1 /* $OpenBSD: ieee80211_pae_input.c,v 1.35 2020/07/13 08:26:26 stsp Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Receive state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/errno.h> 32 33 #include <net/if.h> 34 #include <net/if_dl.h> 35 #include <net/if_media.h> 36 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 40 #include <net80211/ieee80211_var.h> 41 #include <net80211/ieee80211_priv.h> 42 43 void ieee80211_recv_4way_msg1(struct ieee80211com *, 44 struct ieee80211_eapol_key *, struct ieee80211_node *); 45 #ifndef IEEE80211_STA_ONLY 46 void ieee80211_recv_4way_msg2(struct ieee80211com *, 47 struct ieee80211_eapol_key *, struct ieee80211_node *, 48 const u_int8_t *); 49 #endif 50 int ieee80211_must_update_group_key(struct ieee80211_key *, const uint8_t *, 51 int); 52 void ieee80211_recv_4way_msg3(struct ieee80211com *, 53 struct ieee80211_eapol_key *, struct ieee80211_node *); 54 #ifndef IEEE80211_STA_ONLY 55 void ieee80211_recv_4way_msg4(struct ieee80211com *, 56 struct ieee80211_eapol_key *, struct ieee80211_node *); 57 void ieee80211_recv_4way_msg2or4(struct ieee80211com *, 58 struct ieee80211_eapol_key *, struct ieee80211_node *); 59 #endif 60 void ieee80211_recv_rsn_group_msg1(struct ieee80211com *, 61 struct ieee80211_eapol_key *, struct ieee80211_node *); 62 void ieee80211_recv_wpa_group_msg1(struct ieee80211com *, 63 struct ieee80211_eapol_key *, struct ieee80211_node *); 64 #ifndef IEEE80211_STA_ONLY 65 void ieee80211_recv_group_msg2(struct ieee80211com *, 66 struct ieee80211_eapol_key *, struct ieee80211_node *); 67 void ieee80211_recv_eapol_key_req(struct ieee80211com *, 68 struct ieee80211_eapol_key *, struct ieee80211_node *); 69 #endif 70 71 /* 72 * Process an incoming EAPOL frame. Notice that we are only interested in 73 * EAPOL-Key frames with an IEEE 802.11 or WPA descriptor type. 74 */ 75 void 76 ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m, 77 struct ieee80211_node *ni) 78 { 79 struct ifnet *ifp = &ic->ic_if; 80 struct ether_header *eh; 81 struct ieee80211_eapol_key *key; 82 u_int16_t info, desc; 83 int totlen, bodylen, paylen; 84 85 ifp->if_ibytes += m->m_pkthdr.len; 86 87 eh = mtod(m, struct ether_header *); 88 if (IEEE80211_IS_MULTICAST(eh->ether_dhost)) { 89 ifp->if_imcasts++; 90 goto done; 91 } 92 m_adj(m, sizeof(*eh)); 93 94 if (m->m_pkthdr.len < sizeof(*key)) 95 goto done; 96 if (m->m_len < sizeof(*key) && 97 (m = m_pullup(m, sizeof(*key))) == NULL) { 98 ic->ic_stats.is_rx_nombuf++; 99 goto done; 100 } 101 key = mtod(m, struct ieee80211_eapol_key *); 102 103 if (key->type != EAPOL_KEY) 104 goto done; 105 ic->ic_stats.is_rx_eapol_key++; 106 107 if ((ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 108 key->desc != EAPOL_KEY_DESC_IEEE80211) || 109 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA && 110 key->desc != EAPOL_KEY_DESC_WPA)) 111 goto done; 112 113 /* check packet body length */ 114 bodylen = BE_READ_2(key->len); 115 totlen = 4 + bodylen; 116 if (m->m_pkthdr.len < totlen || totlen > MCLBYTES) 117 goto done; 118 119 /* check key data length */ 120 paylen = BE_READ_2(key->paylen); 121 if (paylen > totlen - sizeof(*key)) 122 goto done; 123 124 info = BE_READ_2(key->info); 125 126 /* discard EAPOL-Key frames with an unknown descriptor version */ 127 desc = info & EAPOL_KEY_VERSION_MASK; 128 if (desc < EAPOL_KEY_DESC_V1 || desc > EAPOL_KEY_DESC_V3) 129 goto done; 130 131 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) { 132 if (desc != EAPOL_KEY_DESC_V3) 133 goto done; 134 } else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 135 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) { 136 if (desc != EAPOL_KEY_DESC_V2) 137 goto done; 138 } 139 140 /* make sure the key data field is contiguous */ 141 if (m->m_len < totlen && (m = m_pullup(m, totlen)) == NULL) { 142 ic->ic_stats.is_rx_nombuf++; 143 goto done; 144 } 145 key = mtod(m, struct ieee80211_eapol_key *); 146 147 /* determine message type (see 8.5.3.7) */ 148 if (info & EAPOL_KEY_REQUEST) { 149 #ifndef IEEE80211_STA_ONLY 150 /* EAPOL-Key Request frame */ 151 ieee80211_recv_eapol_key_req(ic, key, ni); 152 #endif 153 } else if (info & EAPOL_KEY_PAIRWISE) { 154 /* 4-Way Handshake */ 155 if (info & EAPOL_KEY_KEYMIC) { 156 if (info & EAPOL_KEY_KEYACK) 157 ieee80211_recv_4way_msg3(ic, key, ni); 158 #ifndef IEEE80211_STA_ONLY 159 else 160 ieee80211_recv_4way_msg2or4(ic, key, ni); 161 #endif 162 } else if (info & EAPOL_KEY_KEYACK) 163 ieee80211_recv_4way_msg1(ic, key, ni); 164 } else { 165 /* Group Key Handshake */ 166 if (!(info & EAPOL_KEY_KEYMIC)) 167 goto done; 168 if (info & EAPOL_KEY_KEYACK) { 169 if (key->desc == EAPOL_KEY_DESC_WPA) 170 ieee80211_recv_wpa_group_msg1(ic, key, ni); 171 else 172 ieee80211_recv_rsn_group_msg1(ic, key, ni); 173 } 174 #ifndef IEEE80211_STA_ONLY 175 else 176 ieee80211_recv_group_msg2(ic, key, ni); 177 #endif 178 } 179 done: 180 m_freem(m); 181 } 182 183 /* 184 * Process Message 1 of the 4-Way Handshake (sent by Authenticator). 185 */ 186 void 187 ieee80211_recv_4way_msg1(struct ieee80211com *ic, 188 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 189 { 190 struct ieee80211_ptk tptk; 191 struct ieee80211_pmk *pmk; 192 const u_int8_t *frm, *efrm; 193 const u_int8_t *pmkid; 194 195 #ifndef IEEE80211_STA_ONLY 196 if (ic->ic_opmode != IEEE80211_M_STA && 197 ic->ic_opmode != IEEE80211_M_IBSS) 198 return; 199 #endif 200 /* 201 * Message 1 is always expected while RSN is active since some 202 * APs will rekey the PTK by sending Msg1/4 after some time. 203 */ 204 if (ni->ni_rsn_supp_state == RSNA_SUPP_INITIALIZE) { 205 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 206 return; 207 } 208 /* enforce monotonicity of key request replay counter */ 209 if (ni->ni_replaycnt_ok && 210 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 211 ic->ic_stats.is_rx_eapol_replay++; 212 return; 213 } 214 215 /* parse key data field (may contain an encapsulated PMKID) */ 216 frm = (const u_int8_t *)&key[1]; 217 efrm = frm + BE_READ_2(key->paylen); 218 219 pmkid = NULL; 220 while (frm + 2 <= efrm) { 221 if (frm + 2 + frm[1] > efrm) 222 break; 223 switch (frm[0]) { 224 case IEEE80211_ELEMID_VENDOR: 225 if (frm[1] < 4) 226 break; 227 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 228 switch (frm[5]) { 229 case IEEE80211_KDE_PMKID: 230 pmkid = frm; 231 break; 232 } 233 } 234 break; 235 } 236 frm += 2 + frm[1]; 237 } 238 /* check that the PMKID KDE is valid (if present) */ 239 if (pmkid != NULL && pmkid[1] != 4 + 16) 240 return; 241 242 if (ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 243 /* retrieve the PMK for this (AP,PMKID) */ 244 pmk = ieee80211_pmksa_find(ic, ni, 245 (pmkid != NULL) ? &pmkid[6] : NULL); 246 if (pmk == NULL) { 247 DPRINTF(("no PMK available for %s\n", 248 ether_sprintf(ni->ni_macaddr))); 249 return; 250 } 251 memcpy(ni->ni_pmk, pmk->pmk_key, IEEE80211_PMK_LEN); 252 } else /* use pre-shared key */ 253 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 254 ni->ni_flags |= IEEE80211_NODE_PMK; 255 256 /* save authenticator's nonce (ANonce) */ 257 memcpy(ni->ni_nonce, key->nonce, EAPOL_KEY_NONCE_LEN); 258 259 /* generate supplicant's nonce (SNonce) */ 260 arc4random_buf(ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 261 262 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 263 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 264 ic->ic_myaddr, ni->ni_nonce, ic->ic_nonce, &tptk); 265 266 /* We are now expecting a new pairwise key. */ 267 ni->ni_flags |= IEEE80211_NODE_RSN_NEW_PTK; 268 269 if (ic->ic_if.if_flags & IFF_DEBUG) 270 printf("%s: received msg %d/%d of the %s handshake from %s\n", 271 ic->ic_if.if_xname, 1, 4, "4-way", 272 ether_sprintf(ni->ni_macaddr)); 273 274 /* send message 2 to authenticator using TPTK */ 275 (void)ieee80211_send_4way_msg2(ic, ni, key->replaycnt, &tptk); 276 } 277 278 #ifndef IEEE80211_STA_ONLY 279 /* 280 * Process Message 2 of the 4-Way Handshake (sent by Supplicant). 281 */ 282 void 283 ieee80211_recv_4way_msg2(struct ieee80211com *ic, 284 struct ieee80211_eapol_key *key, struct ieee80211_node *ni, 285 const u_int8_t *rsnie) 286 { 287 struct ieee80211_ptk tptk; 288 289 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 290 ic->ic_opmode != IEEE80211_M_IBSS) 291 return; 292 293 /* discard if we're not expecting this message */ 294 if (ni->ni_rsn_state != RSNA_PTKSTART && 295 ni->ni_rsn_state != RSNA_PTKCALCNEGOTIATING) { 296 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 297 return; 298 } 299 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING; 300 301 /* NB: replay counter has already been verified by caller */ 302 303 /* PTK = CalcPTK(ANonce, SNonce) */ 304 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ic->ic_myaddr, 305 ni->ni_macaddr, ni->ni_nonce, key->nonce, &tptk); 306 307 /* check Key MIC field using KCK */ 308 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 309 DPRINTF(("key MIC failed\n")); 310 ic->ic_stats.is_rx_eapol_badmic++; 311 return; /* will timeout.. */ 312 } 313 314 timeout_del(&ni->ni_eapol_to); 315 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING_2; 316 ni->ni_rsn_retries = 0; 317 318 /* install TPTK as PTK now that MIC is verified */ 319 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 320 321 /* 322 * The RSN IE must match bit-wise with what the STA included in its 323 * (Re)Association Request. 324 */ 325 if (ni->ni_rsnie == NULL || rsnie[1] != ni->ni_rsnie[1] || 326 memcmp(rsnie, ni->ni_rsnie, 2 + rsnie[1]) != 0) { 327 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 328 IEEE80211_REASON_RSN_DIFFERENT_IE); 329 ieee80211_node_leave(ic, ni); 330 return; 331 } 332 333 if (ic->ic_if.if_flags & IFF_DEBUG) 334 printf("%s: received msg %d/%d of the %s handshake from %s\n", 335 ic->ic_if.if_xname, 2, 4, "4-way", 336 ether_sprintf(ni->ni_macaddr)); 337 338 /* send message 3 to supplicant */ 339 (void)ieee80211_send_4way_msg3(ic, ni); 340 } 341 #endif /* IEEE80211_STA_ONLY */ 342 343 /* 344 * Check if a group key must be updated with a new GTK from an EAPOL frame. 345 * Manipulated group key handshake messages could trick clients into 346 * reinstalling an already used group key and hence lower or reset the 347 * associated replay counter. This check prevents such attacks. 348 */ 349 int 350 ieee80211_must_update_group_key(struct ieee80211_key *k, const uint8_t *gtk, 351 int len) 352 { 353 return (k->k_cipher == IEEE80211_CIPHER_NONE || k->k_len != len || 354 memcmp(k->k_key, gtk, len) != 0); 355 } 356 357 /* 358 * Process Message 3 of the 4-Way Handshake (sent by Authenticator). 359 */ 360 void 361 ieee80211_recv_4way_msg3(struct ieee80211com *ic, 362 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 363 { 364 struct ieee80211_ptk tptk; 365 struct ieee80211_key *k; 366 const u_int8_t *frm, *efrm; 367 const u_int8_t *rsnie1, *rsnie2, *gtk, *igtk; 368 u_int16_t info, reason = 0; 369 int keylen; 370 371 #ifndef IEEE80211_STA_ONLY 372 if (ic->ic_opmode != IEEE80211_M_STA && 373 ic->ic_opmode != IEEE80211_M_IBSS) 374 return; 375 #endif 376 /* discard if we're not expecting this message */ 377 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKNEGOTIATING && 378 ni->ni_rsn_supp_state != RSNA_SUPP_PTKDONE) { 379 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 380 return; 381 } 382 /* enforce monotonicity of key request replay counter */ 383 if (ni->ni_replaycnt_ok && 384 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 385 ic->ic_stats.is_rx_eapol_replay++; 386 return; 387 } 388 /* make sure that a PMK has been selected */ 389 if (!(ni->ni_flags & IEEE80211_NODE_PMK)) { 390 DPRINTF(("no PMK found for %s\n", 391 ether_sprintf(ni->ni_macaddr))); 392 return; 393 } 394 /* check that ANonce matches that of Message 1 */ 395 if (memcmp(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN) != 0) { 396 DPRINTF(("ANonce does not match msg 1/4\n")); 397 return; 398 } 399 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 400 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 401 ic->ic_myaddr, key->nonce, ic->ic_nonce, &tptk); 402 403 info = BE_READ_2(key->info); 404 405 /* check Key MIC field using KCK */ 406 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 407 DPRINTF(("key MIC failed\n")); 408 ic->ic_stats.is_rx_eapol_badmic++; 409 return; 410 } 411 /* install TPTK as PTK now that MIC is verified */ 412 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 413 414 /* if encrypted, decrypt Key Data field using KEK */ 415 if ((info & EAPOL_KEY_ENCRYPTED) && 416 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 417 DPRINTF(("decryption failed\n")); 418 return; 419 } 420 421 /* parse key data field */ 422 frm = (const u_int8_t *)&key[1]; 423 efrm = frm + BE_READ_2(key->paylen); 424 425 /* 426 * Some WPA1+WPA2 APs (like hostapd) appear to include both WPA and 427 * RSN IEs in message 3/4. We only take into account the IE of the 428 * version of the protocol we negotiated at association time. 429 */ 430 rsnie1 = rsnie2 = gtk = igtk = NULL; 431 while (frm + 2 <= efrm) { 432 if (frm + 2 + frm[1] > efrm) 433 break; 434 switch (frm[0]) { 435 case IEEE80211_ELEMID_RSN: 436 if (ni->ni_rsnprotos != IEEE80211_PROTO_RSN) 437 break; 438 if (rsnie1 == NULL) 439 rsnie1 = frm; 440 else if (rsnie2 == NULL) 441 rsnie2 = frm; 442 /* ignore others if more than two RSN IEs */ 443 break; 444 case IEEE80211_ELEMID_VENDOR: 445 if (frm[1] < 4) 446 break; 447 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 448 switch (frm[5]) { 449 case IEEE80211_KDE_GTK: 450 gtk = frm; 451 break; 452 case IEEE80211_KDE_IGTK: 453 if (ni->ni_flags & IEEE80211_NODE_MFP) 454 igtk = frm; 455 break; 456 } 457 } else if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 458 switch (frm[5]) { 459 case 1: /* WPA */ 460 if (ni->ni_rsnprotos != 461 IEEE80211_PROTO_WPA) 462 break; 463 rsnie1 = frm; 464 break; 465 } 466 } 467 break; 468 } 469 frm += 2 + frm[1]; 470 } 471 /* first WPA/RSN IE is mandatory */ 472 if (rsnie1 == NULL) { 473 DPRINTF(("missing RSN IE\n")); 474 return; 475 } 476 /* key data must be encrypted if GTK is included */ 477 if (gtk != NULL && !(info & EAPOL_KEY_ENCRYPTED)) { 478 DPRINTF(("GTK not encrypted\n")); 479 return; 480 } 481 /* GTK KDE must be included if IGTK KDE is present */ 482 if (igtk != NULL && gtk == NULL) { 483 DPRINTF(("IGTK KDE found but GTK KDE missing\n")); 484 return; 485 } 486 /* check that the Install bit is set if using pairwise keys */ 487 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 488 !(info & EAPOL_KEY_INSTALL)) { 489 DPRINTF(("pairwise cipher but !Install\n")); 490 return; 491 } 492 493 /* 494 * Check that first WPA/RSN IE is identical to the one received in 495 * the beacon or probe response frame. 496 */ 497 if (ni->ni_rsnie == NULL || rsnie1[1] != ni->ni_rsnie[1] || 498 memcmp(rsnie1, ni->ni_rsnie, 2 + rsnie1[1]) != 0) { 499 reason = IEEE80211_REASON_RSN_DIFFERENT_IE; 500 goto deauth; 501 } 502 503 /* 504 * If a second RSN information element is present, use its pairwise 505 * cipher suite or deauthenticate. 506 */ 507 if (rsnie2 != NULL) { 508 struct ieee80211_rsnparams rsn; 509 510 if (ieee80211_parse_rsn(ic, rsnie2, &rsn) == 0) { 511 if (rsn.rsn_akms != ni->ni_rsnakms || 512 rsn.rsn_groupcipher != ni->ni_rsngroupcipher || 513 rsn.rsn_nciphers != 1 || 514 !(rsn.rsn_ciphers & ic->ic_rsnciphers)) { 515 reason = IEEE80211_REASON_BAD_PAIRWISE_CIPHER; 516 goto deauth; 517 } 518 /* use pairwise cipher suite of second RSN IE */ 519 ni->ni_rsnciphers = rsn.rsn_ciphers; 520 ni->ni_rsncipher = ni->ni_rsnciphers; 521 } 522 } 523 524 /* update the last seen value of the key replay counter field */ 525 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 526 ni->ni_replaycnt_ok = 1; 527 528 if (ic->ic_if.if_flags & IFF_DEBUG) 529 printf("%s: received msg %d/%d of the %s handshake from %s\n", 530 ic->ic_if.if_xname, 3, 4, "4-way", 531 ether_sprintf(ni->ni_macaddr)); 532 533 /* send message 4 to authenticator */ 534 if (ieee80211_send_4way_msg4(ic, ni) != 0) 535 return; /* ..authenticator will retry */ 536 537 /* 538 * Only install a new pairwise key if we are still expecting a new key, 539 * as indicated by the NODE_RSN_NEW_PTK flag. An adversary could be 540 * sending manipulated retransmissions of message 3 of the 4-way 541 * handshake in an attempt to trick us into reinstalling an already 542 * used pairwise key. If this attack succeeded, the incremental nonce 543 * and replay counter associated with the key would be reset. 544 * Against CCMP, the adversary could abuse this to replay and decrypt 545 * packets. Against TKIP, it would become possible to replay, decrypt, 546 * and forge packets. 547 */ 548 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 549 (ni->ni_flags & IEEE80211_NODE_RSN_NEW_PTK)) { 550 u_int64_t prsc; 551 552 /* check that key length matches that of pairwise cipher */ 553 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 554 if (BE_READ_2(key->keylen) != keylen) { 555 reason = IEEE80211_REASON_AUTH_LEAVE; 556 goto deauth; 557 } 558 prsc = (gtk == NULL) ? LE_READ_6(key->rsc) : 0; 559 560 /* map PTK to 802.11 key */ 561 k = &ni->ni_pairwise_key; 562 memset(k, 0, sizeof(*k)); 563 k->k_cipher = ni->ni_rsncipher; 564 k->k_rsc[0] = prsc; 565 k->k_len = keylen; 566 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 567 /* install the PTK */ 568 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 569 reason = IEEE80211_REASON_AUTH_LEAVE; 570 goto deauth; 571 } 572 ni->ni_flags &= ~IEEE80211_NODE_RSN_NEW_PTK; 573 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 574 ni->ni_flags |= IEEE80211_NODE_RXPROT; 575 } else if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 576 printf("%s: unexpected pairwise key update received from %s\n", 577 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 578 579 if (gtk != NULL) { 580 u_int8_t kid; 581 582 /* check that key length matches that of group cipher */ 583 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 584 if (gtk[1] != 6 + keylen) { 585 reason = IEEE80211_REASON_AUTH_LEAVE; 586 goto deauth; 587 } 588 /* map GTK to 802.11 key */ 589 kid = gtk[6] & 3; 590 k = &ic->ic_nw_keys[kid]; 591 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 592 memset(k, 0, sizeof(*k)); 593 k->k_id = kid; /* 0-3 */ 594 k->k_cipher = ni->ni_rsngroupcipher; 595 k->k_flags = IEEE80211_KEY_GROUP; 596 if (gtk[6] & (1 << 2)) 597 k->k_flags |= IEEE80211_KEY_TX; 598 k->k_rsc[0] = LE_READ_6(key->rsc); 599 k->k_len = keylen; 600 memcpy(k->k_key, >k[8], k->k_len); 601 /* install the GTK */ 602 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 603 reason = IEEE80211_REASON_AUTH_LEAVE; 604 goto deauth; 605 } 606 } 607 } 608 if (igtk != NULL) { /* implies MFP && gtk != NULL */ 609 u_int16_t kid; 610 611 /* check that the IGTK KDE is valid */ 612 if (igtk[1] != 4 + 24) { 613 reason = IEEE80211_REASON_AUTH_LEAVE; 614 goto deauth; 615 } 616 kid = LE_READ_2(&igtk[6]); 617 if (kid != 4 && kid != 5) { 618 DPRINTF(("unsupported IGTK id %u\n", kid)); 619 reason = IEEE80211_REASON_AUTH_LEAVE; 620 goto deauth; 621 } 622 /* map IGTK to 802.11 key */ 623 k = &ic->ic_nw_keys[kid]; 624 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 625 memset(k, 0, sizeof(*k)); 626 k->k_id = kid; /* either 4 or 5 */ 627 k->k_cipher = ni->ni_rsngroupmgmtcipher; 628 k->k_flags = IEEE80211_KEY_IGTK; 629 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 630 k->k_len = 16; 631 memcpy(k->k_key, &igtk[14], k->k_len); 632 /* install the IGTK */ 633 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 634 reason = IEEE80211_REASON_AUTH_LEAVE; 635 goto deauth; 636 } 637 } 638 } 639 if (info & EAPOL_KEY_INSTALL) 640 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 641 642 if (info & EAPOL_KEY_SECURE) { 643 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 644 #ifndef IEEE80211_STA_ONLY 645 if (ic->ic_opmode != IEEE80211_M_IBSS || 646 ++ni->ni_key_count == 2) 647 #endif 648 { 649 DPRINTF(("marking port %s valid\n", 650 ether_sprintf(ni->ni_macaddr))); 651 ni->ni_port_valid = 1; 652 ieee80211_set_link_state(ic, LINK_STATE_UP); 653 ni->ni_assoc_fail = 0; 654 if (ic->ic_opmode == IEEE80211_M_STA) 655 ic->ic_rsngroupcipher = ni->ni_rsngroupcipher; 656 } 657 } 658 deauth: 659 if (reason != 0) { 660 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 661 reason); 662 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 663 } 664 } 665 666 #ifndef IEEE80211_STA_ONLY 667 /* 668 * Process Message 4 of the 4-Way Handshake (sent by Supplicant). 669 */ 670 void 671 ieee80211_recv_4way_msg4(struct ieee80211com *ic, 672 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 673 { 674 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 675 ic->ic_opmode != IEEE80211_M_IBSS) 676 return; 677 678 /* discard if we're not expecting this message */ 679 if (ni->ni_rsn_state != RSNA_PTKINITNEGOTIATING) { 680 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 681 return; 682 } 683 684 /* NB: replay counter has already been verified by caller */ 685 686 /* check Key MIC field using KCK */ 687 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 688 DPRINTF(("key MIC failed\n")); 689 ic->ic_stats.is_rx_eapol_badmic++; 690 return; /* will timeout.. */ 691 } 692 693 timeout_del(&ni->ni_eapol_to); 694 ni->ni_rsn_state = RSNA_PTKINITDONE; 695 ni->ni_rsn_retries = 0; 696 697 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) { 698 struct ieee80211_key *k; 699 700 /* map PTK to 802.11 key */ 701 k = &ni->ni_pairwise_key; 702 memset(k, 0, sizeof(*k)); 703 k->k_cipher = ni->ni_rsncipher; 704 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 705 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 706 /* install the PTK */ 707 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 708 IEEE80211_SEND_MGMT(ic, ni, 709 IEEE80211_FC0_SUBTYPE_DEAUTH, 710 IEEE80211_REASON_ASSOC_TOOMANY); 711 ieee80211_node_leave(ic, ni); 712 return; 713 } 714 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 715 } 716 if (ic->ic_opmode != IEEE80211_M_IBSS || ++ni->ni_key_count == 2) { 717 DPRINTF(("marking port %s valid\n", 718 ether_sprintf(ni->ni_macaddr))); 719 ni->ni_port_valid = 1; 720 } 721 722 if (ic->ic_if.if_flags & IFF_DEBUG) 723 printf("%s: received msg %d/%d of the %s handshake from %s\n", 724 ic->ic_if.if_xname, 4, 4, "4-way", 725 ether_sprintf(ni->ni_macaddr)); 726 727 /* initiate a group key handshake for WPA */ 728 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) 729 (void)ieee80211_send_group_msg1(ic, ni); 730 else 731 ni->ni_rsn_gstate = RSNA_IDLE; 732 } 733 734 /* 735 * Differentiate Message 2 from Message 4 of the 4-Way Handshake based on 736 * the presence of an RSN or WPA Information Element. 737 */ 738 void 739 ieee80211_recv_4way_msg2or4(struct ieee80211com *ic, 740 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 741 { 742 const u_int8_t *frm, *efrm; 743 const u_int8_t *rsnie; 744 745 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 746 ic->ic_stats.is_rx_eapol_replay++; 747 return; 748 } 749 750 /* parse key data field (check if an RSN IE is present) */ 751 frm = (const u_int8_t *)&key[1]; 752 efrm = frm + BE_READ_2(key->paylen); 753 754 rsnie = NULL; 755 while (frm + 2 <= efrm) { 756 if (frm + 2 + frm[1] > efrm) 757 break; 758 switch (frm[0]) { 759 case IEEE80211_ELEMID_RSN: 760 rsnie = frm; 761 break; 762 case IEEE80211_ELEMID_VENDOR: 763 if (frm[1] < 4) 764 break; 765 if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 766 switch (frm[5]) { 767 case 1: /* WPA */ 768 rsnie = frm; 769 break; 770 } 771 } 772 } 773 frm += 2 + frm[1]; 774 } 775 if (rsnie != NULL) 776 ieee80211_recv_4way_msg2(ic, key, ni, rsnie); 777 else 778 ieee80211_recv_4way_msg4(ic, key, ni); 779 } 780 #endif /* IEEE80211_STA_ONLY */ 781 782 /* 783 * Process Message 1 of the RSN Group Key Handshake (sent by Authenticator). 784 */ 785 void 786 ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, 787 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 788 { 789 struct ieee80211_key *k; 790 const u_int8_t *frm, *efrm; 791 const u_int8_t *gtk, *igtk; 792 u_int16_t info, kid, reason = 0; 793 int keylen; 794 795 #ifndef IEEE80211_STA_ONLY 796 if (ic->ic_opmode != IEEE80211_M_STA && 797 ic->ic_opmode != IEEE80211_M_IBSS) 798 return; 799 #endif 800 /* discard if we're not expecting this message */ 801 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKDONE) { 802 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 803 return; 804 } 805 /* enforce monotonicity of key request replay counter */ 806 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 807 ic->ic_stats.is_rx_eapol_replay++; 808 return; 809 } 810 /* check Key MIC field using KCK */ 811 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 812 DPRINTF(("key MIC failed\n")); 813 ic->ic_stats.is_rx_eapol_badmic++; 814 return; 815 } 816 info = BE_READ_2(key->info); 817 818 /* check that encrypted and decrypt Key Data field using KEK */ 819 if (!(info & EAPOL_KEY_ENCRYPTED) || 820 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 821 DPRINTF(("decryption failed\n")); 822 return; 823 } 824 825 /* parse key data field (shall contain a GTK KDE) */ 826 frm = (const u_int8_t *)&key[1]; 827 efrm = frm + BE_READ_2(key->paylen); 828 829 gtk = igtk = NULL; 830 while (frm + 2 <= efrm) { 831 if (frm + 2 + frm[1] > efrm) 832 break; 833 switch (frm[0]) { 834 case IEEE80211_ELEMID_VENDOR: 835 if (frm[1] < 4) 836 break; 837 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 838 switch (frm[5]) { 839 case IEEE80211_KDE_GTK: 840 gtk = frm; 841 break; 842 case IEEE80211_KDE_IGTK: 843 if (ni->ni_flags & IEEE80211_NODE_MFP) 844 igtk = frm; 845 break; 846 } 847 } 848 break; 849 } 850 frm += 2 + frm[1]; 851 } 852 /* check that the GTK KDE is present */ 853 if (gtk == NULL) { 854 DPRINTF(("GTK KDE missing\n")); 855 return; 856 } 857 858 /* check that key length matches that of group cipher */ 859 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 860 if (gtk[1] != 6 + keylen) 861 return; 862 863 /* map GTK to 802.11 key */ 864 kid = gtk[6] & 3; 865 k = &ic->ic_nw_keys[kid]; 866 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 867 memset(k, 0, sizeof(*k)); 868 k->k_id = kid; /* 0-3 */ 869 k->k_cipher = ni->ni_rsngroupcipher; 870 k->k_flags = IEEE80211_KEY_GROUP; 871 if (gtk[6] & (1 << 2)) 872 k->k_flags |= IEEE80211_KEY_TX; 873 k->k_rsc[0] = LE_READ_6(key->rsc); 874 k->k_len = keylen; 875 memcpy(k->k_key, >k[8], k->k_len); 876 /* install the GTK */ 877 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 878 reason = IEEE80211_REASON_AUTH_LEAVE; 879 goto deauth; 880 } 881 } 882 if (igtk != NULL) { /* implies MFP */ 883 /* check that the IGTK KDE is valid */ 884 if (igtk[1] != 4 + 24) { 885 reason = IEEE80211_REASON_AUTH_LEAVE; 886 goto deauth; 887 } 888 kid = LE_READ_2(&igtk[6]); 889 if (kid != 4 && kid != 5) { 890 DPRINTF(("unsupported IGTK id %u\n", kid)); 891 reason = IEEE80211_REASON_AUTH_LEAVE; 892 goto deauth; 893 } 894 /* map IGTK to 802.11 key */ 895 k = &ic->ic_nw_keys[kid]; 896 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 897 memset(k, 0, sizeof(*k)); 898 k->k_id = kid; /* either 4 or 5 */ 899 k->k_cipher = ni->ni_rsngroupmgmtcipher; 900 k->k_flags = IEEE80211_KEY_IGTK; 901 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 902 k->k_len = 16; 903 memcpy(k->k_key, &igtk[14], k->k_len); 904 /* install the IGTK */ 905 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 906 reason = IEEE80211_REASON_AUTH_LEAVE; 907 goto deauth; 908 } 909 } 910 } 911 if (info & EAPOL_KEY_SECURE) { 912 #ifndef IEEE80211_STA_ONLY 913 if (ic->ic_opmode != IEEE80211_M_IBSS || 914 ++ni->ni_key_count == 2) 915 #endif 916 { 917 DPRINTF(("marking port %s valid\n", 918 ether_sprintf(ni->ni_macaddr))); 919 ni->ni_port_valid = 1; 920 ieee80211_set_link_state(ic, LINK_STATE_UP); 921 ni->ni_assoc_fail = 0; 922 } 923 } 924 /* update the last seen value of the key replay counter field */ 925 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 926 927 if (ic->ic_if.if_flags & IFF_DEBUG) 928 printf("%s: received msg %d/%d of the %s handshake from %s\n", 929 ic->ic_if.if_xname, 1, 2, "group key", 930 ether_sprintf(ni->ni_macaddr)); 931 932 /* send message 2 to authenticator */ 933 (void)ieee80211_send_group_msg2(ic, ni, NULL); 934 return; 935 deauth: 936 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 937 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 938 } 939 940 /* 941 * Process Message 1 of the WPA Group Key Handshake (sent by Authenticator). 942 */ 943 void 944 ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, 945 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 946 { 947 struct ieee80211_key *k; 948 u_int16_t info; 949 u_int8_t kid; 950 int keylen; 951 const uint8_t *gtk; 952 953 #ifndef IEEE80211_STA_ONLY 954 if (ic->ic_opmode != IEEE80211_M_STA && 955 ic->ic_opmode != IEEE80211_M_IBSS) 956 return; 957 #endif 958 /* discard if we're not expecting this message */ 959 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKDONE) { 960 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 961 return; 962 } 963 /* enforce monotonicity of key request replay counter */ 964 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 965 ic->ic_stats.is_rx_eapol_replay++; 966 return; 967 } 968 /* check Key MIC field using KCK */ 969 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 970 DPRINTF(("key MIC failed\n")); 971 ic->ic_stats.is_rx_eapol_badmic++; 972 return; 973 } 974 /* 975 * EAPOL-Key data field is encrypted even though WPA doesn't set 976 * the ENCRYPTED bit in the info field. 977 */ 978 if (ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 979 DPRINTF(("decryption failed\n")); 980 return; 981 } 982 983 /* check that key length matches that of group cipher */ 984 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 985 if (BE_READ_2(key->keylen) != keylen) 986 return; 987 988 /* check that the data length is large enough to hold the key */ 989 if (BE_READ_2(key->paylen) < keylen) 990 return; 991 992 info = BE_READ_2(key->info); 993 994 /* map GTK to 802.11 key */ 995 kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3; 996 k = &ic->ic_nw_keys[kid]; 997 gtk = (const uint8_t *)&key[1]; /* key data field contains the GTK */ 998 if (ieee80211_must_update_group_key(k, gtk, keylen)) { 999 memset(k, 0, sizeof(*k)); 1000 k->k_id = kid; /* 0-3 */ 1001 k->k_cipher = ni->ni_rsngroupcipher; 1002 k->k_flags = IEEE80211_KEY_GROUP; 1003 if (info & EAPOL_KEY_WPA_TX) 1004 k->k_flags |= IEEE80211_KEY_TX; 1005 k->k_rsc[0] = LE_READ_6(key->rsc); 1006 k->k_len = keylen; 1007 memcpy(k->k_key, gtk, k->k_len); 1008 /* install the GTK */ 1009 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 1010 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 1011 IEEE80211_REASON_AUTH_LEAVE); 1012 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1013 return; 1014 } 1015 } 1016 if (info & EAPOL_KEY_SECURE) { 1017 #ifndef IEEE80211_STA_ONLY 1018 if (ic->ic_opmode != IEEE80211_M_IBSS || 1019 ++ni->ni_key_count == 2) 1020 #endif 1021 { 1022 DPRINTF(("marking port %s valid\n", 1023 ether_sprintf(ni->ni_macaddr))); 1024 ni->ni_port_valid = 1; 1025 ieee80211_set_link_state(ic, LINK_STATE_UP); 1026 ni->ni_assoc_fail = 0; 1027 } 1028 } 1029 /* update the last seen value of the key replay counter field */ 1030 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 1031 1032 if (ic->ic_if.if_flags & IFF_DEBUG) 1033 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1034 ic->ic_if.if_xname, 1, 2, "group key", 1035 ether_sprintf(ni->ni_macaddr)); 1036 1037 /* send message 2 to authenticator */ 1038 (void)ieee80211_send_group_msg2(ic, ni, k); 1039 } 1040 1041 #ifndef IEEE80211_STA_ONLY 1042 /* 1043 * Process Message 2 of the Group Key Handshake (sent by Supplicant). 1044 */ 1045 void 1046 ieee80211_recv_group_msg2(struct ieee80211com *ic, 1047 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1048 { 1049 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1050 ic->ic_opmode != IEEE80211_M_IBSS) 1051 return; 1052 1053 /* discard if we're not expecting this message */ 1054 if (ni->ni_rsn_gstate != RSNA_REKEYNEGOTIATING) { 1055 DPRINTF(("%s: unexpected in state: %d\n", ic->ic_if.if_xname, 1056 ni->ni_rsn_gstate)); 1057 return; 1058 } 1059 /* enforce monotonicity of key request replay counter */ 1060 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 1061 ic->ic_stats.is_rx_eapol_replay++; 1062 return; 1063 } 1064 /* check Key MIC field using KCK */ 1065 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1066 DPRINTF(("key MIC failed\n")); 1067 ic->ic_stats.is_rx_eapol_badmic++; 1068 return; 1069 } 1070 1071 timeout_del(&ni->ni_eapol_to); 1072 ni->ni_rsn_gstate = RSNA_REKEYESTABLISHED; 1073 1074 if (ni->ni_flags & IEEE80211_NODE_REKEY) { 1075 int rekeysta = 0; 1076 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 1077 ieee80211_iterate_nodes(ic, 1078 ieee80211_count_rekeysta, &rekeysta); 1079 if (rekeysta == 0) 1080 ieee80211_setkeysdone(ic); 1081 } 1082 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 1083 1084 ni->ni_rsn_gstate = RSNA_IDLE; 1085 ni->ni_rsn_retries = 0; 1086 1087 if (ic->ic_if.if_flags & IFF_DEBUG) 1088 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1089 ic->ic_if.if_xname, 2, 2, "group key", 1090 ether_sprintf(ni->ni_macaddr)); 1091 } 1092 1093 /* 1094 * EAPOL-Key Request frames are sent by the supplicant to request that the 1095 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 1096 * or to report a MIC failure in a TKIP MSDU. 1097 */ 1098 void 1099 ieee80211_recv_eapol_key_req(struct ieee80211com *ic, 1100 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1101 { 1102 u_int16_t info; 1103 1104 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1105 ic->ic_opmode != IEEE80211_M_IBSS) 1106 return; 1107 1108 /* discard if we're not expecting this message */ 1109 if (ni->ni_rsn_state != RSNA_PTKINITDONE) { 1110 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 1111 return; 1112 } 1113 /* enforce monotonicity of key request replay counter */ 1114 if (ni->ni_reqreplaycnt_ok && 1115 BE_READ_8(key->replaycnt) <= ni->ni_reqreplaycnt) { 1116 ic->ic_stats.is_rx_eapol_replay++; 1117 return; 1118 } 1119 info = BE_READ_2(key->info); 1120 1121 if (!(info & EAPOL_KEY_KEYMIC) || 1122 ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1123 DPRINTF(("key request MIC failed\n")); 1124 ic->ic_stats.is_rx_eapol_badmic++; 1125 return; 1126 } 1127 /* update key request replay counter now that MIC is verified */ 1128 ni->ni_reqreplaycnt = BE_READ_8(key->replaycnt); 1129 ni->ni_reqreplaycnt_ok = 1; 1130 1131 if (info & EAPOL_KEY_ERROR) { /* TKIP MIC failure */ 1132 /* ignore reports from STAs not using TKIP */ 1133 if (ic->ic_bss->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 1134 ni->ni_rsncipher != IEEE80211_CIPHER_TKIP) { 1135 DPRINTF(("MIC failure report from !TKIP STA: %s\n", 1136 ether_sprintf(ni->ni_macaddr))); 1137 return; 1138 } 1139 ic->ic_stats.is_rx_remmicfail++; 1140 ieee80211_michael_mic_failure(ic, LE_READ_6(key->rsc)); 1141 1142 } else if (info & EAPOL_KEY_PAIRWISE) { 1143 /* initiate a 4-Way Handshake */ 1144 1145 } else { 1146 /* 1147 * Should change the GTK, initiate the 4-Way Handshake and 1148 * then execute a Group Key Handshake with all supplicants. 1149 */ 1150 } 1151 } 1152 #endif /* IEEE80211_STA_ONLY */ 1153