wpa_auth.c revision d80a401aed31d06f261efd19223cf55d1a2a8228
1/* 2 * IEEE 802.11 RSN / WPA Authenticator 3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "utils/eloop.h" 13#include "utils/state_machine.h" 14#include "utils/bitfield.h" 15#include "common/ieee802_11_defs.h" 16#include "crypto/aes_wrap.h" 17#include "crypto/crypto.h" 18#include "crypto/sha1.h" 19#include "crypto/sha256.h" 20#include "crypto/random.h" 21#include "eapol_auth/eapol_auth_sm.h" 22#include "ap_config.h" 23#include "ieee802_11.h" 24#include "wpa_auth.h" 25#include "pmksa_cache_auth.h" 26#include "wpa_auth_i.h" 27#include "wpa_auth_ie.h" 28 29#define STATE_MACHINE_DATA struct wpa_state_machine 30#define STATE_MACHINE_DEBUG_PREFIX "WPA" 31#define STATE_MACHINE_ADDR sm->addr 32 33 34static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); 35static int wpa_sm_step(struct wpa_state_machine *sm); 36static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, 37 size_t data_len); 38static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); 39static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 40 struct wpa_group *group); 41static void wpa_request_new_ptk(struct wpa_state_machine *sm); 42static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 43 struct wpa_group *group); 44static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, 45 struct wpa_group *group); 46static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, 47 const u8 *pmk, unsigned int pmk_len, 48 struct wpa_ptk *ptk); 49static void wpa_group_free(struct wpa_authenticator *wpa_auth, 50 struct wpa_group *group); 51static void wpa_group_get(struct wpa_authenticator *wpa_auth, 52 struct wpa_group *group); 53static void wpa_group_put(struct wpa_authenticator *wpa_auth, 54 struct wpa_group *group); 55 56static const u32 dot11RSNAConfigGroupUpdateCount = 4; 57static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; 58static const u32 eapol_key_timeout_first = 100; /* ms */ 59static const u32 eapol_key_timeout_subseq = 1000; /* ms */ 60static const u32 eapol_key_timeout_first_group = 500; /* ms */ 61 62/* TODO: make these configurable */ 63static const int dot11RSNAConfigPMKLifetime = 43200; 64static const int dot11RSNAConfigPMKReauthThreshold = 70; 65static const int dot11RSNAConfigSATimeout = 60; 66 67 68static inline int wpa_auth_mic_failure_report( 69 struct wpa_authenticator *wpa_auth, const u8 *addr) 70{ 71 if (wpa_auth->cb.mic_failure_report) 72 return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); 73 return 0; 74} 75 76 77static inline void wpa_auth_psk_failure_report( 78 struct wpa_authenticator *wpa_auth, const u8 *addr) 79{ 80 if (wpa_auth->cb.psk_failure_report) 81 wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr); 82} 83 84 85static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, 86 const u8 *addr, wpa_eapol_variable var, 87 int value) 88{ 89 if (wpa_auth->cb.set_eapol) 90 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); 91} 92 93 94static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, 95 const u8 *addr, wpa_eapol_variable var) 96{ 97 if (wpa_auth->cb.get_eapol == NULL) 98 return -1; 99 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); 100} 101 102 103static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, 104 const u8 *addr, 105 const u8 *p2p_dev_addr, 106 const u8 *prev_psk) 107{ 108 if (wpa_auth->cb.get_psk == NULL) 109 return NULL; 110 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr, 111 prev_psk); 112} 113 114 115static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth, 116 const u8 *addr, u8 *msk, size_t *len) 117{ 118 if (wpa_auth->cb.get_msk == NULL) 119 return -1; 120 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len); 121} 122 123 124static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, 125 int vlan_id, 126 enum wpa_alg alg, const u8 *addr, int idx, 127 u8 *key, size_t key_len) 128{ 129 if (wpa_auth->cb.set_key == NULL) 130 return -1; 131 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, 132 key, key_len); 133} 134 135 136static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, 137 const u8 *addr, int idx, u8 *seq) 138{ 139 if (wpa_auth->cb.get_seqnum == NULL) 140 return -1; 141 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); 142} 143 144 145static inline int 146wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, 147 const u8 *data, size_t data_len, int encrypt) 148{ 149 if (wpa_auth->cb.send_eapol == NULL) 150 return -1; 151 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, 152 encrypt); 153} 154 155 156#ifdef CONFIG_MESH 157static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth, 158 const u8 *addr) 159{ 160 if (wpa_auth->cb.start_ampe == NULL) 161 return -1; 162 return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr); 163} 164#endif /* CONFIG_MESH */ 165 166 167int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, 168 int (*cb)(struct wpa_state_machine *sm, void *ctx), 169 void *cb_ctx) 170{ 171 if (wpa_auth->cb.for_each_sta == NULL) 172 return 0; 173 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); 174} 175 176 177int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, 178 int (*cb)(struct wpa_authenticator *a, void *ctx), 179 void *cb_ctx) 180{ 181 if (wpa_auth->cb.for_each_auth == NULL) 182 return 0; 183 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx); 184} 185 186 187void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, 188 logger_level level, const char *txt) 189{ 190 if (wpa_auth->cb.logger == NULL) 191 return; 192 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); 193} 194 195 196void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, 197 logger_level level, const char *fmt, ...) 198{ 199 char *format; 200 int maxlen; 201 va_list ap; 202 203 if (wpa_auth->cb.logger == NULL) 204 return; 205 206 maxlen = os_strlen(fmt) + 100; 207 format = os_malloc(maxlen); 208 if (!format) 209 return; 210 211 va_start(ap, fmt); 212 vsnprintf(format, maxlen, fmt, ap); 213 va_end(ap); 214 215 wpa_auth_logger(wpa_auth, addr, level, format); 216 217 os_free(format); 218} 219 220 221static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, 222 const u8 *addr) 223{ 224 if (wpa_auth->cb.disconnect == NULL) 225 return; 226 wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr)); 227 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, 228 WLAN_REASON_PREV_AUTH_NOT_VALID); 229} 230 231 232static int wpa_use_aes_cmac(struct wpa_state_machine *sm) 233{ 234 int ret = 0; 235#ifdef CONFIG_IEEE80211R 236 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 237 ret = 1; 238#endif /* CONFIG_IEEE80211R */ 239#ifdef CONFIG_IEEE80211W 240 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) 241 ret = 1; 242#endif /* CONFIG_IEEE80211W */ 243 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) 244 ret = 1; 245 return ret; 246} 247 248 249static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) 250{ 251 struct wpa_authenticator *wpa_auth = eloop_ctx; 252 253 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { 254 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 255 "initialization."); 256 } else { 257 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); 258 wpa_hexdump_key(MSG_DEBUG, "GMK", 259 wpa_auth->group->GMK, WPA_GMK_LEN); 260 } 261 262 if (wpa_auth->conf.wpa_gmk_rekey) { 263 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 264 wpa_rekey_gmk, wpa_auth, NULL); 265 } 266} 267 268 269static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) 270{ 271 struct wpa_authenticator *wpa_auth = eloop_ctx; 272 struct wpa_group *group, *next; 273 274 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); 275 group = wpa_auth->group; 276 while (group) { 277 wpa_group_get(wpa_auth, group); 278 279 group->GTKReKey = TRUE; 280 do { 281 group->changed = FALSE; 282 wpa_group_sm_step(wpa_auth, group); 283 } while (group->changed); 284 285 next = group->next; 286 wpa_group_put(wpa_auth, group); 287 group = next; 288 } 289 290 if (wpa_auth->conf.wpa_group_rekey) { 291 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 292 0, wpa_rekey_gtk, wpa_auth, NULL); 293 } 294} 295 296 297static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 298{ 299 struct wpa_authenticator *wpa_auth = eloop_ctx; 300 struct wpa_state_machine *sm = timeout_ctx; 301 302 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); 303 wpa_request_new_ptk(sm); 304 wpa_sm_step(sm); 305} 306 307 308static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) 309{ 310 if (sm->pmksa == ctx) 311 sm->pmksa = NULL; 312 return 0; 313} 314 315 316static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 317 void *ctx) 318{ 319 struct wpa_authenticator *wpa_auth = ctx; 320 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); 321} 322 323 324static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, 325 struct wpa_group *group) 326{ 327 u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)]; 328 u8 rkey[32]; 329 unsigned long ptr; 330 331 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0) 332 return -1; 333 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); 334 335 /* 336 * Counter = PRF-256(Random number, "Init Counter", 337 * Local MAC Address || Time) 338 */ 339 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); 340 wpa_get_ntp_timestamp(buf + ETH_ALEN); 341 ptr = (unsigned long) group; 342 os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr)); 343 if (random_get_bytes(rkey, sizeof(rkey)) < 0) 344 return -1; 345 346 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), 347 group->Counter, WPA_NONCE_LEN) < 0) 348 return -1; 349 wpa_hexdump_key(MSG_DEBUG, "Key Counter", 350 group->Counter, WPA_NONCE_LEN); 351 352 return 0; 353} 354 355 356static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, 357 int vlan_id, int delay_init) 358{ 359 struct wpa_group *group; 360 361 group = os_zalloc(sizeof(struct wpa_group)); 362 if (group == NULL) 363 return NULL; 364 365 group->GTKAuthenticator = TRUE; 366 group->vlan_id = vlan_id; 367 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); 368 369 if (random_pool_ready() != 1) { 370 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " 371 "for secure operations - update keys later when " 372 "the first station connects"); 373 } 374 375 /* 376 * Set initial GMK/Counter value here. The actual values that will be 377 * used in negotiations will be set once the first station tries to 378 * connect. This allows more time for collecting additional randomness 379 * on embedded devices. 380 */ 381 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) { 382 wpa_printf(MSG_ERROR, "Failed to get random data for WPA " 383 "initialization."); 384 os_free(group); 385 return NULL; 386 } 387 388 group->GInit = TRUE; 389 if (delay_init) { 390 wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start " 391 "until Beacon frames have been configured"); 392 /* Initialization is completed in wpa_init_keys(). */ 393 } else { 394 wpa_group_sm_step(wpa_auth, group); 395 group->GInit = FALSE; 396 wpa_group_sm_step(wpa_auth, group); 397 } 398 399 return group; 400} 401 402 403/** 404 * wpa_init - Initialize WPA authenticator 405 * @addr: Authenticator address 406 * @conf: Configuration for WPA authenticator 407 * @cb: Callback functions for WPA authenticator 408 * Returns: Pointer to WPA authenticator data or %NULL on failure 409 */ 410struct wpa_authenticator * wpa_init(const u8 *addr, 411 struct wpa_auth_config *conf, 412 struct wpa_auth_callbacks *cb) 413{ 414 struct wpa_authenticator *wpa_auth; 415 416 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator)); 417 if (wpa_auth == NULL) 418 return NULL; 419 os_memcpy(wpa_auth->addr, addr, ETH_ALEN); 420 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 421 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb)); 422 423 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 424 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 425 os_free(wpa_auth); 426 return NULL; 427 } 428 429 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1); 430 if (wpa_auth->group == NULL) { 431 os_free(wpa_auth->wpa_ie); 432 os_free(wpa_auth); 433 return NULL; 434 } 435 436 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb, 437 wpa_auth); 438 if (wpa_auth->pmksa == NULL) { 439 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); 440 os_free(wpa_auth->group); 441 os_free(wpa_auth->wpa_ie); 442 os_free(wpa_auth); 443 return NULL; 444 } 445 446#ifdef CONFIG_IEEE80211R 447 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); 448 if (wpa_auth->ft_pmk_cache == NULL) { 449 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed."); 450 os_free(wpa_auth->group); 451 os_free(wpa_auth->wpa_ie); 452 pmksa_cache_auth_deinit(wpa_auth->pmksa); 453 os_free(wpa_auth); 454 return NULL; 455 } 456#endif /* CONFIG_IEEE80211R */ 457 458 if (wpa_auth->conf.wpa_gmk_rekey) { 459 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, 460 wpa_rekey_gmk, wpa_auth, NULL); 461 } 462 463 if (wpa_auth->conf.wpa_group_rekey) { 464 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, 465 wpa_rekey_gtk, wpa_auth, NULL); 466 } 467 468#ifdef CONFIG_P2P 469 if (WPA_GET_BE32(conf->ip_addr_start)) { 470 int count = WPA_GET_BE32(conf->ip_addr_end) - 471 WPA_GET_BE32(conf->ip_addr_start) + 1; 472 if (count > 1000) 473 count = 1000; 474 if (count > 0) 475 wpa_auth->ip_pool = bitfield_alloc(count); 476 } 477#endif /* CONFIG_P2P */ 478 479 return wpa_auth; 480} 481 482 483int wpa_init_keys(struct wpa_authenticator *wpa_auth) 484{ 485 struct wpa_group *group = wpa_auth->group; 486 487 wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial " 488 "keys"); 489 wpa_group_sm_step(wpa_auth, group); 490 group->GInit = FALSE; 491 wpa_group_sm_step(wpa_auth, group); 492 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 493 return -1; 494 return 0; 495} 496 497 498/** 499 * wpa_deinit - Deinitialize WPA authenticator 500 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 501 */ 502void wpa_deinit(struct wpa_authenticator *wpa_auth) 503{ 504 struct wpa_group *group, *prev; 505 506 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); 507 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 508 509#ifdef CONFIG_PEERKEY 510 while (wpa_auth->stsl_negotiations) 511 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); 512#endif /* CONFIG_PEERKEY */ 513 514 pmksa_cache_auth_deinit(wpa_auth->pmksa); 515 516#ifdef CONFIG_IEEE80211R 517 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache); 518 wpa_auth->ft_pmk_cache = NULL; 519#endif /* CONFIG_IEEE80211R */ 520 521#ifdef CONFIG_P2P 522 bitfield_free(wpa_auth->ip_pool); 523#endif /* CONFIG_P2P */ 524 525 526 os_free(wpa_auth->wpa_ie); 527 528 group = wpa_auth->group; 529 while (group) { 530 prev = group; 531 group = group->next; 532 os_free(prev); 533 } 534 535 os_free(wpa_auth); 536} 537 538 539/** 540 * wpa_reconfig - Update WPA authenticator configuration 541 * @wpa_auth: Pointer to WPA authenticator data from wpa_init() 542 * @conf: Configuration for WPA authenticator 543 */ 544int wpa_reconfig(struct wpa_authenticator *wpa_auth, 545 struct wpa_auth_config *conf) 546{ 547 struct wpa_group *group; 548 if (wpa_auth == NULL) 549 return 0; 550 551 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); 552 if (wpa_auth_gen_wpa_ie(wpa_auth)) { 553 wpa_printf(MSG_ERROR, "Could not generate WPA IE."); 554 return -1; 555 } 556 557 /* 558 * Reinitialize GTK to make sure it is suitable for the new 559 * configuration. 560 */ 561 group = wpa_auth->group; 562 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); 563 group->GInit = TRUE; 564 wpa_group_sm_step(wpa_auth, group); 565 group->GInit = FALSE; 566 wpa_group_sm_step(wpa_auth, group); 567 568 return 0; 569} 570 571 572struct wpa_state_machine * 573wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, 574 const u8 *p2p_dev_addr) 575{ 576 struct wpa_state_machine *sm; 577 578 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 579 return NULL; 580 581 sm = os_zalloc(sizeof(struct wpa_state_machine)); 582 if (sm == NULL) 583 return NULL; 584 os_memcpy(sm->addr, addr, ETH_ALEN); 585 if (p2p_dev_addr) 586 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN); 587 588 sm->wpa_auth = wpa_auth; 589 sm->group = wpa_auth->group; 590 wpa_group_get(sm->wpa_auth, sm->group); 591 592 return sm; 593} 594 595 596int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 597 struct wpa_state_machine *sm) 598{ 599 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 600 return -1; 601 602#ifdef CONFIG_IEEE80211R 603 if (sm->ft_completed) { 604 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 605 "FT authentication already completed - do not " 606 "start 4-way handshake"); 607 /* Go to PTKINITDONE state to allow GTK rekeying */ 608 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; 609 return 0; 610 } 611#endif /* CONFIG_IEEE80211R */ 612 613 if (sm->started) { 614 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); 615 sm->ReAuthenticationRequest = TRUE; 616 return wpa_sm_step(sm); 617 } 618 619 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 620 "start authentication"); 621 sm->started = 1; 622 623 sm->Init = TRUE; 624 if (wpa_sm_step(sm) == 1) 625 return 1; /* should not really happen */ 626 sm->Init = FALSE; 627 sm->AuthenticationRequest = TRUE; 628 return wpa_sm_step(sm); 629} 630 631 632void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) 633{ 634 /* WPA/RSN was not used - clear WPA state. This is needed if the STA 635 * reassociates back to the same AP while the previous entry for the 636 * STA has not yet been removed. */ 637 if (sm == NULL) 638 return; 639 640 sm->wpa_key_mgmt = 0; 641} 642 643 644static void wpa_free_sta_sm(struct wpa_state_machine *sm) 645{ 646#ifdef CONFIG_P2P 647 if (WPA_GET_BE32(sm->ip_addr)) { 648 u32 start; 649 wpa_printf(MSG_DEBUG, "P2P: Free assigned IP " 650 "address %u.%u.%u.%u from " MACSTR, 651 sm->ip_addr[0], sm->ip_addr[1], 652 sm->ip_addr[2], sm->ip_addr[3], 653 MAC2STR(sm->addr)); 654 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start); 655 bitfield_clear(sm->wpa_auth->ip_pool, 656 WPA_GET_BE32(sm->ip_addr) - start); 657 } 658#endif /* CONFIG_P2P */ 659 if (sm->GUpdateStationKeys) { 660 sm->group->GKeyDoneStations--; 661 sm->GUpdateStationKeys = FALSE; 662 } 663#ifdef CONFIG_IEEE80211R 664 os_free(sm->assoc_resp_ftie); 665 wpabuf_free(sm->ft_pending_req_ies); 666#endif /* CONFIG_IEEE80211R */ 667 os_free(sm->last_rx_eapol_key); 668 os_free(sm->wpa_ie); 669 wpa_group_put(sm->wpa_auth, sm->group); 670 os_free(sm); 671} 672 673 674void wpa_auth_sta_deinit(struct wpa_state_machine *sm) 675{ 676 if (sm == NULL) 677 return; 678 679 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { 680 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 681 "strict rekeying - force GTK rekey since STA " 682 "is leaving"); 683 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); 684 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, 685 NULL); 686 } 687 688 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 689 sm->pending_1_of_4_timeout = 0; 690 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); 691 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 692 if (sm->in_step_loop) { 693 /* Must not free state machine while wpa_sm_step() is running. 694 * Freeing will be completed in the end of wpa_sm_step(). */ 695 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " 696 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 697 sm->pending_deinit = 1; 698 } else 699 wpa_free_sta_sm(sm); 700} 701 702 703static void wpa_request_new_ptk(struct wpa_state_machine *sm) 704{ 705 if (sm == NULL) 706 return; 707 708 sm->PTKRequest = TRUE; 709 sm->PTK_valid = 0; 710} 711 712 713static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr, 714 const u8 *replay_counter) 715{ 716 int i; 717 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 718 if (!ctr[i].valid) 719 break; 720 if (os_memcmp(replay_counter, ctr[i].counter, 721 WPA_REPLAY_COUNTER_LEN) == 0) 722 return 1; 723 } 724 return 0; 725} 726 727 728static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr, 729 const u8 *replay_counter) 730{ 731 int i; 732 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 733 if (ctr[i].valid && 734 (replay_counter == NULL || 735 os_memcmp(replay_counter, ctr[i].counter, 736 WPA_REPLAY_COUNTER_LEN) == 0)) 737 ctr[i].valid = FALSE; 738 } 739} 740 741 742#ifdef CONFIG_IEEE80211R 743static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth, 744 struct wpa_state_machine *sm, 745 struct wpa_eapol_ie_parse *kde) 746{ 747 struct wpa_ie_data ie; 748 struct rsn_mdie *mdie; 749 750 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || 751 ie.num_pmkid != 1 || ie.pmkid == NULL) { 752 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " 753 "FT 4-way handshake message 2/4"); 754 return -1; 755 } 756 757 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); 758 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant", 759 sm->sup_pmk_r1_name, PMKID_LEN); 760 761 if (!kde->mdie || !kde->ftie) { 762 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " 763 "message 2/4", kde->mdie ? "FTIE" : "MDIE"); 764 return -1; 765 } 766 767 mdie = (struct rsn_mdie *) (kde->mdie + 2); 768 if (kde->mdie[1] < sizeof(struct rsn_mdie) || 769 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain, 770 MOBILITY_DOMAIN_ID_LEN) != 0) { 771 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); 772 return -1; 773 } 774 775 if (sm->assoc_resp_ftie && 776 (kde->ftie[1] != sm->assoc_resp_ftie[1] || 777 os_memcmp(kde->ftie, sm->assoc_resp_ftie, 778 2 + sm->assoc_resp_ftie[1]) != 0)) { 779 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); 780 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4", 781 kde->ftie, kde->ftie_len); 782 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp", 783 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); 784 return -1; 785 } 786 787 return 0; 788} 789#endif /* CONFIG_IEEE80211R */ 790 791 792static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth, 793 struct wpa_state_machine *sm, int group) 794{ 795 /* Supplicant reported a Michael MIC error */ 796 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 797 "received EAPOL-Key Error Request " 798 "(STA detected Michael MIC failure (group=%d))", 799 group); 800 801 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) { 802 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 803 "ignore Michael MIC failure report since " 804 "group cipher is not TKIP"); 805 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) { 806 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 807 "ignore Michael MIC failure report since " 808 "pairwise cipher is not TKIP"); 809 } else { 810 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0) 811 return 1; /* STA entry was removed */ 812 sm->dot11RSNAStatsTKIPRemoteMICFailures++; 813 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; 814 } 815 816 /* 817 * Error report is not a request for a new key handshake, but since 818 * Authenticator may do it, let's change the keys now anyway. 819 */ 820 wpa_request_new_ptk(sm); 821 return 0; 822} 823 824 825static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, 826 size_t data_len) 827{ 828 struct wpa_ptk PTK; 829 int ok = 0; 830 const u8 *pmk = NULL; 831 unsigned int pmk_len; 832 833 for (;;) { 834 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 835 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, 836 sm->p2p_dev_addr, pmk); 837 if (pmk == NULL) 838 break; 839 pmk_len = PMK_LEN; 840 } else { 841 pmk = sm->PMK; 842 pmk_len = sm->pmk_len; 843 } 844 845 wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK); 846 847 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len) 848 == 0) { 849 ok = 1; 850 break; 851 } 852 853 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 854 break; 855 } 856 857 if (!ok) { 858 wpa_printf(MSG_DEBUG, 859 "WPA: Earlier SNonce did not result in matching MIC"); 860 return -1; 861 } 862 863 wpa_printf(MSG_DEBUG, 864 "WPA: Earlier SNonce resulted in matching MIC"); 865 sm->alt_snonce_valid = 0; 866 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN); 867 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 868 sm->PTK_valid = TRUE; 869 870 return 0; 871} 872 873 874void wpa_receive(struct wpa_authenticator *wpa_auth, 875 struct wpa_state_machine *sm, 876 u8 *data, size_t data_len) 877{ 878 struct ieee802_1x_hdr *hdr; 879 struct wpa_eapol_key *key; 880 struct wpa_eapol_key_192 *key192; 881 u16 key_info, key_data_length; 882 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, 883 SMK_M1, SMK_M3, SMK_ERROR } msg; 884 char *msgtxt; 885 struct wpa_eapol_ie_parse kde; 886 int ft; 887 const u8 *eapol_key_ie, *key_data; 888 size_t eapol_key_ie_len, keyhdrlen, mic_len; 889 890 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) 891 return; 892 893 mic_len = wpa_mic_len(sm->wpa_key_mgmt); 894 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 895 896 if (data_len < sizeof(*hdr) + keyhdrlen) 897 return; 898 899 hdr = (struct ieee802_1x_hdr *) data; 900 key = (struct wpa_eapol_key *) (hdr + 1); 901 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 902 key_info = WPA_GET_BE16(key->key_info); 903 if (mic_len == 24) { 904 key_data = (const u8 *) (key192 + 1); 905 key_data_length = WPA_GET_BE16(key192->key_data_length); 906 } else { 907 key_data = (const u8 *) (key + 1); 908 key_data_length = WPA_GET_BE16(key->key_data_length); 909 } 910 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR 911 " key_info=0x%x type=%u key_data_length=%u", 912 MAC2STR(sm->addr), key_info, key->type, key_data_length); 913 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) { 914 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " 915 "key_data overflow (%d > %lu)", 916 key_data_length, 917 (unsigned long) (data_len - sizeof(*hdr) - 918 keyhdrlen)); 919 return; 920 } 921 922 if (sm->wpa == WPA_VERSION_WPA2) { 923 if (key->type == EAPOL_KEY_TYPE_WPA) { 924 /* 925 * Some deployed station implementations seem to send 926 * msg 4/4 with incorrect type value in WPA2 mode. 927 */ 928 wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " 929 "with unexpected WPA type in RSN mode"); 930 } else if (key->type != EAPOL_KEY_TYPE_RSN) { 931 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 932 "unexpected type %d in RSN mode", 933 key->type); 934 return; 935 } 936 } else { 937 if (key->type != EAPOL_KEY_TYPE_WPA) { 938 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " 939 "unexpected type %d in WPA mode", 940 key->type); 941 return; 942 } 943 } 944 945 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce, 946 WPA_NONCE_LEN); 947 wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter", 948 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 949 950 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys 951 * are set */ 952 953 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == 954 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { 955 if (key_info & WPA_KEY_INFO_ERROR) { 956 msg = SMK_ERROR; 957 msgtxt = "SMK Error"; 958 } else { 959 msg = SMK_M1; 960 msgtxt = "SMK M1"; 961 } 962 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 963 msg = SMK_M3; 964 msgtxt = "SMK M3"; 965 } else if (key_info & WPA_KEY_INFO_REQUEST) { 966 msg = REQUEST; 967 msgtxt = "Request"; 968 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { 969 msg = GROUP_2; 970 msgtxt = "2/2 Group"; 971 } else if (key_data_length == 0) { 972 msg = PAIRWISE_4; 973 msgtxt = "4/4 Pairwise"; 974 } else { 975 msg = PAIRWISE_2; 976 msgtxt = "2/4 Pairwise"; 977 } 978 979 /* TODO: key_info type validation for PeerKey */ 980 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || 981 msg == GROUP_2) { 982 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 983 if (sm->pairwise == WPA_CIPHER_CCMP || 984 sm->pairwise == WPA_CIPHER_GCMP) { 985 if (wpa_use_aes_cmac(sm) && 986 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN && 987 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && 988 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 989 wpa_auth_logger(wpa_auth, sm->addr, 990 LOGGER_WARNING, 991 "advertised support for " 992 "AES-128-CMAC, but did not " 993 "use it"); 994 return; 995 } 996 997 if (!wpa_use_aes_cmac(sm) && 998 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 999 wpa_auth_logger(wpa_auth, sm->addr, 1000 LOGGER_WARNING, 1001 "did not use HMAC-SHA1-AES " 1002 "with CCMP/GCMP"); 1003 return; 1004 } 1005 } 1006 1007 if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && 1008 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 1009 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 1010 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases"); 1011 return; 1012 } 1013 } 1014 1015 if (key_info & WPA_KEY_INFO_REQUEST) { 1016 if (sm->req_replay_counter_used && 1017 os_memcmp(key->replay_counter, sm->req_replay_counter, 1018 WPA_REPLAY_COUNTER_LEN) <= 0) { 1019 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, 1020 "received EAPOL-Key request with " 1021 "replayed counter"); 1022 return; 1023 } 1024 } 1025 1026 if (!(key_info & WPA_KEY_INFO_REQUEST) && 1027 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) { 1028 int i; 1029 1030 if (msg == PAIRWISE_2 && 1031 wpa_replay_counter_valid(sm->prev_key_replay, 1032 key->replay_counter) && 1033 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && 1034 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) 1035 { 1036 /* 1037 * Some supplicant implementations (e.g., Windows XP 1038 * WZC) update SNonce for each EAPOL-Key 2/4. This 1039 * breaks the workaround on accepting any of the 1040 * pending requests, so allow the SNonce to be updated 1041 * even if we have already sent out EAPOL-Key 3/4. 1042 */ 1043 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1044 "Process SNonce update from STA " 1045 "based on retransmitted EAPOL-Key " 1046 "1/4"); 1047 sm->update_snonce = 1; 1048 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN); 1049 sm->alt_snonce_valid = TRUE; 1050 os_memcpy(sm->alt_replay_counter, 1051 sm->key_replay[0].counter, 1052 WPA_REPLAY_COUNTER_LEN); 1053 goto continue_processing; 1054 } 1055 1056 if (msg == PAIRWISE_4 && sm->alt_snonce_valid && 1057 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && 1058 os_memcmp(key->replay_counter, sm->alt_replay_counter, 1059 WPA_REPLAY_COUNTER_LEN) == 0) { 1060 /* 1061 * Supplicant may still be using the old SNonce since 1062 * there was two EAPOL-Key 2/4 messages and they had 1063 * different SNonce values. 1064 */ 1065 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1066 "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4"); 1067 goto continue_processing; 1068 } 1069 1070 if (msg == PAIRWISE_2 && 1071 wpa_replay_counter_valid(sm->prev_key_replay, 1072 key->replay_counter) && 1073 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) { 1074 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1075 "ignore retransmitted EAPOL-Key %s - " 1076 "SNonce did not change", msgtxt); 1077 } else { 1078 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1079 "received EAPOL-Key %s with " 1080 "unexpected replay counter", msgtxt); 1081 } 1082 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { 1083 if (!sm->key_replay[i].valid) 1084 break; 1085 wpa_hexdump(MSG_DEBUG, "pending replay counter", 1086 sm->key_replay[i].counter, 1087 WPA_REPLAY_COUNTER_LEN); 1088 } 1089 wpa_hexdump(MSG_DEBUG, "received replay counter", 1090 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1091 return; 1092 } 1093 1094continue_processing: 1095 switch (msg) { 1096 case PAIRWISE_2: 1097 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && 1098 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING && 1099 (!sm->update_snonce || 1100 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) { 1101 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1102 "received EAPOL-Key msg 2/4 in " 1103 "invalid state (%d) - dropped", 1104 sm->wpa_ptk_state); 1105 return; 1106 } 1107 random_add_randomness(key->key_nonce, WPA_NONCE_LEN); 1108 if (sm->group->reject_4way_hs_for_entropy) { 1109 /* 1110 * The system did not have enough entropy to generate 1111 * strong random numbers. Reject the first 4-way 1112 * handshake(s) and collect some entropy based on the 1113 * information from it. Once enough entropy is 1114 * available, the next atempt will trigger GMK/Key 1115 * Counter update and the station will be allowed to 1116 * continue. 1117 */ 1118 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to " 1119 "collect more entropy for random number " 1120 "generation"); 1121 random_mark_pool_ready(); 1122 wpa_sta_disconnect(wpa_auth, sm->addr); 1123 return; 1124 } 1125 if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) { 1126 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1127 "received EAPOL-Key msg 2/4 with " 1128 "invalid Key Data contents"); 1129 return; 1130 } 1131 if (kde.rsn_ie) { 1132 eapol_key_ie = kde.rsn_ie; 1133 eapol_key_ie_len = kde.rsn_ie_len; 1134 } else if (kde.osen) { 1135 eapol_key_ie = kde.osen; 1136 eapol_key_ie_len = kde.osen_len; 1137 } else { 1138 eapol_key_ie = kde.wpa_ie; 1139 eapol_key_ie_len = kde.wpa_ie_len; 1140 } 1141 ft = sm->wpa == WPA_VERSION_WPA2 && 1142 wpa_key_mgmt_ft(sm->wpa_key_mgmt); 1143 if (sm->wpa_ie == NULL || 1144 wpa_compare_rsn_ie(ft, 1145 sm->wpa_ie, sm->wpa_ie_len, 1146 eapol_key_ie, eapol_key_ie_len)) { 1147 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1148 "WPA IE from (Re)AssocReq did not " 1149 "match with msg 2/4"); 1150 if (sm->wpa_ie) { 1151 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", 1152 sm->wpa_ie, sm->wpa_ie_len); 1153 } 1154 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", 1155 eapol_key_ie, eapol_key_ie_len); 1156 /* MLME-DEAUTHENTICATE.request */ 1157 wpa_sta_disconnect(wpa_auth, sm->addr); 1158 return; 1159 } 1160#ifdef CONFIG_IEEE80211R 1161 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { 1162 wpa_sta_disconnect(wpa_auth, sm->addr); 1163 return; 1164 } 1165#endif /* CONFIG_IEEE80211R */ 1166#ifdef CONFIG_P2P 1167 if (kde.ip_addr_req && kde.ip_addr_req[0] && 1168 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) { 1169 int idx; 1170 wpa_printf(MSG_DEBUG, "P2P: IP address requested in " 1171 "EAPOL-Key exchange"); 1172 idx = bitfield_get_first_zero(wpa_auth->ip_pool); 1173 if (idx >= 0) { 1174 u32 start = WPA_GET_BE32(wpa_auth->conf. 1175 ip_addr_start); 1176 bitfield_set(wpa_auth->ip_pool, idx); 1177 WPA_PUT_BE32(sm->ip_addr, start + idx); 1178 wpa_printf(MSG_DEBUG, "P2P: Assigned IP " 1179 "address %u.%u.%u.%u to " MACSTR, 1180 sm->ip_addr[0], sm->ip_addr[1], 1181 sm->ip_addr[2], sm->ip_addr[3], 1182 MAC2STR(sm->addr)); 1183 } 1184 } 1185#endif /* CONFIG_P2P */ 1186 break; 1187 case PAIRWISE_4: 1188 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || 1189 !sm->PTK_valid) { 1190 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1191 "received EAPOL-Key msg 4/4 in " 1192 "invalid state (%d) - dropped", 1193 sm->wpa_ptk_state); 1194 return; 1195 } 1196 break; 1197 case GROUP_2: 1198 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING 1199 || !sm->PTK_valid) { 1200 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, 1201 "received EAPOL-Key msg 2/2 in " 1202 "invalid state (%d) - dropped", 1203 sm->wpa_ptk_group_state); 1204 return; 1205 } 1206 break; 1207#ifdef CONFIG_PEERKEY 1208 case SMK_M1: 1209 case SMK_M3: 1210 case SMK_ERROR: 1211 if (!wpa_auth->conf.peerkey) { 1212 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " 1213 "PeerKey use disabled - ignoring message"); 1214 return; 1215 } 1216 if (!sm->PTK_valid) { 1217 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1218 "received EAPOL-Key msg SMK in " 1219 "invalid state - dropped"); 1220 return; 1221 } 1222 break; 1223#else /* CONFIG_PEERKEY */ 1224 case SMK_M1: 1225 case SMK_M3: 1226 case SMK_ERROR: 1227 return; /* STSL disabled - ignore SMK messages */ 1228#endif /* CONFIG_PEERKEY */ 1229 case REQUEST: 1230 break; 1231 } 1232 1233 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1234 "received EAPOL-Key frame (%s)", msgtxt); 1235 1236 if (key_info & WPA_KEY_INFO_ACK) { 1237 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1238 "received invalid EAPOL-Key: Key Ack set"); 1239 return; 1240 } 1241 1242 if (!(key_info & WPA_KEY_INFO_MIC)) { 1243 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1244 "received invalid EAPOL-Key: Key MIC not set"); 1245 return; 1246 } 1247 1248 sm->MICVerified = FALSE; 1249 if (sm->PTK_valid && !sm->update_snonce) { 1250 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data, 1251 data_len) && 1252 (msg != PAIRWISE_4 || !sm->alt_snonce_valid || 1253 wpa_try_alt_snonce(sm, data, data_len))) { 1254 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1255 "received EAPOL-Key with invalid MIC"); 1256 return; 1257 } 1258 sm->MICVerified = TRUE; 1259 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 1260 sm->pending_1_of_4_timeout = 0; 1261 } 1262 1263 if (key_info & WPA_KEY_INFO_REQUEST) { 1264 if (sm->MICVerified) { 1265 sm->req_replay_counter_used = 1; 1266 os_memcpy(sm->req_replay_counter, key->replay_counter, 1267 WPA_REPLAY_COUNTER_LEN); 1268 } else { 1269 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1270 "received EAPOL-Key request with " 1271 "invalid MIC"); 1272 return; 1273 } 1274 1275 /* 1276 * TODO: should decrypt key data field if encryption was used; 1277 * even though MAC address KDE is not normally encrypted, 1278 * supplicant is allowed to encrypt it. 1279 */ 1280 if (msg == SMK_ERROR) { 1281#ifdef CONFIG_PEERKEY 1282 wpa_smk_error(wpa_auth, sm, key_data, key_data_length); 1283#endif /* CONFIG_PEERKEY */ 1284 return; 1285 } else if (key_info & WPA_KEY_INFO_ERROR) { 1286 if (wpa_receive_error_report( 1287 wpa_auth, sm, 1288 !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0) 1289 return; /* STA entry was removed */ 1290 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1291 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1292 "received EAPOL-Key Request for new " 1293 "4-Way Handshake"); 1294 wpa_request_new_ptk(sm); 1295#ifdef CONFIG_PEERKEY 1296 } else if (msg == SMK_M1) { 1297 wpa_smk_m1(wpa_auth, sm, key, key_data, 1298 key_data_length); 1299#endif /* CONFIG_PEERKEY */ 1300 } else if (key_data_length > 0 && 1301 wpa_parse_kde_ies(key_data, key_data_length, 1302 &kde) == 0 && 1303 kde.mac_addr) { 1304 } else { 1305 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1306 "received EAPOL-Key Request for GTK " 1307 "rekeying"); 1308 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); 1309 wpa_rekey_gtk(wpa_auth, NULL); 1310 } 1311 } else { 1312 /* Do not allow the same key replay counter to be reused. */ 1313 wpa_replay_counter_mark_invalid(sm->key_replay, 1314 key->replay_counter); 1315 1316 if (msg == PAIRWISE_2) { 1317 /* 1318 * Maintain a copy of the pending EAPOL-Key frames in 1319 * case the EAPOL-Key frame was retransmitted. This is 1320 * needed to allow EAPOL-Key msg 2/4 reply to another 1321 * pending msg 1/4 to update the SNonce to work around 1322 * unexpected supplicant behavior. 1323 */ 1324 os_memcpy(sm->prev_key_replay, sm->key_replay, 1325 sizeof(sm->key_replay)); 1326 } else { 1327 os_memset(sm->prev_key_replay, 0, 1328 sizeof(sm->prev_key_replay)); 1329 } 1330 1331 /* 1332 * Make sure old valid counters are not accepted anymore and 1333 * do not get copied again. 1334 */ 1335 wpa_replay_counter_mark_invalid(sm->key_replay, NULL); 1336 } 1337 1338#ifdef CONFIG_PEERKEY 1339 if (msg == SMK_M3) { 1340 wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length); 1341 return; 1342 } 1343#endif /* CONFIG_PEERKEY */ 1344 1345 os_free(sm->last_rx_eapol_key); 1346 sm->last_rx_eapol_key = os_malloc(data_len); 1347 if (sm->last_rx_eapol_key == NULL) 1348 return; 1349 os_memcpy(sm->last_rx_eapol_key, data, data_len); 1350 sm->last_rx_eapol_key_len = data_len; 1351 1352 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE); 1353 sm->EAPOLKeyReceived = TRUE; 1354 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 1355 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); 1356 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); 1357 wpa_sm_step(sm); 1358} 1359 1360 1361static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, 1362 const u8 *gnonce, u8 *gtk, size_t gtk_len) 1363{ 1364 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16]; 1365 u8 *pos; 1366 int ret = 0; 1367 1368 /* GTK = PRF-X(GMK, "Group key expansion", 1369 * AA || GNonce || Time || random data) 1370 * The example described in the IEEE 802.11 standard uses only AA and 1371 * GNonce as inputs here. Add some more entropy since this derivation 1372 * is done only at the Authenticator and as such, does not need to be 1373 * exactly same. 1374 */ 1375 os_memcpy(data, addr, ETH_ALEN); 1376 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); 1377 pos = data + ETH_ALEN + WPA_NONCE_LEN; 1378 wpa_get_ntp_timestamp(pos); 1379 pos += 8; 1380 if (random_get_bytes(pos, 16) < 0) 1381 ret = -1; 1382 1383#ifdef CONFIG_IEEE80211W 1384 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); 1385#else /* CONFIG_IEEE80211W */ 1386 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) 1387 < 0) 1388 ret = -1; 1389#endif /* CONFIG_IEEE80211W */ 1390 1391 return ret; 1392} 1393 1394 1395static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) 1396{ 1397 struct wpa_authenticator *wpa_auth = eloop_ctx; 1398 struct wpa_state_machine *sm = timeout_ctx; 1399 1400 sm->pending_1_of_4_timeout = 0; 1401 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); 1402 sm->TimeoutEvt = TRUE; 1403 wpa_sm_step(sm); 1404} 1405 1406 1407void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1408 struct wpa_state_machine *sm, int key_info, 1409 const u8 *key_rsc, const u8 *nonce, 1410 const u8 *kde, size_t kde_len, 1411 int keyidx, int encr, int force_version) 1412{ 1413 struct ieee802_1x_hdr *hdr; 1414 struct wpa_eapol_key *key; 1415 struct wpa_eapol_key_192 *key192; 1416 size_t len, mic_len, keyhdrlen; 1417 int alg; 1418 int key_data_len, pad_len = 0; 1419 u8 *buf, *pos; 1420 int version, pairwise; 1421 int i; 1422 u8 *key_data; 1423 1424 mic_len = wpa_mic_len(sm->wpa_key_mgmt); 1425 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); 1426 1427 len = sizeof(struct ieee802_1x_hdr) + keyhdrlen; 1428 1429 if (force_version) 1430 version = force_version; 1431 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1432 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) 1433 version = WPA_KEY_INFO_TYPE_AKM_DEFINED; 1434 else if (wpa_use_aes_cmac(sm)) 1435 version = WPA_KEY_INFO_TYPE_AES_128_CMAC; 1436 else if (sm->pairwise != WPA_CIPHER_TKIP) 1437 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1438 else 1439 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1440 1441 pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); 1442 1443 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " 1444 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " 1445 "encr=%d)", 1446 version, 1447 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, 1448 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, 1449 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, 1450 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, 1451 pairwise, (unsigned long) kde_len, keyidx, encr); 1452 1453 key_data_len = kde_len; 1454 1455 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1456 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1457 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || 1458 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { 1459 pad_len = key_data_len % 8; 1460 if (pad_len) 1461 pad_len = 8 - pad_len; 1462 key_data_len += pad_len + 8; 1463 } 1464 1465 len += key_data_len; 1466 1467 hdr = os_zalloc(len); 1468 if (hdr == NULL) 1469 return; 1470 hdr->version = wpa_auth->conf.eapol_version; 1471 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1472 hdr->length = host_to_be16(len - sizeof(*hdr)); 1473 key = (struct wpa_eapol_key *) (hdr + 1); 1474 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 1475 key_data = ((u8 *) (hdr + 1)) + keyhdrlen; 1476 1477 key->type = sm->wpa == WPA_VERSION_WPA2 ? 1478 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1479 key_info |= version; 1480 if (encr && sm->wpa == WPA_VERSION_WPA2) 1481 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 1482 if (sm->wpa != WPA_VERSION_WPA2) 1483 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; 1484 WPA_PUT_BE16(key->key_info, key_info); 1485 1486 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; 1487 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg)); 1488 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) 1489 WPA_PUT_BE16(key->key_length, 0); 1490 1491 /* FIX: STSL: what to use as key_replay_counter? */ 1492 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { 1493 sm->key_replay[i].valid = sm->key_replay[i - 1].valid; 1494 os_memcpy(sm->key_replay[i].counter, 1495 sm->key_replay[i - 1].counter, 1496 WPA_REPLAY_COUNTER_LEN); 1497 } 1498 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); 1499 os_memcpy(key->replay_counter, sm->key_replay[0].counter, 1500 WPA_REPLAY_COUNTER_LEN); 1501 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", 1502 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1503 sm->key_replay[0].valid = TRUE; 1504 1505 if (nonce) 1506 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); 1507 1508 if (key_rsc) 1509 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); 1510 1511 if (kde && !encr) { 1512 os_memcpy(key_data, kde, kde_len); 1513 if (mic_len == 24) 1514 WPA_PUT_BE16(key192->key_data_length, kde_len); 1515 else 1516 WPA_PUT_BE16(key->key_data_length, kde_len); 1517 } else if (encr && kde) { 1518 buf = os_zalloc(key_data_len); 1519 if (buf == NULL) { 1520 os_free(hdr); 1521 return; 1522 } 1523 pos = buf; 1524 os_memcpy(pos, kde, kde_len); 1525 pos += kde_len; 1526 1527 if (pad_len) 1528 *pos++ = 0xdd; 1529 1530 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", 1531 buf, key_data_len); 1532 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1533 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || 1534 wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || 1535 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1536 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, 1537 (key_data_len - 8) / 8, buf, key_data)) { 1538 os_free(hdr); 1539 os_free(buf); 1540 return; 1541 } 1542 if (mic_len == 24) 1543 WPA_PUT_BE16(key192->key_data_length, 1544 key_data_len); 1545 else 1546 WPA_PUT_BE16(key->key_data_length, 1547 key_data_len); 1548#ifndef CONFIG_NO_RC4 1549 } else if (sm->PTK.kek_len == 16) { 1550 u8 ek[32]; 1551 os_memcpy(key->key_iv, 1552 sm->group->Counter + WPA_NONCE_LEN - 16, 16); 1553 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); 1554 os_memcpy(ek, key->key_iv, 16); 1555 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len); 1556 os_memcpy(key_data, buf, key_data_len); 1557 rc4_skip(ek, 32, 256, key_data, key_data_len); 1558 if (mic_len == 24) 1559 WPA_PUT_BE16(key192->key_data_length, 1560 key_data_len); 1561 else 1562 WPA_PUT_BE16(key->key_data_length, 1563 key_data_len); 1564#endif /* CONFIG_NO_RC4 */ 1565 } else { 1566 os_free(hdr); 1567 os_free(buf); 1568 return; 1569 } 1570 os_free(buf); 1571 } 1572 1573 if (key_info & WPA_KEY_INFO_MIC) { 1574 u8 *key_mic; 1575 1576 if (!sm->PTK_valid) { 1577 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 1578 "PTK not valid when sending EAPOL-Key " 1579 "frame"); 1580 os_free(hdr); 1581 return; 1582 } 1583 1584 key_mic = key192->key_mic; /* same offset for key and key192 */ 1585 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len, 1586 sm->wpa_key_mgmt, version, 1587 (u8 *) hdr, len, key_mic); 1588#ifdef CONFIG_TESTING_OPTIONS 1589 if (!pairwise && 1590 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 && 1591 drand48() < 1592 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) { 1593 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, 1594 "Corrupting group EAPOL-Key Key MIC"); 1595 key_mic[0]++; 1596 } 1597#endif /* CONFIG_TESTING_OPTIONS */ 1598 } 1599 1600 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1601 1); 1602 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, 1603 sm->pairwise_set); 1604 os_free(hdr); 1605} 1606 1607 1608static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, 1609 struct wpa_state_machine *sm, int key_info, 1610 const u8 *key_rsc, const u8 *nonce, 1611 const u8 *kde, size_t kde_len, 1612 int keyidx, int encr) 1613{ 1614 int timeout_ms; 1615 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; 1616 int ctr; 1617 1618 if (sm == NULL) 1619 return; 1620 1621 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, 1622 keyidx, encr, 0); 1623 1624 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; 1625 if (ctr == 1 && wpa_auth->conf.tx_status) 1626 timeout_ms = pairwise ? eapol_key_timeout_first : 1627 eapol_key_timeout_first_group; 1628 else 1629 timeout_ms = eapol_key_timeout_subseq; 1630 if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC)) 1631 sm->pending_1_of_4_timeout = 1; 1632 wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry " 1633 "counter %d)", timeout_ms, ctr); 1634 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, 1635 wpa_send_eapol_timeout, wpa_auth, sm); 1636} 1637 1638 1639static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, 1640 size_t data_len) 1641{ 1642 struct ieee802_1x_hdr *hdr; 1643 struct wpa_eapol_key *key; 1644 struct wpa_eapol_key_192 *key192; 1645 u16 key_info; 1646 int ret = 0; 1647 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1648 size_t mic_len = wpa_mic_len(akmp); 1649 1650 if (data_len < sizeof(*hdr) + sizeof(*key)) 1651 return -1; 1652 1653 hdr = (struct ieee802_1x_hdr *) data; 1654 key = (struct wpa_eapol_key *) (hdr + 1); 1655 key192 = (struct wpa_eapol_key_192 *) (hdr + 1); 1656 key_info = WPA_GET_BE16(key->key_info); 1657 os_memcpy(mic, key192->key_mic, mic_len); 1658 os_memset(key192->key_mic, 0, mic_len); 1659 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp, 1660 key_info & WPA_KEY_INFO_TYPE_MASK, 1661 data, data_len, key192->key_mic) || 1662 os_memcmp_const(mic, key192->key_mic, mic_len) != 0) 1663 ret = -1; 1664 os_memcpy(key192->key_mic, mic, mic_len); 1665 return ret; 1666} 1667 1668 1669void wpa_remove_ptk(struct wpa_state_machine *sm) 1670{ 1671 sm->PTK_valid = FALSE; 1672 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1673 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0); 1674 sm->pairwise_set = FALSE; 1675 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 1676} 1677 1678 1679int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) 1680{ 1681 int remove_ptk = 1; 1682 1683 if (sm == NULL) 1684 return -1; 1685 1686 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1687 "event %d notification", event); 1688 1689 switch (event) { 1690 case WPA_AUTH: 1691#ifdef CONFIG_MESH 1692 /* PTKs are derived through AMPE */ 1693 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) { 1694 /* not mesh */ 1695 break; 1696 } 1697 return 0; 1698#endif /* CONFIG_MESH */ 1699 case WPA_ASSOC: 1700 break; 1701 case WPA_DEAUTH: 1702 case WPA_DISASSOC: 1703 sm->DeauthenticationRequest = TRUE; 1704 break; 1705 case WPA_REAUTH: 1706 case WPA_REAUTH_EAPOL: 1707 if (!sm->started) { 1708 /* 1709 * When using WPS, we may end up here if the STA 1710 * manages to re-associate without the previous STA 1711 * entry getting removed. Consequently, we need to make 1712 * sure that the WPA state machines gets initialized 1713 * properly at this point. 1714 */ 1715 wpa_printf(MSG_DEBUG, "WPA state machine had not been " 1716 "started - initialize now"); 1717 sm->started = 1; 1718 sm->Init = TRUE; 1719 if (wpa_sm_step(sm) == 1) 1720 return 1; /* should not really happen */ 1721 sm->Init = FALSE; 1722 sm->AuthenticationRequest = TRUE; 1723 break; 1724 } 1725 if (sm->GUpdateStationKeys) { 1726 /* 1727 * Reauthentication cancels the pending group key 1728 * update for this STA. 1729 */ 1730 sm->group->GKeyDoneStations--; 1731 sm->GUpdateStationKeys = FALSE; 1732 sm->PtkGroupInit = TRUE; 1733 } 1734 sm->ReAuthenticationRequest = TRUE; 1735 break; 1736 case WPA_ASSOC_FT: 1737#ifdef CONFIG_IEEE80211R 1738 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " 1739 "after association"); 1740 wpa_ft_install_ptk(sm); 1741 1742 /* Using FT protocol, not WPA auth state machine */ 1743 sm->ft_completed = 1; 1744 return 0; 1745#else /* CONFIG_IEEE80211R */ 1746 break; 1747#endif /* CONFIG_IEEE80211R */ 1748 } 1749 1750#ifdef CONFIG_IEEE80211R 1751 sm->ft_completed = 0; 1752#endif /* CONFIG_IEEE80211R */ 1753 1754#ifdef CONFIG_IEEE80211W 1755 if (sm->mgmt_frame_prot && event == WPA_AUTH) 1756 remove_ptk = 0; 1757#endif /* CONFIG_IEEE80211W */ 1758 1759 if (remove_ptk) { 1760 sm->PTK_valid = FALSE; 1761 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1762 1763 if (event != WPA_REAUTH_EAPOL) 1764 wpa_remove_ptk(sm); 1765 } 1766 1767 if (sm->in_step_loop) { 1768 /* 1769 * wpa_sm_step() is already running - avoid recursive call to 1770 * it by making the existing loop process the new update. 1771 */ 1772 sm->changed = TRUE; 1773 return 0; 1774 } 1775 return wpa_sm_step(sm); 1776} 1777 1778 1779SM_STATE(WPA_PTK, INITIALIZE) 1780{ 1781 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); 1782 if (sm->Init) { 1783 /* Init flag is not cleared here, so avoid busy 1784 * loop by claiming nothing changed. */ 1785 sm->changed = FALSE; 1786 } 1787 1788 sm->keycount = 0; 1789 if (sm->GUpdateStationKeys) 1790 sm->group->GKeyDoneStations--; 1791 sm->GUpdateStationKeys = FALSE; 1792 if (sm->wpa == WPA_VERSION_WPA) 1793 sm->PInitAKeys = FALSE; 1794 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and 1795 * Local AA > Remote AA)) */) { 1796 sm->Pair = TRUE; 1797 } 1798 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); 1799 wpa_remove_ptk(sm); 1800 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); 1801 sm->TimeoutCtr = 0; 1802 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 1803 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 1804 WPA_EAPOL_authorized, 0); 1805 } 1806} 1807 1808 1809SM_STATE(WPA_PTK, DISCONNECT) 1810{ 1811 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); 1812 sm->Disconnect = FALSE; 1813 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 1814} 1815 1816 1817SM_STATE(WPA_PTK, DISCONNECTED) 1818{ 1819 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); 1820 sm->DeauthenticationRequest = FALSE; 1821} 1822 1823 1824SM_STATE(WPA_PTK, AUTHENTICATION) 1825{ 1826 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); 1827 os_memset(&sm->PTK, 0, sizeof(sm->PTK)); 1828 sm->PTK_valid = FALSE; 1829 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, 1830 1); 1831 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); 1832 sm->AuthenticationRequest = FALSE; 1833} 1834 1835 1836static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth, 1837 struct wpa_group *group) 1838{ 1839 if (group->first_sta_seen) 1840 return; 1841 /* 1842 * System has run bit further than at the time hostapd was started 1843 * potentially very early during boot up. This provides better chances 1844 * of collecting more randomness on embedded systems. Re-initialize the 1845 * GMK and Counter here to improve their strength if there was not 1846 * enough entropy available immediately after system startup. 1847 */ 1848 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first " 1849 "station"); 1850 if (random_pool_ready() != 1) { 1851 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " 1852 "to proceed - reject first 4-way handshake"); 1853 group->reject_4way_hs_for_entropy = TRUE; 1854 } else { 1855 group->first_sta_seen = TRUE; 1856 group->reject_4way_hs_for_entropy = FALSE; 1857 } 1858 1859 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 || 1860 wpa_gtk_update(wpa_auth, group) < 0 || 1861 wpa_group_config_group_keys(wpa_auth, group) < 0) { 1862 wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed"); 1863 group->first_sta_seen = FALSE; 1864 group->reject_4way_hs_for_entropy = TRUE; 1865 } 1866} 1867 1868 1869SM_STATE(WPA_PTK, AUTHENTICATION2) 1870{ 1871 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); 1872 1873 wpa_group_ensure_init(sm->wpa_auth, sm->group); 1874 sm->ReAuthenticationRequest = FALSE; 1875 1876 /* 1877 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat 1878 * ambiguous. The Authenticator state machine uses a counter that is 1879 * incremented by one for each 4-way handshake. However, the security 1880 * analysis of 4-way handshake points out that unpredictable nonces 1881 * help in preventing precomputation attacks. Instead of the state 1882 * machine definition, use an unpredictable nonce value here to provide 1883 * stronger protection against potential precomputation attacks. 1884 */ 1885 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 1886 wpa_printf(MSG_ERROR, "WPA: Failed to get random data for " 1887 "ANonce."); 1888 sm->Disconnect = TRUE; 1889 return; 1890 } 1891 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, 1892 WPA_NONCE_LEN); 1893 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more 1894 * logical place than INITIALIZE since AUTHENTICATION2 can be 1895 * re-entered on ReAuthenticationRequest without going through 1896 * INITIALIZE. */ 1897 sm->TimeoutCtr = 0; 1898} 1899 1900 1901SM_STATE(WPA_PTK, INITPMK) 1902{ 1903 u8 msk[2 * PMK_LEN]; 1904 size_t len = 2 * PMK_LEN; 1905 1906 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); 1907#ifdef CONFIG_IEEE80211R 1908 sm->xxkey_len = 0; 1909#endif /* CONFIG_IEEE80211R */ 1910 if (sm->pmksa) { 1911 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); 1912 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len); 1913 sm->pmk_len = sm->pmksa->pmk_len; 1914 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { 1915 unsigned int pmk_len; 1916 1917 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 1918 pmk_len = PMK_LEN_SUITE_B_192; 1919 else 1920 pmk_len = PMK_LEN; 1921 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " 1922 "(MSK len=%lu PMK len=%u)", (unsigned long) len, 1923 pmk_len); 1924 if (len < pmk_len) { 1925 wpa_printf(MSG_DEBUG, 1926 "WPA: MSK not long enough (%u) to create PMK (%u)", 1927 (unsigned int) len, (unsigned int) pmk_len); 1928 sm->Disconnect = TRUE; 1929 return; 1930 } 1931 os_memcpy(sm->PMK, msk, pmk_len); 1932 sm->pmk_len = pmk_len; 1933#ifdef CONFIG_IEEE80211R 1934 if (len >= 2 * PMK_LEN) { 1935 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); 1936 sm->xxkey_len = PMK_LEN; 1937 } 1938#endif /* CONFIG_IEEE80211R */ 1939 } else { 1940 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p", 1941 sm->wpa_auth->cb.get_msk); 1942 sm->Disconnect = TRUE; 1943 return; 1944 } 1945 os_memset(msk, 0, sizeof(msk)); 1946 1947 sm->req_replay_counter_used = 0; 1948 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this 1949 * will break reauthentication since EAPOL state machines may not be 1950 * get into AUTHENTICATING state that clears keyRun before WPA state 1951 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK 1952 * state and takes PMK from the previously used AAA Key. This will 1953 * eventually fail in 4-Way Handshake because Supplicant uses PMK 1954 * derived from the new AAA Key. Setting keyRun = FALSE here seems to 1955 * be good workaround for this issue. */ 1956 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); 1957} 1958 1959 1960SM_STATE(WPA_PTK, INITPSK) 1961{ 1962 const u8 *psk; 1963 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); 1964 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL); 1965 if (psk) { 1966 os_memcpy(sm->PMK, psk, PMK_LEN); 1967 sm->pmk_len = PMK_LEN; 1968#ifdef CONFIG_IEEE80211R 1969 os_memcpy(sm->xxkey, psk, PMK_LEN); 1970 sm->xxkey_len = PMK_LEN; 1971#endif /* CONFIG_IEEE80211R */ 1972 } 1973 sm->req_replay_counter_used = 0; 1974} 1975 1976 1977SM_STATE(WPA_PTK, PTKSTART) 1978{ 1979 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; 1980 size_t pmkid_len = 0; 1981 1982 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); 1983 sm->PTKRequest = FALSE; 1984 sm->TimeoutEvt = FALSE; 1985 sm->alt_snonce_valid = FALSE; 1986 1987 sm->TimeoutCtr++; 1988 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 1989 /* No point in sending the EAPOL-Key - we will disconnect 1990 * immediately following this. */ 1991 return; 1992 } 1993 1994 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 1995 "sending 1/4 msg of 4-Way Handshake"); 1996 /* 1997 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only 1998 * one possible PSK for this STA. 1999 */ 2000 if (sm->wpa == WPA_VERSION_WPA2 && 2001 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 2002 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) { 2003 pmkid = buf; 2004 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 2005 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC; 2006 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; 2007 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID); 2008 if (sm->pmksa) { 2009 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN], 2010 sm->pmksa->pmkid, PMKID_LEN); 2011 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) { 2012 /* No KCK available to derive PMKID */ 2013 pmkid = NULL; 2014 } else { 2015 /* 2016 * Calculate PMKID since no PMKSA cache entry was 2017 * available with pre-calculated PMKID. 2018 */ 2019 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr, 2020 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], 2021 wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); 2022 } 2023 } 2024 wpa_send_eapol(sm->wpa_auth, sm, 2025 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, 2026 sm->ANonce, pmkid, pmkid_len, 0, 0); 2027} 2028 2029 2030static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, 2031 const u8 *pmk, unsigned int pmk_len, 2032 struct wpa_ptk *ptk) 2033{ 2034#ifdef CONFIG_IEEE80211R 2035 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 2036 return wpa_auth_derive_ptk_ft(sm, pmk, ptk); 2037#endif /* CONFIG_IEEE80211R */ 2038 2039 return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion", 2040 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce, 2041 ptk, sm->wpa_key_mgmt, sm->pairwise); 2042} 2043 2044 2045SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) 2046{ 2047 struct wpa_ptk PTK; 2048 int ok = 0, psk_found = 0; 2049 const u8 *pmk = NULL; 2050 unsigned int pmk_len; 2051 2052 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); 2053 sm->EAPOLKeyReceived = FALSE; 2054 sm->update_snonce = FALSE; 2055 2056 /* WPA with IEEE 802.1X: use the derived PMK from EAP 2057 * WPA-PSK: iterate through possible PSKs and select the one matching 2058 * the packet */ 2059 for (;;) { 2060 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2061 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, 2062 sm->p2p_dev_addr, pmk); 2063 if (pmk == NULL) 2064 break; 2065 psk_found = 1; 2066 pmk_len = PMK_LEN; 2067 } else { 2068 pmk = sm->PMK; 2069 pmk_len = sm->pmk_len; 2070 } 2071 2072 wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK); 2073 2074 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, 2075 sm->last_rx_eapol_key, 2076 sm->last_rx_eapol_key_len) == 0) { 2077 ok = 1; 2078 break; 2079 } 2080 2081 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) 2082 break; 2083 } 2084 2085 if (!ok) { 2086 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2087 "invalid MIC in msg 2/4 of 4-Way Handshake"); 2088 if (psk_found) 2089 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr); 2090 return; 2091 } 2092 2093#ifdef CONFIG_IEEE80211R 2094 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2095 /* 2096 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches 2097 * with the value we derived. 2098 */ 2099 if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name, 2100 WPA_PMK_NAME_LEN) != 0) { 2101 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2102 "PMKR1Name mismatch in FT 4-way " 2103 "handshake"); 2104 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " 2105 "Supplicant", 2106 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); 2107 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 2108 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 2109 return; 2110 } 2111 } 2112#endif /* CONFIG_IEEE80211R */ 2113 2114 sm->pending_1_of_4_timeout = 0; 2115 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); 2116 2117 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2118 /* PSK may have changed from the previous choice, so update 2119 * state machine data based on whatever PSK was selected here. 2120 */ 2121 os_memcpy(sm->PMK, pmk, PMK_LEN); 2122 sm->pmk_len = PMK_LEN; 2123 } 2124 2125 sm->MICVerified = TRUE; 2126 2127 os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); 2128 sm->PTK_valid = TRUE; 2129} 2130 2131 2132SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) 2133{ 2134 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); 2135 sm->TimeoutCtr = 0; 2136} 2137 2138 2139#ifdef CONFIG_IEEE80211W 2140 2141static int ieee80211w_kde_len(struct wpa_state_machine *sm) 2142{ 2143 if (sm->mgmt_frame_prot) { 2144 size_t len; 2145 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2146 return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len; 2147 } 2148 2149 return 0; 2150} 2151 2152 2153static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 2154{ 2155 struct wpa_igtk_kde igtk; 2156 struct wpa_group *gsm = sm->group; 2157 u8 rsc[WPA_KEY_RSC_LEN]; 2158 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2159 2160 if (!sm->mgmt_frame_prot) 2161 return pos; 2162 2163 igtk.keyid[0] = gsm->GN_igtk; 2164 igtk.keyid[1] = 0; 2165 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE || 2166 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0) 2167 os_memset(igtk.pn, 0, sizeof(igtk.pn)); 2168 else 2169 os_memcpy(igtk.pn, rsc, sizeof(igtk.pn)); 2170 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len); 2171 if (sm->wpa_auth->conf.disable_gtk) { 2172 /* 2173 * Provide unique random IGTK to each STA to prevent use of 2174 * IGTK in the BSS. 2175 */ 2176 if (random_get_bytes(igtk.igtk, len) < 0) 2177 return pos; 2178 } 2179 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, 2180 (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len, 2181 NULL, 0); 2182 2183 return pos; 2184} 2185 2186#else /* CONFIG_IEEE80211W */ 2187 2188static int ieee80211w_kde_len(struct wpa_state_machine *sm) 2189{ 2190 return 0; 2191} 2192 2193 2194static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) 2195{ 2196 return pos; 2197} 2198 2199#endif /* CONFIG_IEEE80211W */ 2200 2201 2202SM_STATE(WPA_PTK, PTKINITNEGOTIATING) 2203{ 2204 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32]; 2205 size_t gtk_len, kde_len; 2206 struct wpa_group *gsm = sm->group; 2207 u8 *wpa_ie; 2208 int wpa_ie_len, secure, keyidx, encr = 0; 2209 2210 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); 2211 sm->TimeoutEvt = FALSE; 2212 2213 sm->TimeoutCtr++; 2214 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { 2215 /* No point in sending the EAPOL-Key - we will disconnect 2216 * immediately following this. */ 2217 return; 2218 } 2219 2220 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE], 2221 GTK[GN], IGTK, [FTIE], [TIE * 2]) 2222 */ 2223 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 2224 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 2225 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */ 2226 wpa_ie = sm->wpa_auth->wpa_ie; 2227 wpa_ie_len = sm->wpa_auth->wpa_ie_len; 2228 if (sm->wpa == WPA_VERSION_WPA && 2229 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && 2230 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { 2231 /* WPA-only STA, remove RSN IE and possible MDIE */ 2232 wpa_ie = wpa_ie + wpa_ie[1] + 2; 2233 if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN) 2234 wpa_ie = wpa_ie + wpa_ie[1] + 2; 2235 wpa_ie_len = wpa_ie[1] + 2; 2236 } 2237 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2238 "sending 3/4 msg of 4-Way Handshake"); 2239 if (sm->wpa == WPA_VERSION_WPA2) { 2240 /* WPA2 send GTK in the 4-way handshake */ 2241 secure = 1; 2242 gtk = gsm->GTK[gsm->GN - 1]; 2243 gtk_len = gsm->GTK_len; 2244 if (sm->wpa_auth->conf.disable_gtk) { 2245 /* 2246 * Provide unique random GTK to each STA to prevent use 2247 * of GTK in the BSS. 2248 */ 2249 if (random_get_bytes(dummy_gtk, gtk_len) < 0) 2250 return; 2251 gtk = dummy_gtk; 2252 } 2253 keyidx = gsm->GN; 2254 _rsc = rsc; 2255 encr = 1; 2256 } else { 2257 /* WPA does not include GTK in msg 3/4 */ 2258 secure = 0; 2259 gtk = NULL; 2260 gtk_len = 0; 2261 keyidx = 0; 2262 _rsc = NULL; 2263 if (sm->rx_eapol_key_secure) { 2264 /* 2265 * It looks like Windows 7 supplicant tries to use 2266 * Secure bit in msg 2/4 after having reported Michael 2267 * MIC failure and it then rejects the 4-way handshake 2268 * if msg 3/4 does not set Secure bit. Work around this 2269 * by setting the Secure bit here even in the case of 2270 * WPA if the supplicant used it first. 2271 */ 2272 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2273 "STA used Secure bit in WPA msg 2/4 - " 2274 "set Secure for 3/4 as workaround"); 2275 secure = 1; 2276 } 2277 } 2278 2279 kde_len = wpa_ie_len + ieee80211w_kde_len(sm); 2280 if (gtk) 2281 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; 2282#ifdef CONFIG_IEEE80211R 2283 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2284 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */ 2285 kde_len += 300; /* FTIE + 2 * TIE */ 2286 } 2287#endif /* CONFIG_IEEE80211R */ 2288#ifdef CONFIG_P2P 2289 if (WPA_GET_BE32(sm->ip_addr) > 0) 2290 kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4; 2291#endif /* CONFIG_P2P */ 2292 kde = os_malloc(kde_len); 2293 if (kde == NULL) 2294 return; 2295 2296 pos = kde; 2297 os_memcpy(pos, wpa_ie, wpa_ie_len); 2298 pos += wpa_ie_len; 2299#ifdef CONFIG_IEEE80211R 2300 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2301 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); 2302 if (res < 0) { 2303 wpa_printf(MSG_ERROR, "FT: Failed to insert " 2304 "PMKR1Name into RSN IE in EAPOL-Key data"); 2305 os_free(kde); 2306 return; 2307 } 2308 pos += res; 2309 } 2310#endif /* CONFIG_IEEE80211R */ 2311 if (gtk) { 2312 u8 hdr[2]; 2313 hdr[0] = keyidx & 0x03; 2314 hdr[1] = 0; 2315 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2316 gtk, gtk_len); 2317 } 2318 pos = ieee80211w_kde_add(sm, pos); 2319 2320#ifdef CONFIG_IEEE80211R 2321 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 2322 int res; 2323 struct wpa_auth_config *conf; 2324 2325 conf = &sm->wpa_auth->conf; 2326 res = wpa_write_ftie(conf, conf->r0_key_holder, 2327 conf->r0_key_holder_len, 2328 NULL, NULL, pos, kde + kde_len - pos, 2329 NULL, 0); 2330 if (res < 0) { 2331 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " 2332 "into EAPOL-Key Key Data"); 2333 os_free(kde); 2334 return; 2335 } 2336 pos += res; 2337 2338 /* TIE[ReassociationDeadline] (TU) */ 2339 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 2340 *pos++ = 5; 2341 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE; 2342 WPA_PUT_LE32(pos, conf->reassociation_deadline); 2343 pos += 4; 2344 2345 /* TIE[KeyLifetime] (seconds) */ 2346 *pos++ = WLAN_EID_TIMEOUT_INTERVAL; 2347 *pos++ = 5; 2348 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; 2349 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); 2350 pos += 4; 2351 } 2352#endif /* CONFIG_IEEE80211R */ 2353#ifdef CONFIG_P2P 2354 if (WPA_GET_BE32(sm->ip_addr) > 0) { 2355 u8 addr[3 * 4]; 2356 os_memcpy(addr, sm->ip_addr, 4); 2357 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4); 2358 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4); 2359 pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC, 2360 addr, sizeof(addr), NULL, 0); 2361 } 2362#endif /* CONFIG_P2P */ 2363 2364 wpa_send_eapol(sm->wpa_auth, sm, 2365 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | 2366 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | 2367 WPA_KEY_INFO_KEY_TYPE, 2368 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); 2369 os_free(kde); 2370} 2371 2372 2373SM_STATE(WPA_PTK, PTKINITDONE) 2374{ 2375 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); 2376 sm->EAPOLKeyReceived = FALSE; 2377 if (sm->Pair) { 2378 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise); 2379 int klen = wpa_cipher_key_len(sm->pairwise); 2380 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 2381 sm->PTK.tk, klen)) { 2382 wpa_sta_disconnect(sm->wpa_auth, sm->addr); 2383 return; 2384 } 2385 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 2386 sm->pairwise_set = TRUE; 2387 2388 if (sm->wpa_auth->conf.wpa_ptk_rekey) { 2389 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); 2390 eloop_register_timeout(sm->wpa_auth->conf. 2391 wpa_ptk_rekey, 0, wpa_rekey_ptk, 2392 sm->wpa_auth, sm); 2393 } 2394 2395 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { 2396 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 2397 WPA_EAPOL_authorized, 1); 2398 } 2399 } 2400 2401 if (0 /* IBSS == TRUE */) { 2402 sm->keycount++; 2403 if (sm->keycount == 2) { 2404 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, 2405 WPA_EAPOL_portValid, 1); 2406 } 2407 } else { 2408 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 2409 1); 2410 } 2411 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); 2412 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); 2413 if (sm->wpa == WPA_VERSION_WPA) 2414 sm->PInitAKeys = TRUE; 2415 else 2416 sm->has_GTK = TRUE; 2417 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2418 "pairwise key handshake completed (%s)", 2419 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2420 2421#ifdef CONFIG_IEEE80211R 2422 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); 2423#endif /* CONFIG_IEEE80211R */ 2424} 2425 2426 2427SM_STEP(WPA_PTK) 2428{ 2429 struct wpa_authenticator *wpa_auth = sm->wpa_auth; 2430 2431 if (sm->Init) 2432 SM_ENTER(WPA_PTK, INITIALIZE); 2433 else if (sm->Disconnect 2434 /* || FIX: dot11RSNAConfigSALifetime timeout */) { 2435 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 2436 "WPA_PTK: sm->Disconnect"); 2437 SM_ENTER(WPA_PTK, DISCONNECT); 2438 } 2439 else if (sm->DeauthenticationRequest) 2440 SM_ENTER(WPA_PTK, DISCONNECTED); 2441 else if (sm->AuthenticationRequest) 2442 SM_ENTER(WPA_PTK, AUTHENTICATION); 2443 else if (sm->ReAuthenticationRequest) 2444 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2445 else if (sm->PTKRequest) 2446 SM_ENTER(WPA_PTK, PTKSTART); 2447 else switch (sm->wpa_ptk_state) { 2448 case WPA_PTK_INITIALIZE: 2449 break; 2450 case WPA_PTK_DISCONNECT: 2451 SM_ENTER(WPA_PTK, DISCONNECTED); 2452 break; 2453 case WPA_PTK_DISCONNECTED: 2454 SM_ENTER(WPA_PTK, INITIALIZE); 2455 break; 2456 case WPA_PTK_AUTHENTICATION: 2457 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2458 break; 2459 case WPA_PTK_AUTHENTICATION2: 2460 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 2461 wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 2462 WPA_EAPOL_keyRun) > 0) 2463 SM_ENTER(WPA_PTK, INITPMK); 2464 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) 2465 /* FIX: && 802.1X::keyRun */) 2466 SM_ENTER(WPA_PTK, INITPSK); 2467 break; 2468 case WPA_PTK_INITPMK: 2469 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, 2470 WPA_EAPOL_keyAvailable) > 0) 2471 SM_ENTER(WPA_PTK, PTKSTART); 2472 else { 2473 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2474 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2475 "INITPMK - keyAvailable = false"); 2476 SM_ENTER(WPA_PTK, DISCONNECT); 2477 } 2478 break; 2479 case WPA_PTK_INITPSK: 2480 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, 2481 NULL)) 2482 SM_ENTER(WPA_PTK, PTKSTART); 2483 else { 2484 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2485 "no PSK configured for the STA"); 2486 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2487 SM_ENTER(WPA_PTK, DISCONNECT); 2488 } 2489 break; 2490 case WPA_PTK_PTKSTART: 2491 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2492 sm->EAPOLKeyPairwise) 2493 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2494 else if (sm->TimeoutCtr > 2495 (int) dot11RSNAConfigPairwiseUpdateCount) { 2496 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2497 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2498 "PTKSTART: Retry limit %d reached", 2499 dot11RSNAConfigPairwiseUpdateCount); 2500 SM_ENTER(WPA_PTK, DISCONNECT); 2501 } else if (sm->TimeoutEvt) 2502 SM_ENTER(WPA_PTK, PTKSTART); 2503 break; 2504 case WPA_PTK_PTKCALCNEGOTIATING: 2505 if (sm->MICVerified) 2506 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); 2507 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2508 sm->EAPOLKeyPairwise) 2509 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2510 else if (sm->TimeoutEvt) 2511 SM_ENTER(WPA_PTK, PTKSTART); 2512 break; 2513 case WPA_PTK_PTKCALCNEGOTIATING2: 2514 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 2515 break; 2516 case WPA_PTK_PTKINITNEGOTIATING: 2517 if (sm->update_snonce) 2518 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); 2519 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2520 sm->EAPOLKeyPairwise && sm->MICVerified) 2521 SM_ENTER(WPA_PTK, PTKINITDONE); 2522 else if (sm->TimeoutCtr > 2523 (int) dot11RSNAConfigPairwiseUpdateCount) { 2524 wpa_auth->dot11RSNA4WayHandshakeFailures++; 2525 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2526 "PTKINITNEGOTIATING: Retry limit %d " 2527 "reached", 2528 dot11RSNAConfigPairwiseUpdateCount); 2529 SM_ENTER(WPA_PTK, DISCONNECT); 2530 } else if (sm->TimeoutEvt) 2531 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); 2532 break; 2533 case WPA_PTK_PTKINITDONE: 2534 break; 2535 } 2536} 2537 2538 2539SM_STATE(WPA_PTK_GROUP, IDLE) 2540{ 2541 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); 2542 if (sm->Init) { 2543 /* Init flag is not cleared here, so avoid busy 2544 * loop by claiming nothing changed. */ 2545 sm->changed = FALSE; 2546 } 2547 sm->GTimeoutCtr = 0; 2548} 2549 2550 2551SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) 2552{ 2553 u8 rsc[WPA_KEY_RSC_LEN]; 2554 struct wpa_group *gsm = sm->group; 2555 const u8 *kde; 2556 u8 *kde_buf = NULL, *pos, hdr[2]; 2557 size_t kde_len; 2558 u8 *gtk, dummy_gtk[32]; 2559 2560 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); 2561 2562 sm->GTimeoutCtr++; 2563 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { 2564 /* No point in sending the EAPOL-Key - we will disconnect 2565 * immediately following this. */ 2566 return; 2567 } 2568 2569 if (sm->wpa == WPA_VERSION_WPA) 2570 sm->PInitAKeys = FALSE; 2571 sm->TimeoutEvt = FALSE; 2572 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ 2573 os_memset(rsc, 0, WPA_KEY_RSC_LEN); 2574 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) 2575 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); 2576 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2577 "sending 1/2 msg of Group Key Handshake"); 2578 2579 gtk = gsm->GTK[gsm->GN - 1]; 2580 if (sm->wpa_auth->conf.disable_gtk) { 2581 /* 2582 * Provide unique random GTK to each STA to prevent use 2583 * of GTK in the BSS. 2584 */ 2585 if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0) 2586 return; 2587 gtk = dummy_gtk; 2588 } 2589 if (sm->wpa == WPA_VERSION_WPA2) { 2590 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + 2591 ieee80211w_kde_len(sm); 2592 kde_buf = os_malloc(kde_len); 2593 if (kde_buf == NULL) 2594 return; 2595 2596 kde = pos = kde_buf; 2597 hdr[0] = gsm->GN & 0x03; 2598 hdr[1] = 0; 2599 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, 2600 gtk, gsm->GTK_len); 2601 pos = ieee80211w_kde_add(sm, pos); 2602 kde_len = pos - kde; 2603 } else { 2604 kde = gtk; 2605 kde_len = gsm->GTK_len; 2606 } 2607 2608 wpa_send_eapol(sm->wpa_auth, sm, 2609 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | 2610 WPA_KEY_INFO_ACK | 2611 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), 2612 rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1); 2613 2614 os_free(kde_buf); 2615} 2616 2617 2618SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) 2619{ 2620 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); 2621 sm->EAPOLKeyReceived = FALSE; 2622 if (sm->GUpdateStationKeys) 2623 sm->group->GKeyDoneStations--; 2624 sm->GUpdateStationKeys = FALSE; 2625 sm->GTimeoutCtr = 0; 2626 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ 2627 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, 2628 "group key handshake completed (%s)", 2629 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); 2630 sm->has_GTK = TRUE; 2631} 2632 2633 2634SM_STATE(WPA_PTK_GROUP, KEYERROR) 2635{ 2636 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); 2637 if (sm->GUpdateStationKeys) 2638 sm->group->GKeyDoneStations--; 2639 sm->GUpdateStationKeys = FALSE; 2640 sm->Disconnect = TRUE; 2641} 2642 2643 2644SM_STEP(WPA_PTK_GROUP) 2645{ 2646 if (sm->Init || sm->PtkGroupInit) { 2647 SM_ENTER(WPA_PTK_GROUP, IDLE); 2648 sm->PtkGroupInit = FALSE; 2649 } else switch (sm->wpa_ptk_group_state) { 2650 case WPA_PTK_GROUP_IDLE: 2651 if (sm->GUpdateStationKeys || 2652 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) 2653 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2654 break; 2655 case WPA_PTK_GROUP_REKEYNEGOTIATING: 2656 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && 2657 !sm->EAPOLKeyPairwise && sm->MICVerified) 2658 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); 2659 else if (sm->GTimeoutCtr > 2660 (int) dot11RSNAConfigGroupUpdateCount) 2661 SM_ENTER(WPA_PTK_GROUP, KEYERROR); 2662 else if (sm->TimeoutEvt) 2663 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); 2664 break; 2665 case WPA_PTK_GROUP_KEYERROR: 2666 SM_ENTER(WPA_PTK_GROUP, IDLE); 2667 break; 2668 case WPA_PTK_GROUP_REKEYESTABLISHED: 2669 SM_ENTER(WPA_PTK_GROUP, IDLE); 2670 break; 2671 } 2672} 2673 2674 2675static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, 2676 struct wpa_group *group) 2677{ 2678 int ret = 0; 2679 2680 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2681 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2682 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion", 2683 wpa_auth->addr, group->GNonce, 2684 group->GTK[group->GN - 1], group->GTK_len) < 0) 2685 ret = -1; 2686 wpa_hexdump_key(MSG_DEBUG, "GTK", 2687 group->GTK[group->GN - 1], group->GTK_len); 2688 2689#ifdef CONFIG_IEEE80211W 2690 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2691 size_t len; 2692 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); 2693 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); 2694 inc_byte_array(group->Counter, WPA_NONCE_LEN); 2695 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion", 2696 wpa_auth->addr, group->GNonce, 2697 group->IGTK[group->GN_igtk - 4], len) < 0) 2698 ret = -1; 2699 wpa_hexdump_key(MSG_DEBUG, "IGTK", 2700 group->IGTK[group->GN_igtk - 4], len); 2701 } 2702#endif /* CONFIG_IEEE80211W */ 2703 2704 return ret; 2705} 2706 2707 2708static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, 2709 struct wpa_group *group) 2710{ 2711 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2712 "GTK_INIT (VLAN-ID %d)", group->vlan_id); 2713 group->changed = FALSE; /* GInit is not cleared here; avoid loop */ 2714 group->wpa_group_state = WPA_GROUP_GTK_INIT; 2715 2716 /* GTK[0..N] = 0 */ 2717 os_memset(group->GTK, 0, sizeof(group->GTK)); 2718 group->GN = 1; 2719 group->GM = 2; 2720#ifdef CONFIG_IEEE80211W 2721 group->GN_igtk = 4; 2722 group->GM_igtk = 5; 2723#endif /* CONFIG_IEEE80211W */ 2724 /* GTK[GN] = CalcGTK() */ 2725 wpa_gtk_update(wpa_auth, group); 2726} 2727 2728 2729static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) 2730{ 2731 if (ctx != NULL && ctx != sm->group) 2732 return 0; 2733 2734 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { 2735 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2736 "Not in PTKINITDONE; skip Group Key update"); 2737 sm->GUpdateStationKeys = FALSE; 2738 return 0; 2739 } 2740 if (sm->GUpdateStationKeys) { 2741 /* 2742 * This should not really happen, so add a debug log entry. 2743 * Since we clear the GKeyDoneStations before the loop, the 2744 * station needs to be counted here anyway. 2745 */ 2746 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, 2747 "GUpdateStationKeys was already set when " 2748 "marking station for GTK rekeying"); 2749 } 2750 2751 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */ 2752 if (sm->is_wnmsleep) 2753 return 0; 2754 2755 sm->group->GKeyDoneStations++; 2756 sm->GUpdateStationKeys = TRUE; 2757 2758 wpa_sm_step(sm); 2759 return 0; 2760} 2761 2762 2763#ifdef CONFIG_WNM 2764/* update GTK when exiting WNM-Sleep Mode */ 2765void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm) 2766{ 2767 if (sm == NULL || sm->is_wnmsleep) 2768 return; 2769 2770 wpa_group_update_sta(sm, NULL); 2771} 2772 2773 2774void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag) 2775{ 2776 if (sm) 2777 sm->is_wnmsleep = !!flag; 2778} 2779 2780 2781int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos) 2782{ 2783 struct wpa_group *gsm = sm->group; 2784 u8 *start = pos; 2785 2786 /* 2787 * GTK subelement: 2788 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | 2789 * Key[5..32] 2790 */ 2791 *pos++ = WNM_SLEEP_SUBELEM_GTK; 2792 *pos++ = 11 + gsm->GTK_len; 2793 /* Key ID in B0-B1 of Key Info */ 2794 WPA_PUT_LE16(pos, gsm->GN & 0x03); 2795 pos += 2; 2796 *pos++ = gsm->GTK_len; 2797 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0) 2798 return 0; 2799 pos += 8; 2800 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2801 pos += gsm->GTK_len; 2802 2803 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit", 2804 gsm->GN); 2805 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit", 2806 gsm->GTK[gsm->GN - 1], gsm->GTK_len); 2807 2808 return pos - start; 2809} 2810 2811 2812#ifdef CONFIG_IEEE80211W 2813int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos) 2814{ 2815 struct wpa_group *gsm = sm->group; 2816 u8 *start = pos; 2817 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); 2818 2819 /* 2820 * IGTK subelement: 2821 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16] 2822 */ 2823 *pos++ = WNM_SLEEP_SUBELEM_IGTK; 2824 *pos++ = 2 + 6 + len; 2825 WPA_PUT_LE16(pos, gsm->GN_igtk); 2826 pos += 2; 2827 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0) 2828 return 0; 2829 pos += 6; 2830 2831 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len); 2832 pos += len; 2833 2834 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit", 2835 gsm->GN_igtk); 2836 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit", 2837 gsm->IGTK[gsm->GN_igtk - 4], len); 2838 2839 return pos - start; 2840} 2841#endif /* CONFIG_IEEE80211W */ 2842#endif /* CONFIG_WNM */ 2843 2844 2845static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, 2846 struct wpa_group *group) 2847{ 2848 int tmp; 2849 2850 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2851 "SETKEYS (VLAN-ID %d)", group->vlan_id); 2852 group->changed = TRUE; 2853 group->wpa_group_state = WPA_GROUP_SETKEYS; 2854 group->GTKReKey = FALSE; 2855 tmp = group->GM; 2856 group->GM = group->GN; 2857 group->GN = tmp; 2858#ifdef CONFIG_IEEE80211W 2859 tmp = group->GM_igtk; 2860 group->GM_igtk = group->GN_igtk; 2861 group->GN_igtk = tmp; 2862#endif /* CONFIG_IEEE80211W */ 2863 /* "GKeyDoneStations = GNoStations" is done in more robust way by 2864 * counting the STAs that are marked with GUpdateStationKeys instead of 2865 * including all STAs that could be in not-yet-completed state. */ 2866 wpa_gtk_update(wpa_auth, group); 2867 2868 if (group->GKeyDoneStations) { 2869 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected " 2870 "GKeyDoneStations=%d when starting new GTK rekey", 2871 group->GKeyDoneStations); 2872 group->GKeyDoneStations = 0; 2873 } 2874 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group); 2875 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", 2876 group->GKeyDoneStations); 2877} 2878 2879 2880static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, 2881 struct wpa_group *group) 2882{ 2883 int ret = 0; 2884 2885 if (wpa_auth_set_key(wpa_auth, group->vlan_id, 2886 wpa_cipher_to_alg(wpa_auth->conf.wpa_group), 2887 broadcast_ether_addr, group->GN, 2888 group->GTK[group->GN - 1], group->GTK_len) < 0) 2889 ret = -1; 2890 2891#ifdef CONFIG_IEEE80211W 2892 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2893 enum wpa_alg alg; 2894 size_t len; 2895 2896 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher); 2897 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); 2898 2899 if (ret == 0 && 2900 wpa_auth_set_key(wpa_auth, group->vlan_id, alg, 2901 broadcast_ether_addr, group->GN_igtk, 2902 group->IGTK[group->GN_igtk - 4], len) < 0) 2903 ret = -1; 2904 } 2905#endif /* CONFIG_IEEE80211W */ 2906 2907 return ret; 2908} 2909 2910 2911static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx) 2912{ 2913 if (sm->group == ctx) { 2914 wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR 2915 " for discconnection due to fatal failure", 2916 MAC2STR(sm->addr)); 2917 sm->Disconnect = TRUE; 2918 } 2919 2920 return 0; 2921} 2922 2923 2924static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth, 2925 struct wpa_group *group) 2926{ 2927 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE"); 2928 group->changed = TRUE; 2929 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE; 2930 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group); 2931} 2932 2933 2934static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, 2935 struct wpa_group *group) 2936{ 2937 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " 2938 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); 2939 group->changed = TRUE; 2940 group->wpa_group_state = WPA_GROUP_SETKEYSDONE; 2941 2942 if (wpa_group_config_group_keys(wpa_auth, group) < 0) { 2943 wpa_group_fatal_failure(wpa_auth, group); 2944 return -1; 2945 } 2946 2947 return 0; 2948} 2949 2950 2951static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, 2952 struct wpa_group *group) 2953{ 2954 if (group->GInit) { 2955 wpa_group_gtk_init(wpa_auth, group); 2956 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) { 2957 /* Do not allow group operations */ 2958 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && 2959 group->GTKAuthenticator) { 2960 wpa_group_setkeysdone(wpa_auth, group); 2961 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && 2962 group->GTKReKey) { 2963 wpa_group_setkeys(wpa_auth, group); 2964 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { 2965 if (group->GKeyDoneStations == 0) 2966 wpa_group_setkeysdone(wpa_auth, group); 2967 else if (group->GTKReKey) 2968 wpa_group_setkeys(wpa_auth, group); 2969 } 2970} 2971 2972 2973static int wpa_sm_step(struct wpa_state_machine *sm) 2974{ 2975 if (sm == NULL) 2976 return 0; 2977 2978 if (sm->in_step_loop) { 2979 /* This should not happen, but if it does, make sure we do not 2980 * end up freeing the state machine too early by exiting the 2981 * recursive call. */ 2982 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); 2983 return 0; 2984 } 2985 2986 sm->in_step_loop = 1; 2987 do { 2988 if (sm->pending_deinit) 2989 break; 2990 2991 sm->changed = FALSE; 2992 sm->wpa_auth->group->changed = FALSE; 2993 2994 SM_STEP_RUN(WPA_PTK); 2995 if (sm->pending_deinit) 2996 break; 2997 SM_STEP_RUN(WPA_PTK_GROUP); 2998 if (sm->pending_deinit) 2999 break; 3000 wpa_group_sm_step(sm->wpa_auth, sm->group); 3001 } while (sm->changed || sm->wpa_auth->group->changed); 3002 sm->in_step_loop = 0; 3003 3004 if (sm->pending_deinit) { 3005 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " 3006 "machine deinit for " MACSTR, MAC2STR(sm->addr)); 3007 wpa_free_sta_sm(sm); 3008 return 1; 3009 } 3010 return 0; 3011} 3012 3013 3014static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) 3015{ 3016 struct wpa_state_machine *sm = eloop_ctx; 3017 wpa_sm_step(sm); 3018} 3019 3020 3021void wpa_auth_sm_notify(struct wpa_state_machine *sm) 3022{ 3023 if (sm == NULL) 3024 return; 3025 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); 3026} 3027 3028 3029void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) 3030{ 3031 int tmp, i; 3032 struct wpa_group *group; 3033 3034 if (wpa_auth == NULL) 3035 return; 3036 3037 group = wpa_auth->group; 3038 3039 for (i = 0; i < 2; i++) { 3040 tmp = group->GM; 3041 group->GM = group->GN; 3042 group->GN = tmp; 3043#ifdef CONFIG_IEEE80211W 3044 tmp = group->GM_igtk; 3045 group->GM_igtk = group->GN_igtk; 3046 group->GN_igtk = tmp; 3047#endif /* CONFIG_IEEE80211W */ 3048 wpa_gtk_update(wpa_auth, group); 3049 wpa_group_config_group_keys(wpa_auth, group); 3050 } 3051} 3052 3053 3054static const char * wpa_bool_txt(int val) 3055{ 3056 return val ? "TRUE" : "FALSE"; 3057} 3058 3059 3060#define RSN_SUITE "%02x-%02x-%02x-%d" 3061#define RSN_SUITE_ARG(s) \ 3062((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 3063 3064int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) 3065{ 3066 int len = 0, ret; 3067 char pmkid_txt[PMKID_LEN * 2 + 1]; 3068#ifdef CONFIG_RSN_PREAUTH 3069 const int preauth = 1; 3070#else /* CONFIG_RSN_PREAUTH */ 3071 const int preauth = 0; 3072#endif /* CONFIG_RSN_PREAUTH */ 3073 3074 if (wpa_auth == NULL) 3075 return len; 3076 3077 ret = os_snprintf(buf + len, buflen - len, 3078 "dot11RSNAOptionImplemented=TRUE\n" 3079 "dot11RSNAPreauthenticationImplemented=%s\n" 3080 "dot11RSNAEnabled=%s\n" 3081 "dot11RSNAPreauthenticationEnabled=%s\n", 3082 wpa_bool_txt(preauth), 3083 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN), 3084 wpa_bool_txt(wpa_auth->conf.rsn_preauth)); 3085 if (os_snprintf_error(buflen - len, ret)) 3086 return len; 3087 len += ret; 3088 3089 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 3090 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); 3091 3092 ret = os_snprintf( 3093 buf + len, buflen - len, 3094 "dot11RSNAConfigVersion=%u\n" 3095 "dot11RSNAConfigPairwiseKeysSupported=9999\n" 3096 /* FIX: dot11RSNAConfigGroupCipher */ 3097 /* FIX: dot11RSNAConfigGroupRekeyMethod */ 3098 /* FIX: dot11RSNAConfigGroupRekeyTime */ 3099 /* FIX: dot11RSNAConfigGroupRekeyPackets */ 3100 "dot11RSNAConfigGroupRekeyStrict=%u\n" 3101 "dot11RSNAConfigGroupUpdateCount=%u\n" 3102 "dot11RSNAConfigPairwiseUpdateCount=%u\n" 3103 "dot11RSNAConfigGroupCipherSize=%u\n" 3104 "dot11RSNAConfigPMKLifetime=%u\n" 3105 "dot11RSNAConfigPMKReauthThreshold=%u\n" 3106 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" 3107 "dot11RSNAConfigSATimeout=%u\n" 3108 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 3109 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 3110 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 3111 "dot11RSNAPMKIDUsed=%s\n" 3112 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 3113 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 3114 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 3115 "dot11RSNATKIPCounterMeasuresInvoked=%u\n" 3116 "dot11RSNA4WayHandshakeFailures=%u\n" 3117 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", 3118 RSN_VERSION, 3119 !!wpa_auth->conf.wpa_strict_rekey, 3120 dot11RSNAConfigGroupUpdateCount, 3121 dot11RSNAConfigPairwiseUpdateCount, 3122 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8, 3123 dot11RSNAConfigPMKLifetime, 3124 dot11RSNAConfigPMKReauthThreshold, 3125 dot11RSNAConfigSATimeout, 3126 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected), 3127 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected), 3128 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), 3129 pmkid_txt, 3130 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested), 3131 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested), 3132 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), 3133 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, 3134 wpa_auth->dot11RSNA4WayHandshakeFailures); 3135 if (os_snprintf_error(buflen - len, ret)) 3136 return len; 3137 len += ret; 3138 3139 /* TODO: dot11RSNAConfigPairwiseCiphersTable */ 3140 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ 3141 3142 /* Private MIB */ 3143 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", 3144 wpa_auth->group->wpa_group_state); 3145 if (os_snprintf_error(buflen - len, ret)) 3146 return len; 3147 len += ret; 3148 3149 return len; 3150} 3151 3152 3153int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) 3154{ 3155 int len = 0, ret; 3156 u32 pairwise = 0; 3157 3158 if (sm == NULL) 3159 return 0; 3160 3161 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ 3162 3163 /* dot11RSNAStatsEntry */ 3164 3165 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ? 3166 WPA_PROTO_RSN : WPA_PROTO_WPA, 3167 sm->pairwise); 3168 if (pairwise == 0) 3169 return 0; 3170 3171 ret = os_snprintf( 3172 buf + len, buflen - len, 3173 /* TODO: dot11RSNAStatsIndex */ 3174 "dot11RSNAStatsSTAAddress=" MACSTR "\n" 3175 "dot11RSNAStatsVersion=1\n" 3176 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" 3177 /* TODO: dot11RSNAStatsTKIPICVErrors */ 3178 "dot11RSNAStatsTKIPLocalMICFailures=%u\n" 3179 "dot11RSNAStatsTKIPRemoteMICFailures=%u\n" 3180 /* TODO: dot11RSNAStatsCCMPReplays */ 3181 /* TODO: dot11RSNAStatsCCMPDecryptErrors */ 3182 /* TODO: dot11RSNAStatsTKIPReplays */, 3183 MAC2STR(sm->addr), 3184 RSN_SUITE_ARG(pairwise), 3185 sm->dot11RSNAStatsTKIPLocalMICFailures, 3186 sm->dot11RSNAStatsTKIPRemoteMICFailures); 3187 if (os_snprintf_error(buflen - len, ret)) 3188 return len; 3189 len += ret; 3190 3191 /* Private MIB */ 3192 ret = os_snprintf(buf + len, buflen - len, 3193 "hostapdWPAPTKState=%d\n" 3194 "hostapdWPAPTKGroupState=%d\n", 3195 sm->wpa_ptk_state, 3196 sm->wpa_ptk_group_state); 3197 if (os_snprintf_error(buflen - len, ret)) 3198 return len; 3199 len += ret; 3200 3201 return len; 3202} 3203 3204 3205void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) 3206{ 3207 if (wpa_auth) 3208 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; 3209} 3210 3211 3212int wpa_auth_pairwise_set(struct wpa_state_machine *sm) 3213{ 3214 return sm && sm->pairwise_set; 3215} 3216 3217 3218int wpa_auth_get_pairwise(struct wpa_state_machine *sm) 3219{ 3220 return sm->pairwise; 3221} 3222 3223 3224int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) 3225{ 3226 if (sm == NULL) 3227 return -1; 3228 return sm->wpa_key_mgmt; 3229} 3230 3231 3232int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 3233{ 3234 if (sm == NULL) 3235 return 0; 3236 return sm->wpa; 3237} 3238 3239 3240int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 3241 struct rsn_pmksa_cache_entry *entry) 3242{ 3243 if (sm == NULL || sm->pmksa != entry) 3244 return -1; 3245 sm->pmksa = NULL; 3246 return 0; 3247} 3248 3249 3250struct rsn_pmksa_cache_entry * 3251wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) 3252{ 3253 return sm ? sm->pmksa : NULL; 3254} 3255 3256 3257void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) 3258{ 3259 if (sm) 3260 sm->dot11RSNAStatsTKIPLocalMICFailures++; 3261} 3262 3263 3264const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) 3265{ 3266 if (wpa_auth == NULL) 3267 return NULL; 3268 *len = wpa_auth->wpa_ie_len; 3269 return wpa_auth->wpa_ie; 3270} 3271 3272 3273int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 3274 unsigned int pmk_len, 3275 int session_timeout, struct eapol_state_machine *eapol) 3276{ 3277 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 || 3278 sm->wpa_auth->conf.disable_pmksa_caching) 3279 return -1; 3280 3281 if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { 3282 if (pmk_len > PMK_LEN_SUITE_B_192) 3283 pmk_len = PMK_LEN_SUITE_B_192; 3284 } else if (pmk_len > PMK_LEN) { 3285 pmk_len = PMK_LEN; 3286 } 3287 3288 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, 3289 sm->PTK.kck, sm->PTK.kck_len, 3290 sm->wpa_auth->addr, sm->addr, session_timeout, 3291 eapol, sm->wpa_key_mgmt)) 3292 return 0; 3293 3294 return -1; 3295} 3296 3297 3298int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 3299 const u8 *pmk, size_t len, const u8 *sta_addr, 3300 int session_timeout, 3301 struct eapol_state_machine *eapol) 3302{ 3303 if (wpa_auth == NULL) 3304 return -1; 3305 3306 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, 3307 NULL, 0, 3308 wpa_auth->addr, 3309 sta_addr, session_timeout, eapol, 3310 WPA_KEY_MGMT_IEEE8021X)) 3311 return 0; 3312 3313 return -1; 3314} 3315 3316 3317int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, 3318 const u8 *pmk) 3319{ 3320 if (wpa_auth->conf.disable_pmksa_caching) 3321 return -1; 3322 3323 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, 3324 NULL, 0, 3325 wpa_auth->addr, addr, 0, NULL, 3326 WPA_KEY_MGMT_SAE)) 3327 return 0; 3328 3329 return -1; 3330} 3331 3332 3333void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, 3334 const u8 *sta_addr) 3335{ 3336 struct rsn_pmksa_cache_entry *pmksa; 3337 3338 if (wpa_auth == NULL || wpa_auth->pmksa == NULL) 3339 return; 3340 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL); 3341 if (pmksa) { 3342 wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for " 3343 MACSTR " based on request", MAC2STR(sta_addr)); 3344 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa); 3345 } 3346} 3347 3348 3349/* 3350 * Remove and free the group from wpa_authenticator. This is triggered by a 3351 * callback to make sure nobody is currently iterating the group list while it 3352 * gets modified. 3353 */ 3354static void wpa_group_free(struct wpa_authenticator *wpa_auth, 3355 struct wpa_group *group) 3356{ 3357 struct wpa_group *prev = wpa_auth->group; 3358 3359 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d", 3360 group->vlan_id); 3361 3362 while (prev) { 3363 if (prev->next == group) { 3364 /* This never frees the special first group as needed */ 3365 prev->next = group->next; 3366 os_free(group); 3367 break; 3368 } 3369 prev = prev->next; 3370 } 3371 3372} 3373 3374 3375/* Increase the reference counter for group */ 3376static void wpa_group_get(struct wpa_authenticator *wpa_auth, 3377 struct wpa_group *group) 3378{ 3379 /* Skip the special first group */ 3380 if (wpa_auth->group == group) 3381 return; 3382 3383 group->references++; 3384} 3385 3386 3387/* Decrease the reference counter and maybe free the group */ 3388static void wpa_group_put(struct wpa_authenticator *wpa_auth, 3389 struct wpa_group *group) 3390{ 3391 /* Skip the special first group */ 3392 if (wpa_auth->group == group) 3393 return; 3394 3395 group->references--; 3396 if (group->references) 3397 return; 3398 wpa_group_free(wpa_auth, group); 3399} 3400 3401 3402/* 3403 * Add a group that has its references counter set to zero. Caller needs to 3404 * call wpa_group_get() on the return value to mark the entry in use. 3405 */ 3406static struct wpa_group * 3407wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) 3408{ 3409 struct wpa_group *group; 3410 3411 if (wpa_auth == NULL || wpa_auth->group == NULL) 3412 return NULL; 3413 3414 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", 3415 vlan_id); 3416 group = wpa_group_init(wpa_auth, vlan_id, 0); 3417 if (group == NULL) 3418 return NULL; 3419 3420 group->next = wpa_auth->group->next; 3421 wpa_auth->group->next = group; 3422 3423 return group; 3424} 3425 3426 3427/* 3428 * Enforce that the group state machine for the VLAN is running, increase 3429 * reference counter as interface is up. References might have been increased 3430 * even if a negative value is returned. 3431 * Returns: -1 on error (group missing, group already failed); otherwise, 0 3432 */ 3433int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id) 3434{ 3435 struct wpa_group *group; 3436 3437 if (wpa_auth == NULL) 3438 return 0; 3439 3440 group = wpa_auth->group; 3441 while (group) { 3442 if (group->vlan_id == vlan_id) 3443 break; 3444 group = group->next; 3445 } 3446 3447 if (group == NULL) { 3448 group = wpa_auth_add_group(wpa_auth, vlan_id); 3449 if (group == NULL) 3450 return -1; 3451 } 3452 3453 wpa_printf(MSG_DEBUG, 3454 "WPA: Ensure group state machine running for VLAN ID %d", 3455 vlan_id); 3456 3457 wpa_group_get(wpa_auth, group); 3458 group->num_setup_iface++; 3459 3460 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 3461 return -1; 3462 3463 return 0; 3464} 3465 3466 3467/* 3468 * Decrease reference counter, expected to be zero afterwards. 3469 * returns: -1 on error (group not found, group in fail state) 3470 * -2 if wpa_group is still referenced 3471 * 0 else 3472 */ 3473int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id) 3474{ 3475 struct wpa_group *group; 3476 int ret = 0; 3477 3478 if (wpa_auth == NULL) 3479 return 0; 3480 3481 group = wpa_auth->group; 3482 while (group) { 3483 if (group->vlan_id == vlan_id) 3484 break; 3485 group = group->next; 3486 } 3487 3488 if (group == NULL) 3489 return -1; 3490 3491 wpa_printf(MSG_DEBUG, 3492 "WPA: Try stopping group state machine for VLAN ID %d", 3493 vlan_id); 3494 3495 if (group->num_setup_iface <= 0) { 3496 wpa_printf(MSG_ERROR, 3497 "WPA: wpa_auth_release_group called more often than wpa_auth_ensure_group for VLAN ID %d, skipping.", 3498 vlan_id); 3499 return -1; 3500 } 3501 group->num_setup_iface--; 3502 3503 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 3504 ret = -1; 3505 3506 if (group->references > 1) { 3507 wpa_printf(MSG_DEBUG, 3508 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold", 3509 vlan_id); 3510 ret = -2; 3511 } 3512 3513 wpa_group_put(wpa_auth, group); 3514 3515 return ret; 3516} 3517 3518 3519int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) 3520{ 3521 struct wpa_group *group; 3522 3523 if (sm == NULL || sm->wpa_auth == NULL) 3524 return 0; 3525 3526 group = sm->wpa_auth->group; 3527 while (group) { 3528 if (group->vlan_id == vlan_id) 3529 break; 3530 group = group->next; 3531 } 3532 3533 if (group == NULL) { 3534 group = wpa_auth_add_group(sm->wpa_auth, vlan_id); 3535 if (group == NULL) 3536 return -1; 3537 } 3538 3539 if (sm->group == group) 3540 return 0; 3541 3542 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) 3543 return -1; 3544 3545 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " 3546 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); 3547 3548 wpa_group_get(sm->wpa_auth, group); 3549 wpa_group_put(sm->wpa_auth, sm->group); 3550 sm->group = group; 3551 3552 return 0; 3553} 3554 3555 3556void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, 3557 struct wpa_state_machine *sm, int ack) 3558{ 3559 if (wpa_auth == NULL || sm == NULL) 3560 return; 3561 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR 3562 " ack=%d", MAC2STR(sm->addr), ack); 3563 if (sm->pending_1_of_4_timeout && ack) { 3564 /* 3565 * Some deployed supplicant implementations update their SNonce 3566 * for each EAPOL-Key 2/4 message even within the same 4-way 3567 * handshake and then fail to use the first SNonce when 3568 * deriving the PTK. This results in unsuccessful 4-way 3569 * handshake whenever the relatively short initial timeout is 3570 * reached and EAPOL-Key 1/4 is retransmitted. Try to work 3571 * around this by increasing the timeout now that we know that 3572 * the station has received the frame. 3573 */ 3574 int timeout_ms = eapol_key_timeout_subseq; 3575 wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 " 3576 "timeout by %u ms because of acknowledged frame", 3577 timeout_ms); 3578 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); 3579 eloop_register_timeout(timeout_ms / 1000, 3580 (timeout_ms % 1000) * 1000, 3581 wpa_send_eapol_timeout, wpa_auth, sm); 3582 } 3583} 3584 3585 3586int wpa_auth_uses_sae(struct wpa_state_machine *sm) 3587{ 3588 if (sm == NULL) 3589 return 0; 3590 return wpa_key_mgmt_sae(sm->wpa_key_mgmt); 3591} 3592 3593 3594int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm) 3595{ 3596 if (sm == NULL) 3597 return 0; 3598 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE; 3599} 3600 3601 3602#ifdef CONFIG_P2P 3603int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr) 3604{ 3605 if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0) 3606 return -1; 3607 os_memcpy(addr, sm->ip_addr, 4); 3608 return 0; 3609} 3610#endif /* CONFIG_P2P */ 3611 3612 3613int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth, 3614 struct radius_das_attrs *attr) 3615{ 3616 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr); 3617} 3618 3619 3620void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth) 3621{ 3622 struct wpa_group *group; 3623 3624 if (!wpa_auth) 3625 return; 3626 for (group = wpa_auth->group; group; group = group->next) 3627 wpa_group_config_group_keys(wpa_auth, group); 3628} 3629