1 /* 2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator 3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "utils/includes.h" 16 17 #include "utils/common.h" 18 #include "utils/eloop.h" 19 #include "utils/state_machine.h" 20 #include "common/ieee802_11_defs.h" 21 #include "crypto/aes_wrap.h" 22 #include "crypto/crypto.h" 23 #include "crypto/sha1.h" 24 #include "crypto/sha256.h" 25 #include "eapol_auth/eapol_auth_sm.h" 26 #include "ap_config.h" 27 #include "ieee802_11.h" 28 #include "wpa_auth.h" 29 #include "pmksa_cache_auth.h" 30 #include "wpa_auth_i.h" 31 #include "wpa_auth_ie.h" 32 33 #define STATE_MACHINE_DATA struct wpa_state_machine 34 #define STATE_MACHINE_DEBUG_PREFIX "WPA" 35 #define STATE_MACHINE_ADDR sm->addr 36 37 38 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); 39 static int wpa_sm_step(struct wpa_state_machine *sm); 40 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len); 41 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); 42 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 43 struct wpa_group *group); 44 static void wpa_request_new_ptk(struct wpa_state_machine *sm); 45 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 46 struct wpa_group *group); 47 48 static const u32 dot11RSNAConfigGroupUpdateCount = 4; 49 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; 50 static const u32 eapol_key_timeout_first = 100; /* ms */ 51 static const u32 eapol_key_timeout_subseq = 1000; /* ms */ 52 53 /* TODO: make these configurable */ 54 static const int dot11RSNAConfigPMKLifetime = 43200; 55 static const int dot11RSNAConfigPMKReauthThreshold = 70; 56 static const int dot11RSNAConfigSATimeout = 60; 57 58 59 static inline void wpa_auth_mic_failure_report( 60 struct wpa_authenticator *wpa_auth, const u8 *addr) 61 { 62 if (wpa_auth->cb.mic_failure_report) 63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); 64 } 65 66 67 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, 68 const u8 *addr, wpa_eapol_variable var, 69 int value) 70 { 71 if (wpa_auth->cb.set_eapol) 72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); 73 } 74 75 76 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, 77 const u8 *addr, wpa_eapol_variable var) 78 { 79 if (wpa_auth->cb.get_eapol == NULL) 80 return -1; 81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); 82 } 83 84 85 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, 86 const u8 *addr, const u8 *prev_psk) 87 { 88 if (wpa_auth->cb.get_psk == NULL) 89 return NULL; 90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk); 91 } 92 93 94 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth, 95 const u8 *addr, u8 *msk, size_t *len) 96 { 97 if (wpa_auth->cb.get_msk == NULL) 98 return -1; 99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len); 100 } 101 102 103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 104 int vlan_id, 105 enum wpa_alg alg, const u8 *addr, int idx, 106 u8 *key, size_t key_len) 107 { 108 if (wpa_auth->cb.set_key == NULL) 109 return -1; 110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, 111 key, key_len); 112 } 113 114 115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 116 const u8 *addr, int idx, u8 *seq) 117 { 118 if (wpa_auth->cb.get_seqnum == NULL) 119 return -1; 120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); 121 } 122 123 124 static inline int 125 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, 126 const u8 *data, size_t data_len, int encrypt) 127 { 128 if (wpa_auth->cb.send_eapol == NULL) 129 return -1; 130 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, 131 encrypt); 132 } 133 134 135 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, 136 int (*cb)(struct wpa_state_machine *sm, void *ctx), 137 void *cb_ctx) 138 { 139 if (wpa_auth->cb.for_each_sta == NULL) 140 return 0; 141 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); 142 } 143 144 145 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, 146 int (*cb)(struct wpa_authenticator *a, void *ctx), 147 void *cb_ctx) 148 { 149 if (wpa_auth->cb.for_each_auth == NULL) 150 return 0; 151 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx); 152 } 153 154 155 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, 156 logger_level level, const char *txt) 157 { 158 if (wpa_auth->cb.logger == NULL) 159 return; 160 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); 161 } 162 163 164 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, 165 logger_level level, const char *fmt, ...) 166 { 167 char *format; 168 int maxlen; 169 va_list ap; 170 171 if (wpa_auth->cb.logger == NULL) 172 return; 173 174 maxlen = os_strlen(fmt) + 100; 175 format = os_malloc(maxlen); 176 if (!format) 177 return; 178 179 va_start(ap, fmt); 180 vsnprintf(format, maxlen, fmt, ap); 181 va_end(ap); 182 183 wpa_auth_logger(wpa_auth, addr, level, format); 184 185 os_free(format); 186 } 187 188 189 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, 190 const u8 *addr) 191 { 192 if (wpa_auth->cb.disconnect == NULL) 193 return; 194 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, 195 WLAN_REASON_PREV_AUTH_NOT_VALID); 196 } 197 198 199 static int wpa_use_aes_cmac(struct wpa_state_machine *sm) 200 { 201 int ret = 0; 202 #ifdef CONFIG_IEEE80211R 203 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 204 ret = 1; 205 #endif /* CONFIG_IEEE80211R */ 206 #ifdef CONFIG_IEEE80211W 207 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) 208 ret = 1; 209 #endif /* CONFIG_IEEE80211W */ 210 return ret; 211 } 212 213 214 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) 215 { 216 struct wpa_authenticator *wpa_auth = eloop_ctx; 217 218 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) { 219 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 220 "initialization."); 221 } else { 222 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); 223 } 224 225 if (wpa_auth->conf.wpa_gmk_rekey) { 226 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 227 wpa_rekey_gmk, wpa_auth, NULL); 228 } 229 } 230 231 232 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) 233 { 234 struct wpa_authenticator *wpa_auth = eloop_ctx; 235 struct wpa_group *group; 236 237 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); 238 for (group = wpa_auth->group; group; group = group->next) { 239 group->GTKReKey = TRUE; 240 do { 241 group->changed = FALSE; 242 wpa_group_sm_step(wpa_auth, group); 243 } while (group->changed); 244 } 245 246 if (wpa_auth->conf.wpa_group_rekey) { 247 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 248 0, wpa_rekey_gtk, wpa_auth, NULL); 249 } 250 } 251 252 253 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 254 { 255 struct wpa_authenticator *wpa_auth = eloop_ctx; 256 struct wpa_state_machine *sm = timeout_ctx; 257 258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); 259 wpa_request_new_ptk(sm); 260 wpa_sm_step(sm); 261 } 262 263 264 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) 265 { 266 if (sm->pmksa == ctx) 267 sm->pmksa = NULL; 268 return 0; 269 } 270 271 272 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 273 void *ctx) 274 { 275 struct wpa_authenticator *wpa_auth = ctx; 276 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); 277 } 278 279 280 static void wpa_group_set_key_len(struct wpa_group *group, int cipher) 281 { 282 switch (cipher) { 283 case WPA_CIPHER_CCMP: 284 group->GTK_len = 16; 285 break; 286 case WPA_CIPHER_TKIP: 287 group->GTK_len = 32; 288 break; 289 case WPA_CIPHER_WEP104: 290 group->GTK_len = 13; 291 break; 292 case WPA_CIPHER_WEP40: 293 group->GTK_len = 5; 294 break; 295 } 296 } 297 298 299 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, 300 int vlan_id) 301 { 302 struct wpa_group *group; 303 u8 buf[ETH_ALEN + 8 + sizeof(group)]; 304 u8 rkey[32]; 305 306 group = os_zalloc(sizeof(struct wpa_group)); 307 if (group == NULL) 308 return NULL; 309 310 group->GTKAuthenticator = TRUE; 311 group->vlan_id = vlan_id; 312 313 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group); 314 315 /* Counter = PRF-256(Random number, "Init Counter", 316 * Local MAC Address || Time) 317 */ 318 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); 319 wpa_get_ntp_timestamp(buf + ETH_ALEN); 320 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group)); 321 if (os_get_random(rkey, sizeof(rkey)) || 322 os_get_random(group->GMK, WPA_GMK_LEN)) { 323 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 324 "initialization."); 325 os_free(group); 326 return NULL; 327 } 328 329 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), 330 group->Counter, WPA_NONCE_LEN); 331 332 group->GInit = TRUE; 333 wpa_group_sm_step(wpa_auth, group); 334 group->GInit = FALSE; 335 wpa_group_sm_step(wpa_auth, group); 336 337 return group; 338 } 339 340 341 /** 342 * wpa_init - Initialize WPA authenticator 343 * @addr: Authenticator address 344 * @conf: Configuration for WPA authenticator 345 * @cb: Callback functions for WPA authenticator 346 * Returns: Pointer to WPA authenticator data or %NULL on failure 347 */ 348 struct wpa_authenticator * wpa_init(const u8 *addr, 349 struct wpa_auth_config *conf, 350 struct wpa_auth_callbacks *cb) 351 { 352 struct wpa_authenticator *wpa_auth; 353 354 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator)); 355 if (wpa_auth == NULL) 356 return NULL; 357 os_memcpy(wpa_auth->addr, addr, ETH_ALEN); 358 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 359 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb)); 360 361 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 362 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 363 os_free(wpa_auth); 364 return NULL; 365 } 366 367 wpa_auth->group = wpa_group_init(wpa_auth, 0); 368 if (wpa_auth->group == NULL) { 369 os_free(wpa_auth->wpa_ie); 370 os_free(wpa_auth); 371 return NULL; 372 } 373 374 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb, 375 wpa_auth); 376 if (wpa_auth->pmksa == NULL) { 377 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); 378 os_free(wpa_auth->wpa_ie); 379 os_free(wpa_auth); 380 return NULL; 381 } 382 383 #ifdef CONFIG_IEEE80211R 384 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); 385 if (wpa_auth->ft_pmk_cache == NULL) { 386 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed."); 387 os_free(wpa_auth->wpa_ie); 388 pmksa_cache_auth_deinit(wpa_auth->pmksa); 389 os_free(wpa_auth); 390 return NULL; 391 } 392 #endif /* CONFIG_IEEE80211R */ 393 394 if (wpa_auth->conf.wpa_gmk_rekey) { 395 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 396 wpa_rekey_gmk, wpa_auth, NULL); 397 } 398 399 if (wpa_auth->conf.wpa_group_rekey) { 400 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, 401 wpa_rekey_gtk, wpa_auth, NULL); 402 } 403 404 return wpa_auth; 405 } 406 407 408 /** 409 * wpa_deinit - Deinitialize WPA authenticator 410 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 411 */ 412 void wpa_deinit(struct wpa_authenticator *wpa_auth) 413 { 414 struct wpa_group *group, *prev; 415 416 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); 417 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 418 419 #ifdef CONFIG_PEERKEY 420 while (wpa_auth->stsl_negotiations) 421 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); 422 #endif /* CONFIG_PEERKEY */ 423 424 pmksa_cache_auth_deinit(wpa_auth->pmksa); 425 426 #ifdef CONFIG_IEEE80211R 427 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache); 428 wpa_auth->ft_pmk_cache = NULL; 429 #endif /* CONFIG_IEEE80211R */ 430 431 os_free(wpa_auth->wpa_ie); 432 433 group = wpa_auth->group; 434 while (group) { 435 prev = group; 436 group = group->next; 437 os_free(prev); 438 } 439 440 os_free(wpa_auth); 441 } 442 443 444 /** 445 * wpa_reconfig - Update WPA authenticator configuration 446 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 447 * @conf: Configuration for WPA authenticator 448 */ 449 int wpa_reconfig(struct wpa_authenticator *wpa_auth, 450 struct wpa_auth_config *conf) 451 { 452 struct wpa_group *group; 453 if (wpa_auth == NULL) 454 return 0; 455 456 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 457 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 458 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 459 return -1; 460 } 461 462 /* 463 * Reinitialize GTK to make sure it is suitable for the new 464 * configuration. 465 */ 466 group = wpa_auth->group; 467 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group); 468 group->GInit = TRUE; 469 wpa_group_sm_step(wpa_auth, group); 470 group->GInit = FALSE; 471 wpa_group_sm_step(wpa_auth, group); 472 473 return 0; 474 } 475 476 477 struct wpa_state_machine * 478 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr) 479 { 480 struct wpa_state_machine *sm; 481 482 sm = os_zalloc(sizeof(struct wpa_state_machine)); 483 if (sm == NULL) 484 return NULL; 485 os_memcpy(sm->addr, addr, ETH_ALEN); 486 487 sm->wpa_auth = wpa_auth; 488 sm->group = wpa_auth->group; 489 490 return sm; 491 } 492 493 494 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 495 struct wpa_state_machine *sm) 496 { 497 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 498 return -1; 499 500 #ifdef CONFIG_IEEE80211R 501 if (sm->ft_completed) { 502 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 503 "FT authentication already completed - do not " 504 "start 4-way handshake"); 505 return 0; 506 } 507 #endif /* CONFIG_IEEE80211R */ 508 509 if (sm->started) { 510 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); 511 sm->ReAuthenticationRequest = TRUE; 512 return wpa_sm_step(sm); 513 } 514 515 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 516 "start authentication"); 517 sm->started = 1; 518 519 sm->Init = TRUE; 520 if (wpa_sm_step(sm) == 1) 521 return 1; /* should not really happen */ 522 sm->Init = FALSE; 523 sm->AuthenticationRequest = TRUE; 524 return wpa_sm_step(sm); 525 } 526 527 528 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) 529 { 530 /* WPA/RSN was not used - clear WPA state. This is needed if the STA 531 * reassociates back to the same AP while the previous entry for the 532 * STA has not yet been removed. */ 533 if (sm == NULL) 534 return; 535 536 sm->wpa_key_mgmt = 0; 537 } 538 539 540 static void wpa_free_sta_sm(struct wpa_state_machine *sm) 541 { 542 #ifdef CONFIG_IEEE80211R 543 os_free(sm->assoc_resp_ftie); 544 #endif /* CONFIG_IEEE80211R */ 545 os_free(sm->last_rx_eapol_key); 546 os_free(sm->wpa_ie); 547 os_free(sm); 548 } 549 550 551 void wpa_auth_sta_deinit(struct wpa_state_machine *sm) 552 { 553 if (sm == NULL) 554 return; 555 556 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { 557 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 558 "strict rekeying - force GTK rekey since STA " 559 "is leaving"); 560 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); 561 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, 562 NULL); 563 } 564 565 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 566 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); 567 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 568 if (sm->in_step_loop) { 569 /* Must not free state machine while wpa_sm_step() is running. 570 * Freeing will be completed in the end of wpa_sm_step(). */ 571 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " 572 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 573 sm->pending_deinit = 1; 574 } else 575 wpa_free_sta_sm(sm); 576 } 577 578 579 static void wpa_request_new_ptk(struct wpa_state_machine *sm) 580 { 581 if (sm == NULL) 582 return; 583 584 sm->PTKRequest = TRUE; 585 sm->PTK_valid = 0; 586 } 587 588 589 static int wpa_replay_counter_valid(struct wpa_state_machine *sm, 590 const u8 *replay_counter) 591 { 592 int i; 593 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 594 if (!sm->key_replay[i].valid) 595 break; 596 if (os_memcmp(replay_counter, sm->key_replay[i].counter, 597 WPA_REPLAY_COUNTER_LEN) == 0) 598 return 1; 599 } 600 return 0; 601 } 602 603 604 #ifdef CONFIG_IEEE80211R 605 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth, 606 struct wpa_state_machine *sm, 607 struct wpa_eapol_ie_parse *kde) 608 { 609 struct wpa_ie_data ie; 610 struct rsn_mdie *mdie; 611 612 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || 613 ie.num_pmkid != 1 || ie.pmkid == NULL) { 614 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " 615 "FT 4-way handshake message 2/4"); 616 return -1; 617 } 618 619 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); 620 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant", 621 sm->sup_pmk_r1_name, PMKID_LEN); 622 623 if (!kde->mdie || !kde->ftie) { 624 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " 625 "message 2/4", kde->mdie ? "FTIE" : "MDIE"); 626 return -1; 627 } 628 629 mdie = (struct rsn_mdie *) (kde->mdie + 2); 630 if (kde->mdie[1] < sizeof(struct rsn_mdie) || 631 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain, 632 MOBILITY_DOMAIN_ID_LEN) != 0) { 633 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); 634 return -1; 635 } 636 637 if (sm->assoc_resp_ftie && 638 (kde->ftie[1] != sm->assoc_resp_ftie[1] || 639 os_memcmp(kde->ftie, sm->assoc_resp_ftie, 640 2 + sm->assoc_resp_ftie[1]) != 0)) { 641 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); 642 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4", 643 kde->ftie, kde->ftie_len); 644 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp", 645 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); 646 return -1; 647 } 648 649 return 0; 650 } 651 #endif /* CONFIG_IEEE80211R */ 652 653 654 void wpa_receive(struct wpa_authenticator *wpa_auth, 655 struct wpa_state_machine *sm, 656 u8 *data, size_t data_len) 657 { 658 struct ieee802_1x_hdr *hdr; 659 struct wpa_eapol_key *key; 660 u16 key_info, key_data_length; 661 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, 662 SMK_M1, SMK_M3, SMK_ERROR } msg; 663 char *msgtxt; 664 struct wpa_eapol_ie_parse kde; 665 int ft; 666 const u8 *eapol_key_ie; 667 size_t eapol_key_ie_len; 668 669 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 670 return; 671 672 if (data_len < sizeof(*hdr) + sizeof(*key)) 673 return; 674 675 hdr = (struct ieee802_1x_hdr *) data; 676 key = (struct wpa_eapol_key *) (hdr + 1); 677 key_info = WPA_GET_BE16(key->key_info); 678 key_data_length = WPA_GET_BE16(key->key_data_length); 679 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { 680 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " 681 "key_data overflow (%d > %lu)", 682 key_data_length, 683 (unsigned long) (data_len - sizeof(*hdr) - 684 sizeof(*key))); 685 return; 686 } 687 688 if (sm->wpa == WPA_VERSION_WPA2) { 689 if (key->type != EAPOL_KEY_TYPE_RSN) { 690 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 691 "unexpected type %d in RSN mode", 692 key->type); 693 return; 694 } 695 } else { 696 if (key->type != EAPOL_KEY_TYPE_WPA) { 697 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 698 "unexpected type %d in WPA mode", 699 key->type); 700 return; 701 } 702 } 703 704 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys 705 * are set */ 706 707 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == 708 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { 709 if (key_info & WPA_KEY_INFO_ERROR) { 710 msg = SMK_ERROR; 711 msgtxt = "SMK Error"; 712 } else { 713 msg = SMK_M1; 714 msgtxt = "SMK M1"; 715 } 716 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 717 msg = SMK_M3; 718 msgtxt = "SMK M3"; 719 } else if (key_info & WPA_KEY_INFO_REQUEST) { 720 msg = REQUEST; 721 msgtxt = "Request"; 722 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { 723 msg = GROUP_2; 724 msgtxt = "2/2 Group"; 725 } else if (key_data_length == 0) { 726 msg = PAIRWISE_4; 727 msgtxt = "4/4 Pairwise"; 728 } else { 729 msg = PAIRWISE_2; 730 msgtxt = "2/4 Pairwise"; 731 } 732 733 /* TODO: key_info type validation for PeerKey */ 734 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || 735 msg == GROUP_2) { 736 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 737 if (sm->pairwise == WPA_CIPHER_CCMP) { 738 if (wpa_use_aes_cmac(sm) && 739 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 740 wpa_auth_logger(wpa_auth, sm->addr, 741 LOGGER_WARNING, 742 "advertised support for " 743 "AES-128-CMAC, but did not " 744 "use it"); 745 return; 746 } 747 748 if (!wpa_use_aes_cmac(sm) && 749 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 750 wpa_auth_logger(wpa_auth, sm->addr, 751 LOGGER_WARNING, 752 "did not use HMAC-SHA1-AES " 753 "with CCMP"); 754 return; 755 } 756 } 757 } 758 759 if (key_info & WPA_KEY_INFO_REQUEST) { 760 if (sm->req_replay_counter_used && 761 os_memcmp(key->replay_counter, sm->req_replay_counter, 762 WPA_REPLAY_COUNTER_LEN) <= 0) { 763 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 764 "received EAPOL-Key request with " 765 "replayed counter"); 766 return; 767 } 768 } 769 770 if (!(key_info & WPA_KEY_INFO_REQUEST) && 771 !wpa_replay_counter_valid(sm, key->replay_counter)) { 772 int i; 773 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 774 "received EAPOL-Key %s with unexpected " 775 "replay counter", msgtxt); 776 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 777 if (!sm->key_replay[i].valid) 778 break; 779 wpa_hexdump(MSG_DEBUG, "pending replay counter", 780 sm->key_replay[i].counter, 781 WPA_REPLAY_COUNTER_LEN); 782 } 783 wpa_hexdump(MSG_DEBUG, "received replay counter", 784 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 785 return; 786 } 787 788 switch (msg) { 789 case PAIRWISE_2: 790 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && 791 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) { 792 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 793 "received EAPOL-Key msg 2/4 in " 794 "invalid state (%d) - dropped", 795 sm->wpa_ptk_state); 796 return; 797 } 798 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length, 799 &kde) < 0) { 800 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 801 "received EAPOL-Key msg 2/4 with " 802 "invalid Key Data contents"); 803 return; 804 } 805 if (kde.rsn_ie) { 806 eapol_key_ie = kde.rsn_ie; 807 eapol_key_ie_len = kde.rsn_ie_len; 808 } else { 809 eapol_key_ie = kde.wpa_ie; 810 eapol_key_ie_len = kde.wpa_ie_len; 811 } 812 ft = sm->wpa == WPA_VERSION_WPA2 && 813 wpa_key_mgmt_ft(sm->wpa_key_mgmt); 814 if (sm->wpa_ie == NULL || 815 wpa_compare_rsn_ie(ft, 816 sm->wpa_ie, sm->wpa_ie_len, 817 eapol_key_ie, eapol_key_ie_len)) { 818 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 819 "WPA IE from (Re)AssocReq did not " 820 "match with msg 2/4"); 821 if (sm->wpa_ie) { 822 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", 823 sm->wpa_ie, sm->wpa_ie_len); 824 } 825 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", 826 eapol_key_ie, eapol_key_ie_len); 827 /* MLME-DEAUTHENTICATE.request */ 828 wpa_sta_disconnect(wpa_auth, sm->addr); 829 return; 830 } 831 #ifdef CONFIG_IEEE80211R 832 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { 833 wpa_sta_disconnect(wpa_auth, sm->addr); 834 return; 835 } 836 #endif /* CONFIG_IEEE80211R */ 837 break; 838 case PAIRWISE_4: 839 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || 840 !sm->PTK_valid) { 841 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 842 "received EAPOL-Key msg 4/4 in " 843 "invalid state (%d) - dropped", 844 sm->wpa_ptk_state); 845 return; 846 } 847 break; 848 case GROUP_2: 849 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING 850 || !sm->PTK_valid) { 851 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 852 "received EAPOL-Key msg 2/2 in " 853 "invalid state (%d) - dropped", 854 sm->wpa_ptk_group_state); 855 return; 856 } 857 break; 858 #ifdef CONFIG_PEERKEY 859 case SMK_M1: 860 case SMK_M3: 861 case SMK_ERROR: 862 if (!wpa_auth->conf.peerkey) { 863 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " 864 "PeerKey use disabled - ignoring message"); 865 return; 866 } 867 if (!sm->PTK_valid) { 868 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 869 "received EAPOL-Key msg SMK in " 870 "invalid state - dropped"); 871 return; 872 } 873 break; 874 #else /* CONFIG_PEERKEY */ 875 case SMK_M1: 876 case SMK_M3: 877 case SMK_ERROR: 878 return; /* STSL disabled - ignore SMK messages */ 879 #endif /* CONFIG_PEERKEY */ 880 case REQUEST: 881 break; 882 } 883 884 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 885 "received EAPOL-Key frame (%s)", msgtxt); 886 887 if (key_info & WPA_KEY_INFO_ACK) { 888 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 889 "received invalid EAPOL-Key: Key Ack set"); 890 return; 891 } 892 893 if (!(key_info & WPA_KEY_INFO_MIC)) { 894 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 895 "received invalid EAPOL-Key: Key MIC not set"); 896 return; 897 } 898 899 sm->MICVerified = FALSE; 900 if (sm->PTK_valid) { 901 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) { 902 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 903 "received EAPOL-Key with invalid MIC"); 904 return; 905 } 906 sm->MICVerified = TRUE; 907 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 908 } 909 910 if (key_info & WPA_KEY_INFO_REQUEST) { 911 if (sm->MICVerified) { 912 sm->req_replay_counter_used = 1; 913 os_memcpy(sm->req_replay_counter, key->replay_counter, 914 WPA_REPLAY_COUNTER_LEN); 915 } else { 916 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 917 "received EAPOL-Key request with " 918 "invalid MIC"); 919 return; 920 } 921 922 /* 923 * TODO: should decrypt key data field if encryption was used; 924 * even though MAC address KDE is not normally encrypted, 925 * supplicant is allowed to encrypt it. 926 */ 927 if (msg == SMK_ERROR) { 928 #ifdef CONFIG_PEERKEY 929 wpa_smk_error(wpa_auth, sm, key); 930 #endif /* CONFIG_PEERKEY */ 931 return; 932 } else if (key_info & WPA_KEY_INFO_ERROR) { 933 /* Supplicant reported a Michael MIC error */ 934 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 935 "received EAPOL-Key Error Request " 936 "(STA detected Michael MIC failure)"); 937 wpa_auth_mic_failure_report(wpa_auth, sm->addr); 938 sm->dot11RSNAStatsTKIPRemoteMICFailures++; 939 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; 940 /* Error report is not a request for a new key 941 * handshake, but since Authenticator may do it, let's 942 * change the keys now anyway. */ 943 wpa_request_new_ptk(sm); 944 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { 945 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 946 "received EAPOL-Key Request for new " 947 "4-Way Handshake"); 948 wpa_request_new_ptk(sm); 949 #ifdef CONFIG_PEERKEY 950 } else if (msg == SMK_M1) { 951 wpa_smk_m1(wpa_auth, sm, key); 952 #endif /* CONFIG_PEERKEY */ 953 } else if (key_data_length > 0 && 954 wpa_parse_kde_ies((const u8 *) (key + 1), 955 key_data_length, &kde) == 0 && 956 kde.mac_addr) { 957 } else { 958 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 959 "received EAPOL-Key Request for GTK " 960 "rekeying"); 961 /* FIX: why was this triggering PTK rekeying for the 962 * STA that requested Group Key rekeying?? */ 963 /* wpa_request_new_ptk(sta->wpa_sm); */ 964 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 965 wpa_rekey_gtk(wpa_auth, NULL); 966 } 967 } else { 968 /* Do not allow the same key replay counter to be reused. This 969 * does also invalidate all other pending replay counters if 970 * retransmissions were used, i.e., we will only process one of 971 * the pending replies and ignore rest if more than one is 972 * received. */ 973 sm->key_replay[0].valid = FALSE; 974 } 975 976 #ifdef CONFIG_PEERKEY 977 if (msg == SMK_M3) { 978 wpa_smk_m3(wpa_auth, sm, key); 979 return; 980 } 981 #endif /* CONFIG_PEERKEY */ 982 983 os_free(sm->last_rx_eapol_key); 984 sm->last_rx_eapol_key = os_malloc(data_len); 985 if (sm->last_rx_eapol_key == NULL) 986 return; 987 os_memcpy(sm->last_rx_eapol_key, data, data_len); 988 sm->last_rx_eapol_key_len = data_len; 989 990 sm->EAPOLKeyReceived = TRUE; 991 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 992 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); 993 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); 994 wpa_sm_step(sm); 995 } 996 997 998 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce, 999 u8 *gtk, size_t gtk_len) 1000 { 1001 u8 data[ETH_ALEN + WPA_NONCE_LEN]; 1002 1003 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */ 1004 os_memcpy(data, addr, ETH_ALEN); 1005 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); 1006 1007 #ifdef CONFIG_IEEE80211W 1008 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion", 1009 data, sizeof(data), gtk, gtk_len); 1010 #else /* CONFIG_IEEE80211W */ 1011 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion", 1012 data, sizeof(data), gtk, gtk_len); 1013 #endif /* CONFIG_IEEE80211W */ 1014 1015 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN); 1016 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len); 1017 } 1018 1019 1020 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) 1021 { 1022 struct wpa_authenticator *wpa_auth = eloop_ctx; 1023 struct wpa_state_machine *sm = timeout_ctx; 1024 1025 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); 1026 sm->TimeoutEvt = TRUE; 1027 wpa_sm_step(sm); 1028 } 1029 1030 1031 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1032 struct wpa_state_machine *sm, int key_info, 1033 const u8 *key_rsc, const u8 *nonce, 1034 const u8 *kde, size_t kde_len, 1035 int keyidx, int encr, int force_version) 1036 { 1037 struct ieee802_1x_hdr *hdr; 1038 struct wpa_eapol_key *key; 1039 size_t len; 1040 int alg; 1041 int key_data_len, pad_len = 0; 1042 u8 *buf, *pos; 1043 int version, pairwise; 1044 int i; 1045 1046 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key); 1047 1048 if (force_version) 1049 version = force_version; 1050 else if (wpa_use_aes_cmac(sm)) 1051 version = WPA_KEY_INFO_TYPE_AES_128_CMAC; 1052 else if (sm->pairwise == WPA_CIPHER_CCMP) 1053 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1054 else 1055 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1056 1057 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1058 1059 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " 1060 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " 1061 "encr=%d)", 1062 version, 1063 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, 1064 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, 1065 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, 1066 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, 1067 pairwise, (unsigned long) kde_len, keyidx, encr); 1068 1069 key_data_len = kde_len; 1070 1071 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1072 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { 1073 pad_len = key_data_len % 8; 1074 if (pad_len) 1075 pad_len = 8 - pad_len; 1076 key_data_len += pad_len + 8; 1077 } 1078 1079 len += key_data_len; 1080 1081 hdr = os_zalloc(len); 1082 if (hdr == NULL) 1083 return; 1084 hdr->version = wpa_auth->conf.eapol_version; 1085 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1086 hdr->length = host_to_be16(len - sizeof(*hdr)); 1087 key = (struct wpa_eapol_key *) (hdr + 1); 1088 1089 key->type = sm->wpa == WPA_VERSION_WPA2 ? 1090 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1091 key_info |= version; 1092 if (encr && sm->wpa == WPA_VERSION_WPA2) 1093 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 1094 if (sm->wpa != WPA_VERSION_WPA2) 1095 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; 1096 WPA_PUT_BE16(key->key_info, key_info); 1097 1098 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; 1099 switch (alg) { 1100 case WPA_CIPHER_CCMP: 1101 WPA_PUT_BE16(key->key_length, 16); 1102 break; 1103 case WPA_CIPHER_TKIP: 1104 WPA_PUT_BE16(key->key_length, 32); 1105 break; 1106 case WPA_CIPHER_WEP40: 1107 WPA_PUT_BE16(key->key_length, 5); 1108 break; 1109 case WPA_CIPHER_WEP104: 1110 WPA_PUT_BE16(key->key_length, 13); 1111 break; 1112 } 1113 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) 1114 WPA_PUT_BE16(key->key_length, 0); 1115 1116 /* FIX: STSL: what to use as key_replay_counter? */ 1117 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { 1118 sm->key_replay[i].valid = sm->key_replay[i - 1].valid; 1119 os_memcpy(sm->key_replay[i].counter, 1120 sm->key_replay[i - 1].counter, 1121 WPA_REPLAY_COUNTER_LEN); 1122 } 1123 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); 1124 os_memcpy(key->replay_counter, sm->key_replay[0].counter, 1125 WPA_REPLAY_COUNTER_LEN); 1126 sm->key_replay[0].valid = TRUE; 1127 1128 if (nonce) 1129 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); 1130 1131 if (key_rsc) 1132 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); 1133 1134 if (kde && !encr) { 1135 os_memcpy(key + 1, kde, kde_len); 1136 WPA_PUT_BE16(key->key_data_length, kde_len); 1137 } else if (encr && kde) { 1138 buf = os_zalloc(key_data_len); 1139 if (buf == NULL) { 1140 os_free(hdr); 1141 return; 1142 } 1143 pos = buf; 1144 os_memcpy(pos, kde, kde_len); 1145 pos += kde_len; 1146 1147 if (pad_len) 1148 *pos++ = 0xdd; 1149 1150 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", 1151 buf, key_data_len); 1152 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1153 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1154 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf, 1155 (u8 *) (key + 1))) { 1156 os_free(hdr); 1157 os_free(buf); 1158 return; 1159 } 1160 WPA_PUT_BE16(key->key_data_length, key_data_len); 1161 } else { 1162 u8 ek[32]; 1163 os_memcpy(key->key_iv, 1164 sm->group->Counter + WPA_NONCE_LEN - 16, 16); 1165 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1166 os_memcpy(ek, key->key_iv, 16); 1167 os_memcpy(ek + 16, sm->PTK.kek, 16); 1168 os_memcpy(key + 1, buf, key_data_len); 1169 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len); 1170 WPA_PUT_BE16(key->key_data_length, key_data_len); 1171 } 1172 os_free(buf); 1173 } 1174 1175 if (key_info & WPA_KEY_INFO_MIC) { 1176 if (!sm->PTK_valid) { 1177 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 1178 "PTK not valid when sending EAPOL-Key " 1179 "frame"); 1180 os_free(hdr); 1181 return; 1182 } 1183 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len, 1184 key->key_mic); 1185 } 1186 1187 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1188 1); 1189 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, 1190 sm->pairwise_set); 1191 os_free(hdr); 1192 } 1193 1194 1195 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1196 struct wpa_state_machine *sm, int key_info, 1197 const u8 *key_rsc, const u8 *nonce, 1198 const u8 *kde, size_t kde_len, 1199 int keyidx, int encr) 1200 { 1201 int timeout_ms; 1202 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1203 int ctr; 1204 1205 if (sm == NULL) 1206 return; 1207 1208 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, 1209 keyidx, encr, 0); 1210 1211 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; 1212 if (ctr == 1) 1213 timeout_ms = eapol_key_timeout_first; 1214 else 1215 timeout_ms = eapol_key_timeout_subseq; 1216 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, 1217 wpa_send_eapol_timeout, wpa_auth, sm); 1218 } 1219 1220 1221 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len) 1222 { 1223 struct ieee802_1x_hdr *hdr; 1224 struct wpa_eapol_key *key; 1225 u16 key_info; 1226 int ret = 0; 1227 u8 mic[16]; 1228 1229 if (data_len < sizeof(*hdr) + sizeof(*key)) 1230 return -1; 1231 1232 hdr = (struct ieee802_1x_hdr *) data; 1233 key = (struct wpa_eapol_key *) (hdr + 1); 1234 key_info = WPA_GET_BE16(key->key_info); 1235 os_memcpy(mic, key->key_mic, 16); 1236 os_memset(key->key_mic, 0, 16); 1237 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK, 1238 data, data_len, key->key_mic) || 1239 os_memcmp(mic, key->key_mic, 16) != 0) 1240 ret = -1; 1241 os_memcpy(key->key_mic, mic, 16); 1242 return ret; 1243 } 1244 1245 1246 void wpa_remove_ptk(struct wpa_state_machine *sm) 1247 { 1248 sm->PTK_valid = FALSE; 1249 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1250 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "", 1251 0); 1252 sm->pairwise_set = FALSE; 1253 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1254 } 1255 1256 1257 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) 1258 { 1259 int remove_ptk = 1; 1260 1261 if (sm == NULL) 1262 return -1; 1263 1264 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1265 "event %d notification", event); 1266 1267 switch (event) { 1268 case WPA_AUTH: 1269 case WPA_ASSOC: 1270 break; 1271 case WPA_DEAUTH: 1272 case WPA_DISASSOC: 1273 sm->DeauthenticationRequest = TRUE; 1274 break; 1275 case WPA_REAUTH: 1276 case WPA_REAUTH_EAPOL: 1277 if (sm->GUpdateStationKeys) { 1278 /* 1279 * Reauthentication cancels the pending group key 1280 * update for this STA. 1281 */ 1282 sm->group->GKeyDoneStations--; 1283 sm->GUpdateStationKeys = FALSE; 1284 sm->PtkGroupInit = TRUE; 1285 } 1286 sm->ReAuthenticationRequest = TRUE; 1287 break; 1288 case WPA_ASSOC_FT: 1289 #ifdef CONFIG_IEEE80211R 1290 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " 1291 "after association"); 1292 wpa_ft_install_ptk(sm); 1293 1294 /* Using FT protocol, not WPA auth state machine */ 1295 sm->ft_completed = 1; 1296 return 0; 1297 #else /* CONFIG_IEEE80211R */ 1298 break; 1299 #endif /* CONFIG_IEEE80211R */ 1300 } 1301 1302 #ifdef CONFIG_IEEE80211R 1303 sm->ft_completed = 0; 1304 #endif /* CONFIG_IEEE80211R */ 1305 1306 #ifdef CONFIG_IEEE80211W 1307 if (sm->mgmt_frame_prot && event == WPA_AUTH) 1308 remove_ptk = 0; 1309 #endif /* CONFIG_IEEE80211W */ 1310 1311 if (remove_ptk) { 1312 sm->PTK_valid = FALSE; 1313 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1314 1315 if (event != WPA_REAUTH_EAPOL) 1316 wpa_remove_ptk(sm); 1317 } 1318 1319 return wpa_sm_step(sm); 1320 } 1321 1322 1323 static enum wpa_alg wpa_alg_enum(int alg) 1324 { 1325 switch (alg) { 1326 case WPA_CIPHER_CCMP: 1327 return WPA_ALG_CCMP; 1328 case WPA_CIPHER_TKIP: 1329 return WPA_ALG_TKIP; 1330 case WPA_CIPHER_WEP104: 1331 case WPA_CIPHER_WEP40: 1332 return WPA_ALG_WEP; 1333 default: 1334 return WPA_ALG_NONE; 1335 } 1336 } 1337 1338 1339 SM_STATE(WPA_PTK, INITIALIZE) 1340 { 1341 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); 1342 if (sm->Init) { 1343 /* Init flag is not cleared here, so avoid busy 1344 * loop by claiming nothing changed. */ 1345 sm->changed = FALSE; 1346 } 1347 1348 sm->keycount = 0; 1349 if (sm->GUpdateStationKeys) 1350 sm->group->GKeyDoneStations--; 1351 sm->GUpdateStationKeys = FALSE; 1352 if (sm->wpa == WPA_VERSION_WPA) 1353 sm->PInitAKeys = FALSE; 1354 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and 1355 * Local AA > Remote AA)) */) { 1356 sm->Pair = TRUE; 1357 } 1358 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); 1359 wpa_remove_ptk(sm); 1360 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); 1361 sm->TimeoutCtr = 0; 1362 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1363 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1364 WPA_EAPOL_authorized, 0); 1365 } 1366 } 1367 1368 1369 SM_STATE(WPA_PTK, DISCONNECT) 1370 { 1371 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); 1372 sm->Disconnect = FALSE; 1373 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1374 } 1375 1376 1377 SM_STATE(WPA_PTK, DISCONNECTED) 1378 { 1379 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); 1380 sm->DeauthenticationRequest = FALSE; 1381 } 1382 1383 1384 SM_STATE(WPA_PTK, AUTHENTICATION) 1385 { 1386 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); 1387 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1388 sm->PTK_valid = FALSE; 1389 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, 1390 1); 1391 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); 1392 sm->AuthenticationRequest = FALSE; 1393 } 1394 1395 1396 SM_STATE(WPA_PTK, AUTHENTICATION2) 1397 { 1398 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); 1399 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN); 1400 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1401 sm->ReAuthenticationRequest = FALSE; 1402 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more 1403 * logical place than INITIALIZE since AUTHENTICATION2 can be 1404 * re-entered on ReAuthenticationRequest without going through 1405 * INITIALIZE. */ 1406 sm->TimeoutCtr = 0; 1407 } 1408 1409 1410 SM_STATE(WPA_PTK, INITPMK) 1411 { 1412 u8 msk[2 * PMK_LEN]; 1413 size_t len = 2 * PMK_LEN; 1414 1415 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); 1416 #ifdef CONFIG_IEEE80211R 1417 sm->xxkey_len = 0; 1418 #endif /* CONFIG_IEEE80211R */ 1419 if (sm->pmksa) { 1420 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); 1421 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN); 1422 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { 1423 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " 1424 "(len=%lu)", (unsigned long) len); 1425 os_memcpy(sm->PMK, msk, PMK_LEN); 1426 #ifdef CONFIG_IEEE80211R 1427 if (len >= 2 * PMK_LEN) { 1428 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); 1429 sm->xxkey_len = PMK_LEN; 1430 } 1431 #endif /* CONFIG_IEEE80211R */ 1432 } else { 1433 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK"); 1434 } 1435 1436 sm->req_replay_counter_used = 0; 1437 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this 1438 * will break reauthentication since EAPOL state machines may not be 1439 * get into AUTHENTICATING state that clears keyRun before WPA state 1440 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK 1441 * state and takes PMK from the previously used AAA Key. This will 1442 * eventually fail in 4-Way Handshake because Supplicant uses PMK 1443 * derived from the new AAA Key. Setting keyRun = FALSE here seems to 1444 * be good workaround for this issue. */ 1445 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); 1446 } 1447 1448 1449 SM_STATE(WPA_PTK, INITPSK) 1450 { 1451 const u8 *psk; 1452 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); 1453 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL); 1454 if (psk) { 1455 os_memcpy(sm->PMK, psk, PMK_LEN); 1456 #ifdef CONFIG_IEEE80211R 1457 os_memcpy(sm->xxkey, psk, PMK_LEN); 1458 sm->xxkey_len = PMK_LEN; 1459 #endif /* CONFIG_IEEE80211R */ 1460 } 1461 sm->req_replay_counter_used = 0; 1462 } 1463 1464 1465 SM_STATE(WPA_PTK, PTKSTART) 1466 { 1467 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; 1468 size_t pmkid_len = 0; 1469 1470 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); 1471 sm->PTKRequest = FALSE; 1472 sm->TimeoutEvt = FALSE; 1473 1474 sm->TimeoutCtr++; 1475 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1476 /* No point in sending the EAPOL-Key - we will disconnect 1477 * immediately following this. */ 1478 return; 1479 } 1480 1481 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1482 "sending 1/4 msg of 4-Way Handshake"); 1483 /* 1484 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only 1485 * one possible PSK for this STA. 1486 */ 1487 if (sm->wpa == WPA_VERSION_WPA2 && 1488 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) { 1489 pmkid = buf; 1490 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 1491 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC; 1492 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; 1493 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID); 1494 if (sm->pmksa) 1495 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN], 1496 sm->pmksa->pmkid, PMKID_LEN); 1497 else { 1498 /* 1499 * Calculate PMKID since no PMKSA cache entry was 1500 * available with pre-calculated PMKID. 1501 */ 1502 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr, 1503 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], 1504 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 1505 } 1506 } 1507 wpa_send_eapol(sm->wpa_auth, sm, 1508 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, 1509 sm->ANonce, pmkid, pmkid_len, 0, 0); 1510 } 1511 1512 1513 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk, 1514 struct wpa_ptk *ptk) 1515 { 1516 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64; 1517 #ifdef CONFIG_IEEE80211R 1518 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 1519 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len); 1520 #endif /* CONFIG_IEEE80211R */ 1521 1522 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion", 1523 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce, 1524 (u8 *) ptk, ptk_len, 1525 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 1526 1527 return 0; 1528 } 1529 1530 1531 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) 1532 { 1533 struct wpa_ptk PTK; 1534 int ok = 0; 1535 const u8 *pmk = NULL; 1536 1537 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); 1538 sm->EAPOLKeyReceived = FALSE; 1539 1540 /* WPA with IEEE 802.1X: use the derived PMK from EAP 1541 * WPA-PSK: iterate through possible PSKs and select the one matching 1542 * the packet */ 1543 for (;;) { 1544 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1545 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk); 1546 if (pmk == NULL) 1547 break; 1548 } else 1549 pmk = sm->PMK; 1550 1551 wpa_derive_ptk(sm, pmk, &PTK); 1552 1553 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key, 1554 sm->last_rx_eapol_key_len) == 0) { 1555 ok = 1; 1556 break; 1557 } 1558 1559 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 1560 break; 1561 } 1562 1563 if (!ok) { 1564 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1565 "invalid MIC in msg 2/4 of 4-Way Handshake"); 1566 return; 1567 } 1568 1569 #ifdef CONFIG_IEEE80211R 1570 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1571 /* 1572 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches 1573 * with the value we derived. 1574 */ 1575 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name, 1576 WPA_PMK_NAME_LEN) != 0) { 1577 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1578 "PMKR1Name mismatch in FT 4-way " 1579 "handshake"); 1580 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " 1581 "Supplicant", 1582 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); 1583 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1584 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1585 return; 1586 } 1587 } 1588 #endif /* CONFIG_IEEE80211R */ 1589 1590 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 1591 1592 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1593 /* PSK may have changed from the previous choice, so update 1594 * state machine data based on whatever PSK was selected here. 1595 */ 1596 os_memcpy(sm->PMK, pmk, PMK_LEN); 1597 } 1598 1599 sm->MICVerified = TRUE; 1600 1601 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 1602 sm->PTK_valid = TRUE; 1603 } 1604 1605 1606 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) 1607 { 1608 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); 1609 sm->TimeoutCtr = 0; 1610 } 1611 1612 1613 #ifdef CONFIG_IEEE80211W 1614 1615 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 1616 { 1617 if (sm->mgmt_frame_prot) { 1618 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde); 1619 } 1620 1621 return 0; 1622 } 1623 1624 1625 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 1626 { 1627 struct wpa_igtk_kde igtk; 1628 struct wpa_group *gsm = sm->group; 1629 1630 if (!sm->mgmt_frame_prot) 1631 return pos; 1632 1633 igtk.keyid[0] = gsm->GN_igtk; 1634 igtk.keyid[1] = 0; 1635 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE || 1636 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0) 1637 os_memset(igtk.pn, 0, sizeof(igtk.pn)); 1638 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN); 1639 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, 1640 (const u8 *) &igtk, sizeof(igtk), NULL, 0); 1641 1642 return pos; 1643 } 1644 1645 #else /* CONFIG_IEEE80211W */ 1646 1647 static int ieee80211w_kde_len(struct wpa_state_machine *sm) 1648 { 1649 return 0; 1650 } 1651 1652 1653 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 1654 { 1655 return pos; 1656 } 1657 1658 #endif /* CONFIG_IEEE80211W */ 1659 1660 1661 SM_STATE(WPA_PTK, PTKINITNEGOTIATING) 1662 { 1663 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos; 1664 size_t gtk_len, kde_len; 1665 struct wpa_group *gsm = sm->group; 1666 u8 *wpa_ie; 1667 int wpa_ie_len, secure, keyidx, encr = 0; 1668 1669 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); 1670 sm->TimeoutEvt = FALSE; 1671 1672 sm->TimeoutCtr++; 1673 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1674 /* No point in sending the EAPOL-Key - we will disconnect 1675 * immediately following this. */ 1676 return; 1677 } 1678 1679 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE], 1680 GTK[GN], IGTK, [FTIE], [TIE * 2]) 1681 */ 1682 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 1683 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 1684 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */ 1685 wpa_ie = sm->wpa_auth->wpa_ie; 1686 wpa_ie_len = sm->wpa_auth->wpa_ie_len; 1687 if (sm->wpa == WPA_VERSION_WPA && 1688 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && 1689 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { 1690 /* WPA-only STA, remove RSN IE */ 1691 wpa_ie = wpa_ie + wpa_ie[1] + 2; 1692 wpa_ie_len = wpa_ie[1] + 2; 1693 } 1694 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1695 "sending 3/4 msg of 4-Way Handshake"); 1696 if (sm->wpa == WPA_VERSION_WPA2) { 1697 /* WPA2 send GTK in the 4-way handshake */ 1698 secure = 1; 1699 gtk = gsm->GTK[gsm->GN - 1]; 1700 gtk_len = gsm->GTK_len; 1701 keyidx = gsm->GN; 1702 _rsc = rsc; 1703 encr = 1; 1704 } else { 1705 /* WPA does not include GTK in msg 3/4 */ 1706 secure = 0; 1707 gtk = NULL; 1708 gtk_len = 0; 1709 keyidx = 0; 1710 _rsc = NULL; 1711 } 1712 1713 kde_len = wpa_ie_len + ieee80211w_kde_len(sm); 1714 if (gtk) 1715 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; 1716 #ifdef CONFIG_IEEE80211R 1717 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1718 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */ 1719 kde_len += 300; /* FTIE + 2 * TIE */ 1720 } 1721 #endif /* CONFIG_IEEE80211R */ 1722 kde = os_malloc(kde_len); 1723 if (kde == NULL) 1724 return; 1725 1726 pos = kde; 1727 os_memcpy(pos, wpa_ie, wpa_ie_len); 1728 pos += wpa_ie_len; 1729 #ifdef CONFIG_IEEE80211R 1730 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1731 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); 1732 if (res < 0) { 1733 wpa_printf(MSG_ERROR, "FT: Failed to insert " 1734 "PMKR1Name into RSN IE in EAPOL-Key data"); 1735 os_free(kde); 1736 return; 1737 } 1738 pos += res; 1739 } 1740 #endif /* CONFIG_IEEE80211R */ 1741 if (gtk) { 1742 u8 hdr[2]; 1743 hdr[0] = keyidx & 0x03; 1744 hdr[1] = 0; 1745 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 1746 gtk, gtk_len); 1747 } 1748 pos = ieee80211w_kde_add(sm, pos); 1749 1750 #ifdef CONFIG_IEEE80211R 1751 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 1752 int res; 1753 struct wpa_auth_config *conf; 1754 1755 conf = &sm->wpa_auth->conf; 1756 res = wpa_write_ftie(conf, conf->r0_key_holder, 1757 conf->r0_key_holder_len, 1758 NULL, NULL, pos, kde + kde_len - pos, 1759 NULL, 0); 1760 if (res < 0) { 1761 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " 1762 "into EAPOL-Key Key Data"); 1763 os_free(kde); 1764 return; 1765 } 1766 pos += res; 1767 1768 /* TIE[ReassociationDeadline] (TU) */ 1769 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 1770 *pos++ = 5; 1771 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE; 1772 WPA_PUT_LE32(pos, conf->reassociation_deadline); 1773 pos += 4; 1774 1775 /* TIE[KeyLifetime] (seconds) */ 1776 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 1777 *pos++ = 5; 1778 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; 1779 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); 1780 pos += 4; 1781 } 1782 #endif /* CONFIG_IEEE80211R */ 1783 1784 wpa_send_eapol(sm->wpa_auth, sm, 1785 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | 1786 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | 1787 WPA_KEY_INFO_KEY_TYPE, 1788 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); 1789 os_free(kde); 1790 } 1791 1792 1793 SM_STATE(WPA_PTK, PTKINITDONE) 1794 { 1795 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); 1796 sm->EAPOLKeyReceived = FALSE; 1797 if (sm->Pair) { 1798 enum wpa_alg alg; 1799 int klen; 1800 if (sm->pairwise == WPA_CIPHER_TKIP) { 1801 alg = WPA_ALG_TKIP; 1802 klen = 32; 1803 } else { 1804 alg = WPA_ALG_CCMP; 1805 klen = 16; 1806 } 1807 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 1808 sm->PTK.tk1, klen)) { 1809 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1810 return; 1811 } 1812 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 1813 sm->pairwise_set = TRUE; 1814 1815 if (sm->wpa_auth->conf.wpa_ptk_rekey) { 1816 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1817 eloop_register_timeout(sm->wpa_auth->conf. 1818 wpa_ptk_rekey, 0, wpa_rekey_ptk, 1819 sm->wpa_auth, sm); 1820 } 1821 1822 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1823 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1824 WPA_EAPOL_authorized, 1); 1825 } 1826 } 1827 1828 if (0 /* IBSS == TRUE */) { 1829 sm->keycount++; 1830 if (sm->keycount == 2) { 1831 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1832 WPA_EAPOL_portValid, 1); 1833 } 1834 } else { 1835 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 1836 1); 1837 } 1838 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); 1839 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); 1840 if (sm->wpa == WPA_VERSION_WPA) 1841 sm->PInitAKeys = TRUE; 1842 else 1843 sm->has_GTK = TRUE; 1844 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 1845 "pairwise key handshake completed (%s)", 1846 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 1847 1848 #ifdef CONFIG_IEEE80211R 1849 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); 1850 #endif /* CONFIG_IEEE80211R */ 1851 } 1852 1853 1854 SM_STEP(WPA_PTK) 1855 { 1856 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 1857 1858 if (sm->Init) 1859 SM_ENTER(WPA_PTK, INITIALIZE); 1860 else if (sm->Disconnect 1861 /* || FIX: dot11RSNAConfigSALifetime timeout */) 1862 SM_ENTER(WPA_PTK, DISCONNECT); 1863 else if (sm->DeauthenticationRequest) 1864 SM_ENTER(WPA_PTK, DISCONNECTED); 1865 else if (sm->AuthenticationRequest) 1866 SM_ENTER(WPA_PTK, AUTHENTICATION); 1867 else if (sm->ReAuthenticationRequest) 1868 SM_ENTER(WPA_PTK, AUTHENTICATION2); 1869 else if (sm->PTKRequest) 1870 SM_ENTER(WPA_PTK, PTKSTART); 1871 else switch (sm->wpa_ptk_state) { 1872 case WPA_PTK_INITIALIZE: 1873 break; 1874 case WPA_PTK_DISCONNECT: 1875 SM_ENTER(WPA_PTK, DISCONNECTED); 1876 break; 1877 case WPA_PTK_DISCONNECTED: 1878 SM_ENTER(WPA_PTK, INITIALIZE); 1879 break; 1880 case WPA_PTK_AUTHENTICATION: 1881 SM_ENTER(WPA_PTK, AUTHENTICATION2); 1882 break; 1883 case WPA_PTK_AUTHENTICATION2: 1884 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 1885 wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 1886 WPA_EAPOL_keyRun) > 0) 1887 SM_ENTER(WPA_PTK, INITPMK); 1888 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) 1889 /* FIX: && 802.1X::keyRun */) 1890 SM_ENTER(WPA_PTK, INITPSK); 1891 break; 1892 case WPA_PTK_INITPMK: 1893 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 1894 WPA_EAPOL_keyAvailable) > 0) 1895 SM_ENTER(WPA_PTK, PTKSTART); 1896 else { 1897 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1898 SM_ENTER(WPA_PTK, DISCONNECT); 1899 } 1900 break; 1901 case WPA_PTK_INITPSK: 1902 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL)) 1903 SM_ENTER(WPA_PTK, PTKSTART); 1904 else { 1905 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 1906 "no PSK configured for the STA"); 1907 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1908 SM_ENTER(WPA_PTK, DISCONNECT); 1909 } 1910 break; 1911 case WPA_PTK_PTKSTART: 1912 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1913 sm->EAPOLKeyPairwise) 1914 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 1915 else if (sm->TimeoutCtr > 1916 (int) dot11RSNAConfigPairwiseUpdateCount) { 1917 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1918 SM_ENTER(WPA_PTK, DISCONNECT); 1919 } else if (sm->TimeoutEvt) 1920 SM_ENTER(WPA_PTK, PTKSTART); 1921 break; 1922 case WPA_PTK_PTKCALCNEGOTIATING: 1923 if (sm->MICVerified) 1924 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); 1925 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1926 sm->EAPOLKeyPairwise) 1927 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 1928 else if (sm->TimeoutEvt) 1929 SM_ENTER(WPA_PTK, PTKSTART); 1930 break; 1931 case WPA_PTK_PTKCALCNEGOTIATING2: 1932 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 1933 break; 1934 case WPA_PTK_PTKINITNEGOTIATING: 1935 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 1936 sm->EAPOLKeyPairwise && sm->MICVerified) 1937 SM_ENTER(WPA_PTK, PTKINITDONE); 1938 else if (sm->TimeoutCtr > 1939 (int) dot11RSNAConfigPairwiseUpdateCount) { 1940 wpa_auth->dot11RSNA4WayHandshakeFailures++; 1941 SM_ENTER(WPA_PTK, DISCONNECT); 1942 } else if (sm->TimeoutEvt) 1943 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 1944 break; 1945 case WPA_PTK_PTKINITDONE: 1946 break; 1947 } 1948 } 1949 1950 1951 SM_STATE(WPA_PTK_GROUP, IDLE) 1952 { 1953 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); 1954 if (sm->Init) { 1955 /* Init flag is not cleared here, so avoid busy 1956 * loop by claiming nothing changed. */ 1957 sm->changed = FALSE; 1958 } 1959 sm->GTimeoutCtr = 0; 1960 } 1961 1962 1963 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) 1964 { 1965 u8 rsc[WPA_KEY_RSC_LEN]; 1966 struct wpa_group *gsm = sm->group; 1967 u8 *kde, *pos, hdr[2]; 1968 size_t kde_len; 1969 1970 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); 1971 1972 sm->GTimeoutCtr++; 1973 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { 1974 /* No point in sending the EAPOL-Key - we will disconnect 1975 * immediately following this. */ 1976 return; 1977 } 1978 1979 if (sm->wpa == WPA_VERSION_WPA) 1980 sm->PInitAKeys = FALSE; 1981 sm->TimeoutEvt = FALSE; 1982 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ 1983 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 1984 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) 1985 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 1986 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1987 "sending 1/2 msg of Group Key Handshake"); 1988 1989 if (sm->wpa == WPA_VERSION_WPA2) { 1990 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + 1991 ieee80211w_kde_len(sm); 1992 kde = os_malloc(kde_len); 1993 if (kde == NULL) 1994 return; 1995 1996 pos = kde; 1997 hdr[0] = gsm->GN & 0x03; 1998 hdr[1] = 0; 1999 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2000 gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2001 pos = ieee80211w_kde_add(sm, pos); 2002 } else { 2003 kde = gsm->GTK[gsm->GN - 1]; 2004 pos = kde + gsm->GTK_len; 2005 } 2006 2007 wpa_send_eapol(sm->wpa_auth, sm, 2008 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | 2009 WPA_KEY_INFO_ACK | 2010 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), 2011 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1); 2012 if (sm->wpa == WPA_VERSION_WPA2) 2013 os_free(kde); 2014 } 2015 2016 2017 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) 2018 { 2019 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); 2020 sm->EAPOLKeyReceived = FALSE; 2021 if (sm->GUpdateStationKeys) 2022 sm->group->GKeyDoneStations--; 2023 sm->GUpdateStationKeys = FALSE; 2024 sm->GTimeoutCtr = 0; 2025 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ 2026 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2027 "group key handshake completed (%s)", 2028 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2029 sm->has_GTK = TRUE; 2030 } 2031 2032 2033 SM_STATE(WPA_PTK_GROUP, KEYERROR) 2034 { 2035 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); 2036 if (sm->GUpdateStationKeys) 2037 sm->group->GKeyDoneStations--; 2038 sm->GUpdateStationKeys = FALSE; 2039 sm->Disconnect = TRUE; 2040 } 2041 2042 2043 SM_STEP(WPA_PTK_GROUP) 2044 { 2045 if (sm->Init || sm->PtkGroupInit) { 2046 SM_ENTER(WPA_PTK_GROUP, IDLE); 2047 sm->PtkGroupInit = FALSE; 2048 } else switch (sm->wpa_ptk_group_state) { 2049 case WPA_PTK_GROUP_IDLE: 2050 if (sm->GUpdateStationKeys || 2051 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) 2052 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2053 break; 2054 case WPA_PTK_GROUP_REKEYNEGOTIATING: 2055 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2056 !sm->EAPOLKeyPairwise && sm->MICVerified) 2057 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); 2058 else if (sm->GTimeoutCtr > 2059 (int) dot11RSNAConfigGroupUpdateCount) 2060 SM_ENTER(WPA_PTK_GROUP, KEYERROR); 2061 else if (sm->TimeoutEvt) 2062 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2063 break; 2064 case WPA_PTK_GROUP_KEYERROR: 2065 SM_ENTER(WPA_PTK_GROUP, IDLE); 2066 break; 2067 case WPA_PTK_GROUP_REKEYESTABLISHED: 2068 SM_ENTER(WPA_PTK_GROUP, IDLE); 2069 break; 2070 } 2071 } 2072 2073 2074 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 2075 struct wpa_group *group) 2076 { 2077 int ret = 0; 2078 2079 /* FIX: is this the correct way of getting GNonce? */ 2080 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2081 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2082 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce, 2083 group->GTK[group->GN - 1], group->GTK_len); 2084 2085 #ifdef CONFIG_IEEE80211W 2086 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2087 if (os_get_random(group->IGTK[group->GN_igtk - 4], 2088 WPA_IGTK_LEN) < 0) { 2089 wpa_printf(MSG_INFO, "RSN: Failed to get new random " 2090 "IGTK"); 2091 ret = -1; 2092 } 2093 wpa_hexdump_key(MSG_DEBUG, "IGTK", 2094 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN); 2095 } 2096 #endif /* CONFIG_IEEE80211W */ 2097 2098 return ret; 2099 } 2100 2101 2102 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, 2103 struct wpa_group *group) 2104 { 2105 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2106 "GTK_INIT (VLAN-ID %d)", group->vlan_id); 2107 group->changed = FALSE; /* GInit is not cleared here; avoid loop */ 2108 group->wpa_group_state = WPA_GROUP_GTK_INIT; 2109 2110 /* GTK[0..N] = 0 */ 2111 os_memset(group->GTK, 0, sizeof(group->GTK)); 2112 group->GN = 1; 2113 group->GM = 2; 2114 #ifdef CONFIG_IEEE80211W 2115 group->GN_igtk = 4; 2116 group->GM_igtk = 5; 2117 #endif /* CONFIG_IEEE80211W */ 2118 /* GTK[GN] = CalcGTK() */ 2119 wpa_gtk_update(wpa_auth, group); 2120 } 2121 2122 2123 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) 2124 { 2125 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { 2126 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2127 "Not in PTKINITDONE; skip Group Key update"); 2128 return 0; 2129 } 2130 if (sm->GUpdateStationKeys) { 2131 /* 2132 * This should not really happen, but just in case, make sure 2133 * we do not count the same STA twice in GKeyDoneStations. 2134 */ 2135 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2136 "GUpdateStationKeys already set - do not " 2137 "increment GKeyDoneStations"); 2138 } else { 2139 sm->group->GKeyDoneStations++; 2140 sm->GUpdateStationKeys = TRUE; 2141 } 2142 wpa_sm_step(sm); 2143 return 0; 2144 } 2145 2146 2147 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, 2148 struct wpa_group *group) 2149 { 2150 int tmp; 2151 2152 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2153 "SETKEYS (VLAN-ID %d)", group->vlan_id); 2154 group->changed = TRUE; 2155 group->wpa_group_state = WPA_GROUP_SETKEYS; 2156 group->GTKReKey = FALSE; 2157 tmp = group->GM; 2158 group->GM = group->GN; 2159 group->GN = tmp; 2160 #ifdef CONFIG_IEEE80211W 2161 tmp = group->GM_igtk; 2162 group->GM_igtk = group->GN_igtk; 2163 group->GN_igtk = tmp; 2164 #endif /* CONFIG_IEEE80211W */ 2165 /* "GKeyDoneStations = GNoStations" is done in more robust way by 2166 * counting the STAs that are marked with GUpdateStationKeys instead of 2167 * including all STAs that could be in not-yet-completed state. */ 2168 wpa_gtk_update(wpa_auth, group); 2169 2170 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL); 2171 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", 2172 group->GKeyDoneStations); 2173 } 2174 2175 2176 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, 2177 struct wpa_group *group) 2178 { 2179 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2180 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); 2181 group->changed = TRUE; 2182 group->wpa_group_state = WPA_GROUP_SETKEYSDONE; 2183 wpa_auth_set_key(wpa_auth, group->vlan_id, 2184 wpa_alg_enum(wpa_auth->conf.wpa_group), 2185 NULL, group->GN, group->GTK[group->GN - 1], 2186 group->GTK_len); 2187 2188 #ifdef CONFIG_IEEE80211W 2189 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2190 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK, 2191 NULL, group->GN_igtk, 2192 group->IGTK[group->GN_igtk - 4], 2193 WPA_IGTK_LEN); 2194 } 2195 #endif /* CONFIG_IEEE80211W */ 2196 } 2197 2198 2199 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 2200 struct wpa_group *group) 2201 { 2202 if (group->GInit) { 2203 wpa_group_gtk_init(wpa_auth, group); 2204 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && 2205 group->GTKAuthenticator) { 2206 wpa_group_setkeysdone(wpa_auth, group); 2207 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && 2208 group->GTKReKey) { 2209 wpa_group_setkeys(wpa_auth, group); 2210 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { 2211 if (group->GKeyDoneStations == 0) 2212 wpa_group_setkeysdone(wpa_auth, group); 2213 else if (group->GTKReKey) 2214 wpa_group_setkeys(wpa_auth, group); 2215 } 2216 } 2217 2218 2219 static int wpa_sm_step(struct wpa_state_machine *sm) 2220 { 2221 if (sm == NULL) 2222 return 0; 2223 2224 if (sm->in_step_loop) { 2225 /* This should not happen, but if it does, make sure we do not 2226 * end up freeing the state machine too early by exiting the 2227 * recursive call. */ 2228 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); 2229 return 0; 2230 } 2231 2232 sm->in_step_loop = 1; 2233 do { 2234 if (sm->pending_deinit) 2235 break; 2236 2237 sm->changed = FALSE; 2238 sm->wpa_auth->group->changed = FALSE; 2239 2240 SM_STEP_RUN(WPA_PTK); 2241 if (sm->pending_deinit) 2242 break; 2243 SM_STEP_RUN(WPA_PTK_GROUP); 2244 if (sm->pending_deinit) 2245 break; 2246 wpa_group_sm_step(sm->wpa_auth, sm->group); 2247 } while (sm->changed || sm->wpa_auth->group->changed); 2248 sm->in_step_loop = 0; 2249 2250 if (sm->pending_deinit) { 2251 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " 2252 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 2253 wpa_free_sta_sm(sm); 2254 return 1; 2255 } 2256 return 0; 2257 } 2258 2259 2260 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) 2261 { 2262 struct wpa_state_machine *sm = eloop_ctx; 2263 wpa_sm_step(sm); 2264 } 2265 2266 2267 void wpa_auth_sm_notify(struct wpa_state_machine *sm) 2268 { 2269 if (sm == NULL) 2270 return; 2271 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); 2272 } 2273 2274 2275 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) 2276 { 2277 int tmp, i; 2278 struct wpa_group *group; 2279 2280 if (wpa_auth == NULL) 2281 return; 2282 2283 group = wpa_auth->group; 2284 2285 for (i = 0; i < 2; i++) { 2286 tmp = group->GM; 2287 group->GM = group->GN; 2288 group->GN = tmp; 2289 #ifdef CONFIG_IEEE80211W 2290 tmp = group->GM_igtk; 2291 group->GM_igtk = group->GN_igtk; 2292 group->GN_igtk = tmp; 2293 #endif /* CONFIG_IEEE80211W */ 2294 wpa_gtk_update(wpa_auth, group); 2295 } 2296 } 2297 2298 2299 static const char * wpa_bool_txt(int bool) 2300 { 2301 return bool ? "TRUE" : "FALSE"; 2302 } 2303 2304 2305 static int wpa_cipher_bits(int cipher) 2306 { 2307 switch (cipher) { 2308 case WPA_CIPHER_CCMP: 2309 return 128; 2310 case WPA_CIPHER_TKIP: 2311 return 256; 2312 case WPA_CIPHER_WEP104: 2313 return 104; 2314 case WPA_CIPHER_WEP40: 2315 return 40; 2316 default: 2317 return 0; 2318 } 2319 } 2320 2321 2322 #define RSN_SUITE "%02x-%02x-%02x-%d" 2323 #define RSN_SUITE_ARG(s) \ 2324 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2325 2326 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) 2327 { 2328 int len = 0, ret; 2329 char pmkid_txt[PMKID_LEN * 2 + 1]; 2330 2331 if (wpa_auth == NULL) 2332 return len; 2333 2334 ret = os_snprintf(buf + len, buflen - len, 2335 "dot11RSNAOptionImplemented=TRUE\n" 2336 #ifdef CONFIG_RSN_PREAUTH 2337 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2338 #else /* CONFIG_RSN_PREAUTH */ 2339 "dot11RSNAPreauthenticationImplemented=FALSE\n" 2340 #endif /* CONFIG_RSN_PREAUTH */ 2341 "dot11RSNAEnabled=%s\n" 2342 "dot11RSNAPreauthenticationEnabled=%s\n", 2343 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN), 2344 wpa_bool_txt(wpa_auth->conf.rsn_preauth)); 2345 if (ret < 0 || (size_t) ret >= buflen - len) 2346 return len; 2347 len += ret; 2348 2349 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2350 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); 2351 2352 ret = os_snprintf( 2353 buf + len, buflen - len, 2354 "dot11RSNAConfigVersion=%u\n" 2355 "dot11RSNAConfigPairwiseKeysSupported=9999\n" 2356 /* FIX: dot11RSNAConfigGroupCipher */ 2357 /* FIX: dot11RSNAConfigGroupRekeyMethod */ 2358 /* FIX: dot11RSNAConfigGroupRekeyTime */ 2359 /* FIX: dot11RSNAConfigGroupRekeyPackets */ 2360 "dot11RSNAConfigGroupRekeyStrict=%u\n" 2361 "dot11RSNAConfigGroupUpdateCount=%u\n" 2362 "dot11RSNAConfigPairwiseUpdateCount=%u\n" 2363 "dot11RSNAConfigGroupCipherSize=%u\n" 2364 "dot11RSNAConfigPMKLifetime=%u\n" 2365 "dot11RSNAConfigPMKReauthThreshold=%u\n" 2366 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" 2367 "dot11RSNAConfigSATimeout=%u\n" 2368 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2369 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2370 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2371 "dot11RSNAPMKIDUsed=%s\n" 2372 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2373 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2374 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2375 "dot11RSNATKIPCounterMeasuresInvoked=%u\n" 2376 "dot11RSNA4WayHandshakeFailures=%u\n" 2377 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", 2378 RSN_VERSION, 2379 !!wpa_auth->conf.wpa_strict_rekey, 2380 dot11RSNAConfigGroupUpdateCount, 2381 dot11RSNAConfigPairwiseUpdateCount, 2382 wpa_cipher_bits(wpa_auth->conf.wpa_group), 2383 dot11RSNAConfigPMKLifetime, 2384 dot11RSNAConfigPMKReauthThreshold, 2385 dot11RSNAConfigSATimeout, 2386 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected), 2387 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected), 2388 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), 2389 pmkid_txt, 2390 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested), 2391 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested), 2392 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), 2393 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, 2394 wpa_auth->dot11RSNA4WayHandshakeFailures); 2395 if (ret < 0 || (size_t) ret >= buflen - len) 2396 return len; 2397 len += ret; 2398 2399 /* TODO: dot11RSNAConfigPairwiseCiphersTable */ 2400 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ 2401 2402 /* Private MIB */ 2403 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", 2404 wpa_auth->group->wpa_group_state); 2405 if (ret < 0 || (size_t) ret >= buflen - len) 2406 return len; 2407 len += ret; 2408 2409 return len; 2410 } 2411 2412 2413 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) 2414 { 2415 int len = 0, ret; 2416 u32 pairwise = 0; 2417 2418 if (sm == NULL) 2419 return 0; 2420 2421 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ 2422 2423 /* dot11RSNAStatsEntry */ 2424 2425 if (sm->wpa == WPA_VERSION_WPA) { 2426 if (sm->pairwise == WPA_CIPHER_CCMP) 2427 pairwise = WPA_CIPHER_SUITE_CCMP; 2428 else if (sm->pairwise == WPA_CIPHER_TKIP) 2429 pairwise = WPA_CIPHER_SUITE_TKIP; 2430 else if (sm->pairwise == WPA_CIPHER_WEP104) 2431 pairwise = WPA_CIPHER_SUITE_WEP104; 2432 else if (sm->pairwise == WPA_CIPHER_WEP40) 2433 pairwise = WPA_CIPHER_SUITE_WEP40; 2434 else if (sm->pairwise == WPA_CIPHER_NONE) 2435 pairwise = WPA_CIPHER_SUITE_NONE; 2436 } else if (sm->wpa == WPA_VERSION_WPA2) { 2437 if (sm->pairwise == WPA_CIPHER_CCMP) 2438 pairwise = RSN_CIPHER_SUITE_CCMP; 2439 else if (sm->pairwise == WPA_CIPHER_TKIP) 2440 pairwise = RSN_CIPHER_SUITE_TKIP; 2441 else if (sm->pairwise == WPA_CIPHER_WEP104) 2442 pairwise = RSN_CIPHER_SUITE_WEP104; 2443 else if (sm->pairwise == WPA_CIPHER_WEP40) 2444 pairwise = RSN_CIPHER_SUITE_WEP40; 2445 else if (sm->pairwise == WPA_CIPHER_NONE) 2446 pairwise = RSN_CIPHER_SUITE_NONE; 2447 } else 2448 return 0; 2449 2450 ret = os_snprintf( 2451 buf + len, buflen - len, 2452 /* TODO: dot11RSNAStatsIndex */ 2453 "dot11RSNAStatsSTAAddress=" MACSTR "\n" 2454 "dot11RSNAStatsVersion=1\n" 2455 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" 2456 /* TODO: dot11RSNAStatsTKIPICVErrors */ 2457 "dot11RSNAStatsTKIPLocalMICFailures=%u\n" 2458 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n" 2459 /* TODO: dot11RSNAStatsCCMPReplays */ 2460 /* TODO: dot11RSNAStatsCCMPDecryptErrors */ 2461 /* TODO: dot11RSNAStatsTKIPReplays */, 2462 MAC2STR(sm->addr), 2463 RSN_SUITE_ARG(pairwise), 2464 sm->dot11RSNAStatsTKIPLocalMICFailures, 2465 sm->dot11RSNAStatsTKIPRemoteMICFailures); 2466 if (ret < 0 || (size_t) ret >= buflen - len) 2467 return len; 2468 len += ret; 2469 2470 /* Private MIB */ 2471 ret = os_snprintf(buf + len, buflen - len, 2472 "hostapdWPAPTKState=%d\n" 2473 "hostapdWPAPTKGroupState=%d\n", 2474 sm->wpa_ptk_state, 2475 sm->wpa_ptk_group_state); 2476 if (ret < 0 || (size_t) ret >= buflen - len) 2477 return len; 2478 len += ret; 2479 2480 return len; 2481 } 2482 2483 2484 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) 2485 { 2486 if (wpa_auth) 2487 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; 2488 } 2489 2490 2491 int wpa_auth_pairwise_set(struct wpa_state_machine *sm) 2492 { 2493 return sm && sm->pairwise_set; 2494 } 2495 2496 2497 int wpa_auth_get_pairwise(struct wpa_state_machine *sm) 2498 { 2499 return sm->pairwise; 2500 } 2501 2502 2503 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) 2504 { 2505 if (sm == NULL) 2506 return -1; 2507 return sm->wpa_key_mgmt; 2508 } 2509 2510 2511 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 2512 { 2513 if (sm == NULL) 2514 return 0; 2515 return sm->wpa; 2516 } 2517 2518 2519 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 2520 struct rsn_pmksa_cache_entry *entry) 2521 { 2522 if (sm == NULL || sm->pmksa != entry) 2523 return -1; 2524 sm->pmksa = NULL; 2525 return 0; 2526 } 2527 2528 2529 struct rsn_pmksa_cache_entry * 2530 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) 2531 { 2532 return sm ? sm->pmksa : NULL; 2533 } 2534 2535 2536 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) 2537 { 2538 if (sm) 2539 sm->dot11RSNAStatsTKIPLocalMICFailures++; 2540 } 2541 2542 2543 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) 2544 { 2545 if (wpa_auth == NULL) 2546 return NULL; 2547 *len = wpa_auth->wpa_ie_len; 2548 return wpa_auth->wpa_ie; 2549 } 2550 2551 2552 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 2553 int session_timeout, struct eapol_state_machine *eapol) 2554 { 2555 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2) 2556 return -1; 2557 2558 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN, 2559 sm->wpa_auth->addr, sm->addr, session_timeout, 2560 eapol, sm->wpa_key_mgmt)) 2561 return 0; 2562 2563 return -1; 2564 } 2565 2566 2567 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 2568 const u8 *pmk, size_t len, const u8 *sta_addr, 2569 int session_timeout, 2570 struct eapol_state_machine *eapol) 2571 { 2572 if (wpa_auth == NULL) 2573 return -1; 2574 2575 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr, 2576 sta_addr, session_timeout, eapol, 2577 WPA_KEY_MGMT_IEEE8021X)) 2578 return 0; 2579 2580 return -1; 2581 } 2582 2583 2584 static struct wpa_group * 2585 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) 2586 { 2587 struct wpa_group *group; 2588 2589 if (wpa_auth == NULL || wpa_auth->group == NULL) 2590 return NULL; 2591 2592 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", 2593 vlan_id); 2594 group = wpa_group_init(wpa_auth, vlan_id); 2595 if (group == NULL) 2596 return NULL; 2597 2598 group->next = wpa_auth->group->next; 2599 wpa_auth->group->next = group; 2600 2601 return group; 2602 } 2603 2604 2605 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) 2606 { 2607 struct wpa_group *group; 2608 2609 if (sm == NULL || sm->wpa_auth == NULL) 2610 return 0; 2611 2612 group = sm->wpa_auth->group; 2613 while (group) { 2614 if (group->vlan_id == vlan_id) 2615 break; 2616 group = group->next; 2617 } 2618 2619 if (group == NULL) { 2620 group = wpa_auth_add_group(sm->wpa_auth, vlan_id); 2621 if (group == NULL) 2622 return -1; 2623 } 2624 2625 if (sm->group == group) 2626 return 0; 2627 2628 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " 2629 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); 2630 2631 sm->group = group; 2632 return 0; 2633 } 2634