Line data Source code
1 : /*
2 : * IEEE 802.11 RSN / WPA Authenticator
3 : * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "utils/includes.h"
10 :
11 : #include "utils/common.h"
12 : #include "utils/eloop.h"
13 : #include "utils/state_machine.h"
14 : #include "utils/bitfield.h"
15 : #include "common/ieee802_11_defs.h"
16 : #include "crypto/aes_wrap.h"
17 : #include "crypto/crypto.h"
18 : #include "crypto/sha1.h"
19 : #include "crypto/sha256.h"
20 : #include "crypto/random.h"
21 : #include "eapol_auth/eapol_auth_sm.h"
22 : #include "ap_config.h"
23 : #include "ieee802_11.h"
24 : #include "wpa_auth.h"
25 : #include "pmksa_cache_auth.h"
26 : #include "wpa_auth_i.h"
27 : #include "wpa_auth_ie.h"
28 :
29 : #define STATE_MACHINE_DATA struct wpa_state_machine
30 : #define STATE_MACHINE_DEBUG_PREFIX "WPA"
31 : #define STATE_MACHINE_ADDR sm->addr
32 :
33 :
34 : static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
35 : static int wpa_sm_step(struct wpa_state_machine *sm);
36 : static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
37 : static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
38 : static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
39 : struct wpa_group *group);
40 : static void wpa_request_new_ptk(struct wpa_state_machine *sm);
41 : static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
42 : struct wpa_group *group);
43 : static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
44 : struct wpa_group *group);
45 :
46 : static const u32 dot11RSNAConfigGroupUpdateCount = 4;
47 : static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
48 : static const u32 eapol_key_timeout_first = 100; /* ms */
49 : static const u32 eapol_key_timeout_subseq = 1000; /* ms */
50 : static const u32 eapol_key_timeout_first_group = 500; /* ms */
51 :
52 : /* TODO: make these configurable */
53 : static const int dot11RSNAConfigPMKLifetime = 43200;
54 : static const int dot11RSNAConfigPMKReauthThreshold = 70;
55 : static const int dot11RSNAConfigSATimeout = 60;
56 :
57 :
58 2 : static inline int wpa_auth_mic_failure_report(
59 : struct wpa_authenticator *wpa_auth, const u8 *addr)
60 : {
61 2 : if (wpa_auth->cb.mic_failure_report)
62 2 : return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
63 0 : return 0;
64 : }
65 :
66 :
67 7857 : static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 : const u8 *addr, wpa_eapol_variable var,
69 : int value)
70 : {
71 7857 : if (wpa_auth->cb.set_eapol)
72 7857 : wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
73 7857 : }
74 :
75 :
76 5388 : static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 : const u8 *addr, wpa_eapol_variable var)
78 : {
79 5388 : if (wpa_auth->cb.get_eapol == NULL)
80 0 : return -1;
81 5388 : return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
82 : }
83 :
84 :
85 1075 : static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 : const u8 *addr,
87 : const u8 *p2p_dev_addr,
88 : const u8 *prev_psk)
89 : {
90 1075 : if (wpa_auth->cb.get_psk == NULL)
91 0 : return NULL;
92 1075 : return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
93 : prev_psk);
94 : }
95 :
96 :
97 278 : static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
98 : const u8 *addr, u8 *msk, size_t *len)
99 : {
100 278 : if (wpa_auth->cb.get_msk == NULL)
101 0 : return -1;
102 278 : return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
103 : }
104 :
105 :
106 5258 : static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
107 : int vlan_id,
108 : enum wpa_alg alg, const u8 *addr, int idx,
109 : u8 *key, size_t key_len)
110 : {
111 5258 : if (wpa_auth->cb.set_key == NULL)
112 0 : return -1;
113 5258 : return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
114 : key, key_len);
115 : }
116 :
117 :
118 674 : static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
119 : const u8 *addr, int idx, u8 *seq)
120 : {
121 674 : if (wpa_auth->cb.get_seqnum == NULL)
122 10 : return -1;
123 664 : return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
124 : }
125 :
126 :
127 : static inline int
128 1308 : wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
129 : const u8 *data, size_t data_len, int encrypt)
130 : {
131 1308 : if (wpa_auth->cb.send_eapol == NULL)
132 0 : return -1;
133 1308 : return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
134 : encrypt);
135 : }
136 :
137 :
138 110 : int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
139 : int (*cb)(struct wpa_state_machine *sm, void *ctx),
140 : void *cb_ctx)
141 : {
142 110 : if (wpa_auth->cb.for_each_sta == NULL)
143 0 : return 0;
144 110 : return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
145 : }
146 :
147 :
148 2 : int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
149 : int (*cb)(struct wpa_authenticator *a, void *ctx),
150 : void *cb_ctx)
151 : {
152 2 : if (wpa_auth->cb.for_each_auth == NULL)
153 0 : return 0;
154 2 : return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
155 : }
156 :
157 :
158 5221 : void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
159 : logger_level level, const char *txt)
160 : {
161 5221 : if (wpa_auth->cb.logger == NULL)
162 5221 : return;
163 5221 : wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
164 : }
165 :
166 :
167 3229 : void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
168 : logger_level level, const char *fmt, ...)
169 : {
170 : char *format;
171 : int maxlen;
172 : va_list ap;
173 :
174 3229 : if (wpa_auth->cb.logger == NULL)
175 0 : return;
176 :
177 3229 : maxlen = os_strlen(fmt) + 100;
178 3229 : format = os_malloc(maxlen);
179 3229 : if (!format)
180 0 : return;
181 :
182 3229 : va_start(ap, fmt);
183 3229 : vsnprintf(format, maxlen, fmt, ap);
184 3229 : va_end(ap);
185 :
186 3229 : wpa_auth_logger(wpa_auth, addr, level, format);
187 :
188 3229 : os_free(format);
189 : }
190 :
191 :
192 7 : static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
193 : const u8 *addr)
194 : {
195 7 : if (wpa_auth->cb.disconnect == NULL)
196 7 : return;
197 7 : wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
198 7 : wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
199 : WLAN_REASON_PREV_AUTH_NOT_VALID);
200 : }
201 :
202 :
203 3804 : static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
204 : {
205 3804 : int ret = 0;
206 : #ifdef CONFIG_IEEE80211R
207 3804 : if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
208 96 : ret = 1;
209 : #endif /* CONFIG_IEEE80211R */
210 : #ifdef CONFIG_IEEE80211W
211 3804 : if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
212 94 : ret = 1;
213 : #endif /* CONFIG_IEEE80211W */
214 3804 : if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
215 8 : ret = 1;
216 3804 : return ret;
217 : }
218 :
219 :
220 0 : static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
221 : {
222 0 : struct wpa_authenticator *wpa_auth = eloop_ctx;
223 :
224 0 : if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
225 0 : wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
226 : "initialization.");
227 : } else {
228 0 : wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
229 0 : wpa_hexdump_key(MSG_DEBUG, "GMK",
230 0 : wpa_auth->group->GMK, WPA_GMK_LEN);
231 : }
232 :
233 0 : if (wpa_auth->conf.wpa_gmk_rekey) {
234 0 : eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
235 : wpa_rekey_gmk, wpa_auth, NULL);
236 : }
237 0 : }
238 :
239 :
240 0 : static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
241 : {
242 0 : struct wpa_authenticator *wpa_auth = eloop_ctx;
243 : struct wpa_group *group;
244 :
245 0 : wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
246 0 : for (group = wpa_auth->group; group; group = group->next) {
247 0 : group->GTKReKey = TRUE;
248 : do {
249 0 : group->changed = FALSE;
250 0 : wpa_group_sm_step(wpa_auth, group);
251 0 : } while (group->changed);
252 : }
253 :
254 0 : if (wpa_auth->conf.wpa_group_rekey) {
255 0 : eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
256 : 0, wpa_rekey_gtk, wpa_auth, NULL);
257 : }
258 0 : }
259 :
260 :
261 0 : static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
262 : {
263 0 : struct wpa_authenticator *wpa_auth = eloop_ctx;
264 0 : struct wpa_state_machine *sm = timeout_ctx;
265 :
266 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
267 0 : wpa_request_new_ptk(sm);
268 0 : wpa_sm_step(sm);
269 0 : }
270 :
271 :
272 107 : static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
273 : {
274 107 : if (sm->pmksa == ctx)
275 0 : sm->pmksa = NULL;
276 107 : return 0;
277 : }
278 :
279 :
280 101 : static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
281 : void *ctx)
282 : {
283 101 : struct wpa_authenticator *wpa_auth = ctx;
284 101 : wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
285 101 : }
286 :
287 :
288 935 : static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
289 : struct wpa_group *group)
290 : {
291 : u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
292 : u8 rkey[32];
293 : unsigned long ptr;
294 :
295 935 : if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
296 0 : return -1;
297 935 : wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
298 :
299 : /*
300 : * Counter = PRF-256(Random number, "Init Counter",
301 : * Local MAC Address || Time)
302 : */
303 935 : os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
304 935 : wpa_get_ntp_timestamp(buf + ETH_ALEN);
305 935 : ptr = (unsigned long) group;
306 935 : os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
307 935 : if (random_get_bytes(rkey, sizeof(rkey)) < 0)
308 0 : return -1;
309 :
310 935 : if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
311 935 : group->Counter, WPA_NONCE_LEN) < 0)
312 0 : return -1;
313 935 : wpa_hexdump_key(MSG_DEBUG, "Key Counter",
314 935 : group->Counter, WPA_NONCE_LEN);
315 :
316 935 : return 0;
317 : }
318 :
319 :
320 514 : static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
321 : int vlan_id, int delay_init)
322 : {
323 : struct wpa_group *group;
324 :
325 514 : group = os_zalloc(sizeof(struct wpa_group));
326 514 : if (group == NULL)
327 0 : return NULL;
328 :
329 514 : group->GTKAuthenticator = TRUE;
330 514 : group->vlan_id = vlan_id;
331 514 : group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
332 :
333 : if (random_pool_ready() != 1) {
334 : wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
335 : "for secure operations - update keys later when "
336 : "the first station connects");
337 : }
338 :
339 : /*
340 : * Set initial GMK/Counter value here. The actual values that will be
341 : * used in negotiations will be set once the first station tries to
342 : * connect. This allows more time for collecting additional randomness
343 : * on embedded devices.
344 : */
345 514 : if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
346 0 : wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
347 : "initialization.");
348 0 : os_free(group);
349 0 : return NULL;
350 : }
351 :
352 514 : group->GInit = TRUE;
353 514 : if (delay_init) {
354 508 : wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
355 : "until Beacon frames have been configured");
356 : /* Initialization is completed in wpa_init_keys(). */
357 : } else {
358 6 : wpa_group_sm_step(wpa_auth, group);
359 6 : group->GInit = FALSE;
360 6 : wpa_group_sm_step(wpa_auth, group);
361 : }
362 :
363 514 : return group;
364 : }
365 :
366 :
367 : /**
368 : * wpa_init - Initialize WPA authenticator
369 : * @addr: Authenticator address
370 : * @conf: Configuration for WPA authenticator
371 : * @cb: Callback functions for WPA authenticator
372 : * Returns: Pointer to WPA authenticator data or %NULL on failure
373 : */
374 508 : struct wpa_authenticator * wpa_init(const u8 *addr,
375 : struct wpa_auth_config *conf,
376 : struct wpa_auth_callbacks *cb)
377 : {
378 : struct wpa_authenticator *wpa_auth;
379 :
380 508 : wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
381 508 : if (wpa_auth == NULL)
382 0 : return NULL;
383 508 : os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
384 508 : os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
385 508 : os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
386 :
387 508 : if (wpa_auth_gen_wpa_ie(wpa_auth)) {
388 0 : wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
389 0 : os_free(wpa_auth);
390 0 : return NULL;
391 : }
392 :
393 508 : wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
394 508 : if (wpa_auth->group == NULL) {
395 0 : os_free(wpa_auth->wpa_ie);
396 0 : os_free(wpa_auth);
397 0 : return NULL;
398 : }
399 :
400 508 : wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
401 : wpa_auth);
402 508 : if (wpa_auth->pmksa == NULL) {
403 0 : wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
404 0 : os_free(wpa_auth->wpa_ie);
405 0 : os_free(wpa_auth);
406 0 : return NULL;
407 : }
408 :
409 : #ifdef CONFIG_IEEE80211R
410 508 : wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
411 508 : if (wpa_auth->ft_pmk_cache == NULL) {
412 0 : wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
413 0 : os_free(wpa_auth->wpa_ie);
414 0 : pmksa_cache_auth_deinit(wpa_auth->pmksa);
415 0 : os_free(wpa_auth);
416 0 : return NULL;
417 : }
418 : #endif /* CONFIG_IEEE80211R */
419 :
420 508 : if (wpa_auth->conf.wpa_gmk_rekey) {
421 502 : eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
422 : wpa_rekey_gmk, wpa_auth, NULL);
423 : }
424 :
425 508 : if (wpa_auth->conf.wpa_group_rekey) {
426 508 : eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
427 : wpa_rekey_gtk, wpa_auth, NULL);
428 : }
429 :
430 : #ifdef CONFIG_P2P
431 127 : if (WPA_GET_BE32(conf->ip_addr_start)) {
432 234 : int count = WPA_GET_BE32(conf->ip_addr_end) -
433 156 : WPA_GET_BE32(conf->ip_addr_start) + 1;
434 78 : if (count > 1000)
435 0 : count = 1000;
436 78 : if (count > 0)
437 78 : wpa_auth->ip_pool = bitfield_alloc(count);
438 : }
439 : #endif /* CONFIG_P2P */
440 :
441 508 : return wpa_auth;
442 : }
443 :
444 :
445 508 : int wpa_init_keys(struct wpa_authenticator *wpa_auth)
446 : {
447 508 : struct wpa_group *group = wpa_auth->group;
448 :
449 508 : wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
450 : "keys");
451 508 : wpa_group_sm_step(wpa_auth, group);
452 508 : group->GInit = FALSE;
453 508 : wpa_group_sm_step(wpa_auth, group);
454 508 : if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
455 0 : return -1;
456 508 : return 0;
457 : }
458 :
459 :
460 : /**
461 : * wpa_deinit - Deinitialize WPA authenticator
462 : * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
463 : */
464 508 : void wpa_deinit(struct wpa_authenticator *wpa_auth)
465 : {
466 : struct wpa_group *group, *prev;
467 :
468 508 : eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
469 508 : eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
470 :
471 : #ifdef CONFIG_PEERKEY
472 1016 : while (wpa_auth->stsl_negotiations)
473 0 : wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
474 : #endif /* CONFIG_PEERKEY */
475 :
476 508 : pmksa_cache_auth_deinit(wpa_auth->pmksa);
477 :
478 : #ifdef CONFIG_IEEE80211R
479 508 : wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
480 508 : wpa_auth->ft_pmk_cache = NULL;
481 : #endif /* CONFIG_IEEE80211R */
482 :
483 : #ifdef CONFIG_P2P
484 127 : bitfield_free(wpa_auth->ip_pool);
485 : #endif /* CONFIG_P2P */
486 :
487 :
488 508 : os_free(wpa_auth->wpa_ie);
489 :
490 508 : group = wpa_auth->group;
491 1530 : while (group) {
492 514 : prev = group;
493 514 : group = group->next;
494 514 : os_free(prev);
495 : }
496 :
497 508 : os_free(wpa_auth);
498 508 : }
499 :
500 :
501 : /**
502 : * wpa_reconfig - Update WPA authenticator configuration
503 : * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
504 : * @conf: Configuration for WPA authenticator
505 : */
506 2 : int wpa_reconfig(struct wpa_authenticator *wpa_auth,
507 : struct wpa_auth_config *conf)
508 : {
509 : struct wpa_group *group;
510 2 : if (wpa_auth == NULL)
511 0 : return 0;
512 :
513 2 : os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
514 2 : if (wpa_auth_gen_wpa_ie(wpa_auth)) {
515 0 : wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
516 0 : return -1;
517 : }
518 :
519 : /*
520 : * Reinitialize GTK to make sure it is suitable for the new
521 : * configuration.
522 : */
523 2 : group = wpa_auth->group;
524 2 : group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
525 2 : group->GInit = TRUE;
526 2 : wpa_group_sm_step(wpa_auth, group);
527 2 : group->GInit = FALSE;
528 2 : wpa_group_sm_step(wpa_auth, group);
529 :
530 2 : return 0;
531 : }
532 :
533 :
534 : struct wpa_state_machine *
535 624 : wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
536 : const u8 *p2p_dev_addr)
537 : {
538 : struct wpa_state_machine *sm;
539 :
540 624 : if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
541 0 : return NULL;
542 :
543 624 : sm = os_zalloc(sizeof(struct wpa_state_machine));
544 624 : if (sm == NULL)
545 0 : return NULL;
546 624 : os_memcpy(sm->addr, addr, ETH_ALEN);
547 624 : if (p2p_dev_addr)
548 118 : os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
549 :
550 624 : sm->wpa_auth = wpa_auth;
551 624 : sm->group = wpa_auth->group;
552 :
553 624 : return sm;
554 : }
555 :
556 :
557 1029 : int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
558 : struct wpa_state_machine *sm)
559 : {
560 1029 : if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
561 376 : return -1;
562 :
563 : #ifdef CONFIG_IEEE80211R
564 653 : if (sm->ft_completed) {
565 20 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
566 : "FT authentication already completed - do not "
567 : "start 4-way handshake");
568 20 : return 0;
569 : }
570 : #endif /* CONFIG_IEEE80211R */
571 :
572 633 : if (sm->started) {
573 24 : os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
574 24 : sm->ReAuthenticationRequest = TRUE;
575 24 : return wpa_sm_step(sm);
576 : }
577 :
578 609 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
579 : "start authentication");
580 609 : sm->started = 1;
581 :
582 609 : sm->Init = TRUE;
583 609 : if (wpa_sm_step(sm) == 1)
584 0 : return 1; /* should not really happen */
585 609 : sm->Init = FALSE;
586 609 : sm->AuthenticationRequest = TRUE;
587 609 : return wpa_sm_step(sm);
588 : }
589 :
590 :
591 376 : void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
592 : {
593 : /* WPA/RSN was not used - clear WPA state. This is needed if the STA
594 : * reassociates back to the same AP while the previous entry for the
595 : * STA has not yet been removed. */
596 376 : if (sm == NULL)
597 751 : return;
598 :
599 1 : sm->wpa_key_mgmt = 0;
600 : }
601 :
602 :
603 624 : static void wpa_free_sta_sm(struct wpa_state_machine *sm)
604 : {
605 : #ifdef CONFIG_P2P
606 141 : if (WPA_GET_BE32(sm->ip_addr)) {
607 : u32 start;
608 750 : wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
609 : "address %u.%u.%u.%u from " MACSTR,
610 150 : sm->ip_addr[0], sm->ip_addr[1],
611 150 : sm->ip_addr[2], sm->ip_addr[3],
612 450 : MAC2STR(sm->addr));
613 75 : start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
614 75 : bitfield_clear(sm->wpa_auth->ip_pool,
615 75 : WPA_GET_BE32(sm->ip_addr) - start);
616 : }
617 : #endif /* CONFIG_P2P */
618 624 : if (sm->GUpdateStationKeys) {
619 0 : sm->group->GKeyDoneStations--;
620 0 : sm->GUpdateStationKeys = FALSE;
621 : }
622 : #ifdef CONFIG_IEEE80211R
623 624 : os_free(sm->assoc_resp_ftie);
624 624 : wpabuf_free(sm->ft_pending_req_ies);
625 : #endif /* CONFIG_IEEE80211R */
626 624 : os_free(sm->last_rx_eapol_key);
627 624 : os_free(sm->wpa_ie);
628 624 : os_free(sm);
629 624 : }
630 :
631 :
632 1007 : void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
633 : {
634 1007 : if (sm == NULL)
635 1390 : return;
636 :
637 624 : if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
638 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
639 : "strict rekeying - force GTK rekey since STA "
640 : "is leaving");
641 0 : eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
642 0 : eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
643 : NULL);
644 : }
645 :
646 624 : eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
647 624 : sm->pending_1_of_4_timeout = 0;
648 624 : eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
649 624 : eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
650 624 : if (sm->in_step_loop) {
651 : /* Must not free state machine while wpa_sm_step() is running.
652 : * Freeing will be completed in the end of wpa_sm_step(). */
653 0 : wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
654 0 : "machine deinit for " MACSTR, MAC2STR(sm->addr));
655 0 : sm->pending_deinit = 1;
656 : } else
657 624 : wpa_free_sta_sm(sm);
658 : }
659 :
660 :
661 4 : static void wpa_request_new_ptk(struct wpa_state_machine *sm)
662 : {
663 4 : if (sm == NULL)
664 4 : return;
665 :
666 4 : sm->PTKRequest = TRUE;
667 4 : sm->PTK_valid = 0;
668 : }
669 :
670 :
671 1292 : static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
672 : const u8 *replay_counter)
673 : {
674 : int i;
675 1292 : for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
676 1292 : if (!ctr[i].valid)
677 0 : break;
678 1292 : if (os_memcmp(replay_counter, ctr[i].counter,
679 : WPA_REPLAY_COUNTER_LEN) == 0)
680 1292 : return 1;
681 : }
682 0 : return 0;
683 : }
684 :
685 :
686 2584 : static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
687 : const u8 *replay_counter)
688 : {
689 : int i;
690 12920 : for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
691 10336 : if (ctr[i].valid &&
692 1292 : (replay_counter == NULL ||
693 1292 : os_memcmp(replay_counter, ctr[i].counter,
694 : WPA_REPLAY_COUNTER_LEN) == 0))
695 1292 : ctr[i].valid = FALSE;
696 : }
697 2584 : }
698 :
699 :
700 : #ifdef CONFIG_IEEE80211R
701 16 : static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
702 : struct wpa_state_machine *sm,
703 : struct wpa_eapol_ie_parse *kde)
704 : {
705 : struct wpa_ie_data ie;
706 : struct rsn_mdie *mdie;
707 :
708 32 : if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
709 32 : ie.num_pmkid != 1 || ie.pmkid == NULL) {
710 0 : wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
711 : "FT 4-way handshake message 2/4");
712 0 : return -1;
713 : }
714 :
715 16 : os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
716 16 : wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
717 16 : sm->sup_pmk_r1_name, PMKID_LEN);
718 :
719 16 : if (!kde->mdie || !kde->ftie) {
720 0 : wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
721 0 : "message 2/4", kde->mdie ? "FTIE" : "MDIE");
722 0 : return -1;
723 : }
724 :
725 16 : mdie = (struct rsn_mdie *) (kde->mdie + 2);
726 32 : if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
727 16 : os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
728 : MOBILITY_DOMAIN_ID_LEN) != 0) {
729 0 : wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
730 0 : return -1;
731 : }
732 :
733 32 : if (sm->assoc_resp_ftie &&
734 32 : (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
735 16 : os_memcmp(kde->ftie, sm->assoc_resp_ftie,
736 : 2 + sm->assoc_resp_ftie[1]) != 0)) {
737 0 : wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
738 0 : wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
739 0 : kde->ftie, kde->ftie_len);
740 0 : wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
741 0 : sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
742 0 : return -1;
743 : }
744 :
745 16 : return 0;
746 : }
747 : #endif /* CONFIG_IEEE80211R */
748 :
749 :
750 2 : static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
751 : struct wpa_state_machine *sm, int group)
752 : {
753 : /* Supplicant reported a Michael MIC error */
754 2 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
755 : "received EAPOL-Key Error Request "
756 : "(STA detected Michael MIC failure (group=%d))",
757 : group);
758 :
759 2 : if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
760 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
761 : "ignore Michael MIC failure report since "
762 : "group cipher is not TKIP");
763 2 : } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
764 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
765 : "ignore Michael MIC failure report since "
766 : "pairwise cipher is not TKIP");
767 : } else {
768 2 : if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
769 1 : return 1; /* STA entry was removed */
770 1 : sm->dot11RSNAStatsTKIPRemoteMICFailures++;
771 1 : wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
772 : }
773 :
774 : /*
775 : * Error report is not a request for a new key handshake, but since
776 : * Authenticator may do it, let's change the keys now anyway.
777 : */
778 1 : wpa_request_new_ptk(sm);
779 1 : return 0;
780 : }
781 :
782 :
783 1303 : void wpa_receive(struct wpa_authenticator *wpa_auth,
784 : struct wpa_state_machine *sm,
785 : u8 *data, size_t data_len)
786 : {
787 : struct ieee802_1x_hdr *hdr;
788 : struct wpa_eapol_key *key;
789 : u16 key_info, key_data_length;
790 : enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
791 : SMK_M1, SMK_M3, SMK_ERROR } msg;
792 : char *msgtxt;
793 : struct wpa_eapol_ie_parse kde;
794 : int ft;
795 : const u8 *eapol_key_ie;
796 : size_t eapol_key_ie_len;
797 :
798 1303 : if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
799 4 : return;
800 :
801 1303 : if (data_len < sizeof(*hdr) + sizeof(*key))
802 0 : return;
803 :
804 1303 : hdr = (struct ieee802_1x_hdr *) data;
805 1303 : key = (struct wpa_eapol_key *) (hdr + 1);
806 1303 : key_info = WPA_GET_BE16(key->key_info);
807 1303 : key_data_length = WPA_GET_BE16(key->key_data_length);
808 10424 : wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
809 : " key_info=0x%x type=%u key_data_length=%u",
810 9121 : MAC2STR(sm->addr), key_info, key->type, key_data_length);
811 1303 : if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
812 0 : wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
813 : "key_data overflow (%d > %lu)",
814 : key_data_length,
815 : (unsigned long) (data_len - sizeof(*hdr) -
816 : sizeof(*key)));
817 0 : return;
818 : }
819 :
820 1303 : if (sm->wpa == WPA_VERSION_WPA2) {
821 1258 : if (key->type == EAPOL_KEY_TYPE_WPA) {
822 : /*
823 : * Some deployed station implementations seem to send
824 : * msg 4/4 with incorrect type value in WPA2 mode.
825 : */
826 0 : wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
827 : "with unexpected WPA type in RSN mode");
828 1258 : } else if (key->type != EAPOL_KEY_TYPE_RSN) {
829 0 : wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
830 : "unexpected type %d in RSN mode",
831 0 : key->type);
832 0 : return;
833 : }
834 : } else {
835 45 : if (key->type != EAPOL_KEY_TYPE_WPA) {
836 0 : wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
837 : "unexpected type %d in WPA mode",
838 0 : key->type);
839 0 : return;
840 : }
841 : }
842 :
843 1303 : wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
844 : WPA_NONCE_LEN);
845 1303 : wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
846 1303 : key->replay_counter, WPA_REPLAY_COUNTER_LEN);
847 :
848 : /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
849 : * are set */
850 :
851 1303 : if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
852 : (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
853 6 : if (key_info & WPA_KEY_INFO_ERROR) {
854 2 : msg = SMK_ERROR;
855 2 : msgtxt = "SMK Error";
856 : } else {
857 4 : msg = SMK_M1;
858 4 : msgtxt = "SMK M1";
859 : }
860 1297 : } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
861 1 : msg = SMK_M3;
862 1 : msgtxt = "SMK M3";
863 1296 : } else if (key_info & WPA_KEY_INFO_REQUEST) {
864 5 : msg = REQUEST;
865 5 : msgtxt = "Request";
866 1291 : } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
867 15 : msg = GROUP_2;
868 15 : msgtxt = "2/2 Group";
869 1276 : } else if (key_data_length == 0) {
870 627 : msg = PAIRWISE_4;
871 627 : msgtxt = "4/4 Pairwise";
872 : } else {
873 649 : msg = PAIRWISE_2;
874 649 : msgtxt = "2/4 Pairwise";
875 : }
876 :
877 : /* TODO: key_info type validation for PeerKey */
878 1303 : if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
879 : msg == GROUP_2) {
880 1296 : u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
881 1342 : if (sm->pairwise == WPA_CIPHER_CCMP ||
882 46 : sm->pairwise == WPA_CIPHER_GCMP) {
883 1315 : if (wpa_use_aes_cmac(sm) &&
884 126 : sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
885 : ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
886 0 : wpa_auth_logger(wpa_auth, sm->addr,
887 : LOGGER_WARNING,
888 : "advertised support for "
889 : "AES-128-CMAC, but did not "
890 : "use it");
891 0 : return;
892 : }
893 :
894 1250 : if (!wpa_use_aes_cmac(sm) &&
895 : ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
896 0 : wpa_auth_logger(wpa_auth, sm->addr,
897 : LOGGER_WARNING,
898 : "did not use HMAC-SHA1-AES "
899 : "with CCMP/GCMP");
900 0 : return;
901 : }
902 : }
903 : }
904 :
905 1303 : if (key_info & WPA_KEY_INFO_REQUEST) {
906 14 : if (sm->req_replay_counter_used &&
907 3 : os_memcmp(key->replay_counter, sm->req_replay_counter,
908 : WPA_REPLAY_COUNTER_LEN) <= 0) {
909 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
910 : "received EAPOL-Key request with "
911 : "replayed counter");
912 0 : return;
913 : }
914 : }
915 :
916 2595 : if (!(key_info & WPA_KEY_INFO_REQUEST) &&
917 1292 : !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
918 : int i;
919 :
920 0 : if (msg == PAIRWISE_2 &&
921 0 : wpa_replay_counter_valid(sm->prev_key_replay,
922 0 : key->replay_counter) &&
923 0 : sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
924 0 : os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
925 : {
926 : /*
927 : * Some supplicant implementations (e.g., Windows XP
928 : * WZC) update SNonce for each EAPOL-Key 2/4. This
929 : * breaks the workaround on accepting any of the
930 : * pending requests, so allow the SNonce to be updated
931 : * even if we have already sent out EAPOL-Key 3/4.
932 : */
933 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
934 : "Process SNonce update from STA "
935 : "based on retransmitted EAPOL-Key "
936 : "1/4");
937 0 : sm->update_snonce = 1;
938 0 : wpa_replay_counter_mark_invalid(sm->prev_key_replay,
939 0 : key->replay_counter);
940 0 : goto continue_processing;
941 : }
942 :
943 0 : if (msg == PAIRWISE_2 &&
944 0 : wpa_replay_counter_valid(sm->prev_key_replay,
945 0 : key->replay_counter) &&
946 0 : sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
947 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
948 : "ignore retransmitted EAPOL-Key %s - "
949 : "SNonce did not change", msgtxt);
950 : } else {
951 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
952 : "received EAPOL-Key %s with "
953 : "unexpected replay counter", msgtxt);
954 : }
955 0 : for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
956 0 : if (!sm->key_replay[i].valid)
957 0 : break;
958 0 : wpa_hexdump(MSG_DEBUG, "pending replay counter",
959 0 : sm->key_replay[i].counter,
960 : WPA_REPLAY_COUNTER_LEN);
961 : }
962 0 : wpa_hexdump(MSG_DEBUG, "received replay counter",
963 0 : key->replay_counter, WPA_REPLAY_COUNTER_LEN);
964 0 : return;
965 : }
966 :
967 : continue_processing:
968 1303 : switch (msg) {
969 : case PAIRWISE_2:
970 649 : if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
971 0 : sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
972 0 : (!sm->update_snonce ||
973 0 : sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
974 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
975 : "received EAPOL-Key msg 2/4 in "
976 : "invalid state (%d) - dropped",
977 0 : sm->wpa_ptk_state);
978 0 : return;
979 : }
980 : random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
981 649 : if (sm->group->reject_4way_hs_for_entropy) {
982 : /*
983 : * The system did not have enough entropy to generate
984 : * strong random numbers. Reject the first 4-way
985 : * handshake(s) and collect some entropy based on the
986 : * information from it. Once enough entropy is
987 : * available, the next atempt will trigger GMK/Key
988 : * Counter update and the station will be allowed to
989 : * continue.
990 : */
991 0 : wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
992 : "collect more entropy for random number "
993 : "generation");
994 : random_mark_pool_ready();
995 0 : wpa_sta_disconnect(wpa_auth, sm->addr);
996 0 : return;
997 : }
998 649 : if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
999 : &kde) < 0) {
1000 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1001 : "received EAPOL-Key msg 2/4 with "
1002 : "invalid Key Data contents");
1003 0 : return;
1004 : }
1005 649 : if (kde.rsn_ie) {
1006 633 : eapol_key_ie = kde.rsn_ie;
1007 633 : eapol_key_ie_len = kde.rsn_ie_len;
1008 16 : } else if (kde.osen) {
1009 2 : eapol_key_ie = kde.osen;
1010 2 : eapol_key_ie_len = kde.osen_len;
1011 : } else {
1012 14 : eapol_key_ie = kde.wpa_ie;
1013 14 : eapol_key_ie_len = kde.wpa_ie_len;
1014 : }
1015 1284 : ft = sm->wpa == WPA_VERSION_WPA2 &&
1016 635 : wpa_key_mgmt_ft(sm->wpa_key_mgmt);
1017 1298 : if (sm->wpa_ie == NULL ||
1018 1298 : wpa_compare_rsn_ie(ft,
1019 649 : sm->wpa_ie, sm->wpa_ie_len,
1020 : eapol_key_ie, eapol_key_ie_len)) {
1021 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1022 : "WPA IE from (Re)AssocReq did not "
1023 : "match with msg 2/4");
1024 0 : if (sm->wpa_ie) {
1025 0 : wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1026 0 : sm->wpa_ie, sm->wpa_ie_len);
1027 : }
1028 0 : wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1029 : eapol_key_ie, eapol_key_ie_len);
1030 : /* MLME-DEAUTHENTICATE.request */
1031 0 : wpa_sta_disconnect(wpa_auth, sm->addr);
1032 0 : return;
1033 : }
1034 : #ifdef CONFIG_IEEE80211R
1035 649 : if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1036 0 : wpa_sta_disconnect(wpa_auth, sm->addr);
1037 0 : return;
1038 : }
1039 : #endif /* CONFIG_IEEE80211R */
1040 : #ifdef CONFIG_P2P
1041 288 : if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1042 208 : wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1043 : int idx;
1044 75 : wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1045 : "EAPOL-Key exchange");
1046 75 : idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1047 75 : if (idx >= 0) {
1048 75 : u32 start = WPA_GET_BE32(wpa_auth->conf.
1049 : ip_addr_start);
1050 75 : bitfield_set(wpa_auth->ip_pool, idx);
1051 75 : WPA_PUT_BE32(sm->ip_addr, start + idx);
1052 750 : wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1053 : "address %u.%u.%u.%u to " MACSTR,
1054 150 : sm->ip_addr[0], sm->ip_addr[1],
1055 150 : sm->ip_addr[2], sm->ip_addr[3],
1056 450 : MAC2STR(sm->addr));
1057 : }
1058 : }
1059 : #endif /* CONFIG_P2P */
1060 649 : break;
1061 : case PAIRWISE_4:
1062 1254 : if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1063 627 : !sm->PTK_valid) {
1064 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1065 : "received EAPOL-Key msg 4/4 in "
1066 : "invalid state (%d) - dropped",
1067 0 : sm->wpa_ptk_state);
1068 0 : return;
1069 : }
1070 627 : break;
1071 : case GROUP_2:
1072 15 : if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1073 15 : || !sm->PTK_valid) {
1074 0 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1075 : "received EAPOL-Key msg 2/2 in "
1076 : "invalid state (%d) - dropped",
1077 0 : sm->wpa_ptk_group_state);
1078 0 : return;
1079 : }
1080 15 : break;
1081 : #ifdef CONFIG_PEERKEY
1082 : case SMK_M1:
1083 : case SMK_M3:
1084 : case SMK_ERROR:
1085 7 : if (!wpa_auth->conf.peerkey) {
1086 0 : wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1087 : "PeerKey use disabled - ignoring message");
1088 0 : return;
1089 : }
1090 7 : if (!sm->PTK_valid) {
1091 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1092 : "received EAPOL-Key msg SMK in "
1093 : "invalid state - dropped");
1094 0 : return;
1095 : }
1096 7 : break;
1097 : #else /* CONFIG_PEERKEY */
1098 : case SMK_M1:
1099 : case SMK_M3:
1100 : case SMK_ERROR:
1101 : return; /* STSL disabled - ignore SMK messages */
1102 : #endif /* CONFIG_PEERKEY */
1103 : case REQUEST:
1104 5 : break;
1105 : }
1106 :
1107 1303 : wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1108 : "received EAPOL-Key frame (%s)", msgtxt);
1109 :
1110 1303 : if (key_info & WPA_KEY_INFO_ACK) {
1111 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1112 : "received invalid EAPOL-Key: Key Ack set");
1113 0 : return;
1114 : }
1115 :
1116 1303 : if (!(key_info & WPA_KEY_INFO_MIC)) {
1117 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1118 : "received invalid EAPOL-Key: Key MIC not set");
1119 0 : return;
1120 : }
1121 :
1122 1303 : sm->MICVerified = FALSE;
1123 1303 : if (sm->PTK_valid && !sm->update_snonce) {
1124 654 : if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
1125 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1126 : "received EAPOL-Key with invalid MIC");
1127 0 : return;
1128 : }
1129 654 : sm->MICVerified = TRUE;
1130 654 : eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1131 654 : sm->pending_1_of_4_timeout = 0;
1132 : }
1133 :
1134 1303 : if (key_info & WPA_KEY_INFO_REQUEST) {
1135 11 : if (sm->MICVerified) {
1136 11 : sm->req_replay_counter_used = 1;
1137 11 : os_memcpy(sm->req_replay_counter, key->replay_counter,
1138 : WPA_REPLAY_COUNTER_LEN);
1139 : } else {
1140 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1141 : "received EAPOL-Key request with "
1142 : "invalid MIC");
1143 0 : return;
1144 : }
1145 :
1146 : /*
1147 : * TODO: should decrypt key data field if encryption was used;
1148 : * even though MAC address KDE is not normally encrypted,
1149 : * supplicant is allowed to encrypt it.
1150 : */
1151 11 : if (msg == SMK_ERROR) {
1152 : #ifdef CONFIG_PEERKEY
1153 2 : wpa_smk_error(wpa_auth, sm, key);
1154 : #endif /* CONFIG_PEERKEY */
1155 2 : return;
1156 9 : } else if (key_info & WPA_KEY_INFO_ERROR) {
1157 2 : if (wpa_receive_error_report(
1158 : wpa_auth, sm,
1159 2 : !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1160 1 : return; /* STA entry was removed */
1161 7 : } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1162 3 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1163 : "received EAPOL-Key Request for new "
1164 : "4-Way Handshake");
1165 3 : wpa_request_new_ptk(sm);
1166 : #ifdef CONFIG_PEERKEY
1167 4 : } else if (msg == SMK_M1) {
1168 4 : wpa_smk_m1(wpa_auth, sm, key);
1169 : #endif /* CONFIG_PEERKEY */
1170 0 : } else if (key_data_length > 0 &&
1171 0 : wpa_parse_kde_ies((const u8 *) (key + 1),
1172 0 : key_data_length, &kde) == 0 &&
1173 0 : kde.mac_addr) {
1174 : } else {
1175 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1176 : "received EAPOL-Key Request for GTK "
1177 : "rekeying");
1178 0 : eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1179 0 : wpa_rekey_gtk(wpa_auth, NULL);
1180 : }
1181 : } else {
1182 : /* Do not allow the same key replay counter to be reused. */
1183 1292 : wpa_replay_counter_mark_invalid(sm->key_replay,
1184 1292 : key->replay_counter);
1185 :
1186 1292 : if (msg == PAIRWISE_2) {
1187 : /*
1188 : * Maintain a copy of the pending EAPOL-Key frames in
1189 : * case the EAPOL-Key frame was retransmitted. This is
1190 : * needed to allow EAPOL-Key msg 2/4 reply to another
1191 : * pending msg 1/4 to update the SNonce to work around
1192 : * unexpected supplicant behavior.
1193 : */
1194 649 : os_memcpy(sm->prev_key_replay, sm->key_replay,
1195 : sizeof(sm->key_replay));
1196 : } else {
1197 643 : os_memset(sm->prev_key_replay, 0,
1198 : sizeof(sm->prev_key_replay));
1199 : }
1200 :
1201 : /*
1202 : * Make sure old valid counters are not accepted anymore and
1203 : * do not get copied again.
1204 : */
1205 1292 : wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1206 : }
1207 :
1208 : #ifdef CONFIG_PEERKEY
1209 1300 : if (msg == SMK_M3) {
1210 1 : wpa_smk_m3(wpa_auth, sm, key);
1211 1 : return;
1212 : }
1213 : #endif /* CONFIG_PEERKEY */
1214 :
1215 1299 : os_free(sm->last_rx_eapol_key);
1216 1299 : sm->last_rx_eapol_key = os_malloc(data_len);
1217 1299 : if (sm->last_rx_eapol_key == NULL)
1218 0 : return;
1219 1299 : os_memcpy(sm->last_rx_eapol_key, data, data_len);
1220 1299 : sm->last_rx_eapol_key_len = data_len;
1221 :
1222 1299 : sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1223 1299 : sm->EAPOLKeyReceived = TRUE;
1224 1299 : sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1225 1299 : sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1226 1299 : os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1227 1299 : wpa_sm_step(sm);
1228 : }
1229 :
1230 :
1231 1148 : static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1232 : const u8 *gnonce, u8 *gtk, size_t gtk_len)
1233 : {
1234 : u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1235 : u8 *pos;
1236 1148 : int ret = 0;
1237 :
1238 : /* GTK = PRF-X(GMK, "Group key expansion",
1239 : * AA || GNonce || Time || random data)
1240 : * The example described in the IEEE 802.11 standard uses only AA and
1241 : * GNonce as inputs here. Add some more entropy since this derivation
1242 : * is done only at the Authenticator and as such, does not need to be
1243 : * exactly same.
1244 : */
1245 1148 : os_memcpy(data, addr, ETH_ALEN);
1246 1148 : os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1247 1148 : pos = data + ETH_ALEN + WPA_NONCE_LEN;
1248 1148 : wpa_get_ntp_timestamp(pos);
1249 1148 : pos += 8;
1250 1148 : if (random_get_bytes(pos, 16) < 0)
1251 0 : ret = -1;
1252 :
1253 : #ifdef CONFIG_IEEE80211W
1254 1148 : sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
1255 : #else /* CONFIG_IEEE80211W */
1256 : if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1257 : < 0)
1258 : ret = -1;
1259 : #endif /* CONFIG_IEEE80211W */
1260 :
1261 1148 : return ret;
1262 : }
1263 :
1264 :
1265 30 : static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1266 : {
1267 30 : struct wpa_authenticator *wpa_auth = eloop_ctx;
1268 30 : struct wpa_state_machine *sm = timeout_ctx;
1269 :
1270 30 : sm->pending_1_of_4_timeout = 0;
1271 30 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1272 30 : sm->TimeoutEvt = TRUE;
1273 30 : wpa_sm_step(sm);
1274 30 : }
1275 :
1276 :
1277 1308 : void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1278 : struct wpa_state_machine *sm, int key_info,
1279 : const u8 *key_rsc, const u8 *nonce,
1280 : const u8 *kde, size_t kde_len,
1281 : int keyidx, int encr, int force_version)
1282 : {
1283 : struct ieee802_1x_hdr *hdr;
1284 : struct wpa_eapol_key *key;
1285 : size_t len;
1286 : int alg;
1287 1308 : int key_data_len, pad_len = 0;
1288 : u8 *buf, *pos;
1289 : int version, pairwise;
1290 : int i;
1291 :
1292 1308 : len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1293 :
1294 1308 : if (force_version)
1295 0 : version = force_version;
1296 1308 : else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
1297 4 : version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
1298 1304 : else if (wpa_use_aes_cmac(sm))
1299 60 : version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1300 1244 : else if (sm->pairwise != WPA_CIPHER_TKIP)
1301 1199 : version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1302 : else
1303 45 : version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1304 :
1305 1308 : pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1306 :
1307 5232 : wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1308 : "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1309 : "encr=%d)",
1310 : version,
1311 1308 : (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1312 1308 : (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1313 1308 : (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1314 1308 : (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1315 : pairwise, (unsigned long) kde_len, keyidx, encr);
1316 :
1317 1308 : key_data_len = kde_len;
1318 :
1319 1417 : if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1320 214 : sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1321 1263 : version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1322 615 : pad_len = key_data_len % 8;
1323 615 : if (pad_len)
1324 537 : pad_len = 8 - pad_len;
1325 615 : key_data_len += pad_len + 8;
1326 : }
1327 :
1328 1308 : len += key_data_len;
1329 :
1330 1308 : hdr = os_zalloc(len);
1331 1308 : if (hdr == NULL)
1332 0 : return;
1333 1308 : hdr->version = wpa_auth->conf.eapol_version;
1334 1308 : hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1335 1308 : hdr->length = host_to_be16(len - sizeof(*hdr));
1336 1308 : key = (struct wpa_eapol_key *) (hdr + 1);
1337 :
1338 1308 : key->type = sm->wpa == WPA_VERSION_WPA2 ?
1339 : EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1340 1308 : key_info |= version;
1341 1308 : if (encr && sm->wpa == WPA_VERSION_WPA2)
1342 616 : key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1343 1308 : if (sm->wpa != WPA_VERSION_WPA2)
1344 42 : key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1345 1308 : WPA_PUT_BE16(key->key_info, key_info);
1346 :
1347 1308 : alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1348 1308 : WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
1349 1308 : if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1350 8 : WPA_PUT_BE16(key->key_length, 0);
1351 :
1352 : /* FIX: STSL: what to use as key_replay_counter? */
1353 5232 : for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1354 3924 : sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1355 3924 : os_memcpy(sm->key_replay[i].counter,
1356 : sm->key_replay[i - 1].counter,
1357 : WPA_REPLAY_COUNTER_LEN);
1358 : }
1359 1308 : inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1360 1308 : os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1361 : WPA_REPLAY_COUNTER_LEN);
1362 1308 : sm->key_replay[0].valid = TRUE;
1363 :
1364 1308 : if (nonce)
1365 1305 : os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1366 :
1367 1308 : if (key_rsc)
1368 628 : os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1369 :
1370 1308 : if (kde && !encr) {
1371 303 : os_memcpy(key + 1, kde, kde_len);
1372 303 : WPA_PUT_BE16(key->key_data_length, kde_len);
1373 1005 : } else if (encr && kde) {
1374 630 : buf = os_zalloc(key_data_len);
1375 630 : if (buf == NULL) {
1376 0 : os_free(hdr);
1377 0 : return;
1378 : }
1379 630 : pos = buf;
1380 630 : os_memcpy(pos, kde, kde_len);
1381 630 : pos += kde_len;
1382 :
1383 630 : if (pad_len)
1384 537 : *pos++ = 0xdd;
1385 :
1386 630 : wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1387 : buf, key_data_len);
1388 677 : if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1389 92 : sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN ||
1390 : version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1391 615 : if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1392 : (u8 *) (key + 1))) {
1393 0 : os_free(hdr);
1394 0 : os_free(buf);
1395 0 : return;
1396 : }
1397 615 : WPA_PUT_BE16(key->key_data_length, key_data_len);
1398 : } else {
1399 : u8 ek[32];
1400 15 : os_memcpy(key->key_iv,
1401 : sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1402 15 : inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1403 15 : os_memcpy(ek, key->key_iv, 16);
1404 15 : os_memcpy(ek + 16, sm->PTK.kek, 16);
1405 15 : os_memcpy(key + 1, buf, key_data_len);
1406 15 : rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1407 15 : WPA_PUT_BE16(key->key_data_length, key_data_len);
1408 : }
1409 630 : os_free(buf);
1410 : }
1411 :
1412 1308 : if (key_info & WPA_KEY_INFO_MIC) {
1413 650 : if (!sm->PTK_valid) {
1414 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1415 : "PTK not valid when sending EAPOL-Key "
1416 : "frame");
1417 0 : os_free(hdr);
1418 0 : return;
1419 : }
1420 650 : wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1421 650 : key->key_mic);
1422 : #ifdef CONFIG_TESTING_OPTIONS
1423 673 : if (!pairwise &&
1424 23 : wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
1425 0 : drand48() <
1426 0 : wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1427 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1428 : "Corrupting group EAPOL-Key Key MIC");
1429 0 : key->key_mic[0]++;
1430 : }
1431 : #endif /* CONFIG_TESTING_OPTIONS */
1432 : }
1433 :
1434 1308 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1435 : 1);
1436 1308 : wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1437 1308 : sm->pairwise_set);
1438 1308 : os_free(hdr);
1439 : }
1440 :
1441 :
1442 1300 : static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1443 : struct wpa_state_machine *sm, int key_info,
1444 : const u8 *key_rsc, const u8 *nonce,
1445 : const u8 *kde, size_t kde_len,
1446 : int keyidx, int encr)
1447 : {
1448 : int timeout_ms;
1449 1300 : int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1450 : int ctr;
1451 :
1452 1300 : if (sm == NULL)
1453 1300 : return;
1454 :
1455 1300 : __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1456 : keyidx, encr, 0);
1457 :
1458 1300 : ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1459 1300 : if (ctr == 1 && wpa_auth->conf.tx_status)
1460 1245 : timeout_ms = pairwise ? eapol_key_timeout_first :
1461 : eapol_key_timeout_first_group;
1462 : else
1463 55 : timeout_ms = eapol_key_timeout_subseq;
1464 1300 : if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1465 632 : sm->pending_1_of_4_timeout = 1;
1466 1300 : wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1467 : "counter %d)", timeout_ms, ctr);
1468 1300 : eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1469 : wpa_send_eapol_timeout, wpa_auth, sm);
1470 : }
1471 :
1472 :
1473 1303 : static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1474 : {
1475 : struct ieee802_1x_hdr *hdr;
1476 : struct wpa_eapol_key *key;
1477 : u16 key_info;
1478 1303 : int ret = 0;
1479 : u8 mic[16];
1480 :
1481 1303 : if (data_len < sizeof(*hdr) + sizeof(*key))
1482 0 : return -1;
1483 :
1484 1303 : hdr = (struct ieee802_1x_hdr *) data;
1485 1303 : key = (struct wpa_eapol_key *) (hdr + 1);
1486 1303 : key_info = WPA_GET_BE16(key->key_info);
1487 1303 : os_memcpy(mic, key->key_mic, 16);
1488 1303 : os_memset(key->key_mic, 0, 16);
1489 1303 : if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1490 2606 : data, data_len, key->key_mic) ||
1491 1303 : os_memcmp(mic, key->key_mic, 16) != 0)
1492 22 : ret = -1;
1493 1303 : os_memcpy(key->key_mic, mic, 16);
1494 1303 : return ret;
1495 : }
1496 :
1497 :
1498 3483 : void wpa_remove_ptk(struct wpa_state_machine *sm)
1499 : {
1500 3483 : sm->PTK_valid = FALSE;
1501 3483 : os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1502 3483 : wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
1503 3483 : sm->pairwise_set = FALSE;
1504 3483 : eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1505 3483 : }
1506 :
1507 :
1508 3195 : int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1509 : {
1510 3195 : int remove_ptk = 1;
1511 :
1512 3195 : if (sm == NULL)
1513 1933 : return -1;
1514 :
1515 1262 : wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1516 : "event %d notification", event);
1517 :
1518 1262 : switch (event) {
1519 : case WPA_AUTH:
1520 : case WPA_ASSOC:
1521 665 : break;
1522 : case WPA_DEAUTH:
1523 : case WPA_DISASSOC:
1524 514 : sm->DeauthenticationRequest = TRUE;
1525 514 : break;
1526 : case WPA_REAUTH:
1527 : case WPA_REAUTH_EAPOL:
1528 63 : if (!sm->started) {
1529 : /*
1530 : * When using WPS, we may end up here if the STA
1531 : * manages to re-associate without the previous STA
1532 : * entry getting removed. Consequently, we need to make
1533 : * sure that the WPA state machines gets initialized
1534 : * properly at this point.
1535 : */
1536 0 : wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1537 : "started - initialize now");
1538 0 : sm->started = 1;
1539 0 : sm->Init = TRUE;
1540 0 : if (wpa_sm_step(sm) == 1)
1541 0 : return 1; /* should not really happen */
1542 0 : sm->Init = FALSE;
1543 0 : sm->AuthenticationRequest = TRUE;
1544 0 : break;
1545 : }
1546 63 : if (sm->GUpdateStationKeys) {
1547 : /*
1548 : * Reauthentication cancels the pending group key
1549 : * update for this STA.
1550 : */
1551 0 : sm->group->GKeyDoneStations--;
1552 0 : sm->GUpdateStationKeys = FALSE;
1553 0 : sm->PtkGroupInit = TRUE;
1554 : }
1555 63 : sm->ReAuthenticationRequest = TRUE;
1556 63 : break;
1557 : case WPA_ASSOC_FT:
1558 : #ifdef CONFIG_IEEE80211R
1559 20 : wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1560 : "after association");
1561 20 : wpa_ft_install_ptk(sm);
1562 :
1563 : /* Using FT protocol, not WPA auth state machine */
1564 20 : sm->ft_completed = 1;
1565 20 : return 0;
1566 : #else /* CONFIG_IEEE80211R */
1567 : break;
1568 : #endif /* CONFIG_IEEE80211R */
1569 : }
1570 :
1571 : #ifdef CONFIG_IEEE80211R
1572 1242 : sm->ft_completed = 0;
1573 : #endif /* CONFIG_IEEE80211R */
1574 :
1575 : #ifdef CONFIG_IEEE80211W
1576 1242 : if (sm->mgmt_frame_prot && event == WPA_AUTH)
1577 2 : remove_ptk = 0;
1578 : #endif /* CONFIG_IEEE80211W */
1579 :
1580 1242 : if (remove_ptk) {
1581 1240 : sm->PTK_valid = FALSE;
1582 1240 : os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1583 :
1584 1240 : if (event != WPA_REAUTH_EAPOL)
1585 1181 : wpa_remove_ptk(sm);
1586 : }
1587 :
1588 1242 : return wpa_sm_step(sm);
1589 : }
1590 :
1591 :
1592 1125 : SM_STATE(WPA_PTK, INITIALIZE)
1593 : {
1594 1125 : SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1595 1125 : if (sm->Init) {
1596 : /* Init flag is not cleared here, so avoid busy
1597 : * loop by claiming nothing changed. */
1598 609 : sm->changed = FALSE;
1599 : }
1600 :
1601 1125 : sm->keycount = 0;
1602 1125 : if (sm->GUpdateStationKeys)
1603 0 : sm->group->GKeyDoneStations--;
1604 1125 : sm->GUpdateStationKeys = FALSE;
1605 1125 : if (sm->wpa == WPA_VERSION_WPA)
1606 20 : sm->PInitAKeys = FALSE;
1607 : if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1608 : * Local AA > Remote AA)) */) {
1609 1125 : sm->Pair = TRUE;
1610 : }
1611 1125 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1612 1125 : wpa_remove_ptk(sm);
1613 1125 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1614 1125 : sm->TimeoutCtr = 0;
1615 1125 : if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1616 572 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1617 : WPA_EAPOL_authorized, 0);
1618 : }
1619 1125 : }
1620 :
1621 :
1622 7 : SM_STATE(WPA_PTK, DISCONNECT)
1623 : {
1624 7 : SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1625 7 : sm->Disconnect = FALSE;
1626 7 : wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1627 7 : }
1628 :
1629 :
1630 516 : SM_STATE(WPA_PTK, DISCONNECTED)
1631 : {
1632 516 : SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1633 516 : sm->DeauthenticationRequest = FALSE;
1634 516 : }
1635 :
1636 :
1637 609 : SM_STATE(WPA_PTK, AUTHENTICATION)
1638 : {
1639 609 : SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1640 609 : os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1641 609 : sm->PTK_valid = FALSE;
1642 609 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1643 : 1);
1644 609 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1645 609 : sm->AuthenticationRequest = FALSE;
1646 609 : }
1647 :
1648 :
1649 696 : static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1650 : struct wpa_group *group)
1651 : {
1652 696 : if (group->first_sta_seen)
1653 971 : return;
1654 : /*
1655 : * System has run bit further than at the time hostapd was started
1656 : * potentially very early during boot up. This provides better chances
1657 : * of collecting more randomness on embedded systems. Re-initialize the
1658 : * GMK and Counter here to improve their strength if there was not
1659 : * enough entropy available immediately after system startup.
1660 : */
1661 421 : wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1662 : "station");
1663 : if (random_pool_ready() != 1) {
1664 : wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1665 : "to proceed - reject first 4-way handshake");
1666 : group->reject_4way_hs_for_entropy = TRUE;
1667 : } else {
1668 421 : group->first_sta_seen = TRUE;
1669 421 : group->reject_4way_hs_for_entropy = FALSE;
1670 : }
1671 :
1672 421 : wpa_group_init_gmk_and_counter(wpa_auth, group);
1673 421 : wpa_gtk_update(wpa_auth, group);
1674 421 : wpa_group_config_group_keys(wpa_auth, group);
1675 : }
1676 :
1677 :
1678 696 : SM_STATE(WPA_PTK, AUTHENTICATION2)
1679 : {
1680 696 : SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1681 :
1682 696 : wpa_group_ensure_init(sm->wpa_auth, sm->group);
1683 696 : sm->ReAuthenticationRequest = FALSE;
1684 :
1685 : /*
1686 : * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1687 : * ambiguous. The Authenticator state machine uses a counter that is
1688 : * incremented by one for each 4-way handshake. However, the security
1689 : * analysis of 4-way handshake points out that unpredictable nonces
1690 : * help in preventing precomputation attacks. Instead of the state
1691 : * machine definition, use an unpredictable nonce value here to provide
1692 : * stronger protection against potential precomputation attacks.
1693 : */
1694 696 : if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1695 0 : wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1696 : "ANonce.");
1697 0 : sm->Disconnect = TRUE;
1698 696 : return;
1699 : }
1700 696 : wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1701 : WPA_NONCE_LEN);
1702 : /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1703 : * logical place than INITIALIZE since AUTHENTICATION2 can be
1704 : * re-entered on ReAuthenticationRequest without going through
1705 : * INITIALIZE. */
1706 696 : sm->TimeoutCtr = 0;
1707 : }
1708 :
1709 :
1710 287 : SM_STATE(WPA_PTK, INITPMK)
1711 : {
1712 : u8 msk[2 * PMK_LEN];
1713 287 : size_t len = 2 * PMK_LEN;
1714 :
1715 287 : SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1716 : #ifdef CONFIG_IEEE80211R
1717 287 : sm->xxkey_len = 0;
1718 : #endif /* CONFIG_IEEE80211R */
1719 287 : if (sm->pmksa) {
1720 9 : wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1721 9 : os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1722 278 : } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1723 278 : wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1724 : "(len=%lu)", (unsigned long) len);
1725 278 : os_memcpy(sm->PMK, msk, PMK_LEN);
1726 : #ifdef CONFIG_IEEE80211R
1727 278 : if (len >= 2 * PMK_LEN) {
1728 278 : os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1729 278 : sm->xxkey_len = PMK_LEN;
1730 : }
1731 : #endif /* CONFIG_IEEE80211R */
1732 : } else {
1733 0 : wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1734 : }
1735 :
1736 287 : sm->req_replay_counter_used = 0;
1737 : /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1738 : * will break reauthentication since EAPOL state machines may not be
1739 : * get into AUTHENTICATING state that clears keyRun before WPA state
1740 : * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1741 : * state and takes PMK from the previously used AAA Key. This will
1742 : * eventually fail in 4-Way Handshake because Supplicant uses PMK
1743 : * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1744 : * be good workaround for this issue. */
1745 287 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1746 287 : }
1747 :
1748 :
1749 345 : SM_STATE(WPA_PTK, INITPSK)
1750 : {
1751 : const u8 *psk;
1752 345 : SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1753 345 : psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
1754 345 : if (psk) {
1755 345 : os_memcpy(sm->PMK, psk, PMK_LEN);
1756 : #ifdef CONFIG_IEEE80211R
1757 345 : os_memcpy(sm->xxkey, psk, PMK_LEN);
1758 345 : sm->xxkey_len = PMK_LEN;
1759 : #endif /* CONFIG_IEEE80211R */
1760 : }
1761 345 : sm->req_replay_counter_used = 0;
1762 345 : }
1763 :
1764 :
1765 665 : SM_STATE(WPA_PTK, PTKSTART)
1766 : {
1767 665 : u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1768 665 : size_t pmkid_len = 0;
1769 :
1770 665 : SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1771 665 : sm->PTKRequest = FALSE;
1772 665 : sm->TimeoutEvt = FALSE;
1773 :
1774 665 : sm->TimeoutCtr++;
1775 665 : if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1776 : /* No point in sending the EAPOL-Key - we will disconnect
1777 : * immediately following this. */
1778 672 : return;
1779 : }
1780 :
1781 658 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1782 : "sending 1/4 msg of 4-Way Handshake");
1783 : /*
1784 : * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1785 : * one possible PSK for this STA.
1786 : */
1787 1302 : if (sm->wpa == WPA_VERSION_WPA2 &&
1788 929 : wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1789 285 : sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
1790 283 : pmkid = buf;
1791 283 : pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1792 283 : pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1793 283 : pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1794 283 : RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1795 283 : if (sm->pmksa)
1796 9 : os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1797 : sm->pmksa->pmkid, PMKID_LEN);
1798 : else {
1799 : /*
1800 : * Calculate PMKID since no PMKSA cache entry was
1801 : * available with pre-calculated PMKID.
1802 : */
1803 548 : rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1804 274 : sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1805 : wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1806 : }
1807 : }
1808 658 : wpa_send_eapol(sm->wpa_auth, sm,
1809 : WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1810 658 : sm->ANonce, pmkid, pmkid_len, 0, 0);
1811 : }
1812 :
1813 :
1814 649 : static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1815 : struct wpa_ptk *ptk)
1816 : {
1817 649 : size_t ptk_len = wpa_cipher_key_len(sm->pairwise) + 32;
1818 : #ifdef CONFIG_IEEE80211R
1819 649 : if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1820 16 : return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
1821 : #endif /* CONFIG_IEEE80211R */
1822 :
1823 1266 : wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1824 633 : sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1825 : (u8 *) ptk, ptk_len,
1826 : wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1827 :
1828 633 : return 0;
1829 : }
1830 :
1831 :
1832 649 : SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1833 : {
1834 : struct wpa_ptk PTK;
1835 649 : int ok = 0;
1836 649 : const u8 *pmk = NULL;
1837 :
1838 649 : SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1839 649 : sm->EAPOLKeyReceived = FALSE;
1840 649 : sm->update_snonce = FALSE;
1841 :
1842 : /* WPA with IEEE 802.1X: use the derived PMK from EAP
1843 : * WPA-PSK: iterate through possible PSKs and select the one matching
1844 : * the packet */
1845 : for (;;) {
1846 671 : if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1847 385 : pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1848 385 : sm->p2p_dev_addr, pmk);
1849 385 : if (pmk == NULL)
1850 22 : break;
1851 : } else
1852 286 : pmk = sm->PMK;
1853 :
1854 649 : wpa_derive_ptk(sm, pmk, &PTK);
1855 :
1856 649 : if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1857 : sm->last_rx_eapol_key_len) == 0) {
1858 627 : ok = 1;
1859 627 : break;
1860 : }
1861 :
1862 22 : if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1863 0 : break;
1864 22 : }
1865 :
1866 649 : if (!ok) {
1867 22 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1868 : "invalid MIC in msg 2/4 of 4-Way Handshake");
1869 22 : return;
1870 : }
1871 :
1872 : #ifdef CONFIG_IEEE80211R
1873 627 : if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1874 : /*
1875 : * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1876 : * with the value we derived.
1877 : */
1878 16 : if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1879 : WPA_PMK_NAME_LEN) != 0) {
1880 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1881 : "PMKR1Name mismatch in FT 4-way "
1882 : "handshake");
1883 0 : wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1884 : "Supplicant",
1885 0 : sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1886 0 : wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1887 0 : sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1888 0 : return;
1889 : }
1890 : }
1891 : #endif /* CONFIG_IEEE80211R */
1892 :
1893 627 : sm->pending_1_of_4_timeout = 0;
1894 627 : eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1895 :
1896 627 : if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1897 : /* PSK may have changed from the previous choice, so update
1898 : * state machine data based on whatever PSK was selected here.
1899 : */
1900 341 : os_memcpy(sm->PMK, pmk, PMK_LEN);
1901 : }
1902 :
1903 627 : sm->MICVerified = TRUE;
1904 :
1905 627 : os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1906 627 : sm->PTK_valid = TRUE;
1907 : }
1908 :
1909 :
1910 627 : SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1911 : {
1912 627 : SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1913 627 : sm->TimeoutCtr = 0;
1914 627 : }
1915 :
1916 :
1917 : #ifdef CONFIG_IEEE80211W
1918 :
1919 628 : static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1920 : {
1921 628 : if (sm->mgmt_frame_prot) {
1922 : size_t len;
1923 30 : len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
1924 30 : return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
1925 : }
1926 :
1927 598 : return 0;
1928 : }
1929 :
1930 :
1931 628 : static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1932 : {
1933 : struct wpa_igtk_kde igtk;
1934 628 : struct wpa_group *gsm = sm->group;
1935 : u8 rsc[WPA_KEY_RSC_LEN];
1936 628 : size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
1937 :
1938 628 : if (!sm->mgmt_frame_prot)
1939 598 : return pos;
1940 :
1941 30 : igtk.keyid[0] = gsm->GN_igtk;
1942 30 : igtk.keyid[1] = 0;
1943 60 : if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1944 30 : wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
1945 0 : os_memset(igtk.pn, 0, sizeof(igtk.pn));
1946 : else
1947 30 : os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
1948 30 : os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
1949 30 : if (sm->wpa_auth->conf.disable_gtk) {
1950 : /*
1951 : * Provide unique random IGTK to each STA to prevent use of
1952 : * IGTK in the BSS.
1953 : */
1954 2 : if (random_get_bytes(igtk.igtk, len) < 0)
1955 0 : return pos;
1956 : }
1957 30 : pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1958 : (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
1959 : NULL, 0);
1960 :
1961 30 : return pos;
1962 : }
1963 :
1964 : #else /* CONFIG_IEEE80211W */
1965 :
1966 : static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1967 : {
1968 : return 0;
1969 : }
1970 :
1971 :
1972 : static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1973 : {
1974 : return pos;
1975 : }
1976 :
1977 : #endif /* CONFIG_IEEE80211W */
1978 :
1979 :
1980 627 : SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1981 : {
1982 : u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
1983 : size_t gtk_len, kde_len;
1984 627 : struct wpa_group *gsm = sm->group;
1985 : u8 *wpa_ie;
1986 627 : int wpa_ie_len, secure, keyidx, encr = 0;
1987 :
1988 627 : SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1989 627 : sm->TimeoutEvt = FALSE;
1990 :
1991 627 : sm->TimeoutCtr++;
1992 627 : if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1993 : /* No point in sending the EAPOL-Key - we will disconnect
1994 : * immediately following this. */
1995 0 : return;
1996 : }
1997 :
1998 : /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1999 : GTK[GN], IGTK, [FTIE], [TIE * 2])
2000 : */
2001 627 : os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2002 627 : wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2003 : /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
2004 627 : wpa_ie = sm->wpa_auth->wpa_ie;
2005 627 : wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2006 641 : if (sm->wpa == WPA_VERSION_WPA &&
2007 17 : (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2008 6 : wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2009 : /* WPA-only STA, remove RSN IE */
2010 3 : wpa_ie = wpa_ie + wpa_ie[1] + 2;
2011 3 : wpa_ie_len = wpa_ie[1] + 2;
2012 : }
2013 627 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2014 : "sending 3/4 msg of 4-Way Handshake");
2015 627 : if (sm->wpa == WPA_VERSION_WPA2) {
2016 : /* WPA2 send GTK in the 4-way handshake */
2017 613 : secure = 1;
2018 613 : gtk = gsm->GTK[gsm->GN - 1];
2019 613 : gtk_len = gsm->GTK_len;
2020 613 : if (sm->wpa_auth->conf.disable_gtk) {
2021 : /*
2022 : * Provide unique random GTK to each STA to prevent use
2023 : * of GTK in the BSS.
2024 : */
2025 6 : if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2026 0 : return;
2027 6 : gtk = dummy_gtk;
2028 : }
2029 613 : keyidx = gsm->GN;
2030 613 : _rsc = rsc;
2031 613 : encr = 1;
2032 : } else {
2033 : /* WPA does not include GTK in msg 3/4 */
2034 14 : secure = 0;
2035 14 : gtk = NULL;
2036 14 : gtk_len = 0;
2037 14 : keyidx = 0;
2038 14 : _rsc = NULL;
2039 14 : if (sm->rx_eapol_key_secure) {
2040 : /*
2041 : * It looks like Windows 7 supplicant tries to use
2042 : * Secure bit in msg 2/4 after having reported Michael
2043 : * MIC failure and it then rejects the 4-way handshake
2044 : * if msg 3/4 does not set Secure bit. Work around this
2045 : * by setting the Secure bit here even in the case of
2046 : * WPA if the supplicant used it first.
2047 : */
2048 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2049 : "STA used Secure bit in WPA msg 2/4 - "
2050 : "set Secure for 3/4 as workaround");
2051 0 : secure = 1;
2052 : }
2053 : }
2054 :
2055 627 : kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2056 627 : if (gtk)
2057 613 : kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
2058 : #ifdef CONFIG_IEEE80211R
2059 627 : if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2060 16 : kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2061 16 : kde_len += 300; /* FTIE + 2 * TIE */
2062 : }
2063 : #endif /* CONFIG_IEEE80211R */
2064 : #ifdef CONFIG_P2P
2065 137 : if (WPA_GET_BE32(sm->ip_addr) > 0)
2066 75 : kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2067 : #endif /* CONFIG_P2P */
2068 627 : kde = os_malloc(kde_len);
2069 627 : if (kde == NULL)
2070 0 : return;
2071 :
2072 627 : pos = kde;
2073 627 : os_memcpy(pos, wpa_ie, wpa_ie_len);
2074 627 : pos += wpa_ie_len;
2075 : #ifdef CONFIG_IEEE80211R
2076 627 : if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2077 16 : int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
2078 16 : if (res < 0) {
2079 0 : wpa_printf(MSG_ERROR, "FT: Failed to insert "
2080 : "PMKR1Name into RSN IE in EAPOL-Key data");
2081 0 : os_free(kde);
2082 0 : return;
2083 : }
2084 16 : pos += res;
2085 : }
2086 : #endif /* CONFIG_IEEE80211R */
2087 627 : if (gtk) {
2088 : u8 hdr[2];
2089 613 : hdr[0] = keyidx & 0x03;
2090 613 : hdr[1] = 0;
2091 613 : pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2092 : gtk, gtk_len);
2093 : }
2094 627 : pos = ieee80211w_kde_add(sm, pos);
2095 :
2096 : #ifdef CONFIG_IEEE80211R
2097 627 : if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2098 : int res;
2099 : struct wpa_auth_config *conf;
2100 :
2101 16 : conf = &sm->wpa_auth->conf;
2102 16 : res = wpa_write_ftie(conf, conf->r0_key_holder,
2103 : conf->r0_key_holder_len,
2104 16 : NULL, NULL, pos, kde + kde_len - pos,
2105 : NULL, 0);
2106 16 : if (res < 0) {
2107 0 : wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2108 : "into EAPOL-Key Key Data");
2109 0 : os_free(kde);
2110 0 : return;
2111 : }
2112 16 : pos += res;
2113 :
2114 : /* TIE[ReassociationDeadline] (TU) */
2115 16 : *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2116 16 : *pos++ = 5;
2117 16 : *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2118 16 : WPA_PUT_LE32(pos, conf->reassociation_deadline);
2119 16 : pos += 4;
2120 :
2121 : /* TIE[KeyLifetime] (seconds) */
2122 16 : *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2123 16 : *pos++ = 5;
2124 16 : *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2125 16 : WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2126 16 : pos += 4;
2127 : }
2128 : #endif /* CONFIG_IEEE80211R */
2129 : #ifdef CONFIG_P2P
2130 137 : if (WPA_GET_BE32(sm->ip_addr) > 0) {
2131 : u8 addr[3 * 4];
2132 75 : os_memcpy(addr, sm->ip_addr, 4);
2133 75 : os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2134 75 : os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2135 75 : pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2136 : addr, sizeof(addr), NULL, 0);
2137 : }
2138 : #endif /* CONFIG_P2P */
2139 :
2140 1254 : wpa_send_eapol(sm->wpa_auth, sm,
2141 : (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
2142 : WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
2143 : WPA_KEY_INFO_KEY_TYPE,
2144 1254 : _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2145 627 : os_free(kde);
2146 : }
2147 :
2148 :
2149 627 : SM_STATE(WPA_PTK, PTKINITDONE)
2150 : {
2151 627 : SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2152 627 : sm->EAPOLKeyReceived = FALSE;
2153 627 : if (sm->Pair) {
2154 627 : enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2155 627 : int klen = wpa_cipher_key_len(sm->pairwise);
2156 1254 : if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2157 627 : sm->PTK.tk1, klen)) {
2158 0 : wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2159 627 : return;
2160 : }
2161 : /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2162 627 : sm->pairwise_set = TRUE;
2163 :
2164 627 : if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2165 0 : eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2166 0 : eloop_register_timeout(sm->wpa_auth->conf.
2167 : wpa_ptk_rekey, 0, wpa_rekey_ptk,
2168 0 : sm->wpa_auth, sm);
2169 : }
2170 :
2171 627 : if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2172 341 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2173 : WPA_EAPOL_authorized, 1);
2174 : }
2175 : }
2176 :
2177 : if (0 /* IBSS == TRUE */) {
2178 : sm->keycount++;
2179 : if (sm->keycount == 2) {
2180 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2181 : WPA_EAPOL_portValid, 1);
2182 : }
2183 : } else {
2184 627 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2185 : 1);
2186 : }
2187 627 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2188 627 : wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2189 627 : if (sm->wpa == WPA_VERSION_WPA)
2190 14 : sm->PInitAKeys = TRUE;
2191 : else
2192 613 : sm->has_GTK = TRUE;
2193 627 : wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2194 : "pairwise key handshake completed (%s)",
2195 627 : sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2196 :
2197 : #ifdef CONFIG_IEEE80211R
2198 627 : wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2199 : #endif /* CONFIG_IEEE80211R */
2200 : }
2201 :
2202 :
2203 15368 : SM_STEP(WPA_PTK)
2204 : {
2205 15368 : struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2206 :
2207 15368 : if (sm->Init)
2208 609 : SM_ENTER(WPA_PTK, INITIALIZE);
2209 14759 : else if (sm->Disconnect
2210 : /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2211 0 : wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2212 : "WPA_PTK: sm->Disconnect");
2213 0 : SM_ENTER(WPA_PTK, DISCONNECT);
2214 : }
2215 14759 : else if (sm->DeauthenticationRequest)
2216 514 : SM_ENTER(WPA_PTK, DISCONNECTED);
2217 14245 : else if (sm->AuthenticationRequest)
2218 609 : SM_ENTER(WPA_PTK, AUTHENTICATION);
2219 13636 : else if (sm->ReAuthenticationRequest)
2220 87 : SM_ENTER(WPA_PTK, AUTHENTICATION2);
2221 13549 : else if (sm->PTKRequest)
2222 4 : SM_ENTER(WPA_PTK, PTKSTART);
2223 13545 : else switch (sm->wpa_ptk_state) {
2224 : case WPA_PTK_INITIALIZE:
2225 1383 : break;
2226 : case WPA_PTK_DISCONNECT:
2227 2 : SM_ENTER(WPA_PTK, DISCONNECTED);
2228 2 : break;
2229 : case WPA_PTK_DISCONNECTED:
2230 516 : SM_ENTER(WPA_PTK, INITIALIZE);
2231 516 : break;
2232 : case WPA_PTK_AUTHENTICATION:
2233 609 : SM_ENTER(WPA_PTK, AUTHENTICATION2);
2234 609 : break;
2235 : case WPA_PTK_AUTHENTICATION2:
2236 10555 : if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
2237 5101 : wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2238 : WPA_EAPOL_keyRun) > 0)
2239 287 : SM_ENTER(WPA_PTK, INITPMK);
2240 5167 : else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
2241 : /* FIX: && 802.1X::keyRun */)
2242 345 : SM_ENTER(WPA_PTK, INITPSK);
2243 5454 : break;
2244 : case WPA_PTK_INITPMK:
2245 287 : if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2246 : WPA_EAPOL_keyAvailable) > 0)
2247 287 : SM_ENTER(WPA_PTK, PTKSTART);
2248 : else {
2249 0 : wpa_auth->dot11RSNA4WayHandshakeFailures++;
2250 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2251 : "INITPMK - keyAvailable = false");
2252 0 : SM_ENTER(WPA_PTK, DISCONNECT);
2253 : }
2254 287 : break;
2255 : case WPA_PTK_INITPSK:
2256 345 : if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2257 : NULL))
2258 345 : SM_ENTER(WPA_PTK, PTKSTART);
2259 : else {
2260 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2261 : "no PSK configured for the STA");
2262 0 : wpa_auth->dot11RSNA4WayHandshakeFailures++;
2263 0 : SM_ENTER(WPA_PTK, DISCONNECT);
2264 : }
2265 345 : break;
2266 : case WPA_PTK_PTKSTART:
2267 1999 : if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2268 649 : sm->EAPOLKeyPairwise)
2269 649 : SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2270 1402 : else if (sm->TimeoutCtr >
2271 701 : (int) dot11RSNAConfigPairwiseUpdateCount) {
2272 7 : wpa_auth->dot11RSNA4WayHandshakeFailures++;
2273 7 : wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2274 : "PTKSTART: Retry limit %d reached",
2275 : dot11RSNAConfigPairwiseUpdateCount);
2276 7 : SM_ENTER(WPA_PTK, DISCONNECT);
2277 694 : } else if (sm->TimeoutEvt)
2278 8 : SM_ENTER(WPA_PTK, PTKSTART);
2279 1350 : break;
2280 : case WPA_PTK_PTKCALCNEGOTIATING:
2281 670 : if (sm->MICVerified)
2282 627 : SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2283 43 : else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2284 0 : sm->EAPOLKeyPairwise)
2285 0 : SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2286 43 : else if (sm->TimeoutEvt)
2287 21 : SM_ENTER(WPA_PTK, PTKSTART);
2288 670 : break;
2289 : case WPA_PTK_PTKCALCNEGOTIATING2:
2290 627 : SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2291 627 : break;
2292 : case WPA_PTK_PTKINITNEGOTIATING:
2293 1254 : if (sm->update_snonce)
2294 0 : SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2295 1881 : else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2296 1254 : sm->EAPOLKeyPairwise && sm->MICVerified)
2297 627 : SM_ENTER(WPA_PTK, PTKINITDONE);
2298 1254 : else if (sm->TimeoutCtr >
2299 627 : (int) dot11RSNAConfigPairwiseUpdateCount) {
2300 0 : wpa_auth->dot11RSNA4WayHandshakeFailures++;
2301 0 : wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2302 : "PTKINITNEGOTIATING: Retry limit %d "
2303 : "reached",
2304 : dot11RSNAConfigPairwiseUpdateCount);
2305 0 : SM_ENTER(WPA_PTK, DISCONNECT);
2306 627 : } else if (sm->TimeoutEvt)
2307 0 : SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2308 1254 : break;
2309 : case WPA_PTK_PTKINITDONE:
2310 1048 : break;
2311 : }
2312 15368 : }
2313 :
2314 :
2315 624 : SM_STATE(WPA_PTK_GROUP, IDLE)
2316 : {
2317 624 : SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2318 624 : if (sm->Init) {
2319 : /* Init flag is not cleared here, so avoid busy
2320 : * loop by claiming nothing changed. */
2321 609 : sm->changed = FALSE;
2322 : }
2323 624 : sm->GTimeoutCtr = 0;
2324 624 : }
2325 :
2326 :
2327 15 : SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2328 : {
2329 : u8 rsc[WPA_KEY_RSC_LEN];
2330 15 : struct wpa_group *gsm = sm->group;
2331 : u8 *kde, *pos, hdr[2];
2332 : size_t kde_len;
2333 : u8 *gtk, dummy_gtk[32];
2334 :
2335 15 : SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
2336 :
2337 15 : sm->GTimeoutCtr++;
2338 15 : if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2339 : /* No point in sending the EAPOL-Key - we will disconnect
2340 : * immediately following this. */
2341 0 : return;
2342 : }
2343 :
2344 15 : if (sm->wpa == WPA_VERSION_WPA)
2345 14 : sm->PInitAKeys = FALSE;
2346 15 : sm->TimeoutEvt = FALSE;
2347 : /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2348 15 : os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2349 15 : if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2350 15 : wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2351 15 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2352 : "sending 1/2 msg of Group Key Handshake");
2353 :
2354 15 : gtk = gsm->GTK[gsm->GN - 1];
2355 15 : if (sm->wpa_auth->conf.disable_gtk) {
2356 : /*
2357 : * Provide unique random GTK to each STA to prevent use
2358 : * of GTK in the BSS.
2359 : */
2360 0 : if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2361 0 : return;
2362 0 : gtk = dummy_gtk;
2363 : }
2364 15 : if (sm->wpa == WPA_VERSION_WPA2) {
2365 2 : kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2366 1 : ieee80211w_kde_len(sm);
2367 1 : kde = os_malloc(kde_len);
2368 1 : if (kde == NULL)
2369 0 : return;
2370 :
2371 1 : pos = kde;
2372 1 : hdr[0] = gsm->GN & 0x03;
2373 1 : hdr[1] = 0;
2374 1 : pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2375 1 : gtk, gsm->GTK_len);
2376 1 : pos = ieee80211w_kde_add(sm, pos);
2377 : } else {
2378 14 : kde = gtk;
2379 14 : pos = kde + gsm->GTK_len;
2380 : }
2381 :
2382 45 : wpa_send_eapol(sm->wpa_auth, sm,
2383 : WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2384 : WPA_KEY_INFO_ACK |
2385 15 : (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2386 30 : rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
2387 15 : if (sm->wpa == WPA_VERSION_WPA2)
2388 1 : os_free(kde);
2389 : }
2390 :
2391 :
2392 15 : SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2393 : {
2394 15 : SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2395 15 : sm->EAPOLKeyReceived = FALSE;
2396 15 : if (sm->GUpdateStationKeys)
2397 1 : sm->group->GKeyDoneStations--;
2398 15 : sm->GUpdateStationKeys = FALSE;
2399 15 : sm->GTimeoutCtr = 0;
2400 : /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2401 15 : wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2402 : "group key handshake completed (%s)",
2403 15 : sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2404 15 : sm->has_GTK = TRUE;
2405 15 : }
2406 :
2407 :
2408 0 : SM_STATE(WPA_PTK_GROUP, KEYERROR)
2409 : {
2410 0 : SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2411 0 : if (sm->GUpdateStationKeys)
2412 0 : sm->group->GKeyDoneStations--;
2413 0 : sm->GUpdateStationKeys = FALSE;
2414 0 : sm->Disconnect = TRUE;
2415 0 : }
2416 :
2417 :
2418 15368 : SM_STEP(WPA_PTK_GROUP)
2419 : {
2420 15368 : if (sm->Init || sm->PtkGroupInit) {
2421 609 : SM_ENTER(WPA_PTK_GROUP, IDLE);
2422 609 : sm->PtkGroupInit = FALSE;
2423 14759 : } else switch (sm->wpa_ptk_group_state) {
2424 : case WPA_PTK_GROUP_IDLE:
2425 29423 : if (sm->GUpdateStationKeys ||
2426 14942 : (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2427 15 : SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2428 14712 : break;
2429 : case WPA_PTK_GROUP_REKEYNEGOTIATING:
2430 47 : if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2431 30 : !sm->EAPOLKeyPairwise && sm->MICVerified)
2432 15 : SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2433 34 : else if (sm->GTimeoutCtr >
2434 17 : (int) dot11RSNAConfigGroupUpdateCount)
2435 0 : SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2436 17 : else if (sm->TimeoutEvt)
2437 0 : SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2438 32 : break;
2439 : case WPA_PTK_GROUP_KEYERROR:
2440 0 : SM_ENTER(WPA_PTK_GROUP, IDLE);
2441 0 : break;
2442 : case WPA_PTK_GROUP_REKEYESTABLISHED:
2443 15 : SM_ENTER(WPA_PTK_GROUP, IDLE);
2444 15 : break;
2445 : }
2446 15368 : }
2447 :
2448 :
2449 941 : static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2450 : struct wpa_group *group)
2451 : {
2452 941 : int ret = 0;
2453 :
2454 941 : os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2455 941 : inc_byte_array(group->Counter, WPA_NONCE_LEN);
2456 1882 : if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2457 941 : wpa_auth->addr, group->GNonce,
2458 1882 : group->GTK[group->GN - 1], group->GTK_len) < 0)
2459 0 : ret = -1;
2460 1882 : wpa_hexdump_key(MSG_DEBUG, "GTK",
2461 1882 : group->GTK[group->GN - 1], group->GTK_len);
2462 :
2463 : #ifdef CONFIG_IEEE80211W
2464 941 : if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2465 : size_t len;
2466 207 : len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2467 207 : os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2468 207 : inc_byte_array(group->Counter, WPA_NONCE_LEN);
2469 207 : if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2470 207 : wpa_auth->addr, group->GNonce,
2471 207 : group->IGTK[group->GN_igtk - 4], len) < 0)
2472 0 : ret = -1;
2473 207 : wpa_hexdump_key(MSG_DEBUG, "IGTK",
2474 207 : group->IGTK[group->GN_igtk - 4], len);
2475 : }
2476 : #endif /* CONFIG_IEEE80211W */
2477 :
2478 941 : return ret;
2479 : }
2480 :
2481 :
2482 516 : static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2483 : struct wpa_group *group)
2484 : {
2485 516 : wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2486 : "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2487 516 : group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2488 516 : group->wpa_group_state = WPA_GROUP_GTK_INIT;
2489 :
2490 : /* GTK[0..N] = 0 */
2491 516 : os_memset(group->GTK, 0, sizeof(group->GTK));
2492 516 : group->GN = 1;
2493 516 : group->GM = 2;
2494 : #ifdef CONFIG_IEEE80211W
2495 516 : group->GN_igtk = 4;
2496 516 : group->GM_igtk = 5;
2497 : #endif /* CONFIG_IEEE80211W */
2498 : /* GTK[GN] = CalcGTK() */
2499 516 : wpa_gtk_update(wpa_auth, group);
2500 516 : }
2501 :
2502 :
2503 1 : static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2504 : {
2505 1 : if (ctx != NULL && ctx != sm->group)
2506 0 : return 0;
2507 :
2508 1 : if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2509 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2510 : "Not in PTKINITDONE; skip Group Key update");
2511 0 : sm->GUpdateStationKeys = FALSE;
2512 0 : return 0;
2513 : }
2514 1 : if (sm->GUpdateStationKeys) {
2515 : /*
2516 : * This should not really happen, so add a debug log entry.
2517 : * Since we clear the GKeyDoneStations before the loop, the
2518 : * station needs to be counted here anyway.
2519 : */
2520 0 : wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2521 : "GUpdateStationKeys was already set when "
2522 : "marking station for GTK rekeying");
2523 : }
2524 :
2525 : /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
2526 1 : if (sm->is_wnmsleep)
2527 0 : return 0;
2528 :
2529 1 : sm->group->GKeyDoneStations++;
2530 1 : sm->GUpdateStationKeys = TRUE;
2531 :
2532 1 : wpa_sm_step(sm);
2533 1 : return 0;
2534 : }
2535 :
2536 :
2537 : #ifdef CONFIG_WNM
2538 : /* update GTK when exiting WNM-Sleep Mode */
2539 4 : void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2540 : {
2541 4 : if (sm == NULL || sm->is_wnmsleep)
2542 7 : return;
2543 :
2544 1 : wpa_group_update_sta(sm, NULL);
2545 : }
2546 :
2547 :
2548 10 : void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2549 : {
2550 10 : if (sm)
2551 4 : sm->is_wnmsleep = !!flag;
2552 10 : }
2553 :
2554 :
2555 1 : int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2556 : {
2557 1 : struct wpa_group *gsm = sm->group;
2558 1 : u8 *start = pos;
2559 :
2560 : /*
2561 : * GTK subelement:
2562 : * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
2563 : * Key[5..32]
2564 : */
2565 1 : *pos++ = WNM_SLEEP_SUBELEM_GTK;
2566 1 : *pos++ = 11 + gsm->GTK_len;
2567 : /* Key ID in B0-B1 of Key Info */
2568 1 : WPA_PUT_LE16(pos, gsm->GN & 0x03);
2569 1 : pos += 2;
2570 1 : *pos++ = gsm->GTK_len;
2571 1 : if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
2572 0 : return 0;
2573 1 : pos += 8;
2574 1 : os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2575 1 : pos += gsm->GTK_len;
2576 :
2577 1 : wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2578 : gsm->GN);
2579 2 : wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
2580 2 : gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2581 :
2582 1 : return pos - start;
2583 : }
2584 :
2585 :
2586 : #ifdef CONFIG_IEEE80211W
2587 1 : int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
2588 : {
2589 1 : struct wpa_group *gsm = sm->group;
2590 1 : u8 *start = pos;
2591 1 : size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2592 :
2593 : /*
2594 : * IGTK subelement:
2595 : * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
2596 : */
2597 1 : *pos++ = WNM_SLEEP_SUBELEM_IGTK;
2598 1 : *pos++ = 2 + 6 + len;
2599 1 : WPA_PUT_LE16(pos, gsm->GN_igtk);
2600 1 : pos += 2;
2601 1 : if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
2602 0 : return 0;
2603 1 : pos += 6;
2604 :
2605 1 : os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2606 1 : pos += len;
2607 :
2608 1 : wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2609 : gsm->GN_igtk);
2610 1 : wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
2611 1 : gsm->IGTK[gsm->GN_igtk - 4], len);
2612 :
2613 1 : return pos - start;
2614 : }
2615 : #endif /* CONFIG_IEEE80211W */
2616 : #endif /* CONFIG_WNM */
2617 :
2618 :
2619 0 : static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2620 : struct wpa_group *group)
2621 : {
2622 : int tmp;
2623 :
2624 0 : wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2625 : "SETKEYS (VLAN-ID %d)", group->vlan_id);
2626 0 : group->changed = TRUE;
2627 0 : group->wpa_group_state = WPA_GROUP_SETKEYS;
2628 0 : group->GTKReKey = FALSE;
2629 0 : tmp = group->GM;
2630 0 : group->GM = group->GN;
2631 0 : group->GN = tmp;
2632 : #ifdef CONFIG_IEEE80211W
2633 0 : tmp = group->GM_igtk;
2634 0 : group->GM_igtk = group->GN_igtk;
2635 0 : group->GN_igtk = tmp;
2636 : #endif /* CONFIG_IEEE80211W */
2637 : /* "GKeyDoneStations = GNoStations" is done in more robust way by
2638 : * counting the STAs that are marked with GUpdateStationKeys instead of
2639 : * including all STAs that could be in not-yet-completed state. */
2640 0 : wpa_gtk_update(wpa_auth, group);
2641 :
2642 0 : if (group->GKeyDoneStations) {
2643 0 : wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2644 : "GKeyDoneStations=%d when starting new GTK rekey",
2645 : group->GKeyDoneStations);
2646 0 : group->GKeyDoneStations = 0;
2647 : }
2648 0 : wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
2649 0 : wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2650 : group->GKeyDoneStations);
2651 0 : }
2652 :
2653 :
2654 941 : static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2655 : struct wpa_group *group)
2656 : {
2657 941 : int ret = 0;
2658 :
2659 2823 : if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2660 941 : wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
2661 : broadcast_ether_addr, group->GN,
2662 1882 : group->GTK[group->GN - 1], group->GTK_len) < 0)
2663 0 : ret = -1;
2664 :
2665 : #ifdef CONFIG_IEEE80211W
2666 941 : if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2667 : enum wpa_alg alg;
2668 : size_t len;
2669 :
2670 207 : alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2671 207 : len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2672 :
2673 414 : if (ret == 0 &&
2674 207 : wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2675 : broadcast_ether_addr, group->GN_igtk,
2676 207 : group->IGTK[group->GN_igtk - 4], len) < 0)
2677 0 : ret = -1;
2678 : }
2679 : #endif /* CONFIG_IEEE80211W */
2680 :
2681 941 : return ret;
2682 : }
2683 :
2684 :
2685 0 : static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
2686 : {
2687 0 : if (sm->group == ctx) {
2688 0 : wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2689 : " for discconnection due to fatal failure",
2690 0 : MAC2STR(sm->addr));
2691 0 : sm->Disconnect = TRUE;
2692 : }
2693 :
2694 0 : return 0;
2695 : }
2696 :
2697 :
2698 0 : static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2699 : struct wpa_group *group)
2700 : {
2701 0 : wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2702 0 : group->changed = TRUE;
2703 0 : group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2704 0 : wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2705 0 : }
2706 :
2707 :
2708 516 : static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2709 : struct wpa_group *group)
2710 : {
2711 516 : wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2712 : "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2713 516 : group->changed = TRUE;
2714 516 : group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2715 :
2716 516 : if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2717 0 : wpa_group_fatal_failure(wpa_auth, group);
2718 0 : return -1;
2719 : }
2720 :
2721 516 : return 0;
2722 : }
2723 :
2724 :
2725 16400 : static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2726 : struct wpa_group *group)
2727 : {
2728 16400 : if (group->GInit) {
2729 516 : wpa_group_gtk_init(wpa_auth, group);
2730 15884 : } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2731 : /* Do not allow group operations */
2732 16400 : } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2733 516 : group->GTKAuthenticator) {
2734 516 : wpa_group_setkeysdone(wpa_auth, group);
2735 30736 : } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2736 15368 : group->GTKReKey) {
2737 0 : wpa_group_setkeys(wpa_auth, group);
2738 15368 : } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2739 0 : if (group->GKeyDoneStations == 0)
2740 0 : wpa_group_setkeysdone(wpa_auth, group);
2741 0 : else if (group->GTKReKey)
2742 0 : wpa_group_setkeys(wpa_auth, group);
2743 : }
2744 16400 : }
2745 :
2746 :
2747 9171 : static int wpa_sm_step(struct wpa_state_machine *sm)
2748 : {
2749 9171 : if (sm == NULL)
2750 0 : return 0;
2751 :
2752 9171 : if (sm->in_step_loop) {
2753 : /* This should not happen, but if it does, make sure we do not
2754 : * end up freeing the state machine too early by exiting the
2755 : * recursive call. */
2756 5 : wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2757 5 : return 0;
2758 : }
2759 :
2760 9166 : sm->in_step_loop = 1;
2761 : do {
2762 15368 : if (sm->pending_deinit)
2763 0 : break;
2764 :
2765 15368 : sm->changed = FALSE;
2766 15368 : sm->wpa_auth->group->changed = FALSE;
2767 :
2768 15368 : SM_STEP_RUN(WPA_PTK);
2769 15368 : if (sm->pending_deinit)
2770 0 : break;
2771 15368 : SM_STEP_RUN(WPA_PTK_GROUP);
2772 15368 : if (sm->pending_deinit)
2773 0 : break;
2774 15368 : wpa_group_sm_step(sm->wpa_auth, sm->group);
2775 15368 : } while (sm->changed || sm->wpa_auth->group->changed);
2776 9166 : sm->in_step_loop = 0;
2777 :
2778 9166 : if (sm->pending_deinit) {
2779 0 : wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2780 0 : "machine deinit for " MACSTR, MAC2STR(sm->addr));
2781 0 : wpa_free_sta_sm(sm);
2782 0 : return 1;
2783 : }
2784 9166 : return 0;
2785 : }
2786 :
2787 :
2788 5357 : static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2789 : {
2790 5357 : struct wpa_state_machine *sm = eloop_ctx;
2791 5357 : wpa_sm_step(sm);
2792 5357 : }
2793 :
2794 :
2795 7163 : void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2796 : {
2797 7163 : if (sm == NULL)
2798 8957 : return;
2799 5369 : eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2800 : }
2801 :
2802 :
2803 2 : void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2804 : {
2805 : int tmp, i;
2806 : struct wpa_group *group;
2807 :
2808 2 : if (wpa_auth == NULL)
2809 2 : return;
2810 :
2811 2 : group = wpa_auth->group;
2812 :
2813 6 : for (i = 0; i < 2; i++) {
2814 4 : tmp = group->GM;
2815 4 : group->GM = group->GN;
2816 4 : group->GN = tmp;
2817 : #ifdef CONFIG_IEEE80211W
2818 4 : tmp = group->GM_igtk;
2819 4 : group->GM_igtk = group->GN_igtk;
2820 4 : group->GN_igtk = tmp;
2821 : #endif /* CONFIG_IEEE80211W */
2822 4 : wpa_gtk_update(wpa_auth, group);
2823 4 : wpa_group_config_group_keys(wpa_auth, group);
2824 : }
2825 : }
2826 :
2827 :
2828 9 : static const char * wpa_bool_txt(int bool)
2829 : {
2830 9 : return bool ? "TRUE" : "FALSE";
2831 : }
2832 :
2833 :
2834 : #define RSN_SUITE "%02x-%02x-%02x-%d"
2835 : #define RSN_SUITE_ARG(s) \
2836 : ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2837 :
2838 3 : int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2839 : {
2840 3 : int len = 0, ret;
2841 : char pmkid_txt[PMKID_LEN * 2 + 1];
2842 : #ifdef CONFIG_RSN_PREAUTH
2843 3 : const int preauth = 1;
2844 : #else /* CONFIG_RSN_PREAUTH */
2845 0 : const int preauth = 0;
2846 : #endif /* CONFIG_RSN_PREAUTH */
2847 :
2848 3 : if (wpa_auth == NULL)
2849 0 : return len;
2850 :
2851 6 : ret = os_snprintf(buf + len, buflen - len,
2852 : "dot11RSNAOptionImplemented=TRUE\n"
2853 : "dot11RSNAPreauthenticationImplemented=%s\n"
2854 : "dot11RSNAEnabled=%s\n"
2855 : "dot11RSNAPreauthenticationEnabled=%s\n",
2856 : wpa_bool_txt(preauth),
2857 3 : wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2858 : wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2859 3 : if (ret < 0 || (size_t) ret >= buflen - len)
2860 0 : return len;
2861 3 : len += ret;
2862 :
2863 3 : wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2864 3 : wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2865 :
2866 81 : ret = os_snprintf(
2867 : buf + len, buflen - len,
2868 : "dot11RSNAConfigVersion=%u\n"
2869 : "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2870 : /* FIX: dot11RSNAConfigGroupCipher */
2871 : /* FIX: dot11RSNAConfigGroupRekeyMethod */
2872 : /* FIX: dot11RSNAConfigGroupRekeyTime */
2873 : /* FIX: dot11RSNAConfigGroupRekeyPackets */
2874 : "dot11RSNAConfigGroupRekeyStrict=%u\n"
2875 : "dot11RSNAConfigGroupUpdateCount=%u\n"
2876 : "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2877 : "dot11RSNAConfigGroupCipherSize=%u\n"
2878 : "dot11RSNAConfigPMKLifetime=%u\n"
2879 : "dot11RSNAConfigPMKReauthThreshold=%u\n"
2880 : "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2881 : "dot11RSNAConfigSATimeout=%u\n"
2882 : "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2883 : "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2884 : "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2885 : "dot11RSNAPMKIDUsed=%s\n"
2886 : "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2887 : "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2888 : "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2889 : "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2890 : "dot11RSNA4WayHandshakeFailures=%u\n"
2891 : "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2892 : RSN_VERSION,
2893 3 : !!wpa_auth->conf.wpa_strict_rekey,
2894 : dot11RSNAConfigGroupUpdateCount,
2895 : dot11RSNAConfigPairwiseUpdateCount,
2896 3 : wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
2897 : dot11RSNAConfigPMKLifetime,
2898 : dot11RSNAConfigPMKReauthThreshold,
2899 : dot11RSNAConfigSATimeout,
2900 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2901 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2902 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2903 : pmkid_txt,
2904 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2905 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2906 12 : RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2907 : wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2908 : wpa_auth->dot11RSNA4WayHandshakeFailures);
2909 3 : if (ret < 0 || (size_t) ret >= buflen - len)
2910 0 : return len;
2911 3 : len += ret;
2912 :
2913 : /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2914 : /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2915 :
2916 : /* Private MIB */
2917 3 : ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2918 3 : wpa_auth->group->wpa_group_state);
2919 3 : if (ret < 0 || (size_t) ret >= buflen - len)
2920 0 : return len;
2921 3 : len += ret;
2922 :
2923 3 : return len;
2924 : }
2925 :
2926 :
2927 29 : int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2928 : {
2929 29 : int len = 0, ret;
2930 29 : u32 pairwise = 0;
2931 :
2932 29 : if (sm == NULL)
2933 15 : return 0;
2934 :
2935 : /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2936 :
2937 : /* dot11RSNAStatsEntry */
2938 :
2939 14 : pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
2940 : WPA_PROTO_RSN : WPA_PROTO_WPA,
2941 : sm->pairwise);
2942 14 : if (pairwise == 0)
2943 0 : return 0;
2944 :
2945 126 : ret = os_snprintf(
2946 : buf + len, buflen - len,
2947 : /* TODO: dot11RSNAStatsIndex */
2948 : "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2949 : "dot11RSNAStatsVersion=1\n"
2950 : "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2951 : /* TODO: dot11RSNAStatsTKIPICVErrors */
2952 : "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2953 : "dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
2954 : /* TODO: dot11RSNAStatsCCMPReplays */
2955 : /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2956 : /* TODO: dot11RSNAStatsTKIPReplays */,
2957 84 : MAC2STR(sm->addr),
2958 28 : RSN_SUITE_ARG(pairwise),
2959 : sm->dot11RSNAStatsTKIPLocalMICFailures,
2960 : sm->dot11RSNAStatsTKIPRemoteMICFailures);
2961 14 : if (ret < 0 || (size_t) ret >= buflen - len)
2962 0 : return len;
2963 14 : len += ret;
2964 :
2965 : /* Private MIB */
2966 14 : ret = os_snprintf(buf + len, buflen - len,
2967 : "hostapdWPAPTKState=%d\n"
2968 : "hostapdWPAPTKGroupState=%d\n",
2969 14 : sm->wpa_ptk_state,
2970 14 : sm->wpa_ptk_group_state);
2971 14 : if (ret < 0 || (size_t) ret >= buflen - len)
2972 0 : return len;
2973 14 : len += ret;
2974 :
2975 14 : return len;
2976 : }
2977 :
2978 :
2979 2 : void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2980 : {
2981 2 : if (wpa_auth)
2982 2 : wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2983 2 : }
2984 :
2985 :
2986 3489 : int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2987 : {
2988 3489 : return sm && sm->pairwise_set;
2989 : }
2990 :
2991 :
2992 628 : int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2993 : {
2994 628 : return sm->pairwise;
2995 : }
2996 :
2997 :
2998 3511 : int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2999 : {
3000 3511 : if (sm == NULL)
3001 1369 : return -1;
3002 2142 : return sm->wpa_key_mgmt;
3003 : }
3004 :
3005 :
3006 0 : int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3007 : {
3008 0 : if (sm == NULL)
3009 0 : return 0;
3010 0 : return sm->wpa;
3011 : }
3012 :
3013 :
3014 1 : int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3015 : struct rsn_pmksa_cache_entry *entry)
3016 : {
3017 1 : if (sm == NULL || sm->pmksa != entry)
3018 0 : return -1;
3019 1 : sm->pmksa = NULL;
3020 1 : return 0;
3021 : }
3022 :
3023 :
3024 : struct rsn_pmksa_cache_entry *
3025 842 : wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3026 : {
3027 842 : return sm ? sm->pmksa : NULL;
3028 : }
3029 :
3030 :
3031 2 : void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3032 : {
3033 2 : if (sm)
3034 2 : sm->dot11RSNAStatsTKIPLocalMICFailures++;
3035 2 : }
3036 :
3037 :
3038 3605 : const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3039 : {
3040 3605 : if (wpa_auth == NULL)
3041 704 : return NULL;
3042 2901 : *len = wpa_auth->wpa_ie_len;
3043 2901 : return wpa_auth->wpa_ie;
3044 : }
3045 :
3046 :
3047 278 : int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3048 : int session_timeout, struct eapol_state_machine *eapol)
3049 : {
3050 550 : if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
3051 272 : sm->wpa_auth->conf.disable_pmksa_caching)
3052 8 : return -1;
3053 :
3054 540 : if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
3055 270 : sm->wpa_auth->addr, sm->addr, session_timeout,
3056 : eapol, sm->wpa_key_mgmt))
3057 270 : return 0;
3058 :
3059 0 : return -1;
3060 : }
3061 :
3062 :
3063 1 : int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3064 : const u8 *pmk, size_t len, const u8 *sta_addr,
3065 : int session_timeout,
3066 : struct eapol_state_machine *eapol)
3067 : {
3068 1 : if (wpa_auth == NULL)
3069 0 : return -1;
3070 :
3071 1 : if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
3072 : sta_addr, session_timeout, eapol,
3073 : WPA_KEY_MGMT_IEEE8021X))
3074 1 : return 0;
3075 :
3076 0 : return -1;
3077 : }
3078 :
3079 :
3080 9 : void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3081 : const u8 *sta_addr)
3082 : {
3083 : struct rsn_pmksa_cache_entry *pmksa;
3084 :
3085 9 : if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
3086 11 : return;
3087 7 : pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3088 7 : if (pmksa) {
3089 36 : wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3090 36 : MACSTR " based on request", MAC2STR(sta_addr));
3091 6 : pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3092 : }
3093 : }
3094 :
3095 :
3096 : static struct wpa_group *
3097 6 : wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3098 : {
3099 : struct wpa_group *group;
3100 :
3101 6 : if (wpa_auth == NULL || wpa_auth->group == NULL)
3102 0 : return NULL;
3103 :
3104 6 : wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3105 : vlan_id);
3106 6 : group = wpa_group_init(wpa_auth, vlan_id, 0);
3107 6 : if (group == NULL)
3108 0 : return NULL;
3109 :
3110 6 : group->next = wpa_auth->group->next;
3111 6 : wpa_auth->group->next = group;
3112 :
3113 6 : return group;
3114 : }
3115 :
3116 :
3117 12 : int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3118 : {
3119 : struct wpa_group *group;
3120 :
3121 12 : if (sm == NULL || sm->wpa_auth == NULL)
3122 6 : return 0;
3123 :
3124 6 : group = sm->wpa_auth->group;
3125 22 : while (group) {
3126 10 : if (group->vlan_id == vlan_id)
3127 0 : break;
3128 10 : group = group->next;
3129 : }
3130 :
3131 6 : if (group == NULL) {
3132 6 : group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3133 6 : if (group == NULL)
3134 0 : return -1;
3135 : }
3136 :
3137 6 : if (sm->group == group)
3138 0 : return 0;
3139 :
3140 6 : if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3141 0 : return -1;
3142 :
3143 36 : wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3144 36 : "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3145 :
3146 6 : sm->group = group;
3147 6 : return 0;
3148 : }
3149 :
3150 :
3151 1008 : void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3152 : struct wpa_state_machine *sm, int ack)
3153 : {
3154 1008 : if (wpa_auth == NULL || sm == NULL)
3155 1008 : return;
3156 6048 : wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3157 6048 : " ack=%d", MAC2STR(sm->addr), ack);
3158 1008 : if (sm->pending_1_of_4_timeout && ack) {
3159 : /*
3160 : * Some deployed supplicant implementations update their SNonce
3161 : * for each EAPOL-Key 2/4 message even within the same 4-way
3162 : * handshake and then fail to use the first SNonce when
3163 : * deriving the PTK. This results in unsuccessful 4-way
3164 : * handshake whenever the relatively short initial timeout is
3165 : * reached and EAPOL-Key 1/4 is retransmitted. Try to work
3166 : * around this by increasing the timeout now that we know that
3167 : * the station has received the frame.
3168 : */
3169 488 : int timeout_ms = eapol_key_timeout_subseq;
3170 488 : wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3171 : "timeout by %u ms because of acknowledged frame",
3172 : timeout_ms);
3173 488 : eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3174 488 : eloop_register_timeout(timeout_ms / 1000,
3175 488 : (timeout_ms % 1000) * 1000,
3176 : wpa_send_eapol_timeout, wpa_auth, sm);
3177 : }
3178 : }
3179 :
3180 :
3181 642 : int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3182 : {
3183 642 : if (sm == NULL)
3184 0 : return 0;
3185 642 : return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3186 : }
3187 :
3188 :
3189 4 : int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3190 : {
3191 4 : if (sm == NULL)
3192 0 : return 0;
3193 4 : return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3194 : }
3195 :
3196 :
3197 : #ifdef CONFIG_P2P
3198 134 : int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr)
3199 : {
3200 134 : if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0)
3201 59 : return -1;
3202 75 : os_memcpy(addr, sm->ip_addr, 4);
3203 75 : return 0;
3204 : }
3205 : #endif /* CONFIG_P2P */
|
