wpa.c revision 8d520ff1dc2da35cdca849e982051b86468016d8
1/* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15#include "includes.h" 16 17#include "common.h" 18#include "crypto/aes_wrap.h" 19#include "crypto/crypto.h" 20#include "crypto/random.h" 21#include "common/ieee802_11_defs.h" 22#include "eapol_supp/eapol_supp_sm.h" 23#include "wpa.h" 24#include "eloop.h" 25#include "preauth.h" 26#include "pmksa_cache.h" 27#include "wpa_i.h" 28#include "wpa_ie.h" 29#include "peerkey.h" 30 31 32/** 33 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 34 * @sm: Pointer to WPA state machine data from wpa_sm_init() 35 * @kck: Key Confirmation Key (KCK, part of PTK) 36 * @ver: Version field from Key Info 37 * @dest: Destination address for the frame 38 * @proto: Ethertype (usually ETH_P_EAPOL) 39 * @msg: EAPOL-Key message 40 * @msg_len: Length of message 41 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 42 */ 43void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, 44 int ver, const u8 *dest, u16 proto, 45 u8 *msg, size_t msg_len, u8 *key_mic) 46{ 47 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 48 /* 49 * Association event was not yet received; try to fetch 50 * BSSID from the driver. 51 */ 52 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 53 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 54 "WPA: Failed to read BSSID for " 55 "EAPOL-Key destination address"); 56 } else { 57 dest = sm->bssid; 58 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 59 "WPA: Use BSSID (" MACSTR 60 ") as the destination for EAPOL-Key", 61 MAC2STR(dest)); 62 } 63 } 64 if (key_mic && 65 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) { 66 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 67 "WPA: Failed to generate EAPOL-Key " 68 "version %d MIC", ver); 69 goto out; 70 } 71 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16); 72 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16); 73 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 74 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 75 eapol_sm_notify_tx_eapol_key(sm->eapol); 76out: 77 os_free(msg); 78} 79 80 81/** 82 * wpa_sm_key_request - Send EAPOL-Key Request 83 * @sm: Pointer to WPA state machine data from wpa_sm_init() 84 * @error: Indicate whether this is an Michael MIC error report 85 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 86 * 87 * Send an EAPOL-Key Request to the current authenticator. This function is 88 * used to request rekeying and it is usually called when a local Michael MIC 89 * failure is detected. 90 */ 91void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 92{ 93 size_t rlen; 94 struct wpa_eapol_key *reply; 95 int key_info, ver; 96 u8 bssid[ETH_ALEN], *rbuf; 97 98 if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt)) 99 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 100 else if (sm->pairwise_cipher == WPA_CIPHER_CCMP) 101 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 102 else 103 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 104 105 if (wpa_sm_get_bssid(sm, bssid) < 0) { 106 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 107 "Failed to read BSSID for EAPOL-Key request"); 108 return; 109 } 110 111 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 112 sizeof(*reply), &rlen, (void *) &reply); 113 if (rbuf == NULL) 114 return; 115 116 reply->type = sm->proto == WPA_PROTO_RSN ? 117 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 118 key_info = WPA_KEY_INFO_REQUEST | ver; 119 if (sm->ptk_set) 120 key_info |= WPA_KEY_INFO_MIC; 121 if (error) 122 key_info |= WPA_KEY_INFO_ERROR; 123 if (pairwise) 124 key_info |= WPA_KEY_INFO_KEY_TYPE; 125 WPA_PUT_BE16(reply->key_info, key_info); 126 WPA_PUT_BE16(reply->key_length, 0); 127 os_memcpy(reply->replay_counter, sm->request_counter, 128 WPA_REPLAY_COUNTER_LEN); 129 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 130 131 WPA_PUT_BE16(reply->key_data_length, 0); 132 133 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 134 "WPA: Sending EAPOL-Key Request (error=%d " 135 "pairwise=%d ptk_set=%d len=%lu)", 136 error, pairwise, sm->ptk_set, (unsigned long) rlen); 137 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL, 138 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ? 139 reply->key_mic : NULL); 140} 141 142 143static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 144 const unsigned char *src_addr, 145 const u8 *pmkid) 146{ 147 int abort_cached = 0; 148 149 if (pmkid && !sm->cur_pmksa) { 150 /* When using drivers that generate RSN IE, wpa_supplicant may 151 * not have enough time to get the association information 152 * event before receiving this 1/4 message, so try to find a 153 * matching PMKSA cache entry here. */ 154 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid); 155 if (sm->cur_pmksa) { 156 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 157 "RSN: found matching PMKID from PMKSA cache"); 158 } else { 159 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 160 "RSN: no matching PMKID found"); 161 abort_cached = 1; 162 } 163 } 164 165 if (pmkid && sm->cur_pmksa && 166 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 167 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 168 wpa_sm_set_pmk_from_pmksa(sm); 169 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 170 sm->pmk, sm->pmk_len); 171 eapol_sm_notify_cached(sm->eapol); 172#ifdef CONFIG_IEEE80211R 173 sm->xxkey_len = 0; 174#endif /* CONFIG_IEEE80211R */ 175 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 176 int res, pmk_len; 177 pmk_len = PMK_LEN; 178 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 179 if (res) { 180 /* 181 * EAP-LEAP is an exception from other EAP methods: it 182 * uses only 16-byte PMK. 183 */ 184 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 185 pmk_len = 16; 186 } else { 187#ifdef CONFIG_IEEE80211R 188 u8 buf[2 * PMK_LEN]; 189 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 190 { 191 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 192 sm->xxkey_len = PMK_LEN; 193 os_memset(buf, 0, sizeof(buf)); 194 } 195#endif /* CONFIG_IEEE80211R */ 196 } 197 if (res == 0) { 198 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 199 "machines", sm->pmk, pmk_len); 200 sm->pmk_len = pmk_len; 201 if (sm->proto == WPA_PROTO_RSN) { 202 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, 203 src_addr, sm->own_addr, 204 sm->network_ctx, sm->key_mgmt); 205 } 206 if (!sm->cur_pmksa && pmkid && 207 pmksa_cache_get(sm->pmksa, src_addr, pmkid)) { 208 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 209 "RSN: the new PMK matches with the " 210 "PMKID"); 211 abort_cached = 0; 212 } 213 } else { 214 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 215 "WPA: Failed to get master session key from " 216 "EAPOL state machines - key handshake " 217 "aborted"); 218 if (sm->cur_pmksa) { 219 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 220 "RSN: Cancelled PMKSA caching " 221 "attempt"); 222 sm->cur_pmksa = NULL; 223 abort_cached = 1; 224 } else if (!abort_cached) { 225 return -1; 226 } 227 } 228 } 229 230 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { 231 /* Send EAPOL-Start to trigger full EAP authentication. */ 232 u8 *buf; 233 size_t buflen; 234 235 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 236 "RSN: no PMKSA entry found - trigger " 237 "full EAP authentication"); 238 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 239 NULL, 0, &buflen, NULL); 240 if (buf) { 241 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 242 buf, buflen); 243 os_free(buf); 244 return -2; 245 } 246 247 return -1; 248 } 249 250 return 0; 251} 252 253 254/** 255 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 256 * @sm: Pointer to WPA state machine data from wpa_sm_init() 257 * @dst: Destination address for the frame 258 * @key: Pointer to the EAPOL-Key frame header 259 * @ver: Version bits from EAPOL-Key Key Info 260 * @nonce: Nonce value for the EAPOL-Key frame 261 * @wpa_ie: WPA/RSN IE 262 * @wpa_ie_len: Length of the WPA/RSN IE 263 * @ptk: PTK to use for keyed hash and encryption 264 * Returns: 0 on success, -1 on failure 265 */ 266int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 267 const struct wpa_eapol_key *key, 268 int ver, const u8 *nonce, 269 const u8 *wpa_ie, size_t wpa_ie_len, 270 struct wpa_ptk *ptk) 271{ 272 size_t rlen; 273 struct wpa_eapol_key *reply; 274 u8 *rbuf; 275 u8 *rsn_ie_buf = NULL; 276 277 if (wpa_ie == NULL) { 278 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 279 "cannot generate msg 2/4"); 280 return -1; 281 } 282 283#ifdef CONFIG_IEEE80211R 284 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 285 int res; 286 287 /* 288 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 289 * FTIE from (Re)Association Response. 290 */ 291 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 292 sm->assoc_resp_ies_len); 293 if (rsn_ie_buf == NULL) 294 return -1; 295 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 296 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 297 sm->pmk_r1_name); 298 if (res < 0) { 299 os_free(rsn_ie_buf); 300 return -1; 301 } 302 wpa_ie_len += res; 303 304 if (sm->assoc_resp_ies) { 305 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 306 sm->assoc_resp_ies_len); 307 wpa_ie_len += sm->assoc_resp_ies_len; 308 } 309 310 wpa_ie = rsn_ie_buf; 311 } 312#endif /* CONFIG_IEEE80211R */ 313 314 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 315 316 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 317 NULL, sizeof(*reply) + wpa_ie_len, 318 &rlen, (void *) &reply); 319 if (rbuf == NULL) { 320 os_free(rsn_ie_buf); 321 return -1; 322 } 323 324 reply->type = sm->proto == WPA_PROTO_RSN ? 325 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 326 WPA_PUT_BE16(reply->key_info, 327 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 328 if (sm->proto == WPA_PROTO_RSN) 329 WPA_PUT_BE16(reply->key_length, 0); 330 else 331 os_memcpy(reply->key_length, key->key_length, 2); 332 os_memcpy(reply->replay_counter, key->replay_counter, 333 WPA_REPLAY_COUNTER_LEN); 334 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 335 WPA_REPLAY_COUNTER_LEN); 336 337 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 338 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 339 os_free(rsn_ie_buf); 340 341 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 342 343 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 344 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 345 rbuf, rlen, reply->key_mic); 346 347 return 0; 348} 349 350 351static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 352 const struct wpa_eapol_key *key, 353 struct wpa_ptk *ptk) 354{ 355 size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64; 356#ifdef CONFIG_IEEE80211R 357 if (wpa_key_mgmt_ft(sm->key_mgmt)) 358 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len); 359#endif /* CONFIG_IEEE80211R */ 360 361 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 362 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce, 363 (u8 *) ptk, ptk_len, 364 wpa_key_mgmt_sha256(sm->key_mgmt)); 365 return 0; 366} 367 368 369static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 370 const unsigned char *src_addr, 371 const struct wpa_eapol_key *key, 372 u16 ver) 373{ 374 struct wpa_eapol_ie_parse ie; 375 struct wpa_ptk *ptk; 376 u8 buf[8]; 377 int res; 378 379 if (wpa_sm_get_network_ctx(sm) == NULL) { 380 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 381 "found (msg 1 of 4)"); 382 return; 383 } 384 385 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 386 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 387 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 388 389 os_memset(&ie, 0, sizeof(ie)); 390 391#ifndef CONFIG_NO_WPA2 392 if (sm->proto == WPA_PROTO_RSN) { 393 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 394 const u8 *_buf = (const u8 *) (key + 1); 395 size_t len = WPA_GET_BE16(key->key_data_length); 396 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len); 397 wpa_supplicant_parse_ies(_buf, len, &ie); 398 if (ie.pmkid) { 399 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 400 "Authenticator", ie.pmkid, PMKID_LEN); 401 } 402 } 403#endif /* CONFIG_NO_WPA2 */ 404 405 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 406 if (res == -2) { 407 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 408 "msg 1/4 - requesting full EAP authentication"); 409 return; 410 } 411 if (res) 412 goto failed; 413 414 if (sm->renew_snonce) { 415 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 416 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 417 "WPA: Failed to get random data for SNonce"); 418 goto failed; 419 } 420 sm->renew_snonce = 0; 421 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 422 sm->snonce, WPA_NONCE_LEN); 423 } 424 425 /* Calculate PTK which will be stored as a temporary PTK until it has 426 * been verified when processing message 3/4. */ 427 ptk = &sm->tptk; 428 wpa_derive_ptk(sm, src_addr, key, ptk); 429 /* Supplicant: swap tx/rx Mic keys */ 430 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8); 431 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8); 432 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8); 433 sm->tptk_set = 1; 434 435 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 436 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, 437 ptk)) 438 goto failed; 439 440 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 441 return; 442 443failed: 444 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 445} 446 447 448static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 449{ 450 struct wpa_sm *sm = eloop_ctx; 451 rsn_preauth_candidate_process(sm); 452} 453 454 455static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 456 const u8 *addr, int secure) 457{ 458 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 459 "WPA: Key negotiation completed with " 460 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 461 wpa_cipher_txt(sm->pairwise_cipher), 462 wpa_cipher_txt(sm->group_cipher)); 463 wpa_sm_cancel_auth_timeout(sm); 464 wpa_sm_set_state(sm, WPA_COMPLETED); 465 466 if (secure) { 467 wpa_sm_mlme_setprotection( 468 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 469 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 470 eapol_sm_notify_portValid(sm->eapol, TRUE); 471 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 472 eapol_sm_notify_eap_success(sm->eapol, TRUE); 473 /* 474 * Start preauthentication after a short wait to avoid a 475 * possible race condition between the data receive and key 476 * configuration after the 4-Way Handshake. This increases the 477 * likelyhood of the first preauth EAPOL-Start frame getting to 478 * the target AP. 479 */ 480 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 481 } 482 483 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 484 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 485 "RSN: Authenticator accepted " 486 "opportunistic PMKSA entry - marking it valid"); 487 sm->cur_pmksa->opportunistic = 0; 488 } 489 490#ifdef CONFIG_IEEE80211R 491 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 492 /* Prepare for the next transition */ 493 wpa_ft_prepare_auth_request(sm, NULL); 494 } 495#endif /* CONFIG_IEEE80211R */ 496} 497 498 499static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 500{ 501 struct wpa_sm *sm = eloop_ctx; 502 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 503 wpa_sm_key_request(sm, 0, 1); 504} 505 506 507static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 508 const struct wpa_eapol_key *key) 509{ 510 int keylen, rsclen; 511 enum wpa_alg alg; 512 const u8 *key_rsc; 513 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 514 515 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 516 "WPA: Installing PTK to the driver"); 517 518 switch (sm->pairwise_cipher) { 519 case WPA_CIPHER_CCMP: 520 alg = WPA_ALG_CCMP; 521 keylen = 16; 522 rsclen = 6; 523 break; 524 case WPA_CIPHER_TKIP: 525 alg = WPA_ALG_TKIP; 526 keylen = 32; 527 rsclen = 6; 528 break; 529 case WPA_CIPHER_NONE: 530 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 531 "Suite: NONE - do not use pairwise keys"); 532 return 0; 533 default: 534 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 535 "WPA: Unsupported pairwise cipher %d", 536 sm->pairwise_cipher); 537 return -1; 538 } 539 540 if (sm->proto == WPA_PROTO_RSN) { 541 key_rsc = null_rsc; 542 } else { 543 key_rsc = key->key_rsc; 544 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 545 } 546 547 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 548 (u8 *) sm->ptk.tk1, keylen) < 0) { 549 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 550 "WPA: Failed to set PTK to the " 551 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 552 alg, keylen, MAC2STR(sm->bssid)); 553 return -1; 554 } 555 556 if (sm->wpa_ptk_rekey) { 557 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 558 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 559 sm, NULL); 560 } 561 562 return 0; 563} 564 565 566static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 567 int group_cipher, 568 int keylen, int maxkeylen, 569 int *key_rsc_len, 570 enum wpa_alg *alg) 571{ 572 int ret = 0; 573 574 switch (group_cipher) { 575 case WPA_CIPHER_CCMP: 576 if (keylen != 16 || maxkeylen < 16) { 577 ret = -1; 578 break; 579 } 580 *key_rsc_len = 6; 581 *alg = WPA_ALG_CCMP; 582 break; 583 case WPA_CIPHER_TKIP: 584 if (keylen != 32 || maxkeylen < 32) { 585 ret = -1; 586 break; 587 } 588 *key_rsc_len = 6; 589 *alg = WPA_ALG_TKIP; 590 break; 591 case WPA_CIPHER_WEP104: 592 if (keylen != 13 || maxkeylen < 13) { 593 ret = -1; 594 break; 595 } 596 *key_rsc_len = 0; 597 *alg = WPA_ALG_WEP; 598 break; 599 case WPA_CIPHER_WEP40: 600 if (keylen != 5 || maxkeylen < 5) { 601 ret = -1; 602 break; 603 } 604 *key_rsc_len = 0; 605 *alg = WPA_ALG_WEP; 606 break; 607 default: 608 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 609 "WPA: Unsupported Group Cipher %d", 610 group_cipher); 611 return -1; 612 } 613 614 if (ret < 0 ) { 615 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 616 "WPA: Unsupported %s Group Cipher key length %d (%d)", 617 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 618 } 619 620 return ret; 621} 622 623 624struct wpa_gtk_data { 625 enum wpa_alg alg; 626 int tx, key_rsc_len, keyidx; 627 u8 gtk[32]; 628 int gtk_len; 629}; 630 631 632static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 633 const struct wpa_gtk_data *gd, 634 const u8 *key_rsc) 635{ 636 const u8 *_gtk = gd->gtk; 637 u8 gtk_buf[32]; 638 639 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 640 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 641 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 642 gd->keyidx, gd->tx, gd->gtk_len); 643 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 644 if (sm->group_cipher == WPA_CIPHER_TKIP) { 645 /* Swap Tx/Rx keys for Michael MIC */ 646 os_memcpy(gtk_buf, gd->gtk, 16); 647 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 648 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 649 _gtk = gtk_buf; 650 } 651 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 652 if (wpa_sm_set_key(sm, gd->alg, NULL, 653 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 654 _gtk, gd->gtk_len) < 0) { 655 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 656 "WPA: Failed to set GTK to the driver " 657 "(Group only)"); 658 return -1; 659 } 660 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 661 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 662 _gtk, gd->gtk_len) < 0) { 663 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 664 "WPA: Failed to set GTK to " 665 "the driver (alg=%d keylen=%d keyidx=%d)", 666 gd->alg, gd->gtk_len, gd->keyidx); 667 return -1; 668 } 669 670 return 0; 671} 672 673 674static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 675 int tx) 676{ 677 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 678 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 679 * seemed to set this bit (incorrectly, since Tx is only when 680 * doing Group Key only APs) and without this workaround, the 681 * data connection does not work because wpa_supplicant 682 * configured non-zero keyidx to be used for unicast. */ 683 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 684 "WPA: Tx bit set for GTK, but pairwise " 685 "keys are used - ignore Tx bit"); 686 return 0; 687 } 688 return tx; 689} 690 691 692static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 693 const struct wpa_eapol_key *key, 694 const u8 *gtk, size_t gtk_len, 695 int key_info) 696{ 697#ifndef CONFIG_NO_WPA2 698 struct wpa_gtk_data gd; 699 700 /* 701 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 702 * GTK KDE format: 703 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 704 * Reserved [bits 0-7] 705 * GTK 706 */ 707 708 os_memset(&gd, 0, sizeof(gd)); 709 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 710 gtk, gtk_len); 711 712 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 713 return -1; 714 715 gd.keyidx = gtk[0] & 0x3; 716 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 717 !!(gtk[0] & BIT(2))); 718 gtk += 2; 719 gtk_len -= 2; 720 721 os_memcpy(gd.gtk, gtk, gtk_len); 722 gd.gtk_len = gtk_len; 723 724 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 725 gtk_len, gtk_len, 726 &gd.key_rsc_len, &gd.alg) || 727 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) { 728 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 729 "RSN: Failed to install GTK"); 730 return -1; 731 } 732 733 wpa_supplicant_key_neg_complete(sm, sm->bssid, 734 key_info & WPA_KEY_INFO_SECURE); 735 return 0; 736#else /* CONFIG_NO_WPA2 */ 737 return -1; 738#endif /* CONFIG_NO_WPA2 */ 739} 740 741 742static int ieee80211w_set_keys(struct wpa_sm *sm, 743 struct wpa_eapol_ie_parse *ie) 744{ 745#ifdef CONFIG_IEEE80211W 746 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) 747 return 0; 748 749 if (ie->igtk) { 750 const struct wpa_igtk_kde *igtk; 751 u16 keyidx; 752 if (ie->igtk_len != sizeof(*igtk)) 753 return -1; 754 igtk = (const struct wpa_igtk_kde *) ie->igtk; 755 keyidx = WPA_GET_LE16(igtk->keyid); 756 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 757 "pn %02x%02x%02x%02x%02x%02x", 758 keyidx, MAC2STR(igtk->pn)); 759 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 760 igtk->igtk, WPA_IGTK_LEN); 761 if (keyidx > 4095) { 762 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 763 "WPA: Invalid IGTK KeyID %d", keyidx); 764 return -1; 765 } 766 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, 767 keyidx, 0, igtk->pn, sizeof(igtk->pn), 768 igtk->igtk, WPA_IGTK_LEN) < 0) { 769 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 770 "WPA: Failed to configure IGTK to the driver"); 771 return -1; 772 } 773 } 774 775 return 0; 776#else /* CONFIG_IEEE80211W */ 777 return 0; 778#endif /* CONFIG_IEEE80211W */ 779} 780 781 782static void wpa_report_ie_mismatch(struct wpa_sm *sm, 783 const char *reason, const u8 *src_addr, 784 const u8 *wpa_ie, size_t wpa_ie_len, 785 const u8 *rsn_ie, size_t rsn_ie_len) 786{ 787 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 788 reason, MAC2STR(src_addr)); 789 790 if (sm->ap_wpa_ie) { 791 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 792 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 793 } 794 if (wpa_ie) { 795 if (!sm->ap_wpa_ie) { 796 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 797 "WPA: No WPA IE in Beacon/ProbeResp"); 798 } 799 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 800 wpa_ie, wpa_ie_len); 801 } 802 803 if (sm->ap_rsn_ie) { 804 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 805 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 806 } 807 if (rsn_ie) { 808 if (!sm->ap_rsn_ie) { 809 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 810 "WPA: No RSN IE in Beacon/ProbeResp"); 811 } 812 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 813 rsn_ie, rsn_ie_len); 814 } 815 816 wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 817} 818 819 820#ifdef CONFIG_IEEE80211R 821 822static int ft_validate_mdie(struct wpa_sm *sm, 823 const unsigned char *src_addr, 824 struct wpa_eapol_ie_parse *ie, 825 const u8 *assoc_resp_mdie) 826{ 827 struct rsn_mdie *mdie; 828 829 mdie = (struct rsn_mdie *) (ie->mdie + 2); 830 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 831 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 832 MOBILITY_DOMAIN_ID_LEN) != 0) { 833 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 834 "not match with the current mobility domain"); 835 return -1; 836 } 837 838 if (assoc_resp_mdie && 839 (assoc_resp_mdie[1] != ie->mdie[1] || 840 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 841 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 842 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 843 ie->mdie, 2 + ie->mdie[1]); 844 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 845 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 846 return -1; 847 } 848 849 return 0; 850} 851 852 853static int ft_validate_ftie(struct wpa_sm *sm, 854 const unsigned char *src_addr, 855 struct wpa_eapol_ie_parse *ie, 856 const u8 *assoc_resp_ftie) 857{ 858 if (ie->ftie == NULL) { 859 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 860 "FT: No FTIE in EAPOL-Key msg 3/4"); 861 return -1; 862 } 863 864 if (assoc_resp_ftie == NULL) 865 return 0; 866 867 if (assoc_resp_ftie[1] != ie->ftie[1] || 868 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 869 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 870 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 871 ie->ftie, 2 + ie->ftie[1]); 872 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 873 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 874 return -1; 875 } 876 877 return 0; 878} 879 880 881static int ft_validate_rsnie(struct wpa_sm *sm, 882 const unsigned char *src_addr, 883 struct wpa_eapol_ie_parse *ie) 884{ 885 struct wpa_ie_data rsn; 886 887 if (!ie->rsn_ie) 888 return 0; 889 890 /* 891 * Verify that PMKR1Name from EAPOL-Key message 3/4 892 * matches with the value we derived. 893 */ 894 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 895 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 896 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 897 "FT 4-way handshake message 3/4"); 898 return -1; 899 } 900 901 if (os_memcmp(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) { 902 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 903 "FT: PMKR1Name mismatch in " 904 "FT 4-way handshake message 3/4"); 905 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 906 rsn.pmkid, WPA_PMK_NAME_LEN); 907 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 908 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 909 return -1; 910 } 911 912 return 0; 913} 914 915 916static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 917 const unsigned char *src_addr, 918 struct wpa_eapol_ie_parse *ie) 919{ 920 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 921 922 if (sm->assoc_resp_ies) { 923 pos = sm->assoc_resp_ies; 924 end = pos + sm->assoc_resp_ies_len; 925 while (pos + 2 < end) { 926 if (pos + 2 + pos[1] > end) 927 break; 928 switch (*pos) { 929 case WLAN_EID_MOBILITY_DOMAIN: 930 mdie = pos; 931 break; 932 case WLAN_EID_FAST_BSS_TRANSITION: 933 ftie = pos; 934 break; 935 } 936 pos += 2 + pos[1]; 937 } 938 } 939 940 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 941 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 942 ft_validate_rsnie(sm, src_addr, ie) < 0) 943 return -1; 944 945 return 0; 946} 947 948#endif /* CONFIG_IEEE80211R */ 949 950 951static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 952 const unsigned char *src_addr, 953 struct wpa_eapol_ie_parse *ie) 954{ 955 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 956 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 957 "WPA: No WPA/RSN IE for this AP known. " 958 "Trying to get from scan results"); 959 if (wpa_sm_get_beacon_ie(sm) < 0) { 960 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 961 "WPA: Could not find AP from " 962 "the scan results"); 963 } else { 964 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 965 "WPA: Found the current AP from " 966 "updated scan results"); 967 } 968 } 969 970 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 971 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 972 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 973 "with IE in Beacon/ProbeResp (no IE?)", 974 src_addr, ie->wpa_ie, ie->wpa_ie_len, 975 ie->rsn_ie, ie->rsn_ie_len); 976 return -1; 977 } 978 979 if ((ie->wpa_ie && sm->ap_wpa_ie && 980 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 981 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 982 (ie->rsn_ie && sm->ap_rsn_ie && 983 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 984 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 985 ie->rsn_ie, ie->rsn_ie_len))) { 986 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 987 "with IE in Beacon/ProbeResp", 988 src_addr, ie->wpa_ie, ie->wpa_ie_len, 989 ie->rsn_ie, ie->rsn_ie_len); 990 return -1; 991 } 992 993 if (sm->proto == WPA_PROTO_WPA && 994 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 995 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 996 "detected - RSN was enabled and RSN IE " 997 "was in msg 3/4, but not in " 998 "Beacon/ProbeResp", 999 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1000 ie->rsn_ie, ie->rsn_ie_len); 1001 return -1; 1002 } 1003 1004#ifdef CONFIG_IEEE80211R 1005 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1006 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1007 return -1; 1008#endif /* CONFIG_IEEE80211R */ 1009 1010 return 0; 1011} 1012 1013 1014/** 1015 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1016 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1017 * @dst: Destination address for the frame 1018 * @key: Pointer to the EAPOL-Key frame header 1019 * @ver: Version bits from EAPOL-Key Key Info 1020 * @key_info: Key Info 1021 * @kde: KDEs to include the EAPOL-Key frame 1022 * @kde_len: Length of KDEs 1023 * @ptk: PTK to use for keyed hash and encryption 1024 * Returns: 0 on success, -1 on failure 1025 */ 1026int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1027 const struct wpa_eapol_key *key, 1028 u16 ver, u16 key_info, 1029 const u8 *kde, size_t kde_len, 1030 struct wpa_ptk *ptk) 1031{ 1032 size_t rlen; 1033 struct wpa_eapol_key *reply; 1034 u8 *rbuf; 1035 1036 if (kde) 1037 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len); 1038 1039 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1040 sizeof(*reply) + kde_len, 1041 &rlen, (void *) &reply); 1042 if (rbuf == NULL) 1043 return -1; 1044 1045 reply->type = sm->proto == WPA_PROTO_RSN ? 1046 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1047 key_info &= WPA_KEY_INFO_SECURE; 1048 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1049 WPA_PUT_BE16(reply->key_info, key_info); 1050 if (sm->proto == WPA_PROTO_RSN) 1051 WPA_PUT_BE16(reply->key_length, 0); 1052 else 1053 os_memcpy(reply->key_length, key->key_length, 2); 1054 os_memcpy(reply->replay_counter, key->replay_counter, 1055 WPA_REPLAY_COUNTER_LEN); 1056 1057 WPA_PUT_BE16(reply->key_data_length, kde_len); 1058 if (kde) 1059 os_memcpy(reply + 1, kde, kde_len); 1060 1061 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1062 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 1063 rbuf, rlen, reply->key_mic); 1064 1065 return 0; 1066} 1067 1068 1069static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1070 const struct wpa_eapol_key *key, 1071 u16 ver) 1072{ 1073 u16 key_info, keylen, len; 1074 const u8 *pos; 1075 struct wpa_eapol_ie_parse ie; 1076 1077 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1078 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1079 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1080 1081 key_info = WPA_GET_BE16(key->key_info); 1082 1083 pos = (const u8 *) (key + 1); 1084 len = WPA_GET_BE16(key->key_data_length); 1085 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len); 1086 wpa_supplicant_parse_ies(pos, len, &ie); 1087 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1088 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1089 "WPA: GTK IE in unencrypted key data"); 1090 goto failed; 1091 } 1092#ifdef CONFIG_IEEE80211W 1093 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1094 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1095 "WPA: IGTK KDE in unencrypted key data"); 1096 goto failed; 1097 } 1098 1099 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) { 1100 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1101 "WPA: Invalid IGTK KDE length %lu", 1102 (unsigned long) ie.igtk_len); 1103 goto failed; 1104 } 1105#endif /* CONFIG_IEEE80211W */ 1106 1107 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1108 goto failed; 1109 1110 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1111 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1112 "WPA: ANonce from message 1 of 4-Way Handshake " 1113 "differs from 3 of 4-Way Handshake - drop packet (src=" 1114 MACSTR ")", MAC2STR(sm->bssid)); 1115 goto failed; 1116 } 1117 1118 keylen = WPA_GET_BE16(key->key_length); 1119 switch (sm->pairwise_cipher) { 1120 case WPA_CIPHER_CCMP: 1121 if (keylen != 16) { 1122 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1123 "WPA: Invalid CCMP key length %d (src=" MACSTR 1124 ")", keylen, MAC2STR(sm->bssid)); 1125 goto failed; 1126 } 1127 break; 1128 case WPA_CIPHER_TKIP: 1129 if (keylen != 32) { 1130 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1131 "WPA: Invalid TKIP key length %d (src=" MACSTR 1132 ")", keylen, MAC2STR(sm->bssid)); 1133 goto failed; 1134 } 1135 break; 1136 } 1137 1138 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1139 NULL, 0, &sm->ptk)) { 1140 goto failed; 1141 } 1142 1143 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1144 * for the next 4-Way Handshake. If msg 3 is received again, the old 1145 * SNonce will still be used to avoid changing PTK. */ 1146 sm->renew_snonce = 1; 1147 1148 if (key_info & WPA_KEY_INFO_INSTALL) { 1149 if (wpa_supplicant_install_ptk(sm, key)) 1150 goto failed; 1151 } 1152 1153 if (key_info & WPA_KEY_INFO_SECURE) { 1154 wpa_sm_mlme_setprotection( 1155 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1156 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1157 eapol_sm_notify_portValid(sm->eapol, TRUE); 1158 } 1159 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1160 1161 if (ie.gtk && 1162 wpa_supplicant_pairwise_gtk(sm, key, 1163 ie.gtk, ie.gtk_len, key_info) < 0) { 1164 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1165 "RSN: Failed to configure GTK"); 1166 goto failed; 1167 } 1168 1169 if (ieee80211w_set_keys(sm, &ie) < 0) { 1170 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1171 "RSN: Failed to configure IGTK"); 1172 goto failed; 1173 } 1174 1175 return; 1176 1177failed: 1178 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1179} 1180 1181 1182static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1183 const u8 *keydata, 1184 size_t keydatalen, 1185 u16 key_info, 1186 struct wpa_gtk_data *gd) 1187{ 1188 int maxkeylen; 1189 struct wpa_eapol_ie_parse ie; 1190 1191 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1192 wpa_supplicant_parse_ies(keydata, keydatalen, &ie); 1193 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1194 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1195 "WPA: GTK IE in unencrypted key data"); 1196 return -1; 1197 } 1198 if (ie.gtk == NULL) { 1199 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1200 "WPA: No GTK IE in Group Key msg 1/2"); 1201 return -1; 1202 } 1203 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1204 1205 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1206 gd->gtk_len, maxkeylen, 1207 &gd->key_rsc_len, &gd->alg)) 1208 return -1; 1209 1210 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake", 1211 ie.gtk, ie.gtk_len); 1212 gd->keyidx = ie.gtk[0] & 0x3; 1213 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1214 !!(ie.gtk[0] & BIT(2))); 1215 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1216 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1217 "RSN: Too long GTK in GTK IE (len=%lu)", 1218 (unsigned long) ie.gtk_len - 2); 1219 return -1; 1220 } 1221 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1222 1223 if (ieee80211w_set_keys(sm, &ie) < 0) 1224 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1225 "RSN: Failed to configure IGTK"); 1226 1227 return 0; 1228} 1229 1230 1231static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1232 const struct wpa_eapol_key *key, 1233 size_t keydatalen, int key_info, 1234 size_t extra_len, u16 ver, 1235 struct wpa_gtk_data *gd) 1236{ 1237 size_t maxkeylen; 1238 u8 ek[32]; 1239 1240 gd->gtk_len = WPA_GET_BE16(key->key_length); 1241 maxkeylen = keydatalen; 1242 if (keydatalen > extra_len) { 1243 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1244 "WPA: Truncated EAPOL-Key packet: " 1245 "key_data_length=%lu > extra_len=%lu", 1246 (unsigned long) keydatalen, (unsigned long) extra_len); 1247 return -1; 1248 } 1249 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1250 if (maxkeylen < 8) { 1251 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1252 "WPA: Too short maxkeylen (%lu)", 1253 (unsigned long) maxkeylen); 1254 return -1; 1255 } 1256 maxkeylen -= 8; 1257 } 1258 1259 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1260 gd->gtk_len, maxkeylen, 1261 &gd->key_rsc_len, &gd->alg)) 1262 return -1; 1263 1264 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1265 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1266 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1267 os_memcpy(ek, key->key_iv, 16); 1268 os_memcpy(ek + 16, sm->ptk.kek, 16); 1269 if (keydatalen > sizeof(gd->gtk)) { 1270 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1271 "WPA: RC4 key data too long (%lu)", 1272 (unsigned long) keydatalen); 1273 return -1; 1274 } 1275 os_memcpy(gd->gtk, key + 1, keydatalen); 1276 if (rc4_skip(ek, 32, 256, gd->gtk, keydatalen)) { 1277 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1278 "WPA: RC4 failed"); 1279 return -1; 1280 } 1281 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1282 if (keydatalen % 8) { 1283 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1284 "WPA: Unsupported AES-WRAP len %lu", 1285 (unsigned long) keydatalen); 1286 return -1; 1287 } 1288 if (maxkeylen > sizeof(gd->gtk)) { 1289 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1290 "WPA: AES-WRAP key data " 1291 "too long (keydatalen=%lu maxkeylen=%lu)", 1292 (unsigned long) keydatalen, 1293 (unsigned long) maxkeylen); 1294 return -1; 1295 } 1296 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8, 1297 (const u8 *) (key + 1), gd->gtk)) { 1298 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1299 "WPA: AES unwrap failed - could not decrypt " 1300 "GTK"); 1301 return -1; 1302 } 1303 } else { 1304 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1305 "WPA: Unsupported key_info type %d", ver); 1306 return -1; 1307 } 1308 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1309 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1310 return 0; 1311} 1312 1313 1314static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1315 const struct wpa_eapol_key *key, 1316 int ver, u16 key_info) 1317{ 1318 size_t rlen; 1319 struct wpa_eapol_key *reply; 1320 u8 *rbuf; 1321 1322 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1323 sizeof(*reply), &rlen, (void *) &reply); 1324 if (rbuf == NULL) 1325 return -1; 1326 1327 reply->type = sm->proto == WPA_PROTO_RSN ? 1328 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1329 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1330 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1331 WPA_PUT_BE16(reply->key_info, key_info); 1332 if (sm->proto == WPA_PROTO_RSN) 1333 WPA_PUT_BE16(reply->key_length, 0); 1334 else 1335 os_memcpy(reply->key_length, key->key_length, 2); 1336 os_memcpy(reply->replay_counter, key->replay_counter, 1337 WPA_REPLAY_COUNTER_LEN); 1338 1339 WPA_PUT_BE16(reply->key_data_length, 0); 1340 1341 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1342 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL, 1343 rbuf, rlen, reply->key_mic); 1344 1345 return 0; 1346} 1347 1348 1349static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1350 const unsigned char *src_addr, 1351 const struct wpa_eapol_key *key, 1352 int extra_len, u16 ver) 1353{ 1354 u16 key_info, keydatalen; 1355 int rekey, ret; 1356 struct wpa_gtk_data gd; 1357 1358 os_memset(&gd, 0, sizeof(gd)); 1359 1360 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1361 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1362 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1363 1364 key_info = WPA_GET_BE16(key->key_info); 1365 keydatalen = WPA_GET_BE16(key->key_data_length); 1366 1367 if (sm->proto == WPA_PROTO_RSN) { 1368 ret = wpa_supplicant_process_1_of_2_rsn(sm, 1369 (const u8 *) (key + 1), 1370 keydatalen, key_info, 1371 &gd); 1372 } else { 1373 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen, 1374 key_info, extra_len, 1375 ver, &gd); 1376 } 1377 1378 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1379 1380 if (ret) 1381 goto failed; 1382 1383 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1384 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1385 goto failed; 1386 1387 if (rekey) { 1388 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1389 "completed with " MACSTR " [GTK=%s]", 1390 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1391 wpa_sm_cancel_auth_timeout(sm); 1392 wpa_sm_set_state(sm, WPA_COMPLETED); 1393 } else { 1394 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1395 key_info & 1396 WPA_KEY_INFO_SECURE); 1397 } 1398 return; 1399 1400failed: 1401 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1402} 1403 1404 1405static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1406 struct wpa_eapol_key *key, 1407 u16 ver, 1408 const u8 *buf, size_t len) 1409{ 1410 u8 mic[16]; 1411 int ok = 0; 1412 1413 os_memcpy(mic, key->key_mic, 16); 1414 if (sm->tptk_set) { 1415 os_memset(key->key_mic, 0, 16); 1416 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len, 1417 key->key_mic); 1418 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1419 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1420 "WPA: Invalid EAPOL-Key MIC " 1421 "when using TPTK - ignoring TPTK"); 1422 } else { 1423 ok = 1; 1424 sm->tptk_set = 0; 1425 sm->ptk_set = 1; 1426 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1427 } 1428 } 1429 1430 if (!ok && sm->ptk_set) { 1431 os_memset(key->key_mic, 0, 16); 1432 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len, 1433 key->key_mic); 1434 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1435 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1436 "WPA: Invalid EAPOL-Key MIC - " 1437 "dropping packet"); 1438 return -1; 1439 } 1440 ok = 1; 1441 } 1442 1443 if (!ok) { 1444 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1445 "WPA: Could not verify EAPOL-Key MIC - " 1446 "dropping packet"); 1447 return -1; 1448 } 1449 1450 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1451 WPA_REPLAY_COUNTER_LEN); 1452 sm->rx_replay_counter_set = 1; 1453 return 0; 1454} 1455 1456 1457/* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1458static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1459 struct wpa_eapol_key *key, u16 ver) 1460{ 1461 u16 keydatalen = WPA_GET_BE16(key->key_data_length); 1462 1463 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1464 (u8 *) (key + 1), keydatalen); 1465 if (!sm->ptk_set) { 1466 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1467 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1468 "Data"); 1469 return -1; 1470 } 1471 1472 /* Decrypt key data here so that this operation does not need 1473 * to be implemented separately for each message type. */ 1474 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1475 u8 ek[32]; 1476 os_memcpy(ek, key->key_iv, 16); 1477 os_memcpy(ek + 16, sm->ptk.kek, 16); 1478 if (rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen)) { 1479 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1480 "WPA: RC4 failed"); 1481 return -1; 1482 } 1483 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1484 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1485 u8 *buf; 1486 if (keydatalen % 8) { 1487 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1488 "WPA: Unsupported AES-WRAP len %d", 1489 keydatalen); 1490 return -1; 1491 } 1492 keydatalen -= 8; /* AES-WRAP adds 8 bytes */ 1493 buf = os_malloc(keydatalen); 1494 if (buf == NULL) { 1495 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1496 "WPA: No memory for AES-UNWRAP buffer"); 1497 return -1; 1498 } 1499 if (aes_unwrap(sm->ptk.kek, keydatalen / 8, 1500 (u8 *) (key + 1), buf)) { 1501 os_free(buf); 1502 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1503 "WPA: AES unwrap failed - " 1504 "could not decrypt EAPOL-Key key data"); 1505 return -1; 1506 } 1507 os_memcpy(key + 1, buf, keydatalen); 1508 os_free(buf); 1509 WPA_PUT_BE16(key->key_data_length, keydatalen); 1510 } else { 1511 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1512 "WPA: Unsupported key_info type %d", ver); 1513 return -1; 1514 } 1515 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1516 (u8 *) (key + 1), keydatalen); 1517 return 0; 1518} 1519 1520 1521/** 1522 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1523 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1524 */ 1525void wpa_sm_aborted_cached(struct wpa_sm *sm) 1526{ 1527 if (sm && sm->cur_pmksa) { 1528 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1529 "RSN: Cancelling PMKSA caching attempt"); 1530 sm->cur_pmksa = NULL; 1531 } 1532} 1533 1534 1535static void wpa_eapol_key_dump(struct wpa_sm *sm, 1536 const struct wpa_eapol_key *key) 1537{ 1538#ifndef CONFIG_NO_STDOUT_DEBUG 1539 u16 key_info = WPA_GET_BE16(key->key_info); 1540 1541 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1542 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1543 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1544 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1545 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1546 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1547 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1548 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1549 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1550 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1551 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1552 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1553 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1554 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1555 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1556 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1557 " key_length=%u key_data_length=%u", 1558 WPA_GET_BE16(key->key_length), 1559 WPA_GET_BE16(key->key_data_length)); 1560 wpa_hexdump(MSG_DEBUG, " replay_counter", 1561 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1562 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1563 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1564 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1565 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1566 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16); 1567#endif /* CONFIG_NO_STDOUT_DEBUG */ 1568} 1569 1570 1571/** 1572 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1573 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1574 * @src_addr: Source MAC address of the EAPOL packet 1575 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1576 * @len: Length of the EAPOL frame 1577 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1578 * 1579 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1580 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1581 * only processing WPA and WPA2 EAPOL-Key frames. 1582 * 1583 * The received EAPOL-Key packets are validated and valid packets are replied 1584 * to. In addition, key material (PTK, GTK) is configured at the end of a 1585 * successful key handshake. 1586 */ 1587int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1588 const u8 *buf, size_t len) 1589{ 1590 size_t plen, data_len, extra_len; 1591 struct ieee802_1x_hdr *hdr; 1592 struct wpa_eapol_key *key; 1593 u16 key_info, ver; 1594 u8 *tmp; 1595 int ret = -1; 1596 struct wpa_peerkey *peerkey = NULL; 1597 1598#ifdef CONFIG_IEEE80211R 1599 sm->ft_completed = 0; 1600#endif /* CONFIG_IEEE80211R */ 1601 1602 if (len < sizeof(*hdr) + sizeof(*key)) { 1603 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1604 "WPA: EAPOL frame too short to be a WPA " 1605 "EAPOL-Key (len %lu, expecting at least %lu)", 1606 (unsigned long) len, 1607 (unsigned long) sizeof(*hdr) + sizeof(*key)); 1608 return 0; 1609 } 1610 1611 tmp = os_malloc(len); 1612 if (tmp == NULL) 1613 return -1; 1614 os_memcpy(tmp, buf, len); 1615 1616 hdr = (struct ieee802_1x_hdr *) tmp; 1617 key = (struct wpa_eapol_key *) (hdr + 1); 1618 plen = be_to_host16(hdr->length); 1619 data_len = plen + sizeof(*hdr); 1620 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1621 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1622 hdr->version, hdr->type, (unsigned long) plen); 1623 1624 if (hdr->version < EAPOL_VERSION) { 1625 /* TODO: backwards compatibility */ 1626 } 1627 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1628 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1629 "WPA: EAPOL frame (type %u) discarded, " 1630 "not a Key frame", hdr->type); 1631 ret = 0; 1632 goto out; 1633 } 1634 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 1635 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1636 "WPA: EAPOL frame payload size %lu " 1637 "invalid (frame size %lu)", 1638 (unsigned long) plen, (unsigned long) len); 1639 ret = 0; 1640 goto out; 1641 } 1642 1643 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1644 { 1645 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1646 "WPA: EAPOL-Key type (%d) unknown, discarded", 1647 key->type); 1648 ret = 0; 1649 goto out; 1650 } 1651 wpa_eapol_key_dump(sm, key); 1652 1653 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1654 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len); 1655 if (data_len < len) { 1656 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1657 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1658 (unsigned long) len - data_len); 1659 } 1660 key_info = WPA_GET_BE16(key->key_info); 1661 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1662 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1663#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1664 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1665#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1666 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1667 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1668 "WPA: Unsupported EAPOL-Key descriptor version %d", 1669 ver); 1670 goto out; 1671 } 1672 1673#ifdef CONFIG_IEEE80211R 1674 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1675 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1676 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1677 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1678 "FT: AP did not use AES-128-CMAC"); 1679 goto out; 1680 } 1681 } else 1682#endif /* CONFIG_IEEE80211R */ 1683#ifdef CONFIG_IEEE80211W 1684 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1685 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1686 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1687 "WPA: AP did not use the " 1688 "negotiated AES-128-CMAC"); 1689 goto out; 1690 } 1691 } else 1692#endif /* CONFIG_IEEE80211W */ 1693 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1694 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1695 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1696 "WPA: CCMP is used, but EAPOL-Key " 1697 "descriptor version (%d) is not 2", ver); 1698 if (sm->group_cipher != WPA_CIPHER_CCMP && 1699 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1700 /* Earlier versions of IEEE 802.11i did not explicitly 1701 * require version 2 descriptor for all EAPOL-Key 1702 * packets, so allow group keys to use version 1 if 1703 * CCMP is not used for them. */ 1704 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1705 "WPA: Backwards compatibility: allow invalid " 1706 "version for non-CCMP group keys"); 1707 } else 1708 goto out; 1709 } 1710 1711#ifdef CONFIG_PEERKEY 1712 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1713 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1714 break; 1715 } 1716 1717 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1718 if (!peerkey->initiator && peerkey->replay_counter_set && 1719 os_memcmp(key->replay_counter, peerkey->replay_counter, 1720 WPA_REPLAY_COUNTER_LEN) <= 0) { 1721 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1722 "RSN: EAPOL-Key Replay Counter did not " 1723 "increase (STK) - dropping packet"); 1724 goto out; 1725 } else if (peerkey->initiator) { 1726 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1727 os_memcpy(_tmp, key->replay_counter, 1728 WPA_REPLAY_COUNTER_LEN); 1729 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1730 if (os_memcmp(_tmp, peerkey->replay_counter, 1731 WPA_REPLAY_COUNTER_LEN) != 0) { 1732 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1733 "RSN: EAPOL-Key Replay " 1734 "Counter did not match (STK) - " 1735 "dropping packet"); 1736 goto out; 1737 } 1738 } 1739 } 1740 1741 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1742 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1743 "RSN: Ack bit in key_info from STK peer"); 1744 goto out; 1745 } 1746#endif /* CONFIG_PEERKEY */ 1747 1748 if (!peerkey && sm->rx_replay_counter_set && 1749 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1750 WPA_REPLAY_COUNTER_LEN) <= 0) { 1751 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1752 "WPA: EAPOL-Key Replay Counter did not increase - " 1753 "dropping packet"); 1754 goto out; 1755 } 1756 1757 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1758#ifdef CONFIG_PEERKEY 1759 && (peerkey == NULL || !peerkey->initiator) 1760#endif /* CONFIG_PEERKEY */ 1761 ) { 1762 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1763 "WPA: No Ack bit in key_info"); 1764 goto out; 1765 } 1766 1767 if (key_info & WPA_KEY_INFO_REQUEST) { 1768 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1769 "WPA: EAPOL-Key with Request bit - dropped"); 1770 goto out; 1771 } 1772 1773 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1774 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) 1775 goto out; 1776 1777#ifdef CONFIG_PEERKEY 1778 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1779 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len)) 1780 goto out; 1781#endif /* CONFIG_PEERKEY */ 1782 1783 extra_len = data_len - sizeof(*hdr) - sizeof(*key); 1784 1785 if (WPA_GET_BE16(key->key_data_length) > extra_len) { 1786 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1787 "frame - key_data overflow (%d > %lu)", 1788 WPA_GET_BE16(key->key_data_length), 1789 (unsigned long) extra_len); 1790 goto out; 1791 } 1792 extra_len = WPA_GET_BE16(key->key_data_length); 1793 1794 if (sm->proto == WPA_PROTO_RSN && 1795 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1796 if (wpa_supplicant_decrypt_key_data(sm, key, ver)) 1797 goto out; 1798 extra_len = WPA_GET_BE16(key->key_data_length); 1799 } 1800 1801 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1802 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1803 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1804 "WPA: Ignored EAPOL-Key (Pairwise) with " 1805 "non-zero key index"); 1806 goto out; 1807 } 1808 if (peerkey) { 1809 /* PeerKey 4-Way Handshake */ 1810 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver); 1811 } else if (key_info & WPA_KEY_INFO_MIC) { 1812 /* 3/4 4-Way Handshake */ 1813 wpa_supplicant_process_3_of_4(sm, key, ver); 1814 } else { 1815 /* 1/4 4-Way Handshake */ 1816 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1817 ver); 1818 } 1819 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1820 /* PeerKey SMK Handshake */ 1821 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info, 1822 ver); 1823 } else { 1824 if (key_info & WPA_KEY_INFO_MIC) { 1825 /* 1/2 Group Key Handshake */ 1826 wpa_supplicant_process_1_of_2(sm, src_addr, key, 1827 extra_len, ver); 1828 } else { 1829 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1830 "WPA: EAPOL-Key (Group) without Mic bit - " 1831 "dropped"); 1832 } 1833 } 1834 1835 ret = 1; 1836 1837out: 1838 os_free(tmp); 1839 return ret; 1840} 1841 1842 1843#ifdef CONFIG_CTRL_IFACE 1844static int wpa_cipher_bits(int cipher) 1845{ 1846 switch (cipher) { 1847 case WPA_CIPHER_CCMP: 1848 return 128; 1849 case WPA_CIPHER_TKIP: 1850 return 256; 1851 case WPA_CIPHER_WEP104: 1852 return 104; 1853 case WPA_CIPHER_WEP40: 1854 return 40; 1855 default: 1856 return 0; 1857 } 1858} 1859 1860 1861static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 1862{ 1863 switch (sm->key_mgmt) { 1864 case WPA_KEY_MGMT_IEEE8021X: 1865 return (sm->proto == WPA_PROTO_RSN ? 1866 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 1867 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 1868 case WPA_KEY_MGMT_PSK: 1869 return (sm->proto == WPA_PROTO_RSN ? 1870 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 1871 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 1872#ifdef CONFIG_IEEE80211R 1873 case WPA_KEY_MGMT_FT_IEEE8021X: 1874 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1875 case WPA_KEY_MGMT_FT_PSK: 1876 return RSN_AUTH_KEY_MGMT_FT_PSK; 1877#endif /* CONFIG_IEEE80211R */ 1878#ifdef CONFIG_IEEE80211W 1879 case WPA_KEY_MGMT_IEEE8021X_SHA256: 1880 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1881 case WPA_KEY_MGMT_PSK_SHA256: 1882 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1883#endif /* CONFIG_IEEE80211W */ 1884 case WPA_KEY_MGMT_WPA_NONE: 1885 return WPA_AUTH_KEY_MGMT_NONE; 1886 default: 1887 return 0; 1888 } 1889} 1890 1891 1892static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher) 1893{ 1894 switch (cipher) { 1895 case WPA_CIPHER_CCMP: 1896 return (sm->proto == WPA_PROTO_RSN ? 1897 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); 1898 case WPA_CIPHER_TKIP: 1899 return (sm->proto == WPA_PROTO_RSN ? 1900 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); 1901 case WPA_CIPHER_WEP104: 1902 return (sm->proto == WPA_PROTO_RSN ? 1903 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); 1904 case WPA_CIPHER_WEP40: 1905 return (sm->proto == WPA_PROTO_RSN ? 1906 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); 1907 case WPA_CIPHER_NONE: 1908 return (sm->proto == WPA_PROTO_RSN ? 1909 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); 1910 default: 1911 return 0; 1912 } 1913} 1914 1915 1916#define RSN_SUITE "%02x-%02x-%02x-%d" 1917#define RSN_SUITE_ARG(s) \ 1918((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 1919 1920/** 1921 * wpa_sm_get_mib - Dump text list of MIB entries 1922 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1923 * @buf: Buffer for the list 1924 * @buflen: Length of the buffer 1925 * Returns: Number of bytes written to buffer 1926 * 1927 * This function is used fetch dot11 MIB variables. 1928 */ 1929int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 1930{ 1931 char pmkid_txt[PMKID_LEN * 2 + 1]; 1932 int rsna, ret; 1933 size_t len; 1934 1935 if (sm->cur_pmksa) { 1936 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 1937 sm->cur_pmksa->pmkid, PMKID_LEN); 1938 } else 1939 pmkid_txt[0] = '\0'; 1940 1941 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 1942 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 1943 sm->proto == WPA_PROTO_RSN) 1944 rsna = 1; 1945 else 1946 rsna = 0; 1947 1948 ret = os_snprintf(buf, buflen, 1949 "dot11RSNAOptionImplemented=TRUE\n" 1950 "dot11RSNAPreauthenticationImplemented=TRUE\n" 1951 "dot11RSNAEnabled=%s\n" 1952 "dot11RSNAPreauthenticationEnabled=%s\n" 1953 "dot11RSNAConfigVersion=%d\n" 1954 "dot11RSNAConfigPairwiseKeysSupported=5\n" 1955 "dot11RSNAConfigGroupCipherSize=%d\n" 1956 "dot11RSNAConfigPMKLifetime=%d\n" 1957 "dot11RSNAConfigPMKReauthThreshold=%d\n" 1958 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 1959 "dot11RSNAConfigSATimeout=%d\n", 1960 rsna ? "TRUE" : "FALSE", 1961 rsna ? "TRUE" : "FALSE", 1962 RSN_VERSION, 1963 wpa_cipher_bits(sm->group_cipher), 1964 sm->dot11RSNAConfigPMKLifetime, 1965 sm->dot11RSNAConfigPMKReauthThreshold, 1966 sm->dot11RSNAConfigSATimeout); 1967 if (ret < 0 || (size_t) ret >= buflen) 1968 return 0; 1969 len = ret; 1970 1971 ret = os_snprintf( 1972 buf + len, buflen - len, 1973 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 1974 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 1975 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 1976 "dot11RSNAPMKIDUsed=%s\n" 1977 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 1978 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 1979 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 1980 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 1981 "dot11RSNA4WayHandshakeFailures=%u\n", 1982 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1983 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1984 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1985 pmkid_txt, 1986 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1987 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1988 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1989 sm->dot11RSNA4WayHandshakeFailures); 1990 if (ret >= 0 && (size_t) ret < buflen) 1991 len += ret; 1992 1993 return (int) len; 1994} 1995#endif /* CONFIG_CTRL_IFACE */ 1996 1997 1998static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 1999 void *ctx, int replace) 2000{ 2001 struct wpa_sm *sm = ctx; 2002 2003 if (sm->cur_pmksa == entry || 2004 (sm->pmk_len == entry->pmk_len && 2005 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2006 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2007 "RSN: removed current PMKSA entry"); 2008 sm->cur_pmksa = NULL; 2009 2010 if (replace) { 2011 /* A new entry is being added, so no need to 2012 * deauthenticate in this case. This happens when EAP 2013 * authentication is completed again (reauth or failed 2014 * PMKSA caching attempt). */ 2015 return; 2016 } 2017 2018 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2019 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2020 } 2021} 2022 2023 2024/** 2025 * wpa_sm_init - Initialize WPA state machine 2026 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2027 * Returns: Pointer to the allocated WPA state machine data 2028 * 2029 * This function is used to allocate a new WPA state machine and the returned 2030 * value is passed to all WPA state machine calls. 2031 */ 2032struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2033{ 2034 struct wpa_sm *sm; 2035 2036 sm = os_zalloc(sizeof(*sm)); 2037 if (sm == NULL) 2038 return NULL; 2039 dl_list_init(&sm->pmksa_candidates); 2040 sm->renew_snonce = 1; 2041 sm->ctx = ctx; 2042 2043 sm->dot11RSNAConfigPMKLifetime = 43200; 2044 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2045 sm->dot11RSNAConfigSATimeout = 60; 2046 2047 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2048 if (sm->pmksa == NULL) { 2049 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2050 "RSN: PMKSA cache initialization failed"); 2051 os_free(sm); 2052 return NULL; 2053 } 2054 2055 return sm; 2056} 2057 2058 2059/** 2060 * wpa_sm_deinit - Deinitialize WPA state machine 2061 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2062 */ 2063void wpa_sm_deinit(struct wpa_sm *sm) 2064{ 2065 if (sm == NULL) 2066 return; 2067 pmksa_cache_deinit(sm->pmksa); 2068 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2069 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2070 os_free(sm->assoc_wpa_ie); 2071 os_free(sm->ap_wpa_ie); 2072 os_free(sm->ap_rsn_ie); 2073 os_free(sm->ctx); 2074 peerkey_deinit(sm); 2075#ifdef CONFIG_IEEE80211R 2076 os_free(sm->assoc_resp_ies); 2077#endif /* CONFIG_IEEE80211R */ 2078 os_free(sm); 2079} 2080 2081 2082/** 2083 * wpa_sm_notify_assoc - Notify WPA state machine about association 2084 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2085 * @bssid: The BSSID of the new association 2086 * 2087 * This function is called to let WPA state machine know that the connection 2088 * was established. 2089 */ 2090void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2091{ 2092 int clear_ptk = 1; 2093 2094 if (sm == NULL) 2095 return; 2096 2097 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2098 "WPA: Association event - clear replay counter"); 2099 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2100 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2101 sm->rx_replay_counter_set = 0; 2102 sm->renew_snonce = 1; 2103 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2104 rsn_preauth_deinit(sm); 2105 2106#ifdef CONFIG_IEEE80211R 2107 if (wpa_ft_is_completed(sm)) { 2108 /* 2109 * Clear portValid to kick EAPOL state machine to re-enter 2110 * AUTHENTICATED state to get the EAPOL port Authorized. 2111 */ 2112 eapol_sm_notify_portValid(sm->eapol, FALSE); 2113 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2114 2115 /* Prepare for the next transition */ 2116 wpa_ft_prepare_auth_request(sm, NULL); 2117 2118 clear_ptk = 0; 2119 } 2120#endif /* CONFIG_IEEE80211R */ 2121 2122 if (clear_ptk) { 2123 /* 2124 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2125 * this is not part of a Fast BSS Transition. 2126 */ 2127 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2128 sm->ptk_set = 0; 2129 sm->tptk_set = 0; 2130 } 2131 2132#ifdef CONFIG_TDLS 2133 wpa_tdls_assoc(sm); 2134#endif /* CONFIG_TDLS */ 2135} 2136 2137 2138/** 2139 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2140 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2141 * 2142 * This function is called to let WPA state machine know that the connection 2143 * was lost. This will abort any existing pre-authentication session. 2144 */ 2145void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2146{ 2147 rsn_preauth_deinit(sm); 2148 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2149 sm->dot11RSNA4WayHandshakeFailures++; 2150#ifdef CONFIG_TDLS 2151 wpa_tdls_disassoc(sm); 2152#endif /* CONFIG_TDLS */ 2153} 2154 2155 2156/** 2157 * wpa_sm_set_pmk - Set PMK 2158 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2159 * @pmk: The new PMK 2160 * @pmk_len: The length of the new PMK in bytes 2161 * 2162 * Configure the PMK for WPA state machine. 2163 */ 2164void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len) 2165{ 2166 if (sm == NULL) 2167 return; 2168 2169 sm->pmk_len = pmk_len; 2170 os_memcpy(sm->pmk, pmk, pmk_len); 2171 2172#ifdef CONFIG_IEEE80211R 2173 /* Set XXKey to be PSK for FT key derivation */ 2174 sm->xxkey_len = pmk_len; 2175 os_memcpy(sm->xxkey, pmk, pmk_len); 2176#endif /* CONFIG_IEEE80211R */ 2177} 2178 2179 2180/** 2181 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2182 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2183 * 2184 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2185 * will be cleared. 2186 */ 2187void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2188{ 2189 if (sm == NULL) 2190 return; 2191 2192 if (sm->cur_pmksa) { 2193 sm->pmk_len = sm->cur_pmksa->pmk_len; 2194 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2195 } else { 2196 sm->pmk_len = PMK_LEN; 2197 os_memset(sm->pmk, 0, PMK_LEN); 2198 } 2199} 2200 2201 2202/** 2203 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2204 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2205 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2206 */ 2207void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2208{ 2209 if (sm) 2210 sm->fast_reauth = fast_reauth; 2211} 2212 2213 2214/** 2215 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2216 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2217 * @scard_ctx: Context pointer for smartcard related callback functions 2218 */ 2219void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2220{ 2221 if (sm == NULL) 2222 return; 2223 sm->scard_ctx = scard_ctx; 2224 if (sm->preauth_eapol) 2225 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2226} 2227 2228 2229/** 2230 * wpa_sm_set_config - Notification of current configration change 2231 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2232 * @config: Pointer to current network configuration 2233 * 2234 * Notify WPA state machine that configuration has changed. config will be 2235 * stored as a backpointer to network configuration. This can be %NULL to clear 2236 * the stored pointed. 2237 */ 2238void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2239{ 2240 if (!sm) 2241 return; 2242 2243 if (config) { 2244 sm->network_ctx = config->network_ctx; 2245 sm->peerkey_enabled = config->peerkey_enabled; 2246 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2247 sm->proactive_key_caching = config->proactive_key_caching; 2248 sm->eap_workaround = config->eap_workaround; 2249 sm->eap_conf_ctx = config->eap_conf_ctx; 2250 if (config->ssid) { 2251 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2252 sm->ssid_len = config->ssid_len; 2253 } else 2254 sm->ssid_len = 0; 2255 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2256 } else { 2257 sm->network_ctx = NULL; 2258 sm->peerkey_enabled = 0; 2259 sm->allowed_pairwise_cipher = 0; 2260 sm->proactive_key_caching = 0; 2261 sm->eap_workaround = 0; 2262 sm->eap_conf_ctx = NULL; 2263 sm->ssid_len = 0; 2264 sm->wpa_ptk_rekey = 0; 2265 } 2266 if (config == NULL || config->network_ctx != sm->network_ctx) 2267 pmksa_cache_notify_reconfig(sm->pmksa); 2268} 2269 2270 2271/** 2272 * wpa_sm_set_own_addr - Set own MAC address 2273 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2274 * @addr: Own MAC address 2275 */ 2276void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2277{ 2278 if (sm) 2279 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2280} 2281 2282 2283/** 2284 * wpa_sm_set_ifname - Set network interface name 2285 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2286 * @ifname: Interface name 2287 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2288 */ 2289void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2290 const char *bridge_ifname) 2291{ 2292 if (sm) { 2293 sm->ifname = ifname; 2294 sm->bridge_ifname = bridge_ifname; 2295 } 2296} 2297 2298 2299/** 2300 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2301 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2302 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2303 */ 2304void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2305{ 2306 if (sm) 2307 sm->eapol = eapol; 2308} 2309 2310 2311/** 2312 * wpa_sm_set_param - Set WPA state machine parameters 2313 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2314 * @param: Parameter field 2315 * @value: Parameter value 2316 * Returns: 0 on success, -1 on failure 2317 */ 2318int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2319 unsigned int value) 2320{ 2321 int ret = 0; 2322 2323 if (sm == NULL) 2324 return -1; 2325 2326 switch (param) { 2327 case RSNA_PMK_LIFETIME: 2328 if (value > 0) 2329 sm->dot11RSNAConfigPMKLifetime = value; 2330 else 2331 ret = -1; 2332 break; 2333 case RSNA_PMK_REAUTH_THRESHOLD: 2334 if (value > 0 && value <= 100) 2335 sm->dot11RSNAConfigPMKReauthThreshold = value; 2336 else 2337 ret = -1; 2338 break; 2339 case RSNA_SA_TIMEOUT: 2340 if (value > 0) 2341 sm->dot11RSNAConfigSATimeout = value; 2342 else 2343 ret = -1; 2344 break; 2345 case WPA_PARAM_PROTO: 2346 sm->proto = value; 2347 break; 2348 case WPA_PARAM_PAIRWISE: 2349 sm->pairwise_cipher = value; 2350 break; 2351 case WPA_PARAM_GROUP: 2352 sm->group_cipher = value; 2353 break; 2354 case WPA_PARAM_KEY_MGMT: 2355 sm->key_mgmt = value; 2356 break; 2357#ifdef CONFIG_IEEE80211W 2358 case WPA_PARAM_MGMT_GROUP: 2359 sm->mgmt_group_cipher = value; 2360 break; 2361#endif /* CONFIG_IEEE80211W */ 2362 case WPA_PARAM_RSN_ENABLED: 2363 sm->rsn_enabled = value; 2364 break; 2365 case WPA_PARAM_MFP: 2366 sm->mfp = value; 2367 break; 2368 default: 2369 break; 2370 } 2371 2372 return ret; 2373} 2374 2375 2376/** 2377 * wpa_sm_get_param - Get WPA state machine parameters 2378 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2379 * @param: Parameter field 2380 * Returns: Parameter value 2381 */ 2382unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param) 2383{ 2384 if (sm == NULL) 2385 return 0; 2386 2387 switch (param) { 2388 case RSNA_PMK_LIFETIME: 2389 return sm->dot11RSNAConfigPMKLifetime; 2390 case RSNA_PMK_REAUTH_THRESHOLD: 2391 return sm->dot11RSNAConfigPMKReauthThreshold; 2392 case RSNA_SA_TIMEOUT: 2393 return sm->dot11RSNAConfigSATimeout; 2394 case WPA_PARAM_PROTO: 2395 return sm->proto; 2396 case WPA_PARAM_PAIRWISE: 2397 return sm->pairwise_cipher; 2398 case WPA_PARAM_GROUP: 2399 return sm->group_cipher; 2400 case WPA_PARAM_KEY_MGMT: 2401 return sm->key_mgmt; 2402#ifdef CONFIG_IEEE80211W 2403 case WPA_PARAM_MGMT_GROUP: 2404 return sm->mgmt_group_cipher; 2405#endif /* CONFIG_IEEE80211W */ 2406 case WPA_PARAM_RSN_ENABLED: 2407 return sm->rsn_enabled; 2408 default: 2409 return 0; 2410 } 2411} 2412 2413 2414/** 2415 * wpa_sm_get_status - Get WPA state machine 2416 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2417 * @buf: Buffer for status information 2418 * @buflen: Maximum buffer length 2419 * @verbose: Whether to include verbose status information 2420 * Returns: Number of bytes written to buf. 2421 * 2422 * Query WPA state machine for status information. This function fills in 2423 * a text area with current status information. If the buffer (buf) is not 2424 * large enough, status information will be truncated to fit the buffer. 2425 */ 2426int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2427 int verbose) 2428{ 2429 char *pos = buf, *end = buf + buflen; 2430 int ret; 2431 2432 ret = os_snprintf(pos, end - pos, 2433 "pairwise_cipher=%s\n" 2434 "group_cipher=%s\n" 2435 "key_mgmt=%s\n", 2436 wpa_cipher_txt(sm->pairwise_cipher), 2437 wpa_cipher_txt(sm->group_cipher), 2438 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2439 if (ret < 0 || ret >= end - pos) 2440 return pos - buf; 2441 pos += ret; 2442 return pos - buf; 2443} 2444 2445 2446/** 2447 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2448 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2449 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2450 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2451 * Returns: 0 on success, -1 on failure 2452 */ 2453int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2454 size_t *wpa_ie_len) 2455{ 2456 int res; 2457 2458 if (sm == NULL) 2459 return -1; 2460 2461 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2462 if (res < 0) 2463 return -1; 2464 *wpa_ie_len = res; 2465 2466 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2467 wpa_ie, *wpa_ie_len); 2468 2469 if (sm->assoc_wpa_ie == NULL) { 2470 /* 2471 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2472 * the correct version of the IE even if PMKSA caching is 2473 * aborted (which would remove PMKID from IE generation). 2474 */ 2475 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2476 if (sm->assoc_wpa_ie == NULL) 2477 return -1; 2478 2479 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2480 sm->assoc_wpa_ie_len = *wpa_ie_len; 2481 } 2482 2483 return 0; 2484} 2485 2486 2487/** 2488 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2489 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2490 * @ie: Pointer to IE data (starting from id) 2491 * @len: IE length 2492 * Returns: 0 on success, -1 on failure 2493 * 2494 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2495 * Request frame. The IE will be used to override the default value generated 2496 * with wpa_sm_set_assoc_wpa_ie_default(). 2497 */ 2498int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2499{ 2500 if (sm == NULL) 2501 return -1; 2502 2503 os_free(sm->assoc_wpa_ie); 2504 if (ie == NULL || len == 0) { 2505 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2506 "WPA: clearing own WPA/RSN IE"); 2507 sm->assoc_wpa_ie = NULL; 2508 sm->assoc_wpa_ie_len = 0; 2509 } else { 2510 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2511 sm->assoc_wpa_ie = os_malloc(len); 2512 if (sm->assoc_wpa_ie == NULL) 2513 return -1; 2514 2515 os_memcpy(sm->assoc_wpa_ie, ie, len); 2516 sm->assoc_wpa_ie_len = len; 2517 } 2518 2519 return 0; 2520} 2521 2522 2523/** 2524 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2525 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2526 * @ie: Pointer to IE data (starting from id) 2527 * @len: IE length 2528 * Returns: 0 on success, -1 on failure 2529 * 2530 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2531 * frame. 2532 */ 2533int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2534{ 2535 if (sm == NULL) 2536 return -1; 2537 2538 os_free(sm->ap_wpa_ie); 2539 if (ie == NULL || len == 0) { 2540 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2541 "WPA: clearing AP WPA IE"); 2542 sm->ap_wpa_ie = NULL; 2543 sm->ap_wpa_ie_len = 0; 2544 } else { 2545 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2546 sm->ap_wpa_ie = os_malloc(len); 2547 if (sm->ap_wpa_ie == NULL) 2548 return -1; 2549 2550 os_memcpy(sm->ap_wpa_ie, ie, len); 2551 sm->ap_wpa_ie_len = len; 2552 } 2553 2554 return 0; 2555} 2556 2557 2558/** 2559 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2560 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2561 * @ie: Pointer to IE data (starting from id) 2562 * @len: IE length 2563 * Returns: 0 on success, -1 on failure 2564 * 2565 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2566 * frame. 2567 */ 2568int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2569{ 2570 if (sm == NULL) 2571 return -1; 2572 2573 os_free(sm->ap_rsn_ie); 2574 if (ie == NULL || len == 0) { 2575 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2576 "WPA: clearing AP RSN IE"); 2577 sm->ap_rsn_ie = NULL; 2578 sm->ap_rsn_ie_len = 0; 2579 } else { 2580 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2581 sm->ap_rsn_ie = os_malloc(len); 2582 if (sm->ap_rsn_ie == NULL) 2583 return -1; 2584 2585 os_memcpy(sm->ap_rsn_ie, ie, len); 2586 sm->ap_rsn_ie_len = len; 2587 } 2588 2589 return 0; 2590} 2591 2592 2593/** 2594 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2595 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2596 * @data: Pointer to data area for parsing results 2597 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2598 * 2599 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2600 * parsed data into data. 2601 */ 2602int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2603{ 2604 if (sm == NULL) 2605 return -1; 2606 2607 if (sm->assoc_wpa_ie == NULL) { 2608 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2609 "WPA: No WPA/RSN IE available from association info"); 2610 return -1; 2611 } 2612 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2613 return -2; 2614 return 0; 2615} 2616 2617 2618int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2619{ 2620#ifndef CONFIG_NO_WPA2 2621 return pmksa_cache_list(sm->pmksa, buf, len); 2622#else /* CONFIG_NO_WPA2 */ 2623 return -1; 2624#endif /* CONFIG_NO_WPA2 */ 2625} 2626 2627 2628void wpa_sm_drop_sa(struct wpa_sm *sm) 2629{ 2630 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2631 sm->ptk_set = 0; 2632 sm->tptk_set = 0; 2633 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2634 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2635 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2636} 2637 2638 2639int wpa_sm_has_ptk(struct wpa_sm *sm) 2640{ 2641 if (sm == NULL) 2642 return 0; 2643 return sm->ptk_set; 2644} 2645