1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "crypto/aes_wrap.h" 19 #include "crypto/crypto.h" 20 #include "common/ieee802_11_defs.h" 21 #include "eapol_supp/eapol_supp_sm.h" 22 #include "wpa.h" 23 #include "eloop.h" 24 #include "preauth.h" 25 #include "pmksa_cache.h" 26 #include "wpa_i.h" 27 #include "wpa_ie.h" 28 #include "peerkey.h" 29 30 31 /** 32 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 33 * @sm: Pointer to WPA state machine data from wpa_sm_init() 34 * @kck: Key Confirmation Key (KCK, part of PTK) 35 * @ver: Version field from Key Info 36 * @dest: Destination address for the frame 37 * @proto: Ethertype (usually ETH_P_EAPOL) 38 * @msg: EAPOL-Key message 39 * @msg_len: Length of message 40 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 41 */ 42 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, 43 int ver, const u8 *dest, u16 proto, 44 u8 *msg, size_t msg_len, u8 *key_mic) 45 { 46 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 47 /* 48 * Association event was not yet received; try to fetch 49 * BSSID from the driver. 50 */ 51 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 52 wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for " 53 "EAPOL-Key destination address"); 54 } else { 55 dest = sm->bssid; 56 wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR 57 ") as the destination for EAPOL-Key", 58 MAC2STR(dest)); 59 } 60 } 61 if (key_mic && 62 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) { 63 wpa_printf(MSG_ERROR, "WPA: Failed to generate EAPOL-Key " 64 "version %d MIC", ver); 65 goto out; 66 } 67 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 68 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 69 eapol_sm_notify_tx_eapol_key(sm->eapol); 70 out: 71 os_free(msg); 72 } 73 74 75 /** 76 * wpa_sm_key_request - Send EAPOL-Key Request 77 * @sm: Pointer to WPA state machine data from wpa_sm_init() 78 * @error: Indicate whether this is an Michael MIC error report 79 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 80 * 81 * Send an EAPOL-Key Request to the current authenticator. This function is 82 * used to request rekeying and it is usually called when a local Michael MIC 83 * failure is detected. 84 */ 85 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 86 { 87 size_t rlen; 88 struct wpa_eapol_key *reply; 89 int key_info, ver; 90 u8 bssid[ETH_ALEN], *rbuf; 91 92 if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt)) 93 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 94 else if (sm->pairwise_cipher == WPA_CIPHER_CCMP) 95 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 96 else 97 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 98 99 if (wpa_sm_get_bssid(sm, bssid) < 0) { 100 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key " 101 "request"); 102 return; 103 } 104 105 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 106 sizeof(*reply), &rlen, (void *) &reply); 107 if (rbuf == NULL) 108 return; 109 110 reply->type = sm->proto == WPA_PROTO_RSN ? 111 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 112 key_info = WPA_KEY_INFO_REQUEST | ver; 113 if (sm->ptk_set) 114 key_info |= WPA_KEY_INFO_MIC; 115 if (error) 116 key_info |= WPA_KEY_INFO_ERROR; 117 if (pairwise) 118 key_info |= WPA_KEY_INFO_KEY_TYPE; 119 WPA_PUT_BE16(reply->key_info, key_info); 120 WPA_PUT_BE16(reply->key_length, 0); 121 os_memcpy(reply->replay_counter, sm->request_counter, 122 WPA_REPLAY_COUNTER_LEN); 123 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 124 125 WPA_PUT_BE16(reply->key_data_length, 0); 126 127 wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d " 128 "pairwise=%d ptk_set=%d len=%lu)", 129 error, pairwise, sm->ptk_set, (unsigned long) rlen); 130 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL, 131 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ? 132 reply->key_mic : NULL); 133 } 134 135 136 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 137 const unsigned char *src_addr, 138 const u8 *pmkid) 139 { 140 int abort_cached = 0; 141 142 if (pmkid && !sm->cur_pmksa) { 143 /* When using drivers that generate RSN IE, wpa_supplicant may 144 * not have enough time to get the association information 145 * event before receiving this 1/4 message, so try to find a 146 * matching PMKSA cache entry here. */ 147 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid); 148 if (sm->cur_pmksa) { 149 wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from " 150 "PMKSA cache"); 151 } else { 152 wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found"); 153 abort_cached = 1; 154 } 155 } 156 157 if (pmkid && sm->cur_pmksa && 158 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 159 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 160 wpa_sm_set_pmk_from_pmksa(sm); 161 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 162 sm->pmk, sm->pmk_len); 163 eapol_sm_notify_cached(sm->eapol); 164 #ifdef CONFIG_IEEE80211R 165 sm->xxkey_len = 0; 166 #endif /* CONFIG_IEEE80211R */ 167 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 168 int res, pmk_len; 169 pmk_len = PMK_LEN; 170 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 171 if (res) { 172 /* 173 * EAP-LEAP is an exception from other EAP methods: it 174 * uses only 16-byte PMK. 175 */ 176 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 177 pmk_len = 16; 178 } else { 179 #ifdef CONFIG_IEEE80211R 180 u8 buf[2 * PMK_LEN]; 181 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 182 { 183 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 184 sm->xxkey_len = PMK_LEN; 185 os_memset(buf, 0, sizeof(buf)); 186 } 187 #endif /* CONFIG_IEEE80211R */ 188 } 189 if (res == 0) { 190 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 191 "machines", sm->pmk, pmk_len); 192 sm->pmk_len = pmk_len; 193 if (sm->proto == WPA_PROTO_RSN) { 194 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, 195 src_addr, sm->own_addr, 196 sm->network_ctx, sm->key_mgmt); 197 } 198 if (!sm->cur_pmksa && pmkid && 199 pmksa_cache_get(sm->pmksa, src_addr, pmkid)) { 200 wpa_printf(MSG_DEBUG, "RSN: the new PMK " 201 "matches with the PMKID"); 202 abort_cached = 0; 203 } 204 } else { 205 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 206 "WPA: Failed to get master session key from " 207 "EAPOL state machines"); 208 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 209 "WPA: Key handshake aborted"); 210 if (sm->cur_pmksa) { 211 wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA " 212 "caching attempt"); 213 sm->cur_pmksa = NULL; 214 abort_cached = 1; 215 } else if (!abort_cached) { 216 return -1; 217 } 218 } 219 } 220 221 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { 222 /* Send EAPOL-Start to trigger full EAP authentication. */ 223 u8 *buf; 224 size_t buflen; 225 226 wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger " 227 "full EAP authentication"); 228 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 229 NULL, 0, &buflen, NULL); 230 if (buf) { 231 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 232 buf, buflen); 233 os_free(buf); 234 return -2; 235 } 236 237 return -1; 238 } 239 240 return 0; 241 } 242 243 244 /** 245 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 246 * @sm: Pointer to WPA state machine data from wpa_sm_init() 247 * @dst: Destination address for the frame 248 * @key: Pointer to the EAPOL-Key frame header 249 * @ver: Version bits from EAPOL-Key Key Info 250 * @nonce: Nonce value for the EAPOL-Key frame 251 * @wpa_ie: WPA/RSN IE 252 * @wpa_ie_len: Length of the WPA/RSN IE 253 * @ptk: PTK to use for keyed hash and encryption 254 * Returns: 0 on success, -1 on failure 255 */ 256 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 257 const struct wpa_eapol_key *key, 258 int ver, const u8 *nonce, 259 const u8 *wpa_ie, size_t wpa_ie_len, 260 struct wpa_ptk *ptk) 261 { 262 size_t rlen; 263 struct wpa_eapol_key *reply; 264 u8 *rbuf; 265 u8 *rsn_ie_buf = NULL; 266 267 if (wpa_ie == NULL) { 268 wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot " 269 "generate msg 2/4"); 270 return -1; 271 } 272 273 #ifdef CONFIG_IEEE80211R 274 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 275 int res; 276 277 /* 278 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 279 * FTIE from (Re)Association Response. 280 */ 281 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 282 sm->assoc_resp_ies_len); 283 if (rsn_ie_buf == NULL) 284 return -1; 285 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 286 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 287 sm->pmk_r1_name); 288 if (res < 0) { 289 os_free(rsn_ie_buf); 290 return -1; 291 } 292 wpa_ie_len += res; 293 294 if (sm->assoc_resp_ies) { 295 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 296 sm->assoc_resp_ies_len); 297 wpa_ie_len += sm->assoc_resp_ies_len; 298 } 299 300 wpa_ie = rsn_ie_buf; 301 } 302 #endif /* CONFIG_IEEE80211R */ 303 304 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 305 306 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 307 NULL, sizeof(*reply) + wpa_ie_len, 308 &rlen, (void *) &reply); 309 if (rbuf == NULL) { 310 os_free(rsn_ie_buf); 311 return -1; 312 } 313 314 reply->type = sm->proto == WPA_PROTO_RSN ? 315 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 316 WPA_PUT_BE16(reply->key_info, 317 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 318 if (sm->proto == WPA_PROTO_RSN) 319 WPA_PUT_BE16(reply->key_length, 0); 320 else 321 os_memcpy(reply->key_length, key->key_length, 2); 322 os_memcpy(reply->replay_counter, key->replay_counter, 323 WPA_REPLAY_COUNTER_LEN); 324 325 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 326 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 327 os_free(rsn_ie_buf); 328 329 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 330 331 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 332 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 333 rbuf, rlen, reply->key_mic); 334 335 return 0; 336 } 337 338 339 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 340 const struct wpa_eapol_key *key, 341 struct wpa_ptk *ptk) 342 { 343 size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64; 344 #ifdef CONFIG_IEEE80211R 345 if (wpa_key_mgmt_ft(sm->key_mgmt)) 346 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len); 347 #endif /* CONFIG_IEEE80211R */ 348 349 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 350 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce, 351 (u8 *) ptk, ptk_len, 352 wpa_key_mgmt_sha256(sm->key_mgmt)); 353 return 0; 354 } 355 356 357 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 358 const unsigned char *src_addr, 359 const struct wpa_eapol_key *key, 360 u16 ver) 361 { 362 struct wpa_eapol_ie_parse ie; 363 struct wpa_ptk *ptk; 364 u8 buf[8]; 365 int res; 366 367 if (wpa_sm_get_network_ctx(sm) == NULL) { 368 wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of " 369 "4)."); 370 return; 371 } 372 373 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 374 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from " 375 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 376 377 os_memset(&ie, 0, sizeof(ie)); 378 379 #ifndef CONFIG_NO_WPA2 380 if (sm->proto == WPA_PROTO_RSN) { 381 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 382 const u8 *_buf = (const u8 *) (key + 1); 383 size_t len = WPA_GET_BE16(key->key_data_length); 384 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len); 385 wpa_supplicant_parse_ies(_buf, len, &ie); 386 if (ie.pmkid) { 387 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 388 "Authenticator", ie.pmkid, PMKID_LEN); 389 } 390 } 391 #endif /* CONFIG_NO_WPA2 */ 392 393 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 394 if (res == -2) { 395 wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - " 396 "requesting full EAP authentication"); 397 return; 398 } 399 if (res) 400 goto failed; 401 402 if (sm->renew_snonce) { 403 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { 404 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 405 "WPA: Failed to get random data for SNonce"); 406 goto failed; 407 } 408 sm->renew_snonce = 0; 409 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 410 sm->snonce, WPA_NONCE_LEN); 411 } 412 413 /* Calculate PTK which will be stored as a temporary PTK until it has 414 * been verified when processing message 3/4. */ 415 ptk = &sm->tptk; 416 wpa_derive_ptk(sm, src_addr, key, ptk); 417 /* Supplicant: swap tx/rx Mic keys */ 418 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8); 419 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8); 420 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8); 421 sm->tptk_set = 1; 422 423 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 424 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, 425 ptk)) 426 goto failed; 427 428 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 429 return; 430 431 failed: 432 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 433 } 434 435 436 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 437 { 438 struct wpa_sm *sm = eloop_ctx; 439 rsn_preauth_candidate_process(sm); 440 } 441 442 443 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 444 const u8 *addr, int secure) 445 { 446 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 447 "WPA: Key negotiation completed with " 448 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 449 wpa_cipher_txt(sm->pairwise_cipher), 450 wpa_cipher_txt(sm->group_cipher)); 451 wpa_sm_cancel_auth_timeout(sm); 452 wpa_sm_set_state(sm, WPA_COMPLETED); 453 454 if (secure) { 455 wpa_sm_mlme_setprotection( 456 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 457 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 458 eapol_sm_notify_portValid(sm->eapol, TRUE); 459 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 460 eapol_sm_notify_eap_success(sm->eapol, TRUE); 461 /* 462 * Start preauthentication after a short wait to avoid a 463 * possible race condition between the data receive and key 464 * configuration after the 4-Way Handshake. This increases the 465 * likelyhood of the first preauth EAPOL-Start frame getting to 466 * the target AP. 467 */ 468 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 469 } 470 471 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 472 wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted " 473 "opportunistic PMKSA entry - marking it valid"); 474 sm->cur_pmksa->opportunistic = 0; 475 } 476 477 #ifdef CONFIG_IEEE80211R 478 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 479 /* Prepare for the next transition */ 480 wpa_ft_prepare_auth_request(sm, NULL); 481 } 482 #endif /* CONFIG_IEEE80211R */ 483 } 484 485 486 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 487 { 488 struct wpa_sm *sm = eloop_ctx; 489 wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying"); 490 wpa_sm_key_request(sm, 0, 1); 491 } 492 493 494 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 495 const struct wpa_eapol_key *key) 496 { 497 int keylen, rsclen; 498 enum wpa_alg alg; 499 const u8 *key_rsc; 500 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 501 502 wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver."); 503 504 switch (sm->pairwise_cipher) { 505 case WPA_CIPHER_CCMP: 506 alg = WPA_ALG_CCMP; 507 keylen = 16; 508 rsclen = 6; 509 break; 510 case WPA_CIPHER_TKIP: 511 alg = WPA_ALG_TKIP; 512 keylen = 32; 513 rsclen = 6; 514 break; 515 case WPA_CIPHER_NONE: 516 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: " 517 "NONE - do not use pairwise keys"); 518 return 0; 519 default: 520 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d", 521 sm->pairwise_cipher); 522 return -1; 523 } 524 525 if (sm->proto == WPA_PROTO_RSN) { 526 key_rsc = null_rsc; 527 } else { 528 key_rsc = key->key_rsc; 529 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 530 } 531 532 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 533 (u8 *) sm->ptk.tk1, keylen) < 0) { 534 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the " 535 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 536 alg, keylen, MAC2STR(sm->bssid)); 537 return -1; 538 } 539 540 if (sm->wpa_ptk_rekey) { 541 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 542 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 543 sm, NULL); 544 } 545 546 return 0; 547 } 548 549 550 static int wpa_supplicant_check_group_cipher(int group_cipher, 551 int keylen, int maxkeylen, 552 int *key_rsc_len, 553 enum wpa_alg *alg) 554 { 555 int ret = 0; 556 557 switch (group_cipher) { 558 case WPA_CIPHER_CCMP: 559 if (keylen != 16 || maxkeylen < 16) { 560 ret = -1; 561 break; 562 } 563 *key_rsc_len = 6; 564 *alg = WPA_ALG_CCMP; 565 break; 566 case WPA_CIPHER_TKIP: 567 if (keylen != 32 || maxkeylen < 32) { 568 ret = -1; 569 break; 570 } 571 *key_rsc_len = 6; 572 *alg = WPA_ALG_TKIP; 573 break; 574 case WPA_CIPHER_WEP104: 575 if (keylen != 13 || maxkeylen < 13) { 576 ret = -1; 577 break; 578 } 579 *key_rsc_len = 0; 580 *alg = WPA_ALG_WEP; 581 break; 582 case WPA_CIPHER_WEP40: 583 if (keylen != 5 || maxkeylen < 5) { 584 ret = -1; 585 break; 586 } 587 *key_rsc_len = 0; 588 *alg = WPA_ALG_WEP; 589 break; 590 default: 591 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d", 592 group_cipher); 593 return -1; 594 } 595 596 if (ret < 0 ) { 597 wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key " 598 "length %d (%d).", 599 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 600 } 601 602 return ret; 603 } 604 605 606 struct wpa_gtk_data { 607 enum wpa_alg alg; 608 int tx, key_rsc_len, keyidx; 609 u8 gtk[32]; 610 int gtk_len; 611 }; 612 613 614 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 615 const struct wpa_gtk_data *gd, 616 const u8 *key_rsc) 617 { 618 const u8 *_gtk = gd->gtk; 619 u8 gtk_buf[32]; 620 621 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 622 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver " 623 "(keyidx=%d tx=%d len=%d).", gd->keyidx, gd->tx, 624 gd->gtk_len); 625 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 626 if (sm->group_cipher == WPA_CIPHER_TKIP) { 627 /* Swap Tx/Rx keys for Michael MIC */ 628 os_memcpy(gtk_buf, gd->gtk, 16); 629 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 630 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 631 _gtk = gtk_buf; 632 } 633 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 634 if (wpa_sm_set_key(sm, gd->alg, 635 (u8 *) "\xff\xff\xff\xff\xff\xff", 636 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 637 _gtk, gd->gtk_len) < 0) { 638 wpa_printf(MSG_WARNING, "WPA: Failed to set " 639 "GTK to the driver (Group only)."); 640 return -1; 641 } 642 } else if (wpa_sm_set_key(sm, gd->alg, 643 (u8 *) "\xff\xff\xff\xff\xff\xff", 644 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 645 _gtk, gd->gtk_len) < 0) { 646 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to " 647 "the driver (alg=%d keylen=%d keyidx=%d)", 648 gd->alg, gd->gtk_len, gd->keyidx); 649 return -1; 650 } 651 652 return 0; 653 } 654 655 656 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 657 int tx) 658 { 659 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 660 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 661 * seemed to set this bit (incorrectly, since Tx is only when 662 * doing Group Key only APs) and without this workaround, the 663 * data connection does not work because wpa_supplicant 664 * configured non-zero keyidx to be used for unicast. */ 665 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise " 666 "keys are used - ignore Tx bit"); 667 return 0; 668 } 669 return tx; 670 } 671 672 673 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 674 const struct wpa_eapol_key *key, 675 const u8 *gtk, size_t gtk_len, 676 int key_info) 677 { 678 #ifndef CONFIG_NO_WPA2 679 struct wpa_gtk_data gd; 680 681 /* 682 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 683 * GTK KDE format: 684 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 685 * Reserved [bits 0-7] 686 * GTK 687 */ 688 689 os_memset(&gd, 0, sizeof(gd)); 690 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 691 gtk, gtk_len); 692 693 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 694 return -1; 695 696 gd.keyidx = gtk[0] & 0x3; 697 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 698 !!(gtk[0] & BIT(2))); 699 gtk += 2; 700 gtk_len -= 2; 701 702 os_memcpy(gd.gtk, gtk, gtk_len); 703 gd.gtk_len = gtk_len; 704 705 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 706 gtk_len, gtk_len, 707 &gd.key_rsc_len, &gd.alg) || 708 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) { 709 wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK"); 710 return -1; 711 } 712 713 wpa_supplicant_key_neg_complete(sm, sm->bssid, 714 key_info & WPA_KEY_INFO_SECURE); 715 return 0; 716 #else /* CONFIG_NO_WPA2 */ 717 return -1; 718 #endif /* CONFIG_NO_WPA2 */ 719 } 720 721 722 static int ieee80211w_set_keys(struct wpa_sm *sm, 723 struct wpa_eapol_ie_parse *ie) 724 { 725 #ifdef CONFIG_IEEE80211W 726 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) 727 return 0; 728 729 if (ie->igtk) { 730 const struct wpa_igtk_kde *igtk; 731 u16 keyidx; 732 if (ie->igtk_len != sizeof(*igtk)) 733 return -1; 734 igtk = (const struct wpa_igtk_kde *) ie->igtk; 735 keyidx = WPA_GET_LE16(igtk->keyid); 736 wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d " 737 "pn %02x%02x%02x%02x%02x%02x", 738 keyidx, MAC2STR(igtk->pn)); 739 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 740 igtk->igtk, WPA_IGTK_LEN); 741 if (keyidx > 4095) { 742 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d", 743 keyidx); 744 return -1; 745 } 746 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, 747 (u8 *) "\xff\xff\xff\xff\xff\xff", 748 keyidx, 0, igtk->pn, sizeof(igtk->pn), 749 igtk->igtk, WPA_IGTK_LEN) < 0) { 750 wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK" 751 " to the driver"); 752 return -1; 753 } 754 } 755 756 return 0; 757 #else /* CONFIG_IEEE80211W */ 758 return 0; 759 #endif /* CONFIG_IEEE80211W */ 760 } 761 762 763 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 764 const char *reason, const u8 *src_addr, 765 const u8 *wpa_ie, size_t wpa_ie_len, 766 const u8 *rsn_ie, size_t rsn_ie_len) 767 { 768 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 769 reason, MAC2STR(src_addr)); 770 771 if (sm->ap_wpa_ie) { 772 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 773 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 774 } 775 if (wpa_ie) { 776 if (!sm->ap_wpa_ie) { 777 wpa_printf(MSG_INFO, "WPA: No WPA IE in " 778 "Beacon/ProbeResp"); 779 } 780 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 781 wpa_ie, wpa_ie_len); 782 } 783 784 if (sm->ap_rsn_ie) { 785 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 786 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 787 } 788 if (rsn_ie) { 789 if (!sm->ap_rsn_ie) { 790 wpa_printf(MSG_INFO, "WPA: No RSN IE in " 791 "Beacon/ProbeResp"); 792 } 793 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 794 rsn_ie, rsn_ie_len); 795 } 796 797 wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 798 } 799 800 801 #ifdef CONFIG_IEEE80211R 802 803 static int ft_validate_mdie(struct wpa_sm *sm, 804 const unsigned char *src_addr, 805 struct wpa_eapol_ie_parse *ie, 806 const u8 *assoc_resp_mdie) 807 { 808 struct rsn_mdie *mdie; 809 810 mdie = (struct rsn_mdie *) (ie->mdie + 2); 811 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 812 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 813 MOBILITY_DOMAIN_ID_LEN) != 0) { 814 wpa_printf(MSG_DEBUG, "FT: MDIE in msg 3/4 did not " 815 "match with the current mobility domain"); 816 return -1; 817 } 818 819 if (assoc_resp_mdie && 820 (assoc_resp_mdie[1] != ie->mdie[1] || 821 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 822 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); 823 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 824 ie->mdie, 2 + ie->mdie[1]); 825 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 826 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 827 return -1; 828 } 829 830 return 0; 831 } 832 833 834 static int ft_validate_ftie(struct wpa_sm *sm, 835 const unsigned char *src_addr, 836 struct wpa_eapol_ie_parse *ie, 837 const u8 *assoc_resp_ftie) 838 { 839 if (ie->ftie == NULL) { 840 wpa_printf(MSG_DEBUG, "FT: No FTIE in EAPOL-Key msg 3/4"); 841 return -1; 842 } 843 844 if (assoc_resp_ftie == NULL) 845 return 0; 846 847 if (assoc_resp_ftie[1] != ie->ftie[1] || 848 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 849 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); 850 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 851 ie->ftie, 2 + ie->ftie[1]); 852 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 853 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 854 return -1; 855 } 856 857 return 0; 858 } 859 860 861 static int ft_validate_rsnie(struct wpa_sm *sm, 862 const unsigned char *src_addr, 863 struct wpa_eapol_ie_parse *ie) 864 { 865 struct wpa_ie_data rsn; 866 867 if (!ie->rsn_ie) 868 return 0; 869 870 /* 871 * Verify that PMKR1Name from EAPOL-Key message 3/4 872 * matches with the value we derived. 873 */ 874 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 875 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 876 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " 877 "FT 4-way handshake message 3/4"); 878 return -1; 879 } 880 881 if (os_memcmp(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) { 882 wpa_printf(MSG_DEBUG, "FT: PMKR1Name mismatch in " 883 "FT 4-way handshake message 3/4"); 884 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 885 rsn.pmkid, WPA_PMK_NAME_LEN); 886 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 887 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 888 return -1; 889 } 890 891 return 0; 892 } 893 894 895 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 896 const unsigned char *src_addr, 897 struct wpa_eapol_ie_parse *ie) 898 { 899 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 900 901 if (sm->assoc_resp_ies) { 902 pos = sm->assoc_resp_ies; 903 end = pos + sm->assoc_resp_ies_len; 904 while (pos + 2 < end) { 905 if (pos + 2 + pos[1] > end) 906 break; 907 switch (*pos) { 908 case WLAN_EID_MOBILITY_DOMAIN: 909 mdie = pos; 910 break; 911 case WLAN_EID_FAST_BSS_TRANSITION: 912 ftie = pos; 913 break; 914 } 915 pos += 2 + pos[1]; 916 } 917 } 918 919 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 920 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 921 ft_validate_rsnie(sm, src_addr, ie) < 0) 922 return -1; 923 924 return 0; 925 } 926 927 #endif /* CONFIG_IEEE80211R */ 928 929 930 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 931 const unsigned char *src_addr, 932 struct wpa_eapol_ie_parse *ie) 933 { 934 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 935 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. " 936 "Trying to get from scan results"); 937 if (wpa_sm_get_beacon_ie(sm) < 0) { 938 wpa_printf(MSG_WARNING, "WPA: Could not find AP from " 939 "the scan results"); 940 } else { 941 wpa_printf(MSG_DEBUG, "WPA: Found the current AP from " 942 "updated scan results"); 943 } 944 } 945 946 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 947 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 948 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 949 "with IE in Beacon/ProbeResp (no IE?)", 950 src_addr, ie->wpa_ie, ie->wpa_ie_len, 951 ie->rsn_ie, ie->rsn_ie_len); 952 return -1; 953 } 954 955 if ((ie->wpa_ie && sm->ap_wpa_ie && 956 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 957 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 958 (ie->rsn_ie && sm->ap_rsn_ie && 959 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 960 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 961 ie->rsn_ie, ie->rsn_ie_len))) { 962 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 963 "with IE in Beacon/ProbeResp", 964 src_addr, ie->wpa_ie, ie->wpa_ie_len, 965 ie->rsn_ie, ie->rsn_ie_len); 966 return -1; 967 } 968 969 if (sm->proto == WPA_PROTO_WPA && 970 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 971 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 972 "detected - RSN was enabled and RSN IE " 973 "was in msg 3/4, but not in " 974 "Beacon/ProbeResp", 975 src_addr, ie->wpa_ie, ie->wpa_ie_len, 976 ie->rsn_ie, ie->rsn_ie_len); 977 return -1; 978 } 979 980 #ifdef CONFIG_IEEE80211R 981 if (wpa_key_mgmt_ft(sm->key_mgmt) && 982 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 983 return -1; 984 #endif /* CONFIG_IEEE80211R */ 985 986 return 0; 987 } 988 989 990 /** 991 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 992 * @sm: Pointer to WPA state machine data from wpa_sm_init() 993 * @dst: Destination address for the frame 994 * @key: Pointer to the EAPOL-Key frame header 995 * @ver: Version bits from EAPOL-Key Key Info 996 * @key_info: Key Info 997 * @kde: KDEs to include the EAPOL-Key frame 998 * @kde_len: Length of KDEs 999 * @ptk: PTK to use for keyed hash and encryption 1000 * Returns: 0 on success, -1 on failure 1001 */ 1002 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1003 const struct wpa_eapol_key *key, 1004 u16 ver, u16 key_info, 1005 const u8 *kde, size_t kde_len, 1006 struct wpa_ptk *ptk) 1007 { 1008 size_t rlen; 1009 struct wpa_eapol_key *reply; 1010 u8 *rbuf; 1011 1012 if (kde) 1013 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len); 1014 1015 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1016 sizeof(*reply) + kde_len, 1017 &rlen, (void *) &reply); 1018 if (rbuf == NULL) 1019 return -1; 1020 1021 reply->type = sm->proto == WPA_PROTO_RSN ? 1022 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1023 key_info &= WPA_KEY_INFO_SECURE; 1024 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1025 WPA_PUT_BE16(reply->key_info, key_info); 1026 if (sm->proto == WPA_PROTO_RSN) 1027 WPA_PUT_BE16(reply->key_length, 0); 1028 else 1029 os_memcpy(reply->key_length, key->key_length, 2); 1030 os_memcpy(reply->replay_counter, key->replay_counter, 1031 WPA_REPLAY_COUNTER_LEN); 1032 1033 WPA_PUT_BE16(reply->key_data_length, kde_len); 1034 if (kde) 1035 os_memcpy(reply + 1, kde, kde_len); 1036 1037 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1038 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 1039 rbuf, rlen, reply->key_mic); 1040 1041 return 0; 1042 } 1043 1044 1045 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1046 const struct wpa_eapol_key *key, 1047 u16 ver) 1048 { 1049 u16 key_info, keylen, len; 1050 const u8 *pos; 1051 struct wpa_eapol_ie_parse ie; 1052 1053 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1054 wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from " 1055 MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1056 1057 key_info = WPA_GET_BE16(key->key_info); 1058 1059 pos = (const u8 *) (key + 1); 1060 len = WPA_GET_BE16(key->key_data_length); 1061 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len); 1062 wpa_supplicant_parse_ies(pos, len, &ie); 1063 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1064 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data"); 1065 goto failed; 1066 } 1067 #ifdef CONFIG_IEEE80211W 1068 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1069 wpa_printf(MSG_WARNING, "WPA: IGTK KDE in unencrypted key " 1070 "data"); 1071 goto failed; 1072 } 1073 1074 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) { 1075 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu", 1076 (unsigned long) ie.igtk_len); 1077 goto failed; 1078 } 1079 #endif /* CONFIG_IEEE80211W */ 1080 1081 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1082 goto failed; 1083 1084 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1085 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way " 1086 "Handshake differs from 3 of 4-Way Handshake - drop" 1087 " packet (src=" MACSTR ")", MAC2STR(sm->bssid)); 1088 goto failed; 1089 } 1090 1091 keylen = WPA_GET_BE16(key->key_length); 1092 switch (sm->pairwise_cipher) { 1093 case WPA_CIPHER_CCMP: 1094 if (keylen != 16) { 1095 wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length " 1096 "%d (src=" MACSTR ")", 1097 keylen, MAC2STR(sm->bssid)); 1098 goto failed; 1099 } 1100 break; 1101 case WPA_CIPHER_TKIP: 1102 if (keylen != 32) { 1103 wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length " 1104 "%d (src=" MACSTR ")", 1105 keylen, MAC2STR(sm->bssid)); 1106 goto failed; 1107 } 1108 break; 1109 } 1110 1111 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1112 NULL, 0, &sm->ptk)) { 1113 goto failed; 1114 } 1115 1116 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1117 * for the next 4-Way Handshake. If msg 3 is received again, the old 1118 * SNonce will still be used to avoid changing PTK. */ 1119 sm->renew_snonce = 1; 1120 1121 if (key_info & WPA_KEY_INFO_INSTALL) { 1122 if (wpa_supplicant_install_ptk(sm, key)) 1123 goto failed; 1124 } 1125 1126 if (key_info & WPA_KEY_INFO_SECURE) { 1127 wpa_sm_mlme_setprotection( 1128 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1129 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1130 eapol_sm_notify_portValid(sm->eapol, TRUE); 1131 } 1132 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1133 1134 if (ie.gtk && 1135 wpa_supplicant_pairwise_gtk(sm, key, 1136 ie.gtk, ie.gtk_len, key_info) < 0) { 1137 wpa_printf(MSG_INFO, "RSN: Failed to configure GTK"); 1138 goto failed; 1139 } 1140 1141 if (ieee80211w_set_keys(sm, &ie) < 0) { 1142 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK"); 1143 goto failed; 1144 } 1145 1146 return; 1147 1148 failed: 1149 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1150 } 1151 1152 1153 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1154 const u8 *keydata, 1155 size_t keydatalen, 1156 u16 key_info, 1157 struct wpa_gtk_data *gd) 1158 { 1159 int maxkeylen; 1160 struct wpa_eapol_ie_parse ie; 1161 1162 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1163 wpa_supplicant_parse_ies(keydata, keydatalen, &ie); 1164 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1165 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data"); 1166 return -1; 1167 } 1168 if (ie.gtk == NULL) { 1169 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2"); 1170 return -1; 1171 } 1172 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1173 1174 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 1175 gd->gtk_len, maxkeylen, 1176 &gd->key_rsc_len, &gd->alg)) 1177 return -1; 1178 1179 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake", 1180 ie.gtk, ie.gtk_len); 1181 gd->keyidx = ie.gtk[0] & 0x3; 1182 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1183 !!(ie.gtk[0] & BIT(2))); 1184 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1185 wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE " 1186 "(len=%lu)", (unsigned long) ie.gtk_len - 2); 1187 return -1; 1188 } 1189 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1190 1191 if (ieee80211w_set_keys(sm, &ie) < 0) 1192 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK"); 1193 1194 return 0; 1195 } 1196 1197 1198 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1199 const struct wpa_eapol_key *key, 1200 size_t keydatalen, int key_info, 1201 size_t extra_len, u16 ver, 1202 struct wpa_gtk_data *gd) 1203 { 1204 size_t maxkeylen; 1205 u8 ek[32]; 1206 1207 gd->gtk_len = WPA_GET_BE16(key->key_length); 1208 maxkeylen = keydatalen; 1209 if (keydatalen > extra_len) { 1210 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:" 1211 " key_data_length=%lu > extra_len=%lu", 1212 (unsigned long) keydatalen, 1213 (unsigned long) extra_len); 1214 return -1; 1215 } 1216 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1217 if (maxkeylen < 8) { 1218 wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)", 1219 (unsigned long) maxkeylen); 1220 return -1; 1221 } 1222 maxkeylen -= 8; 1223 } 1224 1225 if (wpa_supplicant_check_group_cipher(sm->group_cipher, 1226 gd->gtk_len, maxkeylen, 1227 &gd->key_rsc_len, &gd->alg)) 1228 return -1; 1229 1230 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1231 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1232 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1233 os_memcpy(ek, key->key_iv, 16); 1234 os_memcpy(ek + 16, sm->ptk.kek, 16); 1235 if (keydatalen > sizeof(gd->gtk)) { 1236 wpa_printf(MSG_WARNING, "WPA: RC4 key data " 1237 "too long (%lu)", 1238 (unsigned long) keydatalen); 1239 return -1; 1240 } 1241 os_memcpy(gd->gtk, key + 1, keydatalen); 1242 if (rc4_skip(ek, 32, 256, gd->gtk, keydatalen)) { 1243 wpa_printf(MSG_ERROR, "WPA: RC4 failed"); 1244 return -1; 1245 } 1246 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1247 if (keydatalen % 8) { 1248 wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP " 1249 "len %lu", (unsigned long) keydatalen); 1250 return -1; 1251 } 1252 if (maxkeylen > sizeof(gd->gtk)) { 1253 wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data " 1254 "too long (keydatalen=%lu maxkeylen=%lu)", 1255 (unsigned long) keydatalen, 1256 (unsigned long) maxkeylen); 1257 return -1; 1258 } 1259 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8, 1260 (const u8 *) (key + 1), gd->gtk)) { 1261 wpa_printf(MSG_WARNING, "WPA: AES unwrap " 1262 "failed - could not decrypt GTK"); 1263 return -1; 1264 } 1265 } else { 1266 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d", 1267 ver); 1268 return -1; 1269 } 1270 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1271 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1272 return 0; 1273 } 1274 1275 1276 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1277 const struct wpa_eapol_key *key, 1278 int ver, u16 key_info) 1279 { 1280 size_t rlen; 1281 struct wpa_eapol_key *reply; 1282 u8 *rbuf; 1283 1284 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1285 sizeof(*reply), &rlen, (void *) &reply); 1286 if (rbuf == NULL) 1287 return -1; 1288 1289 reply->type = sm->proto == WPA_PROTO_RSN ? 1290 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1291 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1292 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1293 WPA_PUT_BE16(reply->key_info, key_info); 1294 if (sm->proto == WPA_PROTO_RSN) 1295 WPA_PUT_BE16(reply->key_length, 0); 1296 else 1297 os_memcpy(reply->key_length, key->key_length, 2); 1298 os_memcpy(reply->replay_counter, key->replay_counter, 1299 WPA_REPLAY_COUNTER_LEN); 1300 1301 WPA_PUT_BE16(reply->key_data_length, 0); 1302 1303 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1304 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL, 1305 rbuf, rlen, reply->key_mic); 1306 1307 return 0; 1308 } 1309 1310 1311 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1312 const unsigned char *src_addr, 1313 const struct wpa_eapol_key *key, 1314 int extra_len, u16 ver) 1315 { 1316 u16 key_info, keydatalen; 1317 int rekey, ret; 1318 struct wpa_gtk_data gd; 1319 1320 os_memset(&gd, 0, sizeof(gd)); 1321 1322 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1323 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from " 1324 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1325 1326 key_info = WPA_GET_BE16(key->key_info); 1327 keydatalen = WPA_GET_BE16(key->key_data_length); 1328 1329 if (sm->proto == WPA_PROTO_RSN) { 1330 ret = wpa_supplicant_process_1_of_2_rsn(sm, 1331 (const u8 *) (key + 1), 1332 keydatalen, key_info, 1333 &gd); 1334 } else { 1335 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen, 1336 key_info, extra_len, 1337 ver, &gd); 1338 } 1339 1340 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1341 1342 if (ret) 1343 goto failed; 1344 1345 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1346 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1347 goto failed; 1348 1349 if (rekey) { 1350 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1351 "completed with " MACSTR " [GTK=%s]", 1352 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1353 wpa_sm_cancel_auth_timeout(sm); 1354 wpa_sm_set_state(sm, WPA_COMPLETED); 1355 } else { 1356 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1357 key_info & 1358 WPA_KEY_INFO_SECURE); 1359 } 1360 return; 1361 1362 failed: 1363 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1364 } 1365 1366 1367 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1368 struct wpa_eapol_key *key, 1369 u16 ver, 1370 const u8 *buf, size_t len) 1371 { 1372 u8 mic[16]; 1373 int ok = 0; 1374 1375 os_memcpy(mic, key->key_mic, 16); 1376 if (sm->tptk_set) { 1377 os_memset(key->key_mic, 0, 16); 1378 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len, 1379 key->key_mic); 1380 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1381 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1382 "when using TPTK - ignoring TPTK"); 1383 } else { 1384 ok = 1; 1385 sm->tptk_set = 0; 1386 sm->ptk_set = 1; 1387 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1388 } 1389 } 1390 1391 if (!ok && sm->ptk_set) { 1392 os_memset(key->key_mic, 0, 16); 1393 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len, 1394 key->key_mic); 1395 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1396 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1397 "- dropping packet"); 1398 return -1; 1399 } 1400 ok = 1; 1401 } 1402 1403 if (!ok) { 1404 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC " 1405 "- dropping packet"); 1406 return -1; 1407 } 1408 1409 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1410 WPA_REPLAY_COUNTER_LEN); 1411 sm->rx_replay_counter_set = 1; 1412 return 0; 1413 } 1414 1415 1416 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1417 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1418 struct wpa_eapol_key *key, u16 ver) 1419 { 1420 u16 keydatalen = WPA_GET_BE16(key->key_data_length); 1421 1422 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1423 (u8 *) (key + 1), keydatalen); 1424 if (!sm->ptk_set) { 1425 wpa_printf(MSG_WARNING, "WPA: PTK not available, " 1426 "cannot decrypt EAPOL-Key key data."); 1427 return -1; 1428 } 1429 1430 /* Decrypt key data here so that this operation does not need 1431 * to be implemented separately for each message type. */ 1432 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1433 u8 ek[32]; 1434 os_memcpy(ek, key->key_iv, 16); 1435 os_memcpy(ek + 16, sm->ptk.kek, 16); 1436 if (rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen)) { 1437 wpa_printf(MSG_ERROR, "WPA: RC4 failed"); 1438 return -1; 1439 } 1440 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1441 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1442 u8 *buf; 1443 if (keydatalen % 8) { 1444 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1445 "AES-WRAP len %d", keydatalen); 1446 return -1; 1447 } 1448 keydatalen -= 8; /* AES-WRAP adds 8 bytes */ 1449 buf = os_malloc(keydatalen); 1450 if (buf == NULL) { 1451 wpa_printf(MSG_WARNING, "WPA: No memory for " 1452 "AES-UNWRAP buffer"); 1453 return -1; 1454 } 1455 if (aes_unwrap(sm->ptk.kek, keydatalen / 8, 1456 (u8 *) (key + 1), buf)) { 1457 os_free(buf); 1458 wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - " 1459 "could not decrypt EAPOL-Key key data"); 1460 return -1; 1461 } 1462 os_memcpy(key + 1, buf, keydatalen); 1463 os_free(buf); 1464 WPA_PUT_BE16(key->key_data_length, keydatalen); 1465 } else { 1466 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d", 1467 ver); 1468 return -1; 1469 } 1470 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1471 (u8 *) (key + 1), keydatalen); 1472 return 0; 1473 } 1474 1475 1476 /** 1477 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1478 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1479 */ 1480 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1481 { 1482 if (sm && sm->cur_pmksa) { 1483 wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt"); 1484 sm->cur_pmksa = NULL; 1485 } 1486 } 1487 1488 1489 static void wpa_eapol_key_dump(const struct wpa_eapol_key *key) 1490 { 1491 #ifndef CONFIG_NO_STDOUT_DEBUG 1492 u16 key_info = WPA_GET_BE16(key->key_info); 1493 1494 wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1495 wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s" 1496 "%s%s%s%s%s%s%s)", 1497 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1498 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1499 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1500 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1501 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1502 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1503 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1504 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1505 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1506 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1507 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1508 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1509 wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u", 1510 WPA_GET_BE16(key->key_length), 1511 WPA_GET_BE16(key->key_data_length)); 1512 wpa_hexdump(MSG_DEBUG, " replay_counter", 1513 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1514 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1515 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1516 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1517 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1518 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16); 1519 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1520 } 1521 1522 1523 /** 1524 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1525 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1526 * @src_addr: Source MAC address of the EAPOL packet 1527 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1528 * @len: Length of the EAPOL frame 1529 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1530 * 1531 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1532 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1533 * only processing WPA and WPA2 EAPOL-Key frames. 1534 * 1535 * The received EAPOL-Key packets are validated and valid packets are replied 1536 * to. In addition, key material (PTK, GTK) is configured at the end of a 1537 * successful key handshake. 1538 */ 1539 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1540 const u8 *buf, size_t len) 1541 { 1542 size_t plen, data_len, extra_len; 1543 struct ieee802_1x_hdr *hdr; 1544 struct wpa_eapol_key *key; 1545 u16 key_info, ver; 1546 u8 *tmp; 1547 int ret = -1; 1548 struct wpa_peerkey *peerkey = NULL; 1549 1550 #ifdef CONFIG_IEEE80211R 1551 sm->ft_completed = 0; 1552 #endif /* CONFIG_IEEE80211R */ 1553 1554 if (len < sizeof(*hdr) + sizeof(*key)) { 1555 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " 1556 "EAPOL-Key (len %lu, expecting at least %lu)", 1557 (unsigned long) len, 1558 (unsigned long) sizeof(*hdr) + sizeof(*key)); 1559 return 0; 1560 } 1561 1562 tmp = os_malloc(len); 1563 if (tmp == NULL) 1564 return -1; 1565 os_memcpy(tmp, buf, len); 1566 1567 hdr = (struct ieee802_1x_hdr *) tmp; 1568 key = (struct wpa_eapol_key *) (hdr + 1); 1569 plen = be_to_host16(hdr->length); 1570 data_len = plen + sizeof(*hdr); 1571 wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu", 1572 hdr->version, hdr->type, (unsigned long) plen); 1573 1574 if (hdr->version < EAPOL_VERSION) { 1575 /* TODO: backwards compatibility */ 1576 } 1577 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1578 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, " 1579 "not a Key frame", hdr->type); 1580 ret = 0; 1581 goto out; 1582 } 1583 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 1584 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu " 1585 "invalid (frame size %lu)", 1586 (unsigned long) plen, (unsigned long) len); 1587 ret = 0; 1588 goto out; 1589 } 1590 1591 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1592 { 1593 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, " 1594 "discarded", key->type); 1595 ret = 0; 1596 goto out; 1597 } 1598 wpa_eapol_key_dump(key); 1599 1600 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1601 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len); 1602 if (data_len < len) { 1603 wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " 1604 "802.1X data", (unsigned long) len - data_len); 1605 } 1606 key_info = WPA_GET_BE16(key->key_info); 1607 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1608 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1609 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1610 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1611 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1612 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1613 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor " 1614 "version %d.", ver); 1615 goto out; 1616 } 1617 1618 #ifdef CONFIG_IEEE80211R 1619 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1620 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1621 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1622 wpa_printf(MSG_INFO, "FT: AP did not use " 1623 "AES-128-CMAC."); 1624 goto out; 1625 } 1626 } else 1627 #endif /* CONFIG_IEEE80211R */ 1628 #ifdef CONFIG_IEEE80211W 1629 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1630 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1631 wpa_printf(MSG_INFO, "WPA: AP did not use the " 1632 "negotiated AES-128-CMAC."); 1633 goto out; 1634 } 1635 } else 1636 #endif /* CONFIG_IEEE80211W */ 1637 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1638 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1639 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key " 1640 "descriptor version (%d) is not 2.", ver); 1641 if (sm->group_cipher != WPA_CIPHER_CCMP && 1642 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1643 /* Earlier versions of IEEE 802.11i did not explicitly 1644 * require version 2 descriptor for all EAPOL-Key 1645 * packets, so allow group keys to use version 1 if 1646 * CCMP is not used for them. */ 1647 wpa_printf(MSG_INFO, "WPA: Backwards compatibility: " 1648 "allow invalid version for non-CCMP group " 1649 "keys"); 1650 } else 1651 goto out; 1652 } 1653 1654 #ifdef CONFIG_PEERKEY 1655 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1656 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1657 break; 1658 } 1659 1660 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1661 if (!peerkey->initiator && peerkey->replay_counter_set && 1662 os_memcmp(key->replay_counter, peerkey->replay_counter, 1663 WPA_REPLAY_COUNTER_LEN) <= 0) { 1664 wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay " 1665 "Counter did not increase (STK) - dropping " 1666 "packet"); 1667 goto out; 1668 } else if (peerkey->initiator) { 1669 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1670 os_memcpy(_tmp, key->replay_counter, 1671 WPA_REPLAY_COUNTER_LEN); 1672 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1673 if (os_memcmp(_tmp, peerkey->replay_counter, 1674 WPA_REPLAY_COUNTER_LEN) != 0) { 1675 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay " 1676 "Counter did not match (STK) - " 1677 "dropping packet"); 1678 goto out; 1679 } 1680 } 1681 } 1682 1683 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1684 wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer"); 1685 goto out; 1686 } 1687 #endif /* CONFIG_PEERKEY */ 1688 1689 if (!peerkey && sm->rx_replay_counter_set && 1690 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1691 WPA_REPLAY_COUNTER_LEN) <= 0) { 1692 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not" 1693 " increase - dropping packet"); 1694 goto out; 1695 } 1696 1697 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1698 #ifdef CONFIG_PEERKEY 1699 && (peerkey == NULL || !peerkey->initiator) 1700 #endif /* CONFIG_PEERKEY */ 1701 ) { 1702 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info"); 1703 goto out; 1704 } 1705 1706 if (key_info & WPA_KEY_INFO_REQUEST) { 1707 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - " 1708 "dropped"); 1709 goto out; 1710 } 1711 1712 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1713 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) 1714 goto out; 1715 1716 #ifdef CONFIG_PEERKEY 1717 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1718 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len)) 1719 goto out; 1720 #endif /* CONFIG_PEERKEY */ 1721 1722 extra_len = data_len - sizeof(*hdr) - sizeof(*key); 1723 1724 if (WPA_GET_BE16(key->key_data_length) > extra_len) { 1725 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1726 "frame - key_data overflow (%d > %lu)", 1727 WPA_GET_BE16(key->key_data_length), 1728 (unsigned long) extra_len); 1729 goto out; 1730 } 1731 extra_len = WPA_GET_BE16(key->key_data_length); 1732 1733 if (sm->proto == WPA_PROTO_RSN && 1734 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1735 if (wpa_supplicant_decrypt_key_data(sm, key, ver)) 1736 goto out; 1737 extra_len = WPA_GET_BE16(key->key_data_length); 1738 } 1739 1740 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1741 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1742 wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key " 1743 "(Pairwise) with non-zero key index"); 1744 goto out; 1745 } 1746 if (peerkey) { 1747 /* PeerKey 4-Way Handshake */ 1748 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver); 1749 } else if (key_info & WPA_KEY_INFO_MIC) { 1750 /* 3/4 4-Way Handshake */ 1751 wpa_supplicant_process_3_of_4(sm, key, ver); 1752 } else { 1753 /* 1/4 4-Way Handshake */ 1754 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1755 ver); 1756 } 1757 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1758 /* PeerKey SMK Handshake */ 1759 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info, 1760 ver); 1761 } else { 1762 if (key_info & WPA_KEY_INFO_MIC) { 1763 /* 1/2 Group Key Handshake */ 1764 wpa_supplicant_process_1_of_2(sm, src_addr, key, 1765 extra_len, ver); 1766 } else { 1767 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) " 1768 "without Mic bit - dropped"); 1769 } 1770 } 1771 1772 ret = 1; 1773 1774 out: 1775 os_free(tmp); 1776 return ret; 1777 } 1778 1779 1780 #ifdef CONFIG_CTRL_IFACE 1781 static int wpa_cipher_bits(int cipher) 1782 { 1783 switch (cipher) { 1784 case WPA_CIPHER_CCMP: 1785 return 128; 1786 case WPA_CIPHER_TKIP: 1787 return 256; 1788 case WPA_CIPHER_WEP104: 1789 return 104; 1790 case WPA_CIPHER_WEP40: 1791 return 40; 1792 default: 1793 return 0; 1794 } 1795 } 1796 1797 1798 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 1799 { 1800 switch (sm->key_mgmt) { 1801 case WPA_KEY_MGMT_IEEE8021X: 1802 return (sm->proto == WPA_PROTO_RSN ? 1803 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 1804 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 1805 case WPA_KEY_MGMT_PSK: 1806 return (sm->proto == WPA_PROTO_RSN ? 1807 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 1808 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 1809 #ifdef CONFIG_IEEE80211R 1810 case WPA_KEY_MGMT_FT_IEEE8021X: 1811 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1812 case WPA_KEY_MGMT_FT_PSK: 1813 return RSN_AUTH_KEY_MGMT_FT_PSK; 1814 #endif /* CONFIG_IEEE80211R */ 1815 #ifdef CONFIG_IEEE80211W 1816 case WPA_KEY_MGMT_IEEE8021X_SHA256: 1817 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1818 case WPA_KEY_MGMT_PSK_SHA256: 1819 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1820 #endif /* CONFIG_IEEE80211W */ 1821 case WPA_KEY_MGMT_WPA_NONE: 1822 return WPA_AUTH_KEY_MGMT_NONE; 1823 default: 1824 return 0; 1825 } 1826 } 1827 1828 1829 static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher) 1830 { 1831 switch (cipher) { 1832 case WPA_CIPHER_CCMP: 1833 return (sm->proto == WPA_PROTO_RSN ? 1834 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); 1835 case WPA_CIPHER_TKIP: 1836 return (sm->proto == WPA_PROTO_RSN ? 1837 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); 1838 case WPA_CIPHER_WEP104: 1839 return (sm->proto == WPA_PROTO_RSN ? 1840 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); 1841 case WPA_CIPHER_WEP40: 1842 return (sm->proto == WPA_PROTO_RSN ? 1843 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); 1844 case WPA_CIPHER_NONE: 1845 return (sm->proto == WPA_PROTO_RSN ? 1846 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); 1847 default: 1848 return 0; 1849 } 1850 } 1851 1852 1853 #define RSN_SUITE "%02x-%02x-%02x-%d" 1854 #define RSN_SUITE_ARG(s) \ 1855 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 1856 1857 /** 1858 * wpa_sm_get_mib - Dump text list of MIB entries 1859 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1860 * @buf: Buffer for the list 1861 * @buflen: Length of the buffer 1862 * Returns: Number of bytes written to buffer 1863 * 1864 * This function is used fetch dot11 MIB variables. 1865 */ 1866 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 1867 { 1868 char pmkid_txt[PMKID_LEN * 2 + 1]; 1869 int rsna, ret; 1870 size_t len; 1871 1872 if (sm->cur_pmksa) { 1873 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 1874 sm->cur_pmksa->pmkid, PMKID_LEN); 1875 } else 1876 pmkid_txt[0] = '\0'; 1877 1878 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 1879 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 1880 sm->proto == WPA_PROTO_RSN) 1881 rsna = 1; 1882 else 1883 rsna = 0; 1884 1885 ret = os_snprintf(buf, buflen, 1886 "dot11RSNAOptionImplemented=TRUE\n" 1887 "dot11RSNAPreauthenticationImplemented=TRUE\n" 1888 "dot11RSNAEnabled=%s\n" 1889 "dot11RSNAPreauthenticationEnabled=%s\n" 1890 "dot11RSNAConfigVersion=%d\n" 1891 "dot11RSNAConfigPairwiseKeysSupported=5\n" 1892 "dot11RSNAConfigGroupCipherSize=%d\n" 1893 "dot11RSNAConfigPMKLifetime=%d\n" 1894 "dot11RSNAConfigPMKReauthThreshold=%d\n" 1895 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 1896 "dot11RSNAConfigSATimeout=%d\n", 1897 rsna ? "TRUE" : "FALSE", 1898 rsna ? "TRUE" : "FALSE", 1899 RSN_VERSION, 1900 wpa_cipher_bits(sm->group_cipher), 1901 sm->dot11RSNAConfigPMKLifetime, 1902 sm->dot11RSNAConfigPMKReauthThreshold, 1903 sm->dot11RSNAConfigSATimeout); 1904 if (ret < 0 || (size_t) ret >= buflen) 1905 return 0; 1906 len = ret; 1907 1908 ret = os_snprintf( 1909 buf + len, buflen - len, 1910 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 1911 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 1912 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 1913 "dot11RSNAPMKIDUsed=%s\n" 1914 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 1915 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 1916 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 1917 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 1918 "dot11RSNA4WayHandshakeFailures=%u\n", 1919 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1920 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1921 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1922 pmkid_txt, 1923 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1924 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1925 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1926 sm->dot11RSNA4WayHandshakeFailures); 1927 if (ret >= 0 && (size_t) ret < buflen) 1928 len += ret; 1929 1930 return (int) len; 1931 } 1932 #endif /* CONFIG_CTRL_IFACE */ 1933 1934 1935 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 1936 void *ctx, int replace) 1937 { 1938 struct wpa_sm *sm = ctx; 1939 1940 if (sm->cur_pmksa == entry || 1941 (sm->pmk_len == entry->pmk_len && 1942 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 1943 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry"); 1944 sm->cur_pmksa = NULL; 1945 1946 if (replace) { 1947 /* A new entry is being added, so no need to 1948 * deauthenticate in this case. This happens when EAP 1949 * authentication is completed again (reauth or failed 1950 * PMKSA caching attempt). */ 1951 return; 1952 } 1953 1954 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 1955 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1956 } 1957 } 1958 1959 1960 /** 1961 * wpa_sm_init - Initialize WPA state machine 1962 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 1963 * Returns: Pointer to the allocated WPA state machine data 1964 * 1965 * This function is used to allocate a new WPA state machine and the returned 1966 * value is passed to all WPA state machine calls. 1967 */ 1968 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 1969 { 1970 struct wpa_sm *sm; 1971 1972 sm = os_zalloc(sizeof(*sm)); 1973 if (sm == NULL) 1974 return NULL; 1975 dl_list_init(&sm->pmksa_candidates); 1976 sm->renew_snonce = 1; 1977 sm->ctx = ctx; 1978 1979 sm->dot11RSNAConfigPMKLifetime = 43200; 1980 sm->dot11RSNAConfigPMKReauthThreshold = 70; 1981 sm->dot11RSNAConfigSATimeout = 60; 1982 1983 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 1984 if (sm->pmksa == NULL) { 1985 wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization " 1986 "failed"); 1987 os_free(sm); 1988 return NULL; 1989 } 1990 1991 return sm; 1992 } 1993 1994 1995 /** 1996 * wpa_sm_deinit - Deinitialize WPA state machine 1997 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1998 */ 1999 void wpa_sm_deinit(struct wpa_sm *sm) 2000 { 2001 if (sm == NULL) 2002 return; 2003 pmksa_cache_deinit(sm->pmksa); 2004 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2005 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2006 os_free(sm->assoc_wpa_ie); 2007 os_free(sm->ap_wpa_ie); 2008 os_free(sm->ap_rsn_ie); 2009 os_free(sm->ctx); 2010 peerkey_deinit(sm); 2011 #ifdef CONFIG_IEEE80211R 2012 os_free(sm->assoc_resp_ies); 2013 #endif /* CONFIG_IEEE80211R */ 2014 os_free(sm); 2015 } 2016 2017 2018 /** 2019 * wpa_sm_notify_assoc - Notify WPA state machine about association 2020 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2021 * @bssid: The BSSID of the new association 2022 * 2023 * This function is called to let WPA state machine know that the connection 2024 * was established. 2025 */ 2026 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2027 { 2028 int clear_ptk = 1; 2029 2030 if (sm == NULL) 2031 return; 2032 2033 wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter"); 2034 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2035 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2036 sm->rx_replay_counter_set = 0; 2037 sm->renew_snonce = 1; 2038 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2039 rsn_preauth_deinit(sm); 2040 2041 #ifdef CONFIG_IEEE80211R 2042 if (wpa_ft_is_completed(sm)) { 2043 /* 2044 * Clear portValid to kick EAPOL state machine to re-enter 2045 * AUTHENTICATED state to get the EAPOL port Authorized. 2046 */ 2047 eapol_sm_notify_portValid(sm->eapol, FALSE); 2048 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2049 2050 /* Prepare for the next transition */ 2051 wpa_ft_prepare_auth_request(sm, NULL); 2052 2053 clear_ptk = 0; 2054 } 2055 #endif /* CONFIG_IEEE80211R */ 2056 2057 if (clear_ptk) { 2058 /* 2059 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2060 * this is not part of a Fast BSS Transition. 2061 */ 2062 wpa_printf(MSG_DEBUG, "WPA: Clear old PTK"); 2063 sm->ptk_set = 0; 2064 sm->tptk_set = 0; 2065 } 2066 } 2067 2068 2069 /** 2070 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2071 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2072 * 2073 * This function is called to let WPA state machine know that the connection 2074 * was lost. This will abort any existing pre-authentication session. 2075 */ 2076 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2077 { 2078 rsn_preauth_deinit(sm); 2079 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2080 sm->dot11RSNA4WayHandshakeFailures++; 2081 } 2082 2083 2084 /** 2085 * wpa_sm_set_pmk - Set PMK 2086 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2087 * @pmk: The new PMK 2088 * @pmk_len: The length of the new PMK in bytes 2089 * 2090 * Configure the PMK for WPA state machine. 2091 */ 2092 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len) 2093 { 2094 if (sm == NULL) 2095 return; 2096 2097 sm->pmk_len = pmk_len; 2098 os_memcpy(sm->pmk, pmk, pmk_len); 2099 2100 #ifdef CONFIG_IEEE80211R 2101 /* Set XXKey to be PSK for FT key derivation */ 2102 sm->xxkey_len = pmk_len; 2103 os_memcpy(sm->xxkey, pmk, pmk_len); 2104 #endif /* CONFIG_IEEE80211R */ 2105 } 2106 2107 2108 /** 2109 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2110 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2111 * 2112 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2113 * will be cleared. 2114 */ 2115 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2116 { 2117 if (sm == NULL) 2118 return; 2119 2120 if (sm->cur_pmksa) { 2121 sm->pmk_len = sm->cur_pmksa->pmk_len; 2122 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2123 } else { 2124 sm->pmk_len = PMK_LEN; 2125 os_memset(sm->pmk, 0, PMK_LEN); 2126 } 2127 } 2128 2129 2130 /** 2131 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2132 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2133 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2134 */ 2135 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2136 { 2137 if (sm) 2138 sm->fast_reauth = fast_reauth; 2139 } 2140 2141 2142 /** 2143 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2144 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2145 * @scard_ctx: Context pointer for smartcard related callback functions 2146 */ 2147 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2148 { 2149 if (sm == NULL) 2150 return; 2151 sm->scard_ctx = scard_ctx; 2152 if (sm->preauth_eapol) 2153 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2154 } 2155 2156 2157 /** 2158 * wpa_sm_set_config - Notification of current configration change 2159 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2160 * @config: Pointer to current network configuration 2161 * 2162 * Notify WPA state machine that configuration has changed. config will be 2163 * stored as a backpointer to network configuration. This can be %NULL to clear 2164 * the stored pointed. 2165 */ 2166 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2167 { 2168 if (!sm) 2169 return; 2170 2171 if (config) { 2172 sm->network_ctx = config->network_ctx; 2173 sm->peerkey_enabled = config->peerkey_enabled; 2174 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2175 sm->proactive_key_caching = config->proactive_key_caching; 2176 sm->eap_workaround = config->eap_workaround; 2177 sm->eap_conf_ctx = config->eap_conf_ctx; 2178 if (config->ssid) { 2179 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2180 sm->ssid_len = config->ssid_len; 2181 } else 2182 sm->ssid_len = 0; 2183 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2184 } else { 2185 sm->network_ctx = NULL; 2186 sm->peerkey_enabled = 0; 2187 sm->allowed_pairwise_cipher = 0; 2188 sm->proactive_key_caching = 0; 2189 sm->eap_workaround = 0; 2190 sm->eap_conf_ctx = NULL; 2191 sm->ssid_len = 0; 2192 sm->wpa_ptk_rekey = 0; 2193 } 2194 if (config == NULL || config->network_ctx != sm->network_ctx) 2195 pmksa_cache_notify_reconfig(sm->pmksa); 2196 } 2197 2198 2199 /** 2200 * wpa_sm_set_own_addr - Set own MAC address 2201 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2202 * @addr: Own MAC address 2203 */ 2204 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2205 { 2206 if (sm) 2207 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2208 } 2209 2210 2211 /** 2212 * wpa_sm_set_ifname - Set network interface name 2213 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2214 * @ifname: Interface name 2215 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2216 */ 2217 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2218 const char *bridge_ifname) 2219 { 2220 if (sm) { 2221 sm->ifname = ifname; 2222 sm->bridge_ifname = bridge_ifname; 2223 } 2224 } 2225 2226 2227 /** 2228 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2229 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2230 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2231 */ 2232 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2233 { 2234 if (sm) 2235 sm->eapol = eapol; 2236 } 2237 2238 2239 /** 2240 * wpa_sm_set_param - Set WPA state machine parameters 2241 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2242 * @param: Parameter field 2243 * @value: Parameter value 2244 * Returns: 0 on success, -1 on failure 2245 */ 2246 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2247 unsigned int value) 2248 { 2249 int ret = 0; 2250 2251 if (sm == NULL) 2252 return -1; 2253 2254 switch (param) { 2255 case RSNA_PMK_LIFETIME: 2256 if (value > 0) 2257 sm->dot11RSNAConfigPMKLifetime = value; 2258 else 2259 ret = -1; 2260 break; 2261 case RSNA_PMK_REAUTH_THRESHOLD: 2262 if (value > 0 && value <= 100) 2263 sm->dot11RSNAConfigPMKReauthThreshold = value; 2264 else 2265 ret = -1; 2266 break; 2267 case RSNA_SA_TIMEOUT: 2268 if (value > 0) 2269 sm->dot11RSNAConfigSATimeout = value; 2270 else 2271 ret = -1; 2272 break; 2273 case WPA_PARAM_PROTO: 2274 sm->proto = value; 2275 break; 2276 case WPA_PARAM_PAIRWISE: 2277 sm->pairwise_cipher = value; 2278 break; 2279 case WPA_PARAM_GROUP: 2280 sm->group_cipher = value; 2281 break; 2282 case WPA_PARAM_KEY_MGMT: 2283 sm->key_mgmt = value; 2284 break; 2285 #ifdef CONFIG_IEEE80211W 2286 case WPA_PARAM_MGMT_GROUP: 2287 sm->mgmt_group_cipher = value; 2288 break; 2289 #endif /* CONFIG_IEEE80211W */ 2290 case WPA_PARAM_RSN_ENABLED: 2291 sm->rsn_enabled = value; 2292 break; 2293 case WPA_PARAM_MFP: 2294 sm->mfp = value; 2295 break; 2296 default: 2297 break; 2298 } 2299 2300 return ret; 2301 } 2302 2303 2304 /** 2305 * wpa_sm_get_param - Get WPA state machine parameters 2306 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2307 * @param: Parameter field 2308 * Returns: Parameter value 2309 */ 2310 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param) 2311 { 2312 if (sm == NULL) 2313 return 0; 2314 2315 switch (param) { 2316 case RSNA_PMK_LIFETIME: 2317 return sm->dot11RSNAConfigPMKLifetime; 2318 case RSNA_PMK_REAUTH_THRESHOLD: 2319 return sm->dot11RSNAConfigPMKReauthThreshold; 2320 case RSNA_SA_TIMEOUT: 2321 return sm->dot11RSNAConfigSATimeout; 2322 case WPA_PARAM_PROTO: 2323 return sm->proto; 2324 case WPA_PARAM_PAIRWISE: 2325 return sm->pairwise_cipher; 2326 case WPA_PARAM_GROUP: 2327 return sm->group_cipher; 2328 case WPA_PARAM_KEY_MGMT: 2329 return sm->key_mgmt; 2330 #ifdef CONFIG_IEEE80211W 2331 case WPA_PARAM_MGMT_GROUP: 2332 return sm->mgmt_group_cipher; 2333 #endif /* CONFIG_IEEE80211W */ 2334 case WPA_PARAM_RSN_ENABLED: 2335 return sm->rsn_enabled; 2336 default: 2337 return 0; 2338 } 2339 } 2340 2341 2342 /** 2343 * wpa_sm_get_status - Get WPA state machine 2344 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2345 * @buf: Buffer for status information 2346 * @buflen: Maximum buffer length 2347 * @verbose: Whether to include verbose status information 2348 * Returns: Number of bytes written to buf. 2349 * 2350 * Query WPA state machine for status information. This function fills in 2351 * a text area with current status information. If the buffer (buf) is not 2352 * large enough, status information will be truncated to fit the buffer. 2353 */ 2354 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2355 int verbose) 2356 { 2357 char *pos = buf, *end = buf + buflen; 2358 int ret; 2359 2360 ret = os_snprintf(pos, end - pos, 2361 "pairwise_cipher=%s\n" 2362 "group_cipher=%s\n" 2363 "key_mgmt=%s\n", 2364 wpa_cipher_txt(sm->pairwise_cipher), 2365 wpa_cipher_txt(sm->group_cipher), 2366 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2367 if (ret < 0 || ret >= end - pos) 2368 return pos - buf; 2369 pos += ret; 2370 return pos - buf; 2371 } 2372 2373 2374 /** 2375 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2376 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2377 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2378 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2379 * Returns: 0 on success, -1 on failure 2380 */ 2381 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2382 size_t *wpa_ie_len) 2383 { 2384 int res; 2385 2386 if (sm == NULL) 2387 return -1; 2388 2389 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2390 if (res < 0) 2391 return -1; 2392 *wpa_ie_len = res; 2393 2394 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2395 wpa_ie, *wpa_ie_len); 2396 2397 if (sm->assoc_wpa_ie == NULL) { 2398 /* 2399 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2400 * the correct version of the IE even if PMKSA caching is 2401 * aborted (which would remove PMKID from IE generation). 2402 */ 2403 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2404 if (sm->assoc_wpa_ie == NULL) 2405 return -1; 2406 2407 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2408 sm->assoc_wpa_ie_len = *wpa_ie_len; 2409 } 2410 2411 return 0; 2412 } 2413 2414 2415 /** 2416 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2417 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2418 * @ie: Pointer to IE data (starting from id) 2419 * @len: IE length 2420 * Returns: 0 on success, -1 on failure 2421 * 2422 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2423 * Request frame. The IE will be used to override the default value generated 2424 * with wpa_sm_set_assoc_wpa_ie_default(). 2425 */ 2426 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2427 { 2428 if (sm == NULL) 2429 return -1; 2430 2431 os_free(sm->assoc_wpa_ie); 2432 if (ie == NULL || len == 0) { 2433 wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE"); 2434 sm->assoc_wpa_ie = NULL; 2435 sm->assoc_wpa_ie_len = 0; 2436 } else { 2437 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2438 sm->assoc_wpa_ie = os_malloc(len); 2439 if (sm->assoc_wpa_ie == NULL) 2440 return -1; 2441 2442 os_memcpy(sm->assoc_wpa_ie, ie, len); 2443 sm->assoc_wpa_ie_len = len; 2444 } 2445 2446 return 0; 2447 } 2448 2449 2450 /** 2451 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2452 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2453 * @ie: Pointer to IE data (starting from id) 2454 * @len: IE length 2455 * Returns: 0 on success, -1 on failure 2456 * 2457 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2458 * frame. 2459 */ 2460 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2461 { 2462 if (sm == NULL) 2463 return -1; 2464 2465 os_free(sm->ap_wpa_ie); 2466 if (ie == NULL || len == 0) { 2467 wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE"); 2468 sm->ap_wpa_ie = NULL; 2469 sm->ap_wpa_ie_len = 0; 2470 } else { 2471 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2472 sm->ap_wpa_ie = os_malloc(len); 2473 if (sm->ap_wpa_ie == NULL) 2474 return -1; 2475 2476 os_memcpy(sm->ap_wpa_ie, ie, len); 2477 sm->ap_wpa_ie_len = len; 2478 } 2479 2480 return 0; 2481 } 2482 2483 2484 /** 2485 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2486 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2487 * @ie: Pointer to IE data (starting from id) 2488 * @len: IE length 2489 * Returns: 0 on success, -1 on failure 2490 * 2491 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2492 * frame. 2493 */ 2494 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2495 { 2496 if (sm == NULL) 2497 return -1; 2498 2499 os_free(sm->ap_rsn_ie); 2500 if (ie == NULL || len == 0) { 2501 wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE"); 2502 sm->ap_rsn_ie = NULL; 2503 sm->ap_rsn_ie_len = 0; 2504 } else { 2505 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2506 sm->ap_rsn_ie = os_malloc(len); 2507 if (sm->ap_rsn_ie == NULL) 2508 return -1; 2509 2510 os_memcpy(sm->ap_rsn_ie, ie, len); 2511 sm->ap_rsn_ie_len = len; 2512 } 2513 2514 return 0; 2515 } 2516 2517 2518 /** 2519 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2520 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2521 * @data: Pointer to data area for parsing results 2522 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2523 * 2524 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2525 * parsed data into data. 2526 */ 2527 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2528 { 2529 if (sm == NULL || sm->assoc_wpa_ie == NULL) { 2530 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from " 2531 "association info"); 2532 return -1; 2533 } 2534 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2535 return -2; 2536 return 0; 2537 } 2538 2539 2540 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2541 { 2542 #ifndef CONFIG_NO_WPA2 2543 return pmksa_cache_list(sm->pmksa, buf, len); 2544 #else /* CONFIG_NO_WPA2 */ 2545 return -1; 2546 #endif /* CONFIG_NO_WPA2 */ 2547 } 2548 2549 2550 void wpa_sm_drop_sa(struct wpa_sm *sm) 2551 { 2552 wpa_printf(MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2553 sm->ptk_set = 0; 2554 sm->tptk_set = 0; 2555 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2556 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2557 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2558 } 2559 2560 2561 int wpa_sm_has_ptk(struct wpa_sm *sm) 2562 { 2563 if (sm == NULL) 2564 return 0; 2565 return sm->ptk_set; 2566 } 2567