1 /* $OpenBSD: ieee80211_pae_output.c,v 1.27 2016/04/12 14:33:27 mpi Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Transmit state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/endian.h> 32 #include <sys/errno.h> 33 34 #include <net/if.h> 35 #include <net/if_dl.h> 36 #include <net/if_media.h> 37 #include <net/if_llc.h> 38 39 #include <netinet/in.h> 40 #include <netinet/if_ether.h> 41 #include <netinet/ip.h> 42 43 #include <net80211/ieee80211_var.h> 44 #include <net80211/ieee80211_priv.h> 45 46 int ieee80211_send_eapol_key(struct ieee80211com *, struct mbuf *, 47 struct ieee80211_node *, const struct ieee80211_ptk *); 48 #ifndef IEEE80211_STA_ONLY 49 u_int8_t *ieee80211_add_gtk_kde(u_int8_t *, struct ieee80211_node *, 50 const struct ieee80211_key *); 51 u_int8_t *ieee80211_add_pmkid_kde(u_int8_t *, const u_int8_t *); 52 u_int8_t *ieee80211_add_igtk_kde(u_int8_t *, 53 const struct ieee80211_key *); 54 #endif 55 struct mbuf *ieee80211_get_eapol_key(int, int, u_int); 56 57 /* 58 * Send an EAPOL-Key frame to node `ni'. If MIC or encryption is required, 59 * the PTK must be passed (otherwise it can be set to NULL.) 60 */ 61 int 62 ieee80211_send_eapol_key(struct ieee80211com *ic, struct mbuf *m, 63 struct ieee80211_node *ni, const struct ieee80211_ptk *ptk) 64 { 65 struct ifnet *ifp = &ic->ic_if; 66 struct ether_header *eh; 67 struct ieee80211_eapol_key *key; 68 u_int16_t info; 69 int len; 70 71 M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT); 72 if (m == NULL) 73 return ENOMEM; 74 /* no need to m_pullup here (ok by construction) */ 75 eh = mtod(m, struct ether_header *); 76 eh->ether_type = htons(ETHERTYPE_PAE); 77 IEEE80211_ADDR_COPY(eh->ether_shost, ic->ic_myaddr); 78 IEEE80211_ADDR_COPY(eh->ether_dhost, ni->ni_macaddr); 79 80 key = (struct ieee80211_eapol_key *)&eh[1]; 81 key->version = EAPOL_VERSION; 82 key->type = EAPOL_KEY; 83 key->desc = (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 84 EAPOL_KEY_DESC_IEEE80211 : EAPOL_KEY_DESC_WPA; 85 86 info = BE_READ_2(key->info); 87 /* use V3 descriptor if KDF is SHA256-based */ 88 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) 89 info |= EAPOL_KEY_DESC_V3; 90 /* use V2 descriptor if pairwise or group cipher is CCMP */ 91 else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 92 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) 93 info |= EAPOL_KEY_DESC_V2; 94 else 95 info |= EAPOL_KEY_DESC_V1; 96 BE_WRITE_2(key->info, info); 97 98 len = m->m_len - sizeof(struct ether_header); 99 BE_WRITE_2(key->paylen, len - sizeof(*key)); 100 BE_WRITE_2(key->len, len - 4); 101 102 #ifndef IEEE80211_STA_ONLY 103 if (info & EAPOL_KEY_ENCRYPTED) { 104 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 105 /* clear "Encrypted" bit for WPA */ 106 info &= ~EAPOL_KEY_ENCRYPTED; 107 BE_WRITE_2(key->info, info); 108 } 109 ieee80211_eapol_key_encrypt(ic, key, ptk->kek); 110 111 if ((info & EAPOL_KEY_VERSION_MASK) != EAPOL_KEY_DESC_V1) { 112 /* AES Key Wrap adds 8 bytes + padding */ 113 m->m_pkthdr.len = m->m_len = 114 sizeof(*eh) + 4 + BE_READ_2(key->len); 115 } 116 } 117 #endif 118 if (info & EAPOL_KEY_KEYMIC) 119 ieee80211_eapol_key_mic(key, ptk->kck); 120 121 #ifndef IEEE80211_STA_ONLY 122 /* start a 100ms timeout if an answer is expected from supplicant */ 123 if (info & EAPOL_KEY_KEYACK) 124 timeout_add_msec(&ni->ni_eapol_to, 100); 125 #endif 126 return if_enqueue(ifp, m); 127 } 128 129 #ifndef IEEE80211_STA_ONLY 130 /* 131 * Handle EAPOL-Key timeouts (no answer from supplicant). 132 */ 133 void 134 ieee80211_eapol_timeout(void *arg) 135 { 136 struct ieee80211_node *ni = arg; 137 struct ieee80211com *ic = ni->ni_ic; 138 int s; 139 140 DPRINTF(("no answer from station %s in state %d\n", 141 ether_sprintf(ni->ni_macaddr), ni->ni_rsn_state)); 142 143 s = splnet(); 144 145 switch (ni->ni_rsn_state) { 146 case RSNA_PTKSTART: 147 case RSNA_PTKCALCNEGOTIATING: 148 (void)ieee80211_send_4way_msg1(ic, ni); 149 break; 150 case RSNA_PTKINITNEGOTIATING: 151 (void)ieee80211_send_4way_msg3(ic, ni); 152 break; 153 } 154 155 switch (ni->ni_rsn_gstate) { 156 case RSNA_REKEYNEGOTIATING: 157 (void)ieee80211_send_group_msg1(ic, ni); 158 break; 159 } 160 161 splx(s); 162 } 163 164 /* 165 * Add a GTK KDE to an EAPOL-Key frame (see Figure 144). 166 */ 167 u_int8_t * 168 ieee80211_add_gtk_kde(u_int8_t *frm, struct ieee80211_node *ni, 169 const struct ieee80211_key *k) 170 { 171 KASSERT(k->k_flags & IEEE80211_KEY_GROUP); 172 173 *frm++ = IEEE80211_ELEMID_VENDOR; 174 *frm++ = 6 + k->k_len; 175 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 176 *frm++ = IEEE80211_KDE_GTK; 177 *frm = k->k_id & 3; 178 /* 179 * The TxRx flag for sending a GTK is always the opposite of whether 180 * the pairwise key is used for data encryption/integrity or not. 181 */ 182 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 183 *frm |= 1 << 2; /* set the Tx bit */ 184 frm++; 185 *frm++ = 0; /* reserved */ 186 memcpy(frm, k->k_key, k->k_len); 187 return frm + k->k_len; 188 } 189 190 /* 191 * Add a PMKID KDE to an EAPOL-Key frame (see Figure 146). 192 */ 193 u_int8_t * 194 ieee80211_add_pmkid_kde(u_int8_t *frm, const u_int8_t *pmkid) 195 { 196 *frm++ = IEEE80211_ELEMID_VENDOR; 197 *frm++ = 20; 198 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 199 *frm++ = IEEE80211_KDE_PMKID; 200 memcpy(frm, pmkid, IEEE80211_PMKID_LEN); 201 return frm + IEEE80211_PMKID_LEN; 202 } 203 204 /* 205 * Add an IGTK KDE to an EAPOL-Key frame (see Figure 8-32a). 206 */ 207 u_int8_t * 208 ieee80211_add_igtk_kde(u_int8_t *frm, const struct ieee80211_key *k) 209 { 210 KASSERT(k->k_flags & IEEE80211_KEY_IGTK); 211 212 *frm++ = IEEE80211_ELEMID_VENDOR; 213 *frm++ = 4 + 24; 214 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 215 *frm++ = IEEE80211_KDE_IGTK; 216 LE_WRITE_2(frm, k->k_id); frm += 2; 217 LE_WRITE_6(frm, k->k_tsc); frm += 6; /* IPN */ 218 memcpy(frm, k->k_key, 16); 219 return frm + 16; 220 } 221 #endif /* IEEE80211_STA_ONLY */ 222 223 struct mbuf * 224 ieee80211_get_eapol_key(int flags, int type, u_int pktlen) 225 { 226 struct mbuf *m; 227 228 /* reserve space for 802.11 encapsulation and EAPOL-Key header */ 229 pktlen += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN + 230 sizeof(struct ieee80211_eapol_key); 231 232 if (pktlen > MCLBYTES) 233 panic("EAPOL-Key frame too large: %u", pktlen); 234 MGETHDR(m, flags, type); 235 if (m == NULL) 236 return NULL; 237 if (pktlen > MHLEN) { 238 MCLGET(m, flags); 239 if (!(m->m_flags & M_EXT)) 240 return m_free(m); 241 } 242 m->m_data += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN; 243 return m; 244 } 245 246 #ifndef IEEE80211_STA_ONLY 247 /* 248 * Send 4-Way Handshake Message 1 to the supplicant. 249 */ 250 int 251 ieee80211_send_4way_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 252 { 253 struct ieee80211_eapol_key *key; 254 struct mbuf *m; 255 u_int16_t info, keylen; 256 u_int8_t *frm; 257 258 ni->ni_rsn_state = RSNA_PTKSTART; 259 if (++ni->ni_rsn_retries > 3) { 260 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 261 IEEE80211_REASON_4WAY_TIMEOUT); 262 ieee80211_node_leave(ic, ni); 263 return 0; 264 } 265 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 266 (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 2 + 20 : 0); 267 if (m == NULL) 268 return ENOMEM; 269 key = mtod(m, struct ieee80211_eapol_key *); 270 memset(key, 0, sizeof(*key)); 271 272 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK; 273 BE_WRITE_2(key->info, info); 274 275 /* copy the authenticator's nonce (ANonce) */ 276 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 277 278 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 279 BE_WRITE_2(key->keylen, keylen); 280 281 frm = (u_int8_t *)&key[1]; 282 /* NB: WPA does not have PMKID KDE */ 283 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 284 ieee80211_is_8021x_akm(ni->ni_rsnakms)) 285 frm = ieee80211_add_pmkid_kde(frm, ni->ni_pmkid); 286 287 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 288 289 if (ic->ic_if.if_flags & IFF_DEBUG) 290 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 291 ic->ic_if.if_xname, 1, 4, "4-way", 292 ether_sprintf(ni->ni_macaddr)); 293 294 ni->ni_replaycnt++; 295 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 296 297 return ieee80211_send_eapol_key(ic, m, ni, NULL); 298 } 299 #endif /* IEEE80211_STA_ONLY */ 300 301 /* 302 * Send 4-Way Handshake Message 2 to the authenticator. 303 */ 304 int 305 ieee80211_send_4way_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 306 const u_int8_t *replaycnt, const struct ieee80211_ptk *tptk) 307 { 308 struct ieee80211_eapol_key *key; 309 struct mbuf *m; 310 u_int16_t info; 311 u_int8_t *frm; 312 313 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 314 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 315 2 + IEEE80211_WPAIE_MAXLEN : 316 2 + IEEE80211_RSNIE_MAXLEN); 317 if (m == NULL) 318 return ENOMEM; 319 key = mtod(m, struct ieee80211_eapol_key *); 320 memset(key, 0, sizeof(*key)); 321 322 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 323 BE_WRITE_2(key->info, info); 324 325 /* copy key replay counter from Message 1/4 */ 326 memcpy(key->replaycnt, replaycnt, 8); 327 328 /* copy the supplicant's nonce (SNonce) */ 329 memcpy(key->nonce, ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 330 331 frm = (u_int8_t *)&key[1]; 332 /* add the WPA/RSN IE used in the (Re)Association Request */ 333 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 334 int keylen; 335 frm = ieee80211_add_wpa(frm, ic, ni); 336 /* WPA sets the key length field here */ 337 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 338 BE_WRITE_2(key->keylen, keylen); 339 } else /* RSN */ 340 frm = ieee80211_add_rsn(frm, ic, ni); 341 342 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 343 344 if (ic->ic_if.if_flags & IFF_DEBUG) 345 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 346 ic->ic_if.if_xname, 2, 4, "4-way", 347 ether_sprintf(ni->ni_macaddr)); 348 349 return ieee80211_send_eapol_key(ic, m, ni, tptk); 350 } 351 352 #ifndef IEEE80211_STA_ONLY 353 /* 354 * Send 4-Way Handshake Message 3 to the supplicant. 355 */ 356 int 357 ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni) 358 { 359 struct ieee80211_eapol_key *key; 360 struct ieee80211_key *k = NULL; 361 struct mbuf *m; 362 u_int16_t info, keylen; 363 u_int8_t *frm; 364 365 ni->ni_rsn_state = RSNA_PTKINITNEGOTIATING; 366 if (++ni->ni_rsn_retries > 3) { 367 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 368 IEEE80211_REASON_4WAY_TIMEOUT); 369 ieee80211_node_leave(ic, ni); 370 return 0; 371 } 372 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { 373 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 374 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 375 2 + IEEE80211_RSNIE_MAXLEN + 2 + 6 + k->k_len + 15 + 376 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); 377 } else { /* WPA */ 378 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 379 2 + IEEE80211_WPAIE_MAXLEN + 380 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); 381 } 382 if (m == NULL) 383 return ENOMEM; 384 key = mtod(m, struct ieee80211_eapol_key *); 385 memset(key, 0, sizeof(*key)); 386 387 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC; 388 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 389 info |= EAPOL_KEY_INSTALL; 390 391 /* use same nonce as in Message 1 */ 392 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 393 394 ni->ni_replaycnt++; 395 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 396 397 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 398 BE_WRITE_2(key->keylen, keylen); 399 400 frm = (u_int8_t *)&key[1]; 401 /* add the WPA/RSN IE included in Beacon/Probe Response */ 402 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { 403 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 404 /* encapsulate the GTK */ 405 frm = ieee80211_add_gtk_kde(frm, ni, k); 406 LE_WRITE_6(key->rsc, k->k_tsc); 407 /* encapsulate the IGTK if MFP was negotiated */ 408 if (ni->ni_flags & IEEE80211_NODE_MFP) { 409 frm = ieee80211_add_igtk_kde(frm, 410 &ic->ic_nw_keys[ic->ic_igtk_kid]); 411 } 412 /* ask that the EAPOL-Key frame be encrypted */ 413 info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE; 414 } else /* WPA */ 415 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 416 417 /* write the key info field */ 418 BE_WRITE_2(key->info, info); 419 420 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 421 422 if (ic->ic_if.if_flags & IFF_DEBUG) 423 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 424 ic->ic_if.if_xname, 3, 4, "4-way", 425 ether_sprintf(ni->ni_macaddr)); 426 427 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 428 } 429 #endif /* IEEE80211_STA_ONLY */ 430 431 /* 432 * Send 4-Way Handshake Message 4 to the authenticator. 433 */ 434 int 435 ieee80211_send_4way_msg4(struct ieee80211com *ic, struct ieee80211_node *ni) 436 { 437 struct ieee80211_eapol_key *key; 438 struct mbuf *m; 439 u_int16_t info; 440 441 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 442 if (m == NULL) 443 return ENOMEM; 444 key = mtod(m, struct ieee80211_eapol_key *); 445 memset(key, 0, sizeof(*key)); 446 447 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 448 449 /* copy key replay counter from authenticator */ 450 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 451 452 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 453 int keylen; 454 /* WPA sets the key length field here */ 455 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 456 BE_WRITE_2(key->keylen, keylen); 457 } else 458 info |= EAPOL_KEY_SECURE; 459 460 /* write the key info field */ 461 BE_WRITE_2(key->info, info); 462 463 /* empty key data field */ 464 m->m_pkthdr.len = m->m_len = sizeof(*key); 465 466 if (ic->ic_if.if_flags & IFF_DEBUG) 467 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 468 ic->ic_if.if_xname, 4, 4, "4-way", 469 ether_sprintf(ni->ni_macaddr)); 470 471 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 472 } 473 474 #ifndef IEEE80211_STA_ONLY 475 /* 476 * Send Group Key Handshake Message 1 to the supplicant. 477 */ 478 int 479 ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 480 { 481 struct ieee80211_eapol_key *key; 482 const struct ieee80211_key *k; 483 struct mbuf *m; 484 u_int16_t info; 485 u_int8_t *frm; 486 u_int8_t kid; 487 488 ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; 489 if (++ni->ni_rsn_retries > 3) { 490 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 491 IEEE80211_REASON_GROUP_TIMEOUT); 492 ieee80211_node_leave(ic, ni); 493 return 0; 494 } 495 if (ni->ni_flags & IEEE80211_NODE_REKEY) 496 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 497 else 498 kid = ic->ic_def_txkey; 499 k = &ic->ic_nw_keys[kid]; 500 501 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 502 ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 503 k->k_len : 2 + 6 + k->k_len) + 504 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0) + 505 15); 506 if (m == NULL) 507 return ENOMEM; 508 key = mtod(m, struct ieee80211_eapol_key *); 509 memset(key, 0, sizeof(*key)); 510 511 info = EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE | 512 EAPOL_KEY_ENCRYPTED; 513 514 ni->ni_replaycnt++; 515 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 516 517 frm = (u_int8_t *)&key[1]; 518 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 519 /* WPA does not have GTK KDE */ 520 BE_WRITE_2(key->keylen, k->k_len); 521 memcpy(frm, k->k_key, k->k_len); 522 frm += k->k_len; 523 info |= (k->k_id & 0x3) << EAPOL_KEY_WPA_KID_SHIFT; 524 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 525 info |= EAPOL_KEY_WPA_TX; 526 } else { /* RSN */ 527 frm = ieee80211_add_gtk_kde(frm, ni, k); 528 if (ni->ni_flags & IEEE80211_NODE_MFP) { 529 if (ni->ni_flags & IEEE80211_NODE_REKEY) 530 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 531 else 532 kid = ic->ic_igtk_kid; 533 frm = ieee80211_add_igtk_kde(frm, 534 &ic->ic_nw_keys[kid]); 535 } 536 } 537 /* RSC = last transmit sequence number for the GTK */ 538 LE_WRITE_6(key->rsc, k->k_tsc); 539 540 /* write the key info field */ 541 BE_WRITE_2(key->info, info); 542 543 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 544 545 if (ic->ic_if.if_flags & IFF_DEBUG) 546 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 547 ic->ic_if.if_xname, 1, 2, "group key", 548 ether_sprintf(ni->ni_macaddr)); 549 550 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 551 } 552 #endif /* IEEE80211_STA_ONLY */ 553 554 /* 555 * Send Group Key Handshake Message 2 to the authenticator. 556 */ 557 int 558 ieee80211_send_group_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 559 const struct ieee80211_key *k) 560 { 561 struct ieee80211_eapol_key *key; 562 u_int16_t info; 563 struct mbuf *m; 564 565 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 566 if (m == NULL) 567 return ENOMEM; 568 key = mtod(m, struct ieee80211_eapol_key *); 569 memset(key, 0, sizeof(*key)); 570 571 info = EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE; 572 573 /* copy key replay counter from authenticator */ 574 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 575 576 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 577 /* WPA sets the key length and key id fields here */ 578 BE_WRITE_2(key->keylen, k->k_len); 579 info |= (k->k_id & 3) << EAPOL_KEY_WPA_KID_SHIFT; 580 } 581 582 /* write the key info field */ 583 BE_WRITE_2(key->info, info); 584 585 /* empty key data field */ 586 m->m_pkthdr.len = m->m_len = sizeof(*key); 587 588 if (ic->ic_if.if_flags & IFF_DEBUG) 589 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 590 ic->ic_if.if_xname, 2, 2, "group key", 591 ether_sprintf(ni->ni_macaddr)); 592 593 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 594 } 595 596 /* 597 * EAPOL-Key Request frames are sent by the supplicant to request that the 598 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 599 * or to report a MIC failure in a TKIP MSDU. 600 */ 601 int 602 ieee80211_send_eapol_key_req(struct ieee80211com *ic, 603 struct ieee80211_node *ni, u_int16_t info, u_int64_t tsc) 604 { 605 struct ieee80211_eapol_key *key; 606 struct mbuf *m; 607 608 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 609 if (m == NULL) 610 return ENOMEM; 611 key = mtod(m, struct ieee80211_eapol_key *); 612 memset(key, 0, sizeof(*key)); 613 614 info |= EAPOL_KEY_REQUEST; 615 BE_WRITE_2(key->info, info); 616 617 /* in case of TKIP MIC failure, fill the RSC field */ 618 if (info & EAPOL_KEY_ERROR) 619 LE_WRITE_6(key->rsc, tsc); 620 621 /* use our separate key replay counter for key requests */ 622 BE_WRITE_8(key->replaycnt, ni->ni_reqreplaycnt); 623 ni->ni_reqreplaycnt++; 624 625 if (ic->ic_if.if_flags & IFF_DEBUG) 626 printf("%s: sending EAPOL-Key request to %s\n", 627 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 628 629 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 630 } 631