1/* 2 * WPA Supplicant - PeerKey for Direct Link Setup (DLS) 3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#ifdef CONFIG_PEERKEY 12 13#include "common.h" 14#include "eloop.h" 15#include "crypto/sha1.h" 16#include "crypto/sha256.h" 17#include "crypto/random.h" 18#include "common/ieee802_11_defs.h" 19#include "wpa.h" 20#include "wpa_i.h" 21#include "wpa_ie.h" 22#include "peerkey.h" 23 24 25static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len) 26{ 27 os_memcpy(pos, ie, ie_len); 28 return pos + ie_len; 29} 30 31 32static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len) 33{ 34 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 35 *pos++ = RSN_SELECTOR_LEN + data_len; 36 RSN_SELECTOR_PUT(pos, kde); 37 pos += RSN_SELECTOR_LEN; 38 os_memcpy(pos, data, data_len); 39 pos += data_len; 40 return pos; 41} 42 43 44static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx) 45{ 46#if 0 47 struct wpa_sm *sm = eloop_ctx; 48 struct wpa_peerkey *peerkey = timeout_ctx; 49#endif 50 /* TODO: time out SMK and any STK that was generated using this SMK */ 51} 52 53 54static void wpa_supplicant_peerkey_free(struct wpa_sm *sm, 55 struct wpa_peerkey *peerkey) 56{ 57 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey); 58 os_free(peerkey); 59} 60 61 62static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst, 63 const u8 *peer, 64 u16 mui, u16 error_type, int ver) 65{ 66 size_t rlen; 67 struct wpa_eapol_key *err; 68 struct wpa_eapol_key_192 *err192; 69 struct rsn_error_kde error; 70 u8 *rbuf, *pos; 71 size_t kde_len; 72 u16 key_info; 73 74 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error); 75 if (peer) 76 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN; 77 78 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 79 NULL, sizeof(*err) + kde_len, &rlen, 80 (void *) &err); 81 if (rbuf == NULL) 82 return -1; 83 err192 = (struct wpa_eapol_key_192 *) err; 84 85 err->type = EAPOL_KEY_TYPE_RSN; 86 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 87 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR | 88 WPA_KEY_INFO_REQUEST; 89 WPA_PUT_BE16(err->key_info, key_info); 90 WPA_PUT_BE16(err->key_length, 0); 91 os_memcpy(err->replay_counter, sm->request_counter, 92 WPA_REPLAY_COUNTER_LEN); 93 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 94 95 WPA_PUT_BE16(err->key_data_length, (u16) kde_len); 96 pos = (u8 *) (err + 1); 97 98 if (peer) { 99 /* Peer MAC Address KDE */ 100 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN); 101 } 102 103 /* Error KDE */ 104 error.mui = host_to_be16(mui); 105 error.error_type = host_to_be16(error_type); 106 wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error)); 107 108 if (peer) { 109 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer " 110 MACSTR " mui %d error_type %d)", 111 MAC2STR(peer), mui, error_type); 112 } else { 113 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error " 114 "(mui %d error_type %d)", mui, error_type); 115 } 116 117 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, dst, 118 ETH_P_EAPOL, rbuf, rlen, err192->key_mic); 119 120 return 0; 121} 122 123 124static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm, 125 const unsigned char *src_addr, 126 const struct wpa_eapol_key *key, 127 int ver, struct wpa_peerkey *peerkey) 128{ 129 size_t rlen; 130 struct wpa_eapol_key *reply; 131 struct wpa_eapol_key_192 *reply192; 132 u8 *rbuf, *pos; 133 size_t kde_len; 134 u16 key_info; 135 136 /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */ 137 kde_len = peerkey->rsnie_p_len + 138 2 + RSN_SELECTOR_LEN + ETH_ALEN + 139 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN; 140 141 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 142 NULL, sizeof(*reply) + kde_len, &rlen, 143 (void *) &reply); 144 if (rbuf == NULL) 145 return -1; 146 reply192 = (struct wpa_eapol_key_192 *) reply; 147 148 reply->type = EAPOL_KEY_TYPE_RSN; 149 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 150 WPA_KEY_INFO_SECURE; 151 WPA_PUT_BE16(reply->key_info, key_info); 152 WPA_PUT_BE16(reply->key_length, 0); 153 os_memcpy(reply->replay_counter, key->replay_counter, 154 WPA_REPLAY_COUNTER_LEN); 155 156 os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN); 157 158 WPA_PUT_BE16(reply->key_data_length, (u16) kde_len); 159 pos = (u8 *) (reply + 1); 160 161 /* Peer RSN IE */ 162 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len); 163 164 /* Initiator MAC Address KDE */ 165 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN); 166 167 /* Initiator Nonce */ 168 wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN); 169 170 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3"); 171 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, src_addr, 172 ETH_P_EAPOL, rbuf, rlen, reply192->key_mic); 173 174 return 0; 175} 176 177 178static int wpa_supplicant_process_smk_m2( 179 struct wpa_sm *sm, const unsigned char *src_addr, 180 const struct wpa_eapol_key *key, size_t extra_len, int ver) 181{ 182 struct wpa_peerkey *peerkey; 183 struct wpa_eapol_ie_parse kde; 184 struct wpa_ie_data ie; 185 int cipher; 186 struct rsn_ie_hdr *hdr; 187 u8 *pos; 188 189 wpa_printf(MSG_DEBUG, "RSN: Received SMK M2"); 190 191 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 192 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for " 193 "the current network"); 194 return -1; 195 } 196 197 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 198 0) { 199 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2"); 200 return -1; 201 } 202 203 if (kde.rsn_ie == NULL || kde.mac_addr == NULL || 204 kde.mac_addr_len < ETH_ALEN) { 205 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in " 206 "SMK M2"); 207 return -1; 208 } 209 210 wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR, 211 MAC2STR(kde.mac_addr)); 212 213 if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) { 214 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK " 215 "M2"); 216 return -1; 217 } 218 219 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) { 220 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2"); 221 return -1; 222 } 223 224 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher & 225 sm->allowed_pairwise_cipher, 0); 226 if (cipher < 0) { 227 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2"); 228 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr, 229 STK_MUI_SMK, STK_ERR_CPHR_NS, 230 ver); 231 return -1; 232 } 233 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey", 234 wpa_cipher_txt(cipher)); 235 236 /* TODO: find existing entry and if found, use that instead of adding 237 * a new one; how to handle the case where both ends initiate at the 238 * same time? */ 239 peerkey = os_zalloc(sizeof(*peerkey)); 240 if (peerkey == NULL) 241 return -1; 242 os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN); 243 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN); 244 os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); 245 peerkey->rsnie_i_len = kde.rsn_ie_len; 246 peerkey->cipher = cipher; 247 peerkey->akmp = ie.key_mgmt; 248 249 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) { 250 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 251 "WPA: Failed to get random data for PNonce"); 252 wpa_supplicant_peerkey_free(sm, peerkey); 253 return -1; 254 } 255 256 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p; 257 hdr->elem_id = WLAN_EID_RSN; 258 WPA_PUT_LE16(hdr->version, RSN_VERSION); 259 pos = (u8 *) (hdr + 1); 260 /* Group Suite can be anything for SMK RSN IE; receiver will just 261 * ignore it. */ 262 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 263 pos += RSN_SELECTOR_LEN; 264 /* Include only the selected cipher in pairwise cipher suite */ 265 WPA_PUT_LE16(pos, 1); 266 pos += 2; 267 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher)); 268 pos += RSN_SELECTOR_LEN; 269 270 hdr->len = (pos - peerkey->rsnie_p) - 2; 271 peerkey->rsnie_p_len = pos - peerkey->rsnie_p; 272 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake", 273 peerkey->rsnie_p, peerkey->rsnie_p_len); 274 275 wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey); 276 277 peerkey->next = sm->peerkey; 278 sm->peerkey = peerkey; 279 280 return 0; 281} 282 283 284/** 285 * rsn_smkid - Derive SMK identifier 286 * @smk: Station master key (32 bytes) 287 * @pnonce: Peer Nonce 288 * @mac_p: Peer MAC address 289 * @inonce: Initiator Nonce 290 * @mac_i: Initiator MAC address 291 * @akmp: Negotiated AKM 292 * 293 * 8.5.1.4 Station to station (STK) key hierarchy 294 * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I) 295 */ 296static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p, 297 const u8 *inonce, const u8 *mac_i, u8 *smkid, 298 int akmp) 299{ 300 char *title = "SMK Name"; 301 const u8 *addr[5]; 302 const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN, 303 ETH_ALEN }; 304 unsigned char hash[SHA256_MAC_LEN]; 305 306 addr[0] = (u8 *) title; 307 addr[1] = pnonce; 308 addr[2] = mac_p; 309 addr[3] = inonce; 310 addr[4] = mac_i; 311 312#ifdef CONFIG_IEEE80211W 313 if (wpa_key_mgmt_sha256(akmp)) 314 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash); 315 else 316#endif /* CONFIG_IEEE80211W */ 317 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash); 318 os_memcpy(smkid, hash, PMKID_LEN); 319} 320 321 322static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm, 323 struct wpa_peerkey *peerkey) 324{ 325 size_t mlen; 326 struct wpa_eapol_key *msg; 327 u8 *mbuf; 328 size_t kde_len; 329 u16 key_info, ver; 330 331 kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 332 333 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 334 sizeof(*msg) + kde_len, &mlen, 335 (void *) &msg); 336 if (mbuf == NULL) 337 return; 338 339 msg->type = EAPOL_KEY_TYPE_RSN; 340 341 if (peerkey->cipher != WPA_CIPHER_TKIP) 342 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 343 else 344 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 345 346 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK; 347 WPA_PUT_BE16(msg->key_info, key_info); 348 349 if (peerkey->cipher != WPA_CIPHER_TKIP) 350 WPA_PUT_BE16(msg->key_length, 16); 351 else 352 WPA_PUT_BE16(msg->key_length, 32); 353 354 os_memcpy(msg->replay_counter, peerkey->replay_counter, 355 WPA_REPLAY_COUNTER_LEN); 356 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); 357 358 WPA_PUT_BE16(msg->key_data_length, kde_len); 359 wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID, 360 peerkey->smkid, PMKID_LEN); 361 362 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) { 363 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 364 "RSN: Failed to get random data for INonce (STK)"); 365 os_free(mbuf); 366 return; 367 } 368 wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake", 369 peerkey->inonce, WPA_NONCE_LEN); 370 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 371 372 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR, 373 MAC2STR(peerkey->addr)); 374 wpa_eapol_key_send(sm, NULL, 0, ver, peerkey->addr, ETH_P_EAPOL, 375 mbuf, mlen, NULL); 376} 377 378 379static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm, 380 struct wpa_peerkey *peerkey) 381{ 382 size_t mlen; 383 struct wpa_eapol_key *msg; 384 u8 *mbuf, *pos; 385 size_t kde_len; 386 u16 key_info, ver; 387 be32 lifetime; 388 389 kde_len = peerkey->rsnie_i_len + 390 2 + RSN_SELECTOR_LEN + sizeof(lifetime); 391 392 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 393 sizeof(*msg) + kde_len, &mlen, 394 (void *) &msg); 395 if (mbuf == NULL) 396 return; 397 398 msg->type = EAPOL_KEY_TYPE_RSN; 399 400 if (peerkey->cipher != WPA_CIPHER_TKIP) 401 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 402 else 403 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 404 405 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK | 406 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 407 WPA_PUT_BE16(msg->key_info, key_info); 408 409 if (peerkey->cipher != WPA_CIPHER_TKIP) 410 WPA_PUT_BE16(msg->key_length, 16); 411 else 412 WPA_PUT_BE16(msg->key_length, 32); 413 414 os_memcpy(msg->replay_counter, peerkey->replay_counter, 415 WPA_REPLAY_COUNTER_LEN); 416 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); 417 418 WPA_PUT_BE16(msg->key_data_length, kde_len); 419 pos = (u8 *) (msg + 1); 420 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len); 421 lifetime = host_to_be32(peerkey->lifetime); 422 wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, 423 (u8 *) &lifetime, sizeof(lifetime)); 424 425 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 426 427 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR, 428 MAC2STR(peerkey->addr)); 429 wpa_eapol_key_send(sm, peerkey->stk.kck, peerkey->stk.kck_len, ver, 430 peerkey->addr, ETH_P_EAPOL, mbuf, mlen, 431 msg->key_mic); 432} 433 434 435static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey, 436 struct wpa_eapol_ie_parse *kde) 437{ 438 wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")", 439 MAC2STR(kde->mac_addr)); 440 441 if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0) 442 { 443 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not " 444 "match with the one used in SMK M3"); 445 return -1; 446 } 447 448 if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) { 449 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not " 450 "match with the one received in SMK M2"); 451 return -1; 452 } 453 454 return 0; 455} 456 457 458static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm, 459 const unsigned char *src_addr, 460 const struct wpa_eapol_key *key, 461 int ver, 462 struct wpa_peerkey *peerkey, 463 struct wpa_eapol_ie_parse *kde) 464{ 465 int cipher; 466 struct wpa_ie_data ie; 467 468 wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")", 469 MAC2STR(kde->mac_addr)); 470 if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN || 471 wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) { 472 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5"); 473 /* TODO: abort negotiation */ 474 return -1; 475 } 476 477 if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) { 478 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does " 479 "not match with INonce used in SMK M1"); 480 return -1; 481 } 482 483 if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0) 484 { 485 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not " 486 "match with the one used in SMK M1"); 487 return -1; 488 } 489 490 os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len); 491 peerkey->rsnie_p_len = kde->rsn_ie_len; 492 os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN); 493 494 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher & 495 sm->allowed_pairwise_cipher, 0); 496 if (cipher < 0) { 497 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected " 498 "unacceptable cipher", MAC2STR(kde->mac_addr)); 499 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr, 500 STK_MUI_SMK, STK_ERR_CPHR_NS, 501 ver); 502 /* TODO: abort negotiation */ 503 return -1; 504 } 505 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey", 506 wpa_cipher_txt(cipher)); 507 peerkey->cipher = cipher; 508 509 return 0; 510} 511 512 513static int wpa_supplicant_process_smk_m45( 514 struct wpa_sm *sm, const unsigned char *src_addr, 515 const struct wpa_eapol_key *key, size_t extra_len, int ver) 516{ 517 struct wpa_peerkey *peerkey; 518 struct wpa_eapol_ie_parse kde; 519 u32 lifetime; 520 521 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 522 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for " 523 "the current network"); 524 return -1; 525 } 526 527 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 528 0) { 529 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5"); 530 return -1; 531 } 532 533 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN || 534 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN || 535 kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN || 536 kde.lifetime == NULL || kde.lifetime_len < 4) { 537 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or " 538 "Lifetime KDE in SMK M4/M5"); 539 return -1; 540 } 541 542 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 543 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 && 544 os_memcmp(peerkey->initiator ? peerkey->inonce : 545 peerkey->pnonce, 546 key->key_nonce, WPA_NONCE_LEN) == 0) 547 break; 548 } 549 if (peerkey == NULL) { 550 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found " 551 "for SMK M4/M5: peer " MACSTR, 552 MAC2STR(kde.mac_addr)); 553 return -1; 554 } 555 556 if (peerkey->initiator) { 557 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver, 558 peerkey, &kde) < 0) 559 return -1; 560 } else { 561 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0) 562 return -1; 563 } 564 565 os_memcpy(peerkey->smk, kde.smk, PMK_LEN); 566 peerkey->smk_complete = 1; 567 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN); 568 lifetime = WPA_GET_BE32(kde.lifetime); 569 wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime); 570 if (lifetime > 1000000000) 571 lifetime = 1000000000; /* avoid overflowing eloop time */ 572 peerkey->lifetime = lifetime; 573 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout, 574 sm, peerkey); 575 576 if (peerkey->initiator) { 577 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr, 578 peerkey->inonce, sm->own_addr, peerkey->smkid, 579 peerkey->akmp); 580 wpa_supplicant_send_stk_1_of_4(sm, peerkey); 581 } else { 582 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr, 583 peerkey->inonce, peerkey->addr, peerkey->smkid, 584 peerkey->akmp); 585 } 586 wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN); 587 588 return 0; 589} 590 591 592static int wpa_supplicant_process_smk_error( 593 struct wpa_sm *sm, const unsigned char *src_addr, 594 const struct wpa_eapol_key *key, size_t extra_len) 595{ 596 struct wpa_eapol_ie_parse kde; 597 struct rsn_error_kde error; 598 u8 peer[ETH_ALEN]; 599 u16 error_type; 600 601 wpa_printf(MSG_DEBUG, "RSN: Received SMK Error"); 602 603 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 604 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for " 605 "the current network"); 606 return -1; 607 } 608 609 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 610 0) { 611 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error"); 612 return -1; 613 } 614 615 if (kde.error == NULL || kde.error_len < sizeof(error)) { 616 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error"); 617 return -1; 618 } 619 620 if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN) 621 os_memcpy(peer, kde.mac_addr, ETH_ALEN); 622 else 623 os_memset(peer, 0, ETH_ALEN); 624 os_memcpy(&error, kde.error, sizeof(error)); 625 error_type = be_to_host16(error.error_type); 626 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 627 "RSN: SMK Error KDE received: MUI %d error_type %d peer " 628 MACSTR, 629 be_to_host16(error.mui), error_type, 630 MAC2STR(peer)); 631 632 if (kde.mac_addr && 633 (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN || 634 error_type == STK_ERR_CPHR_NS)) { 635 struct wpa_peerkey *peerkey; 636 637 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 638 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 639 0) 640 break; 641 } 642 if (peerkey == NULL) { 643 wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake " 644 "found for SMK Error"); 645 return -1; 646 } 647 /* TODO: abort SMK/STK handshake and remove all related keys */ 648 } 649 650 return 0; 651} 652 653 654static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm, 655 struct wpa_peerkey *peerkey, 656 const struct wpa_eapol_key *key, 657 u16 ver, const u8 *key_data, 658 size_t key_data_len) 659{ 660 struct wpa_eapol_ie_parse ie; 661 size_t kde_buf_len; 662 struct wpa_ptk *stk; 663 u8 buf[8], *kde_buf, *pos; 664 be32 lifetime; 665 666 wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from " 667 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 668 669 os_memset(&ie, 0, sizeof(ie)); 670 671 /* RSN: msg 1/4 should contain SMKID for the selected SMK */ 672 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len); 673 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0 || 674 ie.pmkid == NULL) { 675 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4"); 676 return; 677 } 678 if (os_memcmp_const(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) { 679 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4", 680 ie.pmkid, PMKID_LEN); 681 return; 682 } 683 684 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) { 685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 686 "RSN: Failed to get random data for PNonce"); 687 return; 688 } 689 wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce", 690 peerkey->pnonce, WPA_NONCE_LEN); 691 692 /* Calculate STK which will be stored as a temporary STK until it has 693 * been verified when processing message 3/4. */ 694 stk = &peerkey->tstk; 695 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion", 696 sm->own_addr, peerkey->addr, 697 peerkey->pnonce, key->key_nonce, 698 stk, peerkey->akmp, peerkey->cipher); 699 /* Supplicant: swap tx/rx Mic keys */ 700 os_memcpy(buf, &stk->tk[16], 8); 701 os_memcpy(&stk->tk[16], &stk->tk[24], 8); 702 os_memcpy(&stk->tk[24], buf, 8); 703 peerkey->tstk_set = 1; 704 705 kde_buf_len = peerkey->rsnie_p_len + 706 2 + RSN_SELECTOR_LEN + sizeof(lifetime) + 707 2 + RSN_SELECTOR_LEN + PMKID_LEN; 708 kde_buf = os_malloc(kde_buf_len); 709 if (kde_buf == NULL) 710 return; 711 pos = kde_buf; 712 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len); 713 lifetime = host_to_be32(peerkey->lifetime); 714 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, 715 (u8 *) &lifetime, sizeof(lifetime)); 716 wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN); 717 718 if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver, 719 peerkey->pnonce, kde_buf, kde_buf_len, 720 stk)) { 721 os_free(kde_buf); 722 return; 723 } 724 os_free(kde_buf); 725 726 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN); 727} 728 729 730static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm, 731 struct wpa_peerkey *peerkey, 732 struct wpa_eapol_ie_parse *kde) 733{ 734 u32 lifetime; 735 736 if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime)) 737 return; 738 739 lifetime = WPA_GET_BE32(kde->lifetime); 740 741 if (lifetime >= peerkey->lifetime) { 742 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds " 743 "which is larger than or equal to own value %u " 744 "seconds - ignored", lifetime, peerkey->lifetime); 745 return; 746 } 747 748 wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds " 749 "(own was %u seconds) - updated", 750 lifetime, peerkey->lifetime); 751 peerkey->lifetime = lifetime; 752 753 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey); 754 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout, 755 sm, peerkey); 756} 757 758 759static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm, 760 struct wpa_peerkey *peerkey, 761 const struct wpa_eapol_key *key, 762 u16 ver, const u8 *key_data, 763 size_t key_data_len) 764{ 765 struct wpa_eapol_ie_parse kde; 766 767 wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from " 768 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 769 770 os_memset(&kde, 0, sizeof(kde)); 771 772 /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE 773 * from the peer. It may also include Lifetime KDE. */ 774 wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", key_data, key_data_len); 775 if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0 || 776 kde.pmkid == NULL || kde.rsn_ie == NULL) { 777 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4"); 778 return; 779 } 780 781 if (os_memcmp_const(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) { 782 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4", 783 kde.pmkid, PMKID_LEN); 784 return; 785 } 786 787 if (kde.rsn_ie_len != peerkey->rsnie_p_len || 788 os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) { 789 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK " 790 "handshakes did not match"); 791 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake", 792 peerkey->rsnie_p, peerkey->rsnie_p_len); 793 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake", 794 kde.rsn_ie, kde.rsn_ie_len); 795 return; 796 } 797 798 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde); 799 800 wpa_supplicant_send_stk_3_of_4(sm, peerkey); 801 os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN); 802} 803 804 805static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm, 806 struct wpa_peerkey *peerkey, 807 const struct wpa_eapol_key *key, 808 u16 ver, const u8 *key_data, 809 size_t key_data_len) 810{ 811 struct wpa_eapol_ie_parse kde; 812 size_t key_len; 813 const u8 *_key; 814 u8 key_buf[32], rsc[6]; 815 816 wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from " 817 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 818 819 os_memset(&kde, 0, sizeof(kde)); 820 821 /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include 822 * Lifetime KDE. */ 823 wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", key_data, key_data_len); 824 if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) { 825 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in " 826 "STK 3/4"); 827 return; 828 } 829 830 if (kde.rsn_ie_len != peerkey->rsnie_i_len || 831 os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) { 832 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK " 833 "handshakes did not match"); 834 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK " 835 "handshake", 836 peerkey->rsnie_i, peerkey->rsnie_i_len); 837 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK " 838 "handshake", 839 kde.rsn_ie, kde.rsn_ie_len); 840 return; 841 } 842 843 if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 844 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK " 845 "4-Way Handshake differs from 3 of STK 4-Way " 846 "Handshake - drop packet (src=" MACSTR ")", 847 MAC2STR(peerkey->addr)); 848 return; 849 } 850 851 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde); 852 853 if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver, 854 WPA_GET_BE16(key->key_info), 855 &peerkey->stk)) 856 return; 857 858 _key = peerkey->stk.tk; 859 if (peerkey->cipher == WPA_CIPHER_TKIP) { 860 /* Swap Tx/Rx keys for Michael MIC */ 861 os_memcpy(key_buf, _key, 16); 862 os_memcpy(key_buf + 16, _key + 24, 8); 863 os_memcpy(key_buf + 24, _key + 16, 8); 864 _key = key_buf; 865 key_len = 32; 866 } else 867 key_len = 16; 868 869 os_memset(rsc, 0, 6); 870 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1, 871 rsc, sizeof(rsc), _key, key_len) < 0) { 872 os_memset(key_buf, 0, sizeof(key_buf)); 873 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the " 874 "driver."); 875 return; 876 } 877 os_memset(key_buf, 0, sizeof(key_buf)); 878} 879 880 881static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm, 882 struct wpa_peerkey *peerkey, 883 const struct wpa_eapol_key *key, 884 u16 ver) 885{ 886 u8 rsc[6]; 887 888 wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from " 889 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 890 891 os_memset(rsc, 0, 6); 892 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1, 893 rsc, sizeof(rsc), peerkey->stk.tk, 894 peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) { 895 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the " 896 "driver."); 897 return; 898 } 899} 900 901 902/** 903 * peerkey_verify_eapol_key_mic - Verify PeerKey MIC 904 * @sm: Pointer to WPA state machine data from wpa_sm_init() 905 * @peerkey: Pointer to the PeerKey data for the peer 906 * @key: Pointer to the EAPOL-Key frame header 907 * @ver: Version bits from EAPOL-Key Key Info 908 * @buf: Pointer to the beginning of EAPOL-Key frame 909 * @len: Length of the EAPOL-Key frame 910 * Returns: 0 on success, -1 on failure 911 */ 912int peerkey_verify_eapol_key_mic(struct wpa_sm *sm, 913 struct wpa_peerkey *peerkey, 914 struct wpa_eapol_key_192 *key, u16 ver, 915 const u8 *buf, size_t len) 916{ 917 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 918 size_t mic_len = 16; 919 int ok = 0; 920 921 if (peerkey->initiator && !peerkey->stk_set) { 922 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion", 923 sm->own_addr, peerkey->addr, 924 peerkey->inonce, key->key_nonce, 925 &peerkey->stk, peerkey->akmp, peerkey->cipher); 926 peerkey->stk_set = 1; 927 } 928 929 os_memcpy(mic, key->key_mic, mic_len); 930 if (peerkey->tstk_set) { 931 os_memset(key->key_mic, 0, mic_len); 932 wpa_eapol_key_mic(peerkey->tstk.kck, peerkey->tstk.kck_len, 933 sm->key_mgmt, ver, buf, len, key->key_mic); 934 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 935 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC " 936 "when using TSTK - ignoring TSTK"); 937 } else { 938 ok = 1; 939 peerkey->tstk_set = 0; 940 peerkey->stk_set = 1; 941 os_memcpy(&peerkey->stk, &peerkey->tstk, 942 sizeof(peerkey->stk)); 943 os_memset(&peerkey->tstk, 0, sizeof(peerkey->tstk)); 944 } 945 } 946 947 if (!ok && peerkey->stk_set) { 948 os_memset(key->key_mic, 0, mic_len); 949 wpa_eapol_key_mic(peerkey->stk.kck, peerkey->stk.kck_len, 950 sm->key_mgmt, ver, buf, len, key->key_mic); 951 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { 952 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC " 953 "- dropping packet"); 954 return -1; 955 } 956 ok = 1; 957 } 958 959 if (!ok) { 960 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC " 961 "- dropping packet"); 962 return -1; 963 } 964 965 os_memcpy(peerkey->replay_counter, key->replay_counter, 966 WPA_REPLAY_COUNTER_LEN); 967 peerkey->replay_counter_set = 1; 968 return 0; 969} 970 971 972/** 973 * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1) 974 * @sm: Pointer to WPA state machine data from wpa_sm_init() 975 * @peer: MAC address of the peer STA 976 * Returns: 0 on success, or -1 on failure 977 * 978 * Send an EAPOL-Key Request to the current authenticator to start STK 979 * handshake with the peer. 980 */ 981int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer) 982{ 983 size_t rlen, kde_len; 984 struct wpa_eapol_key *req; 985 int key_info, ver; 986 u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos; 987 u16 count; 988 struct rsn_ie_hdr *hdr; 989 struct wpa_peerkey *peerkey; 990 struct wpa_ie_data ie; 991 992 if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled) 993 return -1; 994 995 if (sm->ap_rsn_ie && 996 wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 && 997 !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) { 998 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK"); 999 return -1; 1000 } 1001 1002 if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 1003 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1004 else 1005 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1006 1007 if (wpa_sm_get_bssid(sm, bssid) < 0) { 1008 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key " 1009 "SMK M1"); 1010 return -1; 1011 } 1012 1013 /* TODO: find existing entry and if found, use that instead of adding 1014 * a new one */ 1015 peerkey = os_zalloc(sizeof(*peerkey)); 1016 if (peerkey == NULL) 1017 return -1; 1018 peerkey->initiator = 1; 1019 os_memcpy(peerkey->addr, peer, ETH_ALEN); 1020 peerkey->akmp = sm->key_mgmt; 1021 1022 /* SMK M1: 1023 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce, 1024 * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE)) 1025 */ 1026 1027 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i; 1028 hdr->elem_id = WLAN_EID_RSN; 1029 WPA_PUT_LE16(hdr->version, RSN_VERSION); 1030 pos = (u8 *) (hdr + 1); 1031 /* Group Suite can be anything for SMK RSN IE; receiver will just 1032 * ignore it. */ 1033 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 1034 pos += RSN_SELECTOR_LEN; 1035 count_pos = pos; 1036 pos += 2; 1037 1038 count = rsn_cipher_put_suites(pos, sm->allowed_pairwise_cipher); 1039 pos += count * RSN_SELECTOR_LEN; 1040 WPA_PUT_LE16(count_pos, count); 1041 1042 hdr->len = (pos - peerkey->rsnie_i) - 2; 1043 peerkey->rsnie_i_len = pos - peerkey->rsnie_i; 1044 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake", 1045 peerkey->rsnie_i, peerkey->rsnie_i_len); 1046 1047 kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN; 1048 1049 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1050 sizeof(*req) + kde_len, &rlen, 1051 (void *) &req); 1052 if (rbuf == NULL) { 1053 wpa_supplicant_peerkey_free(sm, peerkey); 1054 return -1; 1055 } 1056 1057 req->type = EAPOL_KEY_TYPE_RSN; 1058 key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 1059 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver; 1060 WPA_PUT_BE16(req->key_info, key_info); 1061 WPA_PUT_BE16(req->key_length, 0); 1062 os_memcpy(req->replay_counter, sm->request_counter, 1063 WPA_REPLAY_COUNTER_LEN); 1064 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 1065 1066 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) { 1067 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1068 "WPA: Failed to get random data for INonce"); 1069 os_free(rbuf); 1070 wpa_supplicant_peerkey_free(sm, peerkey); 1071 return -1; 1072 } 1073 os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 1074 wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake", 1075 req->key_nonce, WPA_NONCE_LEN); 1076 1077 WPA_PUT_BE16(req->key_data_length, (u16) kde_len); 1078 pos = (u8 *) (req + 1); 1079 1080 /* Initiator RSN IE */ 1081 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len); 1082 /* Peer MAC address KDE */ 1083 wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN); 1084 1085 wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer " 1086 MACSTR ")", MAC2STR(peer)); 1087 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid, 1088 ETH_P_EAPOL, rbuf, rlen, req->key_mic); 1089 1090 peerkey->next = sm->peerkey; 1091 sm->peerkey = peerkey; 1092 1093 return 0; 1094} 1095 1096 1097/** 1098 * peerkey_deinit - Free PeerKey values 1099 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1100 */ 1101void peerkey_deinit(struct wpa_sm *sm) 1102{ 1103 struct wpa_peerkey *prev, *peerkey = sm->peerkey; 1104 while (peerkey) { 1105 prev = peerkey; 1106 peerkey = peerkey->next; 1107 wpa_supplicant_peerkey_free(sm, prev); 1108 } 1109 sm->peerkey = NULL; 1110} 1111 1112 1113void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey, 1114 struct wpa_eapol_key *key, u16 key_info, u16 ver, 1115 const u8 *key_data, size_t key_data_len) 1116{ 1117 if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) == 1118 (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) { 1119 /* 3/4 STK 4-Way Handshake */ 1120 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver, 1121 key_data, key_data_len); 1122 } else if (key_info & WPA_KEY_INFO_ACK) { 1123 /* 1/4 STK 4-Way Handshake */ 1124 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver, 1125 key_data, key_data_len); 1126 } else if (key_info & WPA_KEY_INFO_SECURE) { 1127 /* 4/4 STK 4-Way Handshake */ 1128 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver); 1129 } else { 1130 /* 2/4 STK 4-Way Handshake */ 1131 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver, 1132 key_data, key_data_len); 1133 } 1134} 1135 1136 1137void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr, 1138 struct wpa_eapol_key *key, size_t extra_len, 1139 u16 key_info, u16 ver) 1140{ 1141 if (key_info & WPA_KEY_INFO_ERROR) { 1142 /* SMK Error */ 1143 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len); 1144 } else if (key_info & WPA_KEY_INFO_ACK) { 1145 /* SMK M2 */ 1146 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len, 1147 ver); 1148 } else { 1149 /* SMK M4 or M5 */ 1150 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len, 1151 ver); 1152 } 1153} 1154 1155#endif /* CONFIG_PEERKEY */ 1156