1/*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/aes_wrap.h"
13#include "crypto/crypto.h"
14#include "crypto/random.h"
15#include "common/ieee802_11_defs.h"
16#include "eapol_supp/eapol_supp_sm.h"
17#include "wpa.h"
18#include "eloop.h"
19#include "preauth.h"
20#include "pmksa_cache.h"
21#include "wpa_i.h"
22#include "wpa_ie.h"
23#include "peerkey.h"
24
25
26/**
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @ver: Version field from Key Info
31 * @dest: Destination address for the frame
32 * @proto: Ethertype (usually ETH_P_EAPOL)
33 * @msg: EAPOL-Key message
34 * @msg_len: Length of message
35 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
36 */
37void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
38			int ver, const u8 *dest, u16 proto,
39			u8 *msg, size_t msg_len, u8 *key_mic)
40{
41	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
42		/*
43		 * Association event was not yet received; try to fetch
44		 * BSSID from the driver.
45		 */
46		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
47			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
48				"WPA: Failed to read BSSID for "
49				"EAPOL-Key destination address");
50		} else {
51			dest = sm->bssid;
52			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
53				"WPA: Use BSSID (" MACSTR
54				") as the destination for EAPOL-Key",
55				MAC2STR(dest));
56		}
57	}
58	if (key_mic &&
59	    wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) {
60		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
61			"WPA: Failed to generate EAPOL-Key "
62			"version %d MIC", ver);
63		goto out;
64	}
65	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16);
66	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16);
67	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
68	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
69	eapol_sm_notify_tx_eapol_key(sm->eapol);
70out:
71	os_free(msg);
72}
73
74
75/**
76 * wpa_sm_key_request - Send EAPOL-Key Request
77 * @sm: Pointer to WPA state machine data from wpa_sm_init()
78 * @error: Indicate whether this is an Michael MIC error report
79 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
80 *
81 * Send an EAPOL-Key Request to the current authenticator. This function is
82 * used to request rekeying and it is usually called when a local Michael MIC
83 * failure is detected.
84 */
85void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
86{
87	size_t rlen;
88	struct wpa_eapol_key *reply;
89	int key_info, ver;
90	u8 bssid[ETH_ALEN], *rbuf;
91
92	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN)
93		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
94	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
95		 wpa_key_mgmt_sha256(sm->key_mgmt))
96		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
97	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
98		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
99	else
100		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
101
102	if (wpa_sm_get_bssid(sm, bssid) < 0) {
103		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
104			"Failed to read BSSID for EAPOL-Key request");
105		return;
106	}
107
108	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
109				  sizeof(*reply), &rlen, (void *) &reply);
110	if (rbuf == NULL)
111		return;
112
113	reply->type = (sm->proto == WPA_PROTO_RSN ||
114		       sm->proto == WPA_PROTO_OSEN) ?
115		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
116	key_info = WPA_KEY_INFO_REQUEST | ver;
117	if (sm->ptk_set)
118		key_info |= WPA_KEY_INFO_MIC;
119	if (error)
120		key_info |= WPA_KEY_INFO_ERROR;
121	if (pairwise)
122		key_info |= WPA_KEY_INFO_KEY_TYPE;
123	WPA_PUT_BE16(reply->key_info, key_info);
124	WPA_PUT_BE16(reply->key_length, 0);
125	os_memcpy(reply->replay_counter, sm->request_counter,
126		  WPA_REPLAY_COUNTER_LEN);
127	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
128
129	WPA_PUT_BE16(reply->key_data_length, 0);
130
131	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
132		"WPA: Sending EAPOL-Key Request (error=%d "
133		"pairwise=%d ptk_set=%d len=%lu)",
134		error, pairwise, sm->ptk_set, (unsigned long) rlen);
135	wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
136			   rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
137			   reply->key_mic : NULL);
138}
139
140
141static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
142				  const unsigned char *src_addr,
143				  const u8 *pmkid)
144{
145	int abort_cached = 0;
146
147	if (pmkid && !sm->cur_pmksa) {
148		/* When using drivers that generate RSN IE, wpa_supplicant may
149		 * not have enough time to get the association information
150		 * event before receiving this 1/4 message, so try to find a
151		 * matching PMKSA cache entry here. */
152		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
153						NULL);
154		if (sm->cur_pmksa) {
155			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
156				"RSN: found matching PMKID from PMKSA cache");
157		} else {
158			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
159				"RSN: no matching PMKID found");
160			abort_cached = 1;
161		}
162	}
163
164	if (pmkid && sm->cur_pmksa &&
165	    os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
166		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
167		wpa_sm_set_pmk_from_pmksa(sm);
168		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
169				sm->pmk, sm->pmk_len);
170		eapol_sm_notify_cached(sm->eapol);
171#ifdef CONFIG_IEEE80211R
172		sm->xxkey_len = 0;
173#endif /* CONFIG_IEEE80211R */
174	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
175		int res, pmk_len;
176		pmk_len = PMK_LEN;
177		res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
178		if (res) {
179			/*
180			 * EAP-LEAP is an exception from other EAP methods: it
181			 * uses only 16-byte PMK.
182			 */
183			res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
184			pmk_len = 16;
185		} else {
186#ifdef CONFIG_IEEE80211R
187			u8 buf[2 * PMK_LEN];
188			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
189			{
190				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
191				sm->xxkey_len = PMK_LEN;
192				os_memset(buf, 0, sizeof(buf));
193			}
194#endif /* CONFIG_IEEE80211R */
195		}
196		if (res == 0) {
197			struct rsn_pmksa_cache_entry *sa = NULL;
198			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
199					"machines", sm->pmk, pmk_len);
200			sm->pmk_len = pmk_len;
201			if (sm->proto == WPA_PROTO_RSN &&
202			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
203				sa = pmksa_cache_add(sm->pmksa,
204						     sm->pmk, pmk_len,
205						     src_addr, sm->own_addr,
206						     sm->network_ctx,
207						     sm->key_mgmt);
208			}
209			if (!sm->cur_pmksa && pmkid &&
210			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
211			{
212				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
213					"RSN: the new PMK matches with the "
214					"PMKID");
215				abort_cached = 0;
216			}
217
218			if (!sm->cur_pmksa)
219				sm->cur_pmksa = sa;
220		} else {
221			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
222				"WPA: Failed to get master session key from "
223				"EAPOL state machines - key handshake "
224				"aborted");
225			if (sm->cur_pmksa) {
226				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
227					"RSN: Cancelled PMKSA caching "
228					"attempt");
229				sm->cur_pmksa = NULL;
230				abort_cached = 1;
231			} else if (!abort_cached) {
232				return -1;
233			}
234		}
235	}
236
237	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
238	    !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
239	{
240		/* Send EAPOL-Start to trigger full EAP authentication. */
241		u8 *buf;
242		size_t buflen;
243
244		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
245			"RSN: no PMKSA entry found - trigger "
246			"full EAP authentication");
247		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
248					 NULL, 0, &buflen, NULL);
249		if (buf) {
250			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
251					  buf, buflen);
252			os_free(buf);
253			return -2;
254		}
255
256		return -1;
257	}
258
259	return 0;
260}
261
262
263/**
264 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
265 * @sm: Pointer to WPA state machine data from wpa_sm_init()
266 * @dst: Destination address for the frame
267 * @key: Pointer to the EAPOL-Key frame header
268 * @ver: Version bits from EAPOL-Key Key Info
269 * @nonce: Nonce value for the EAPOL-Key frame
270 * @wpa_ie: WPA/RSN IE
271 * @wpa_ie_len: Length of the WPA/RSN IE
272 * @ptk: PTK to use for keyed hash and encryption
273 * Returns: 0 on success, -1 on failure
274 */
275int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
276			       const struct wpa_eapol_key *key,
277			       int ver, const u8 *nonce,
278			       const u8 *wpa_ie, size_t wpa_ie_len,
279			       struct wpa_ptk *ptk)
280{
281	size_t rlen;
282	struct wpa_eapol_key *reply;
283	u8 *rbuf;
284	u8 *rsn_ie_buf = NULL;
285
286	if (wpa_ie == NULL) {
287		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
288			"cannot generate msg 2/4");
289		return -1;
290	}
291
292#ifdef CONFIG_IEEE80211R
293	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
294		int res;
295
296		/*
297		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
298		 * FTIE from (Re)Association Response.
299		 */
300		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
301				       sm->assoc_resp_ies_len);
302		if (rsn_ie_buf == NULL)
303			return -1;
304		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
305		res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
306				       sm->pmk_r1_name);
307		if (res < 0) {
308			os_free(rsn_ie_buf);
309			return -1;
310		}
311		wpa_ie_len += res;
312
313		if (sm->assoc_resp_ies) {
314			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
315				  sm->assoc_resp_ies_len);
316			wpa_ie_len += sm->assoc_resp_ies_len;
317		}
318
319		wpa_ie = rsn_ie_buf;
320	}
321#endif /* CONFIG_IEEE80211R */
322
323	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
324
325	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
326				  NULL, sizeof(*reply) + wpa_ie_len,
327				  &rlen, (void *) &reply);
328	if (rbuf == NULL) {
329		os_free(rsn_ie_buf);
330		return -1;
331	}
332
333	reply->type = (sm->proto == WPA_PROTO_RSN ||
334		       sm->proto == WPA_PROTO_OSEN) ?
335		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
336	WPA_PUT_BE16(reply->key_info,
337		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
338	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
339		WPA_PUT_BE16(reply->key_length, 0);
340	else
341		os_memcpy(reply->key_length, key->key_length, 2);
342	os_memcpy(reply->replay_counter, key->replay_counter,
343		  WPA_REPLAY_COUNTER_LEN);
344	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
345		    WPA_REPLAY_COUNTER_LEN);
346
347	WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
348	os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
349	os_free(rsn_ie_buf);
350
351	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
352
353	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
354	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
355			   rbuf, rlen, reply->key_mic);
356
357	return 0;
358}
359
360
361static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
362			  const struct wpa_eapol_key *key,
363			  struct wpa_ptk *ptk)
364{
365	size_t ptk_len = wpa_cipher_key_len(sm->pairwise_cipher) + 32;
366#ifdef CONFIG_IEEE80211R
367	if (wpa_key_mgmt_ft(sm->key_mgmt))
368		return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
369#endif /* CONFIG_IEEE80211R */
370
371	wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
372		       sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
373		       (u8 *) ptk, ptk_len,
374		       wpa_key_mgmt_sha256(sm->key_mgmt));
375	return 0;
376}
377
378
379static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
380					  const unsigned char *src_addr,
381					  const struct wpa_eapol_key *key,
382					  u16 ver, const u8 *key_data,
383					  size_t key_data_len)
384{
385	struct wpa_eapol_ie_parse ie;
386	struct wpa_ptk *ptk;
387	int res;
388	u8 *kde, *kde_buf = NULL;
389	size_t kde_len;
390
391	if (wpa_sm_get_network_ctx(sm) == NULL) {
392		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
393			"found (msg 1 of 4)");
394		return;
395	}
396
397	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
398	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
399		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
400
401	os_memset(&ie, 0, sizeof(ie));
402
403	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
404		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
405		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
406			    key_data, key_data_len);
407		if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
408			goto failed;
409		if (ie.pmkid) {
410			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
411				    "Authenticator", ie.pmkid, PMKID_LEN);
412		}
413	}
414
415	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
416	if (res == -2) {
417		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
418			"msg 1/4 - requesting full EAP authentication");
419		return;
420	}
421	if (res)
422		goto failed;
423
424	if (sm->renew_snonce) {
425		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
426			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
427				"WPA: Failed to get random data for SNonce");
428			goto failed;
429		}
430		sm->renew_snonce = 0;
431		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
432			    sm->snonce, WPA_NONCE_LEN);
433	}
434
435	/* Calculate PTK which will be stored as a temporary PTK until it has
436	 * been verified when processing message 3/4. */
437	ptk = &sm->tptk;
438	wpa_derive_ptk(sm, src_addr, key, ptk);
439	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
440		u8 buf[8];
441		/* Supplicant: swap tx/rx Mic keys */
442		os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
443		os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
444		os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
445		os_memset(buf, 0, sizeof(buf));
446	}
447	sm->tptk_set = 1;
448
449	kde = sm->assoc_wpa_ie;
450	kde_len = sm->assoc_wpa_ie_len;
451
452#ifdef CONFIG_P2P
453	if (sm->p2p) {
454		kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
455		if (kde_buf) {
456			u8 *pos;
457			wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
458				   "into EAPOL-Key 2/4");
459			os_memcpy(kde_buf, kde, kde_len);
460			kde = kde_buf;
461			pos = kde + kde_len;
462			*pos++ = WLAN_EID_VENDOR_SPECIFIC;
463			*pos++ = RSN_SELECTOR_LEN + 1;
464			RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
465			pos += RSN_SELECTOR_LEN;
466			*pos++ = 0x01;
467			kde_len = pos - kde;
468		}
469	}
470#endif /* CONFIG_P2P */
471
472	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
473				       kde, kde_len, ptk))
474		goto failed;
475
476	os_free(kde_buf);
477	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
478	return;
479
480failed:
481	os_free(kde_buf);
482	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
483}
484
485
486static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
487{
488	struct wpa_sm *sm = eloop_ctx;
489	rsn_preauth_candidate_process(sm);
490}
491
492
493static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
494					    const u8 *addr, int secure)
495{
496	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
497		"WPA: Key negotiation completed with "
498		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
499		wpa_cipher_txt(sm->pairwise_cipher),
500		wpa_cipher_txt(sm->group_cipher));
501	wpa_sm_cancel_auth_timeout(sm);
502	wpa_sm_set_state(sm, WPA_COMPLETED);
503
504	if (secure) {
505		wpa_sm_mlme_setprotection(
506			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
507			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
508		eapol_sm_notify_portValid(sm->eapol, TRUE);
509		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
510			eapol_sm_notify_eap_success(sm->eapol, TRUE);
511		/*
512		 * Start preauthentication after a short wait to avoid a
513		 * possible race condition between the data receive and key
514		 * configuration after the 4-Way Handshake. This increases the
515		 * likelihood of the first preauth EAPOL-Start frame getting to
516		 * the target AP.
517		 */
518		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
519	}
520
521	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
522		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
523			"RSN: Authenticator accepted "
524			"opportunistic PMKSA entry - marking it valid");
525		sm->cur_pmksa->opportunistic = 0;
526	}
527
528#ifdef CONFIG_IEEE80211R
529	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
530		/* Prepare for the next transition */
531		wpa_ft_prepare_auth_request(sm, NULL);
532	}
533#endif /* CONFIG_IEEE80211R */
534}
535
536
537static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
538{
539	struct wpa_sm *sm = eloop_ctx;
540	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
541	wpa_sm_key_request(sm, 0, 1);
542}
543
544
545static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
546				      const struct wpa_eapol_key *key)
547{
548	int keylen, rsclen;
549	enum wpa_alg alg;
550	const u8 *key_rsc;
551	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
552
553	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
554		"WPA: Installing PTK to the driver");
555
556	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
557		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
558			"Suite: NONE - do not use pairwise keys");
559		return 0;
560	}
561
562	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
563		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
564			"WPA: Unsupported pairwise cipher %d",
565			sm->pairwise_cipher);
566		return -1;
567	}
568
569	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
570	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
571	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
572
573	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
574		key_rsc = null_rsc;
575	} else {
576		key_rsc = key->key_rsc;
577		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
578	}
579
580	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
581			   (u8 *) sm->ptk.tk1, keylen) < 0) {
582		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
583			"WPA: Failed to set PTK to the "
584			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
585			alg, keylen, MAC2STR(sm->bssid));
586		return -1;
587	}
588
589	if (sm->wpa_ptk_rekey) {
590		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
591		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
592				       sm, NULL);
593	}
594
595	return 0;
596}
597
598
599static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
600					     int group_cipher,
601					     int keylen, int maxkeylen,
602					     int *key_rsc_len,
603					     enum wpa_alg *alg)
604{
605	int klen;
606
607	*alg = wpa_cipher_to_alg(group_cipher);
608	if (*alg == WPA_ALG_NONE) {
609		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
610			"WPA: Unsupported Group Cipher %d",
611			group_cipher);
612		return -1;
613	}
614	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
615
616	klen = wpa_cipher_key_len(group_cipher);
617	if (keylen != klen || maxkeylen < klen) {
618		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
619			"WPA: Unsupported %s Group Cipher key length %d (%d)",
620			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
621		return -1;
622	}
623	return 0;
624}
625
626
627struct wpa_gtk_data {
628	enum wpa_alg alg;
629	int tx, key_rsc_len, keyidx;
630	u8 gtk[32];
631	int gtk_len;
632};
633
634
635static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
636				      const struct wpa_gtk_data *gd,
637				      const u8 *key_rsc)
638{
639	const u8 *_gtk = gd->gtk;
640	u8 gtk_buf[32];
641
642	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
643	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
644		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
645		gd->keyidx, gd->tx, gd->gtk_len);
646	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
647	if (sm->group_cipher == WPA_CIPHER_TKIP) {
648		/* Swap Tx/Rx keys for Michael MIC */
649		os_memcpy(gtk_buf, gd->gtk, 16);
650		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
651		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
652		_gtk = gtk_buf;
653	}
654	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
655		if (wpa_sm_set_key(sm, gd->alg, NULL,
656				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
657				   _gtk, gd->gtk_len) < 0) {
658			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
659				"WPA: Failed to set GTK to the driver "
660				"(Group only)");
661			os_memset(gtk_buf, 0, sizeof(gtk_buf));
662			return -1;
663		}
664	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
665				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
666				  _gtk, gd->gtk_len) < 0) {
667		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
668			"WPA: Failed to set GTK to "
669			"the driver (alg=%d keylen=%d keyidx=%d)",
670			gd->alg, gd->gtk_len, gd->keyidx);
671		os_memset(gtk_buf, 0, sizeof(gtk_buf));
672		return -1;
673	}
674	os_memset(gtk_buf, 0, sizeof(gtk_buf));
675
676	return 0;
677}
678
679
680static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
681						int tx)
682{
683	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
684		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
685		 * seemed to set this bit (incorrectly, since Tx is only when
686		 * doing Group Key only APs) and without this workaround, the
687		 * data connection does not work because wpa_supplicant
688		 * configured non-zero keyidx to be used for unicast. */
689		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
690			"WPA: Tx bit set for GTK, but pairwise "
691			"keys are used - ignore Tx bit");
692		return 0;
693	}
694	return tx;
695}
696
697
698static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
699				       const struct wpa_eapol_key *key,
700				       const u8 *gtk, size_t gtk_len,
701				       int key_info)
702{
703	struct wpa_gtk_data gd;
704
705	/*
706	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
707	 * GTK KDE format:
708	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
709	 * Reserved [bits 0-7]
710	 * GTK
711	 */
712
713	os_memset(&gd, 0, sizeof(gd));
714	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
715			gtk, gtk_len);
716
717	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
718		return -1;
719
720	gd.keyidx = gtk[0] & 0x3;
721	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
722						     !!(gtk[0] & BIT(2)));
723	gtk += 2;
724	gtk_len -= 2;
725
726	os_memcpy(gd.gtk, gtk, gtk_len);
727	gd.gtk_len = gtk_len;
728
729	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
730	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
731					       gtk_len, gtk_len,
732					       &gd.key_rsc_len, &gd.alg) ||
733	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
734		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
735			"RSN: Failed to install GTK");
736		os_memset(&gd, 0, sizeof(gd));
737		return -1;
738	}
739	os_memset(&gd, 0, sizeof(gd));
740
741	wpa_supplicant_key_neg_complete(sm, sm->bssid,
742					key_info & WPA_KEY_INFO_SECURE);
743	return 0;
744}
745
746
747static int ieee80211w_set_keys(struct wpa_sm *sm,
748			       struct wpa_eapol_ie_parse *ie)
749{
750#ifdef CONFIG_IEEE80211W
751	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
752		return 0;
753
754	if (ie->igtk) {
755		size_t len;
756		const struct wpa_igtk_kde *igtk;
757		u16 keyidx;
758		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
759		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
760			return -1;
761		igtk = (const struct wpa_igtk_kde *) ie->igtk;
762		keyidx = WPA_GET_LE16(igtk->keyid);
763		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
764			"pn %02x%02x%02x%02x%02x%02x",
765			keyidx, MAC2STR(igtk->pn));
766		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
767				igtk->igtk, len);
768		if (keyidx > 4095) {
769			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
770				"WPA: Invalid IGTK KeyID %d", keyidx);
771			return -1;
772		}
773		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
774				   broadcast_ether_addr,
775				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
776				   igtk->igtk, len) < 0) {
777			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
778				"WPA: Failed to configure IGTK to the driver");
779			return -1;
780		}
781	}
782
783	return 0;
784#else /* CONFIG_IEEE80211W */
785	return 0;
786#endif /* CONFIG_IEEE80211W */
787}
788
789
790static void wpa_report_ie_mismatch(struct wpa_sm *sm,
791				   const char *reason, const u8 *src_addr,
792				   const u8 *wpa_ie, size_t wpa_ie_len,
793				   const u8 *rsn_ie, size_t rsn_ie_len)
794{
795	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
796		reason, MAC2STR(src_addr));
797
798	if (sm->ap_wpa_ie) {
799		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
800			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
801	}
802	if (wpa_ie) {
803		if (!sm->ap_wpa_ie) {
804			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
805				"WPA: No WPA IE in Beacon/ProbeResp");
806		}
807		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
808			    wpa_ie, wpa_ie_len);
809	}
810
811	if (sm->ap_rsn_ie) {
812		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
813			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
814	}
815	if (rsn_ie) {
816		if (!sm->ap_rsn_ie) {
817			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
818				"WPA: No RSN IE in Beacon/ProbeResp");
819		}
820		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
821			    rsn_ie, rsn_ie_len);
822	}
823
824	wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
825}
826
827
828#ifdef CONFIG_IEEE80211R
829
830static int ft_validate_mdie(struct wpa_sm *sm,
831			    const unsigned char *src_addr,
832			    struct wpa_eapol_ie_parse *ie,
833			    const u8 *assoc_resp_mdie)
834{
835	struct rsn_mdie *mdie;
836
837	mdie = (struct rsn_mdie *) (ie->mdie + 2);
838	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
839	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
840		      MOBILITY_DOMAIN_ID_LEN) != 0) {
841		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
842			"not match with the current mobility domain");
843		return -1;
844	}
845
846	if (assoc_resp_mdie &&
847	    (assoc_resp_mdie[1] != ie->mdie[1] ||
848	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
849		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
850		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
851			    ie->mdie, 2 + ie->mdie[1]);
852		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
853			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
854		return -1;
855	}
856
857	return 0;
858}
859
860
861static int ft_validate_ftie(struct wpa_sm *sm,
862			    const unsigned char *src_addr,
863			    struct wpa_eapol_ie_parse *ie,
864			    const u8 *assoc_resp_ftie)
865{
866	if (ie->ftie == NULL) {
867		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
868			"FT: No FTIE in EAPOL-Key msg 3/4");
869		return -1;
870	}
871
872	if (assoc_resp_ftie == NULL)
873		return 0;
874
875	if (assoc_resp_ftie[1] != ie->ftie[1] ||
876	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
877		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
878		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
879			    ie->ftie, 2 + ie->ftie[1]);
880		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
881			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
882		return -1;
883	}
884
885	return 0;
886}
887
888
889static int ft_validate_rsnie(struct wpa_sm *sm,
890			     const unsigned char *src_addr,
891			     struct wpa_eapol_ie_parse *ie)
892{
893	struct wpa_ie_data rsn;
894
895	if (!ie->rsn_ie)
896		return 0;
897
898	/*
899	 * Verify that PMKR1Name from EAPOL-Key message 3/4
900	 * matches with the value we derived.
901	 */
902	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
903	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
904		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
905			"FT 4-way handshake message 3/4");
906		return -1;
907	}
908
909	if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
910	{
911		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
912			"FT: PMKR1Name mismatch in "
913			"FT 4-way handshake message 3/4");
914		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
915			    rsn.pmkid, WPA_PMK_NAME_LEN);
916		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
917			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
918		return -1;
919	}
920
921	return 0;
922}
923
924
925static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
926					 const unsigned char *src_addr,
927					 struct wpa_eapol_ie_parse *ie)
928{
929	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
930
931	if (sm->assoc_resp_ies) {
932		pos = sm->assoc_resp_ies;
933		end = pos + sm->assoc_resp_ies_len;
934		while (pos + 2 < end) {
935			if (pos + 2 + pos[1] > end)
936				break;
937			switch (*pos) {
938			case WLAN_EID_MOBILITY_DOMAIN:
939				mdie = pos;
940				break;
941			case WLAN_EID_FAST_BSS_TRANSITION:
942				ftie = pos;
943				break;
944			}
945			pos += 2 + pos[1];
946		}
947	}
948
949	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
950	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
951	    ft_validate_rsnie(sm, src_addr, ie) < 0)
952		return -1;
953
954	return 0;
955}
956
957#endif /* CONFIG_IEEE80211R */
958
959
960static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
961				      const unsigned char *src_addr,
962				      struct wpa_eapol_ie_parse *ie)
963{
964	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
965		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
966			"WPA: No WPA/RSN IE for this AP known. "
967			"Trying to get from scan results");
968		if (wpa_sm_get_beacon_ie(sm) < 0) {
969			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
970				"WPA: Could not find AP from "
971				"the scan results");
972		} else {
973			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
974				"WPA: Found the current AP from "
975				"updated scan results");
976		}
977	}
978
979	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
980	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
981		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
982				       "with IE in Beacon/ProbeResp (no IE?)",
983				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
984				       ie->rsn_ie, ie->rsn_ie_len);
985		return -1;
986	}
987
988	if ((ie->wpa_ie && sm->ap_wpa_ie &&
989	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
990	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
991	    (ie->rsn_ie && sm->ap_rsn_ie &&
992	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
993				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
994				ie->rsn_ie, ie->rsn_ie_len))) {
995		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
996				       "with IE in Beacon/ProbeResp",
997				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
998				       ie->rsn_ie, ie->rsn_ie_len);
999		return -1;
1000	}
1001
1002	if (sm->proto == WPA_PROTO_WPA &&
1003	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1004		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1005				       "detected - RSN was enabled and RSN IE "
1006				       "was in msg 3/4, but not in "
1007				       "Beacon/ProbeResp",
1008				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1009				       ie->rsn_ie, ie->rsn_ie_len);
1010		return -1;
1011	}
1012
1013#ifdef CONFIG_IEEE80211R
1014	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1015	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1016		return -1;
1017#endif /* CONFIG_IEEE80211R */
1018
1019	return 0;
1020}
1021
1022
1023/**
1024 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1025 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1026 * @dst: Destination address for the frame
1027 * @key: Pointer to the EAPOL-Key frame header
1028 * @ver: Version bits from EAPOL-Key Key Info
1029 * @key_info: Key Info
1030 * @ptk: PTK to use for keyed hash and encryption
1031 * Returns: 0 on success, -1 on failure
1032 */
1033int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1034			       const struct wpa_eapol_key *key,
1035			       u16 ver, u16 key_info,
1036			       struct wpa_ptk *ptk)
1037{
1038	size_t rlen;
1039	struct wpa_eapol_key *reply;
1040	u8 *rbuf;
1041
1042	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1043				  sizeof(*reply), &rlen, (void *) &reply);
1044	if (rbuf == NULL)
1045		return -1;
1046
1047	reply->type = (sm->proto == WPA_PROTO_RSN ||
1048		       sm->proto == WPA_PROTO_OSEN) ?
1049		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1050	key_info &= WPA_KEY_INFO_SECURE;
1051	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1052	WPA_PUT_BE16(reply->key_info, key_info);
1053	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1054		WPA_PUT_BE16(reply->key_length, 0);
1055	else
1056		os_memcpy(reply->key_length, key->key_length, 2);
1057	os_memcpy(reply->replay_counter, key->replay_counter,
1058		  WPA_REPLAY_COUNTER_LEN);
1059
1060	WPA_PUT_BE16(reply->key_data_length, 0);
1061
1062	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1063	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1064			   rbuf, rlen, reply->key_mic);
1065
1066	return 0;
1067}
1068
1069
1070static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1071					  const struct wpa_eapol_key *key,
1072					  u16 ver, const u8 *key_data,
1073					  size_t key_data_len)
1074{
1075	u16 key_info, keylen;
1076	struct wpa_eapol_ie_parse ie;
1077
1078	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1079	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1080		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1081
1082	key_info = WPA_GET_BE16(key->key_info);
1083
1084	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1085	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1086		goto failed;
1087	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1088		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1089			"WPA: GTK IE in unencrypted key data");
1090		goto failed;
1091	}
1092#ifdef CONFIG_IEEE80211W
1093	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1094		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1095			"WPA: IGTK KDE in unencrypted key data");
1096		goto failed;
1097	}
1098
1099	if (ie.igtk &&
1100	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1101	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1102	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1103		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1104			"WPA: Invalid IGTK KDE length %lu",
1105			(unsigned long) ie.igtk_len);
1106		goto failed;
1107	}
1108#endif /* CONFIG_IEEE80211W */
1109
1110	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1111		goto failed;
1112
1113	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1114		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1115			"WPA: ANonce from message 1 of 4-Way Handshake "
1116			"differs from 3 of 4-Way Handshake - drop packet (src="
1117			MACSTR ")", MAC2STR(sm->bssid));
1118		goto failed;
1119	}
1120
1121	keylen = WPA_GET_BE16(key->key_length);
1122	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1123		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1124			"WPA: Invalid %s key length %d (src=" MACSTR
1125			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1126			MAC2STR(sm->bssid));
1127		goto failed;
1128	}
1129
1130#ifdef CONFIG_P2P
1131	if (ie.ip_addr_alloc) {
1132		os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1133		wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1134			    sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1135	}
1136#endif /* CONFIG_P2P */
1137
1138	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1139				       &sm->ptk)) {
1140		goto failed;
1141	}
1142
1143	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
1144	 * for the next 4-Way Handshake. If msg 3 is received again, the old
1145	 * SNonce will still be used to avoid changing PTK. */
1146	sm->renew_snonce = 1;
1147
1148	if (key_info & WPA_KEY_INFO_INSTALL) {
1149		if (wpa_supplicant_install_ptk(sm, key))
1150			goto failed;
1151	}
1152
1153	if (key_info & WPA_KEY_INFO_SECURE) {
1154		wpa_sm_mlme_setprotection(
1155			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1156			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1157		eapol_sm_notify_portValid(sm->eapol, TRUE);
1158	}
1159	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1160
1161	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1162		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1163						key_info & WPA_KEY_INFO_SECURE);
1164	} else if (ie.gtk &&
1165	    wpa_supplicant_pairwise_gtk(sm, key,
1166					ie.gtk, ie.gtk_len, key_info) < 0) {
1167		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1168			"RSN: Failed to configure GTK");
1169		goto failed;
1170	}
1171
1172	if (ieee80211w_set_keys(sm, &ie) < 0) {
1173		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1174			"RSN: Failed to configure IGTK");
1175		goto failed;
1176	}
1177
1178	if (ie.gtk)
1179		wpa_sm_set_rekey_offload(sm);
1180
1181	return;
1182
1183failed:
1184	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1185}
1186
1187
1188static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1189					     const u8 *keydata,
1190					     size_t keydatalen,
1191					     u16 key_info,
1192					     struct wpa_gtk_data *gd)
1193{
1194	int maxkeylen;
1195	struct wpa_eapol_ie_parse ie;
1196
1197	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1198	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1199		return -1;
1200	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1201		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1202			"WPA: GTK IE in unencrypted key data");
1203		return -1;
1204	}
1205	if (ie.gtk == NULL) {
1206		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1207			"WPA: No GTK IE in Group Key msg 1/2");
1208		return -1;
1209	}
1210	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1211
1212	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1213					      gd->gtk_len, maxkeylen,
1214					      &gd->key_rsc_len, &gd->alg))
1215		return -1;
1216
1217	wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
1218		    ie.gtk, ie.gtk_len);
1219	gd->keyidx = ie.gtk[0] & 0x3;
1220	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1221						      !!(ie.gtk[0] & BIT(2)));
1222	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1223		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1224			"RSN: Too long GTK in GTK IE (len=%lu)",
1225			(unsigned long) ie.gtk_len - 2);
1226		return -1;
1227	}
1228	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1229
1230	if (ieee80211w_set_keys(sm, &ie) < 0)
1231		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1232			"RSN: Failed to configure IGTK");
1233
1234	return 0;
1235}
1236
1237
1238static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1239					     const struct wpa_eapol_key *key,
1240					     const u8 *key_data,
1241					     size_t key_data_len, u16 key_info,
1242					     u16 ver, struct wpa_gtk_data *gd)
1243{
1244	size_t maxkeylen;
1245
1246	gd->gtk_len = WPA_GET_BE16(key->key_length);
1247	maxkeylen = key_data_len;
1248	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1249		if (maxkeylen < 8) {
1250			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1251				"WPA: Too short maxkeylen (%lu)",
1252				(unsigned long) maxkeylen);
1253			return -1;
1254		}
1255		maxkeylen -= 8;
1256	}
1257
1258	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1259					      gd->gtk_len, maxkeylen,
1260					      &gd->key_rsc_len, &gd->alg))
1261		return -1;
1262
1263	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1264		WPA_KEY_INFO_KEY_INDEX_SHIFT;
1265	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1266		u8 ek[32];
1267		if (key_data_len > sizeof(gd->gtk)) {
1268			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1269				"WPA: RC4 key data too long (%lu)",
1270				(unsigned long) key_data_len);
1271			return -1;
1272		}
1273		os_memcpy(ek, key->key_iv, 16);
1274		os_memcpy(ek + 16, sm->ptk.kek, 16);
1275		os_memcpy(gd->gtk, key_data, key_data_len);
1276		if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1277			os_memset(ek, 0, sizeof(ek));
1278			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1279				"WPA: RC4 failed");
1280			return -1;
1281		}
1282		os_memset(ek, 0, sizeof(ek));
1283	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1284		if (maxkeylen % 8) {
1285			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1286				"WPA: Unsupported AES-WRAP len %lu",
1287				(unsigned long) maxkeylen);
1288			return -1;
1289		}
1290		if (maxkeylen > sizeof(gd->gtk)) {
1291			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1292				"WPA: AES-WRAP key data "
1293				"too long (keydatalen=%lu maxkeylen=%lu)",
1294				(unsigned long) key_data_len,
1295				(unsigned long) maxkeylen);
1296			return -1;
1297		}
1298		if (aes_unwrap(sm->ptk.kek, 16, maxkeylen / 8, key_data,
1299			       gd->gtk)) {
1300			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1301				"WPA: AES unwrap failed - could not decrypt "
1302				"GTK");
1303			return -1;
1304		}
1305	} else {
1306		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1307			"WPA: Unsupported key_info type %d", ver);
1308		return -1;
1309	}
1310	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1311		sm, !!(key_info & WPA_KEY_INFO_TXRX));
1312	return 0;
1313}
1314
1315
1316static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1317				      const struct wpa_eapol_key *key,
1318				      int ver, u16 key_info)
1319{
1320	size_t rlen;
1321	struct wpa_eapol_key *reply;
1322	u8 *rbuf;
1323
1324	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1325				  sizeof(*reply), &rlen, (void *) &reply);
1326	if (rbuf == NULL)
1327		return -1;
1328
1329	reply->type = (sm->proto == WPA_PROTO_RSN ||
1330		       sm->proto == WPA_PROTO_OSEN) ?
1331		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1332	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1333	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1334	WPA_PUT_BE16(reply->key_info, key_info);
1335	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1336		WPA_PUT_BE16(reply->key_length, 0);
1337	else
1338		os_memcpy(reply->key_length, key->key_length, 2);
1339	os_memcpy(reply->replay_counter, key->replay_counter,
1340		  WPA_REPLAY_COUNTER_LEN);
1341
1342	WPA_PUT_BE16(reply->key_data_length, 0);
1343
1344	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1345	wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
1346			   rbuf, rlen, reply->key_mic);
1347
1348	return 0;
1349}
1350
1351
1352static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1353					  const unsigned char *src_addr,
1354					  const struct wpa_eapol_key *key,
1355					  const u8 *key_data,
1356					  size_t key_data_len, u16 ver)
1357{
1358	u16 key_info;
1359	int rekey, ret;
1360	struct wpa_gtk_data gd;
1361
1362	os_memset(&gd, 0, sizeof(gd));
1363
1364	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1365	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1366		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1367
1368	key_info = WPA_GET_BE16(key->key_info);
1369
1370	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1371		ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1372							key_data_len, key_info,
1373							&gd);
1374	} else {
1375		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1376							key_data_len,
1377							key_info, ver, &gd);
1378	}
1379
1380	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1381
1382	if (ret)
1383		goto failed;
1384
1385	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1386	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1387		goto failed;
1388
1389	if (rekey) {
1390		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1391			"completed with " MACSTR " [GTK=%s]",
1392			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1393		wpa_sm_cancel_auth_timeout(sm);
1394		wpa_sm_set_state(sm, WPA_COMPLETED);
1395	} else {
1396		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1397						key_info &
1398						WPA_KEY_INFO_SECURE);
1399	}
1400
1401	wpa_sm_set_rekey_offload(sm);
1402
1403	return;
1404
1405failed:
1406	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1407}
1408
1409
1410static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1411					       struct wpa_eapol_key *key,
1412					       u16 ver,
1413					       const u8 *buf, size_t len)
1414{
1415	u8 mic[16];
1416	int ok = 0;
1417
1418	os_memcpy(mic, key->key_mic, 16);
1419	if (sm->tptk_set) {
1420		os_memset(key->key_mic, 0, 16);
1421		wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
1422				  key->key_mic);
1423		if (os_memcmp_const(mic, key->key_mic, 16) != 0) {
1424			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1425				"WPA: Invalid EAPOL-Key MIC "
1426				"when using TPTK - ignoring TPTK");
1427		} else {
1428			ok = 1;
1429			sm->tptk_set = 0;
1430			sm->ptk_set = 1;
1431			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1432			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1433		}
1434	}
1435
1436	if (!ok && sm->ptk_set) {
1437		os_memset(key->key_mic, 0, 16);
1438		wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
1439				  key->key_mic);
1440		if (os_memcmp_const(mic, key->key_mic, 16) != 0) {
1441			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1442				"WPA: Invalid EAPOL-Key MIC - "
1443				"dropping packet");
1444			return -1;
1445		}
1446		ok = 1;
1447	}
1448
1449	if (!ok) {
1450		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1451			"WPA: Could not verify EAPOL-Key MIC - "
1452			"dropping packet");
1453		return -1;
1454	}
1455
1456	os_memcpy(sm->rx_replay_counter, key->replay_counter,
1457		  WPA_REPLAY_COUNTER_LEN);
1458	sm->rx_replay_counter_set = 1;
1459	return 0;
1460}
1461
1462
1463/* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1464static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1465					   struct wpa_eapol_key *key, u16 ver,
1466					   u8 *key_data, size_t *key_data_len)
1467{
1468	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1469		    key_data, *key_data_len);
1470	if (!sm->ptk_set) {
1471		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1472			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1473			"Data");
1474		return -1;
1475	}
1476
1477	/* Decrypt key data here so that this operation does not need
1478	 * to be implemented separately for each message type. */
1479	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1480		u8 ek[32];
1481		os_memcpy(ek, key->key_iv, 16);
1482		os_memcpy(ek + 16, sm->ptk.kek, 16);
1483		if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1484			os_memset(ek, 0, sizeof(ek));
1485			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1486				"WPA: RC4 failed");
1487			return -1;
1488		}
1489		os_memset(ek, 0, sizeof(ek));
1490	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1491		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1492		   sm->key_mgmt == WPA_KEY_MGMT_OSEN) {
1493		u8 *buf;
1494		if (*key_data_len < 8 || *key_data_len % 8) {
1495			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1496				"WPA: Unsupported AES-WRAP len %u",
1497				(unsigned int) *key_data_len);
1498			return -1;
1499		}
1500		*key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1501		buf = os_malloc(*key_data_len);
1502		if (buf == NULL) {
1503			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1504				"WPA: No memory for AES-UNWRAP buffer");
1505			return -1;
1506		}
1507		if (aes_unwrap(sm->ptk.kek, 16, *key_data_len / 8,
1508			       key_data, buf)) {
1509			os_free(buf);
1510			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1511				"WPA: AES unwrap failed - "
1512				"could not decrypt EAPOL-Key key data");
1513			return -1;
1514		}
1515		os_memcpy(key_data, buf, *key_data_len);
1516		os_free(buf);
1517		WPA_PUT_BE16(key->key_data_length, *key_data_len);
1518	} else {
1519		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1520			"WPA: Unsupported key_info type %d", ver);
1521		return -1;
1522	}
1523	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1524			key_data, *key_data_len);
1525	return 0;
1526}
1527
1528
1529/**
1530 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1531 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1532 */
1533void wpa_sm_aborted_cached(struct wpa_sm *sm)
1534{
1535	if (sm && sm->cur_pmksa) {
1536		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1537			"RSN: Cancelling PMKSA caching attempt");
1538		sm->cur_pmksa = NULL;
1539	}
1540}
1541
1542
1543static void wpa_eapol_key_dump(struct wpa_sm *sm,
1544			       const struct wpa_eapol_key *key)
1545{
1546#ifndef CONFIG_NO_STDOUT_DEBUG
1547	u16 key_info = WPA_GET_BE16(key->key_info);
1548
1549	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1550	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1551		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1552		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1553		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1554		WPA_KEY_INFO_KEY_INDEX_SHIFT,
1555		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1556		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1557		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1558		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1559		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1560		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1561		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1562		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1563		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1564	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1565		"  key_length=%u key_data_length=%u",
1566		WPA_GET_BE16(key->key_length),
1567		WPA_GET_BE16(key->key_data_length));
1568	wpa_hexdump(MSG_DEBUG, "  replay_counter",
1569		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1570	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1571	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1572	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1573	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1574	wpa_hexdump(MSG_DEBUG, "  key_mic", key->key_mic, 16);
1575#endif /* CONFIG_NO_STDOUT_DEBUG */
1576}
1577
1578
1579/**
1580 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1581 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1582 * @src_addr: Source MAC address of the EAPOL packet
1583 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1584 * @len: Length of the EAPOL frame
1585 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1586 *
1587 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1588 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1589 * only processing WPA and WPA2 EAPOL-Key frames.
1590 *
1591 * The received EAPOL-Key packets are validated and valid packets are replied
1592 * to. In addition, key material (PTK, GTK) is configured at the end of a
1593 * successful key handshake.
1594 */
1595int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1596		    const u8 *buf, size_t len)
1597{
1598	size_t plen, data_len, key_data_len;
1599	const struct ieee802_1x_hdr *hdr;
1600	struct wpa_eapol_key *key;
1601	u16 key_info, ver;
1602	u8 *tmp = NULL;
1603	int ret = -1;
1604	struct wpa_peerkey *peerkey = NULL;
1605	u8 *key_data;
1606
1607#ifdef CONFIG_IEEE80211R
1608	sm->ft_completed = 0;
1609#endif /* CONFIG_IEEE80211R */
1610
1611	if (len < sizeof(*hdr) + sizeof(*key)) {
1612		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1613			"WPA: EAPOL frame too short to be a WPA "
1614			"EAPOL-Key (len %lu, expecting at least %lu)",
1615			(unsigned long) len,
1616			(unsigned long) sizeof(*hdr) + sizeof(*key));
1617		return 0;
1618	}
1619
1620	hdr = (const struct ieee802_1x_hdr *) buf;
1621	plen = be_to_host16(hdr->length);
1622	data_len = plen + sizeof(*hdr);
1623	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1624		"IEEE 802.1X RX: version=%d type=%d length=%lu",
1625		hdr->version, hdr->type, (unsigned long) plen);
1626
1627	if (hdr->version < EAPOL_VERSION) {
1628		/* TODO: backwards compatibility */
1629	}
1630	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1631		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1632			"WPA: EAPOL frame (type %u) discarded, "
1633			"not a Key frame", hdr->type);
1634		ret = 0;
1635		goto out;
1636	}
1637	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1638	if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
1639		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1640			"WPA: EAPOL frame payload size %lu "
1641			"invalid (frame size %lu)",
1642			(unsigned long) plen, (unsigned long) len);
1643		ret = 0;
1644		goto out;
1645	}
1646	if (data_len < len) {
1647		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1648			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
1649			(unsigned long) len - data_len);
1650	}
1651
1652	/*
1653	 * Make a copy of the frame since we need to modify the buffer during
1654	 * MAC validation and Key Data decryption.
1655	 */
1656	tmp = os_malloc(data_len);
1657	if (tmp == NULL)
1658		goto out;
1659	os_memcpy(tmp, buf, data_len);
1660	key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1661	key_data = (u8 *) (key + 1);
1662
1663	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1664	{
1665		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1666			"WPA: EAPOL-Key type (%d) unknown, discarded",
1667			key->type);
1668		ret = 0;
1669		goto out;
1670	}
1671	wpa_eapol_key_dump(sm, key);
1672
1673	key_data_len = WPA_GET_BE16(key->key_data_length);
1674	if (key_data_len > plen - sizeof(struct wpa_eapol_key)) {
1675		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1676			"frame - key_data overflow (%u > %u)",
1677			(unsigned int) key_data_len,
1678			(unsigned int) (plen - sizeof(struct wpa_eapol_key)));
1679		goto out;
1680	}
1681
1682	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1683	key_info = WPA_GET_BE16(key->key_info);
1684	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1685	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1686#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1687	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1688#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1689	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1690	    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1691		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1692			"WPA: Unsupported EAPOL-Key descriptor version %d",
1693			ver);
1694		goto out;
1695	}
1696
1697	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1698	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1699		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1700			"OSEN: Unsupported EAPOL-Key descriptor version %d",
1701			ver);
1702		goto out;
1703	}
1704
1705#ifdef CONFIG_IEEE80211R
1706	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1707		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1708		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1709			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1710				"FT: AP did not use AES-128-CMAC");
1711			goto out;
1712		}
1713	} else
1714#endif /* CONFIG_IEEE80211R */
1715#ifdef CONFIG_IEEE80211W
1716	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1717		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1718		    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1719			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1720				"WPA: AP did not use the "
1721				"negotiated AES-128-CMAC");
1722			goto out;
1723		}
1724	} else
1725#endif /* CONFIG_IEEE80211W */
1726	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1727	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1728		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1729			"WPA: CCMP is used, but EAPOL-Key "
1730			"descriptor version (%d) is not 2", ver);
1731		if (sm->group_cipher != WPA_CIPHER_CCMP &&
1732		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1733			/* Earlier versions of IEEE 802.11i did not explicitly
1734			 * require version 2 descriptor for all EAPOL-Key
1735			 * packets, so allow group keys to use version 1 if
1736			 * CCMP is not used for them. */
1737			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1738				"WPA: Backwards compatibility: allow invalid "
1739				"version for non-CCMP group keys");
1740		} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1741			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1742				"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1743		} else
1744			goto out;
1745	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1746		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1747		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1748			"WPA: GCMP is used, but EAPOL-Key "
1749			"descriptor version (%d) is not 2", ver);
1750		goto out;
1751	}
1752
1753#ifdef CONFIG_PEERKEY
1754	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1755		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1756			break;
1757	}
1758
1759	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1760		if (!peerkey->initiator && peerkey->replay_counter_set &&
1761		    os_memcmp(key->replay_counter, peerkey->replay_counter,
1762			      WPA_REPLAY_COUNTER_LEN) <= 0) {
1763			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1764				"RSN: EAPOL-Key Replay Counter did not "
1765				"increase (STK) - dropping packet");
1766			goto out;
1767		} else if (peerkey->initiator) {
1768			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1769			os_memcpy(_tmp, key->replay_counter,
1770				  WPA_REPLAY_COUNTER_LEN);
1771			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1772			if (os_memcmp(_tmp, peerkey->replay_counter,
1773				      WPA_REPLAY_COUNTER_LEN) != 0) {
1774				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1775					"RSN: EAPOL-Key Replay "
1776					"Counter did not match (STK) - "
1777					"dropping packet");
1778				goto out;
1779			}
1780		}
1781	}
1782
1783	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1784		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1785			"RSN: Ack bit in key_info from STK peer");
1786		goto out;
1787	}
1788#endif /* CONFIG_PEERKEY */
1789
1790	if (!peerkey && sm->rx_replay_counter_set &&
1791	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
1792		      WPA_REPLAY_COUNTER_LEN) <= 0) {
1793		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1794			"WPA: EAPOL-Key Replay Counter did not increase - "
1795			"dropping packet");
1796		goto out;
1797	}
1798
1799	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1800#ifdef CONFIG_PEERKEY
1801	    && (peerkey == NULL || !peerkey->initiator)
1802#endif /* CONFIG_PEERKEY */
1803		) {
1804		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1805			"WPA: No Ack bit in key_info");
1806		goto out;
1807	}
1808
1809	if (key_info & WPA_KEY_INFO_REQUEST) {
1810		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1811			"WPA: EAPOL-Key with Request bit - dropped");
1812		goto out;
1813	}
1814
1815	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1816	    wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
1817		goto out;
1818
1819#ifdef CONFIG_PEERKEY
1820	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1821	    peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
1822		goto out;
1823#endif /* CONFIG_PEERKEY */
1824
1825	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
1826	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1827		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
1828						    &key_data_len))
1829			goto out;
1830	}
1831
1832	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1833		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1834			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1835				"WPA: Ignored EAPOL-Key (Pairwise) with "
1836				"non-zero key index");
1837			goto out;
1838		}
1839		if (peerkey) {
1840			/* PeerKey 4-Way Handshake */
1841			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
1842					      key_data, key_data_len);
1843		} else if (key_info & WPA_KEY_INFO_MIC) {
1844			/* 3/4 4-Way Handshake */
1845			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
1846						      key_data_len);
1847		} else {
1848			/* 1/4 4-Way Handshake */
1849			wpa_supplicant_process_1_of_4(sm, src_addr, key,
1850						      ver, key_data,
1851						      key_data_len);
1852		}
1853	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1854		/* PeerKey SMK Handshake */
1855		peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
1856				     ver);
1857	} else {
1858		if (key_info & WPA_KEY_INFO_MIC) {
1859			/* 1/2 Group Key Handshake */
1860			wpa_supplicant_process_1_of_2(sm, src_addr, key,
1861						      key_data, key_data_len,
1862						      ver);
1863		} else {
1864			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1865				"WPA: EAPOL-Key (Group) without Mic bit - "
1866				"dropped");
1867		}
1868	}
1869
1870	ret = 1;
1871
1872out:
1873	os_free(tmp);
1874	return ret;
1875}
1876
1877
1878#ifdef CONFIG_CTRL_IFACE
1879static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
1880{
1881	switch (sm->key_mgmt) {
1882	case WPA_KEY_MGMT_IEEE8021X:
1883		return ((sm->proto == WPA_PROTO_RSN ||
1884			 sm->proto == WPA_PROTO_OSEN) ?
1885			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
1886			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
1887	case WPA_KEY_MGMT_PSK:
1888		return (sm->proto == WPA_PROTO_RSN ?
1889			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
1890			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
1891#ifdef CONFIG_IEEE80211R
1892	case WPA_KEY_MGMT_FT_IEEE8021X:
1893		return RSN_AUTH_KEY_MGMT_FT_802_1X;
1894	case WPA_KEY_MGMT_FT_PSK:
1895		return RSN_AUTH_KEY_MGMT_FT_PSK;
1896#endif /* CONFIG_IEEE80211R */
1897#ifdef CONFIG_IEEE80211W
1898	case WPA_KEY_MGMT_IEEE8021X_SHA256:
1899		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
1900	case WPA_KEY_MGMT_PSK_SHA256:
1901		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
1902#endif /* CONFIG_IEEE80211W */
1903	case WPA_KEY_MGMT_CCKM:
1904		return (sm->proto == WPA_PROTO_RSN ?
1905			RSN_AUTH_KEY_MGMT_CCKM:
1906			WPA_AUTH_KEY_MGMT_CCKM);
1907	case WPA_KEY_MGMT_WPA_NONE:
1908		return WPA_AUTH_KEY_MGMT_NONE;
1909	default:
1910		return 0;
1911	}
1912}
1913
1914
1915#define RSN_SUITE "%02x-%02x-%02x-%d"
1916#define RSN_SUITE_ARG(s) \
1917((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
1918
1919/**
1920 * wpa_sm_get_mib - Dump text list of MIB entries
1921 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1922 * @buf: Buffer for the list
1923 * @buflen: Length of the buffer
1924 * Returns: Number of bytes written to buffer
1925 *
1926 * This function is used fetch dot11 MIB variables.
1927 */
1928int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
1929{
1930	char pmkid_txt[PMKID_LEN * 2 + 1];
1931	int rsna, ret;
1932	size_t len;
1933
1934	if (sm->cur_pmksa) {
1935		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
1936				 sm->cur_pmksa->pmkid, PMKID_LEN);
1937	} else
1938		pmkid_txt[0] = '\0';
1939
1940	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1941	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1942	    sm->proto == WPA_PROTO_RSN)
1943		rsna = 1;
1944	else
1945		rsna = 0;
1946
1947	ret = os_snprintf(buf, buflen,
1948			  "dot11RSNAOptionImplemented=TRUE\n"
1949			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
1950			  "dot11RSNAEnabled=%s\n"
1951			  "dot11RSNAPreauthenticationEnabled=%s\n"
1952			  "dot11RSNAConfigVersion=%d\n"
1953			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
1954			  "dot11RSNAConfigGroupCipherSize=%d\n"
1955			  "dot11RSNAConfigPMKLifetime=%d\n"
1956			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
1957			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
1958			  "dot11RSNAConfigSATimeout=%d\n",
1959			  rsna ? "TRUE" : "FALSE",
1960			  rsna ? "TRUE" : "FALSE",
1961			  RSN_VERSION,
1962			  wpa_cipher_key_len(sm->group_cipher) * 8,
1963			  sm->dot11RSNAConfigPMKLifetime,
1964			  sm->dot11RSNAConfigPMKReauthThreshold,
1965			  sm->dot11RSNAConfigSATimeout);
1966	if (ret < 0 || (size_t) ret >= buflen)
1967		return 0;
1968	len = ret;
1969
1970	ret = os_snprintf(
1971		buf + len, buflen - len,
1972		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
1973		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
1974		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
1975		"dot11RSNAPMKIDUsed=%s\n"
1976		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
1977		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
1978		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
1979		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
1980		"dot11RSNA4WayHandshakeFailures=%u\n",
1981		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1982		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1983						  sm->pairwise_cipher)),
1984		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1985						  sm->group_cipher)),
1986		pmkid_txt,
1987		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1988		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1989						  sm->pairwise_cipher)),
1990		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1991						  sm->group_cipher)),
1992		sm->dot11RSNA4WayHandshakeFailures);
1993	if (ret >= 0 && (size_t) ret < buflen)
1994		len += ret;
1995
1996	return (int) len;
1997}
1998#endif /* CONFIG_CTRL_IFACE */
1999
2000
2001static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2002				 void *ctx, enum pmksa_free_reason reason)
2003{
2004	struct wpa_sm *sm = ctx;
2005	int deauth = 0;
2006
2007	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2008		MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2009
2010	if (sm->cur_pmksa == entry) {
2011		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2012			"RSN: %s current PMKSA entry",
2013			reason == PMKSA_REPLACE ? "replaced" : "removed");
2014		pmksa_cache_clear_current(sm);
2015
2016		/*
2017		 * If an entry is simply being replaced, there's no need to
2018		 * deauthenticate because it will be immediately re-added.
2019		 * This happens when EAP authentication is completed again
2020		 * (reauth or failed PMKSA caching attempt).
2021		 */
2022		if (reason != PMKSA_REPLACE)
2023			deauth = 1;
2024	}
2025
2026	if (reason == PMKSA_EXPIRE &&
2027	    (sm->pmk_len == entry->pmk_len &&
2028	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2029		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2030			"RSN: deauthenticating due to expired PMK");
2031		pmksa_cache_clear_current(sm);
2032		deauth = 1;
2033	}
2034
2035	if (deauth) {
2036		os_memset(sm->pmk, 0, sizeof(sm->pmk));
2037		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2038	}
2039}
2040
2041
2042/**
2043 * wpa_sm_init - Initialize WPA state machine
2044 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2045 * Returns: Pointer to the allocated WPA state machine data
2046 *
2047 * This function is used to allocate a new WPA state machine and the returned
2048 * value is passed to all WPA state machine calls.
2049 */
2050struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2051{
2052	struct wpa_sm *sm;
2053
2054	sm = os_zalloc(sizeof(*sm));
2055	if (sm == NULL)
2056		return NULL;
2057	dl_list_init(&sm->pmksa_candidates);
2058	sm->renew_snonce = 1;
2059	sm->ctx = ctx;
2060
2061	sm->dot11RSNAConfigPMKLifetime = 43200;
2062	sm->dot11RSNAConfigPMKReauthThreshold = 70;
2063	sm->dot11RSNAConfigSATimeout = 60;
2064
2065	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2066	if (sm->pmksa == NULL) {
2067		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2068			"RSN: PMKSA cache initialization failed");
2069		os_free(sm);
2070		return NULL;
2071	}
2072
2073	return sm;
2074}
2075
2076
2077/**
2078 * wpa_sm_deinit - Deinitialize WPA state machine
2079 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2080 */
2081void wpa_sm_deinit(struct wpa_sm *sm)
2082{
2083	if (sm == NULL)
2084		return;
2085	pmksa_cache_deinit(sm->pmksa);
2086	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2087	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2088	os_free(sm->assoc_wpa_ie);
2089	os_free(sm->ap_wpa_ie);
2090	os_free(sm->ap_rsn_ie);
2091	os_free(sm->ctx);
2092	peerkey_deinit(sm);
2093#ifdef CONFIG_IEEE80211R
2094	os_free(sm->assoc_resp_ies);
2095#endif /* CONFIG_IEEE80211R */
2096	os_free(sm);
2097}
2098
2099
2100/**
2101 * wpa_sm_notify_assoc - Notify WPA state machine about association
2102 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2103 * @bssid: The BSSID of the new association
2104 *
2105 * This function is called to let WPA state machine know that the connection
2106 * was established.
2107 */
2108void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2109{
2110	int clear_ptk = 1;
2111
2112	if (sm == NULL)
2113		return;
2114
2115	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2116		"WPA: Association event - clear replay counter");
2117	os_memcpy(sm->bssid, bssid, ETH_ALEN);
2118	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2119	sm->rx_replay_counter_set = 0;
2120	sm->renew_snonce = 1;
2121	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2122		rsn_preauth_deinit(sm);
2123
2124#ifdef CONFIG_IEEE80211R
2125	if (wpa_ft_is_completed(sm)) {
2126		/*
2127		 * Clear portValid to kick EAPOL state machine to re-enter
2128		 * AUTHENTICATED state to get the EAPOL port Authorized.
2129		 */
2130		eapol_sm_notify_portValid(sm->eapol, FALSE);
2131		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2132
2133		/* Prepare for the next transition */
2134		wpa_ft_prepare_auth_request(sm, NULL);
2135
2136		clear_ptk = 0;
2137	}
2138#endif /* CONFIG_IEEE80211R */
2139
2140	if (clear_ptk) {
2141		/*
2142		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2143		 * this is not part of a Fast BSS Transition.
2144		 */
2145		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2146		sm->ptk_set = 0;
2147		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2148		sm->tptk_set = 0;
2149		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2150	}
2151
2152#ifdef CONFIG_TDLS
2153	wpa_tdls_assoc(sm);
2154#endif /* CONFIG_TDLS */
2155
2156#ifdef CONFIG_P2P
2157	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2158#endif /* CONFIG_P2P */
2159}
2160
2161
2162/**
2163 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2164 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2165 *
2166 * This function is called to let WPA state machine know that the connection
2167 * was lost. This will abort any existing pre-authentication session.
2168 */
2169void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2170{
2171	peerkey_deinit(sm);
2172	rsn_preauth_deinit(sm);
2173	pmksa_cache_clear_current(sm);
2174	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2175		sm->dot11RSNA4WayHandshakeFailures++;
2176#ifdef CONFIG_TDLS
2177	wpa_tdls_disassoc(sm);
2178#endif /* CONFIG_TDLS */
2179}
2180
2181
2182/**
2183 * wpa_sm_set_pmk - Set PMK
2184 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2185 * @pmk: The new PMK
2186 * @pmk_len: The length of the new PMK in bytes
2187 *
2188 * Configure the PMK for WPA state machine.
2189 */
2190void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
2191{
2192	if (sm == NULL)
2193		return;
2194
2195	sm->pmk_len = pmk_len;
2196	os_memcpy(sm->pmk, pmk, pmk_len);
2197
2198#ifdef CONFIG_IEEE80211R
2199	/* Set XXKey to be PSK for FT key derivation */
2200	sm->xxkey_len = pmk_len;
2201	os_memcpy(sm->xxkey, pmk, pmk_len);
2202#endif /* CONFIG_IEEE80211R */
2203}
2204
2205
2206/**
2207 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2208 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2209 *
2210 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2211 * will be cleared.
2212 */
2213void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2214{
2215	if (sm == NULL)
2216		return;
2217
2218	if (sm->cur_pmksa) {
2219		sm->pmk_len = sm->cur_pmksa->pmk_len;
2220		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2221	} else {
2222		sm->pmk_len = PMK_LEN;
2223		os_memset(sm->pmk, 0, PMK_LEN);
2224	}
2225}
2226
2227
2228/**
2229 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2230 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2231 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2232 */
2233void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2234{
2235	if (sm)
2236		sm->fast_reauth = fast_reauth;
2237}
2238
2239
2240/**
2241 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2242 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2243 * @scard_ctx: Context pointer for smartcard related callback functions
2244 */
2245void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2246{
2247	if (sm == NULL)
2248		return;
2249	sm->scard_ctx = scard_ctx;
2250	if (sm->preauth_eapol)
2251		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2252}
2253
2254
2255/**
2256 * wpa_sm_set_config - Notification of current configration change
2257 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2258 * @config: Pointer to current network configuration
2259 *
2260 * Notify WPA state machine that configuration has changed. config will be
2261 * stored as a backpointer to network configuration. This can be %NULL to clear
2262 * the stored pointed.
2263 */
2264void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2265{
2266	if (!sm)
2267		return;
2268
2269	if (config) {
2270		sm->network_ctx = config->network_ctx;
2271		sm->peerkey_enabled = config->peerkey_enabled;
2272		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2273		sm->proactive_key_caching = config->proactive_key_caching;
2274		sm->eap_workaround = config->eap_workaround;
2275		sm->eap_conf_ctx = config->eap_conf_ctx;
2276		if (config->ssid) {
2277			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2278			sm->ssid_len = config->ssid_len;
2279		} else
2280			sm->ssid_len = 0;
2281		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2282		sm->p2p = config->p2p;
2283	} else {
2284		sm->network_ctx = NULL;
2285		sm->peerkey_enabled = 0;
2286		sm->allowed_pairwise_cipher = 0;
2287		sm->proactive_key_caching = 0;
2288		sm->eap_workaround = 0;
2289		sm->eap_conf_ctx = NULL;
2290		sm->ssid_len = 0;
2291		sm->wpa_ptk_rekey = 0;
2292		sm->p2p = 0;
2293	}
2294}
2295
2296
2297/**
2298 * wpa_sm_set_own_addr - Set own MAC address
2299 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2300 * @addr: Own MAC address
2301 */
2302void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2303{
2304	if (sm)
2305		os_memcpy(sm->own_addr, addr, ETH_ALEN);
2306}
2307
2308
2309/**
2310 * wpa_sm_set_ifname - Set network interface name
2311 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2312 * @ifname: Interface name
2313 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2314 */
2315void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2316		       const char *bridge_ifname)
2317{
2318	if (sm) {
2319		sm->ifname = ifname;
2320		sm->bridge_ifname = bridge_ifname;
2321	}
2322}
2323
2324
2325/**
2326 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2327 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2328 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2329 */
2330void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2331{
2332	if (sm)
2333		sm->eapol = eapol;
2334}
2335
2336
2337/**
2338 * wpa_sm_set_param - Set WPA state machine parameters
2339 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2340 * @param: Parameter field
2341 * @value: Parameter value
2342 * Returns: 0 on success, -1 on failure
2343 */
2344int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2345		     unsigned int value)
2346{
2347	int ret = 0;
2348
2349	if (sm == NULL)
2350		return -1;
2351
2352	switch (param) {
2353	case RSNA_PMK_LIFETIME:
2354		if (value > 0)
2355			sm->dot11RSNAConfigPMKLifetime = value;
2356		else
2357			ret = -1;
2358		break;
2359	case RSNA_PMK_REAUTH_THRESHOLD:
2360		if (value > 0 && value <= 100)
2361			sm->dot11RSNAConfigPMKReauthThreshold = value;
2362		else
2363			ret = -1;
2364		break;
2365	case RSNA_SA_TIMEOUT:
2366		if (value > 0)
2367			sm->dot11RSNAConfigSATimeout = value;
2368		else
2369			ret = -1;
2370		break;
2371	case WPA_PARAM_PROTO:
2372		sm->proto = value;
2373		break;
2374	case WPA_PARAM_PAIRWISE:
2375		sm->pairwise_cipher = value;
2376		break;
2377	case WPA_PARAM_GROUP:
2378		sm->group_cipher = value;
2379		break;
2380	case WPA_PARAM_KEY_MGMT:
2381		sm->key_mgmt = value;
2382		break;
2383#ifdef CONFIG_IEEE80211W
2384	case WPA_PARAM_MGMT_GROUP:
2385		sm->mgmt_group_cipher = value;
2386		break;
2387#endif /* CONFIG_IEEE80211W */
2388	case WPA_PARAM_RSN_ENABLED:
2389		sm->rsn_enabled = value;
2390		break;
2391	case WPA_PARAM_MFP:
2392		sm->mfp = value;
2393		break;
2394	default:
2395		break;
2396	}
2397
2398	return ret;
2399}
2400
2401
2402/**
2403 * wpa_sm_get_status - Get WPA state machine
2404 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2405 * @buf: Buffer for status information
2406 * @buflen: Maximum buffer length
2407 * @verbose: Whether to include verbose status information
2408 * Returns: Number of bytes written to buf.
2409 *
2410 * Query WPA state machine for status information. This function fills in
2411 * a text area with current status information. If the buffer (buf) is not
2412 * large enough, status information will be truncated to fit the buffer.
2413 */
2414int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2415		      int verbose)
2416{
2417	char *pos = buf, *end = buf + buflen;
2418	int ret;
2419
2420	ret = os_snprintf(pos, end - pos,
2421			  "pairwise_cipher=%s\n"
2422			  "group_cipher=%s\n"
2423			  "key_mgmt=%s\n",
2424			  wpa_cipher_txt(sm->pairwise_cipher),
2425			  wpa_cipher_txt(sm->group_cipher),
2426			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2427	if (ret < 0 || ret >= end - pos)
2428		return pos - buf;
2429	pos += ret;
2430
2431	if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2432		struct wpa_ie_data rsn;
2433		if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2434		    >= 0 &&
2435		    rsn.capabilities & (WPA_CAPABILITY_MFPR |
2436					WPA_CAPABILITY_MFPC)) {
2437			ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2438					  (rsn.capabilities &
2439					   WPA_CAPABILITY_MFPR) ? 2 : 1);
2440			if (ret < 0 || ret >= end - pos)
2441				return pos - buf;
2442			pos += ret;
2443		}
2444	}
2445
2446	return pos - buf;
2447}
2448
2449
2450int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2451{
2452	struct wpa_ie_data rsn;
2453
2454	if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2455		return 0;
2456
2457	if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2458	    rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2459		return 1;
2460
2461	return 0;
2462}
2463
2464
2465/**
2466 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2467 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2468 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2469 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2470 * Returns: 0 on success, -1 on failure
2471 */
2472int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2473				    size_t *wpa_ie_len)
2474{
2475	int res;
2476
2477	if (sm == NULL)
2478		return -1;
2479
2480	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2481	if (res < 0)
2482		return -1;
2483	*wpa_ie_len = res;
2484
2485	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2486		    wpa_ie, *wpa_ie_len);
2487
2488	if (sm->assoc_wpa_ie == NULL) {
2489		/*
2490		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2491		 * the correct version of the IE even if PMKSA caching is
2492		 * aborted (which would remove PMKID from IE generation).
2493		 */
2494		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2495		if (sm->assoc_wpa_ie == NULL)
2496			return -1;
2497
2498		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2499		sm->assoc_wpa_ie_len = *wpa_ie_len;
2500	}
2501
2502	return 0;
2503}
2504
2505
2506/**
2507 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2508 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2509 * @ie: Pointer to IE data (starting from id)
2510 * @len: IE length
2511 * Returns: 0 on success, -1 on failure
2512 *
2513 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2514 * Request frame. The IE will be used to override the default value generated
2515 * with wpa_sm_set_assoc_wpa_ie_default().
2516 */
2517int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2518{
2519	if (sm == NULL)
2520		return -1;
2521
2522	os_free(sm->assoc_wpa_ie);
2523	if (ie == NULL || len == 0) {
2524		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2525			"WPA: clearing own WPA/RSN IE");
2526		sm->assoc_wpa_ie = NULL;
2527		sm->assoc_wpa_ie_len = 0;
2528	} else {
2529		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2530		sm->assoc_wpa_ie = os_malloc(len);
2531		if (sm->assoc_wpa_ie == NULL)
2532			return -1;
2533
2534		os_memcpy(sm->assoc_wpa_ie, ie, len);
2535		sm->assoc_wpa_ie_len = len;
2536	}
2537
2538	return 0;
2539}
2540
2541
2542/**
2543 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2544 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2545 * @ie: Pointer to IE data (starting from id)
2546 * @len: IE length
2547 * Returns: 0 on success, -1 on failure
2548 *
2549 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2550 * frame.
2551 */
2552int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2553{
2554	if (sm == NULL)
2555		return -1;
2556
2557	os_free(sm->ap_wpa_ie);
2558	if (ie == NULL || len == 0) {
2559		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2560			"WPA: clearing AP WPA IE");
2561		sm->ap_wpa_ie = NULL;
2562		sm->ap_wpa_ie_len = 0;
2563	} else {
2564		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2565		sm->ap_wpa_ie = os_malloc(len);
2566		if (sm->ap_wpa_ie == NULL)
2567			return -1;
2568
2569		os_memcpy(sm->ap_wpa_ie, ie, len);
2570		sm->ap_wpa_ie_len = len;
2571	}
2572
2573	return 0;
2574}
2575
2576
2577/**
2578 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2579 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2580 * @ie: Pointer to IE data (starting from id)
2581 * @len: IE length
2582 * Returns: 0 on success, -1 on failure
2583 *
2584 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2585 * frame.
2586 */
2587int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2588{
2589	if (sm == NULL)
2590		return -1;
2591
2592	os_free(sm->ap_rsn_ie);
2593	if (ie == NULL || len == 0) {
2594		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2595			"WPA: clearing AP RSN IE");
2596		sm->ap_rsn_ie = NULL;
2597		sm->ap_rsn_ie_len = 0;
2598	} else {
2599		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2600		sm->ap_rsn_ie = os_malloc(len);
2601		if (sm->ap_rsn_ie == NULL)
2602			return -1;
2603
2604		os_memcpy(sm->ap_rsn_ie, ie, len);
2605		sm->ap_rsn_ie_len = len;
2606	}
2607
2608	return 0;
2609}
2610
2611
2612/**
2613 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2614 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2615 * @data: Pointer to data area for parsing results
2616 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2617 *
2618 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2619 * parsed data into data.
2620 */
2621int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2622{
2623	if (sm == NULL)
2624		return -1;
2625
2626	if (sm->assoc_wpa_ie == NULL) {
2627		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2628			"WPA: No WPA/RSN IE available from association info");
2629		return -1;
2630	}
2631	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2632		return -2;
2633	return 0;
2634}
2635
2636
2637int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2638{
2639	return pmksa_cache_list(sm->pmksa, buf, len);
2640}
2641
2642
2643#ifdef CONFIG_TESTING_OPTIONS
2644void wpa_sm_drop_sa(struct wpa_sm *sm)
2645{
2646	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2647	sm->ptk_set = 0;
2648	sm->tptk_set = 0;
2649	os_memset(sm->pmk, 0, sizeof(sm->pmk));
2650	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2651	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2652}
2653#endif /* CONFIG_TESTING_OPTIONS */
2654
2655
2656int wpa_sm_has_ptk(struct wpa_sm *sm)
2657{
2658	if (sm == NULL)
2659		return 0;
2660	return sm->ptk_set;
2661}
2662
2663
2664void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2665{
2666	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2667}
2668
2669
2670void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2671{
2672	pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2673}
2674
2675
2676#ifdef CONFIG_WNM
2677int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2678{
2679	u16 keyinfo;
2680	u8 keylen;  /* plaintext key len */
2681	u8 *key_rsc;
2682
2683	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2684		struct wpa_gtk_data gd;
2685
2686		os_memset(&gd, 0, sizeof(gd));
2687		keylen = wpa_cipher_key_len(sm->group_cipher);
2688		gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2689		gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2690		if (gd.alg == WPA_ALG_NONE) {
2691			wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2692			return -1;
2693		}
2694
2695		key_rsc = buf + 5;
2696		keyinfo = WPA_GET_LE16(buf + 2);
2697		gd.gtk_len = keylen;
2698		if (gd.gtk_len != buf[4]) {
2699			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2700				   gd.gtk_len, buf[4]);
2701			return -1;
2702		}
2703		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2704		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2705		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2706
2707		os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2708
2709		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2710				gd.gtk, gd.gtk_len);
2711		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2712			os_memset(&gd, 0, sizeof(gd));
2713			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2714				   "WNM mode");
2715			return -1;
2716		}
2717		os_memset(&gd, 0, sizeof(gd));
2718#ifdef CONFIG_IEEE80211W
2719	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2720		struct wpa_igtk_kde igd;
2721		u16 keyidx;
2722
2723		os_memset(&igd, 0, sizeof(igd));
2724		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
2725		os_memcpy(igd.keyid, buf + 2, 2);
2726		os_memcpy(igd.pn, buf + 4, 6);
2727
2728		keyidx = WPA_GET_LE16(igd.keyid);
2729		os_memcpy(igd.igtk, buf + 10, keylen);
2730
2731		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2732				igd.igtk, keylen);
2733		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2734				   broadcast_ether_addr,
2735				   keyidx, 0, igd.pn, sizeof(igd.pn),
2736				   igd.igtk, keylen) < 0) {
2737			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2738				   "WNM mode");
2739			os_memset(&igd, 0, sizeof(igd));
2740			return -1;
2741		}
2742		os_memset(&igd, 0, sizeof(igd));
2743#endif /* CONFIG_IEEE80211W */
2744	} else {
2745		wpa_printf(MSG_DEBUG, "Unknown element id");
2746		return -1;
2747	}
2748
2749	return 0;
2750}
2751#endif /* CONFIG_WNM */
2752
2753
2754#ifdef CONFIG_PEERKEY
2755int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2756			    const u8 *buf, size_t len)
2757{
2758	struct wpa_peerkey *peerkey;
2759
2760	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2761		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2762			break;
2763	}
2764
2765	if (!peerkey)
2766		return 0;
2767
2768	wpa_sm_rx_eapol(sm, src_addr, buf, len);
2769
2770	return 1;
2771}
2772#endif /* CONFIG_PEERKEY */
2773
2774
2775#ifdef CONFIG_P2P
2776
2777int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
2778{
2779	if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
2780		return -1;
2781	os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
2782	return 0;
2783}
2784
2785#endif /* CONFIG_P2P */
2786