 	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1938 #ifdef CONFIG_PEERKEY
1939 	    && (peerkey == NULL || !peerkey->initiator)
1940 #endif /* CONFIG_PEERKEY */
1941 		) {
1942 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1943 			"WPA: No Ack bit in key_info");
1944 		goto out;
1945 	}
1946 
1947 	if (key_info & WPA_KEY_INFO_REQUEST) {
1948 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1949 			"WPA: EAPOL-Key with Request bit - dropped");
1950 		goto out;
1951 	}
1952 
1953 	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1954 	    wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
1955 		goto out;
1956 
1957 #ifdef CONFIG_PEERKEY
1958 	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1959 	    peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
1960 					 data_len))
1961 		goto out;
1962 #endif /* CONFIG_PEERKEY */
1963 
1964 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
1965 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1966 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
1967 						    &key_data_len))
1968 			goto out;
1969 	}
1970 
1971 	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1972 		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1973 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1974 				"WPA: Ignored EAPOL-Key (Pairwise) with "
1975 				"non-zero key index");
1976 			goto out;
1977 		}
1978 		if (peerkey) {
1979 			/* PeerKey 4-Way Handshake */
1980 			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
1981 					      key_data, key_data_len);
1982 		} else if (key_info & WPA_KEY_INFO_MIC) {
1983 			/* 3/4 4-Way Handshake */
1984 			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
1985 						      key_data_len);
1986 		} else {
1987 			/* 1/4 4-Way Handshake */
1988 			wpa_supplicant_process_1_of_4(sm, src_addr, key,
1989 						      ver, key_data,
1990 						      key_data_len);
1991 		}
1992 	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1993 		/* PeerKey SMK Handshake */
1994 		peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
1995 				     ver);
1996 	} else {
1997 		if (key_info & WPA_KEY_INFO_MIC) {
1998 			/* 1/2 Group Key Handshake */
1999 			wpa_supplicant_process_1_of_2(sm, src_addr, key,
2000 						      key_data, key_data_len,
2001 						      ver);
2002 		} else {
2003 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2004 				"WPA: EAPOL-Key (Group) without Mic bit - "
2005 				"dropped");
2006 		}
2007 	}
2008 
2009 	ret = 1;
2010 
2011 out:
2012 	bin_clear_free(tmp, data_len);
2013 	return ret;
2014 }
2015 
2016 
2017 #ifdef CONFIG_CTRL_IFACE
2018 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2019 {
2020 	switch (sm->key_mgmt) {
2021 	case WPA_KEY_MGMT_IEEE8021X:
2022 		return ((sm->proto == WPA_PROTO_RSN ||
2023 			 sm->proto == WPA_PROTO_OSEN) ?
2024 			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2025 			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2026 	case WPA_KEY_MGMT_PSK:
2027 		return (sm->proto == WPA_PROTO_RSN ?
2028 			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2029 			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2030 #ifdef CONFIG_IEEE80211R
2031 	case WPA_KEY_MGMT_FT_IEEE8021X:
2032 		return RSN_AUTH_KEY_MGMT_FT_802_1X;
2033 	case WPA_KEY_MGMT_FT_PSK:
2034 		return RSN_AUTH_KEY_MGMT_FT_PSK;
2035 #endif /* CONFIG_IEEE80211R */
2036 #ifdef CONFIG_IEEE80211W
2037 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
2038 		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2039 	case WPA_KEY_MGMT_PSK_SHA256:
2040 		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2041 #endif /* CONFIG_IEEE80211W */
2042 	case WPA_KEY_MGMT_CCKM:
2043 		return (sm->proto == WPA_PROTO_RSN ?
2044 			RSN_AUTH_KEY_MGMT_CCKM:
2045 			WPA_AUTH_KEY_MGMT_CCKM);
2046 	case WPA_KEY_MGMT_WPA_NONE:
2047 		return WPA_AUTH_KEY_MGMT_NONE;
2048 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2049 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2050 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2051 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2052 	default:
2053 		return 0;
2054 	}
2055 }
2056 
2057 
2058 #define RSN_SUITE "%02x-%02x-%02x-%d"
2059 #define RSN_SUITE_ARG(s) \
2060 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2061 
2062 /**
2063  * wpa_sm_get_mib - Dump text list of MIB entries
2064  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2065  * @buf: Buffer for the list
2066  * @buflen: Length of the buffer
2067  * Returns: Number of bytes written to buffer
2068  *
2069  * This function is used fetch dot11 MIB variables.
2070  */
2071 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2072 {
2073 	char pmkid_txt[PMKID_LEN * 2 + 1];
2074 	int rsna, ret;
2075 	size_t len;
2076 
2077 	if (sm->cur_pmksa) {
2078 		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2079 				 sm->cur_pmksa->pmkid, PMKID_LEN);
2080 	} else
2081 		pmkid_txt[0] = '\0';
2082 
2083 	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2084 	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2085 	    sm->proto == WPA_PROTO_RSN)
2086 		rsna = 1;
2087 	else
2088 		rsna = 0;
2089 
2090 	ret = os_snprintf(buf, buflen,
2091 			  "dot11RSNAOptionImplemented=TRUE\n"
2092 			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
2093 			  "dot11RSNAEnabled=%s\n"
2094 			  "dot11RSNAPreauthenticationEnabled=%s\n"
2095 			  "dot11RSNAConfigVersion=%d\n"
2096 			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
2097 			  "dot11RSNAConfigGroupCipherSize=%d\n"
2098 			  "dot11RSNAConfigPMKLifetime=%d\n"
2099 			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
2100 			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2101 			  "dot11RSNAConfigSATimeout=%d\n",
2102 			  rsna ? "TRUE" : "FALSE",
2103 			  rsna ? "TRUE" : "FALSE",
2104 			  RSN_VERSION,
2105 			  wpa_cipher_key_len(sm->group_cipher) * 8,
2106 			  sm->dot11RSNAConfigPMKLifetime,
2107 			  sm->dot11RSNAConfigPMKReauthThreshold,
2108 			  sm->dot11RSNAConfigSATimeout);
2109 	if (os_snprintf_error(buflen, ret))
2110 		return 0;
2111 	len = ret;
2112 
2113 	ret = os_snprintf(
2114 		buf + len, buflen - len,
2115 		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2116 		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2117 		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2118 		"dot11RSNAPMKIDUsed=%s\n"
2119 		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2120 		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2121 		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2122 		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2123 		"dot11RSNA4WayHandshakeFailures=%u\n",
2124 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2125 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2126 						  sm->pairwise_cipher)),
2127 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2128 						  sm->group_cipher)),
2129 		pmkid_txt,
2130 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2131 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2132 						  sm->pairwise_cipher)),
2133 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2134 						  sm->group_cipher)),
2135 		sm->dot11RSNA4WayHandshakeFailures);
2136 	if (!os_snprintf_error(buflen - len, ret))
2137 		len += ret;
2138 
2139 	return (int) len;
2140 }
2141 #endif /* CONFIG_CTRL_IFACE */
2142 
2143 
2144 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2145 				 void *ctx, enum pmksa_free_reason reason)
2146 {
2147 	struct wpa_sm *sm = ctx;
2148 	int deauth = 0;
2149 
2150 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2151 		MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2152 
2153 	if (sm->cur_pmksa == entry) {
2154 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2155 			"RSN: %s current PMKSA entry",
2156 			reason == PMKSA_REPLACE ? "replaced" : "removed");
2157 		pmksa_cache_clear_current(sm);
2158 
2159 		/*
2160 		 * If an entry is simply being replaced, there's no need to
2161 		 * deauthenticate because it will be immediately re-added.
2162 		 * This happens when EAP authentication is completed again
2163 		 * (reauth or failed PMKSA caching attempt).
2164 		 */
2165 		if (reason != PMKSA_REPLACE)
2166 			deauth = 1;
2167 	}
2168 
2169 	if (reason == PMKSA_EXPIRE &&
2170 	    (sm->pmk_len == entry->pmk_len &&
2171 	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2172 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2173 			"RSN: deauthenticating due to expired PMK");
2174 		pmksa_cache_clear_current(sm);
2175 		deauth = 1;
2176 	}
2177 
2178 	if (deauth) {
2179 		os_memset(sm->pmk, 0, sizeof(sm->pmk));
2180 		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2181 	}
2182 }
2183 
2184 
2185 /**
2186  * wpa_sm_init - Initialize WPA state machine
2187  * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2188  * Returns: Pointer to the allocated WPA state machine data
2189  *
2190  * This function is used to allocate a new WPA state machine and the returned
2191  * value is passed to all WPA state machine calls.
2192  */
2193 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2194 {
2195 	struct wpa_sm *sm;
2196 
2197 	sm = os_zalloc(sizeof(*sm));
2198 	if (sm == NULL)
2199 		return NULL;
2200 	dl_list_init(&sm->pmksa_candidates);
2201 	sm->renew_snonce = 1;
2202 	sm->ctx = ctx;
2203 
2204 	sm->dot11RSNAConfigPMKLifetime = 43200;
2205 	sm->dot11RSNAConfigPMKReauthThreshold = 70;
2206 	sm->dot11RSNAConfigSATimeout = 60;
2207 
2208 	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2209 	if (sm->pmksa == NULL) {
2210 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2211 			"RSN: PMKSA cache initialization failed");
2212 		os_free(sm);
2213 		return NULL;
2214 	}
2215 
2216 	return sm;
2217 }
2218 
2219 
2220 /**
2221  * wpa_sm_deinit - Deinitialize WPA state machine
2222  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2223  */
2224 void wpa_sm_deinit(struct wpa_sm *sm)
2225 {
2226 	if (sm == NULL)
2227 		return;
2228 	pmksa_cache_deinit(sm->pmksa);
2229 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2230 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2231 	os_free(sm->assoc_wpa_ie);
2232 	os_free(sm->ap_wpa_ie);
2233 	os_free(sm->ap_rsn_ie);
2234 	wpa_sm_drop_sa(sm);
2235 	os_free(sm->ctx);
2236 	peerkey_deinit(sm);
2237 #ifdef CONFIG_IEEE80211R
2238 	os_free(sm->assoc_resp_ies);
2239 #endif /* CONFIG_IEEE80211R */
2240 	os_free(sm);
2241 }
2242 
2243 
2244 /**
2245  * wpa_sm_notify_assoc - Notify WPA state machine about association
2246  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2247  * @bssid: The BSSID of the new association
2248  *
2249  * This function is called to let WPA state machine know that the connection
2250  * was established.
2251  */
2252 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2253 {
2254 	int clear_ptk = 1;
2255 
2256 	if (sm == NULL)
2257 		return;
2258 
2259 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2260 		"WPA: Association event - clear replay counter");
2261 	os_memcpy(sm->bssid, bssid, ETH_ALEN);
2262 	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2263 	sm->rx_replay_counter_set = 0;
2264 	sm->renew_snonce = 1;
2265 	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2266 		rsn_preauth_deinit(sm);
2267 
2268 #ifdef CONFIG_IEEE80211R
2269 	if (wpa_ft_is_completed(sm)) {
2270 		/*
2271 		 * Clear portValid to kick EAPOL state machine to re-enter
2272 		 * AUTHENTICATED state to get the EAPOL port Authorized.
2273 		 */
2274 		eapol_sm_notify_portValid(sm->eapol, FALSE);
2275 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2276 
2277 		/* Prepare for the next transition */
2278 		wpa_ft_prepare_auth_request(sm, NULL);
2279 
2280 		clear_ptk = 0;
2281 	}
2282 #endif /* CONFIG_IEEE80211R */
2283 
2284 	if (clear_ptk) {
2285 		/*
2286 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2287 		 * this is not part of a Fast BSS Transition.
2288 		 */
2289 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2290 		sm->ptk_set = 0;
2291 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2292 		sm->tptk_set = 0;
2293 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2294 	}
2295 
2296 #ifdef CONFIG_TDLS
2297 	wpa_tdls_assoc(sm);
2298 #endif /* CONFIG_TDLS */
2299 
2300 #ifdef CONFIG_P2P
2301 	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2302 #endif /* CONFIG_P2P */
2303 }
2304 
2305 
2306 /**
2307  * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2308  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2309  *
2310  * This function is called to let WPA state machine know that the connection
2311  * was lost. This will abort any existing pre-authentication session.
2312  */
2313 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2314 {
2315 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2316 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2317 	peerkey_deinit(sm);
2318 	rsn_preauth_deinit(sm);
2319 	pmksa_cache_clear_current(sm);
2320 	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2321 		sm->dot11RSNA4WayHandshakeFailures++;
2322 #ifdef CONFIG_TDLS
2323 	wpa_tdls_disassoc(sm);
2324 #endif /* CONFIG_TDLS */
2325 
2326 	/* Keys are not needed in the WPA state machine anymore */
2327 	wpa_sm_drop_sa(sm);
2328 
2329 	sm->msg_3_of_4_ok = 0;
2330 }
2331 
2332 
2333 /**
2334  * wpa_sm_set_pmk - Set PMK
2335  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2336  * @pmk: The new PMK
2337  * @pmk_len: The length of the new PMK in bytes
2338  * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2339  *
2340  * Configure the PMK for WPA state machine.
2341  */
2342 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2343 		    const u8 *bssid)
2344 {
2345 	if (sm == NULL)
2346 		return;
2347 
2348 	sm->pmk_len = pmk_len;
2349 	os_memcpy(sm->pmk, pmk, pmk_len);
2350 
2351 #ifdef CONFIG_IEEE80211R
2352 	/* Set XXKey to be PSK for FT key derivation */
2353 	sm->xxkey_len = pmk_len;
2354 	os_memcpy(sm->xxkey, pmk, pmk_len);
2355 #endif /* CONFIG_IEEE80211R */
2356 
2357 	if (bssid) {
2358 		pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
2359 				bssid, sm->own_addr,
2360 				sm->network_ctx, sm->key_mgmt);
2361 	}
2362 }
2363 
2364 
2365 /**
2366  * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2367  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2368  *
2369  * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2370  * will be cleared.
2371  */
2372 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2373 {
2374 	if (sm == NULL)
2375 		return;
2376 
2377 	if (sm->cur_pmksa) {
2378 		sm->pmk_len = sm->cur_pmksa->pmk_len;
2379 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2380 	} else {
2381 		sm->pmk_len = PMK_LEN;
2382 		os_memset(sm->pmk, 0, PMK_LEN);
2383 	}
2384 }
2385 
2386 
2387 /**
2388  * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2389  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2390  * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2391  */
2392 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2393 {
2394 	if (sm)
2395 		sm->fast_reauth = fast_reauth;
2396 }
2397 
2398 
2399 /**
2400  * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2401  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2402  * @scard_ctx: Context pointer for smartcard related callback functions
2403  */
2404 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2405 {
2406 	if (sm == NULL)
2407 		return;
2408 	sm->scard_ctx = scard_ctx;
2409 	if (sm->preauth_eapol)
2410 		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2411 }
2412 
2413 
2414 /**
2415  * wpa_sm_set_config - Notification of current configration change
2416  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2417  * @config: Pointer to current network configuration
2418  *
2419  * Notify WPA state machine that configuration has changed. config will be
2420  * stored as a backpointer to network configuration. This can be %NULL to clear
2421  * the stored pointed.
2422  */
2423 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2424 {
2425 	if (!sm)
2426 		return;
2427 
2428 	if (config) {
2429 		sm->network_ctx = config->network_ctx;
2430 		sm->peerkey_enabled = config->peerkey_enabled;
2431 		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2432 		sm->proactive_key_caching = config->proactive_key_caching;
2433 		sm->eap_workaround = config->eap_workaround;
2434 		sm->eap_conf_ctx = config->eap_conf_ctx;
2435 		if (config->ssid) {
2436 			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2437 			sm->ssid_len = config->ssid_len;
2438 		} else
2439 			sm->ssid_len = 0;
2440 		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2441 		sm->p2p = config->p2p;
2442 	} else {
2443 		sm->network_ctx = NULL;
2444 		sm->peerkey_enabled = 0;
2445 		sm->allowed_pairwise_cipher = 0;
2446 		sm->proactive_key_caching = 0;
2447 		sm->eap_workaround = 0;
2448 		sm->eap_conf_ctx = NULL;
2449 		sm->ssid_len = 0;
2450 		sm->wpa_ptk_rekey = 0;
2451 		sm->p2p = 0;
2452 	}
2453 }
2454 
2455 
2456 /**
2457  * wpa_sm_set_own_addr - Set own MAC address
2458  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2459  * @addr: Own MAC address
2460  */
2461 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2462 {
2463 	if (sm)
2464 		os_memcpy(sm->own_addr, addr, ETH_ALEN);
2465 }
2466 
2467 
2468 /**
2469  * wpa_sm_set_ifname - Set network interface name
2470  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2471  * @ifname: Interface name
2472  * @bridge_ifname: Optional bridge interface name (for pre-auth)
2473  */
2474 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2475 		       const char *bridge_ifname)
2476 {
2477 	if (sm) {
2478 		sm->ifname = ifname;
2479 		sm->bridge_ifname = bridge_ifname;
2480 	}
2481 }
2482 
2483 
2484 /**
2485  * wpa_sm_set_eapol - Set EAPOL state machine pointer
2486  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2487  * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2488  */
2489 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2490 {
2491 	if (sm)
2492 		sm->eapol = eapol;
2493 }
2494 
2495 
2496 /**
2497  * wpa_sm_set_param - Set WPA state machine parameters
2498  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2499  * @param: Parameter field
2500  * @value: Parameter value
2501  * Returns: 0 on success, -1 on failure
2502  */
2503 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2504 		     unsigned int value)
2505 {
2506 	int ret = 0;
2507 
2508 	if (sm == NULL)
2509 		return -1;
2510 
2511 	switch (param) {
2512 	case RSNA_PMK_LIFETIME:
2513 		if (value > 0)
2514 			sm->dot11RSNAConfigPMKLifetime = value;
2515 		else
2516 			ret = -1;
2517 		break;
2518 	case RSNA_PMK_REAUTH_THRESHOLD:
2519 		if (value > 0 && value <= 100)
2520 			sm->dot11RSNAConfigPMKReauthThreshold = value;
2521 		else
2522 			ret = -1;
2523 		break;
2524 	case RSNA_SA_TIMEOUT:
2525 		if (value > 0)
2526 			sm->dot11RSNAConfigSATimeout = value;
2527 		else
2528 			ret = -1;
2529 		break;
2530 	case WPA_PARAM_PROTO:
2531 		sm->proto = value;
2532 		break;
2533 	case WPA_PARAM_PAIRWISE:
2534 		sm->pairwise_cipher = value;
2535 		break;
2536 	case WPA_PARAM_GROUP:
2537 		sm->group_cipher = value;
2538 		break;
2539 	case WPA_PARAM_KEY_MGMT:
2540 		sm->key_mgmt = value;
2541 		break;
2542 #ifdef CONFIG_IEEE80211W
2543 	case WPA_PARAM_MGMT_GROUP:
2544 		sm->mgmt_group_cipher = value;
2545 		break;
2546 #endif /* CONFIG_IEEE80211W */
2547 	case WPA_PARAM_RSN_ENABLED:
2548 		sm->rsn_enabled = value;
2549 		break;
2550 	case WPA_PARAM_MFP:
2551 		sm->mfp = value;
2552 		break;
2553 	default:
2554 		break;
2555 	}
2556 
2557 	return ret;
2558 }
2559 
2560 
2561 /**
2562  * wpa_sm_get_status - Get WPA state machine
2563  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2564  * @buf: Buffer for status information
2565  * @buflen: Maximum buffer length
2566  * @verbose: Whether to include verbose status information
2567  * Returns: Number of bytes written to buf.
2568  *
2569  * Query WPA state machine for status information. This function fills in
2570  * a text area with current status information. If the buffer (buf) is not
2571  * large enough, status information will be truncated to fit the buffer.
2572  */
2573 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2574 		      int verbose)
2575 {
2576 	char *pos = buf, *end = buf + buflen;
2577 	int ret;
2578 
2579 	ret = os_snprintf(pos, end - pos,
2580 			  "pairwise_cipher=%s\n"
2581 			  "group_cipher=%s\n"
2582 			  "key_mgmt=%s\n",
2583 			  wpa_cipher_txt(sm->pairwise_cipher),
2584 			  wpa_cipher_txt(sm->group_cipher),
2585 			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2586 	if (os_snprintf_error(end - pos, ret))
2587 		return pos - buf;
2588 	pos += ret;
2589 
2590 	if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2591 		struct wpa_ie_data rsn;
2592 		if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2593 		    >= 0 &&
2594 		    rsn.capabilities & (WPA_CAPABILITY_MFPR |
2595 					WPA_CAPABILITY_MFPC)) {
2596 			ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2597 					  (rsn.capabilities &
2598 					   WPA_CAPABILITY_MFPR) ? 2 : 1);
2599 			if (os_snprintf_error(end - pos, ret))
2600 				return pos - buf;
2601 			pos += ret;
2602 		}
2603 	}
2604 
2605 	return pos - buf;
2606 }
2607 
2608 
2609 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2610 {
2611 	struct wpa_ie_data rsn;
2612 
2613 	if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2614 		return 0;
2615 
2616 	if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2617 	    rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2618 		return 1;
2619 
2620 	return 0;
2621 }
2622 
2623 
2624 /**
2625  * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2626  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2627  * @wpa_ie: Pointer to buffer for WPA/RSN IE
2628  * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2629  * Returns: 0 on success, -1 on failure
2630  */
2631 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2632 				    size_t *wpa_ie_len)
2633 {
2634 	int res;
2635 
2636 	if (sm == NULL)
2637 		return -1;
2638 
2639 	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2640 	if (res < 0)
2641 		return -1;
2642 	*wpa_ie_len = res;
2643 
2644 	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2645 		    wpa_ie, *wpa_ie_len);
2646 
2647 	if (sm->assoc_wpa_ie == NULL) {
2648 		/*
2649 		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2650 		 * the correct version of the IE even if PMKSA caching is
2651 		 * aborted (which would remove PMKID from IE generation).
2652 		 */
2653 		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2654 		if (sm->assoc_wpa_ie == NULL)
2655 			return -1;
2656 
2657 		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2658 		sm->assoc_wpa_ie_len = *wpa_ie_len;
2659 	}
2660 
2661 	return 0;
2662 }
2663 
2664 
2665 /**
2666  * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2667  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2668  * @ie: Pointer to IE data (starting from id)
2669  * @len: IE length
2670  * Returns: 0 on success, -1 on failure
2671  *
2672  * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2673  * Request frame. The IE will be used to override the default value generated
2674  * with wpa_sm_set_assoc_wpa_ie_default().
2675  */
2676 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2677 {
2678 	if (sm == NULL)
2679 		return -1;
2680 
2681 	os_free(sm->assoc_wpa_ie);
2682 	if (ie == NULL || len == 0) {
2683 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2684 			"WPA: clearing own WPA/RSN IE");
2685 		sm->assoc_wpa_ie = NULL;
2686 		sm->assoc_wpa_ie_len = 0;
2687 	} else {
2688 		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2689 		sm->assoc_wpa_ie = os_malloc(len);
2690 		if (sm->assoc_wpa_ie == NULL)
2691 			return -1;
2692 
2693 		os_memcpy(sm->assoc_wpa_ie, ie, len);
2694 		sm->assoc_wpa_ie_len = len;
2695 	}
2696 
2697 	return 0;
2698 }
2699 
2700 
2701 /**
2702  * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2703  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2704  * @ie: Pointer to IE data (starting from id)
2705  * @len: IE length
2706  * Returns: 0 on success, -1 on failure
2707  *
2708  * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2709  * frame.
2710  */
2711 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2712 {
2713 	if (sm == NULL)
2714 		return -1;
2715 
2716 	os_free(sm->ap_wpa_ie);
2717 	if (ie == NULL || len == 0) {
2718 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2719 			"WPA: clearing AP WPA IE");
2720 		sm->ap_wpa_ie = NULL;
2721 		sm->ap_wpa_ie_len = 0;
2722 	} else {
2723 		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2724 		sm->ap_wpa_ie = os_malloc(len);
2725 		if (sm->ap_wpa_ie == NULL)
2726 			return -1;
2727 
2728 		os_memcpy(sm->ap_wpa_ie, ie, len);
2729 		sm->ap_wpa_ie_len = len;
2730 	}
2731 
2732 	return 0;
2733 }
2734 
2735 
2736 /**
2737  * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2738  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2739  * @ie: Pointer to IE data (starting from id)
2740  * @len: IE length
2741  * Returns: 0 on success, -1 on failure
2742  *
2743  * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2744  * frame.
2745  */
2746 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2747 {
2748 	if (sm == NULL)
2749 		return -1;
2750 
2751 	os_free(sm->ap_rsn_ie);
2752 	if (ie == NULL || len == 0) {
2753 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2754 			"WPA: clearing AP RSN IE");
2755 		sm->ap_rsn_ie = NULL;
2756 		sm->ap_rsn_ie_len = 0;
2757 	} else {
2758 		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2759 		sm->ap_rsn_ie = os_malloc(len);
2760 		if (sm->ap_rsn_ie == NULL)
2761 			return -1;
2762 
2763 		os_memcpy(sm->ap_rsn_ie, ie, len);
2764 		sm->ap_rsn_ie_len = len;
2765 	}
2766 
2767 	return 0;
2768 }
2769 
2770 
2771 /**
2772  * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2773  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2774  * @data: Pointer to data area for parsing results
2775  * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2776  *
2777  * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2778  * parsed data into data.
2779  */
2780 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2781 {
2782 	if (sm == NULL)
2783 		return -1;
2784 
2785 	if (sm->assoc_wpa_ie == NULL) {
2786 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2787 			"WPA: No WPA/RSN IE available from association info");
2788 		return -1;
2789 	}
2790 	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2791 		return -2;
2792 	return 0;
2793 }
2794 
2795 
2796 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2797 {
2798 	return pmksa_cache_list(sm->pmksa, buf, len);
2799 }
2800 
2801 
2802 void wpa_sm_drop_sa(struct wpa_sm *sm)
2803 {
2804 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2805 	sm->ptk_set = 0;
2806 	sm->tptk_set = 0;
2807 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
2808 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2809 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2810 #ifdef CONFIG_IEEE80211R
2811 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2812 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2813 	os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2814 #endif /* CONFIG_IEEE80211R */
2815 }
2816 
2817 
2818 int wpa_sm_has_ptk(struct wpa_sm *sm)
2819 {
2820 	if (sm == NULL)
2821 		return 0;
2822 	return sm->ptk_set;
2823 }
2824 
2825 
2826 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2827 {
2828 	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2829 }
2830 
2831 
2832 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2833 {
2834 	pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2835 }
2836 
2837 
2838 #ifdef CONFIG_WNM
2839 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2840 {
2841 	u16 keyinfo;
2842 	u8 keylen;  /* plaintext key len */
2843 	u8 *key_rsc;
2844 
2845 	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2846 		struct wpa_gtk_data gd;
2847 
2848 		os_memset(&gd, 0, sizeof(gd));
2849 		keylen = wpa_cipher_key_len(sm->group_cipher);
2850 		gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2851 		gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2852 		if (gd.alg == WPA_ALG_NONE) {
2853 			wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2854 			return -1;
2855 		}
2856 
2857 		key_rsc = buf + 5;
2858 		keyinfo = WPA_GET_LE16(buf + 2);
2859 		gd.gtk_len = keylen;
2860 		if (gd.gtk_len != buf[4]) {
2861 			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2862 				   gd.gtk_len, buf[4]);
2863 			return -1;
2864 		}
2865 		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2866 		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2867 		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2868 
2869 		os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2870 
2871 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2872 				gd.gtk, gd.gtk_len);
2873 		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2874 			os_memset(&gd, 0, sizeof(gd));
2875 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2876 				   "WNM mode");
2877 			return -1;
2878 		}
2879 		os_memset(&gd, 0, sizeof(gd));
2880 #ifdef CONFIG_IEEE80211W
2881 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2882 		struct wpa_igtk_kde igd;
2883 		u16 keyidx;
2884 
2885 		os_memset(&igd, 0, sizeof(igd));
2886 		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
2887 		os_memcpy(igd.keyid, buf + 2, 2);
2888 		os_memcpy(igd.pn, buf + 4, 6);
2889 
2890 		keyidx = WPA_GET_LE16(igd.keyid);
2891 		os_memcpy(igd.igtk, buf + 10, keylen);
2892 
2893 		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2894 				igd.igtk, keylen);
2895 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2896 				   broadcast_ether_addr,
2897 				   keyidx, 0, igd.pn, sizeof(igd.pn),
2898 				   igd.igtk, keylen) < 0) {
2899 			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2900 				   "WNM mode");
2901 			os_memset(&igd, 0, sizeof(igd));
2902 			return -1;
2903 		}
2904 		os_memset(&igd, 0, sizeof(igd));
2905 #endif /* CONFIG_IEEE80211W */
2906 	} else {
2907 		wpa_printf(MSG_DEBUG, "Unknown element id");
2908 		return -1;
2909 	}
2910 
2911 	return 0;
2912 }
2913 #endif /* CONFIG_WNM */
2914 
2915 
2916 #ifdef CONFIG_PEERKEY
2917 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2918 			    const u8 *buf, size_t len)
2919 {
2920 	struct wpa_peerkey *peerkey;
2921 
2922 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2923 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2924 			break;
2925 	}
2926 
2927 	if (!peerkey)
2928 		return 0;
2929 
2930 	wpa_sm_rx_eapol(sm, src_addr, buf, len);
2931 
2932 	return 1;
2933 }
2934 #endif /* CONFIG_PEERKEY */
2935 
2936 
2937 #ifdef CONFIG_P2P
2938 
2939 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
2940 {
2941 	if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
2942 		return -1;
2943 	os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
2944 	return 0;
2945 }
2946 
2947 #endif /* CONFIG_P2P */
2948 
2949 
2950 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
2951 {
2952 	if (rx_replay_counter == NULL)
2953 		return;
2954 
2955 	os_memcpy(sm->rx_replay_counter, rx_replay_counter,
2956 		  WPA_REPLAY_COUNTER_LEN);
2957 	sm->rx_replay_counter_set = 1;
2958 	wpa_printf(MSG_DEBUG, "Updated key replay counter");
2959 }
2960 
2961 
2962 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
2963 			    const u8 *ptk_kck, size_t ptk_kck_len,
2964 			    const u8 *ptk_kek, size_t ptk_kek_len)
2965 {
2966 	if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
2967 		os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
2968 		sm->ptk.kck_len = ptk_kck_len;
2969 		wpa_printf(MSG_DEBUG, "Updated PTK KCK");
2970 	}
2971 	if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
2972 		os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
2973 		sm->ptk.kek_len = ptk_kek_len;
2974 		wpa_printf(MSG_DEBUG, "Updated PTK KEK");
2975 	}
2976 	sm->ptk_set = 1;
2977 }
2978