1/*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/aes_wrap.h"
13#include "crypto/crypto.h"
14#include "crypto/random.h"
15#include "common/ieee802_11_defs.h"
16#include "eapol_supp/eapol_supp_sm.h"
17#include "wpa.h"
18#include "eloop.h"
19#include "preauth.h"
20#include "pmksa_cache.h"
21#include "wpa_i.h"
22#include "wpa_ie.h"
23#include "peerkey.h"
24
25
26/**
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @ver: Version field from Key Info
31 * @dest: Destination address for the frame
32 * @proto: Ethertype (usually ETH_P_EAPOL)
33 * @msg: EAPOL-Key message
34 * @msg_len: Length of message
35 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
36 */
37void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
38			int ver, const u8 *dest, u16 proto,
39			u8 *msg, size_t msg_len, u8 *key_mic)
40{
41	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
42		/*
43		 * Association event was not yet received; try to fetch
44		 * BSSID from the driver.
45		 */
46		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
47			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
48				"WPA: Failed to read BSSID for "
49				"EAPOL-Key destination address");
50		} else {
51			dest = sm->bssid;
52			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
53				"WPA: Use BSSID (" MACSTR
54				") as the destination for EAPOL-Key",
55				MAC2STR(dest));
56		}
57	}
58	if (key_mic &&
59	    wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) {
60		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
61			"WPA: Failed to generate EAPOL-Key "
62			"version %d MIC", ver);
63		goto out;
64	}
65	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16);
66	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16);
67	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
68	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
69	eapol_sm_notify_tx_eapol_key(sm->eapol);
70out:
71	os_free(msg);
72}
73
74
75/**
76 * wpa_sm_key_request - Send EAPOL-Key Request
77 * @sm: Pointer to WPA state machine data from wpa_sm_init()
78 * @error: Indicate whether this is an Michael MIC error report
79 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
80 *
81 * Send an EAPOL-Key Request to the current authenticator. This function is
82 * used to request rekeying and it is usually called when a local Michael MIC
83 * failure is detected.
84 */
85void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
86{
87	size_t rlen;
88	struct wpa_eapol_key *reply;
89	int key_info, ver;
90	u8 bssid[ETH_ALEN], *rbuf;
91
92	if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt))
93		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
94	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
95		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
96	else
97		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
98
99	if (wpa_sm_get_bssid(sm, bssid) < 0) {
100		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
101			"Failed to read BSSID for EAPOL-Key request");
102		return;
103	}
104
105	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
106				  sizeof(*reply), &rlen, (void *) &reply);
107	if (rbuf == NULL)
108		return;
109
110	reply->type = sm->proto == WPA_PROTO_RSN ?
111		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
112	key_info = WPA_KEY_INFO_REQUEST | ver;
113	if (sm->ptk_set)
114		key_info |= WPA_KEY_INFO_MIC;
115	if (error)
116		key_info |= WPA_KEY_INFO_ERROR;
117	if (pairwise)
118		key_info |= WPA_KEY_INFO_KEY_TYPE;
119	WPA_PUT_BE16(reply->key_info, key_info);
120	WPA_PUT_BE16(reply->key_length, 0);
121	os_memcpy(reply->replay_counter, sm->request_counter,
122		  WPA_REPLAY_COUNTER_LEN);
123	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
124
125	WPA_PUT_BE16(reply->key_data_length, 0);
126
127	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
128		"WPA: Sending EAPOL-Key Request (error=%d "
129		"pairwise=%d ptk_set=%d len=%lu)",
130		error, pairwise, sm->ptk_set, (unsigned long) rlen);
131	wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
132			   rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
133			   reply->key_mic : NULL);
134}
135
136
137static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
138				  const unsigned char *src_addr,
139				  const u8 *pmkid)
140{
141	int abort_cached = 0;
142
143	if (pmkid && !sm->cur_pmksa) {
144		/* When using drivers that generate RSN IE, wpa_supplicant may
145		 * not have enough time to get the association information
146		 * event before receiving this 1/4 message, so try to find a
147		 * matching PMKSA cache entry here. */
148		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
149						NULL);
150		if (sm->cur_pmksa) {
151			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
152				"RSN: found matching PMKID from PMKSA cache");
153		} else {
154			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
155				"RSN: no matching PMKID found");
156			abort_cached = 1;
157		}
158	}
159
160	if (pmkid && sm->cur_pmksa &&
161	    os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
162		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
163		wpa_sm_set_pmk_from_pmksa(sm);
164		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
165				sm->pmk, sm->pmk_len);
166		eapol_sm_notify_cached(sm->eapol);
167#ifdef CONFIG_IEEE80211R
168		sm->xxkey_len = 0;
169#endif /* CONFIG_IEEE80211R */
170	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
171		int res, pmk_len;
172		pmk_len = PMK_LEN;
173		res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
174		if (res) {
175			/*
176			 * EAP-LEAP is an exception from other EAP methods: it
177			 * uses only 16-byte PMK.
178			 */
179			res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
180			pmk_len = 16;
181		} else {
182#ifdef CONFIG_IEEE80211R
183			u8 buf[2 * PMK_LEN];
184			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
185			{
186				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
187				sm->xxkey_len = PMK_LEN;
188				os_memset(buf, 0, sizeof(buf));
189			}
190#endif /* CONFIG_IEEE80211R */
191		}
192		if (res == 0) {
193			struct rsn_pmksa_cache_entry *sa = NULL;
194			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
195					"machines", sm->pmk, pmk_len);
196			sm->pmk_len = pmk_len;
197			if (sm->proto == WPA_PROTO_RSN &&
198			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
199				sa = pmksa_cache_add(sm->pmksa,
200						     sm->pmk, pmk_len,
201						     src_addr, sm->own_addr,
202						     sm->network_ctx,
203						     sm->key_mgmt);
204			}
205			if (!sm->cur_pmksa && pmkid &&
206			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
207			{
208				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
209					"RSN: the new PMK matches with the "
210					"PMKID");
211				abort_cached = 0;
212			}
213
214			if (!sm->cur_pmksa)
215				sm->cur_pmksa = sa;
216		} else {
217			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
218				"WPA: Failed to get master session key from "
219				"EAPOL state machines - key handshake "
220				"aborted");
221			if (sm->cur_pmksa) {
222				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
223					"RSN: Cancelled PMKSA caching "
224					"attempt");
225				sm->cur_pmksa = NULL;
226				abort_cached = 1;
227			} else if (!abort_cached) {
228				return -1;
229			}
230		}
231	}
232
233	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
234	    !wpa_key_mgmt_ft(sm->key_mgmt)) {
235		/* Send EAPOL-Start to trigger full EAP authentication. */
236		u8 *buf;
237		size_t buflen;
238
239		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
240			"RSN: no PMKSA entry found - trigger "
241			"full EAP authentication");
242		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
243					 NULL, 0, &buflen, NULL);
244		if (buf) {
245			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
246					  buf, buflen);
247			os_free(buf);
248			return -2;
249		}
250
251		return -1;
252	}
253
254	return 0;
255}
256
257
258/**
259 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
260 * @sm: Pointer to WPA state machine data from wpa_sm_init()
261 * @dst: Destination address for the frame
262 * @key: Pointer to the EAPOL-Key frame header
263 * @ver: Version bits from EAPOL-Key Key Info
264 * @nonce: Nonce value for the EAPOL-Key frame
265 * @wpa_ie: WPA/RSN IE
266 * @wpa_ie_len: Length of the WPA/RSN IE
267 * @ptk: PTK to use for keyed hash and encryption
268 * Returns: 0 on success, -1 on failure
269 */
270int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
271			       const struct wpa_eapol_key *key,
272			       int ver, const u8 *nonce,
273			       const u8 *wpa_ie, size_t wpa_ie_len,
274			       struct wpa_ptk *ptk)
275{
276	size_t rlen;
277	struct wpa_eapol_key *reply;
278	u8 *rbuf;
279	u8 *rsn_ie_buf = NULL;
280
281	if (wpa_ie == NULL) {
282		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
283			"cannot generate msg 2/4");
284		return -1;
285	}
286
287#ifdef CONFIG_IEEE80211R
288	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
289		int res;
290
291		/*
292		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
293		 * FTIE from (Re)Association Response.
294		 */
295		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
296				       sm->assoc_resp_ies_len);
297		if (rsn_ie_buf == NULL)
298			return -1;
299		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
300		res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
301				       sm->pmk_r1_name);
302		if (res < 0) {
303			os_free(rsn_ie_buf);
304			return -1;
305		}
306		wpa_ie_len += res;
307
308		if (sm->assoc_resp_ies) {
309			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
310				  sm->assoc_resp_ies_len);
311			wpa_ie_len += sm->assoc_resp_ies_len;
312		}
313
314		wpa_ie = rsn_ie_buf;
315	}
316#endif /* CONFIG_IEEE80211R */
317
318	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
319
320	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
321				  NULL, sizeof(*reply) + wpa_ie_len,
322				  &rlen, (void *) &reply);
323	if (rbuf == NULL) {
324		os_free(rsn_ie_buf);
325		return -1;
326	}
327
328	reply->type = sm->proto == WPA_PROTO_RSN ?
329		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
330	WPA_PUT_BE16(reply->key_info,
331		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
332	if (sm->proto == WPA_PROTO_RSN)
333		WPA_PUT_BE16(reply->key_length, 0);
334	else
335		os_memcpy(reply->key_length, key->key_length, 2);
336	os_memcpy(reply->replay_counter, key->replay_counter,
337		  WPA_REPLAY_COUNTER_LEN);
338	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
339		    WPA_REPLAY_COUNTER_LEN);
340
341	WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
342	os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
343	os_free(rsn_ie_buf);
344
345	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
346
347	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
348	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
349			   rbuf, rlen, reply->key_mic);
350
351	return 0;
352}
353
354
355static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
356			  const struct wpa_eapol_key *key,
357			  struct wpa_ptk *ptk)
358{
359	size_t ptk_len = sm->pairwise_cipher != WPA_CIPHER_TKIP ? 48 : 64;
360#ifdef CONFIG_IEEE80211R
361	if (wpa_key_mgmt_ft(sm->key_mgmt))
362		return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
363#endif /* CONFIG_IEEE80211R */
364
365	wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
366		       sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
367		       (u8 *) ptk, ptk_len,
368		       wpa_key_mgmt_sha256(sm->key_mgmt));
369	return 0;
370}
371
372
373static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
374					  const unsigned char *src_addr,
375					  const struct wpa_eapol_key *key,
376					  u16 ver)
377{
378	struct wpa_eapol_ie_parse ie;
379	struct wpa_ptk *ptk;
380	u8 buf[8];
381	int res;
382
383	if (wpa_sm_get_network_ctx(sm) == NULL) {
384		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
385			"found (msg 1 of 4)");
386		return;
387	}
388
389	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
390	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
391		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
392
393	os_memset(&ie, 0, sizeof(ie));
394
395#ifndef CONFIG_NO_WPA2
396	if (sm->proto == WPA_PROTO_RSN) {
397		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
398		const u8 *_buf = (const u8 *) (key + 1);
399		size_t len = WPA_GET_BE16(key->key_data_length);
400		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
401		if (wpa_supplicant_parse_ies(_buf, len, &ie) < 0)
402			goto failed;
403		if (ie.pmkid) {
404			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
405				    "Authenticator", ie.pmkid, PMKID_LEN);
406		}
407	}
408#endif /* CONFIG_NO_WPA2 */
409
410	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
411	if (res == -2) {
412		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
413			"msg 1/4 - requesting full EAP authentication");
414		return;
415	}
416	if (res)
417		goto failed;
418
419	if (sm->renew_snonce) {
420		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
421			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
422				"WPA: Failed to get random data for SNonce");
423			goto failed;
424		}
425		sm->renew_snonce = 0;
426		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
427			    sm->snonce, WPA_NONCE_LEN);
428	}
429
430	/* Calculate PTK which will be stored as a temporary PTK until it has
431	 * been verified when processing message 3/4. */
432	ptk = &sm->tptk;
433	wpa_derive_ptk(sm, src_addr, key, ptk);
434	/* Supplicant: swap tx/rx Mic keys */
435	os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
436	os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
437	os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
438	sm->tptk_set = 1;
439
440	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
441				       sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
442				       ptk))
443		goto failed;
444
445	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
446	return;
447
448failed:
449	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
450}
451
452
453static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
454{
455	struct wpa_sm *sm = eloop_ctx;
456	rsn_preauth_candidate_process(sm);
457}
458
459
460static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
461					    const u8 *addr, int secure)
462{
463	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
464		"WPA: Key negotiation completed with "
465		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
466		wpa_cipher_txt(sm->pairwise_cipher),
467		wpa_cipher_txt(sm->group_cipher));
468	wpa_sm_cancel_auth_timeout(sm);
469	wpa_sm_set_state(sm, WPA_COMPLETED);
470
471	if (secure) {
472		wpa_sm_mlme_setprotection(
473			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
474			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
475		eapol_sm_notify_portValid(sm->eapol, TRUE);
476		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
477			eapol_sm_notify_eap_success(sm->eapol, TRUE);
478		/*
479		 * Start preauthentication after a short wait to avoid a
480		 * possible race condition between the data receive and key
481		 * configuration after the 4-Way Handshake. This increases the
482		 * likelihood of the first preauth EAPOL-Start frame getting to
483		 * the target AP.
484		 */
485		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
486	}
487
488	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
489		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
490			"RSN: Authenticator accepted "
491			"opportunistic PMKSA entry - marking it valid");
492		sm->cur_pmksa->opportunistic = 0;
493	}
494
495#ifdef CONFIG_IEEE80211R
496	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
497		/* Prepare for the next transition */
498		wpa_ft_prepare_auth_request(sm, NULL);
499	}
500#endif /* CONFIG_IEEE80211R */
501}
502
503
504static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
505{
506	struct wpa_sm *sm = eloop_ctx;
507	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
508	wpa_sm_key_request(sm, 0, 1);
509}
510
511
512static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
513				      const struct wpa_eapol_key *key)
514{
515	int keylen, rsclen;
516	enum wpa_alg alg;
517	const u8 *key_rsc;
518	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
519
520	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
521		"WPA: Installing PTK to the driver");
522
523	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
524		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
525			"Suite: NONE - do not use pairwise keys");
526		return 0;
527	}
528
529	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
530		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
531			"WPA: Unsupported pairwise cipher %d",
532			sm->pairwise_cipher);
533		return -1;
534	}
535
536	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
537	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
538	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
539
540	if (sm->proto == WPA_PROTO_RSN) {
541		key_rsc = null_rsc;
542	} else {
543		key_rsc = key->key_rsc;
544		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
545	}
546
547	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
548			   (u8 *) sm->ptk.tk1, keylen) < 0) {
549		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
550			"WPA: Failed to set PTK to the "
551			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
552			alg, keylen, MAC2STR(sm->bssid));
553		return -1;
554	}
555
556	if (sm->wpa_ptk_rekey) {
557		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
558		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
559				       sm, NULL);
560	}
561
562	return 0;
563}
564
565
566static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
567					     int group_cipher,
568					     int keylen, int maxkeylen,
569					     int *key_rsc_len,
570					     enum wpa_alg *alg)
571{
572	int klen;
573
574	*alg = wpa_cipher_to_alg(group_cipher);
575	if (*alg == WPA_ALG_NONE) {
576		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
577			"WPA: Unsupported Group Cipher %d",
578			group_cipher);
579		return -1;
580	}
581	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
582
583	klen = wpa_cipher_key_len(group_cipher);
584	if (keylen != klen || maxkeylen < klen) {
585		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
586			"WPA: Unsupported %s Group Cipher key length %d (%d)",
587			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
588		return -1;
589	}
590	return 0;
591}
592
593
594struct wpa_gtk_data {
595	enum wpa_alg alg;
596	int tx, key_rsc_len, keyidx;
597	u8 gtk[32];
598	int gtk_len;
599};
600
601
602static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
603				      const struct wpa_gtk_data *gd,
604				      const u8 *key_rsc)
605{
606	const u8 *_gtk = gd->gtk;
607	u8 gtk_buf[32];
608
609	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
610	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
611		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
612		gd->keyidx, gd->tx, gd->gtk_len);
613	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
614	if (sm->group_cipher == WPA_CIPHER_TKIP) {
615		/* Swap Tx/Rx keys for Michael MIC */
616		os_memcpy(gtk_buf, gd->gtk, 16);
617		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
618		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
619		_gtk = gtk_buf;
620	}
621	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
622		if (wpa_sm_set_key(sm, gd->alg, NULL,
623				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
624				   _gtk, gd->gtk_len) < 0) {
625			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
626				"WPA: Failed to set GTK to the driver "
627				"(Group only)");
628			return -1;
629		}
630	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
631				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
632				  _gtk, gd->gtk_len) < 0) {
633		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
634			"WPA: Failed to set GTK to "
635			"the driver (alg=%d keylen=%d keyidx=%d)",
636			gd->alg, gd->gtk_len, gd->keyidx);
637		return -1;
638	}
639
640	return 0;
641}
642
643
644static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
645						int tx)
646{
647	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
648		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
649		 * seemed to set this bit (incorrectly, since Tx is only when
650		 * doing Group Key only APs) and without this workaround, the
651		 * data connection does not work because wpa_supplicant
652		 * configured non-zero keyidx to be used for unicast. */
653		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
654			"WPA: Tx bit set for GTK, but pairwise "
655			"keys are used - ignore Tx bit");
656		return 0;
657	}
658	return tx;
659}
660
661
662static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
663				       const struct wpa_eapol_key *key,
664				       const u8 *gtk, size_t gtk_len,
665				       int key_info)
666{
667#ifndef CONFIG_NO_WPA2
668	struct wpa_gtk_data gd;
669
670	/*
671	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
672	 * GTK KDE format:
673	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
674	 * Reserved [bits 0-7]
675	 * GTK
676	 */
677
678	os_memset(&gd, 0, sizeof(gd));
679	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
680			gtk, gtk_len);
681
682	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
683		return -1;
684
685	gd.keyidx = gtk[0] & 0x3;
686	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
687						     !!(gtk[0] & BIT(2)));
688	gtk += 2;
689	gtk_len -= 2;
690
691	os_memcpy(gd.gtk, gtk, gtk_len);
692	gd.gtk_len = gtk_len;
693
694	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
695					      gtk_len, gtk_len,
696					      &gd.key_rsc_len, &gd.alg) ||
697	    wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) {
698		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
699			"RSN: Failed to install GTK");
700		return -1;
701	}
702
703	wpa_supplicant_key_neg_complete(sm, sm->bssid,
704					key_info & WPA_KEY_INFO_SECURE);
705	return 0;
706#else /* CONFIG_NO_WPA2 */
707	return -1;
708#endif /* CONFIG_NO_WPA2 */
709}
710
711
712static int ieee80211w_set_keys(struct wpa_sm *sm,
713			       struct wpa_eapol_ie_parse *ie)
714{
715#ifdef CONFIG_IEEE80211W
716	if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
717		return 0;
718
719	if (ie->igtk) {
720		const struct wpa_igtk_kde *igtk;
721		u16 keyidx;
722		if (ie->igtk_len != sizeof(*igtk))
723			return -1;
724		igtk = (const struct wpa_igtk_kde *) ie->igtk;
725		keyidx = WPA_GET_LE16(igtk->keyid);
726		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
727			"pn %02x%02x%02x%02x%02x%02x",
728			keyidx, MAC2STR(igtk->pn));
729		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
730				igtk->igtk, WPA_IGTK_LEN);
731		if (keyidx > 4095) {
732			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
733				"WPA: Invalid IGTK KeyID %d", keyidx);
734			return -1;
735		}
736		if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr,
737				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
738				   igtk->igtk, WPA_IGTK_LEN) < 0) {
739			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
740				"WPA: Failed to configure IGTK to the driver");
741			return -1;
742		}
743	}
744
745	return 0;
746#else /* CONFIG_IEEE80211W */
747	return 0;
748#endif /* CONFIG_IEEE80211W */
749}
750
751
752static void wpa_report_ie_mismatch(struct wpa_sm *sm,
753				   const char *reason, const u8 *src_addr,
754				   const u8 *wpa_ie, size_t wpa_ie_len,
755				   const u8 *rsn_ie, size_t rsn_ie_len)
756{
757	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
758		reason, MAC2STR(src_addr));
759
760	if (sm->ap_wpa_ie) {
761		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
762			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
763	}
764	if (wpa_ie) {
765		if (!sm->ap_wpa_ie) {
766			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
767				"WPA: No WPA IE in Beacon/ProbeResp");
768		}
769		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
770			    wpa_ie, wpa_ie_len);
771	}
772
773	if (sm->ap_rsn_ie) {
774		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
775			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
776	}
777	if (rsn_ie) {
778		if (!sm->ap_rsn_ie) {
779			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
780				"WPA: No RSN IE in Beacon/ProbeResp");
781		}
782		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
783			    rsn_ie, rsn_ie_len);
784	}
785
786	wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
787}
788
789
790#ifdef CONFIG_IEEE80211R
791
792static int ft_validate_mdie(struct wpa_sm *sm,
793			    const unsigned char *src_addr,
794			    struct wpa_eapol_ie_parse *ie,
795			    const u8 *assoc_resp_mdie)
796{
797	struct rsn_mdie *mdie;
798
799	mdie = (struct rsn_mdie *) (ie->mdie + 2);
800	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
801	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
802		      MOBILITY_DOMAIN_ID_LEN) != 0) {
803		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
804			"not match with the current mobility domain");
805		return -1;
806	}
807
808	if (assoc_resp_mdie &&
809	    (assoc_resp_mdie[1] != ie->mdie[1] ||
810	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
811		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
812		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
813			    ie->mdie, 2 + ie->mdie[1]);
814		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
815			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
816		return -1;
817	}
818
819	return 0;
820}
821
822
823static int ft_validate_ftie(struct wpa_sm *sm,
824			    const unsigned char *src_addr,
825			    struct wpa_eapol_ie_parse *ie,
826			    const u8 *assoc_resp_ftie)
827{
828	if (ie->ftie == NULL) {
829		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
830			"FT: No FTIE in EAPOL-Key msg 3/4");
831		return -1;
832	}
833
834	if (assoc_resp_ftie == NULL)
835		return 0;
836
837	if (assoc_resp_ftie[1] != ie->ftie[1] ||
838	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
839		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
840		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
841			    ie->ftie, 2 + ie->ftie[1]);
842		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
843			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
844		return -1;
845	}
846
847	return 0;
848}
849
850
851static int ft_validate_rsnie(struct wpa_sm *sm,
852			     const unsigned char *src_addr,
853			     struct wpa_eapol_ie_parse *ie)
854{
855	struct wpa_ie_data rsn;
856
857	if (!ie->rsn_ie)
858		return 0;
859
860	/*
861	 * Verify that PMKR1Name from EAPOL-Key message 3/4
862	 * matches with the value we derived.
863	 */
864	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
865	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
866		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
867			"FT 4-way handshake message 3/4");
868		return -1;
869	}
870
871	if (os_memcmp(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) {
872		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
873			"FT: PMKR1Name mismatch in "
874			"FT 4-way handshake message 3/4");
875		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
876			    rsn.pmkid, WPA_PMK_NAME_LEN);
877		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
878			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
879		return -1;
880	}
881
882	return 0;
883}
884
885
886static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
887					 const unsigned char *src_addr,
888					 struct wpa_eapol_ie_parse *ie)
889{
890	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
891
892	if (sm->assoc_resp_ies) {
893		pos = sm->assoc_resp_ies;
894		end = pos + sm->assoc_resp_ies_len;
895		while (pos + 2 < end) {
896			if (pos + 2 + pos[1] > end)
897				break;
898			switch (*pos) {
899			case WLAN_EID_MOBILITY_DOMAIN:
900				mdie = pos;
901				break;
902			case WLAN_EID_FAST_BSS_TRANSITION:
903				ftie = pos;
904				break;
905			}
906			pos += 2 + pos[1];
907		}
908	}
909
910	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
911	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
912	    ft_validate_rsnie(sm, src_addr, ie) < 0)
913		return -1;
914
915	return 0;
916}
917
918#endif /* CONFIG_IEEE80211R */
919
920
921static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
922				      const unsigned char *src_addr,
923				      struct wpa_eapol_ie_parse *ie)
924{
925	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
926		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
927			"WPA: No WPA/RSN IE for this AP known. "
928			"Trying to get from scan results");
929		if (wpa_sm_get_beacon_ie(sm) < 0) {
930			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
931				"WPA: Could not find AP from "
932				"the scan results");
933		} else {
934			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
935				"WPA: Found the current AP from "
936				"updated scan results");
937		}
938	}
939
940	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
941	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
942		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
943				       "with IE in Beacon/ProbeResp (no IE?)",
944				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
945				       ie->rsn_ie, ie->rsn_ie_len);
946		return -1;
947	}
948
949	if ((ie->wpa_ie && sm->ap_wpa_ie &&
950	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
951	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
952	    (ie->rsn_ie && sm->ap_rsn_ie &&
953	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
954				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
955				ie->rsn_ie, ie->rsn_ie_len))) {
956		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
957				       "with IE in Beacon/ProbeResp",
958				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
959				       ie->rsn_ie, ie->rsn_ie_len);
960		return -1;
961	}
962
963	if (sm->proto == WPA_PROTO_WPA &&
964	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
965		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
966				       "detected - RSN was enabled and RSN IE "
967				       "was in msg 3/4, but not in "
968				       "Beacon/ProbeResp",
969				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
970				       ie->rsn_ie, ie->rsn_ie_len);
971		return -1;
972	}
973
974#ifdef CONFIG_IEEE80211R
975	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
976	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
977		return -1;
978#endif /* CONFIG_IEEE80211R */
979
980	return 0;
981}
982
983
984/**
985 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
986 * @sm: Pointer to WPA state machine data from wpa_sm_init()
987 * @dst: Destination address for the frame
988 * @key: Pointer to the EAPOL-Key frame header
989 * @ver: Version bits from EAPOL-Key Key Info
990 * @key_info: Key Info
991 * @kde: KDEs to include the EAPOL-Key frame
992 * @kde_len: Length of KDEs
993 * @ptk: PTK to use for keyed hash and encryption
994 * Returns: 0 on success, -1 on failure
995 */
996int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
997			       const struct wpa_eapol_key *key,
998			       u16 ver, u16 key_info,
999			       const u8 *kde, size_t kde_len,
1000			       struct wpa_ptk *ptk)
1001{
1002	size_t rlen;
1003	struct wpa_eapol_key *reply;
1004	u8 *rbuf;
1005
1006	if (kde)
1007		wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
1008
1009	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1010				  sizeof(*reply) + kde_len,
1011				  &rlen, (void *) &reply);
1012	if (rbuf == NULL)
1013		return -1;
1014
1015	reply->type = sm->proto == WPA_PROTO_RSN ?
1016		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1017	key_info &= WPA_KEY_INFO_SECURE;
1018	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1019	WPA_PUT_BE16(reply->key_info, key_info);
1020	if (sm->proto == WPA_PROTO_RSN)
1021		WPA_PUT_BE16(reply->key_length, 0);
1022	else
1023		os_memcpy(reply->key_length, key->key_length, 2);
1024	os_memcpy(reply->replay_counter, key->replay_counter,
1025		  WPA_REPLAY_COUNTER_LEN);
1026
1027	WPA_PUT_BE16(reply->key_data_length, kde_len);
1028	if (kde)
1029		os_memcpy(reply + 1, kde, kde_len);
1030
1031	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1032	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1033			   rbuf, rlen, reply->key_mic);
1034
1035	return 0;
1036}
1037
1038
1039static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1040					  const struct wpa_eapol_key *key,
1041					  u16 ver)
1042{
1043	u16 key_info, keylen, len;
1044	const u8 *pos;
1045	struct wpa_eapol_ie_parse ie;
1046
1047	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1048	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1049		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1050
1051	key_info = WPA_GET_BE16(key->key_info);
1052
1053	pos = (const u8 *) (key + 1);
1054	len = WPA_GET_BE16(key->key_data_length);
1055	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
1056	if (wpa_supplicant_parse_ies(pos, len, &ie) < 0)
1057		goto failed;
1058	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1059		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1060			"WPA: GTK IE in unencrypted key data");
1061		goto failed;
1062	}
1063#ifdef CONFIG_IEEE80211W
1064	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1065		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1066			"WPA: IGTK KDE in unencrypted key data");
1067		goto failed;
1068	}
1069
1070	if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
1071		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1072			"WPA: Invalid IGTK KDE length %lu",
1073			(unsigned long) ie.igtk_len);
1074		goto failed;
1075	}
1076#endif /* CONFIG_IEEE80211W */
1077
1078	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1079		goto failed;
1080
1081	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1082		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1083			"WPA: ANonce from message 1 of 4-Way Handshake "
1084			"differs from 3 of 4-Way Handshake - drop packet (src="
1085			MACSTR ")", MAC2STR(sm->bssid));
1086		goto failed;
1087	}
1088
1089	keylen = WPA_GET_BE16(key->key_length);
1090	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1091		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1092			"WPA: Invalid %s key length %d (src=" MACSTR
1093			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1094			MAC2STR(sm->bssid));
1095		goto failed;
1096	}
1097
1098	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1099				       NULL, 0, &sm->ptk)) {
1100		goto failed;
1101	}
1102
1103	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
1104	 * for the next 4-Way Handshake. If msg 3 is received again, the old
1105	 * SNonce will still be used to avoid changing PTK. */
1106	sm->renew_snonce = 1;
1107
1108	if (key_info & WPA_KEY_INFO_INSTALL) {
1109		if (wpa_supplicant_install_ptk(sm, key))
1110			goto failed;
1111	}
1112
1113	if (key_info & WPA_KEY_INFO_SECURE) {
1114		wpa_sm_mlme_setprotection(
1115			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1116			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1117		eapol_sm_notify_portValid(sm->eapol, TRUE);
1118	}
1119	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1120
1121	if (ie.gtk &&
1122	    wpa_supplicant_pairwise_gtk(sm, key,
1123					ie.gtk, ie.gtk_len, key_info) < 0) {
1124		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1125			"RSN: Failed to configure GTK");
1126		goto failed;
1127	}
1128
1129	if (ieee80211w_set_keys(sm, &ie) < 0) {
1130		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1131			"RSN: Failed to configure IGTK");
1132		goto failed;
1133	}
1134
1135	wpa_sm_set_rekey_offload(sm);
1136
1137	return;
1138
1139failed:
1140	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1141}
1142
1143
1144static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1145					     const u8 *keydata,
1146					     size_t keydatalen,
1147					     u16 key_info,
1148					     struct wpa_gtk_data *gd)
1149{
1150	int maxkeylen;
1151	struct wpa_eapol_ie_parse ie;
1152
1153	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1154	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1155		return -1;
1156	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1157		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1158			"WPA: GTK IE in unencrypted key data");
1159		return -1;
1160	}
1161	if (ie.gtk == NULL) {
1162		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1163			"WPA: No GTK IE in Group Key msg 1/2");
1164		return -1;
1165	}
1166	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1167
1168	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1169					      gd->gtk_len, maxkeylen,
1170					      &gd->key_rsc_len, &gd->alg))
1171		return -1;
1172
1173	wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
1174		    ie.gtk, ie.gtk_len);
1175	gd->keyidx = ie.gtk[0] & 0x3;
1176	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1177						      !!(ie.gtk[0] & BIT(2)));
1178	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1179		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1180			"RSN: Too long GTK in GTK IE (len=%lu)",
1181			(unsigned long) ie.gtk_len - 2);
1182		return -1;
1183	}
1184	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1185
1186	if (ieee80211w_set_keys(sm, &ie) < 0)
1187		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1188			"RSN: Failed to configure IGTK");
1189
1190	return 0;
1191}
1192
1193
1194static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1195					     const struct wpa_eapol_key *key,
1196					     size_t keydatalen, int key_info,
1197					     size_t extra_len, u16 ver,
1198					     struct wpa_gtk_data *gd)
1199{
1200	size_t maxkeylen;
1201	u8 ek[32];
1202
1203	gd->gtk_len = WPA_GET_BE16(key->key_length);
1204	maxkeylen = keydatalen;
1205	if (keydatalen > extra_len) {
1206		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1207			"WPA: Truncated EAPOL-Key packet: "
1208			"key_data_length=%lu > extra_len=%lu",
1209			(unsigned long) keydatalen, (unsigned long) extra_len);
1210		return -1;
1211	}
1212	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1213		if (maxkeylen < 8) {
1214			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1215				"WPA: Too short maxkeylen (%lu)",
1216				(unsigned long) maxkeylen);
1217			return -1;
1218		}
1219		maxkeylen -= 8;
1220	}
1221
1222	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1223					      gd->gtk_len, maxkeylen,
1224					      &gd->key_rsc_len, &gd->alg))
1225		return -1;
1226
1227	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1228		WPA_KEY_INFO_KEY_INDEX_SHIFT;
1229	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1230		os_memcpy(ek, key->key_iv, 16);
1231		os_memcpy(ek + 16, sm->ptk.kek, 16);
1232		if (keydatalen > sizeof(gd->gtk)) {
1233			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1234				"WPA: RC4 key data too long (%lu)",
1235				(unsigned long) keydatalen);
1236			return -1;
1237		}
1238		os_memcpy(gd->gtk, key + 1, keydatalen);
1239		if (rc4_skip(ek, 32, 256, gd->gtk, keydatalen)) {
1240			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1241				"WPA: RC4 failed");
1242			return -1;
1243		}
1244	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1245		if (keydatalen % 8) {
1246			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1247				"WPA: Unsupported AES-WRAP len %lu",
1248				(unsigned long) keydatalen);
1249			return -1;
1250		}
1251		if (maxkeylen > sizeof(gd->gtk)) {
1252			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1253				"WPA: AES-WRAP key data "
1254				"too long (keydatalen=%lu maxkeylen=%lu)",
1255				(unsigned long) keydatalen,
1256				(unsigned long) maxkeylen);
1257			return -1;
1258		}
1259		if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
1260			       (const u8 *) (key + 1), gd->gtk)) {
1261			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1262				"WPA: AES unwrap failed - could not decrypt "
1263				"GTK");
1264			return -1;
1265		}
1266	} else {
1267		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1268			"WPA: Unsupported key_info type %d", ver);
1269		return -1;
1270	}
1271	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1272		sm, !!(key_info & WPA_KEY_INFO_TXRX));
1273	return 0;
1274}
1275
1276
1277static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1278				      const struct wpa_eapol_key *key,
1279				      int ver, u16 key_info)
1280{
1281	size_t rlen;
1282	struct wpa_eapol_key *reply;
1283	u8 *rbuf;
1284
1285	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1286				  sizeof(*reply), &rlen, (void *) &reply);
1287	if (rbuf == NULL)
1288		return -1;
1289
1290	reply->type = sm->proto == WPA_PROTO_RSN ?
1291		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1292	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1293	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1294	WPA_PUT_BE16(reply->key_info, key_info);
1295	if (sm->proto == WPA_PROTO_RSN)
1296		WPA_PUT_BE16(reply->key_length, 0);
1297	else
1298		os_memcpy(reply->key_length, key->key_length, 2);
1299	os_memcpy(reply->replay_counter, key->replay_counter,
1300		  WPA_REPLAY_COUNTER_LEN);
1301
1302	WPA_PUT_BE16(reply->key_data_length, 0);
1303
1304	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1305	wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
1306			   rbuf, rlen, reply->key_mic);
1307
1308	return 0;
1309}
1310
1311
1312static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1313					  const unsigned char *src_addr,
1314					  const struct wpa_eapol_key *key,
1315					  int extra_len, u16 ver)
1316{
1317	u16 key_info, keydatalen;
1318	int rekey, ret;
1319	struct wpa_gtk_data gd;
1320
1321	os_memset(&gd, 0, sizeof(gd));
1322
1323	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1324	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1325		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1326
1327	key_info = WPA_GET_BE16(key->key_info);
1328	keydatalen = WPA_GET_BE16(key->key_data_length);
1329
1330	if (sm->proto == WPA_PROTO_RSN) {
1331		ret = wpa_supplicant_process_1_of_2_rsn(sm,
1332							(const u8 *) (key + 1),
1333							keydatalen, key_info,
1334							&gd);
1335	} else {
1336		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
1337							key_info, extra_len,
1338							ver, &gd);
1339	}
1340
1341	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1342
1343	if (ret)
1344		goto failed;
1345
1346	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1347	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1348		goto failed;
1349
1350	if (rekey) {
1351		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1352			"completed with " MACSTR " [GTK=%s]",
1353			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1354		wpa_sm_cancel_auth_timeout(sm);
1355		wpa_sm_set_state(sm, WPA_COMPLETED);
1356
1357		wpa_sm_set_rekey_offload(sm);
1358	} else {
1359		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1360						key_info &
1361						WPA_KEY_INFO_SECURE);
1362	}
1363	return;
1364
1365failed:
1366	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1367}
1368
1369
1370static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1371					       struct wpa_eapol_key *key,
1372					       u16 ver,
1373					       const u8 *buf, size_t len)
1374{
1375	u8 mic[16];
1376	int ok = 0;
1377
1378	os_memcpy(mic, key->key_mic, 16);
1379	if (sm->tptk_set) {
1380		os_memset(key->key_mic, 0, 16);
1381		wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
1382				  key->key_mic);
1383		if (os_memcmp(mic, key->key_mic, 16) != 0) {
1384			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1385				"WPA: Invalid EAPOL-Key MIC "
1386				"when using TPTK - ignoring TPTK");
1387		} else {
1388			ok = 1;
1389			sm->tptk_set = 0;
1390			sm->ptk_set = 1;
1391			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1392		}
1393	}
1394
1395	if (!ok && sm->ptk_set) {
1396		os_memset(key->key_mic, 0, 16);
1397		wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
1398				  key->key_mic);
1399		if (os_memcmp(mic, key->key_mic, 16) != 0) {
1400			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1401				"WPA: Invalid EAPOL-Key MIC - "
1402				"dropping packet");
1403			return -1;
1404		}
1405		ok = 1;
1406	}
1407
1408	if (!ok) {
1409		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1410			"WPA: Could not verify EAPOL-Key MIC - "
1411			"dropping packet");
1412		return -1;
1413	}
1414
1415	os_memcpy(sm->rx_replay_counter, key->replay_counter,
1416		  WPA_REPLAY_COUNTER_LEN);
1417	sm->rx_replay_counter_set = 1;
1418	return 0;
1419}
1420
1421
1422/* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1423static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1424					   struct wpa_eapol_key *key, u16 ver)
1425{
1426	u16 keydatalen = WPA_GET_BE16(key->key_data_length);
1427
1428	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1429		    (u8 *) (key + 1), keydatalen);
1430	if (!sm->ptk_set) {
1431		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1432			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1433			"Data");
1434		return -1;
1435	}
1436
1437	/* Decrypt key data here so that this operation does not need
1438	 * to be implemented separately for each message type. */
1439	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1440		u8 ek[32];
1441		os_memcpy(ek, key->key_iv, 16);
1442		os_memcpy(ek + 16, sm->ptk.kek, 16);
1443		if (rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen)) {
1444			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1445				"WPA: RC4 failed");
1446			return -1;
1447		}
1448	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1449		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1450		u8 *buf;
1451		if (keydatalen % 8) {
1452			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1453				"WPA: Unsupported AES-WRAP len %d",
1454				keydatalen);
1455			return -1;
1456		}
1457		keydatalen -= 8; /* AES-WRAP adds 8 bytes */
1458		buf = os_malloc(keydatalen);
1459		if (buf == NULL) {
1460			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1461				"WPA: No memory for AES-UNWRAP buffer");
1462			return -1;
1463		}
1464		if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
1465			       (u8 *) (key + 1), buf)) {
1466			os_free(buf);
1467			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1468				"WPA: AES unwrap failed - "
1469				"could not decrypt EAPOL-Key key data");
1470			return -1;
1471		}
1472		os_memcpy(key + 1, buf, keydatalen);
1473		os_free(buf);
1474		WPA_PUT_BE16(key->key_data_length, keydatalen);
1475	} else {
1476		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1477			"WPA: Unsupported key_info type %d", ver);
1478		return -1;
1479	}
1480	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1481			(u8 *) (key + 1), keydatalen);
1482	return 0;
1483}
1484
1485
1486/**
1487 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1488 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1489 */
1490void wpa_sm_aborted_cached(struct wpa_sm *sm)
1491{
1492	if (sm && sm->cur_pmksa) {
1493		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1494			"RSN: Cancelling PMKSA caching attempt");
1495		sm->cur_pmksa = NULL;
1496	}
1497}
1498
1499
1500static void wpa_eapol_key_dump(struct wpa_sm *sm,
1501			       const struct wpa_eapol_key *key)
1502{
1503#ifndef CONFIG_NO_STDOUT_DEBUG
1504	u16 key_info = WPA_GET_BE16(key->key_info);
1505
1506	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1507	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1508		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1509		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1510		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1511		WPA_KEY_INFO_KEY_INDEX_SHIFT,
1512		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1513		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1514		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1515		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1516		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1517		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1518		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1519		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1520		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1521	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1522		"  key_length=%u key_data_length=%u",
1523		WPA_GET_BE16(key->key_length),
1524		WPA_GET_BE16(key->key_data_length));
1525	wpa_hexdump(MSG_DEBUG, "  replay_counter",
1526		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1527	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1528	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1529	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1530	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1531	wpa_hexdump(MSG_DEBUG, "  key_mic", key->key_mic, 16);
1532#endif /* CONFIG_NO_STDOUT_DEBUG */
1533}
1534
1535
1536/**
1537 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1538 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1539 * @src_addr: Source MAC address of the EAPOL packet
1540 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1541 * @len: Length of the EAPOL frame
1542 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1543 *
1544 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1545 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1546 * only processing WPA and WPA2 EAPOL-Key frames.
1547 *
1548 * The received EAPOL-Key packets are validated and valid packets are replied
1549 * to. In addition, key material (PTK, GTK) is configured at the end of a
1550 * successful key handshake.
1551 */
1552int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1553		    const u8 *buf, size_t len)
1554{
1555	size_t plen, data_len, extra_len;
1556	struct ieee802_1x_hdr *hdr;
1557	struct wpa_eapol_key *key;
1558	u16 key_info, ver;
1559	u8 *tmp;
1560	int ret = -1;
1561	struct wpa_peerkey *peerkey = NULL;
1562
1563#ifdef CONFIG_IEEE80211R
1564	sm->ft_completed = 0;
1565#endif /* CONFIG_IEEE80211R */
1566
1567	if (len < sizeof(*hdr) + sizeof(*key)) {
1568		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1569			"WPA: EAPOL frame too short to be a WPA "
1570			"EAPOL-Key (len %lu, expecting at least %lu)",
1571			(unsigned long) len,
1572			(unsigned long) sizeof(*hdr) + sizeof(*key));
1573		return 0;
1574	}
1575
1576	tmp = os_malloc(len);
1577	if (tmp == NULL)
1578		return -1;
1579	os_memcpy(tmp, buf, len);
1580
1581	hdr = (struct ieee802_1x_hdr *) tmp;
1582	key = (struct wpa_eapol_key *) (hdr + 1);
1583	plen = be_to_host16(hdr->length);
1584	data_len = plen + sizeof(*hdr);
1585	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1586		"IEEE 802.1X RX: version=%d type=%d length=%lu",
1587		hdr->version, hdr->type, (unsigned long) plen);
1588
1589	if (hdr->version < EAPOL_VERSION) {
1590		/* TODO: backwards compatibility */
1591	}
1592	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1593		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1594			"WPA: EAPOL frame (type %u) discarded, "
1595			"not a Key frame", hdr->type);
1596		ret = 0;
1597		goto out;
1598	}
1599	if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
1600		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1601			"WPA: EAPOL frame payload size %lu "
1602			"invalid (frame size %lu)",
1603			(unsigned long) plen, (unsigned long) len);
1604		ret = 0;
1605		goto out;
1606	}
1607
1608	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1609	{
1610		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1611			"WPA: EAPOL-Key type (%d) unknown, discarded",
1612			key->type);
1613		ret = 0;
1614		goto out;
1615	}
1616	wpa_eapol_key_dump(sm, key);
1617
1618	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1619	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
1620	if (data_len < len) {
1621		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1622			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
1623			(unsigned long) len - data_len);
1624	}
1625	key_info = WPA_GET_BE16(key->key_info);
1626	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1627	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1628#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1629	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1630#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1631	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1632		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1633			"WPA: Unsupported EAPOL-Key descriptor version %d",
1634			ver);
1635		goto out;
1636	}
1637
1638#ifdef CONFIG_IEEE80211R
1639	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1640		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1641		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1642			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1643				"FT: AP did not use AES-128-CMAC");
1644			goto out;
1645		}
1646	} else
1647#endif /* CONFIG_IEEE80211R */
1648#ifdef CONFIG_IEEE80211W
1649	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1650		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1651			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1652				"WPA: AP did not use the "
1653				"negotiated AES-128-CMAC");
1654			goto out;
1655		}
1656	} else
1657#endif /* CONFIG_IEEE80211W */
1658	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1659	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1660		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1661			"WPA: CCMP is used, but EAPOL-Key "
1662			"descriptor version (%d) is not 2", ver);
1663		if (sm->group_cipher != WPA_CIPHER_CCMP &&
1664		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1665			/* Earlier versions of IEEE 802.11i did not explicitly
1666			 * require version 2 descriptor for all EAPOL-Key
1667			 * packets, so allow group keys to use version 1 if
1668			 * CCMP is not used for them. */
1669			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1670				"WPA: Backwards compatibility: allow invalid "
1671				"version for non-CCMP group keys");
1672		} else
1673			goto out;
1674	}
1675	if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1676	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1677		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1678			"WPA: GCMP is used, but EAPOL-Key "
1679			"descriptor version (%d) is not 2", ver);
1680		goto out;
1681	}
1682
1683#ifdef CONFIG_PEERKEY
1684	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1685		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1686			break;
1687	}
1688
1689	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1690		if (!peerkey->initiator && peerkey->replay_counter_set &&
1691		    os_memcmp(key->replay_counter, peerkey->replay_counter,
1692			      WPA_REPLAY_COUNTER_LEN) <= 0) {
1693			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1694				"RSN: EAPOL-Key Replay Counter did not "
1695				"increase (STK) - dropping packet");
1696			goto out;
1697		} else if (peerkey->initiator) {
1698			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1699			os_memcpy(_tmp, key->replay_counter,
1700				  WPA_REPLAY_COUNTER_LEN);
1701			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1702			if (os_memcmp(_tmp, peerkey->replay_counter,
1703				      WPA_REPLAY_COUNTER_LEN) != 0) {
1704				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1705					"RSN: EAPOL-Key Replay "
1706					"Counter did not match (STK) - "
1707					"dropping packet");
1708				goto out;
1709			}
1710		}
1711	}
1712
1713	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1714		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1715			"RSN: Ack bit in key_info from STK peer");
1716		goto out;
1717	}
1718#endif /* CONFIG_PEERKEY */
1719
1720	if (!peerkey && sm->rx_replay_counter_set &&
1721	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
1722		      WPA_REPLAY_COUNTER_LEN) <= 0) {
1723		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1724			"WPA: EAPOL-Key Replay Counter did not increase - "
1725			"dropping packet");
1726		goto out;
1727	}
1728
1729	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1730#ifdef CONFIG_PEERKEY
1731	    && (peerkey == NULL || !peerkey->initiator)
1732#endif /* CONFIG_PEERKEY */
1733		) {
1734		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1735			"WPA: No Ack bit in key_info");
1736		goto out;
1737	}
1738
1739	if (key_info & WPA_KEY_INFO_REQUEST) {
1740		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1741			"WPA: EAPOL-Key with Request bit - dropped");
1742		goto out;
1743	}
1744
1745	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1746	    wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
1747		goto out;
1748
1749#ifdef CONFIG_PEERKEY
1750	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1751	    peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
1752		goto out;
1753#endif /* CONFIG_PEERKEY */
1754
1755	extra_len = data_len - sizeof(*hdr) - sizeof(*key);
1756
1757	if (WPA_GET_BE16(key->key_data_length) > extra_len) {
1758		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1759			"frame - key_data overflow (%d > %lu)",
1760			WPA_GET_BE16(key->key_data_length),
1761			(unsigned long) extra_len);
1762		goto out;
1763	}
1764	extra_len = WPA_GET_BE16(key->key_data_length);
1765
1766	if (sm->proto == WPA_PROTO_RSN &&
1767	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1768		if (wpa_supplicant_decrypt_key_data(sm, key, ver))
1769			goto out;
1770		extra_len = WPA_GET_BE16(key->key_data_length);
1771	}
1772
1773	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1774		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1775			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1776				"WPA: Ignored EAPOL-Key (Pairwise) with "
1777				"non-zero key index");
1778			goto out;
1779		}
1780		if (peerkey) {
1781			/* PeerKey 4-Way Handshake */
1782			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
1783		} else if (key_info & WPA_KEY_INFO_MIC) {
1784			/* 3/4 4-Way Handshake */
1785			wpa_supplicant_process_3_of_4(sm, key, ver);
1786		} else {
1787			/* 1/4 4-Way Handshake */
1788			wpa_supplicant_process_1_of_4(sm, src_addr, key,
1789						      ver);
1790		}
1791	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1792		/* PeerKey SMK Handshake */
1793		peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info,
1794				     ver);
1795	} else {
1796		if (key_info & WPA_KEY_INFO_MIC) {
1797			/* 1/2 Group Key Handshake */
1798			wpa_supplicant_process_1_of_2(sm, src_addr, key,
1799						      extra_len, ver);
1800		} else {
1801			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1802				"WPA: EAPOL-Key (Group) without Mic bit - "
1803				"dropped");
1804		}
1805	}
1806
1807	ret = 1;
1808
1809out:
1810	os_free(tmp);
1811	return ret;
1812}
1813
1814
1815#ifdef CONFIG_CTRL_IFACE
1816static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
1817{
1818	switch (sm->key_mgmt) {
1819	case WPA_KEY_MGMT_IEEE8021X:
1820		return (sm->proto == WPA_PROTO_RSN ?
1821			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
1822			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
1823	case WPA_KEY_MGMT_PSK:
1824		return (sm->proto == WPA_PROTO_RSN ?
1825			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
1826			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
1827#ifdef CONFIG_IEEE80211R
1828	case WPA_KEY_MGMT_FT_IEEE8021X:
1829		return RSN_AUTH_KEY_MGMT_FT_802_1X;
1830	case WPA_KEY_MGMT_FT_PSK:
1831		return RSN_AUTH_KEY_MGMT_FT_PSK;
1832#endif /* CONFIG_IEEE80211R */
1833#ifdef CONFIG_IEEE80211W
1834	case WPA_KEY_MGMT_IEEE8021X_SHA256:
1835		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
1836	case WPA_KEY_MGMT_PSK_SHA256:
1837		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
1838#endif /* CONFIG_IEEE80211W */
1839	case WPA_KEY_MGMT_WPA_NONE:
1840		return WPA_AUTH_KEY_MGMT_NONE;
1841	default:
1842		return 0;
1843	}
1844}
1845
1846
1847#define RSN_SUITE "%02x-%02x-%02x-%d"
1848#define RSN_SUITE_ARG(s) \
1849((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
1850
1851/**
1852 * wpa_sm_get_mib - Dump text list of MIB entries
1853 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1854 * @buf: Buffer for the list
1855 * @buflen: Length of the buffer
1856 * Returns: Number of bytes written to buffer
1857 *
1858 * This function is used fetch dot11 MIB variables.
1859 */
1860int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
1861{
1862	char pmkid_txt[PMKID_LEN * 2 + 1];
1863	int rsna, ret;
1864	size_t len;
1865
1866	if (sm->cur_pmksa) {
1867		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
1868				 sm->cur_pmksa->pmkid, PMKID_LEN);
1869	} else
1870		pmkid_txt[0] = '\0';
1871
1872	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1873	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1874	    sm->proto == WPA_PROTO_RSN)
1875		rsna = 1;
1876	else
1877		rsna = 0;
1878
1879	ret = os_snprintf(buf, buflen,
1880			  "dot11RSNAOptionImplemented=TRUE\n"
1881			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
1882			  "dot11RSNAEnabled=%s\n"
1883			  "dot11RSNAPreauthenticationEnabled=%s\n"
1884			  "dot11RSNAConfigVersion=%d\n"
1885			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
1886			  "dot11RSNAConfigGroupCipherSize=%d\n"
1887			  "dot11RSNAConfigPMKLifetime=%d\n"
1888			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
1889			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
1890			  "dot11RSNAConfigSATimeout=%d\n",
1891			  rsna ? "TRUE" : "FALSE",
1892			  rsna ? "TRUE" : "FALSE",
1893			  RSN_VERSION,
1894			  wpa_cipher_key_len(sm->group_cipher) * 8,
1895			  sm->dot11RSNAConfigPMKLifetime,
1896			  sm->dot11RSNAConfigPMKReauthThreshold,
1897			  sm->dot11RSNAConfigSATimeout);
1898	if (ret < 0 || (size_t) ret >= buflen)
1899		return 0;
1900	len = ret;
1901
1902	ret = os_snprintf(
1903		buf + len, buflen - len,
1904		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
1905		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
1906		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
1907		"dot11RSNAPMKIDUsed=%s\n"
1908		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
1909		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
1910		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
1911		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
1912		"dot11RSNA4WayHandshakeFailures=%u\n",
1913		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1914		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1915						  sm->pairwise_cipher)),
1916		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1917						  sm->group_cipher)),
1918		pmkid_txt,
1919		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1920		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1921						  sm->pairwise_cipher)),
1922		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1923						  sm->group_cipher)),
1924		sm->dot11RSNA4WayHandshakeFailures);
1925	if (ret >= 0 && (size_t) ret < buflen)
1926		len += ret;
1927
1928	return (int) len;
1929}
1930#endif /* CONFIG_CTRL_IFACE */
1931
1932
1933static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
1934				 void *ctx, int replace)
1935{
1936	struct wpa_sm *sm = ctx;
1937
1938	if (sm->cur_pmksa == entry ||
1939	    (sm->pmk_len == entry->pmk_len &&
1940	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
1941		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1942			"RSN: removed current PMKSA entry");
1943		sm->cur_pmksa = NULL;
1944
1945		if (replace) {
1946			/* A new entry is being added, so no need to
1947			 * deauthenticate in this case. This happens when EAP
1948			 * authentication is completed again (reauth or failed
1949			 * PMKSA caching attempt). */
1950			return;
1951		}
1952
1953		os_memset(sm->pmk, 0, sizeof(sm->pmk));
1954		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1955	}
1956}
1957
1958
1959/**
1960 * wpa_sm_init - Initialize WPA state machine
1961 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
1962 * Returns: Pointer to the allocated WPA state machine data
1963 *
1964 * This function is used to allocate a new WPA state machine and the returned
1965 * value is passed to all WPA state machine calls.
1966 */
1967struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
1968{
1969	struct wpa_sm *sm;
1970
1971	sm = os_zalloc(sizeof(*sm));
1972	if (sm == NULL)
1973		return NULL;
1974	dl_list_init(&sm->pmksa_candidates);
1975	sm->renew_snonce = 1;
1976	sm->ctx = ctx;
1977
1978	sm->dot11RSNAConfigPMKLifetime = 43200;
1979	sm->dot11RSNAConfigPMKReauthThreshold = 70;
1980	sm->dot11RSNAConfigSATimeout = 60;
1981
1982	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
1983	if (sm->pmksa == NULL) {
1984		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1985			"RSN: PMKSA cache initialization failed");
1986		os_free(sm);
1987		return NULL;
1988	}
1989
1990	return sm;
1991}
1992
1993
1994/**
1995 * wpa_sm_deinit - Deinitialize WPA state machine
1996 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1997 */
1998void wpa_sm_deinit(struct wpa_sm *sm)
1999{
2000	if (sm == NULL)
2001		return;
2002	pmksa_cache_deinit(sm->pmksa);
2003	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2004	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2005	os_free(sm->assoc_wpa_ie);
2006	os_free(sm->ap_wpa_ie);
2007	os_free(sm->ap_rsn_ie);
2008	os_free(sm->ctx);
2009	peerkey_deinit(sm);
2010#ifdef CONFIG_IEEE80211R
2011	os_free(sm->assoc_resp_ies);
2012#endif /* CONFIG_IEEE80211R */
2013	os_free(sm);
2014}
2015
2016
2017/**
2018 * wpa_sm_notify_assoc - Notify WPA state machine about association
2019 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2020 * @bssid: The BSSID of the new association
2021 *
2022 * This function is called to let WPA state machine know that the connection
2023 * was established.
2024 */
2025void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2026{
2027	int clear_ptk = 1;
2028
2029	if (sm == NULL)
2030		return;
2031
2032	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2033		"WPA: Association event - clear replay counter");
2034	os_memcpy(sm->bssid, bssid, ETH_ALEN);
2035	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2036	sm->rx_replay_counter_set = 0;
2037	sm->renew_snonce = 1;
2038	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2039		rsn_preauth_deinit(sm);
2040
2041#ifdef CONFIG_IEEE80211R
2042	if (wpa_ft_is_completed(sm)) {
2043		/*
2044		 * Clear portValid to kick EAPOL state machine to re-enter
2045		 * AUTHENTICATED state to get the EAPOL port Authorized.
2046		 */
2047		eapol_sm_notify_portValid(sm->eapol, FALSE);
2048		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2049
2050		/* Prepare for the next transition */
2051		wpa_ft_prepare_auth_request(sm, NULL);
2052
2053		clear_ptk = 0;
2054	}
2055#endif /* CONFIG_IEEE80211R */
2056
2057	if (clear_ptk) {
2058		/*
2059		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2060		 * this is not part of a Fast BSS Transition.
2061		 */
2062		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2063		sm->ptk_set = 0;
2064		sm->tptk_set = 0;
2065	}
2066
2067#ifdef CONFIG_TDLS
2068	wpa_tdls_assoc(sm);
2069#endif /* CONFIG_TDLS */
2070}
2071
2072
2073/**
2074 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2075 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2076 *
2077 * This function is called to let WPA state machine know that the connection
2078 * was lost. This will abort any existing pre-authentication session.
2079 */
2080void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2081{
2082	rsn_preauth_deinit(sm);
2083	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2084		sm->dot11RSNA4WayHandshakeFailures++;
2085#ifdef CONFIG_TDLS
2086	wpa_tdls_disassoc(sm);
2087#endif /* CONFIG_TDLS */
2088}
2089
2090
2091/**
2092 * wpa_sm_set_pmk - Set PMK
2093 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2094 * @pmk: The new PMK
2095 * @pmk_len: The length of the new PMK in bytes
2096 *
2097 * Configure the PMK for WPA state machine.
2098 */
2099void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
2100{
2101	if (sm == NULL)
2102		return;
2103
2104	sm->pmk_len = pmk_len;
2105	os_memcpy(sm->pmk, pmk, pmk_len);
2106
2107#ifdef CONFIG_IEEE80211R
2108	/* Set XXKey to be PSK for FT key derivation */
2109	sm->xxkey_len = pmk_len;
2110	os_memcpy(sm->xxkey, pmk, pmk_len);
2111#endif /* CONFIG_IEEE80211R */
2112}
2113
2114
2115/**
2116 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2117 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2118 *
2119 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2120 * will be cleared.
2121 */
2122void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2123{
2124	if (sm == NULL)
2125		return;
2126
2127	if (sm->cur_pmksa) {
2128		sm->pmk_len = sm->cur_pmksa->pmk_len;
2129		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2130	} else {
2131		sm->pmk_len = PMK_LEN;
2132		os_memset(sm->pmk, 0, PMK_LEN);
2133	}
2134}
2135
2136
2137/**
2138 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2139 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2140 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2141 */
2142void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2143{
2144	if (sm)
2145		sm->fast_reauth = fast_reauth;
2146}
2147
2148
2149/**
2150 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2151 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2152 * @scard_ctx: Context pointer for smartcard related callback functions
2153 */
2154void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2155{
2156	if (sm == NULL)
2157		return;
2158	sm->scard_ctx = scard_ctx;
2159	if (sm->preauth_eapol)
2160		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2161}
2162
2163
2164/**
2165 * wpa_sm_set_config - Notification of current configration change
2166 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2167 * @config: Pointer to current network configuration
2168 *
2169 * Notify WPA state machine that configuration has changed. config will be
2170 * stored as a backpointer to network configuration. This can be %NULL to clear
2171 * the stored pointed.
2172 */
2173void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2174{
2175	if (!sm)
2176		return;
2177
2178	if (config) {
2179		sm->network_ctx = config->network_ctx;
2180		sm->peerkey_enabled = config->peerkey_enabled;
2181		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2182		sm->proactive_key_caching = config->proactive_key_caching;
2183		sm->eap_workaround = config->eap_workaround;
2184		sm->eap_conf_ctx = config->eap_conf_ctx;
2185		if (config->ssid) {
2186			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2187			sm->ssid_len = config->ssid_len;
2188		} else
2189			sm->ssid_len = 0;
2190		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2191	} else {
2192		sm->network_ctx = NULL;
2193		sm->peerkey_enabled = 0;
2194		sm->allowed_pairwise_cipher = 0;
2195		sm->proactive_key_caching = 0;
2196		sm->eap_workaround = 0;
2197		sm->eap_conf_ctx = NULL;
2198		sm->ssid_len = 0;
2199		sm->wpa_ptk_rekey = 0;
2200	}
2201}
2202
2203
2204/**
2205 * wpa_sm_set_own_addr - Set own MAC address
2206 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2207 * @addr: Own MAC address
2208 */
2209void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2210{
2211	if (sm)
2212		os_memcpy(sm->own_addr, addr, ETH_ALEN);
2213}
2214
2215
2216/**
2217 * wpa_sm_set_ifname - Set network interface name
2218 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2219 * @ifname: Interface name
2220 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2221 */
2222void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2223		       const char *bridge_ifname)
2224{
2225	if (sm) {
2226		sm->ifname = ifname;
2227		sm->bridge_ifname = bridge_ifname;
2228	}
2229}
2230
2231
2232/**
2233 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2234 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2235 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2236 */
2237void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2238{
2239	if (sm)
2240		sm->eapol = eapol;
2241}
2242
2243
2244/**
2245 * wpa_sm_set_param - Set WPA state machine parameters
2246 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2247 * @param: Parameter field
2248 * @value: Parameter value
2249 * Returns: 0 on success, -1 on failure
2250 */
2251int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2252		     unsigned int value)
2253{
2254	int ret = 0;
2255
2256	if (sm == NULL)
2257		return -1;
2258
2259	switch (param) {
2260	case RSNA_PMK_LIFETIME:
2261		if (value > 0)
2262			sm->dot11RSNAConfigPMKLifetime = value;
2263		else
2264			ret = -1;
2265		break;
2266	case RSNA_PMK_REAUTH_THRESHOLD:
2267		if (value > 0 && value <= 100)
2268			sm->dot11RSNAConfigPMKReauthThreshold = value;
2269		else
2270			ret = -1;
2271		break;
2272	case RSNA_SA_TIMEOUT:
2273		if (value > 0)
2274			sm->dot11RSNAConfigSATimeout = value;
2275		else
2276			ret = -1;
2277		break;
2278	case WPA_PARAM_PROTO:
2279		sm->proto = value;
2280		break;
2281	case WPA_PARAM_PAIRWISE:
2282		sm->pairwise_cipher = value;
2283		break;
2284	case WPA_PARAM_GROUP:
2285		sm->group_cipher = value;
2286		break;
2287	case WPA_PARAM_KEY_MGMT:
2288		sm->key_mgmt = value;
2289		break;
2290#ifdef CONFIG_IEEE80211W
2291	case WPA_PARAM_MGMT_GROUP:
2292		sm->mgmt_group_cipher = value;
2293		break;
2294#endif /* CONFIG_IEEE80211W */
2295	case WPA_PARAM_RSN_ENABLED:
2296		sm->rsn_enabled = value;
2297		break;
2298	case WPA_PARAM_MFP:
2299		sm->mfp = value;
2300		break;
2301	default:
2302		break;
2303	}
2304
2305	return ret;
2306}
2307
2308
2309/**
2310 * wpa_sm_get_param - Get WPA state machine parameters
2311 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2312 * @param: Parameter field
2313 * Returns: Parameter value
2314 */
2315unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
2316{
2317	if (sm == NULL)
2318		return 0;
2319
2320	switch (param) {
2321	case RSNA_PMK_LIFETIME:
2322		return sm->dot11RSNAConfigPMKLifetime;
2323	case RSNA_PMK_REAUTH_THRESHOLD:
2324		return sm->dot11RSNAConfigPMKReauthThreshold;
2325	case RSNA_SA_TIMEOUT:
2326		return sm->dot11RSNAConfigSATimeout;
2327	case WPA_PARAM_PROTO:
2328		return sm->proto;
2329	case WPA_PARAM_PAIRWISE:
2330		return sm->pairwise_cipher;
2331	case WPA_PARAM_GROUP:
2332		return sm->group_cipher;
2333	case WPA_PARAM_KEY_MGMT:
2334		return sm->key_mgmt;
2335#ifdef CONFIG_IEEE80211W
2336	case WPA_PARAM_MGMT_GROUP:
2337		return sm->mgmt_group_cipher;
2338#endif /* CONFIG_IEEE80211W */
2339	case WPA_PARAM_RSN_ENABLED:
2340		return sm->rsn_enabled;
2341	default:
2342		return 0;
2343	}
2344}
2345
2346
2347/**
2348 * wpa_sm_get_status - Get WPA state machine
2349 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2350 * @buf: Buffer for status information
2351 * @buflen: Maximum buffer length
2352 * @verbose: Whether to include verbose status information
2353 * Returns: Number of bytes written to buf.
2354 *
2355 * Query WPA state machine for status information. This function fills in
2356 * a text area with current status information. If the buffer (buf) is not
2357 * large enough, status information will be truncated to fit the buffer.
2358 */
2359int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2360		      int verbose)
2361{
2362	char *pos = buf, *end = buf + buflen;
2363	int ret;
2364
2365	ret = os_snprintf(pos, end - pos,
2366			  "pairwise_cipher=%s\n"
2367			  "group_cipher=%s\n"
2368			  "key_mgmt=%s\n",
2369			  wpa_cipher_txt(sm->pairwise_cipher),
2370			  wpa_cipher_txt(sm->group_cipher),
2371			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2372	if (ret < 0 || ret >= end - pos)
2373		return pos - buf;
2374	pos += ret;
2375	return pos - buf;
2376}
2377
2378
2379/**
2380 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2381 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2382 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2383 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2384 * Returns: 0 on success, -1 on failure
2385 */
2386int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2387				    size_t *wpa_ie_len)
2388{
2389	int res;
2390
2391	if (sm == NULL)
2392		return -1;
2393
2394	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2395	if (res < 0)
2396		return -1;
2397	*wpa_ie_len = res;
2398
2399	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2400		    wpa_ie, *wpa_ie_len);
2401
2402	if (sm->assoc_wpa_ie == NULL) {
2403		/*
2404		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2405		 * the correct version of the IE even if PMKSA caching is
2406		 * aborted (which would remove PMKID from IE generation).
2407		 */
2408		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2409		if (sm->assoc_wpa_ie == NULL)
2410			return -1;
2411
2412		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2413		sm->assoc_wpa_ie_len = *wpa_ie_len;
2414	}
2415
2416	return 0;
2417}
2418
2419
2420/**
2421 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2422 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2423 * @ie: Pointer to IE data (starting from id)
2424 * @len: IE length
2425 * Returns: 0 on success, -1 on failure
2426 *
2427 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2428 * Request frame. The IE will be used to override the default value generated
2429 * with wpa_sm_set_assoc_wpa_ie_default().
2430 */
2431int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2432{
2433	if (sm == NULL)
2434		return -1;
2435
2436	os_free(sm->assoc_wpa_ie);
2437	if (ie == NULL || len == 0) {
2438		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2439			"WPA: clearing own WPA/RSN IE");
2440		sm->assoc_wpa_ie = NULL;
2441		sm->assoc_wpa_ie_len = 0;
2442	} else {
2443		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2444		sm->assoc_wpa_ie = os_malloc(len);
2445		if (sm->assoc_wpa_ie == NULL)
2446			return -1;
2447
2448		os_memcpy(sm->assoc_wpa_ie, ie, len);
2449		sm->assoc_wpa_ie_len = len;
2450	}
2451
2452	return 0;
2453}
2454
2455
2456/**
2457 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2458 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2459 * @ie: Pointer to IE data (starting from id)
2460 * @len: IE length
2461 * Returns: 0 on success, -1 on failure
2462 *
2463 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2464 * frame.
2465 */
2466int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2467{
2468	if (sm == NULL)
2469		return -1;
2470
2471	os_free(sm->ap_wpa_ie);
2472	if (ie == NULL || len == 0) {
2473		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2474			"WPA: clearing AP WPA IE");
2475		sm->ap_wpa_ie = NULL;
2476		sm->ap_wpa_ie_len = 0;
2477	} else {
2478		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2479		sm->ap_wpa_ie = os_malloc(len);
2480		if (sm->ap_wpa_ie == NULL)
2481			return -1;
2482
2483		os_memcpy(sm->ap_wpa_ie, ie, len);
2484		sm->ap_wpa_ie_len = len;
2485	}
2486
2487	return 0;
2488}
2489
2490
2491/**
2492 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2493 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2494 * @ie: Pointer to IE data (starting from id)
2495 * @len: IE length
2496 * Returns: 0 on success, -1 on failure
2497 *
2498 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2499 * frame.
2500 */
2501int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2502{
2503	if (sm == NULL)
2504		return -1;
2505
2506	os_free(sm->ap_rsn_ie);
2507	if (ie == NULL || len == 0) {
2508		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2509			"WPA: clearing AP RSN IE");
2510		sm->ap_rsn_ie = NULL;
2511		sm->ap_rsn_ie_len = 0;
2512	} else {
2513		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2514		sm->ap_rsn_ie = os_malloc(len);
2515		if (sm->ap_rsn_ie == NULL)
2516			return -1;
2517
2518		os_memcpy(sm->ap_rsn_ie, ie, len);
2519		sm->ap_rsn_ie_len = len;
2520	}
2521
2522	return 0;
2523}
2524
2525
2526/**
2527 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2528 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2529 * @data: Pointer to data area for parsing results
2530 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2531 *
2532 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2533 * parsed data into data.
2534 */
2535int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2536{
2537	if (sm == NULL)
2538		return -1;
2539
2540	if (sm->assoc_wpa_ie == NULL) {
2541		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2542			"WPA: No WPA/RSN IE available from association info");
2543		return -1;
2544	}
2545	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2546		return -2;
2547	return 0;
2548}
2549
2550
2551int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2552{
2553#ifndef CONFIG_NO_WPA2
2554	return pmksa_cache_list(sm->pmksa, buf, len);
2555#else /* CONFIG_NO_WPA2 */
2556	return -1;
2557#endif /* CONFIG_NO_WPA2 */
2558}
2559
2560
2561void wpa_sm_drop_sa(struct wpa_sm *sm)
2562{
2563	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2564	sm->ptk_set = 0;
2565	sm->tptk_set = 0;
2566	os_memset(sm->pmk, 0, sizeof(sm->pmk));
2567	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2568	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2569}
2570
2571
2572int wpa_sm_has_ptk(struct wpa_sm *sm)
2573{
2574	if (sm == NULL)
2575		return 0;
2576	return sm->ptk_set;
2577}
2578
2579
2580void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2581{
2582	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2583}
2584
2585
2586void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2587{
2588#ifndef CONFIG_NO_WPA2
2589	pmksa_cache_flush(sm->pmksa, network_ctx);
2590#endif /* CONFIG_NO_WPA2 */
2591}
2592
2593
2594#ifdef CONFIG_IEEE80211V
2595int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2596{
2597	struct wpa_gtk_data gd;
2598#ifdef CONFIG_IEEE80211W
2599	struct wpa_igtk_kde igd;
2600	u16 keyidx;
2601#endif /* CONFIG_IEEE80211W */
2602	u16 keyinfo;
2603	u8 keylen;  /* plaintext key len */
2604	u8 keydatalen;
2605	u8 *key_rsc;
2606
2607	os_memset(&gd, 0, sizeof(gd));
2608#ifdef CONFIG_IEEE80211W
2609	os_memset(&igd, 0, sizeof(igd));
2610#endif /* CONFIG_IEEE80211W */
2611
2612	keylen = wpa_cipher_key_len(sm->group_cipher);
2613	gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2614	gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2615	if (gd.alg == WPA_ALG_NONE) {
2616		wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2617		return -1;
2618	}
2619
2620	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2621		key_rsc = buf + 5;
2622		keyinfo = WPA_GET_LE16(buf+2);
2623		keydatalen = buf[1] - 11 - 8;
2624		gd.gtk_len = keylen;
2625		if (gd.gtk_len != buf[4]) {
2626			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2627				   gd.gtk_len, buf[4]);
2628			return -1;
2629		}
2630		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2631		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2632		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2633
2634		if (keydatalen % 8) {
2635			wpa_printf(MSG_DEBUG, "WPA: Unsupported AES-WRAP len "
2636				   "%d", keydatalen);
2637			return -1;
2638		}
2639
2640		if (aes_unwrap(sm->ptk.kek, keydatalen / 8, buf + 13, gd.gtk))
2641		{
2642			wpa_printf(MSG_WARNING, "WNM: AES unwrap failed - "
2643				   "could not decrypt GTK");
2644			return -1;
2645		}
2646
2647		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2648				gd.gtk, gd.gtk_len);
2649		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2650			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2651				   "WNM mode");
2652			return -1;
2653		}
2654#ifdef CONFIG_IEEE80211W
2655	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2656		if (buf[1] != 2 + 6 + WPA_IGTK_LEN + 8) {
2657			wpa_printf(MSG_DEBUG, "WPA: Unsupported AES-WRAP len "
2658				   "%d", buf[1] - 2 - 6 - 8);
2659			return -1;
2660		}
2661		os_memcpy(igd.keyid, buf + 2, 2);
2662		os_memcpy(igd.pn, buf + 4, 6);
2663
2664		keyidx = WPA_GET_LE16(igd.keyid);
2665
2666		if (aes_unwrap(sm->ptk.kek, WPA_IGTK_LEN / 8, buf + 10,
2667			       igd.igtk)) {
2668			wpa_printf(MSG_WARNING, "WNM: AES unwrap failed - "
2669				   "could not decrypr IGTK");
2670			return -1;
2671		}
2672
2673		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2674				igd.igtk, WPA_IGTK_LEN);
2675		if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr,
2676				   keyidx, 0, igd.pn, sizeof(igd.pn),
2677				   igd.igtk, WPA_IGTK_LEN) < 0) {
2678			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2679				   "WNM mode");
2680			return -1;
2681		}
2682#endif /* CONFIG_IEEE80211W */
2683	} else {
2684		wpa_printf(MSG_DEBUG, "Unknown element id");
2685		return -1;
2686	}
2687
2688	return 0;
2689}
2690#endif /* CONFIG_IEEE80211V */
2691