Line data Source code
1 : /*
2 : * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 : * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "crypto/aes_wrap.h"
13 : #include "crypto/crypto.h"
14 : #include "crypto/random.h"
15 : #include "common/ieee802_11_defs.h"
16 : #include "eapol_supp/eapol_supp_sm.h"
17 : #include "wpa.h"
18 : #include "eloop.h"
19 : #include "preauth.h"
20 : #include "pmksa_cache.h"
21 : #include "wpa_i.h"
22 : #include "wpa_ie.h"
23 : #include "peerkey.h"
24 :
25 :
26 : /**
27 : * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 : * @kck: Key Confirmation Key (KCK, part of PTK)
30 : * @kck_len: KCK length in octets
31 : * @ver: Version field from Key Info
32 : * @dest: Destination address for the frame
33 : * @proto: Ethertype (usually ETH_P_EAPOL)
34 : * @msg: EAPOL-Key message
35 : * @msg_len: Length of message
36 : * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
37 : */
38 3212 : void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
39 : int ver, const u8 *dest, u16 proto,
40 : u8 *msg, size_t msg_len, u8 *key_mic)
41 : {
42 3212 : size_t mic_len = wpa_mic_len(sm->key_mgmt);
43 :
44 3212 : if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
45 : /*
46 : * Association event was not yet received; try to fetch
47 : * BSSID from the driver.
48 : */
49 0 : if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
50 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
51 : "WPA: Failed to read BSSID for "
52 : "EAPOL-Key destination address");
53 : } else {
54 0 : dest = sm->bssid;
55 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56 : "WPA: Use BSSID (" MACSTR
57 : ") as the destination for EAPOL-Key",
58 : MAC2STR(dest));
59 : }
60 : }
61 6423 : if (key_mic &&
62 3211 : wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
63 : key_mic)) {
64 0 : wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
65 : "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
66 : ver, sm->key_mgmt);
67 0 : goto out;
68 : }
69 3212 : wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
70 3212 : wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
71 3212 : wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
72 3212 : wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
73 3212 : eapol_sm_notify_tx_eapol_key(sm->eapol);
74 : out:
75 3212 : os_free(msg);
76 3212 : }
77 :
78 :
79 : /**
80 : * wpa_sm_key_request - Send EAPOL-Key Request
81 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 : * @error: Indicate whether this is an Michael MIC error report
83 : * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
84 : *
85 : * Send an EAPOL-Key Request to the current authenticator. This function is
86 : * used to request rekeying and it is usually called when a local Michael MIC
87 : * failure is detected.
88 : */
89 7 : void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
90 : {
91 : size_t mic_len, hdrlen, rlen;
92 : struct wpa_eapol_key *reply;
93 : struct wpa_eapol_key_192 *reply192;
94 : int key_info, ver;
95 : u8 bssid[ETH_ALEN], *rbuf, *key_mic;
96 :
97 14 : if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
98 7 : wpa_key_mgmt_suite_b(sm->key_mgmt))
99 0 : ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
100 14 : else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
101 7 : wpa_key_mgmt_sha256(sm->key_mgmt))
102 1 : ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
103 6 : else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
104 1 : ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
105 : else
106 5 : ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
107 :
108 7 : if (wpa_sm_get_bssid(sm, bssid) < 0) {
109 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
110 : "Failed to read BSSID for EAPOL-Key request");
111 0 : return;
112 : }
113 :
114 7 : mic_len = wpa_mic_len(sm->key_mgmt);
115 7 : hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
116 7 : rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
117 : hdrlen, &rlen, (void *) &reply);
118 7 : if (rbuf == NULL)
119 0 : return;
120 7 : reply192 = (struct wpa_eapol_key_192 *) reply;
121 :
122 12 : reply->type = (sm->proto == WPA_PROTO_RSN ||
123 5 : sm->proto == WPA_PROTO_OSEN) ?
124 : EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
125 7 : key_info = WPA_KEY_INFO_REQUEST | ver;
126 7 : if (sm->ptk_set)
127 7 : key_info |= WPA_KEY_INFO_MIC;
128 7 : if (error)
129 4 : key_info |= WPA_KEY_INFO_ERROR;
130 7 : if (pairwise)
131 5 : key_info |= WPA_KEY_INFO_KEY_TYPE;
132 7 : WPA_PUT_BE16(reply->key_info, key_info);
133 7 : WPA_PUT_BE16(reply->key_length, 0);
134 7 : os_memcpy(reply->replay_counter, sm->request_counter,
135 : WPA_REPLAY_COUNTER_LEN);
136 7 : inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
137 :
138 7 : if (mic_len == 24)
139 0 : WPA_PUT_BE16(reply192->key_data_length, 0);
140 : else
141 7 : WPA_PUT_BE16(reply->key_data_length, 0);
142 7 : if (!(key_info & WPA_KEY_INFO_MIC))
143 0 : key_mic = NULL;
144 : else
145 7 : key_mic = reply192->key_mic; /* same offset in reply */
146 :
147 7 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
148 : "WPA: Sending EAPOL-Key Request (error=%d "
149 : "pairwise=%d ptk_set=%d len=%lu)",
150 : error, pairwise, sm->ptk_set, (unsigned long) rlen);
151 7 : wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
152 : ETH_P_EAPOL, rbuf, rlen, key_mic);
153 : }
154 :
155 :
156 717 : static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
157 : {
158 : #ifdef CONFIG_IEEE80211R
159 717 : if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
160 4 : if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
161 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
162 : "RSN: Cannot set low order 256 bits of MSK for key management offload");
163 : } else {
164 : #endif /* CONFIG_IEEE80211R */
165 713 : if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
166 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
167 : "RSN: Cannot set PMK for key management offload");
168 : #ifdef CONFIG_IEEE80211R
169 : }
170 : #endif /* CONFIG_IEEE80211R */
171 717 : }
172 :
173 :
174 1600 : static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
175 : const unsigned char *src_addr,
176 : const u8 *pmkid)
177 : {
178 1600 : int abort_cached = 0;
179 :
180 1600 : if (pmkid && !sm->cur_pmksa) {
181 : /* When using drivers that generate RSN IE, wpa_supplicant may
182 : * not have enough time to get the association information
183 : * event before receiving this 1/4 message, so try to find a
184 : * matching PMKSA cache entry here. */
185 711 : sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
186 : NULL);
187 711 : if (sm->cur_pmksa) {
188 4 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
189 : "RSN: found matching PMKID from PMKSA cache");
190 : } else {
191 707 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
192 : "RSN: no matching PMKID found");
193 707 : abort_cached = 1;
194 : }
195 : }
196 :
197 1636 : if (pmkid && sm->cur_pmksa &&
198 36 : os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
199 35 : wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
200 35 : wpa_sm_set_pmk_from_pmksa(sm);
201 70 : wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
202 35 : sm->pmk, sm->pmk_len);
203 35 : eapol_sm_notify_cached(sm->eapol);
204 : #ifdef CONFIG_IEEE80211R
205 35 : sm->xxkey_len = 0;
206 : #endif /* CONFIG_IEEE80211R */
207 1565 : } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
208 : int res, pmk_len;
209 717 : pmk_len = PMK_LEN;
210 717 : res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
211 717 : if (res) {
212 : /*
213 : * EAP-LEAP is an exception from other EAP methods: it
214 : * uses only 16-byte PMK.
215 : */
216 0 : res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
217 0 : pmk_len = 16;
218 : } else {
219 : #ifdef CONFIG_IEEE80211R
220 : u8 buf[2 * PMK_LEN];
221 717 : if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
222 : {
223 717 : os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
224 717 : sm->xxkey_len = PMK_LEN;
225 717 : os_memset(buf, 0, sizeof(buf));
226 : }
227 : #endif /* CONFIG_IEEE80211R */
228 : }
229 717 : if (res == 0) {
230 717 : struct rsn_pmksa_cache_entry *sa = NULL;
231 1434 : wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
232 717 : "machines", sm->pmk, pmk_len);
233 717 : sm->pmk_len = pmk_len;
234 717 : wpa_supplicant_key_mgmt_set_pmk(sm);
235 1429 : if (sm->proto == WPA_PROTO_RSN &&
236 1420 : !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
237 708 : !wpa_key_mgmt_ft(sm->key_mgmt)) {
238 2112 : sa = pmksa_cache_add(sm->pmksa,
239 704 : sm->pmk, pmk_len,
240 : NULL, 0,
241 704 : src_addr, sm->own_addr,
242 : sm->network_ctx,
243 704 : sm->key_mgmt);
244 : }
245 1425 : if (!sm->cur_pmksa && pmkid &&
246 708 : pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
247 : {
248 701 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
249 : "RSN: the new PMK matches with the "
250 : "PMKID");
251 701 : abort_cached = 0;
252 16 : } else if (sa && !sm->cur_pmksa && pmkid) {
253 : /*
254 : * It looks like the authentication server
255 : * derived mismatching MSK. This should not
256 : * really happen, but bugs happen.. There is not
257 : * much we can do here without knowing what
258 : * exactly caused the server to misbehave.
259 : */
260 3 : wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
261 : "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
262 3 : return -1;
263 : }
264 :
265 714 : if (!sm->cur_pmksa)
266 714 : sm->cur_pmksa = sa;
267 : } else {
268 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
269 : "WPA: Failed to get master session key from "
270 : "EAPOL state machines - key handshake "
271 : "aborted");
272 0 : if (sm->cur_pmksa) {
273 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
274 : "RSN: Cancelled PMKSA caching "
275 : "attempt");
276 0 : sm->cur_pmksa = NULL;
277 0 : abort_cached = 1;
278 0 : } else if (!abort_cached) {
279 0 : return -1;
280 : }
281 : }
282 : }
283 :
284 1601 : if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
285 8 : !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
286 4 : !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
287 : {
288 : /* Send EAPOL-Start to trigger full EAP authentication. */
289 : u8 *buf;
290 : size_t buflen;
291 :
292 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
293 : "RSN: no PMKSA entry found - trigger "
294 : "full EAP authentication");
295 0 : buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
296 : NULL, 0, &buflen, NULL);
297 0 : if (buf) {
298 0 : wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
299 : buf, buflen);
300 0 : os_free(buf);
301 0 : return -2;
302 : }
303 :
304 0 : return -1;
305 : }
306 :
307 1597 : return 0;
308 : }
309 :
310 :
311 : /**
312 : * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
313 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
314 : * @dst: Destination address for the frame
315 : * @key: Pointer to the EAPOL-Key frame header
316 : * @ver: Version bits from EAPOL-Key Key Info
317 : * @nonce: Nonce value for the EAPOL-Key frame
318 : * @wpa_ie: WPA/RSN IE
319 : * @wpa_ie_len: Length of the WPA/RSN IE
320 : * @ptk: PTK to use for keyed hash and encryption
321 : * Returns: 0 on success, -1 on failure
322 : */
323 1598 : int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
324 : const struct wpa_eapol_key *key,
325 : int ver, const u8 *nonce,
326 : const u8 *wpa_ie, size_t wpa_ie_len,
327 : struct wpa_ptk *ptk)
328 : {
329 : size_t mic_len, hdrlen, rlen;
330 : struct wpa_eapol_key *reply;
331 : struct wpa_eapol_key_192 *reply192;
332 : u8 *rbuf, *key_mic;
333 1598 : u8 *rsn_ie_buf = NULL;
334 :
335 1598 : if (wpa_ie == NULL) {
336 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
337 : "cannot generate msg 2/4");
338 0 : return -1;
339 : }
340 :
341 : #ifdef CONFIG_IEEE80211R
342 1598 : if (wpa_key_mgmt_ft(sm->key_mgmt)) {
343 : int res;
344 :
345 : /*
346 : * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
347 : * FTIE from (Re)Association Response.
348 : */
349 46 : rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
350 46 : sm->assoc_resp_ies_len);
351 46 : if (rsn_ie_buf == NULL)
352 0 : return -1;
353 46 : os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
354 46 : res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
355 46 : sm->pmk_r1_name);
356 46 : if (res < 0) {
357 0 : os_free(rsn_ie_buf);
358 0 : return -1;
359 : }
360 46 : wpa_ie_len += res;
361 :
362 46 : if (sm->assoc_resp_ies) {
363 46 : os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
364 : sm->assoc_resp_ies_len);
365 46 : wpa_ie_len += sm->assoc_resp_ies_len;
366 : }
367 :
368 46 : wpa_ie = rsn_ie_buf;
369 : }
370 : #endif /* CONFIG_IEEE80211R */
371 :
372 1598 : wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
373 :
374 1598 : mic_len = wpa_mic_len(sm->key_mgmt);
375 1598 : hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
376 1598 : rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
377 : NULL, hdrlen + wpa_ie_len,
378 : &rlen, (void *) &reply);
379 1598 : if (rbuf == NULL) {
380 0 : os_free(rsn_ie_buf);
381 0 : return -1;
382 : }
383 1598 : reply192 = (struct wpa_eapol_key_192 *) reply;
384 :
385 1625 : reply->type = (sm->proto == WPA_PROTO_RSN ||
386 27 : sm->proto == WPA_PROTO_OSEN) ?
387 : EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
388 1598 : WPA_PUT_BE16(reply->key_info,
389 : ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
390 1598 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
391 1573 : WPA_PUT_BE16(reply->key_length, 0);
392 : else
393 25 : os_memcpy(reply->key_length, key->key_length, 2);
394 1598 : os_memcpy(reply->replay_counter, key->replay_counter,
395 : WPA_REPLAY_COUNTER_LEN);
396 1598 : wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
397 : WPA_REPLAY_COUNTER_LEN);
398 :
399 1598 : key_mic = reply192->key_mic; /* same offset for reply and reply192 */
400 1598 : if (mic_len == 24) {
401 3 : WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
402 3 : os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
403 : } else {
404 1595 : WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
405 1595 : os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
406 : }
407 1598 : os_free(rsn_ie_buf);
408 :
409 1598 : os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
410 :
411 1598 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
412 1598 : wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
413 : rbuf, rlen, key_mic);
414 :
415 1598 : return 0;
416 : }
417 :
418 :
419 1597 : static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
420 : const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
421 : {
422 : #ifdef CONFIG_IEEE80211R
423 1597 : if (wpa_key_mgmt_ft(sm->key_mgmt))
424 46 : return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
425 : #endif /* CONFIG_IEEE80211R */
426 :
427 4653 : return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
428 1551 : sm->own_addr, sm->bssid, sm->snonce,
429 3102 : key->key_nonce, ptk, sm->key_mgmt,
430 1551 : sm->pairwise_cipher);
431 : }
432 :
433 :
434 1601 : static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
435 : const unsigned char *src_addr,
436 : const struct wpa_eapol_key *key,
437 : u16 ver, const u8 *key_data,
438 : size_t key_data_len)
439 : {
440 : struct wpa_eapol_ie_parse ie;
441 : struct wpa_ptk *ptk;
442 : int res;
443 1601 : u8 *kde, *kde_buf = NULL;
444 : size_t kde_len;
445 :
446 1601 : if (wpa_sm_get_network_ctx(sm) == NULL) {
447 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
448 : "found (msg 1 of 4)");
449 0 : return;
450 : }
451 :
452 1601 : wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
453 1601 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
454 : "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
455 :
456 1601 : os_memset(&ie, 0, sizeof(ie));
457 :
458 1601 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
459 : /* RSN: msg 1/4 should contain PMKID for the selected PMK */
460 1576 : wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
461 : key_data, key_data_len);
462 1576 : if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
463 1 : goto failed;
464 1575 : if (ie.pmkid) {
465 743 : wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
466 743 : "Authenticator", ie.pmkid, PMKID_LEN);
467 : }
468 : }
469 :
470 1600 : res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
471 1600 : if (res == -2) {
472 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
473 : "msg 1/4 - requesting full EAP authentication");
474 0 : return;
475 : }
476 1600 : if (res)
477 3 : goto failed;
478 :
479 1597 : if (sm->renew_snonce) {
480 1580 : if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
481 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
482 : "WPA: Failed to get random data for SNonce");
483 0 : goto failed;
484 : }
485 1580 : sm->renew_snonce = 0;
486 1580 : wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
487 1580 : sm->snonce, WPA_NONCE_LEN);
488 : }
489 :
490 : /* Calculate PTK which will be stored as a temporary PTK until it has
491 : * been verified when processing message 3/4. */
492 1597 : ptk = &sm->tptk;
493 1597 : wpa_derive_ptk(sm, src_addr, key, ptk);
494 1597 : if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
495 : u8 buf[8];
496 : /* Supplicant: swap tx/rx Mic keys */
497 26 : os_memcpy(buf, &ptk->tk[16], 8);
498 26 : os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
499 26 : os_memcpy(&ptk->tk[24], buf, 8);
500 26 : os_memset(buf, 0, sizeof(buf));
501 : }
502 1597 : sm->tptk_set = 1;
503 :
504 1597 : kde = sm->assoc_wpa_ie;
505 1597 : kde_len = sm->assoc_wpa_ie_len;
506 :
507 : #ifdef CONFIG_P2P
508 1597 : if (sm->p2p) {
509 219 : kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
510 219 : if (kde_buf) {
511 : u8 *pos;
512 219 : wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
513 : "into EAPOL-Key 2/4");
514 219 : os_memcpy(kde_buf, kde, kde_len);
515 219 : kde = kde_buf;
516 219 : pos = kde + kde_len;
517 219 : *pos++ = WLAN_EID_VENDOR_SPECIFIC;
518 219 : *pos++ = RSN_SELECTOR_LEN + 1;
519 219 : RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
520 219 : pos += RSN_SELECTOR_LEN;
521 219 : *pos++ = 0x01;
522 219 : kde_len = pos - kde;
523 : }
524 : }
525 : #endif /* CONFIG_P2P */
526 :
527 1597 : if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
528 : kde, kde_len, ptk))
529 0 : goto failed;
530 :
531 1597 : os_free(kde_buf);
532 1597 : os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
533 1597 : return;
534 :
535 : failed:
536 4 : os_free(kde_buf);
537 4 : wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
538 : }
539 :
540 :
541 383 : static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
542 : {
543 383 : struct wpa_sm *sm = eloop_ctx;
544 383 : rsn_preauth_candidate_process(sm);
545 383 : }
546 :
547 :
548 1782 : static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
549 : const u8 *addr, int secure)
550 : {
551 14256 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
552 : "WPA: Key negotiation completed with "
553 10692 : MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
554 1782 : wpa_cipher_txt(sm->pairwise_cipher),
555 1782 : wpa_cipher_txt(sm->group_cipher));
556 1782 : wpa_sm_cancel_auth_timeout(sm);
557 1782 : wpa_sm_set_state(sm, WPA_COMPLETED);
558 :
559 1782 : if (secure) {
560 1782 : wpa_sm_mlme_setprotection(
561 : sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
562 : MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
563 1782 : eapol_sm_notify_portValid(sm->eapol, TRUE);
564 1782 : if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
565 1031 : eapol_sm_notify_eap_success(sm->eapol, TRUE);
566 : /*
567 : * Start preauthentication after a short wait to avoid a
568 : * possible race condition between the data receive and key
569 : * configuration after the 4-Way Handshake. This increases the
570 : * likelihood of the first preauth EAPOL-Start frame getting to
571 : * the target AP.
572 : */
573 1782 : eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
574 : }
575 :
576 1782 : if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
577 6 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
578 : "RSN: Authenticator accepted "
579 : "opportunistic PMKSA entry - marking it valid");
580 6 : sm->cur_pmksa->opportunistic = 0;
581 : }
582 :
583 : #ifdef CONFIG_IEEE80211R
584 1782 : if (wpa_key_mgmt_ft(sm->key_mgmt)) {
585 : /* Prepare for the next transition */
586 267 : wpa_ft_prepare_auth_request(sm, NULL);
587 : }
588 : #endif /* CONFIG_IEEE80211R */
589 1782 : }
590 :
591 :
592 3 : static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
593 : {
594 3 : struct wpa_sm *sm = eloop_ctx;
595 3 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
596 3 : wpa_sm_key_request(sm, 0, 1);
597 3 : }
598 :
599 :
600 1562 : static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
601 : const struct wpa_eapol_key *key)
602 : {
603 : int keylen, rsclen;
604 : enum wpa_alg alg;
605 : const u8 *key_rsc;
606 1562 : u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
607 :
608 1562 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
609 : "WPA: Installing PTK to the driver");
610 :
611 1562 : if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
612 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
613 : "Suite: NONE - do not use pairwise keys");
614 0 : return 0;
615 : }
616 :
617 1562 : if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
618 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
619 : "WPA: Unsupported pairwise cipher %d",
620 : sm->pairwise_cipher);
621 0 : return -1;
622 : }
623 :
624 1562 : alg = wpa_cipher_to_alg(sm->pairwise_cipher);
625 1562 : keylen = wpa_cipher_key_len(sm->pairwise_cipher);
626 1562 : rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
627 :
628 1562 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
629 1537 : key_rsc = null_rsc;
630 : } else {
631 25 : key_rsc = key->key_rsc;
632 25 : wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
633 : }
634 :
635 3124 : if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
636 1562 : sm->ptk.tk, keylen) < 0) {
637 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
638 : "WPA: Failed to set PTK to the "
639 : "driver (alg=%d keylen=%d bssid=" MACSTR ")",
640 0 : alg, keylen, MAC2STR(sm->bssid));
641 0 : return -1;
642 : }
643 :
644 : /* TK is not needed anymore in supplicant */
645 1562 : os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
646 :
647 1562 : if (sm->wpa_ptk_rekey) {
648 6 : eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
649 6 : eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
650 : sm, NULL);
651 : }
652 :
653 1562 : return 0;
654 : }
655 :
656 :
657 1569 : static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
658 : int group_cipher,
659 : int keylen, int maxkeylen,
660 : int *key_rsc_len,
661 : enum wpa_alg *alg)
662 : {
663 : int klen;
664 :
665 1569 : *alg = wpa_cipher_to_alg(group_cipher);
666 1569 : if (*alg == WPA_ALG_NONE) {
667 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
668 : "WPA: Unsupported Group Cipher %d",
669 : group_cipher);
670 0 : return -1;
671 : }
672 1569 : *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
673 :
674 1569 : klen = wpa_cipher_key_len(group_cipher);
675 1569 : if (keylen != klen || maxkeylen < klen) {
676 2 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
677 : "WPA: Unsupported %s Group Cipher key length %d (%d)",
678 : wpa_cipher_txt(group_cipher), keylen, maxkeylen);
679 2 : return -1;
680 : }
681 1567 : return 0;
682 : }
683 :
684 :
685 : struct wpa_gtk_data {
686 : enum wpa_alg alg;
687 : int tx, key_rsc_len, keyidx;
688 : u8 gtk[32];
689 : int gtk_len;
690 : };
691 :
692 :
693 1568 : static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
694 : const struct wpa_gtk_data *gd,
695 : const u8 *key_rsc)
696 : {
697 1568 : const u8 *_gtk = gd->gtk;
698 : u8 gtk_buf[32];
699 :
700 1568 : wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
701 1568 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
702 : "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
703 : gd->keyidx, gd->tx, gd->gtk_len);
704 1568 : wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
705 1568 : if (sm->group_cipher == WPA_CIPHER_TKIP) {
706 : /* Swap Tx/Rx keys for Michael MIC */
707 56 : os_memcpy(gtk_buf, gd->gtk, 16);
708 56 : os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
709 56 : os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
710 56 : _gtk = gtk_buf;
711 : }
712 1568 : if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
713 0 : if (wpa_sm_set_key(sm, gd->alg, NULL,
714 0 : gd->keyidx, 1, key_rsc, gd->key_rsc_len,
715 0 : _gtk, gd->gtk_len) < 0) {
716 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
717 : "WPA: Failed to set GTK to the driver "
718 : "(Group only)");
719 0 : os_memset(gtk_buf, 0, sizeof(gtk_buf));
720 0 : return -1;
721 : }
722 3136 : } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
723 1568 : gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
724 1568 : _gtk, gd->gtk_len) < 0) {
725 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
726 : "WPA: Failed to set GTK to "
727 : "the driver (alg=%d keylen=%d keyidx=%d)",
728 0 : gd->alg, gd->gtk_len, gd->keyidx);
729 0 : os_memset(gtk_buf, 0, sizeof(gtk_buf));
730 0 : return -1;
731 : }
732 1568 : os_memset(gtk_buf, 0, sizeof(gtk_buf));
733 :
734 1568 : return 0;
735 : }
736 :
737 :
738 1569 : static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
739 : int tx)
740 : {
741 1569 : if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
742 : /* Ignore Tx bit for GTK if a pairwise key is used. One AP
743 : * seemed to set this bit (incorrectly, since Tx is only when
744 : * doing Group Key only APs) and without this workaround, the
745 : * data connection does not work because wpa_supplicant
746 : * configured non-zero keyidx to be used for unicast. */
747 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
748 : "WPA: Tx bit set for GTK, but pairwise "
749 : "keys are used - ignore Tx bit");
750 1 : return 0;
751 : }
752 1568 : return tx;
753 : }
754 :
755 :
756 1534 : static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
757 : const struct wpa_eapol_key *key,
758 : const u8 *gtk, size_t gtk_len,
759 : int key_info)
760 : {
761 : struct wpa_gtk_data gd;
762 :
763 : /*
764 : * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
765 : * GTK KDE format:
766 : * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
767 : * Reserved [bits 0-7]
768 : * GTK
769 : */
770 :
771 1534 : os_memset(&gd, 0, sizeof(gd));
772 1534 : wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
773 : gtk, gtk_len);
774 :
775 1534 : if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
776 1 : return -1;
777 :
778 1533 : gd.keyidx = gtk[0] & 0x3;
779 1533 : gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
780 1533 : !!(gtk[0] & BIT(2)));
781 1533 : gtk += 2;
782 1533 : gtk_len -= 2;
783 :
784 1533 : os_memcpy(gd.gtk, gtk, gtk_len);
785 1533 : gd.gtk_len = gtk_len;
786 :
787 3066 : if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
788 1533 : (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
789 : gtk_len, gtk_len,
790 1532 : &gd.key_rsc_len, &gd.alg) ||
791 1532 : wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
792 1 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
793 : "RSN: Failed to install GTK");
794 1 : os_memset(&gd, 0, sizeof(gd));
795 1 : return -1;
796 : }
797 1532 : os_memset(&gd, 0, sizeof(gd));
798 :
799 1532 : wpa_supplicant_key_neg_complete(sm, sm->bssid,
800 : key_info & WPA_KEY_INFO_SECURE);
801 1532 : return 0;
802 : }
803 :
804 :
805 1569 : static int ieee80211w_set_keys(struct wpa_sm *sm,
806 : struct wpa_eapol_ie_parse *ie)
807 : {
808 : #ifdef CONFIG_IEEE80211W
809 1569 : if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
810 1515 : return 0;
811 :
812 54 : if (ie->igtk) {
813 : size_t len;
814 : const struct wpa_igtk_kde *igtk;
815 : u16 keyidx;
816 54 : len = wpa_cipher_key_len(sm->mgmt_group_cipher);
817 54 : if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
818 0 : return -1;
819 54 : igtk = (const struct wpa_igtk_kde *) ie->igtk;
820 54 : keyidx = WPA_GET_LE16(igtk->keyid);
821 54 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
822 : "pn %02x%02x%02x%02x%02x%02x",
823 : keyidx, MAC2STR(igtk->pn));
824 54 : wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
825 54 : igtk->igtk, len);
826 54 : if (keyidx > 4095) {
827 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
828 : "WPA: Invalid IGTK KeyID %d", keyidx);
829 0 : return -1;
830 : }
831 54 : if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
832 : broadcast_ether_addr,
833 54 : keyidx, 0, igtk->pn, sizeof(igtk->pn),
834 54 : igtk->igtk, len) < 0) {
835 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
836 : "WPA: Failed to configure IGTK to the driver");
837 0 : return -1;
838 : }
839 : }
840 :
841 54 : return 0;
842 : #else /* CONFIG_IEEE80211W */
843 : return 0;
844 : #endif /* CONFIG_IEEE80211W */
845 : }
846 :
847 :
848 2 : static void wpa_report_ie_mismatch(struct wpa_sm *sm,
849 : const char *reason, const u8 *src_addr,
850 : const u8 *wpa_ie, size_t wpa_ie_len,
851 : const u8 *rsn_ie, size_t rsn_ie_len)
852 : {
853 12 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
854 12 : reason, MAC2STR(src_addr));
855 :
856 2 : if (sm->ap_wpa_ie) {
857 0 : wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
858 0 : sm->ap_wpa_ie, sm->ap_wpa_ie_len);
859 : }
860 2 : if (wpa_ie) {
861 0 : if (!sm->ap_wpa_ie) {
862 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
863 : "WPA: No WPA IE in Beacon/ProbeResp");
864 : }
865 0 : wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
866 : wpa_ie, wpa_ie_len);
867 : }
868 :
869 2 : if (sm->ap_rsn_ie) {
870 4 : wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
871 2 : sm->ap_rsn_ie, sm->ap_rsn_ie_len);
872 : }
873 2 : if (rsn_ie) {
874 1 : if (!sm->ap_rsn_ie) {
875 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
876 : "WPA: No RSN IE in Beacon/ProbeResp");
877 : }
878 1 : wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
879 : rsn_ie, rsn_ie_len);
880 : }
881 :
882 2 : wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
883 2 : }
884 :
885 :
886 : #ifdef CONFIG_IEEE80211R
887 :
888 44 : static int ft_validate_mdie(struct wpa_sm *sm,
889 : const unsigned char *src_addr,
890 : struct wpa_eapol_ie_parse *ie,
891 : const u8 *assoc_resp_mdie)
892 : {
893 : struct rsn_mdie *mdie;
894 :
895 44 : mdie = (struct rsn_mdie *) (ie->mdie + 2);
896 88 : if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
897 44 : os_memcmp(mdie->mobility_domain, sm->mobility_domain,
898 : MOBILITY_DOMAIN_ID_LEN) != 0) {
899 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
900 : "not match with the current mobility domain");
901 0 : return -1;
902 : }
903 :
904 88 : if (assoc_resp_mdie &&
905 88 : (assoc_resp_mdie[1] != ie->mdie[1] ||
906 44 : os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
907 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
908 0 : wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
909 0 : ie->mdie, 2 + ie->mdie[1]);
910 0 : wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
911 0 : assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
912 0 : return -1;
913 : }
914 :
915 44 : return 0;
916 : }
917 :
918 :
919 44 : static int ft_validate_ftie(struct wpa_sm *sm,
920 : const unsigned char *src_addr,
921 : struct wpa_eapol_ie_parse *ie,
922 : const u8 *assoc_resp_ftie)
923 : {
924 44 : if (ie->ftie == NULL) {
925 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
926 : "FT: No FTIE in EAPOL-Key msg 3/4");
927 0 : return -1;
928 : }
929 :
930 44 : if (assoc_resp_ftie == NULL)
931 0 : return 0;
932 :
933 88 : if (assoc_resp_ftie[1] != ie->ftie[1] ||
934 44 : os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
935 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
936 0 : wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
937 0 : ie->ftie, 2 + ie->ftie[1]);
938 0 : wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
939 0 : assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
940 0 : return -1;
941 : }
942 :
943 44 : return 0;
944 : }
945 :
946 :
947 44 : static int ft_validate_rsnie(struct wpa_sm *sm,
948 : const unsigned char *src_addr,
949 : struct wpa_eapol_ie_parse *ie)
950 : {
951 : struct wpa_ie_data rsn;
952 :
953 44 : if (!ie->rsn_ie)
954 0 : return 0;
955 :
956 : /*
957 : * Verify that PMKR1Name from EAPOL-Key message 3/4
958 : * matches with the value we derived.
959 : */
960 88 : if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
961 88 : rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
962 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
963 : "FT 4-way handshake message 3/4");
964 0 : return -1;
965 : }
966 :
967 44 : if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
968 : {
969 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
970 : "FT: PMKR1Name mismatch in "
971 : "FT 4-way handshake message 3/4");
972 0 : wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
973 0 : rsn.pmkid, WPA_PMK_NAME_LEN);
974 0 : wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
975 0 : sm->pmk_r1_name, WPA_PMK_NAME_LEN);
976 0 : return -1;
977 : }
978 :
979 44 : return 0;
980 : }
981 :
982 :
983 44 : static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
984 : const unsigned char *src_addr,
985 : struct wpa_eapol_ie_parse *ie)
986 : {
987 44 : const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
988 :
989 44 : if (sm->assoc_resp_ies) {
990 44 : pos = sm->assoc_resp_ies;
991 44 : end = pos + sm->assoc_resp_ies_len;
992 176 : while (pos + 2 < end) {
993 88 : if (pos + 2 + pos[1] > end)
994 0 : break;
995 88 : switch (*pos) {
996 : case WLAN_EID_MOBILITY_DOMAIN:
997 44 : mdie = pos;
998 44 : break;
999 : case WLAN_EID_FAST_BSS_TRANSITION:
1000 44 : ftie = pos;
1001 44 : break;
1002 : }
1003 88 : pos += 2 + pos[1];
1004 : }
1005 : }
1006 :
1007 88 : if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1008 88 : ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1009 44 : ft_validate_rsnie(sm, src_addr, ie) < 0)
1010 0 : return -1;
1011 :
1012 44 : return 0;
1013 : }
1014 :
1015 : #endif /* CONFIG_IEEE80211R */
1016 :
1017 :
1018 1566 : static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1019 : const unsigned char *src_addr,
1020 : struct wpa_eapol_ie_parse *ie)
1021 : {
1022 1566 : if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1023 22 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1024 : "WPA: No WPA/RSN IE for this AP known. "
1025 : "Trying to get from scan results");
1026 22 : if (wpa_sm_get_beacon_ie(sm) < 0) {
1027 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1028 : "WPA: Could not find AP from "
1029 : "the scan results");
1030 : } else {
1031 22 : wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1032 : "WPA: Found the current AP from "
1033 : "updated scan results");
1034 : }
1035 : }
1036 :
1037 1569 : if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1038 6 : (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1039 1 : wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1040 : "with IE in Beacon/ProbeResp (no IE?)",
1041 : src_addr, ie->wpa_ie, ie->wpa_ie_len,
1042 : ie->rsn_ie, ie->rsn_ie_len);
1043 1 : return -1;
1044 : }
1045 :
1046 1618 : if ((ie->wpa_ie && sm->ap_wpa_ie &&
1047 106 : (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1048 1618 : os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1049 4641 : (ie->rsn_ie && sm->ap_rsn_ie &&
1050 3076 : wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1051 1538 : sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1052 : ie->rsn_ie, ie->rsn_ie_len))) {
1053 1 : wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1054 : "with IE in Beacon/ProbeResp",
1055 : src_addr, ie->wpa_ie, ie->wpa_ie_len,
1056 : ie->rsn_ie, ie->rsn_ie_len);
1057 1 : return -1;
1058 : }
1059 :
1060 1589 : if (sm->proto == WPA_PROTO_WPA &&
1061 25 : ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1062 0 : wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1063 : "detected - RSN was enabled and RSN IE "
1064 : "was in msg 3/4, but not in "
1065 : "Beacon/ProbeResp",
1066 : src_addr, ie->wpa_ie, ie->wpa_ie_len,
1067 : ie->rsn_ie, ie->rsn_ie_len);
1068 0 : return -1;
1069 : }
1070 :
1071 : #ifdef CONFIG_IEEE80211R
1072 1608 : if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1073 44 : wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1074 0 : return -1;
1075 : #endif /* CONFIG_IEEE80211R */
1076 :
1077 1564 : return 0;
1078 : }
1079 :
1080 :
1081 : /**
1082 : * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1083 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
1084 : * @dst: Destination address for the frame
1085 : * @key: Pointer to the EAPOL-Key frame header
1086 : * @ver: Version bits from EAPOL-Key Key Info
1087 : * @key_info: Key Info
1088 : * @ptk: PTK to use for keyed hash and encryption
1089 : * Returns: 0 on success, -1 on failure
1090 : */
1091 1563 : int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1092 : const struct wpa_eapol_key *key,
1093 : u16 ver, u16 key_info,
1094 : struct wpa_ptk *ptk)
1095 : {
1096 : size_t mic_len, hdrlen, rlen;
1097 : struct wpa_eapol_key *reply;
1098 : struct wpa_eapol_key_192 *reply192;
1099 : u8 *rbuf, *key_mic;
1100 :
1101 1563 : mic_len = wpa_mic_len(sm->key_mgmt);
1102 1563 : hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1103 1563 : rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1104 : hdrlen, &rlen, (void *) &reply);
1105 1563 : if (rbuf == NULL)
1106 0 : return -1;
1107 1563 : reply192 = (struct wpa_eapol_key_192 *) reply;
1108 :
1109 1590 : reply->type = (sm->proto == WPA_PROTO_RSN ||
1110 27 : sm->proto == WPA_PROTO_OSEN) ?
1111 : EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1112 1563 : key_info &= WPA_KEY_INFO_SECURE;
1113 1563 : key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1114 1563 : WPA_PUT_BE16(reply->key_info, key_info);
1115 1563 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1116 1538 : WPA_PUT_BE16(reply->key_length, 0);
1117 : else
1118 25 : os_memcpy(reply->key_length, key->key_length, 2);
1119 1563 : os_memcpy(reply->replay_counter, key->replay_counter,
1120 : WPA_REPLAY_COUNTER_LEN);
1121 :
1122 1563 : key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1123 1563 : if (mic_len == 24)
1124 3 : WPA_PUT_BE16(reply192->key_data_length, 0);
1125 : else
1126 1560 : WPA_PUT_BE16(reply->key_data_length, 0);
1127 :
1128 1563 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1129 1563 : wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
1130 : rbuf, rlen, key_mic);
1131 :
1132 1563 : return 0;
1133 : }
1134 :
1135 :
1136 1568 : static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1137 : const struct wpa_eapol_key *key,
1138 : u16 ver, const u8 *key_data,
1139 : size_t key_data_len)
1140 : {
1141 : u16 key_info, keylen;
1142 : struct wpa_eapol_ie_parse ie;
1143 :
1144 1568 : wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1145 1568 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1146 : "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1147 :
1148 1568 : key_info = WPA_GET_BE16(key->key_info);
1149 :
1150 1568 : wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1151 1568 : if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1152 1 : goto failed;
1153 1567 : if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1154 1 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1155 : "WPA: GTK IE in unencrypted key data");
1156 1 : goto failed;
1157 : }
1158 : #ifdef CONFIG_IEEE80211W
1159 1566 : if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1160 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1161 : "WPA: IGTK KDE in unencrypted key data");
1162 0 : goto failed;
1163 : }
1164 :
1165 1623 : if (ie.igtk &&
1166 111 : wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1167 108 : ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1168 54 : (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1169 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1170 : "WPA: Invalid IGTK KDE length %lu",
1171 : (unsigned long) ie.igtk_len);
1172 0 : goto failed;
1173 : }
1174 : #endif /* CONFIG_IEEE80211W */
1175 :
1176 1566 : if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1177 2 : goto failed;
1178 :
1179 1564 : if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1180 6 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1181 : "WPA: ANonce from message 1 of 4-Way Handshake "
1182 : "differs from 3 of 4-Way Handshake - drop packet (src="
1183 6 : MACSTR ")", MAC2STR(sm->bssid));
1184 1 : goto failed;
1185 : }
1186 :
1187 1563 : keylen = WPA_GET_BE16(key->key_length);
1188 1563 : if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1189 7 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1190 : "WPA: Invalid %s key length %d (src=" MACSTR
1191 1 : ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1192 6 : MAC2STR(sm->bssid));
1193 1 : goto failed;
1194 : }
1195 :
1196 : #ifdef CONFIG_P2P
1197 1562 : if (ie.ip_addr_alloc) {
1198 95 : os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1199 95 : wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1200 95 : sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1201 : }
1202 : #endif /* CONFIG_P2P */
1203 :
1204 1562 : if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1205 : &sm->ptk)) {
1206 0 : goto failed;
1207 : }
1208 :
1209 : /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1210 : * for the next 4-Way Handshake. If msg 3 is received again, the old
1211 : * SNonce will still be used to avoid changing PTK. */
1212 1562 : sm->renew_snonce = 1;
1213 :
1214 1562 : if (key_info & WPA_KEY_INFO_INSTALL) {
1215 1562 : if (wpa_supplicant_install_ptk(sm, key))
1216 0 : goto failed;
1217 : }
1218 :
1219 1562 : if (key_info & WPA_KEY_INFO_SECURE) {
1220 1537 : wpa_sm_mlme_setprotection(
1221 1537 : sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1222 : MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1223 1537 : eapol_sm_notify_portValid(sm->eapol, TRUE);
1224 : }
1225 1562 : wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1226 :
1227 1562 : if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1228 2 : wpa_supplicant_key_neg_complete(sm, sm->bssid,
1229 : key_info & WPA_KEY_INFO_SECURE);
1230 3094 : } else if (ie.gtk &&
1231 1534 : wpa_supplicant_pairwise_gtk(sm, key,
1232 : ie.gtk, ie.gtk_len, key_info) < 0) {
1233 2 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1234 : "RSN: Failed to configure GTK");
1235 2 : goto failed;
1236 : }
1237 :
1238 1560 : if (ieee80211w_set_keys(sm, &ie) < 0) {
1239 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1240 : "RSN: Failed to configure IGTK");
1241 0 : goto failed;
1242 : }
1243 :
1244 1560 : if (ie.gtk)
1245 1534 : wpa_sm_set_rekey_offload(sm);
1246 :
1247 1560 : if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1248 : struct rsn_pmksa_cache_entry *sa;
1249 :
1250 18 : sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
1251 6 : sm->ptk.kck, sm->ptk.kck_len,
1252 6 : sm->bssid, sm->own_addr,
1253 6 : sm->network_ctx, sm->key_mgmt);
1254 6 : if (!sm->cur_pmksa)
1255 6 : sm->cur_pmksa = sa;
1256 : }
1257 :
1258 1560 : sm->msg_3_of_4_ok = 1;
1259 3128 : return;
1260 :
1261 : failed:
1262 8 : wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1263 : }
1264 :
1265 :
1266 12 : static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1267 : const u8 *keydata,
1268 : size_t keydatalen,
1269 : u16 key_info,
1270 : struct wpa_gtk_data *gd)
1271 : {
1272 : int maxkeylen;
1273 : struct wpa_eapol_ie_parse ie;
1274 :
1275 12 : wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1276 12 : if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1277 0 : return -1;
1278 12 : if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1279 1 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1280 : "WPA: GTK IE in unencrypted key data");
1281 1 : return -1;
1282 : }
1283 11 : if (ie.gtk == NULL) {
1284 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1285 : "WPA: No GTK IE in Group Key msg 1/2");
1286 1 : return -1;
1287 : }
1288 10 : maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1289 :
1290 10 : if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1291 : gd->gtk_len, maxkeylen,
1292 : &gd->key_rsc_len, &gd->alg))
1293 1 : return -1;
1294 :
1295 18 : wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1296 9 : ie.gtk, ie.gtk_len);
1297 9 : gd->keyidx = ie.gtk[0] & 0x3;
1298 9 : gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1299 9 : !!(ie.gtk[0] & BIT(2)));
1300 9 : if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1301 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1302 : "RSN: Too long GTK in GTK IE (len=%lu)",
1303 0 : (unsigned long) ie.gtk_len - 2);
1304 0 : return -1;
1305 : }
1306 9 : os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1307 :
1308 9 : if (ieee80211w_set_keys(sm, &ie) < 0)
1309 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1310 : "RSN: Failed to configure IGTK");
1311 :
1312 9 : return 0;
1313 : }
1314 :
1315 :
1316 26 : static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1317 : const struct wpa_eapol_key *key,
1318 : const u8 *key_data,
1319 : size_t key_data_len, u16 key_info,
1320 : u16 ver, struct wpa_gtk_data *gd)
1321 : {
1322 : size_t maxkeylen;
1323 : u16 gtk_len;
1324 :
1325 26 : gtk_len = WPA_GET_BE16(key->key_length);
1326 26 : maxkeylen = key_data_len;
1327 26 : if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1328 1 : if (maxkeylen < 8) {
1329 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1330 : "WPA: Too short maxkeylen (%lu)",
1331 : (unsigned long) maxkeylen);
1332 0 : return -1;
1333 : }
1334 1 : maxkeylen -= 8;
1335 : }
1336 :
1337 52 : if (gtk_len > maxkeylen ||
1338 26 : wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1339 : gtk_len, maxkeylen,
1340 : &gd->key_rsc_len, &gd->alg))
1341 0 : return -1;
1342 :
1343 26 : gd->gtk_len = gtk_len;
1344 26 : gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1345 : WPA_KEY_INFO_KEY_INDEX_SHIFT;
1346 51 : if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1347 : #ifdef CONFIG_NO_RC4
1348 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1349 : "WPA: RC4 not supported in the build");
1350 : return -1;
1351 : #else /* CONFIG_NO_RC4 */
1352 : u8 ek[32];
1353 25 : if (key_data_len > sizeof(gd->gtk)) {
1354 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1355 : "WPA: RC4 key data too long (%lu)",
1356 : (unsigned long) key_data_len);
1357 0 : return -1;
1358 : }
1359 25 : os_memcpy(ek, key->key_iv, 16);
1360 25 : os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1361 25 : os_memcpy(gd->gtk, key_data, key_data_len);
1362 25 : if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1363 0 : os_memset(ek, 0, sizeof(ek));
1364 0 : wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1365 : "WPA: RC4 failed");
1366 0 : return -1;
1367 : }
1368 25 : os_memset(ek, 0, sizeof(ek));
1369 : #endif /* CONFIG_NO_RC4 */
1370 1 : } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1371 1 : if (maxkeylen % 8) {
1372 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1373 : "WPA: Unsupported AES-WRAP len %lu",
1374 : (unsigned long) maxkeylen);
1375 0 : return -1;
1376 : }
1377 1 : if (maxkeylen > sizeof(gd->gtk)) {
1378 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1379 : "WPA: AES-WRAP key data "
1380 : "too long (keydatalen=%lu maxkeylen=%lu)",
1381 : (unsigned long) key_data_len,
1382 : (unsigned long) maxkeylen);
1383 0 : return -1;
1384 : }
1385 1 : if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1386 1 : key_data, gd->gtk)) {
1387 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1388 : "WPA: AES unwrap failed - could not decrypt "
1389 : "GTK");
1390 0 : return -1;
1391 : }
1392 : } else {
1393 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1394 : "WPA: Unsupported key_info type %d", ver);
1395 0 : return -1;
1396 : }
1397 26 : gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1398 26 : sm, !!(key_info & WPA_KEY_INFO_TXRX));
1399 26 : return 0;
1400 : }
1401 :
1402 :
1403 35 : static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1404 : const struct wpa_eapol_key *key,
1405 : int ver, u16 key_info)
1406 : {
1407 : size_t mic_len, hdrlen, rlen;
1408 : struct wpa_eapol_key *reply;
1409 : struct wpa_eapol_key_192 *reply192;
1410 : u8 *rbuf, *key_mic;
1411 :
1412 35 : mic_len = wpa_mic_len(sm->key_mgmt);
1413 35 : hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1414 35 : rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1415 : hdrlen, &rlen, (void *) &reply);
1416 35 : if (rbuf == NULL)
1417 0 : return -1;
1418 35 : reply192 = (struct wpa_eapol_key_192 *) reply;
1419 :
1420 61 : reply->type = (sm->proto == WPA_PROTO_RSN ||
1421 26 : sm->proto == WPA_PROTO_OSEN) ?
1422 : EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1423 35 : key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1424 35 : key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1425 35 : WPA_PUT_BE16(reply->key_info, key_info);
1426 35 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1427 9 : WPA_PUT_BE16(reply->key_length, 0);
1428 : else
1429 26 : os_memcpy(reply->key_length, key->key_length, 2);
1430 35 : os_memcpy(reply->replay_counter, key->replay_counter,
1431 : WPA_REPLAY_COUNTER_LEN);
1432 :
1433 35 : key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1434 35 : if (mic_len == 24)
1435 0 : WPA_PUT_BE16(reply192->key_data_length, 0);
1436 : else
1437 35 : WPA_PUT_BE16(reply->key_data_length, 0);
1438 :
1439 35 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1440 35 : wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
1441 : ETH_P_EAPOL, rbuf, rlen, key_mic);
1442 :
1443 35 : return 0;
1444 : }
1445 :
1446 :
1447 39 : static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1448 : const unsigned char *src_addr,
1449 : const struct wpa_eapol_key *key,
1450 : const u8 *key_data,
1451 : size_t key_data_len, u16 ver)
1452 : {
1453 : u16 key_info;
1454 : int rekey, ret;
1455 : struct wpa_gtk_data gd;
1456 :
1457 39 : if (!sm->msg_3_of_4_ok) {
1458 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1459 : "WPA: Group Key Handshake started prior to completion of 4-way handshake");
1460 1 : goto failed;
1461 : }
1462 :
1463 38 : os_memset(&gd, 0, sizeof(gd));
1464 :
1465 38 : rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1466 38 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1467 : "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1468 :
1469 38 : key_info = WPA_GET_BE16(key->key_info);
1470 :
1471 38 : if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1472 12 : ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1473 : key_data_len, key_info,
1474 : &gd);
1475 : } else {
1476 26 : ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1477 : key_data_len,
1478 : key_info, ver, &gd);
1479 : }
1480 :
1481 38 : wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1482 :
1483 38 : if (ret)
1484 3 : goto failed;
1485 :
1486 70 : if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1487 35 : wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1488 : goto failed;
1489 35 : os_memset(&gd, 0, sizeof(gd));
1490 :
1491 35 : if (rekey) {
1492 70 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1493 : "completed with " MACSTR " [GTK=%s]",
1494 70 : MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1495 10 : wpa_sm_cancel_auth_timeout(sm);
1496 10 : wpa_sm_set_state(sm, WPA_COMPLETED);
1497 : } else {
1498 25 : wpa_supplicant_key_neg_complete(sm, sm->bssid,
1499 : key_info &
1500 : WPA_KEY_INFO_SECURE);
1501 : }
1502 :
1503 35 : wpa_sm_set_rekey_offload(sm);
1504 :
1505 74 : return;
1506 :
1507 : failed:
1508 4 : os_memset(&gd, 0, sizeof(gd));
1509 4 : wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1510 : }
1511 :
1512 :
1513 1623 : static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1514 : struct wpa_eapol_key_192 *key,
1515 : u16 ver,
1516 : const u8 *buf, size_t len)
1517 : {
1518 : u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1519 1623 : int ok = 0;
1520 1623 : size_t mic_len = wpa_mic_len(sm->key_mgmt);
1521 :
1522 1623 : os_memcpy(mic, key->key_mic, mic_len);
1523 1623 : if (sm->tptk_set) {
1524 1568 : os_memset(key->key_mic, 0, mic_len);
1525 1568 : wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1526 1568 : ver, buf, len, key->key_mic);
1527 1568 : if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1528 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1529 : "WPA: Invalid EAPOL-Key MIC "
1530 : "when using TPTK - ignoring TPTK");
1531 : } else {
1532 1568 : ok = 1;
1533 1568 : sm->tptk_set = 0;
1534 1568 : sm->ptk_set = 1;
1535 1568 : os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1536 1568 : os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1537 : }
1538 : }
1539 :
1540 1623 : if (!ok && sm->ptk_set) {
1541 55 : os_memset(key->key_mic, 0, mic_len);
1542 55 : wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1543 55 : ver, buf, len, key->key_mic);
1544 55 : if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1545 1 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1546 : "WPA: Invalid EAPOL-Key MIC - "
1547 : "dropping packet");
1548 1 : return -1;
1549 : }
1550 54 : ok = 1;
1551 : }
1552 :
1553 1622 : if (!ok) {
1554 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1555 : "WPA: Could not verify EAPOL-Key MIC - "
1556 : "dropping packet");
1557 0 : return -1;
1558 : }
1559 :
1560 1622 : os_memcpy(sm->rx_replay_counter, key->replay_counter,
1561 : WPA_REPLAY_COUNTER_LEN);
1562 1622 : sm->rx_replay_counter_set = 1;
1563 1622 : return 0;
1564 : }
1565 :
1566 :
1567 : /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1568 1563 : static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1569 : struct wpa_eapol_key *key, u16 ver,
1570 : u8 *key_data, size_t *key_data_len)
1571 : {
1572 1563 : wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1573 : key_data, *key_data_len);
1574 1563 : if (!sm->ptk_set) {
1575 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1576 : "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1577 : "Data");
1578 0 : return -1;
1579 : }
1580 :
1581 : /* Decrypt key data here so that this operation does not need
1582 : * to be implemented separately for each message type. */
1583 1565 : if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1584 : #ifdef CONFIG_NO_RC4
1585 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1586 : "WPA: RC4 not supported in the build");
1587 : return -1;
1588 : #else /* CONFIG_NO_RC4 */
1589 : u8 ek[32];
1590 2 : os_memcpy(ek, key->key_iv, 16);
1591 2 : os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1592 2 : if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1593 0 : os_memset(ek, 0, sizeof(ek));
1594 0 : wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1595 : "WPA: RC4 failed");
1596 0 : return -1;
1597 : }
1598 2 : os_memset(ek, 0, sizeof(ek));
1599 : #endif /* CONFIG_NO_RC4 */
1600 1561 : } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1601 8 : ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1602 14 : sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1603 1561 : wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1604 : u8 *buf;
1605 1561 : if (*key_data_len < 8 || *key_data_len % 8) {
1606 3 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1607 : "WPA: Unsupported AES-WRAP len %u",
1608 3 : (unsigned int) *key_data_len);
1609 3 : return -1;
1610 : }
1611 1558 : *key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1612 1558 : buf = os_malloc(*key_data_len);
1613 1558 : if (buf == NULL) {
1614 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1615 : "WPA: No memory for AES-UNWRAP buffer");
1616 0 : return -1;
1617 : }
1618 1558 : if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1619 : key_data, buf)) {
1620 3 : os_free(buf);
1621 3 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1622 : "WPA: AES unwrap failed - "
1623 : "could not decrypt EAPOL-Key key data");
1624 3 : return -1;
1625 : }
1626 1555 : os_memcpy(key_data, buf, *key_data_len);
1627 1555 : os_free(buf);
1628 1555 : WPA_PUT_BE16(key->key_data_length, *key_data_len);
1629 : } else {
1630 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1631 : "WPA: Unsupported key_info type %d", ver);
1632 0 : return -1;
1633 : }
1634 1557 : wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1635 : key_data, *key_data_len);
1636 1557 : return 0;
1637 : }
1638 :
1639 :
1640 : /**
1641 : * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1642 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
1643 : */
1644 61 : void wpa_sm_aborted_cached(struct wpa_sm *sm)
1645 : {
1646 61 : if (sm && sm->cur_pmksa) {
1647 43 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1648 : "RSN: Cancelling PMKSA caching attempt");
1649 43 : sm->cur_pmksa = NULL;
1650 : }
1651 61 : }
1652 :
1653 :
1654 3236 : static void wpa_eapol_key_dump(struct wpa_sm *sm,
1655 : const struct wpa_eapol_key *key,
1656 : unsigned int key_data_len,
1657 : const u8 *mic, unsigned int mic_len)
1658 : {
1659 : #ifndef CONFIG_NO_STDOUT_DEBUG
1660 3236 : u16 key_info = WPA_GET_BE16(key->key_info);
1661 :
1662 3236 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1663 3236 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1664 : " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1665 : key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1666 : (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1667 : WPA_KEY_INFO_KEY_INDEX_SHIFT,
1668 : (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1669 : key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1670 : key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1671 : key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1672 : key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1673 : key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1674 : key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1675 : key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1676 : key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1677 3236 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1678 : " key_length=%u key_data_length=%u",
1679 : WPA_GET_BE16(key->key_length), key_data_len);
1680 3236 : wpa_hexdump(MSG_DEBUG, " replay_counter",
1681 3236 : key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1682 3236 : wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
1683 3236 : wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
1684 3236 : wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
1685 3236 : wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
1686 3236 : wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
1687 : #endif /* CONFIG_NO_STDOUT_DEBUG */
1688 3236 : }
1689 :
1690 :
1691 : /**
1692 : * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1693 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
1694 : * @src_addr: Source MAC address of the EAPOL packet
1695 : * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1696 : * @len: Length of the EAPOL frame
1697 : * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1698 : *
1699 : * This function is called for each received EAPOL frame. Other than EAPOL-Key
1700 : * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1701 : * only processing WPA and WPA2 EAPOL-Key frames.
1702 : *
1703 : * The received EAPOL-Key packets are validated and valid packets are replied
1704 : * to. In addition, key material (PTK, GTK) is configured at the end of a
1705 : * successful key handshake.
1706 : */
1707 3242 : int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1708 : const u8 *buf, size_t len)
1709 : {
1710 : size_t plen, data_len, key_data_len;
1711 : const struct ieee802_1x_hdr *hdr;
1712 : struct wpa_eapol_key *key;
1713 : struct wpa_eapol_key_192 *key192;
1714 : u16 key_info, ver;
1715 3242 : u8 *tmp = NULL;
1716 3242 : int ret = -1;
1717 3242 : struct wpa_peerkey *peerkey = NULL;
1718 : u8 *key_data;
1719 : size_t mic_len, keyhdrlen;
1720 :
1721 : #ifdef CONFIG_IEEE80211R
1722 3242 : sm->ft_completed = 0;
1723 : #endif /* CONFIG_IEEE80211R */
1724 :
1725 3242 : mic_len = wpa_mic_len(sm->key_mgmt);
1726 3242 : keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1727 :
1728 3242 : if (len < sizeof(*hdr) + keyhdrlen) {
1729 4 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1730 : "WPA: EAPOL frame too short to be a WPA "
1731 : "EAPOL-Key (len %lu, expecting at least %lu)",
1732 : (unsigned long) len,
1733 : (unsigned long) sizeof(*hdr) + keyhdrlen);
1734 4 : return 0;
1735 : }
1736 :
1737 3238 : hdr = (const struct ieee802_1x_hdr *) buf;
1738 3238 : plen = be_to_host16(hdr->length);
1739 3238 : data_len = plen + sizeof(*hdr);
1740 3238 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1741 : "IEEE 802.1X RX: version=%d type=%d length=%lu",
1742 : hdr->version, hdr->type, (unsigned long) plen);
1743 :
1744 3238 : if (hdr->version < EAPOL_VERSION) {
1745 : /* TODO: backwards compatibility */
1746 : }
1747 3238 : if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1748 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1749 : "WPA: EAPOL frame (type %u) discarded, "
1750 : "not a Key frame", hdr->type);
1751 0 : ret = 0;
1752 0 : goto out;
1753 : }
1754 3238 : wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1755 3238 : if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1756 1 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1757 : "WPA: EAPOL frame payload size %lu "
1758 : "invalid (frame size %lu)",
1759 : (unsigned long) plen, (unsigned long) len);
1760 1 : ret = 0;
1761 1 : goto out;
1762 : }
1763 3237 : if (data_len < len) {
1764 1 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1765 : "WPA: ignoring %lu bytes after the IEEE 802.1X data",
1766 : (unsigned long) len - data_len);
1767 : }
1768 :
1769 : /*
1770 : * Make a copy of the frame since we need to modify the buffer during
1771 : * MAC validation and Key Data decryption.
1772 : */
1773 3237 : tmp = os_malloc(data_len);
1774 3237 : if (tmp == NULL)
1775 0 : goto out;
1776 3237 : os_memcpy(tmp, buf, data_len);
1777 3237 : key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1778 3237 : key192 = (struct wpa_eapol_key_192 *)
1779 : (tmp + sizeof(struct ieee802_1x_hdr));
1780 3237 : if (mic_len == 24)
1781 6 : key_data = (u8 *) (key192 + 1);
1782 : else
1783 3231 : key_data = (u8 *) (key + 1);
1784 :
1785 3237 : if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1786 : {
1787 1 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1788 : "WPA: EAPOL-Key type (%d) unknown, discarded",
1789 : key->type);
1790 1 : ret = 0;
1791 1 : goto out;
1792 : }
1793 :
1794 3236 : if (mic_len == 24)
1795 6 : key_data_len = WPA_GET_BE16(key192->key_data_length);
1796 : else
1797 3230 : key_data_len = WPA_GET_BE16(key->key_data_length);
1798 3236 : wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1799 :
1800 3236 : if (key_data_len > plen - keyhdrlen) {
1801 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1802 : "frame - key_data overflow (%u > %u)",
1803 : (unsigned int) key_data_len,
1804 : (unsigned int) (plen - keyhdrlen));
1805 1 : goto out;
1806 : }
1807 :
1808 3235 : eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1809 3235 : key_info = WPA_GET_BE16(key->key_info);
1810 3235 : ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1811 3235 : if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1812 : #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1813 3006 : ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1814 : #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1815 19 : ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1816 26 : !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1817 7 : sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1818 3 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1819 : "WPA: Unsupported EAPOL-Key descriptor version %d",
1820 : ver);
1821 3 : goto out;
1822 : }
1823 :
1824 3232 : if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1825 : ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1826 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1827 : "OSEN: Unsupported EAPOL-Key descriptor version %d",
1828 : ver);
1829 0 : goto out;
1830 : }
1831 :
1832 3232 : if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1833 : ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1834 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1835 : "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1836 : ver);
1837 0 : goto out;
1838 : }
1839 :
1840 : #ifdef CONFIG_IEEE80211R
1841 3232 : if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1842 : /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1843 92 : if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1844 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1845 : "FT: AP did not use AES-128-CMAC");
1846 0 : goto out;
1847 : }
1848 : } else
1849 : #endif /* CONFIG_IEEE80211R */
1850 : #ifdef CONFIG_IEEE80211W
1851 3140 : if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1852 76 : if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1853 16 : sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1854 6 : !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1855 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1856 : "WPA: AP did not use the "
1857 : "negotiated AES-128-CMAC");
1858 0 : goto out;
1859 : }
1860 : } else
1861 : #endif /* CONFIG_IEEE80211W */
1862 6057 : if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1863 5966 : !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1864 : ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1865 2 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1866 : "WPA: CCMP is used, but EAPOL-Key "
1867 : "descriptor version (%d) is not 2", ver);
1868 3 : if (sm->group_cipher != WPA_CIPHER_CCMP &&
1869 0 : !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1870 : /* Earlier versions of IEEE 802.11i did not explicitly
1871 : * require version 2 descriptor for all EAPOL-Key
1872 : * packets, so allow group keys to use version 1 if
1873 : * CCMP is not used for them. */
1874 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1875 : "WPA: Backwards compatibility: allow invalid "
1876 : "version for non-CCMP group keys");
1877 2 : } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1878 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1879 : "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1880 : } else
1881 1 : goto out;
1882 3074 : } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1883 4 : !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1884 : ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1885 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1886 : "WPA: GCMP is used, but EAPOL-Key "
1887 : "descriptor version (%d) is not 2", ver);
1888 0 : goto out;
1889 : }
1890 :
1891 : #ifdef CONFIG_PEERKEY
1892 3237 : for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1893 10 : if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1894 4 : break;
1895 : }
1896 :
1897 3231 : if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1898 4 : if (!peerkey->initiator && peerkey->replay_counter_set &&
1899 0 : os_memcmp(key->replay_counter, peerkey->replay_counter,
1900 : WPA_REPLAY_COUNTER_LEN) <= 0) {
1901 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1902 : "RSN: EAPOL-Key Replay Counter did not "
1903 : "increase (STK) - dropping packet");
1904 0 : goto out;
1905 4 : } else if (peerkey->initiator) {
1906 : u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1907 2 : os_memcpy(_tmp, key->replay_counter,
1908 : WPA_REPLAY_COUNTER_LEN);
1909 2 : inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1910 2 : if (os_memcmp(_tmp, peerkey->replay_counter,
1911 : WPA_REPLAY_COUNTER_LEN) != 0) {
1912 0 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1913 : "RSN: EAPOL-Key Replay "
1914 : "Counter did not match (STK) - "
1915 : "dropping packet");
1916 0 : goto out;
1917 : }
1918 : }
1919 : }
1920 :
1921 3231 : if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1922 0 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1923 : "RSN: Ack bit in key_info from STK peer");
1924 0 : goto out;
1925 : }
1926 : #endif /* CONFIG_PEERKEY */
1927 :
1928 3464 : if (!peerkey && sm->rx_replay_counter_set &&
1929 233 : os_memcmp(key->replay_counter, sm->rx_replay_counter,
1930 : WPA_REPLAY_COUNTER_LEN) <= 0) {
1931 1 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1932 : "WPA: EAPOL-Key Replay Counter did not increase - "
1933 : "dropping packet");
1934 1 : goto out;
1935 : }
1936 :
1937 3230 : if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1938 : #ifdef CONFIG_PEERKEY
1939 3 : && (peerkey == NULL || !peerkey->initiator)
1940 : #endif /* CONFIG_PEERKEY */
1941 : ) {
1942 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1943 : "WPA: No Ack bit in key_info");
1944 1 : goto out;
1945 : }
1946 :
1947 3229 : if (key_info & WPA_KEY_INFO_REQUEST) {
1948 1 : wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1949 : "WPA: EAPOL-Key with Request bit - dropped");
1950 1 : goto out;
1951 : }
1952 :
1953 4851 : if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1954 1623 : wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
1955 1 : goto out;
1956 :
1957 : #ifdef CONFIG_PEERKEY
1958 3230 : if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1959 3 : peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
1960 : data_len))
1961 0 : goto out;
1962 : #endif /* CONFIG_PEERKEY */
1963 :
1964 6378 : if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
1965 3151 : (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1966 1563 : if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
1967 : &key_data_len))
1968 6 : goto out;
1969 : }
1970 :
1971 3221 : if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1972 3174 : if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1973 1 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1974 : "WPA: Ignored EAPOL-Key (Pairwise) with "
1975 : "non-zero key index");
1976 1 : goto out;
1977 : }
1978 3173 : if (peerkey) {
1979 : /* PeerKey 4-Way Handshake */
1980 4 : peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
1981 : key_data, key_data_len);
1982 3169 : } else if (key_info & WPA_KEY_INFO_MIC) {
1983 : /* 3/4 4-Way Handshake */
1984 1568 : wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
1985 : key_data_len);
1986 : } else {
1987 : /* 1/4 4-Way Handshake */
1988 1601 : wpa_supplicant_process_1_of_4(sm, src_addr, key,
1989 : ver, key_data,
1990 : key_data_len);
1991 : }
1992 47 : } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1993 : /* PeerKey SMK Handshake */
1994 8 : peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
1995 : ver);
1996 : } else {
1997 39 : if (key_info & WPA_KEY_INFO_MIC) {
1998 : /* 1/2 Group Key Handshake */
1999 39 : wpa_supplicant_process_1_of_2(sm, src_addr, key,
2000 : key_data, key_data_len,
2001 : ver);
2002 : } else {
2003 0 : wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2004 : "WPA: EAPOL-Key (Group) without Mic bit - "
2005 : "dropped");
2006 : }
2007 : }
2008 :
2009 3220 : ret = 1;
2010 :
2011 : out:
2012 3238 : bin_clear_free(tmp, data_len);
2013 3238 : return ret;
2014 : }
2015 :
2016 :
2017 : #ifdef CONFIG_CTRL_IFACE
2018 408 : static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2019 : {
2020 408 : switch (sm->key_mgmt) {
2021 : case WPA_KEY_MGMT_IEEE8021X:
2022 40 : return ((sm->proto == WPA_PROTO_RSN ||
2023 8 : sm->proto == WPA_PROTO_OSEN) ?
2024 24 : RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2025 : WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2026 : case WPA_KEY_MGMT_PSK:
2027 32 : return (sm->proto == WPA_PROTO_RSN ?
2028 16 : RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2029 : WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2030 : #ifdef CONFIG_IEEE80211R
2031 : case WPA_KEY_MGMT_FT_IEEE8021X:
2032 8 : return RSN_AUTH_KEY_MGMT_FT_802_1X;
2033 : case WPA_KEY_MGMT_FT_PSK:
2034 8 : return RSN_AUTH_KEY_MGMT_FT_PSK;
2035 : #endif /* CONFIG_IEEE80211R */
2036 : #ifdef CONFIG_IEEE80211W
2037 : case WPA_KEY_MGMT_IEEE8021X_SHA256:
2038 8 : return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2039 : case WPA_KEY_MGMT_PSK_SHA256:
2040 16 : return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2041 : #endif /* CONFIG_IEEE80211W */
2042 : case WPA_KEY_MGMT_CCKM:
2043 0 : return (sm->proto == WPA_PROTO_RSN ?
2044 : RSN_AUTH_KEY_MGMT_CCKM:
2045 : WPA_AUTH_KEY_MGMT_CCKM);
2046 : case WPA_KEY_MGMT_WPA_NONE:
2047 0 : return WPA_AUTH_KEY_MGMT_NONE;
2048 : case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2049 0 : return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2050 : case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2051 0 : return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2052 : default:
2053 336 : return 0;
2054 : }
2055 : }
2056 :
2057 :
2058 : #define RSN_SUITE "%02x-%02x-%02x-%d"
2059 : #define RSN_SUITE_ARG(s) \
2060 : ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2061 :
2062 : /**
2063 : * wpa_sm_get_mib - Dump text list of MIB entries
2064 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2065 : * @buf: Buffer for the list
2066 : * @buflen: Length of the buffer
2067 : * Returns: Number of bytes written to buffer
2068 : *
2069 : * This function is used fetch dot11 MIB variables.
2070 : */
2071 51 : int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2072 : {
2073 : char pmkid_txt[PMKID_LEN * 2 + 1];
2074 : int rsna, ret;
2075 : size_t len;
2076 :
2077 51 : if (sm->cur_pmksa) {
2078 2 : wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2079 2 : sm->cur_pmksa->pmkid, PMKID_LEN);
2080 : } else
2081 49 : pmkid_txt[0] = '\0';
2082 :
2083 97 : if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2084 55 : wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2085 9 : sm->proto == WPA_PROTO_RSN)
2086 7 : rsna = 1;
2087 : else
2088 44 : rsna = 0;
2089 :
2090 102 : ret = os_snprintf(buf, buflen,
2091 : "dot11RSNAOptionImplemented=TRUE\n"
2092 : "dot11RSNAPreauthenticationImplemented=TRUE\n"
2093 : "dot11RSNAEnabled=%s\n"
2094 : "dot11RSNAPreauthenticationEnabled=%s\n"
2095 : "dot11RSNAConfigVersion=%d\n"
2096 : "dot11RSNAConfigPairwiseKeysSupported=5\n"
2097 : "dot11RSNAConfigGroupCipherSize=%d\n"
2098 : "dot11RSNAConfigPMKLifetime=%d\n"
2099 : "dot11RSNAConfigPMKReauthThreshold=%d\n"
2100 : "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2101 : "dot11RSNAConfigSATimeout=%d\n",
2102 : rsna ? "TRUE" : "FALSE",
2103 : rsna ? "TRUE" : "FALSE",
2104 : RSN_VERSION,
2105 51 : wpa_cipher_key_len(sm->group_cipher) * 8,
2106 : sm->dot11RSNAConfigPMKLifetime,
2107 : sm->dot11RSNAConfigPMKReauthThreshold,
2108 : sm->dot11RSNAConfigSATimeout);
2109 51 : if (os_snprintf_error(buflen, ret))
2110 0 : return 0;
2111 51 : len = ret;
2112 :
2113 1275 : ret = os_snprintf(
2114 : buf + len, buflen - len,
2115 : "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2116 : "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2117 : "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2118 : "dot11RSNAPMKIDUsed=%s\n"
2119 : "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2120 : "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2121 : "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2122 : "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2123 : "dot11RSNA4WayHandshakeFailures=%u\n",
2124 204 : RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2125 204 : RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2126 : sm->pairwise_cipher)),
2127 204 : RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2128 : sm->group_cipher)),
2129 : pmkid_txt,
2130 204 : RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2131 204 : RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2132 : sm->pairwise_cipher)),
2133 204 : RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2134 : sm->group_cipher)),
2135 : sm->dot11RSNA4WayHandshakeFailures);
2136 51 : if (!os_snprintf_error(buflen - len, ret))
2137 51 : len += ret;
2138 :
2139 51 : return (int) len;
2140 : }
2141 : #endif /* CONFIG_CTRL_IFACE */
2142 :
2143 :
2144 781 : static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2145 : void *ctx, enum pmksa_free_reason reason)
2146 : {
2147 781 : struct wpa_sm *sm = ctx;
2148 781 : int deauth = 0;
2149 :
2150 781 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2151 : MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2152 :
2153 781 : if (sm->cur_pmksa == entry) {
2154 37 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2155 : "RSN: %s current PMKSA entry",
2156 : reason == PMKSA_REPLACE ? "replaced" : "removed");
2157 37 : pmksa_cache_clear_current(sm);
2158 :
2159 : /*
2160 : * If an entry is simply being replaced, there's no need to
2161 : * deauthenticate because it will be immediately re-added.
2162 : * This happens when EAP authentication is completed again
2163 : * (reauth or failed PMKSA caching attempt).
2164 : */
2165 37 : if (reason != PMKSA_REPLACE)
2166 34 : deauth = 1;
2167 : }
2168 :
2169 782 : if (reason == PMKSA_EXPIRE &&
2170 2 : (sm->pmk_len == entry->pmk_len &&
2171 1 : os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2172 1 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2173 : "RSN: deauthenticating due to expired PMK");
2174 1 : pmksa_cache_clear_current(sm);
2175 1 : deauth = 1;
2176 : }
2177 :
2178 781 : if (deauth) {
2179 35 : os_memset(sm->pmk, 0, sizeof(sm->pmk));
2180 35 : wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2181 : }
2182 781 : }
2183 :
2184 :
2185 : /**
2186 : * wpa_sm_init - Initialize WPA state machine
2187 : * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2188 : * Returns: Pointer to the allocated WPA state machine data
2189 : *
2190 : * This function is used to allocate a new WPA state machine and the returned
2191 : * value is passed to all WPA state machine calls.
2192 : */
2193 603 : struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2194 : {
2195 : struct wpa_sm *sm;
2196 :
2197 603 : sm = os_zalloc(sizeof(*sm));
2198 603 : if (sm == NULL)
2199 1 : return NULL;
2200 602 : dl_list_init(&sm->pmksa_candidates);
2201 602 : sm->renew_snonce = 1;
2202 602 : sm->ctx = ctx;
2203 :
2204 602 : sm->dot11RSNAConfigPMKLifetime = 43200;
2205 602 : sm->dot11RSNAConfigPMKReauthThreshold = 70;
2206 602 : sm->dot11RSNAConfigSATimeout = 60;
2207 :
2208 602 : sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2209 602 : if (sm->pmksa == NULL) {
2210 1 : wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2211 : "RSN: PMKSA cache initialization failed");
2212 1 : os_free(sm);
2213 1 : return NULL;
2214 : }
2215 :
2216 601 : return sm;
2217 : }
2218 :
2219 :
2220 : /**
2221 : * wpa_sm_deinit - Deinitialize WPA state machine
2222 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2223 : */
2224 626 : void wpa_sm_deinit(struct wpa_sm *sm)
2225 : {
2226 626 : if (sm == NULL)
2227 651 : return;
2228 601 : pmksa_cache_deinit(sm->pmksa);
2229 601 : eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2230 601 : eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2231 601 : os_free(sm->assoc_wpa_ie);
2232 601 : os_free(sm->ap_wpa_ie);
2233 601 : os_free(sm->ap_rsn_ie);
2234 601 : wpa_sm_drop_sa(sm);
2235 601 : os_free(sm->ctx);
2236 601 : peerkey_deinit(sm);
2237 : #ifdef CONFIG_IEEE80211R
2238 601 : os_free(sm->assoc_resp_ies);
2239 : #endif /* CONFIG_IEEE80211R */
2240 601 : os_free(sm);
2241 : }
2242 :
2243 :
2244 : /**
2245 : * wpa_sm_notify_assoc - Notify WPA state machine about association
2246 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2247 : * @bssid: The BSSID of the new association
2248 : *
2249 : * This function is called to let WPA state machine know that the connection
2250 : * was established.
2251 : */
2252 3340 : void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2253 : {
2254 3340 : int clear_ptk = 1;
2255 :
2256 3340 : if (sm == NULL)
2257 3340 : return;
2258 :
2259 3340 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2260 : "WPA: Association event - clear replay counter");
2261 3340 : os_memcpy(sm->bssid, bssid, ETH_ALEN);
2262 3340 : os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2263 3340 : sm->rx_replay_counter_set = 0;
2264 3340 : sm->renew_snonce = 1;
2265 3340 : if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2266 0 : rsn_preauth_deinit(sm);
2267 :
2268 : #ifdef CONFIG_IEEE80211R
2269 3340 : if (wpa_ft_is_completed(sm)) {
2270 : /*
2271 : * Clear portValid to kick EAPOL state machine to re-enter
2272 : * AUTHENTICATED state to get the EAPOL port Authorized.
2273 : */
2274 223 : eapol_sm_notify_portValid(sm->eapol, FALSE);
2275 223 : wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2276 :
2277 : /* Prepare for the next transition */
2278 223 : wpa_ft_prepare_auth_request(sm, NULL);
2279 :
2280 223 : clear_ptk = 0;
2281 : }
2282 : #endif /* CONFIG_IEEE80211R */
2283 :
2284 3340 : if (clear_ptk) {
2285 : /*
2286 : * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2287 : * this is not part of a Fast BSS Transition.
2288 : */
2289 3117 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2290 3117 : sm->ptk_set = 0;
2291 3117 : os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2292 3117 : sm->tptk_set = 0;
2293 3117 : os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2294 : }
2295 :
2296 : #ifdef CONFIG_TDLS
2297 3340 : wpa_tdls_assoc(sm);
2298 : #endif /* CONFIG_TDLS */
2299 :
2300 : #ifdef CONFIG_P2P
2301 3340 : os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2302 : #endif /* CONFIG_P2P */
2303 : }
2304 :
2305 :
2306 : /**
2307 : * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2308 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2309 : *
2310 : * This function is called to let WPA state machine know that the connection
2311 : * was lost. This will abort any existing pre-authentication session.
2312 : */
2313 3443 : void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2314 : {
2315 3443 : eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2316 3443 : eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2317 3443 : peerkey_deinit(sm);
2318 3443 : rsn_preauth_deinit(sm);
2319 3443 : pmksa_cache_clear_current(sm);
2320 3443 : if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2321 22 : sm->dot11RSNA4WayHandshakeFailures++;
2322 : #ifdef CONFIG_TDLS
2323 3443 : wpa_tdls_disassoc(sm);
2324 : #endif /* CONFIG_TDLS */
2325 :
2326 : /* Keys are not needed in the WPA state machine anymore */
2327 3443 : wpa_sm_drop_sa(sm);
2328 :
2329 3443 : sm->msg_3_of_4_ok = 0;
2330 3443 : }
2331 :
2332 :
2333 : /**
2334 : * wpa_sm_set_pmk - Set PMK
2335 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2336 : * @pmk: The new PMK
2337 : * @pmk_len: The length of the new PMK in bytes
2338 : * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2339 : *
2340 : * Configure the PMK for WPA state machine.
2341 : */
2342 1175 : void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2343 : const u8 *bssid)
2344 : {
2345 1175 : if (sm == NULL)
2346 1175 : return;
2347 :
2348 1175 : sm->pmk_len = pmk_len;
2349 1175 : os_memcpy(sm->pmk, pmk, pmk_len);
2350 :
2351 : #ifdef CONFIG_IEEE80211R
2352 : /* Set XXKey to be PSK for FT key derivation */
2353 1175 : sm->xxkey_len = pmk_len;
2354 1175 : os_memcpy(sm->xxkey, pmk, pmk_len);
2355 : #endif /* CONFIG_IEEE80211R */
2356 :
2357 1175 : if (bssid) {
2358 120 : pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
2359 60 : bssid, sm->own_addr,
2360 60 : sm->network_ctx, sm->key_mgmt);
2361 : }
2362 : }
2363 :
2364 :
2365 : /**
2366 : * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2367 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2368 : *
2369 : * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2370 : * will be cleared.
2371 : */
2372 1204 : void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2373 : {
2374 1204 : if (sm == NULL)
2375 1204 : return;
2376 :
2377 1204 : if (sm->cur_pmksa) {
2378 110 : sm->pmk_len = sm->cur_pmksa->pmk_len;
2379 110 : os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2380 : } else {
2381 1094 : sm->pmk_len = PMK_LEN;
2382 1094 : os_memset(sm->pmk, 0, PMK_LEN);
2383 : }
2384 : }
2385 :
2386 :
2387 : /**
2388 : * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2389 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2390 : * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2391 : */
2392 588 : void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2393 : {
2394 588 : if (sm)
2395 588 : sm->fast_reauth = fast_reauth;
2396 588 : }
2397 :
2398 :
2399 : /**
2400 : * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2401 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2402 : * @scard_ctx: Context pointer for smartcard related callback functions
2403 : */
2404 612 : void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2405 : {
2406 612 : if (sm == NULL)
2407 637 : return;
2408 587 : sm->scard_ctx = scard_ctx;
2409 587 : if (sm->preauth_eapol)
2410 0 : eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2411 : }
2412 :
2413 :
2414 : /**
2415 : * wpa_sm_set_config - Notification of current configration change
2416 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2417 : * @config: Pointer to current network configuration
2418 : *
2419 : * Notify WPA state machine that configuration has changed. config will be
2420 : * stored as a backpointer to network configuration. This can be %NULL to clear
2421 : * the stored pointed.
2422 : */
2423 8099 : void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2424 : {
2425 8099 : if (!sm)
2426 8103 : return;
2427 :
2428 8095 : if (config) {
2429 3434 : sm->network_ctx = config->network_ctx;
2430 3434 : sm->peerkey_enabled = config->peerkey_enabled;
2431 3434 : sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2432 3434 : sm->proactive_key_caching = config->proactive_key_caching;
2433 3434 : sm->eap_workaround = config->eap_workaround;
2434 3434 : sm->eap_conf_ctx = config->eap_conf_ctx;
2435 3434 : if (config->ssid) {
2436 3161 : os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2437 3161 : sm->ssid_len = config->ssid_len;
2438 : } else
2439 273 : sm->ssid_len = 0;
2440 3434 : sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2441 3434 : sm->p2p = config->p2p;
2442 : } else {
2443 4661 : sm->network_ctx = NULL;
2444 4661 : sm->peerkey_enabled = 0;
2445 4661 : sm->allowed_pairwise_cipher = 0;
2446 4661 : sm->proactive_key_caching = 0;
2447 4661 : sm->eap_workaround = 0;
2448 4661 : sm->eap_conf_ctx = NULL;
2449 4661 : sm->ssid_len = 0;
2450 4661 : sm->wpa_ptk_rekey = 0;
2451 4661 : sm->p2p = 0;
2452 : }
2453 : }
2454 :
2455 :
2456 : /**
2457 : * wpa_sm_set_own_addr - Set own MAC address
2458 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2459 : * @addr: Own MAC address
2460 : */
2461 1208 : void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2462 : {
2463 1208 : if (sm)
2464 1208 : os_memcpy(sm->own_addr, addr, ETH_ALEN);
2465 1208 : }
2466 :
2467 :
2468 : /**
2469 : * wpa_sm_set_ifname - Set network interface name
2470 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2471 : * @ifname: Interface name
2472 : * @bridge_ifname: Optional bridge interface name (for pre-auth)
2473 : */
2474 587 : void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2475 : const char *bridge_ifname)
2476 : {
2477 587 : if (sm) {
2478 587 : sm->ifname = ifname;
2479 587 : sm->bridge_ifname = bridge_ifname;
2480 : }
2481 587 : }
2482 :
2483 :
2484 : /**
2485 : * wpa_sm_set_eapol - Set EAPOL state machine pointer
2486 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2487 : * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2488 : */
2489 1199 : void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2490 : {
2491 1199 : if (sm)
2492 1174 : sm->eapol = eapol;
2493 1199 : }
2494 :
2495 :
2496 : /**
2497 : * wpa_sm_set_param - Set WPA state machine parameters
2498 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2499 : * @param: Parameter field
2500 : * @value: Parameter value
2501 : * Returns: 0 on success, -1 on failure
2502 : */
2503 36413 : int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2504 : unsigned int value)
2505 : {
2506 36413 : int ret = 0;
2507 :
2508 36413 : if (sm == NULL)
2509 0 : return -1;
2510 :
2511 36413 : switch (param) {
2512 : case RSNA_PMK_LIFETIME:
2513 4872 : if (value > 0)
2514 4871 : sm->dot11RSNAConfigPMKLifetime = value;
2515 : else
2516 1 : ret = -1;
2517 4872 : break;
2518 : case RSNA_PMK_REAUTH_THRESHOLD:
2519 4871 : if (value > 0 && value <= 100)
2520 4870 : sm->dot11RSNAConfigPMKReauthThreshold = value;
2521 : else
2522 1 : ret = -1;
2523 4871 : break;
2524 : case RSNA_SA_TIMEOUT:
2525 4873 : if (value > 0)
2526 4872 : sm->dot11RSNAConfigSATimeout = value;
2527 : else
2528 1 : ret = -1;
2529 4873 : break;
2530 : case WPA_PARAM_PROTO:
2531 2290 : sm->proto = value;
2532 2290 : break;
2533 : case WPA_PARAM_PAIRWISE:
2534 3449 : sm->pairwise_cipher = value;
2535 3449 : break;
2536 : case WPA_PARAM_GROUP:
2537 3449 : sm->group_cipher = value;
2538 3449 : break;
2539 : case WPA_PARAM_KEY_MGMT:
2540 3449 : sm->key_mgmt = value;
2541 3449 : break;
2542 : #ifdef CONFIG_IEEE80211W
2543 : case WPA_PARAM_MGMT_GROUP:
2544 3435 : sm->mgmt_group_cipher = value;
2545 3435 : break;
2546 : #endif /* CONFIG_IEEE80211W */
2547 : case WPA_PARAM_RSN_ENABLED:
2548 3451 : sm->rsn_enabled = value;
2549 3451 : break;
2550 : case WPA_PARAM_MFP:
2551 2274 : sm->mfp = value;
2552 2274 : break;
2553 : default:
2554 0 : break;
2555 : }
2556 :
2557 36413 : return ret;
2558 : }
2559 :
2560 :
2561 : /**
2562 : * wpa_sm_get_status - Get WPA state machine
2563 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2564 : * @buf: Buffer for status information
2565 : * @buflen: Maximum buffer length
2566 : * @verbose: Whether to include verbose status information
2567 : * Returns: Number of bytes written to buf.
2568 : *
2569 : * Query WPA state machine for status information. This function fills in
2570 : * a text area with current status information. If the buffer (buf) is not
2571 : * large enough, status information will be truncated to fit the buffer.
2572 : */
2573 2260 : int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2574 : int verbose)
2575 : {
2576 2260 : char *pos = buf, *end = buf + buflen;
2577 : int ret;
2578 :
2579 9040 : ret = os_snprintf(pos, end - pos,
2580 : "pairwise_cipher=%s\n"
2581 : "group_cipher=%s\n"
2582 : "key_mgmt=%s\n",
2583 2260 : wpa_cipher_txt(sm->pairwise_cipher),
2584 2260 : wpa_cipher_txt(sm->group_cipher),
2585 4520 : wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2586 2260 : if (os_snprintf_error(end - pos, ret))
2587 0 : return pos - buf;
2588 2260 : pos += ret;
2589 :
2590 2260 : if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2591 : struct wpa_ie_data rsn;
2592 574 : if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2593 574 : >= 0 &&
2594 574 : rsn.capabilities & (WPA_CAPABILITY_MFPR |
2595 : WPA_CAPABILITY_MFPC)) {
2596 51 : ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2597 51 : (rsn.capabilities &
2598 : WPA_CAPABILITY_MFPR) ? 2 : 1);
2599 51 : if (os_snprintf_error(end - pos, ret))
2600 0 : return pos - buf;
2601 51 : pos += ret;
2602 : }
2603 : }
2604 :
2605 2260 : return pos - buf;
2606 : }
2607 :
2608 :
2609 50 : int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2610 : {
2611 : struct wpa_ie_data rsn;
2612 :
2613 50 : if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2614 43 : return 0;
2615 :
2616 14 : if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2617 7 : rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2618 7 : return 1;
2619 :
2620 0 : return 0;
2621 : }
2622 :
2623 :
2624 : /**
2625 : * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2626 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2627 : * @wpa_ie: Pointer to buffer for WPA/RSN IE
2628 : * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2629 : * Returns: 0 on success, -1 on failure
2630 : */
2631 2288 : int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2632 : size_t *wpa_ie_len)
2633 : {
2634 : int res;
2635 :
2636 2288 : if (sm == NULL)
2637 0 : return -1;
2638 :
2639 2288 : res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2640 2288 : if (res < 0)
2641 0 : return -1;
2642 2288 : *wpa_ie_len = res;
2643 :
2644 2288 : wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2645 : wpa_ie, *wpa_ie_len);
2646 :
2647 2288 : if (sm->assoc_wpa_ie == NULL) {
2648 : /*
2649 : * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2650 : * the correct version of the IE even if PMKSA caching is
2651 : * aborted (which would remove PMKID from IE generation).
2652 : */
2653 428 : sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2654 428 : if (sm->assoc_wpa_ie == NULL)
2655 0 : return -1;
2656 :
2657 428 : os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2658 428 : sm->assoc_wpa_ie_len = *wpa_ie_len;
2659 : }
2660 :
2661 2288 : return 0;
2662 : }
2663 :
2664 :
2665 : /**
2666 : * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2667 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2668 : * @ie: Pointer to IE data (starting from id)
2669 : * @len: IE length
2670 : * Returns: 0 on success, -1 on failure
2671 : *
2672 : * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2673 : * Request frame. The IE will be used to override the default value generated
2674 : * with wpa_sm_set_assoc_wpa_ie_default().
2675 : */
2676 4526 : int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2677 : {
2678 4526 : if (sm == NULL)
2679 0 : return -1;
2680 :
2681 4526 : os_free(sm->assoc_wpa_ie);
2682 4526 : if (ie == NULL || len == 0) {
2683 2318 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2684 : "WPA: clearing own WPA/RSN IE");
2685 2318 : sm->assoc_wpa_ie = NULL;
2686 2318 : sm->assoc_wpa_ie_len = 0;
2687 : } else {
2688 2208 : wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2689 2208 : sm->assoc_wpa_ie = os_malloc(len);
2690 2208 : if (sm->assoc_wpa_ie == NULL)
2691 0 : return -1;
2692 :
2693 2208 : os_memcpy(sm->assoc_wpa_ie, ie, len);
2694 2208 : sm->assoc_wpa_ie_len = len;
2695 : }
2696 :
2697 4526 : return 0;
2698 : }
2699 :
2700 :
2701 : /**
2702 : * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2703 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2704 : * @ie: Pointer to IE data (starting from id)
2705 : * @len: IE length
2706 : * Returns: 0 on success, -1 on failure
2707 : *
2708 : * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2709 : * frame.
2710 : */
2711 3447 : int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2712 : {
2713 3447 : if (sm == NULL)
2714 0 : return -1;
2715 :
2716 3447 : os_free(sm->ap_wpa_ie);
2717 3447 : if (ie == NULL || len == 0) {
2718 3368 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2719 : "WPA: clearing AP WPA IE");
2720 3368 : sm->ap_wpa_ie = NULL;
2721 3368 : sm->ap_wpa_ie_len = 0;
2722 : } else {
2723 79 : wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2724 79 : sm->ap_wpa_ie = os_malloc(len);
2725 79 : if (sm->ap_wpa_ie == NULL)
2726 0 : return -1;
2727 :
2728 79 : os_memcpy(sm->ap_wpa_ie, ie, len);
2729 79 : sm->ap_wpa_ie_len = len;
2730 : }
2731 :
2732 3447 : return 0;
2733 : }
2734 :
2735 :
2736 : /**
2737 : * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2738 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2739 : * @ie: Pointer to IE data (starting from id)
2740 : * @len: IE length
2741 : * Returns: 0 on success, -1 on failure
2742 : *
2743 : * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2744 : * frame.
2745 : */
2746 3459 : int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2747 : {
2748 3459 : if (sm == NULL)
2749 0 : return -1;
2750 :
2751 3459 : os_free(sm->ap_rsn_ie);
2752 3459 : if (ie == NULL || len == 0) {
2753 1227 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2754 : "WPA: clearing AP RSN IE");
2755 1227 : sm->ap_rsn_ie = NULL;
2756 1227 : sm->ap_rsn_ie_len = 0;
2757 : } else {
2758 2232 : wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2759 2232 : sm->ap_rsn_ie = os_malloc(len);
2760 2232 : if (sm->ap_rsn_ie == NULL)
2761 2 : return -1;
2762 :
2763 2230 : os_memcpy(sm->ap_rsn_ie, ie, len);
2764 2230 : sm->ap_rsn_ie_len = len;
2765 : }
2766 :
2767 3457 : return 0;
2768 : }
2769 :
2770 :
2771 : /**
2772 : * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2773 : * @sm: Pointer to WPA state machine data from wpa_sm_init()
2774 : * @data: Pointer to data area for parsing results
2775 : * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2776 : *
2777 : * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2778 : * parsed data into data.
2779 : */
2780 23 : int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2781 : {
2782 23 : if (sm == NULL)
2783 0 : return -1;
2784 :
2785 23 : if (sm->assoc_wpa_ie == NULL) {
2786 14 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2787 : "WPA: No WPA/RSN IE available from association info");
2788 14 : return -1;
2789 : }
2790 9 : if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2791 0 : return -2;
2792 9 : return 0;
2793 : }
2794 :
2795 :
2796 194 : int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2797 : {
2798 194 : return pmksa_cache_list(sm->pmksa, buf, len);
2799 : }
2800 :
2801 :
2802 4046 : void wpa_sm_drop_sa(struct wpa_sm *sm)
2803 : {
2804 4046 : wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2805 4046 : sm->ptk_set = 0;
2806 4046 : sm->tptk_set = 0;
2807 4046 : os_memset(sm->pmk, 0, sizeof(sm->pmk));
2808 4046 : os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2809 4046 : os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2810 : #ifdef CONFIG_IEEE80211R
2811 4046 : os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2812 4046 : os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2813 4046 : os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2814 : #endif /* CONFIG_IEEE80211R */
2815 4046 : }
2816 :
2817 :
2818 127 : int wpa_sm_has_ptk(struct wpa_sm *sm)
2819 : {
2820 127 : if (sm == NULL)
2821 0 : return 0;
2822 127 : return sm->ptk_set;
2823 : }
2824 :
2825 :
2826 0 : void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2827 : {
2828 0 : os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2829 0 : }
2830 :
2831 :
2832 19107 : void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2833 : {
2834 19107 : pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2835 19107 : }
2836 :
2837 :
2838 : #ifdef CONFIG_WNM
2839 2 : int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2840 : {
2841 : u16 keyinfo;
2842 : u8 keylen; /* plaintext key len */
2843 : u8 *key_rsc;
2844 :
2845 2 : if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2846 : struct wpa_gtk_data gd;
2847 :
2848 1 : os_memset(&gd, 0, sizeof(gd));
2849 1 : keylen = wpa_cipher_key_len(sm->group_cipher);
2850 1 : gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2851 1 : gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2852 1 : if (gd.alg == WPA_ALG_NONE) {
2853 0 : wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2854 0 : return -1;
2855 : }
2856 :
2857 1 : key_rsc = buf + 5;
2858 1 : keyinfo = WPA_GET_LE16(buf + 2);
2859 1 : gd.gtk_len = keylen;
2860 1 : if (gd.gtk_len != buf[4]) {
2861 0 : wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2862 0 : gd.gtk_len, buf[4]);
2863 0 : return -1;
2864 : }
2865 1 : gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2866 1 : gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2867 1 : sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2868 :
2869 1 : os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2870 :
2871 1 : wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2872 1 : gd.gtk, gd.gtk_len);
2873 1 : if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2874 0 : os_memset(&gd, 0, sizeof(gd));
2875 0 : wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2876 : "WNM mode");
2877 0 : return -1;
2878 : }
2879 1 : os_memset(&gd, 0, sizeof(gd));
2880 : #ifdef CONFIG_IEEE80211W
2881 1 : } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2882 : struct wpa_igtk_kde igd;
2883 : u16 keyidx;
2884 :
2885 1 : os_memset(&igd, 0, sizeof(igd));
2886 1 : keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
2887 1 : os_memcpy(igd.keyid, buf + 2, 2);
2888 1 : os_memcpy(igd.pn, buf + 4, 6);
2889 :
2890 1 : keyidx = WPA_GET_LE16(igd.keyid);
2891 1 : os_memcpy(igd.igtk, buf + 10, keylen);
2892 :
2893 1 : wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2894 : igd.igtk, keylen);
2895 1 : if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2896 : broadcast_ether_addr,
2897 : keyidx, 0, igd.pn, sizeof(igd.pn),
2898 : igd.igtk, keylen) < 0) {
2899 0 : wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2900 : "WNM mode");
2901 0 : os_memset(&igd, 0, sizeof(igd));
2902 0 : return -1;
2903 : }
2904 1 : os_memset(&igd, 0, sizeof(igd));
2905 : #endif /* CONFIG_IEEE80211W */
2906 : } else {
2907 0 : wpa_printf(MSG_DEBUG, "Unknown element id");
2908 0 : return -1;
2909 : }
2910 :
2911 2 : return 0;
2912 : }
2913 : #endif /* CONFIG_WNM */
2914 :
2915 :
2916 : #ifdef CONFIG_PEERKEY
2917 18 : int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2918 : const u8 *buf, size_t len)
2919 : {
2920 : struct wpa_peerkey *peerkey;
2921 :
2922 24 : for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2923 10 : if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2924 4 : break;
2925 : }
2926 :
2927 18 : if (!peerkey)
2928 14 : return 0;
2929 :
2930 4 : wpa_sm_rx_eapol(sm, src_addr, buf, len);
2931 :
2932 4 : return 1;
2933 : }
2934 : #endif /* CONFIG_PEERKEY */
2935 :
2936 :
2937 : #ifdef CONFIG_P2P
2938 :
2939 202 : int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
2940 : {
2941 202 : if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
2942 107 : return -1;
2943 95 : os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
2944 95 : return 0;
2945 : }
2946 :
2947 : #endif /* CONFIG_P2P */
2948 :
2949 :
2950 0 : void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
2951 : {
2952 0 : if (rx_replay_counter == NULL)
2953 0 : return;
2954 :
2955 0 : os_memcpy(sm->rx_replay_counter, rx_replay_counter,
2956 : WPA_REPLAY_COUNTER_LEN);
2957 0 : sm->rx_replay_counter_set = 1;
2958 0 : wpa_printf(MSG_DEBUG, "Updated key replay counter");
2959 : }
2960 :
2961 :
2962 0 : void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
2963 : const u8 *ptk_kck, size_t ptk_kck_len,
2964 : const u8 *ptk_kek, size_t ptk_kek_len)
2965 : {
2966 0 : if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
2967 0 : os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
2968 0 : sm->ptk.kck_len = ptk_kck_len;
2969 0 : wpa_printf(MSG_DEBUG, "Updated PTK KCK");
2970 : }
2971 0 : if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
2972 0 : os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
2973 0 : sm->ptk.kek_len = ptk_kek_len;
2974 0 : wpa_printf(MSG_DEBUG, "Updated PTK KEK");
2975 : }
2976 0 : sm->ptk_set = 1;
2977 0 : }
|
