Cumulative patch from commit 3d6953288b592704484864f41791f8c67ff9aa5a
3d6953288 Extend RESEND_* test commands to allow forcing plaintext TX
4be5bc98a DPP: Update AES-SIV AD for PKEX frames
dc4d271c6 DPP: Update AES-SIV AD for DPP Authentication frames
6338c99ef FILS: Send updated connection parameters to drivers if needed
d2ba0d719 Move assoc param setting into a helper function
084131c85 FILS: Allow eap_peer_get_erp_info() to be called without config
b0a21e228 FILS: Update replay counter from roam info
693eafb15 nl80211: Update FILS roam info from vendor roam event
3c67e977d nl80211: Add support to send updated connection parameters
cddfda789 Add attributes to support roam+auth vendor event for FILS
c0fe5f125 Clear BSSID information in supplicant state machine on disconnection
006fb845b nl80211: Use NL80211_BSS_LAST_SEEN_BOOTTIME if available
a6ea66530 Additional consistentcy checks for PTK component lengths
6f234c1e2 Optional AP side workaround for key reinstallation attacks
daa409608 Allow last (Re)Association Request frame to be replayed for testing
751f5b293 Allow EAPOL-Key Request to be sent through control interface
bb06748f4 Make last received ANonce available through control interface
143b81bad Allow arbitrary key configuration for testing
d8afdb210 Allow EAPOL-Key messages 1/4 and 3/4 to be retransmitted for testing
6bc2f00f4 Allow group key handshake message 1/2 to be retransmitted for testing
16579769f Add testing functionality for resetting PN/IPN for configured keys
b488a1294 Clear PMK length and check for this when deriving PTK
00583ef11 Add debug prints on PMK configuration in WPA supplicant
a00e946c1 WPA: Extra defense against PTK reinstalls in 4-way handshake
a0bf1b68c Remove all PeerKey functionality
e76085117 FILS: Do not allow multiple (Re)Association Response frames
2f1357fb6 FILS: Accept another (Re)Association Request frame during an association
df9490620 Add MGMT_TX_STATUS_PROCESS command for testing purposes
c53eb9461 OWE: Remove forgotten developer debug prints
a34ca59e4 SAE: Allow SAE password to be configured separately (STA)
2377c1cae SAE: Allow SAE password to be configured separately (AP)
c5aeb4343 P2P: Do not mark DFS channel as invalid if DFS is offloaded to driver
58efbcbcd DPP: Fix static analyzer warnings in key generation and JWK construction
f51609022 P2P: Prefer 5/60 GHz band over 2.4 GHz during GO configuration
91cc34bf3 OWE: Allow set of enabled DH groups to be limited on AP
265bda344 OWE: Allow DH Parameters element to be overridden for testing purposes
8c19ea3f2 DPP: Add the crypto suite field to the frames
c77e2ff09 DPP: Remove C-sign-key expiry
6254045a5 DPP: Explicitly delete the PKEX secret element K upon generation of z
0e6709a4e DPP: Rename PKEX secret element from Z to K
657317179 DPP: Verify that PKEX Qi is not the point-at-infinity
a89138818 OWE: Transition mode information based on BSS ifname
109704657 OWE: Support station SME-in-driver case
5a78c3619 OWE: PMKSA caching in station mode
d90f10fa4 OWE: PMKSA caching in AP mode
8b5579e17 DPP: Fix EAPOL-Key Key MIC calculation
ec9f48377 OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in station
7a12edd16 OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP mode
6c4726189 OWE: Extend shared helper functions to support other DH curves
d8c8d8575 OWE: Include RSNE in (Re)Association Response frame
e8b964901 OWE: Transition mode support on station side
675112df1 OWE: Set PMK length properly on supplicant side
ea079153f OWE: Add AP support for transition mode
4a3746341 hostapd: Update HE capabilities and HE operation definition
63bc0ab0e P2P: Allow GO to advertise Interworking element
3567641eb Add TX/RX rate info and signal strength into STA output
fa4b605a0 WPS: Do not increment wildcard_uuid when pin is locked
e37cea308 OCE: Update default scan IEs when OCE is enabled/disabled
ee522d27c Vendor flags for 11ax channel property flags for use with external ACS
61a56c148 Add group_mgmt network parameter for PMF cipher selection
0ad5893a2 PAE: Validate input before pointer
fd35ed5bb AP: Remove unneeded check for 'added_unassociated'
d55b17460 FILS: Vendor attribute to disable driver FILS features
a7297ae5c Fix hostapd debug messages on wpa_pairwise and rsn_pairwise parsing
29c940e7a TDLS: Update the comments related to TPK derivation
3de1566db FILS: Check req_ies for NULL pointer in hostapd_notif_assoc()
1c9663cf6 OpenSSL: Force RSA 3072-bit DH prime size limit for Suite B
2ed70c758 OpenSSL: Add option to disable ECDHE with Suite B RSA
4eb8cfe06 OpenSSL: Force RSA 3072-bit key size limit for Suite B
6418400db Add hostapd tls_flags parameter
60ed2f24e Suite B: Add tls_suiteb=1 parameter for RSA 3k key case
5030d7d9f DPP: Allow raw hex PSK to be used for legacy configuration
039ab15fd DPP: Add DPP-CONFOBJ-PASS/PSK events for hostapd legacy configuration
9824de57a Fix EAPOL-Key version check for a corner case with Suite B AKM
3c7863f81 wpa_supplicant: Support dynamic update of wowlan_triggers
4cada9dcc FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFS
41b819148 FILS: Update PMKID derivation rules for ERP key hierarchy establishment
303113398 mesh: Move writing of mesh_rssi_threshold inside CONFIG_MESH
2efc67207 Fix RSN pre-authentication regression with pre-connection scan results
73b3de01c macsec_linux: Exit early when missing macsec kernel module
7612e65b9 mka: Add error handling for secy_init_macsec() calls
2c66c7d11 wpa_supplicant: Check length when building ext_capability in assoc_cb
fdbfb63e4 nl80211: Fix bridge name print while removing interface from bridge
333517ac1 crypto: Fix undefined behavior in random number generator
84fccc724 Send Client-Error when AT_KDF attributes from the server are incorrect
446600c35 Add AT_KDF attributes to Synchronization-Failure in EAP-AKA'
155bf1108 PMKSA: Fix use-after-free in pmksa_cache_clone_entry()
cdf250149 dbus: Add new interface property to get mesh group
190f6f117 dbus: Add new interface property to get connected mesh peers
a9de99b1c dbus: Add MeshPeerDisconnected signal
9b0701fbf dbus: Add MeshPeerConnected signal
a39b040b4 dbus: Add MeshGroupRemoved signal
89e9cd25d dbus: Add MeshGroupStarted signal
49e6a5553 FILS: Add a space before MAC address to a HLP debug message
359166ed2 Remove the completely unused FT parameters in driver association data
3db2a82df Add SHA-384 routines to libcrypto.a
a0f19e9c7 SAE: Allow commit fields to be overridden for testing purposes (STA)
3648d8a18 SAE: Allow commit fields to be overridden for testing purposes
e75335384 SAE: Add testing code for reflection attack
e61fea6b4 SAE: Fix PMKSA caching behavior in AP mode
a6f238f21 DPP: Add base64 dependency in makefiles
c2d4f2eb5 DPP: Derive PMKID using SHA256() for all curves
64a0a75b5 nl80211: Fix auth_alg selection with FILS in the connect command
7475e80f1 FILS: Fix wpa_supplicant AP build without CONFIG_IEEE80211W
85fd8263a DPP: Use Transaction ID in Peer Discovery Request/Response frames
a28675da2 hs20-osu-client: Fix build with new OpenSSL and BoringSSL
cf39475b4 Introduce QCA_NL80211_VENDOR_SUBCMD_HANG
17385fba2 tests: JSON module tests for additional array parsing
d4488b9da JSON: Fix parsing of arrays of numbers, strings, literals
a4bf00787 DPP: Remove devices object from the connector
e77d13ef9 QCA vendor attribute to configure beacon miss penalize count for BTC
7bd88aaf3 QCA vendor attribute to configure beacon miss count
505554bbf QCA vendor attribute to enable/disable scan
ae048257c WPS: Interpret zero length ap_pin hostapd.conf parameter as "unset"
2bdbace63 Remove some obsolete information from hostapd README file
b0fc2ef3a hw_features: Fix check of supported 802.11ac channel width
b5bf84ba3 WNM: Differentiate between WNM for station and for AP in build
922dcf1b4 RRM: Remove duplicate frequencies from beacon report scan request
705e2909c RRM: Send response when Beacon report request is not supported/refused
3756acfd4 RRM: Send Radio Measurement response when beacon report scan fails
b3c148e9f RRM: Send reject/refuse response only to unicast measurement request
51143af7e wpa_cli: Fix global control interface for STA-FIRST/STA-NEXT
809c67502 DPP: Fix build with OpenSSL 1.1.0
89971d8b1 OpenSSL: Clear default_passwd_cb more thoroughly
f665c93e1 OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f
2b9891bd6 OpenSSL: Add build option to select default ciphers
65833d71a OCE: Add hostapd mode OCE capability indication if enabled
332aadb8a STA: Add OCE capability indication attribute
fb718f94d nl80211: Check if driver supports OCE specific features
46b15e470 Add vendor flags for OCE feature support indication
b377ec258 FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case
9f44f7f3b Introduce a vendor attribute to represent the PNO/EPNO Request ID
881a92e8b FILS: Fix compilation with CONFIG_NO_WPA
1f2ae8cff EAP-TTLS: Fix a memory leak on error paths
83e003a91 EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()
422570eec MBO: Fix possible memory leak in anqp_send_req()
96e595a9f EAP-LEAP: Fix possible memory leak in eap_leap_process_request()
23eead4d7 RRM: Filter scan results by parent TSF only if driver supports it
3f8e3a548 ap: Fix invalid HT40 channel pair fallback
6d3e24d3e ap: Fix return value in hostapd_drv_switch_channel()
d02e4c8ac P2P: Clear get_pref_freq_list_override on P2P Device
bfbc41eac DPP: Fix compilation without openssl
cc6088463 P2P: Allow auto GO on DFS channels if driver supports this
fe3e0bac1 FILS: Advertize FILS capability based on driver capability
5579c11c3 Fix a typo in vendor attribute documentation
8b5ddda5f FILS: Add HLP support with driver-based AP SME
31ec556ce FILS: Fix the IP header protocol field in HLP DHCP response
b3e567c89 FILS: ERP-based PMKSA cache addition on AP
bfe448331 FILS: Fix a frame name in a debug print
6d49aeb76 MBO: Whitespace cleanup
f2cdb41b8 OCE: Define OCE attributes and other related macros
267fc0dd3 Add wpa_supplicant ctrl iface support to scan for a specific BSSID
f522bb237 DPP: Add DPP_CONFIGURATOR_SIGN to generate own connector
dc7fc09cc DPP: Add control interface commands into hostapd_cli
a86fb43ca DPP: DPP_BOOTSTRAP_INFO for hostapd
484788b87 DPP: Share bootstrap type to string helper function
623f95685 DPP: Allow wpa_cli DPP_CONFIGURATOR_ADD without arguments
888502325 Add new key_mgmt values for wpa_supplicant STATUS command
3a5954ef9 Add mgmt_group_cipher to wpa_supplicant STATUS command
90f837b0b Update default wpa_group_rekey to once-per-day when using CCMP/GCMP
787615b38 DPP: Set PMKSA expiration based on peer connector
6b140f0fa DPP: Update hostapd configurator parameters to match wpa_supplicant
2605405aa DPP: Configurator in hostapd
efeada91a DPP: PKEX in hostapd
6095b4790 DPP: Check JWS protected header alg against C-sign-key curve
b65b22d60 DPP: Configurator parameters in responder role
31f03cb00 DPP: Update JWS algorithm strings for Brainpool curves
e0d3d3fce DPP: Rename Brainpool curve names for JSON
500ed7f00 DPP: PKEX bootstrapping
b9d47b484 DPP: Add helper functions for running hash operations
0c7cf1f50 DPP: Increase hostapd_cli buffer limits
44d6b272c DPP: Fix configuration item list
43fbb8db5 DPP: More debug for own connector configuration errors
f1f4fa797 DPP: Fix JWK debug prints
b04854cef nl80211/MBO: Set temporary disallowed BSSID list to driver
2a71673e2 ERP: Derive ERP key only after successful EAP authentication
528b65578 Add Set Wi-Fi Configuration vendor attribute to configure LRO
944f359e1 Introduce a vendor command to specify the active Type Of Service
b6ea76425 nl80211: Make KCK attribute optional in rekey data
35f064212 DPP: Allow passphrase to be set for Configurator
68cb6dcec DPP: Allow SSID to be set for Configurator
186f20489 JSON: Fix \u escaping
a82349347 DPP: Add an example python script for QR Code operations
6a7182a9c DPP: Add DPP_BOOTSTRAP_INFO command
8528994e2 DPP: Automatic network profile creation
da143f7fb FILS: Fix EVENT_ASSOC processing checks for driver-SME
3c0daa13d Make wpa_config_read_blob() easier for static analyzers
a0d5c56f8 DPP: Network Introduction protocol for wpa_supplicant
4ff89c2eb DPP: Network Introduction protocol for hostapd
650a70a72 DPP: Network Introduction protocol
56c754958 DPP: AP parameters for DPP AKM
b979caae5 DPP: Network profile parameters for DPP AKM
0c52953b0 DPP: Allow PMKSA cache entries to be added through hostapd ctrl_iface
567da5bbd DPP: Add new AKM
9c2b8204e DPP: Integration for hostapd
9beb2892d DPP: Add wpa_cli commands for DPP operations
461d39af4 DPP: Configuration exchange
30d27b048 DPP: Authentication exchange
be27e185b DPP: Bootstrap information management
d4d76d983 Fix offchannel TX done handling for sequence of TX frames
00b02149e nl80211: Register to receive DPP Public Action frames
4e19eb88a tests: Module tests for JSON parser
005be3daa Add JavaScript Object Notation (JSON) parser (RFC7159)
5b52e1adc tests: Update base64 OOM test cases to match implementation changes
0ffdc8b19 Add base64url encoding/decoding per RFC 4648
77f273c82 Extend SHA-384 and SHA-512 support to match SHA-256
2c9d92497 P2P: Debug print P2P_FIND rejection reason
618aa2290 P2P: Fix p2p_in_provisioning clearing in failure case
b5db6e5dc eap_proxy: Support multiple SIMs in get_imsi()
002087651 eap_proxy: Build realm from IMSI for proxy based EAP methods
5e0c20ff3 nl80211: Do not notify interface as re-enabled if initialization fails
8696e6170 eap_proxy: Add support for deriving ERP information
115d5e222 hostapd: Fix handling a 20/40 BSS Coexistence Management frame
2d18ab408 Add a config parameter to exclude DFS channels from ACS
3c2bd55f0 P2P: wpas_p2p_select_go_freq() to check for supported pref_freq
8d968351a Interworking: Add NULL checking for EAP name in phase2/autheap parameter
9ddba3a30 Rename vendor attribute DISABLE_OFFCHANNEL to RESTRICT_OFFCHANNEL
d506c35ef Set Wi-Fi Configuration attribute to restrict offchannel operations
4aa329298 ERP: Do not generate ERP keys when domain name is not specified
34ee12c55 Do not flush PMKSA on bssid_hint change
290834df6 nl80211: Fix race condition in detecting MAC change
04f667fcd DFS: Allow switch to DFS channel after radar detection in ETSI
aa56e36d6 driver: Make DFS domain information available to core
e8e430fe7 Vendor attributes to retain connection on a roam request failure
43a356b26 Provide option to configure BSSID hint for a network
33117656e Define a QCA vendor attribute to update the listen interval
85cff4b0d OpenSSL: Try SHA256 hash for OCSP certificate matching
d264c2e39 HTTP (curl): Try SHA256 hash for OCSP certificate matching
95818ec17 Fix compiler warning with CONFIG_IEEE80211R no-CONFIG_FILS build
613639454 Make CONFIG_MACSEC depend on IEEE8021X_EAPOL
31a856a12 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
1f3c49d41 Fix 160 MHz opclass channel to frequency conversion
9f4947466 dbus: Add method to disable channel switching with a TDLS peer
2a57b4b82 dbus: Add method to enable channel switching with a TDLS peer
193950541 dbus: Add AbortScan method to abort ongoing scan
8fed47e01 FILS: Derive FT key hierarchy on authenticator side for FILS+FT
7d440a3bc FILS: Derive FT key hierarchy on supplicant side for FILS+FT
215eaa748 FILS: Implement FILS-FT derivation
80ddf5d99 FILS: Fix Key-Auth derivation for SK+PFS for authenticator side
e6b623133 FILS: Fix Key-Auth derivation for SK+PFS for supplicant side
4d0a61c50 FILS: Debug print inputs to Key-Auth derivation
be1ece46f wpa_supplicant: Add GET_CAPABILITY for P2P redirection
853cfa873 Detect endianness when building for RTEMS
35bb8a9a5 Android: Define CONFIG_TESTING_OPTIONS if enabled in config
178553b70 MBO: Add support to set ignore assoc disallow to driver
3a46cf93d FT: Add support for wildcard R0KH/R1KH
eefe86301 FT RRB: Add msg replay and msg delay protection
245fc96e5 FT: New RRB message format
50bd8e0a9 FT: Replace inter-AP protocol with use of OUI Extended Ethertype
f2a04874c MBO: Fix possible NULL pointer dereference on candidate handling
01dd2b105 ERP: Silence static analyzer warning
d912953e3 atheros: Get rid of static analyzer warnings on 0-length memcpy
470f08b4f Enable CONFIG_WNM=y automatically for CONFIG_MBO=y builds
f54114825 Fix GAS server ifdef block use
8b49b530b Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
0661163ef Do not blacklist the current AP on DISABLE_NETWORK
ec27b04e6 hostapd: Select a valid secondary channel if both enabled
da6a28ba6 FILS: Specify if FILS HLP was sent in connect
a38090b16 FILS: Add HLP to Connect IEs
1e6780bda Allocate dynamic memory for connect IEs
9f894823f PAE: Silence static analyzer warning about NULL pointer dereference
9a72bfe9a Add control interface command to enable/disable roaming
fa61bff6a FILS: Handle authentication/association in partial driver AP SME
5cee22ca4 FILS: Make handle_auth_fils() re-usable for driver-based AP SME
5e5f8c816 FILS: Move authentication response handling into a helper function
b8a3453ac FILS: Pass only IE area to handle_auth_fils()
9392859d7 FILS: Move AssocResp construction to a helper function
bd5993532 FILS: Move Key Confirm element validation to a helper function
087631b98 FILS: Move Session element validation to a helper function
cc20edc9f FILS: Add FILS auth_alg to driver-based AP SME association handling
957bff83c FILS: Add driver-AP SME callback to set TK after association
8acbf85fa FILS: Add FILS AEAD parameters for sta_auth() calls
f46c154c5 atheros: Add FILS AAD parameters in sta_auth() handler
6b128fb2a driver: Move sta_auth() arguments to a struct
d7cff1d87 atheros: Enable raw management frame receive for FILS builds
2b7a8ec47 atheros: Read driver FILS capability
d5444aac4 FILS: Add FILS Indication element into Beacon/Probe Response template
8befe8a99 Define a QCA attribute to specify the PCL policy for external ACS
183d3924c WPS: Add option for using random UUID
b44d1efd2 FILS: Fix key info in GTK rekey EAPOL-Key msg 2/2
04243740c FILS: Fix GTK rekey by accepting EAPOL-Key msg 1/2 with FILS AKM
bbe7969d6 FILS: Update cache identifier on association
f705f41b7 FILS: Update PMKSA cache with FILS shared key offload
01ef320f1 FILS: Update ERP next sequence number with driver offload
5538fc930 FILS: Track completion with FILS shared key authentication offload
8b0a6dba8 FILS: Connect request for offloaded FILS shared key authentication
79f3121bb FILS: Set cache identifier in current PMKSA entry for driver-SME case
15def72fa ERP: External control of ERP key information
42e69bda2 FILS: Add support for Cache Identifier in add/remove PMKSA
061a3d3d5 nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()
6fbb54140 driver: Move add_pmkid() and remove_pmkid() arguments into a struct
ad295f3b8 nl80211: Add support for FILS shared key offload
199eb3a4e FILS: Add support to write FILS key_mgmt values in network blocks
16217e13d QCA vendor commands and attributes for spectral scan
5db997e34 FILS: Add FTE into FILS Authentication frame from AP when using FILS+FT
af3e362fa FILS: Add MDE into Authentication frame for FILS+FT
5aa08153a FT: Add selection of FT+FILS AKMs
c10e0ccc9 Hide *PMKSA_ADD parameters from debug log
2971da270 P2P: Do not use wait_time for SD Response TX for last fragmentation
c5fee1604 FT: Schedule wpa_ft_rrb_rx() through eloop in intra-process communication
469677367 Sync with mac80211-next.git include/uapi/linux/nl80211.h
775e986d5 hostapd: Fix crash on consecutive channel switch failures
3d5f0e916 wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2
fbba28f8c P2P: Suppress warning on non-P2P config
127595887 QCA vendor command: Add TA max duration attribute for OCB configure
2a9ec7c69 Define attributes for QCA vendor OCB commands
6a4363f5f MBO: Fix reject reason codes
0119d4424 FILS: Fix wpa_supplicant compilation errors
4cc6574d0 FILS: Fix fils_cache_id check
a5269dc20 wpa_helpers: Ignore link-local IPv4 address while waiting for DHCP
e2f00bb5f xml: Add Value node in TNDS node conversion for empty value case
a34317b52 GAS: Handle no-ACK TX status for GAS request frames
5db86df6a macsec_linux: Fix NULL pointer dereference on error cases
e50df5d2a mka: Fix use-after-free when transmit secure channels are deleted
529d6ed72 mka: Fix use-after-free when receive secure channels are deleted
6c2056abe QCA vendor attributes to extend antenna diversity functionality
b4ae5f04d Add vendor attribute to config propagation delay's absolute value
7f5f4e46a Fix QCA_ATTR_NUD_STATS_IS_DAD value
2c0ac6d61 P2P: Run full P2P_FIND scan after pending scan completes
d3bb082a7 P2P: Continue scanning specified channel with P2P_FIND freq argument
31e130f82 FILS: Add FILS-SK-PFS capability into "GET_CAPABILITY fils" command
649835167 FILS: Check FILS Indication element against local network profile
76e20f4fa FILS: Add FILS SK auth PFS support in STA mode
1764559ee FILS: Add FILS SK auth PFS support in AP mode
cad291d67 FILS: Define authentication algorithm for FILS SK auth with PFS
611523849 OWE: Add CONFIG_OWE=y build option
07a5fe823 OWE: Use AKM 00-0F-AC:11 style parameters for EAPOL-Key frames
ef9627cbc Print the algorithms used for EAPOL-Key professing in log
ef2383859 Return success/failure result from sha384_prf()
0a6147991 OWE: Process Diffie-Hellman Parameter element in STA mode
09368515d OWE: Process Diffie-Hellman Parameter element in AP mode
f9561868e OWE: Add driver capability flag for OWE AKM
a1ea1b452 OWE: Define and parse OWE AKM selector
9c7aac738 OWE: Define and parse Diffie-Hellman Parameter element
e73244c24 tests: Extract-and-Expand HKDF (RFC 5869)
4ec833daf Extend hmac_sha256_kdf() to support HKDF-Expand() as defined in RFC 5869
ae1ec1aaf OpenSSL: Add wrapper functions for ECDH
b07ff9cb0 wpa_supplicant: Allow disabling HT in AP mode without HT overrides
2124a615e wpa_supplicant: Allow explicit wide channel configuration for AP mode
57ee04dc7 wpa_cli: Execute action file in case of WPS_EVENT_TIMEOUT
6252b981d wpa_cli: Execute action file in case of WPS_EVENT_ACTIVE
acdf50219 WPS: Notify about WPS PBC event in Enrollee mode
15e5ee0b7 wpa_supplicant: events: Don't bounce timeout reason through a buffer
e97d15b73 wpa_cli: Update wnm_bss_query auto complete message
15ab61eda WNM: Add option to configure candidates for BTM query candidate list
e044a9d1e common: Add candidate list parsing helper function
13bf18eda WNM: Use a dynamically allocated buffer for BTM query and response
34f285190 MBO: Parse MBO ANQP-element on STA
941caed98 MBO: Add MBO ANQP-element processing on AP
8ecf2231f ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
2316cb358 MBO: Add option to add MBO query list to ANQP query
7cbb5f1a4 DFS: Handle pre-CAC expired event
62c8c7f72 nl80211: Handle pre-CAC expired event from the driver
caaaee072 Sync with mac80211-next.git include/uapi/linux/nl80211.h
3dcd735c1 DFS: Handle CAC completion event from other radio
d0330d57f nl80211: Add option to delay start of schedule scan plans
b696f791a RRM: Fix wpas_rrm_send_msr_report() loop handling
891aa65b8 RRM: Use dynamically allocated buffer for beacon report
a1f11e34c Use os_memdup()
dbdda355d Introduce os_memdup()
af8bc24da MBO: Add support for transition reject reason code
3ab484928 nl80211: Driver command for checking BTM accept/reject
23cddd751 wpa_supplicant: Fix non_pref_chan example
b9fd3c244 tests: Add TEST_FAIL() to radius_msg_add_attr()
de01f254a RADIUS server: Fix error paths in new session creation
4c803dfcd ACS: Fix memory leak if interface is disabled during scan
29be2c090 ACS: Simplify code paths
fa07d2d46 tests: Add TEST_FAIL() checks in l2_packet
d4359923e Fix DHCP/NDISC snoop deinit followed by failing re-init
160dca078 Add QCA vendor command/attr for BRP antenna limit control
57d3c5913 Clear scan_res_handler on no-retry failure
e9518ae74 WFD: Add WFD R2 Subelements
21ac78279 QCA nl80211 vendor attribute for specific sub-20 MHz channel width
ff936bc75 Make the third octet of Country String configurable
511831983 trace: Look up start to cope with ASLR
206516e8c af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
b41d3e0a7 crypto: Process des_encrypt() error returns in callers
5f0e165e8 crypto: Add return value to DES and AES encrypt/decrypt
dca4b503f MBO: Fix minimum length check on non_pref_chan configuration
5b9f46df0 hostapd: Get channel number from frequency based on other modes as well
4c8836f13 FILS: Fix fils_hlp.c build with older netinet/udp.h definitions
c4bb39707 Fix AES-SIV build dependencies
694a3a0d6 mesh: Fix CONFIG_MESH=y build without CONFIG_IEEE80211W=y
88a447556 Fix SELECT_NETWORK freq parameter
d02989f2e D-Bus: Notify mesh capability if driver supports it
57a2aacab Add option to disable broadcast deauth in hostapd on AP start/stop
21ed24f5a hostapd: Fix potential mesh-related change from impacting non-mesh cases
b7286c1b5 FILS: External management of PMKSA cache entry with Cache Identifier
869af3072 FILS: Use FILS Cache Identifier to extend PMKSA applicability
6aea02e57 SME: Clear portValid on starting authentication to fix FILS
ba9774bd7 FILS: Fix BSSID in reassociation case
7eace3787 FILS: Find PMKSA cache entries on AP based on FILS Cache Identifier
Bug: 68042382
Test: Device boots up and connects to wifi networks.
Test: Regression tests.
Change-Id: I6710d39e00c489288f8afe855868ad28aeba0100
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/rsn_supp/Makefile b/src/rsn_supp/Makefile
index d5e61fe..c2d81f2 100644
--- a/src/rsn_supp/Makefile
+++ b/src/rsn_supp/Makefile
@@ -10,7 +10,6 @@
CFLAGS += -DCONFIG_IEEE80211W
CFLAGS += -DCONFIG_IEEE80211R
-CFLAGS += -DCONFIG_PEERKEY
CFLAGS += -DCONFIG_TDLS
CFLAGS += -DCONFIG_WNM
CFLAGS += -DIEEE8021X_EAPOL
@@ -18,7 +17,6 @@
LIB_OBJS= \
pmksa_cache.o \
wpa_ft.o \
- peerkey.o \
tdls.o \
preauth.o \
wpa.o \
diff --git a/src/rsn_supp/peerkey.c b/src/rsn_supp/peerkey.c
deleted file mode 100644
index ce338f8..0000000
--- a/src/rsn_supp/peerkey.c
+++ /dev/null
@@ -1,1166 +0,0 @@
-/*
- * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
- * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#include "includes.h"
-
-#ifdef CONFIG_PEERKEY
-
-#include "common.h"
-#include "eloop.h"
-#include "crypto/sha1.h"
-#include "crypto/sha256.h"
-#include "crypto/random.h"
-#include "common/ieee802_11_defs.h"
-#include "wpa.h"
-#include "wpa_i.h"
-#include "wpa_ie.h"
-#include "peerkey.h"
-
-
-static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
-{
- os_memcpy(pos, ie, ie_len);
- return pos + ie_len;
-}
-
-
-static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
-{
- *pos++ = WLAN_EID_VENDOR_SPECIFIC;
- *pos++ = RSN_SELECTOR_LEN + data_len;
- RSN_SELECTOR_PUT(pos, kde);
- pos += RSN_SELECTOR_LEN;
- os_memcpy(pos, data, data_len);
- pos += data_len;
- return pos;
-}
-
-
-static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
-{
-#if 0
- struct wpa_sm *sm = eloop_ctx;
- struct wpa_peerkey *peerkey = timeout_ctx;
-#endif
- /* TODO: time out SMK and any STK that was generated using this SMK */
-}
-
-
-static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey)
-{
- eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
- os_free(peerkey);
-}
-
-
-static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
- const u8 *peer,
- u16 mui, u16 error_type, int ver)
-{
- size_t rlen;
- struct wpa_eapol_key *err;
- struct rsn_error_kde error;
- u8 *rbuf, *pos, *mic;
- size_t kde_len, mic_len = 16;
- u16 key_info;
-
- kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
- if (peer)
- kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
-
- rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
- NULL, sizeof(*err) + mic_len + 2 + kde_len,
- &rlen, (void *) &err);
- if (rbuf == NULL)
- return -1;
- mic = (u8 *) (err + 1);
-
- err->type = EAPOL_KEY_TYPE_RSN;
- key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
- WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
- WPA_KEY_INFO_REQUEST;
- WPA_PUT_BE16(err->key_info, key_info);
- WPA_PUT_BE16(err->key_length, 0);
- os_memcpy(err->replay_counter, sm->request_counter,
- WPA_REPLAY_COUNTER_LEN);
- inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
-
- WPA_PUT_BE16(mic + mic_len, (u16) kde_len);
- pos = mic + mic_len + 2;
-
- if (peer) {
- /* Peer MAC Address KDE */
- pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
- }
-
- /* Error KDE */
- error.mui = host_to_be16(mui);
- error.error_type = host_to_be16(error_type);
- wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error));
-
- if (peer) {
- wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
- MACSTR " mui %d error_type %d)",
- MAC2STR(peer), mui, error_type);
- } else {
- wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
- "(mui %d error_type %d)", mui, error_type);
- }
-
- wpa_eapol_key_send(sm, &sm->ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
- mic);
-
- return 0;
-}
-
-
-static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
- const unsigned char *src_addr,
- const struct wpa_eapol_key *key,
- int ver, struct wpa_peerkey *peerkey)
-{
- size_t rlen;
- struct wpa_eapol_key *reply;
- u8 *rbuf, *pos, *mic;
- size_t kde_len, mic_len = 16;
- u16 key_info;
-
- /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
- kde_len = peerkey->rsnie_p_len +
- 2 + RSN_SELECTOR_LEN + ETH_ALEN +
- 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
-
- rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
- NULL, sizeof(*reply) + mic_len + 2 + kde_len,
- &rlen, (void *) &reply);
- if (rbuf == NULL)
- return -1;
-
- reply->type = EAPOL_KEY_TYPE_RSN;
- key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
- WPA_KEY_INFO_SECURE;
- WPA_PUT_BE16(reply->key_info, key_info);
- WPA_PUT_BE16(reply->key_length, 0);
- os_memcpy(reply->replay_counter, key->replay_counter,
- WPA_REPLAY_COUNTER_LEN);
-
- os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
-
- mic = (u8 *) (reply + 1);
- WPA_PUT_BE16(mic + mic_len, (u16) kde_len);
- pos = mic + mic_len + 2;
-
- /* Peer RSN IE */
- pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
-
- /* Initiator MAC Address KDE */
- pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
-
- /* Initiator Nonce */
- wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
-
- wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
- wpa_eapol_key_send(sm, &sm->ptk, ver, src_addr, ETH_P_EAPOL, rbuf, rlen,
- mic);
-
- return 0;
-}
-
-
-static int wpa_supplicant_process_smk_m2(
- struct wpa_sm *sm, const unsigned char *src_addr,
- const struct wpa_eapol_key *key, const u8 *key_data,
- size_t key_data_len, int ver)
-{
- struct wpa_peerkey *peerkey;
- struct wpa_eapol_ie_parse kde;
- struct wpa_ie_data ie;
- int cipher;
- struct rsn_ie_hdr *hdr;
- u8 *pos;
-
- wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
-
- if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
- wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
- "the current network");
- return -1;
- }
-
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
- return -1;
- }
-
- if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
- kde.mac_addr_len < ETH_ALEN) {
- wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
- "SMK M2");
- return -1;
- }
-
- wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
- MAC2STR(kde.mac_addr));
-
- if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
- wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
- "M2");
- return -1;
- }
-
- if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
- return -1;
- }
-
- cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
- sm->allowed_pairwise_cipher, 0);
- if (cipher < 0) {
- wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
- wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
- STK_MUI_SMK, STK_ERR_CPHR_NS,
- ver);
- return -1;
- }
- wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
- wpa_cipher_txt(cipher));
-
- /* TODO: find existing entry and if found, use that instead of adding
- * a new one; how to handle the case where both ends initiate at the
- * same time? */
- peerkey = os_zalloc(sizeof(*peerkey));
- if (peerkey == NULL)
- return -1;
- os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
- os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
- os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
- peerkey->rsnie_i_len = kde.rsn_ie_len;
- peerkey->cipher = cipher;
- peerkey->akmp = ie.key_mgmt;
-
- if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Failed to get random data for PNonce");
- wpa_supplicant_peerkey_free(sm, peerkey);
- return -1;
- }
-
- hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
- hdr->elem_id = WLAN_EID_RSN;
- WPA_PUT_LE16(hdr->version, RSN_VERSION);
- pos = (u8 *) (hdr + 1);
- /* Group Suite can be anything for SMK RSN IE; receiver will just
- * ignore it. */
- RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
- pos += RSN_SELECTOR_LEN;
- /* Include only the selected cipher in pairwise cipher suite */
- WPA_PUT_LE16(pos, 1);
- pos += 2;
- RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher));
- pos += RSN_SELECTOR_LEN;
-
- hdr->len = (pos - peerkey->rsnie_p) - 2;
- peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
- wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
- peerkey->rsnie_p, peerkey->rsnie_p_len);
-
- wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
-
- peerkey->next = sm->peerkey;
- sm->peerkey = peerkey;
-
- return 0;
-}
-
-
-/**
- * rsn_smkid - Derive SMK identifier
- * @smk: Station master key (32 bytes)
- * @pnonce: Peer Nonce
- * @mac_p: Peer MAC address
- * @inonce: Initiator Nonce
- * @mac_i: Initiator MAC address
- * @akmp: Negotiated AKM
- *
- * 8.5.1.4 Station to station (STK) key hierarchy
- * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
- */
-static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
- const u8 *inonce, const u8 *mac_i, u8 *smkid,
- int akmp)
-{
- char *title = "SMK Name";
- const u8 *addr[5];
- const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
- ETH_ALEN };
- unsigned char hash[SHA256_MAC_LEN];
-
- addr[0] = (u8 *) title;
- addr[1] = pnonce;
- addr[2] = mac_p;
- addr[3] = inonce;
- addr[4] = mac_i;
-
-#ifdef CONFIG_IEEE80211W
- if (wpa_key_mgmt_sha256(akmp))
- hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash);
- else
-#endif /* CONFIG_IEEE80211W */
- hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
- os_memcpy(smkid, hash, PMKID_LEN);
-}
-
-
-static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey)
-{
- size_t mlen;
- struct wpa_eapol_key *msg;
- u8 *mbuf, *mic;
- size_t kde_len, mic_len = 16;
- u16 key_info, ver;
-
- kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
-
- mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
- sizeof(*msg) + mic_len + 2 + kde_len, &mlen,
- (void *) &msg);
- if (mbuf == NULL)
- return;
-
- mic = (u8 *) (msg + 1);
- msg->type = EAPOL_KEY_TYPE_RSN;
-
- if (peerkey->cipher != WPA_CIPHER_TKIP)
- ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
- else
- ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
-
- key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
- WPA_PUT_BE16(msg->key_info, key_info);
-
- if (peerkey->cipher != WPA_CIPHER_TKIP)
- WPA_PUT_BE16(msg->key_length, 16);
- else
- WPA_PUT_BE16(msg->key_length, 32);
-
- os_memcpy(msg->replay_counter, peerkey->replay_counter,
- WPA_REPLAY_COUNTER_LEN);
- inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
-
- WPA_PUT_BE16(mic + mic_len, kde_len);
- wpa_add_kde(mic + mic_len + 2, RSN_KEY_DATA_PMKID,
- peerkey->smkid, PMKID_LEN);
-
- if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "RSN: Failed to get random data for INonce (STK)");
- os_free(mbuf);
- return;
- }
- wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
- peerkey->inonce, WPA_NONCE_LEN);
- os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
-
- wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
- MAC2STR(peerkey->addr));
- wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
- mbuf, mlen, NULL);
-}
-
-
-static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey)
-{
- size_t mlen;
- struct wpa_eapol_key *msg;
- u8 *mbuf, *pos, *mic;
- size_t kde_len, mic_len = 16;
- u16 key_info, ver;
- be32 lifetime;
-
- kde_len = peerkey->rsnie_i_len +
- 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
-
- mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
- sizeof(*msg) + mic_len + 2 + kde_len, &mlen,
- (void *) &msg);
- if (mbuf == NULL)
- return;
-
- mic = (u8 *) (msg + 1);
- msg->type = EAPOL_KEY_TYPE_RSN;
-
- if (peerkey->cipher != WPA_CIPHER_TKIP)
- ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
- else
- ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
-
- key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
- WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
- WPA_PUT_BE16(msg->key_info, key_info);
-
- if (peerkey->cipher != WPA_CIPHER_TKIP)
- WPA_PUT_BE16(msg->key_length, 16);
- else
- WPA_PUT_BE16(msg->key_length, 32);
-
- os_memcpy(msg->replay_counter, peerkey->replay_counter,
- WPA_REPLAY_COUNTER_LEN);
- inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
-
- WPA_PUT_BE16(mic + mic_len, kde_len);
- pos = mic + mic_len + 2;
- pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
- lifetime = host_to_be32(peerkey->lifetime);
- wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
- (u8 *) &lifetime, sizeof(lifetime));
-
- os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
-
- wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
- MAC2STR(peerkey->addr));
- wpa_eapol_key_send(sm, &peerkey->stk, ver, peerkey->addr, ETH_P_EAPOL,
- mbuf, mlen, mic);
-}
-
-
-static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey,
- struct wpa_eapol_ie_parse *kde)
-{
- wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")",
- MAC2STR(kde->mac_addr));
-
- if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0)
- {
- wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
- "match with the one used in SMK M3");
- return -1;
- }
-
- if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
- wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not "
- "match with the one received in SMK M2");
- return -1;
- }
-
- return 0;
-}
-
-
-static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
- const unsigned char *src_addr,
- const struct wpa_eapol_key *key,
- int ver,
- struct wpa_peerkey *peerkey,
- struct wpa_eapol_ie_parse *kde)
-{
- int cipher;
- struct wpa_ie_data ie;
-
- wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
- MAC2STR(kde->mac_addr));
- if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
- wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
- wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
- /* TODO: abort negotiation */
- return -1;
- }
-
- if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
- wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
- "not match with INonce used in SMK M1");
- return -1;
- }
-
- if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
- {
- wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
- "match with the one used in SMK M1");
- return -1;
- }
-
- os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
- peerkey->rsnie_p_len = kde->rsn_ie_len;
- os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
-
- cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
- sm->allowed_pairwise_cipher, 0);
- if (cipher < 0) {
- wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
- "unacceptable cipher", MAC2STR(kde->mac_addr));
- wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
- STK_MUI_SMK, STK_ERR_CPHR_NS,
- ver);
- /* TODO: abort negotiation */
- return -1;
- }
- wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
- wpa_cipher_txt(cipher));
- peerkey->cipher = cipher;
-
- return 0;
-}
-
-
-static int wpa_supplicant_process_smk_m45(
- struct wpa_sm *sm, const unsigned char *src_addr,
- const struct wpa_eapol_key *key, const u8 *key_data,
- size_t key_data_len, int ver)
-{
- struct wpa_peerkey *peerkey;
- struct wpa_eapol_ie_parse kde;
- u32 lifetime;
-
- if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
- wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
- "the current network");
- return -1;
- }
-
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
- return -1;
- }
-
- if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
- kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
- kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
- kde.lifetime == NULL || kde.lifetime_len < 4) {
- wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
- "Lifetime KDE in SMK M4/M5");
- return -1;
- }
-
- for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
- if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
- os_memcmp(peerkey->initiator ? peerkey->inonce :
- peerkey->pnonce,
- key->key_nonce, WPA_NONCE_LEN) == 0)
- break;
- }
- if (peerkey == NULL) {
- wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
- "for SMK M4/M5: peer " MACSTR,
- MAC2STR(kde.mac_addr));
- return -1;
- }
-
- if (peerkey->initiator) {
- if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver,
- peerkey, &kde) < 0)
- return -1;
- } else {
- if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0)
- return -1;
- }
-
- os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
- peerkey->smk_complete = 1;
- wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
- lifetime = WPA_GET_BE32(kde.lifetime);
- wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
- if (lifetime > 1000000000)
- lifetime = 1000000000; /* avoid overflowing eloop time */
- peerkey->lifetime = lifetime;
- eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
- sm, peerkey);
-
- if (peerkey->initiator) {
- rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
- peerkey->inonce, sm->own_addr, peerkey->smkid,
- peerkey->akmp);
- wpa_supplicant_send_stk_1_of_4(sm, peerkey);
- } else {
- rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
- peerkey->inonce, peerkey->addr, peerkey->smkid,
- peerkey->akmp);
- }
- wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
-
- return 0;
-}
-
-
-static int wpa_supplicant_process_smk_error(
- struct wpa_sm *sm, const unsigned char *src_addr,
- const u8 *key_data, size_t key_data_len)
-{
- struct wpa_eapol_ie_parse kde;
- struct rsn_error_kde error;
- u8 peer[ETH_ALEN];
- u16 error_type;
-
- wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
-
- if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
- wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
- "the current network");
- return -1;
- }
-
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
- return -1;
- }
-
- if (kde.error == NULL || kde.error_len < sizeof(error)) {
- wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
- return -1;
- }
-
- if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
- os_memcpy(peer, kde.mac_addr, ETH_ALEN);
- else
- os_memset(peer, 0, ETH_ALEN);
- os_memcpy(&error, kde.error, sizeof(error));
- error_type = be_to_host16(error.error_type);
- wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
- "RSN: SMK Error KDE received: MUI %d error_type %d peer "
- MACSTR,
- be_to_host16(error.mui), error_type,
- MAC2STR(peer));
-
- if (kde.mac_addr &&
- (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
- error_type == STK_ERR_CPHR_NS)) {
- struct wpa_peerkey *peerkey;
-
- for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
- if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
- 0)
- break;
- }
- if (peerkey == NULL) {
- wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
- "found for SMK Error");
- return -1;
- }
- /* TODO: abort SMK/STK handshake and remove all related keys */
- }
-
- return 0;
-}
-
-
-static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- const struct wpa_eapol_key *key,
- u16 ver, const u8 *key_data,
- size_t key_data_len)
-{
- struct wpa_eapol_ie_parse ie;
- size_t kde_buf_len;
- struct wpa_ptk *stk;
- u8 buf[8], *kde_buf, *pos;
- be32 lifetime;
-
- wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
- MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
-
- os_memset(&ie, 0, sizeof(ie));
-
- /* RSN: msg 1/4 should contain SMKID for the selected SMK */
- wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len);
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0 ||
- ie.pmkid == NULL) {
- wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
- return;
- }
- if (os_memcmp_const(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
- wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
- ie.pmkid, PMKID_LEN);
- return;
- }
-
- if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "RSN: Failed to get random data for PNonce");
- return;
- }
- wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
- peerkey->pnonce, WPA_NONCE_LEN);
-
- /* Calculate STK which will be stored as a temporary STK until it has
- * been verified when processing message 3/4. */
- stk = &peerkey->tstk;
- wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
- sm->own_addr, peerkey->addr,
- peerkey->pnonce, key->key_nonce,
- stk, peerkey->akmp, peerkey->cipher);
- /* Supplicant: swap tx/rx Mic keys */
- os_memcpy(buf, &stk->tk[16], 8);
- os_memcpy(&stk->tk[16], &stk->tk[24], 8);
- os_memcpy(&stk->tk[24], buf, 8);
- peerkey->tstk_set = 1;
-
- kde_buf_len = peerkey->rsnie_p_len +
- 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
- 2 + RSN_SELECTOR_LEN + PMKID_LEN;
- kde_buf = os_malloc(kde_buf_len);
- if (kde_buf == NULL)
- return;
- pos = kde_buf;
- pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
- lifetime = host_to_be32(peerkey->lifetime);
- pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
- (u8 *) &lifetime, sizeof(lifetime));
- wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
-
- if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
- peerkey->pnonce, kde_buf, kde_buf_len,
- stk) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to send STK message 2/4");
- os_free(kde_buf);
- return;
- }
- os_free(kde_buf);
-
- os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
-}
-
-
-static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- struct wpa_eapol_ie_parse *kde)
-{
- u32 lifetime;
-
- if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
- return;
-
- lifetime = WPA_GET_BE32(kde->lifetime);
-
- if (lifetime >= peerkey->lifetime) {
- wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
- "which is larger than or equal to own value %u "
- "seconds - ignored", lifetime, peerkey->lifetime);
- return;
- }
-
- wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
- "(own was %u seconds) - updated",
- lifetime, peerkey->lifetime);
- peerkey->lifetime = lifetime;
-
- eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
- eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
- sm, peerkey);
-}
-
-
-static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- const struct wpa_eapol_key *key,
- u16 ver, const u8 *key_data,
- size_t key_data_len)
-{
- struct wpa_eapol_ie_parse kde;
-
- wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
- MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
-
- os_memset(&kde, 0, sizeof(kde));
-
- /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
- * from the peer. It may also include Lifetime KDE. */
- wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", key_data, key_data_len);
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0 ||
- kde.pmkid == NULL || kde.rsn_ie == NULL) {
- wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
- return;
- }
-
- if (os_memcmp_const(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
- wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
- kde.pmkid, PMKID_LEN);
- return;
- }
-
- if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
- os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
- wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
- "handshakes did not match");
- wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
- peerkey->rsnie_p, peerkey->rsnie_p_len);
- wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
- kde.rsn_ie, kde.rsn_ie_len);
- return;
- }
-
- wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
-
- wpa_supplicant_send_stk_3_of_4(sm, peerkey);
- os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
-}
-
-
-static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- const struct wpa_eapol_key *key,
- u16 ver, const u8 *key_data,
- size_t key_data_len)
-{
- struct wpa_eapol_ie_parse kde;
- size_t key_len;
- const u8 *_key;
- u8 key_buf[32], rsc[6];
-
- wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
- MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
-
- os_memset(&kde, 0, sizeof(kde));
-
- /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
- * Lifetime KDE. */
- wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", key_data, key_data_len);
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
- wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
- "STK 3/4");
- return;
- }
-
- if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
- os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
- wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
- "handshakes did not match");
- wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
- "handshake",
- peerkey->rsnie_i, peerkey->rsnie_i_len);
- wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
- "handshake",
- kde.rsn_ie, kde.rsn_ie_len);
- return;
- }
-
- if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
- wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
- "4-Way Handshake differs from 3 of STK 4-Way "
- "Handshake - drop packet (src=" MACSTR ")",
- MAC2STR(peerkey->addr));
- wpa_hexdump(MSG_DEBUG, "RSN: INonce from message 1",
- peerkey->inonce, WPA_NONCE_LEN);
- wpa_hexdump(MSG_DEBUG, "RSN: INonce from message 3",
- key->key_nonce, WPA_NONCE_LEN);
- return;
- }
-
- wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
-
- if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
- WPA_GET_BE16(key->key_info),
- &peerkey->stk) < 0) {
- wpa_printf(MSG_INFO, "RSN: Failed to send STK message 4/4");
- return;
- }
-
- _key = peerkey->stk.tk;
- if (peerkey->cipher == WPA_CIPHER_TKIP) {
- /* Swap Tx/Rx keys for Michael MIC */
- os_memcpy(key_buf, _key, 16);
- os_memcpy(key_buf + 16, _key + 24, 8);
- os_memcpy(key_buf + 24, _key + 16, 8);
- _key = key_buf;
- key_len = 32;
- } else
- key_len = 16;
-
- os_memset(rsc, 0, 6);
- if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
- rsc, sizeof(rsc), _key, key_len) < 0) {
- os_memset(key_buf, 0, sizeof(key_buf));
- wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
- "driver.");
- return;
- }
- os_memset(key_buf, 0, sizeof(key_buf));
-}
-
-
-static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- const struct wpa_eapol_key *key,
- u16 ver)
-{
- u8 rsc[6];
-
- wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
- MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
-
- os_memset(rsc, 0, 6);
- if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
- rsc, sizeof(rsc), peerkey->stk.tk,
- peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
- wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
- "driver.");
- return;
- }
-}
-
-
-/**
- * peerkey_verify_eapol_key_mic - Verify PeerKey MIC
- * @sm: Pointer to WPA state machine data from wpa_sm_init()
- * @peerkey: Pointer to the PeerKey data for the peer
- * @key: Pointer to the EAPOL-Key frame header
- * @ver: Version bits from EAPOL-Key Key Info
- * @buf: Pointer to the beginning of EAPOL-Key frame
- * @len: Length of the EAPOL-Key frame
- * Returns: 0 on success, -1 on failure
- */
-int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 ver,
- const u8 *buf, size_t len)
-{
- u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN], *mic_pos;
- size_t mic_len = 16;
- int ok = 0;
-
- if (peerkey->initiator && !peerkey->stk_set) {
- wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
- sm->own_addr, peerkey->addr,
- peerkey->inonce, key->key_nonce,
- &peerkey->stk, peerkey->akmp, peerkey->cipher);
- peerkey->stk_set = 1;
- }
-
- mic_pos = (u8 *) (key + 1);
- os_memcpy(mic, mic_pos, mic_len);
- if (peerkey->tstk_set) {
- os_memset(mic_pos, 0, mic_len);
- wpa_eapol_key_mic(peerkey->tstk.kck, peerkey->tstk.kck_len,
- sm->key_mgmt, ver, buf, len, mic_pos);
- if (os_memcmp_const(mic, mic_pos, mic_len) != 0) {
- wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
- "when using TSTK - ignoring TSTK");
- } else {
- ok = 1;
- peerkey->tstk_set = 0;
- peerkey->stk_set = 1;
- os_memcpy(&peerkey->stk, &peerkey->tstk,
- sizeof(peerkey->stk));
- os_memset(&peerkey->tstk, 0, sizeof(peerkey->tstk));
- }
- }
-
- if (!ok && peerkey->stk_set) {
- os_memset(mic_pos, 0, mic_len);
- wpa_eapol_key_mic(peerkey->stk.kck, peerkey->stk.kck_len,
- sm->key_mgmt, ver, buf, len, mic_pos);
- if (os_memcmp_const(mic, mic_pos, mic_len) != 0) {
- wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
- "- dropping packet");
- return -1;
- }
- ok = 1;
- }
-
- if (!ok) {
- wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
- "- dropping packet");
- return -1;
- }
-
- os_memcpy(peerkey->replay_counter, key->replay_counter,
- WPA_REPLAY_COUNTER_LEN);
- peerkey->replay_counter_set = 1;
- return 0;
-}
-
-
-/**
- * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
- * @sm: Pointer to WPA state machine data from wpa_sm_init()
- * @peer: MAC address of the peer STA
- * Returns: 0 on success, or -1 on failure
- *
- * Send an EAPOL-Key Request to the current authenticator to start STK
- * handshake with the peer.
- */
-int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
-{
- size_t rlen, kde_len, mic_len;
- struct wpa_eapol_key *req;
- int key_info, ver;
- u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos, *mic;
- u16 count;
- struct rsn_ie_hdr *hdr;
- struct wpa_peerkey *peerkey;
- struct wpa_ie_data ie;
-
- if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled)
- return -1;
-
- if (sm->ap_rsn_ie &&
- wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
- !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
- wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
- return -1;
- }
-
- mic_len = wpa_mic_len(sm->key_mgmt);
- if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
- ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
- else
- ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
-
- if (wpa_sm_get_bssid(sm, bssid) < 0) {
- wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
- "SMK M1");
- return -1;
- }
-
- /* TODO: find existing entry and if found, use that instead of adding
- * a new one */
- peerkey = os_zalloc(sizeof(*peerkey));
- if (peerkey == NULL)
- return -1;
- peerkey->initiator = 1;
- os_memcpy(peerkey->addr, peer, ETH_ALEN);
- peerkey->akmp = sm->key_mgmt;
-
- /* SMK M1:
- * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
- * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
- */
-
- hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
- hdr->elem_id = WLAN_EID_RSN;
- WPA_PUT_LE16(hdr->version, RSN_VERSION);
- pos = (u8 *) (hdr + 1);
- /* Group Suite can be anything for SMK RSN IE; receiver will just
- * ignore it. */
- RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
- pos += RSN_SELECTOR_LEN;
- count_pos = pos;
- pos += 2;
-
- count = rsn_cipher_put_suites(pos, sm->allowed_pairwise_cipher);
- pos += count * RSN_SELECTOR_LEN;
- WPA_PUT_LE16(count_pos, count);
-
- hdr->len = (pos - peerkey->rsnie_i) - 2;
- peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
- wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
- peerkey->rsnie_i, peerkey->rsnie_i_len);
-
- kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
-
- rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
- sizeof(*req) + mic_len + 2 + kde_len, &rlen,
- (void *) &req);
- if (rbuf == NULL) {
- wpa_supplicant_peerkey_free(sm, peerkey);
- return -1;
- }
-
- req->type = EAPOL_KEY_TYPE_RSN;
- key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
- WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
- WPA_PUT_BE16(req->key_info, key_info);
- WPA_PUT_BE16(req->key_length, 0);
- os_memcpy(req->replay_counter, sm->request_counter,
- WPA_REPLAY_COUNTER_LEN);
- inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
-
- if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Failed to get random data for INonce");
- os_free(rbuf);
- wpa_supplicant_peerkey_free(sm, peerkey);
- return -1;
- }
- os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
- wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
- req->key_nonce, WPA_NONCE_LEN);
-
- mic = pos = (u8 *) (req + 1);
- pos += mic_len;
- WPA_PUT_BE16(pos, (u16) kde_len);
- pos += 2;
-
- /* Initiator RSN IE */
- pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
- /* Peer MAC address KDE */
- wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
-
- wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
- MACSTR ")", MAC2STR(peer));
- wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
- mic);
-
- peerkey->next = sm->peerkey;
- sm->peerkey = peerkey;
-
- return 0;
-}
-
-
-/**
- * peerkey_deinit - Free PeerKey values
- * @sm: Pointer to WPA state machine data from wpa_sm_init()
- */
-void peerkey_deinit(struct wpa_sm *sm)
-{
- struct wpa_peerkey *prev, *peerkey = sm->peerkey;
- while (peerkey) {
- prev = peerkey;
- peerkey = peerkey->next;
- wpa_supplicant_peerkey_free(sm, prev);
- }
- sm->peerkey = NULL;
-}
-
-
-void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 key_info, u16 ver,
- const u8 *key_data, size_t key_data_len)
-{
- if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
- (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
- /* 3/4 STK 4-Way Handshake */
- wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver,
- key_data, key_data_len);
- } else if (key_info & WPA_KEY_INFO_ACK) {
- /* 1/4 STK 4-Way Handshake */
- wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver,
- key_data, key_data_len);
- } else if (key_info & WPA_KEY_INFO_SECURE) {
- /* 4/4 STK 4-Way Handshake */
- wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
- } else {
- /* 2/4 STK 4-Way Handshake */
- wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver,
- key_data, key_data_len);
- }
-}
-
-
-void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
- struct wpa_eapol_key *key, const u8 *key_data,
- size_t key_data_len,
- u16 key_info, u16 ver)
-{
- if (key_info & WPA_KEY_INFO_ERROR) {
- /* SMK Error */
- wpa_supplicant_process_smk_error(sm, src_addr, key_data,
- key_data_len);
- } else if (key_info & WPA_KEY_INFO_ACK) {
- /* SMK M2 */
- wpa_supplicant_process_smk_m2(sm, src_addr, key, key_data,
- key_data_len, ver);
- } else {
- /* SMK M4 or M5 */
- wpa_supplicant_process_smk_m45(sm, src_addr, key, key_data,
- key_data_len, ver);
- }
-}
-
-#endif /* CONFIG_PEERKEY */
diff --git a/src/rsn_supp/peerkey.h b/src/rsn_supp/peerkey.h
deleted file mode 100644
index 02e12e9..0000000
--- a/src/rsn_supp/peerkey.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
- * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef PEERKEY_H
-#define PEERKEY_H
-
-#define PEERKEY_MAX_IE_LEN 80
-struct wpa_peerkey {
- struct wpa_peerkey *next;
- int initiator; /* whether this end was initator for SMK handshake */
- u8 addr[ETH_ALEN]; /* other end MAC address */
- u8 inonce[WPA_NONCE_LEN]; /* Initiator Nonce */
- u8 pnonce[WPA_NONCE_LEN]; /* Peer Nonce */
- u8 rsnie_i[PEERKEY_MAX_IE_LEN]; /* Initiator RSN IE */
- size_t rsnie_i_len;
- u8 rsnie_p[PEERKEY_MAX_IE_LEN]; /* Peer RSN IE */
- size_t rsnie_p_len;
- u8 smk[PMK_LEN];
- int smk_complete;
- u8 smkid[PMKID_LEN];
- u32 lifetime;
- int cipher; /* Selected cipher (WPA_CIPHER_*) */
- u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
- int replay_counter_set;
- int akmp;
-
- struct wpa_ptk stk, tstk;
- int stk_set, tstk_set;
-};
-
-
-#ifdef CONFIG_PEERKEY
-
-int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 ver,
- const u8 *buf, size_t len);
-void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 key_info, u16 ver,
- const u8 *key_data, size_t key_data_len);
-void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
- struct wpa_eapol_key *key, const u8 *key_data,
- size_t key_data_len, u16 key_info, u16 ver);
-void peerkey_deinit(struct wpa_sm *sm);
-
-#else /* CONFIG_PEERKEY */
-
-static inline int
-peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
- struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 ver,
- const u8 *buf, size_t len)
-{
- return -1;
-}
-
-static inline void
-peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
- struct wpa_eapol_key *key, u16 key_info, u16 ver,
- const u8 *key_data, size_t key_data_len)
-{
-}
-
-static inline void
-peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
- struct wpa_eapol_key *key, const u8 *key_data,
- size_t key_data_len, u16 key_info, u16 ver)
-{
-}
-
-static inline void peerkey_deinit(struct wpa_sm *sm)
-{
-}
-
-#endif /* CONFIG_PEERKEY */
-
-#endif /* PEERKEY_H */
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index f723bb0..f5024f2 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -44,7 +44,9 @@
enum pmksa_free_reason reason)
{
wpa_sm_remove_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
- entry->pmkid);
+ entry->pmkid,
+ entry->fils_cache_id_set ? entry->fils_cache_id :
+ NULL);
pmksa->pmksa_count--;
pmksa->free_cb(entry, pmksa->ctx, reason);
_pmksa_cache_free_entry(entry);
@@ -117,6 +119,7 @@
* @spa: Supplicant address
* @network_ctx: Network configuration context for this PMK
* @akmp: WPA_KEY_MGMT_* used in key derivation
+ * @cache_id: Pointer to FILS Cache Identifier or %NULL if not advertised
* Returns: Pointer to the added PMKSA cache entry or %NULL on error
*
* This function create a PMKSA entry for a new PMK and adds it to the PMKSA
@@ -127,7 +130,8 @@
struct rsn_pmksa_cache_entry *
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
const u8 *pmkid, const u8 *kck, size_t kck_len,
- const u8 *aa, const u8 *spa, void *network_ctx, int akmp)
+ const u8 *aa, const u8 *spa, void *network_ctx, int akmp,
+ const u8 *cache_id)
{
struct rsn_pmksa_cache_entry *entry;
struct os_reltime now;
@@ -150,13 +154,16 @@
else if (wpa_key_mgmt_suite_b(akmp))
rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
else
- rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
- wpa_key_mgmt_sha256(akmp));
+ rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid, akmp);
os_get_reltime(&now);
entry->expiration = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime;
entry->reauth_time = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime *
pmksa->sm->dot11RSNAConfigPMKReauthThreshold / 100;
entry->akmp = akmp;
+ if (cache_id) {
+ entry->fils_cache_id_set = 1;
+ os_memcpy(entry->fils_cache_id, cache_id, FILS_CACHE_ID_LEN);
+ }
os_memcpy(entry->aa, aa, ETH_ALEN);
entry->network_ctx = network_ctx;
@@ -257,8 +264,9 @@
pmksa->pmksa_count++;
wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
" network_ctx=%p", MAC2STR(entry->aa), entry->network_ctx);
- wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
- entry->pmkid);
+ wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid,
+ entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
+ entry->pmk, entry->pmk_len);
return entry;
}
@@ -358,16 +366,19 @@
const u8 *aa)
{
struct rsn_pmksa_cache_entry *new_entry;
+ os_time_t old_expiration = old_entry->expiration;
new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
NULL, NULL, 0,
aa, pmksa->sm->own_addr,
- old_entry->network_ctx, old_entry->akmp);
+ old_entry->network_ctx, old_entry->akmp,
+ old_entry->fils_cache_id_set ?
+ old_entry->fils_cache_id : NULL);
if (new_entry == NULL)
return NULL;
/* TODO: reorder entries based on expiration time? */
- new_entry->expiration = old_entry->expiration;
+ new_entry->expiration = old_expiration;
new_entry->opportunistic = 1;
return new_entry;
@@ -410,6 +421,24 @@
}
+static struct rsn_pmksa_cache_entry *
+pmksa_cache_get_fils_cache_id(struct rsn_pmksa_cache *pmksa,
+ const void *network_ctx, const u8 *cache_id)
+{
+ struct rsn_pmksa_cache_entry *entry;
+
+ for (entry = pmksa->pmksa; entry; entry = entry->next) {
+ if (network_ctx == entry->network_ctx &&
+ entry->fils_cache_id_set &&
+ os_memcmp(cache_id, entry->fils_cache_id,
+ FILS_CACHE_ID_LEN) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+
/**
* pmksa_cache_get_current - Get the current used PMKSA entry
* @sm: Pointer to WPA state machine data from wpa_sm_init()
@@ -442,11 +471,12 @@
* @bssid: BSSID for PMKSA or %NULL if not used
* @network_ctx: Network configuration context
* @try_opportunistic: Whether to allow opportunistic PMKSA caching
+ * @fils_cache_id: Pointer to FILS Cache Identifier or %NULL if not used
* Returns: 0 if PMKSA was found or -1 if no matching entry was found
*/
int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
const u8 *bssid, void *network_ctx,
- int try_opportunistic)
+ int try_opportunistic, const u8 *fils_cache_id)
{
struct rsn_pmksa_cache *pmksa = sm->pmksa;
wpa_printf(MSG_DEBUG, "RSN: PMKSA cache search - network_ctx=%p "
@@ -457,6 +487,10 @@
if (bssid)
wpa_printf(MSG_DEBUG, "RSN: Search for BSSID " MACSTR,
MAC2STR(bssid));
+ if (fils_cache_id)
+ wpa_printf(MSG_DEBUG,
+ "RSN: Search for FILS Cache Identifier %02x%02x",
+ fils_cache_id[0], fils_cache_id[1]);
sm->cur_pmksa = NULL;
if (pmkid)
@@ -469,6 +503,10 @@
sm->cur_pmksa = pmksa_cache_get_opportunistic(pmksa,
network_ctx,
bssid);
+ if (sm->cur_pmksa == NULL && fils_cache_id)
+ sm->cur_pmksa = pmksa_cache_get_fils_cache_id(pmksa,
+ network_ctx,
+ fils_cache_id);
if (sm->cur_pmksa) {
wpa_hexdump(MSG_DEBUG, "RSN: PMKSA cache entry found - PMKID",
sm->cur_pmksa->pmkid, PMKID_LEN);
@@ -495,11 +533,20 @@
char *pos = buf;
struct rsn_pmksa_cache_entry *entry;
struct os_reltime now;
+ int cache_id_used = 0;
+
+ for (entry = pmksa->pmksa; entry; entry = entry->next) {
+ if (entry->fils_cache_id_set) {
+ cache_id_used = 1;
+ break;
+ }
+ }
os_get_reltime(&now);
ret = os_snprintf(pos, buf + len - pos,
"Index / AA / PMKID / expiration (in seconds) / "
- "opportunistic\n");
+ "opportunistic%s\n",
+ cache_id_used ? " / FILS Cache Identifier" : "");
if (os_snprintf_error(buf + len - pos, ret))
return pos - buf;
pos += ret;
@@ -514,12 +561,24 @@
pos += ret;
pos += wpa_snprintf_hex(pos, buf + len - pos, entry->pmkid,
PMKID_LEN);
- ret = os_snprintf(pos, buf + len - pos, " %d %d\n",
+ ret = os_snprintf(pos, buf + len - pos, " %d %d",
(int) (entry->expiration - now.sec),
entry->opportunistic);
if (os_snprintf_error(buf + len - pos, ret))
return pos - buf;
pos += ret;
+ if (entry->fils_cache_id_set) {
+ ret = os_snprintf(pos, buf + len - pos, " %02x%02x",
+ entry->fils_cache_id[0],
+ entry->fils_cache_id[1]);
+ if (os_snprintf_error(buf + len - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+ ret = os_snprintf(pos, buf + len - pos, "\n");
+ if (os_snprintf_error(buf + len - pos, ret))
+ return pos - buf;
+ pos += ret;
entry = entry->next;
}
return pos - buf;
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index adc251a..f9a72a6 100644
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -21,6 +21,14 @@
int akmp; /* WPA_KEY_MGMT_* */
u8 aa[ETH_ALEN];
+ /*
+ * If FILS Cache Identifier is included (fils_cache_id_set), this PMKSA
+ * cache entry is applicable to all BSSs (any BSSID/aa[]) that
+ * advertise the same FILS Cache Identifier within the same ESS.
+ */
+ u8 fils_cache_id[2];
+ unsigned int fils_cache_id_set:1;
+
os_time_t reauth_time;
/**
@@ -59,7 +67,8 @@
struct rsn_pmksa_cache_entry *
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
const u8 *pmkid, const u8 *kck, size_t kck_len,
- const u8 *aa, const u8 *spa, void *network_ctx, int akmp);
+ const u8 *aa, const u8 *spa, void *network_ctx, int akmp,
+ const u8 *cache_id);
struct rsn_pmksa_cache_entry *
pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
struct rsn_pmksa_cache_entry *entry);
@@ -67,7 +76,7 @@
void pmksa_cache_clear_current(struct wpa_sm *sm);
int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
const u8 *bssid, void *network_ctx,
- int try_opportunistic);
+ int try_opportunistic, const u8 *fils_cache_id);
struct rsn_pmksa_cache_entry *
pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
void *network_ctx, const u8 *aa);
@@ -123,7 +132,8 @@
static inline struct rsn_pmksa_cache_entry *
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
const u8 *pmkid, const u8 *kck, size_t kck_len,
- const u8 *aa, const u8 *spa, void *network_ctx, int akmp)
+ const u8 *aa, const u8 *spa, void *network_ctx, int akmp,
+ const u8 *cache_id)
{
return NULL;
}
@@ -135,7 +145,8 @@
static inline int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
const u8 *bssid,
void *network_ctx,
- int try_opportunistic)
+ int try_opportunistic,
+ const u8 *fils_cache_id)
{
return -1;
}
diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c
index e83d073..d4276b9 100644
--- a/src/rsn_supp/preauth.c
+++ b/src/rsn_supp/preauth.c
@@ -97,7 +97,7 @@
NULL, 0,
sm->preauth_bssid, sm->own_addr,
sm->network_ctx,
- WPA_KEY_MGMT_IEEE8021X);
+ WPA_KEY_MGMT_IEEE8021X, NULL);
} else {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: failed to get master session key from "
@@ -342,7 +342,8 @@
/* Some drivers (e.g., NDIS) expect to get notified about the
* PMKIDs again, so report the existing data now. */
if (p) {
- wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid);
+ wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
+ NULL, p->pmk, p->pmk_len);
}
dl_list_del(&candidate->list);
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index c2ed952..5e350ed 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -303,10 +303,9 @@
peer->sm_tmr.peer_capab = peer_capab;
peer->sm_tmr.buf_len = msg_len;
os_free(peer->sm_tmr.buf);
- peer->sm_tmr.buf = os_malloc(msg_len);
+ peer->sm_tmr.buf = os_memdup(msg, msg_len);
if (peer->sm_tmr.buf == NULL)
return -1;
- os_memcpy(peer->sm_tmr.buf, msg, msg_len);
wpa_printf(MSG_DEBUG, "TDLS: Retry timeout registered "
"(action_code=%u)", action_code);
@@ -413,8 +412,9 @@
size_t len[2];
u8 data[3 * ETH_ALEN];
- /* IEEE Std 802.11z-2010 8.5.9.1:
- * TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
+ /* IEEE Std 802.11-2016 12.7.9.2:
+ * TPK-Key-Input = Hash(min(SNonce, ANonce) || max(SNonce, ANonce))
+ * Hash = SHA-256 for TDLS
*/
len[0] = WPA_NONCE_LEN;
len[1] = WPA_NONCE_LEN;
@@ -432,11 +432,8 @@
key_input, SHA256_MAC_LEN);
/*
- * TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
- * min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
- * TODO: is N_KEY really included in KDF Context and if so, in which
- * presentation format (little endian 16-bit?) is it used? It gets
- * added by the KDF anyway..
+ * TPK = KDF-Hash-Length(TPK-Key-Input, "TDLS PMK",
+ * min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID)
*/
if (os_memcmp(own_addr, peer->addr, ETH_ALEN) < 0) {
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index af72298..15b0e60 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - WPA state machine and EAPOL-Key processing
- * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi>
* Copyright(c) 2015 Intel Deutschland GmbH
*
* This software may be distributed under the terms of the BSD license.
@@ -15,6 +15,9 @@
#include "crypto/crypto.h"
#include "crypto/random.h"
#include "crypto/aes_siv.h"
+#include "crypto/sha256.h"
+#include "crypto/sha384.h"
+#include "crypto/sha512.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "eap_common/eap_defs.h"
@@ -25,7 +28,6 @@
#include "pmksa_cache.h"
#include "wpa_i.h"
#include "wpa_ie.h"
-#include "peerkey.h"
static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
@@ -48,8 +50,11 @@
u8 *msg, size_t msg_len, u8 *key_mic)
{
int ret = -1;
- size_t mic_len = wpa_mic_len(sm->key_mgmt);
+ size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
+ wpa_printf(MSG_DEBUG, "WPA: Send EAPOL-Key frame to " MACSTR
+ " ver=%d mic_len=%d key_mgmt=0x%x",
+ MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt);
if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
/*
* Association event was not yet received; try to fetch
@@ -193,7 +198,7 @@
return;
}
- mic_len = wpa_mic_len(sm->key_mgmt);
+ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
hdrlen, &rlen, (void *) &reply);
@@ -315,6 +320,13 @@
}
if (res == 0) {
struct rsn_pmksa_cache_entry *sa = NULL;
+ const u8 *fils_cache_id = NULL;
+
+#ifdef CONFIG_FILS
+ if (sm->fils_cache_id_set)
+ fils_cache_id = sm->fils_cache_id;
+#endif /* CONFIG_FILS */
+
wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
"machines", sm->pmk, pmk_len);
sm->pmk_len = pmk_len;
@@ -327,7 +339,8 @@
NULL, 0,
src_addr, sm->own_addr,
sm->network_ctx,
- sm->key_mgmt);
+ sm->key_mgmt,
+ fils_cache_id);
}
if (!sm->cur_pmksa && pmkid &&
pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
@@ -457,7 +470,7 @@
wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
- mic_len = wpa_mic_len(sm->key_mgmt);
+ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
NULL, hdrlen + wpa_ie_len,
@@ -572,7 +585,8 @@
/* Calculate PTK which will be stored as a temporary PTK until it has
* been verified when processing message 3/4. */
ptk = &sm->tptk;
- wpa_derive_ptk(sm, src_addr, key, ptk);
+ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
+ goto failed;
if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
u8 buf[8];
/* Supplicant: swap tx/rx Mic keys */
@@ -643,7 +657,9 @@
sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
eapol_sm_notify_portValid(sm->eapol, TRUE);
- if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
+ if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
+ sm->key_mgmt == WPA_KEY_MGMT_DPP ||
+ sm->key_mgmt == WPA_KEY_MGMT_OWE)
eapol_sm_notify_eap_success(sm->eapol, TRUE);
/*
* Start preauthentication after a short wait to avoid a
@@ -710,6 +726,11 @@
alg = wpa_cipher_to_alg(sm->pairwise_cipher);
keylen = wpa_cipher_key_len(sm->pairwise_cipher);
+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
+ wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
+ keylen, (long unsigned int) sm->ptk.tk_len);
+ return -1;
+ }
rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
@@ -730,6 +751,7 @@
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+ sm->ptk.tk_len = 0;
sm->ptk.installed = 1;
if (sm->wpa_ptk_rekey) {
@@ -1277,7 +1299,7 @@
struct wpa_eapol_key *reply;
u8 *rbuf, *key_mic;
- mic_len = wpa_mic_len(sm->key_mgmt);
+ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
hdrlen, &rlen, (void *) &reply);
@@ -1427,7 +1449,7 @@
sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
sm->ptk.kck, sm->ptk.kck_len,
sm->bssid, sm->own_addr,
- sm->network_ctx, sm->key_mgmt);
+ sm->network_ctx, sm->key_mgmt, NULL);
if (!sm->cur_pmksa)
sm->cur_pmksa = sa;
}
@@ -1586,7 +1608,7 @@
struct wpa_eapol_key *reply;
u8 *rbuf, *key_mic;
- mic_len = wpa_mic_len(sm->key_mgmt);
+ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
hdrlen, &rlen, (void *) &reply);
@@ -1600,6 +1622,8 @@
key_info |= ver | WPA_KEY_INFO_SECURE;
if (mic_len)
key_info |= WPA_KEY_INFO_MIC;
+ else
+ key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
WPA_PUT_BE16(reply->key_info, key_info);
if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
WPA_PUT_BE16(reply->key_length, 0);
@@ -1628,7 +1652,7 @@
struct wpa_gtk_data gd;
const u8 *key_rsc;
- if (!sm->msg_3_of_4_ok) {
+ if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Group Key Handshake started prior to completion of 4-way handshake");
goto failed;
@@ -1695,14 +1719,15 @@
{
u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
int ok = 0;
- size_t mic_len = wpa_mic_len(sm->key_mgmt);
+ size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
os_memcpy(mic, key + 1, mic_len);
if (sm->tptk_set) {
os_memset(key + 1, 0, mic_len);
- wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
- ver, buf, len, (u8 *) (key + 1));
- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
+ if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
+ sm->key_mgmt,
+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Invalid EAPOL-Key MIC "
"when using TPTK - ignoring TPTK");
@@ -1712,14 +1737,23 @@
sm->ptk_set = 1;
os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ /*
+ * This assures the same TPTK in sm->tptk can never be
+ * copied twice to sm->pkt as the new PTK. In
+ * combination with the installed flag in the wpa_ptk
+ * struct, this assures the same PTK is only installed
+ * once.
+ */
+ sm->renew_snonce = 1;
}
}
if (!ok && sm->ptk_set) {
os_memset(key + 1, 0, mic_len);
- wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
- ver, buf, len, (u8 *) (key + 1));
- if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
+ if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
+ sm->key_mgmt,
+ ver, buf, len, (u8 *) (key + 1)) < 0 ||
+ os_memcmp_const(mic, key + 1, mic_len) != 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Invalid EAPOL-Key MIC - "
"dropping packet");
@@ -1766,6 +1800,8 @@
return -1;
#else /* CONFIG_NO_RC4 */
u8 ek[32];
+
+ wpa_printf(MSG_DEBUG, "WPA: Decrypt Key Data using RC4");
os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
@@ -1778,9 +1814,15 @@
#endif /* CONFIG_NO_RC4 */
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
+ sm->key_mgmt == WPA_KEY_MGMT_OWE ||
+ sm->key_mgmt == WPA_KEY_MGMT_DPP ||
sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
wpa_key_mgmt_suite_b(sm->key_mgmt)) {
u8 *buf;
+
+ wpa_printf(MSG_DEBUG,
+ "WPA: Decrypt Key Data using AES-UNWRAP (KEK length %u)",
+ (unsigned int) sm->ptk.kek_len);
if (*key_data_len < 8 || *key_data_len % 8) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Unsupported AES-WRAP len %u",
@@ -1962,7 +2004,6 @@
u16 key_info, ver;
u8 *tmp = NULL;
int ret = -1;
- struct wpa_peerkey *peerkey = NULL;
u8 *mic, *key_data;
size_t mic_len, keyhdrlen;
@@ -1970,7 +2011,7 @@
sm->ft_completed = 0;
#endif /* CONFIG_IEEE80211R */
- mic_len = wpa_mic_len(sm->key_mgmt);
+ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
keyhdrlen = sizeof(*key) + mic_len + 2;
if (len < sizeof(*hdr) + keyhdrlen) {
@@ -2018,10 +2059,9 @@
* Make a copy of the frame since we need to modify the buffer during
* MAC validation and Key Data decryption.
*/
- tmp = os_malloc(data_len);
+ tmp = os_memdup(buf, data_len);
if (tmp == NULL)
goto out;
- os_memcpy(tmp, buf, data_len);
key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
mic = (u8 *) (key + 1);
key_data = mic + mic_len + 2;
@@ -2056,6 +2096,8 @@
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
!wpa_key_mgmt_suite_b(sm->key_mgmt) &&
!wpa_key_mgmt_fils(sm->key_mgmt) &&
+ sm->key_mgmt != WPA_KEY_MGMT_OWE &&
+ sm->key_mgmt != WPA_KEY_MGMT_DPP &&
sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Unsupported EAPOL-Key descriptor version %d",
@@ -2072,7 +2114,9 @@
}
if ((wpa_key_mgmt_suite_b(sm->key_mgmt) ||
- wpa_key_mgmt_fils(sm->key_mgmt)) &&
+ wpa_key_mgmt_fils(sm->key_mgmt) ||
+ sm->key_mgmt == WPA_KEY_MGMT_DPP ||
+ sm->key_mgmt == WPA_KEY_MGMT_OWE) &&
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
@@ -2106,6 +2150,8 @@
if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
!wpa_key_mgmt_suite_b(sm->key_mgmt) &&
!wpa_key_mgmt_fils(sm->key_mgmt) &&
+ sm->key_mgmt != WPA_KEY_MGMT_OWE &&
+ sm->key_mgmt != WPA_KEY_MGMT_DPP &&
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: CCMP is used, but EAPOL-Key "
@@ -2133,44 +2179,7 @@
goto out;
}
-#ifdef CONFIG_PEERKEY
- for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
- if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
- break;
- }
-
- if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
- if (!peerkey->initiator && peerkey->replay_counter_set &&
- os_memcmp(key->replay_counter, peerkey->replay_counter,
- WPA_REPLAY_COUNTER_LEN) <= 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "RSN: EAPOL-Key Replay Counter did not "
- "increase (STK) - dropping packet");
- goto out;
- } else if (peerkey->initiator) {
- u8 _tmp[WPA_REPLAY_COUNTER_LEN];
- os_memcpy(_tmp, key->replay_counter,
- WPA_REPLAY_COUNTER_LEN);
- inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
- if (os_memcmp(_tmp, peerkey->replay_counter,
- WPA_REPLAY_COUNTER_LEN) != 0) {
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- "RSN: EAPOL-Key Replay "
- "Counter did not match (STK) - "
- "dropping packet");
- goto out;
- }
- }
- }
-
- if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
- wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
- "RSN: Ack bit in key_info from STK peer");
- goto out;
- }
-#endif /* CONFIG_PEERKEY */
-
- if (!peerkey && sm->rx_replay_counter_set &&
+ if (sm->rx_replay_counter_set &&
os_memcmp(key->replay_counter, sm->rx_replay_counter,
WPA_REPLAY_COUNTER_LEN) <= 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
@@ -2179,11 +2188,13 @@
goto out;
}
- if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
-#ifdef CONFIG_PEERKEY
- && (peerkey == NULL || !peerkey->initiator)
-#endif /* CONFIG_PEERKEY */
- ) {
+ if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+ "WPA: Unsupported SMK bit in key_info");
+ goto out;
+ }
+
+ if (!(key_info & WPA_KEY_INFO_ACK)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: No Ack bit in key_info");
goto out;
@@ -2195,17 +2206,10 @@
goto out;
}
- if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
+ if ((key_info & WPA_KEY_INFO_MIC) &&
wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
goto out;
-#ifdef CONFIG_PEERKEY
- if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
- peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp,
- data_len))
- goto out;
-#endif /* CONFIG_PEERKEY */
-
#ifdef CONFIG_FILS
if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
@@ -2228,12 +2232,8 @@
"non-zero key index");
goto out;
}
- if (peerkey) {
- /* PeerKey 4-Way Handshake */
- peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
- key_data, key_data_len);
- } else if (key_info & (WPA_KEY_INFO_MIC |
- WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ if (key_info & (WPA_KEY_INFO_MIC |
+ WPA_KEY_INFO_ENCR_KEY_DATA)) {
/* 3/4 4-Way Handshake */
wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
key_data_len);
@@ -2243,10 +2243,6 @@
ver, key_data,
key_data_len);
}
- } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
- /* PeerKey SMK Handshake */
- peerkey_rx_eapol_smk(sm, src_addr, key, key_data, key_data_len,
- key_info, ver);
} else {
if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
(!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
@@ -2488,13 +2484,21 @@
os_free(sm->ap_rsn_ie);
wpa_sm_drop_sa(sm);
os_free(sm->ctx);
- peerkey_deinit(sm);
#ifdef CONFIG_IEEE80211R
os_free(sm->assoc_resp_ies);
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_TESTING_OPTIONS
wpabuf_free(sm->test_assoc_ie);
#endif /* CONFIG_TESTING_OPTIONS */
+#ifdef CONFIG_FILS_SK_PFS
+ crypto_ecdh_deinit(sm->fils_ecdh);
+#endif /* CONFIG_FILS_SK_PFS */
+#ifdef CONFIG_FILS
+ wpabuf_free(sm->fils_ft_ies);
+#endif /* CONFIG_FILS */
+#ifdef CONFIG_OWE
+ crypto_ecdh_deinit(sm->owe_ecdh);
+#endif /* CONFIG_OWE */
os_free(sm);
}
@@ -2588,7 +2592,6 @@
{
eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
- peerkey_deinit(sm);
rsn_preauth_deinit(sm);
pmksa_cache_clear_current(sm);
if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
@@ -2607,6 +2610,7 @@
wpa_sm_drop_sa(sm);
sm->msg_3_of_4_ok = 0;
+ os_memset(sm->bssid, 0, ETH_ALEN);
}
@@ -2626,6 +2630,8 @@
if (sm == NULL)
return;
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Set PMK based on external data",
+ pmk, pmk_len);
sm->pmk_len = pmk_len;
os_memcpy(sm->pmk, pmk, pmk_len);
@@ -2638,7 +2644,7 @@
if (bssid) {
pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
bssid, sm->own_addr,
- sm->network_ctx, sm->key_mgmt);
+ sm->network_ctx, sm->key_mgmt, NULL);
}
}
@@ -2656,11 +2662,15 @@
return;
if (sm->cur_pmksa) {
+ wpa_hexdump_key(MSG_DEBUG,
+ "WPA: Set PMK based on current PMKSA",
+ sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len);
sm->pmk_len = sm->cur_pmksa->pmk_len;
os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
} else {
- sm->pmk_len = PMK_LEN;
- os_memset(sm->pmk, 0, PMK_LEN);
+ wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
+ sm->pmk_len = 0;
+ os_memset(sm->pmk, 0, PMK_LEN_MAX);
}
}
@@ -2708,7 +2718,6 @@
if (config) {
sm->network_ctx = config->network_ctx;
- sm->peerkey_enabled = config->peerkey_enabled;
sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
sm->proactive_key_caching = config->proactive_key_caching;
sm->eap_workaround = config->eap_workaround;
@@ -2721,9 +2730,17 @@
sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
sm->p2p = config->p2p;
sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
+#ifdef CONFIG_FILS
+ if (config->fils_cache_id) {
+ sm->fils_cache_id_set = 1;
+ os_memcpy(sm->fils_cache_id, config->fils_cache_id,
+ FILS_CACHE_ID_LEN);
+ } else {
+ sm->fils_cache_id_set = 0;
+ }
+#endif /* CONFIG_FILS */
} else {
sm->network_ctx = NULL;
- sm->peerkey_enabled = 0;
sm->allowed_pairwise_cipher = 0;
sm->proactive_key_caching = 0;
sm->eap_workaround = 0;
@@ -2876,9 +2893,12 @@
>= 0 &&
rsn.capabilities & (WPA_CAPABILITY_MFPR |
WPA_CAPABILITY_MFPC)) {
- ret = os_snprintf(pos, end - pos, "pmf=%d\n",
+ ret = os_snprintf(pos, end - pos, "pmf=%d\n"
+ "mgmt_group_cipher=%s\n",
(rsn.capabilities &
- WPA_CAPABILITY_MFPR) ? 2 : 1);
+ WPA_CAPABILITY_MFPR) ? 2 : 1,
+ wpa_cipher_txt(
+ sm->mgmt_group_cipher));
if (os_snprintf_error(end - pos, ret))
return pos - buf;
pos += ret;
@@ -2944,11 +2964,10 @@
* the correct version of the IE even if PMKSA caching is
* aborted (which would remove PMKID from IE generation).
*/
- sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
+ sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len);
if (sm->assoc_wpa_ie == NULL)
return -1;
- os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
sm->assoc_wpa_ie_len = *wpa_ie_len;
} else {
wpa_hexdump(MSG_DEBUG,
@@ -2984,11 +3003,10 @@
sm->assoc_wpa_ie_len = 0;
} else {
wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
- sm->assoc_wpa_ie = os_malloc(len);
+ sm->assoc_wpa_ie = os_memdup(ie, len);
if (sm->assoc_wpa_ie == NULL)
return -1;
- os_memcpy(sm->assoc_wpa_ie, ie, len);
sm->assoc_wpa_ie_len = len;
}
@@ -3019,11 +3037,10 @@
sm->ap_wpa_ie_len = 0;
} else {
wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
- sm->ap_wpa_ie = os_malloc(len);
+ sm->ap_wpa_ie = os_memdup(ie, len);
if (sm->ap_wpa_ie == NULL)
return -1;
- os_memcpy(sm->ap_wpa_ie, ie, len);
sm->ap_wpa_ie_len = len;
}
@@ -3054,11 +3071,10 @@
sm->ap_rsn_ie_len = 0;
} else {
wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
- sm->ap_rsn_ie = os_malloc(len);
+ sm->ap_rsn_ie = os_memdup(ie, len);
if (sm->ap_rsn_ie == NULL)
return -1;
- os_memcpy(sm->ap_rsn_ie, ie, len);
sm->ap_rsn_ie_len = len;
}
@@ -3111,6 +3127,23 @@
}
+void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
+ const u8 *pmkid, const u8 *bssid,
+ const u8 *fils_cache_id)
+{
+ sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
+ bssid, sm->own_addr, sm->network_ctx,
+ sm->key_mgmt, fils_cache_id);
+}
+
+
+int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid,
+ const void *network_ctx)
+{
+ return pmksa_cache_get(sm->pmksa, bssid, NULL, network_ctx) != NULL;
+}
+
+
void wpa_sm_drop_sa(struct wpa_sm *sm)
{
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
@@ -3213,27 +3246,6 @@
#endif /* CONFIG_WNM */
-#ifdef CONFIG_PEERKEY
-int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
-{
- struct wpa_peerkey *peerkey;
-
- for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
- if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
- break;
- }
-
- if (!peerkey)
- return 0;
-
- wpa_sm_rx_eapol(sm, src_addr, buf, len);
-
- return 1;
-}
-#endif /* CONFIG_PEERKEY */
-
-
#ifdef CONFIG_P2P
int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
@@ -3278,20 +3290,29 @@
#ifdef CONFIG_TESTING_OPTIONS
+
void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
{
wpabuf_free(sm->test_assoc_ie);
sm->test_assoc_ie = buf;
}
+
+
+const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
+{
+ return sm->anonce;
+}
+
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_FILS
-struct wpabuf * fils_build_auth(struct wpa_sm *sm)
+struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
{
struct wpabuf *buf = NULL;
struct wpabuf *erp_msg;
+ struct wpabuf *pub = NULL;
erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol);
if (!erp_msg && !sm->cur_pmksa) {
@@ -3319,7 +3340,28 @@
wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Session",
sm->fils_session, FILS_SESSION_LEN);
- buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len);
+#ifdef CONFIG_FILS_SK_PFS
+ sm->fils_dh_group = dh_group;
+ if (dh_group) {
+ crypto_ecdh_deinit(sm->fils_ecdh);
+ sm->fils_ecdh = crypto_ecdh_init(dh_group);
+ if (!sm->fils_ecdh) {
+ wpa_printf(MSG_INFO,
+ "FILS: Could not initialize ECDH with group %d",
+ dh_group);
+ goto fail;
+ }
+ pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
+ if (!pub)
+ goto fail;
+ wpa_hexdump_buf(MSG_DEBUG, "FILS: Element (DH public key)",
+ pub);
+ sm->fils_dh_elem_len = wpabuf_len(pub);
+ }
+#endif /* CONFIG_FILS_SK_PFS */
+
+ buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len +
+ (pub ? wpabuf_len(pub) : 0));
if (!buf)
goto fail;
@@ -3331,16 +3373,31 @@
/* Status Code */
wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
- /* TODO: Finite Cyclic Group when using PK or PFS */
- /* TODO: Element when using PK or PFS */
+ /* TODO: FILS PK */
+#ifdef CONFIG_FILS_SK_PFS
+ if (dh_group) {
+ /* Finite Cyclic Group */
+ wpabuf_put_le16(buf, dh_group);
+ /* Element */
+ wpabuf_put_buf(buf, pub);
+ }
+#endif /* CONFIG_FILS_SK_PFS */
/* RSNE */
wpa_hexdump(MSG_DEBUG, "FILS: RSNE in FILS Authentication frame",
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
- /* TODO: MDE when using FILS for FT initial association */
- /* TODO: FTE when using FILS for FT initial association */
+ if (md) {
+ /* MDE when using FILS for FT initial association */
+ struct rsn_mdie *mdie;
+
+ wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
+ wpabuf_put_u8(buf, sizeof(*mdie));
+ mdie = wpabuf_put(buf, sizeof(*mdie));
+ os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
+ mdie->ft_capab = 0;
+ }
/* FILS Nonce */
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
@@ -3377,11 +3434,13 @@
fail:
wpabuf_free(erp_msg);
+ wpabuf_free(pub);
return buf;
}
-int fils_process_auth(struct wpa_sm *sm, const u8 *data, size_t len)
+int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
+ size_t len)
{
const u8 *pos, *end;
struct ieee802_11_elems elems;
@@ -3390,19 +3449,69 @@
u8 ick[FILS_ICK_MAX_LEN];
size_t ick_len;
int res;
+ struct wpabuf *dh_ss = NULL;
+ const u8 *g_sta = NULL;
+ size_t g_sta_len = 0;
+ const u8 *g_ap = NULL;
+ size_t g_ap_len = 0;
+ struct wpabuf *pub = NULL;
+
+ os_memcpy(sm->bssid, bssid, ETH_ALEN);
wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
data, len);
pos = data;
end = data + len;
- /* TODO: Finite Cyclic Group when using PK or PFS */
- /* TODO: Element when using PK or PFS */
+ /* TODO: FILS PK */
+#ifdef CONFIG_FILS_SK_PFS
+ if (sm->fils_dh_group) {
+ u16 group;
+
+ /* Using FILS PFS */
+
+ /* Finite Cyclic Group */
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG,
+ "FILS: No room for Finite Cyclic Group");
+ goto fail;
+ }
+ group = WPA_GET_LE16(pos);
+ pos += 2;
+ if (group != sm->fils_dh_group) {
+ wpa_printf(MSG_DEBUG,
+ "FILS: Unexpected change in Finite Cyclic Group: %u (expected %u)",
+ group, sm->fils_dh_group);
+ goto fail;
+ }
+
+ /* Element */
+ if ((size_t) (end - pos) < sm->fils_dh_elem_len) {
+ wpa_printf(MSG_DEBUG, "FILS: No room for Element");
+ goto fail;
+ }
+
+ if (!sm->fils_ecdh) {
+ wpa_printf(MSG_DEBUG, "FILS: No ECDH state available");
+ goto fail;
+ }
+ dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos,
+ sm->fils_dh_elem_len);
+ if (!dh_ss) {
+ wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
+ goto fail;
+ }
+ wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", dh_ss);
+ g_ap = pos;
+ g_ap_len = sm->fils_dh_elem_len;
+ pos += sm->fils_dh_elem_len;
+ }
+#endif /* CONFIG_FILS_SK_PFS */
wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
- return -1;
+ goto fail;
}
/* RSNE */
@@ -3412,18 +3521,63 @@
wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
&rsn) < 0) {
wpa_printf(MSG_DEBUG, "FILS: No RSN element");
- return -1;
+ goto fail;
}
if (!elems.fils_nonce) {
wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
- return -1;
+ goto fail;
}
os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN);
- /* TODO: MDE when using FILS+FT */
- /* TODO: FTE when using FILS+FT */
+ if (wpa_key_mgmt_ft(sm->key_mgmt)) {
+ struct wpa_ft_ies parse;
+
+ if (!elems.mdie || !elems.ftie) {
+ wpa_printf(MSG_DEBUG, "FILS+FT: No MDE or FTE");
+ goto fail;
+ }
+
+ if (wpa_ft_parse_ies(pos, end - pos, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FILS+FT: Failed to parse IEs");
+ goto fail;
+ }
+
+ if (!parse.r0kh_id) {
+ wpa_printf(MSG_DEBUG,
+ "FILS+FT: No R0KH-ID subelem in FTE");
+ goto fail;
+ }
+ os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
+ sm->r0kh_id_len = parse.r0kh_id_len;
+ wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
+ sm->r0kh_id, sm->r0kh_id_len);
+
+ if (!parse.r1kh_id) {
+ wpa_printf(MSG_DEBUG,
+ "FILS+FT: No R1KH-ID subelem in FTE");
+ goto fail;
+ }
+ os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
+ wpa_hexdump(MSG_DEBUG, "FILS+FT: R1KH-ID",
+ sm->r1kh_id, FT_R1KH_ID_LEN);
+
+ /* TODO: Check MDE and FTE payload */
+
+ wpabuf_free(sm->fils_ft_ies);
+ sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len +
+ 2 + elems.ftie_len);
+ if (!sm->fils_ft_ies)
+ goto fail;
+ wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2,
+ 2 + elems.mdie_len);
+ wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2,
+ 2 + elems.ftie_len);
+ } else {
+ wpabuf_free(sm->fils_ft_ies);
+ sm->fils_ft_ies = NULL;
+ }
/* PMKID List */
if (rsn.pmkid && rsn.num_pmkid > 0) {
@@ -3432,7 +3586,7 @@
if (rsn.num_pmkid != 1) {
wpa_printf(MSG_DEBUG, "FILS: Invalid PMKID selection");
- return -1;
+ goto fail;
}
wpa_hexdump(MSG_DEBUG, "FILS: PMKID", rsn.pmkid, PMKID_LEN);
if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0)
@@ -3440,7 +3594,7 @@
wpa_printf(MSG_DEBUG, "FILS: PMKID mismatch");
wpa_hexdump(MSG_DEBUG, "FILS: Expected PMKID",
sm->cur_pmksa->pmkid, PMKID_LEN);
- return -1;
+ goto fail;
}
wpa_printf(MSG_DEBUG,
"FILS: Matching PMKID - continue using PMKSA caching");
@@ -3455,7 +3609,7 @@
/* FILS Session */
if (!elems.fils_session) {
wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
- return -1;
+ goto fail;
}
wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
FILS_SESSION_LEN);
@@ -3464,7 +3618,7 @@
wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
sm->fils_session, FILS_SESSION_LEN);
- return -1;
+ goto fail;
}
/* FILS Wrapped Data */
@@ -3478,7 +3632,7 @@
eapol_sm_process_erp_finish(sm->eapol, elems.fils_wrapped_data,
elems.fils_wrapped_data_len);
if (eapol_sm_failed(sm->eapol))
- return -1;
+ goto fail;
rmsk_len = ERP_MAX_KEY_LEN;
res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
@@ -3487,18 +3641,26 @@
res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
}
if (res)
- return -1;
+ goto fail;
res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len,
- sm->fils_nonce, sm->fils_anonce, NULL, 0,
+ sm->fils_nonce, sm->fils_anonce,
+ dh_ss ? wpabuf_head(dh_ss) : NULL,
+ dh_ss ? wpabuf_len(dh_ss) : 0,
sm->pmk, &sm->pmk_len);
os_memset(rmsk, 0, sizeof(rmsk));
+
+ /* Don't use DHss in PTK derivation if PMKSA caching is not
+ * used. */
+ wpabuf_clear_free(dh_ss);
+ dh_ss = NULL;
+
if (res)
- return -1;
+ goto fail;
if (!sm->fils_erp_pmkid_set) {
wpa_printf(MSG_DEBUG, "FILS: PMKID not available");
- return -1;
+ goto fail;
}
wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid,
PMKID_LEN);
@@ -3506,37 +3668,174 @@
sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
sm->fils_erp_pmkid, NULL, 0,
sm->bssid, sm->own_addr,
- sm->network_ctx, sm->key_mgmt);
+ sm->network_ctx, sm->key_mgmt,
+ NULL);
}
if (!sm->cur_pmksa) {
wpa_printf(MSG_DEBUG,
"FILS: No remaining options to continue FILS authentication");
- return -1;
+ goto fail;
}
if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid,
- sm->fils_nonce, sm->fils_anonce, &sm->ptk,
- ick, &ick_len, sm->key_mgmt, sm->pairwise_cipher) <
- 0) {
+ sm->fils_nonce, sm->fils_anonce,
+ dh_ss ? wpabuf_head(dh_ss) : NULL,
+ dh_ss ? wpabuf_len(dh_ss) : 0,
+ &sm->ptk, ick, &ick_len,
+ sm->key_mgmt, sm->pairwise_cipher,
+ sm->fils_ft, &sm->fils_ft_len) < 0) {
wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK");
- return -1;
+ goto fail;
}
+
+ wpabuf_clear_free(dh_ss);
+ dh_ss = NULL;
+
sm->ptk_set = 1;
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+#ifdef CONFIG_FILS_SK_PFS
+ if (sm->fils_dh_group) {
+ if (!sm->fils_ecdh) {
+ wpa_printf(MSG_INFO, "FILS: ECDH not initialized");
+ goto fail;
+ }
+ pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
+ if (!pub)
+ goto fail;
+ wpa_hexdump_buf(MSG_DEBUG, "FILS: gSTA", pub);
+ g_sta = wpabuf_head(pub);
+ g_sta_len = wpabuf_len(pub);
+ if (!g_ap) {
+ wpa_printf(MSG_INFO, "FILS: gAP not available");
+ goto fail;
+ }
+ wpa_hexdump(MSG_DEBUG, "FILS: gAP", g_ap, g_ap_len);
+ }
+#endif /* CONFIG_FILS_SK_PFS */
+
res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce,
sm->fils_anonce, sm->own_addr, sm->bssid,
- NULL, 0, NULL, 0, /* TODO: SK+PFS */
+ g_sta, g_sta_len, g_ap, g_ap_len,
sm->key_mgmt, sm->fils_key_auth_sta,
sm->fils_key_auth_ap,
&sm->fils_key_auth_len);
+ wpabuf_free(pub);
os_memset(ick, 0, sizeof(ick));
return res;
+fail:
+ wpabuf_free(pub);
+ wpabuf_clear_free(dh_ss);
+ return -1;
}
+#ifdef CONFIG_IEEE80211R
+static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
+{
+ struct rsn_ie_hdr *rsnie;
+ u16 capab;
+ u8 *pos;
+
+ /* RSNIE[PMKR0Name/PMKR1Name] */
+ rsnie = wpabuf_put(buf, sizeof(*rsnie));
+ rsnie->elem_id = WLAN_EID_RSN;
+ WPA_PUT_LE16(rsnie->version, RSN_VERSION);
+
+ /* Group Suite Selector */
+ if (!wpa_cipher_valid_group(sm->group_cipher)) {
+ wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
+ sm->group_cipher);
+ return -1;
+ }
+ pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
+ RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
+ sm->group_cipher));
+
+ /* Pairwise Suite Count */
+ wpabuf_put_le16(buf, 1);
+
+ /* Pairwise Suite List */
+ if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
+ wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
+ sm->pairwise_cipher);
+ return -1;
+ }
+ pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
+ RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
+ sm->pairwise_cipher));
+
+ /* Authenticated Key Management Suite Count */
+ wpabuf_put_le16(buf, 1);
+
+ /* Authenticated Key Management Suite List */
+ pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
+ if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
+ else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
+ else {
+ wpa_printf(MSG_WARNING,
+ "FILS+FT: Invalid key management type (%d)",
+ sm->key_mgmt);
+ return -1;
+ }
+
+ /* RSN Capabilities */
+ capab = 0;
+#ifdef CONFIG_IEEE80211W
+ if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
+ capab |= WPA_CAPABILITY_MFPC;
+#endif /* CONFIG_IEEE80211W */
+ wpabuf_put_le16(buf, capab);
+
+ /* PMKID Count */
+ wpabuf_put_le16(buf, 1);
+
+ /* PMKID List [PMKR1Name] */
+ wpa_hexdump_key(MSG_DEBUG, "FILS+FT: XXKey (FILS-FT)",
+ sm->fils_ft, sm->fils_ft_len);
+ wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len);
+ wpa_hexdump(MSG_DEBUG, "FILS+FT: MDID",
+ sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
+ wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
+ sm->r0kh_id, sm->r0kh_id_len);
+ if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid,
+ sm->ssid_len, sm->mobility_domain,
+ sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
+ sm->pmk_r0, sm->pmk_r0_name) < 0) {
+ wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMK-R0");
+ return -1;
+ }
+ wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0", sm->pmk_r0, PMK_LEN);
+ wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name",
+ sm->pmk_r0_name, WPA_PMK_NAME_LEN);
+ wpa_printf(MSG_DEBUG, "FILS+FT: R1KH-ID: " MACSTR,
+ MAC2STR(sm->r1kh_id));
+ pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
+ if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
+ pos) < 0) {
+ wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", pos, WPA_PMK_NAME_LEN);
+
+#ifdef CONFIG_IEEE80211W
+ if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
+ /* Management Group Cipher Suite */
+ pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
+ RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
+ }
+#endif /* CONFIG_IEEE80211W */
+
+ rsnie->len = ((u8 *) wpabuf_put(buf, 0) - (u8 *) rsnie) - 2;
+ return 0;
+}
+#endif /* CONFIG_IEEE80211R */
+
+
struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
size_t *kek_len, const u8 **snonce,
const u8 **anonce,
@@ -3548,12 +3847,30 @@
unsigned int i;
len = 1000;
+#ifdef CONFIG_IEEE80211R
+ if (sm->fils_ft_ies)
+ len += wpabuf_len(sm->fils_ft_ies);
+ if (wpa_key_mgmt_ft(sm->key_mgmt))
+ len += 256;
+#endif /* CONFIG_IEEE80211R */
for (i = 0; hlp && i < num_hlp; i++)
len += 10 + wpabuf_len(hlp[i]);
buf = wpabuf_alloc(len);
if (!buf)
return NULL;
+#ifdef CONFIG_IEEE80211R
+ if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
+ /* MDE and FTE when using FILS+FT */
+ wpabuf_put_buf(buf, sm->fils_ft_ies);
+ /* RSNE with PMKR1Name in PMKID field */
+ if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) {
+ wpabuf_free(buf);
+ return NULL;
+ }
+ }
+#endif /* CONFIG_IEEE80211R */
+
/* FILS Session */
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */
@@ -3706,6 +4023,12 @@
return -1;
}
+ if (sm->fils_completed) {
+ wpa_printf(MSG_DEBUG,
+ "FILS: Association has already been completed for this FILS authentication - ignore unexpected retransmission");
+ return -1;
+ }
+
wpa_hexdump(MSG_DEBUG, "FILS: (Re)Association Response frame",
resp, len);
@@ -3797,7 +4120,7 @@
os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
- if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
+ if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
goto fail;
}
@@ -3809,6 +4132,11 @@
alg = wpa_cipher_to_alg(sm->pairwise_cipher);
keylen = wpa_cipher_key_len(sm->pairwise_cipher);
+ if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
+ wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
+ keylen, (long unsigned int) sm->ptk.tk_len);
+ goto fail;
+ }
rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
sm->ptk.tk, keylen);
@@ -3825,6 +4153,7 @@
* takes care of association frame encryption/decryption. */
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+ sm->ptk.tk_len = 0;
sm->ptk.installed = 1;
/* FILS HLP Container */
@@ -3840,6 +4169,13 @@
return -1;
}
+
+void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set)
+{
+ if (sm)
+ sm->fils_completed = !!set;
+}
+
#endif /* CONFIG_FILS */
@@ -3851,3 +4187,219 @@
return 0;
#endif /* CONFIG_FILS */
}
+
+
+#ifdef CONFIG_OWE
+
+struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group)
+{
+ struct wpabuf *ie = NULL, *pub = NULL;
+ size_t prime_len;
+
+ if (group == 19)
+ prime_len = 32;
+ else if (group == 20)
+ prime_len = 48;
+ else if (group == 21)
+ prime_len = 66;
+ else
+ return NULL;
+
+ crypto_ecdh_deinit(sm->owe_ecdh);
+ sm->owe_ecdh = crypto_ecdh_init(group);
+ if (!sm->owe_ecdh)
+ goto fail;
+ sm->owe_group = group;
+ pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
+ pub = wpabuf_zeropad(pub, prime_len);
+ if (!pub)
+ goto fail;
+
+ ie = wpabuf_alloc(5 + wpabuf_len(pub));
+ if (!ie)
+ goto fail;
+ wpabuf_put_u8(ie, WLAN_EID_EXTENSION);
+ wpabuf_put_u8(ie, 1 + 2 + wpabuf_len(pub));
+ wpabuf_put_u8(ie, WLAN_EID_EXT_OWE_DH_PARAM);
+ wpabuf_put_le16(ie, group);
+ wpabuf_put_buf(ie, pub);
+ wpabuf_free(pub);
+ wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element",
+ ie);
+
+ return ie;
+fail:
+ wpabuf_free(pub);
+ crypto_ecdh_deinit(sm->owe_ecdh);
+ sm->owe_ecdh = NULL;
+ return NULL;
+}
+
+
+int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
+ const u8 *resp_ies, size_t resp_ies_len)
+{
+ struct ieee802_11_elems elems;
+ u16 group;
+ struct wpabuf *secret, *pub, *hkey;
+ int res;
+ u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
+ const char *info = "OWE Key Generation";
+ const u8 *addr[2];
+ size_t len[2];
+ size_t hash_len, prime_len;
+ struct wpa_ie_data data;
+
+ if (!resp_ies ||
+ ieee802_11_parse_elems(resp_ies, resp_ies_len, &elems, 1) ==
+ ParseFailed) {
+ wpa_printf(MSG_INFO,
+ "OWE: Could not parse Association Response frame elements");
+ return -1;
+ }
+
+ if (sm->cur_pmksa && elems.rsn_ie &&
+ wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, 2 + elems.rsn_ie_len,
+ &data) == 0 &&
+ data.num_pmkid == 1 && data.pmkid &&
+ os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) {
+ wpa_printf(MSG_DEBUG, "OWE: Use PMKSA caching");
+ wpa_sm_set_pmk_from_pmksa(sm);
+ return 0;
+ }
+
+ if (!elems.owe_dh) {
+ wpa_printf(MSG_INFO,
+ "OWE: No Diffie-Hellman Parameter element found in Association Response frame");
+ return -1;
+ }
+
+ group = WPA_GET_LE16(elems.owe_dh);
+ if (group != sm->owe_group) {
+ wpa_printf(MSG_INFO,
+ "OWE: Unexpected Diffie-Hellman group in response: %u",
+ group);
+ return -1;
+ }
+
+ if (!sm->owe_ecdh) {
+ wpa_printf(MSG_INFO, "OWE: No ECDH state available");
+ return -1;
+ }
+
+ if (group == 19)
+ prime_len = 32;
+ else if (group == 20)
+ prime_len = 48;
+ else if (group == 21)
+ prime_len = 66;
+ else
+ return -1;
+
+ secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0,
+ elems.owe_dh + 2,
+ elems.owe_dh_len - 2);
+ secret = wpabuf_zeropad(secret, prime_len);
+ if (!secret) {
+ wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
+ return -1;
+ }
+ wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
+
+ /* prk = HKDF-extract(C | A | group, z) */
+
+ pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
+ if (!pub) {
+ wpabuf_clear_free(secret);
+ return -1;
+ }
+
+ /* PMKID = Truncate-128(Hash(C | A)) */
+ addr[0] = wpabuf_head(pub);
+ len[0] = wpabuf_len(pub);
+ addr[1] = elems.owe_dh + 2;
+ len[1] = elems.owe_dh_len - 2;
+ if (group == 19) {
+ res = sha256_vector(2, addr, len, pmkid);
+ hash_len = SHA256_MAC_LEN;
+ } else if (group == 20) {
+ res = sha384_vector(2, addr, len, pmkid);
+ hash_len = SHA384_MAC_LEN;
+ } else if (group == 21) {
+ res = sha512_vector(2, addr, len, pmkid);
+ hash_len = SHA512_MAC_LEN;
+ } else {
+ res = -1;
+ hash_len = 0;
+ }
+ pub = wpabuf_zeropad(pub, prime_len);
+ if (res < 0 || !pub) {
+ wpabuf_free(pub);
+ wpabuf_clear_free(secret);
+ return -1;
+ }
+
+ hkey = wpabuf_alloc(wpabuf_len(pub) + elems.owe_dh_len - 2 + 2);
+ if (!hkey) {
+ wpabuf_free(pub);
+ wpabuf_clear_free(secret);
+ return -1;
+ }
+
+ wpabuf_put_buf(hkey, pub); /* C */
+ wpabuf_free(pub);
+ wpabuf_put_data(hkey, elems.owe_dh + 2, elems.owe_dh_len - 2); /* A */
+ wpabuf_put_le16(hkey, sm->owe_group); /* group */
+ if (group == 19)
+ res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
+ wpabuf_head(secret), wpabuf_len(secret), prk);
+ else if (group == 20)
+ res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
+ wpabuf_head(secret), wpabuf_len(secret), prk);
+ else if (group == 21)
+ res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
+ wpabuf_head(secret), wpabuf_len(secret), prk);
+ wpabuf_clear_free(hkey);
+ wpabuf_clear_free(secret);
+ if (res < 0)
+ return -1;
+
+ wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
+
+ /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
+
+ if (group == 19)
+ res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
+ os_strlen(info), sm->pmk, hash_len);
+ else if (group == 20)
+ res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
+ os_strlen(info), sm->pmk, hash_len);
+ else if (group == 21)
+ res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
+ os_strlen(info), sm->pmk, hash_len);
+ os_memset(prk, 0, SHA512_MAC_LEN);
+ if (res < 0)
+ return -1;
+ sm->pmk_len = hash_len;
+
+ wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
+ wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
+ pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
+ bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
+ NULL);
+
+ return 0;
+}
+
+#endif /* CONFIG_OWE */
+
+
+void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id)
+{
+#ifdef CONFIG_FILS
+ if (sm && fils_cache_id) {
+ sm->fils_cache_id_set = 1;
+ os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN);
+ }
+#endif /* CONFIG_FILS */
+}
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index bde8c78..81c0171 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -39,9 +39,10 @@
u8 * (*alloc_eapol)(void *ctx, u8 type, const void *data, u16 data_len,
size_t *msg_len, void **data_pos);
int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
- const u8 *pmkid);
+ const u8 *pmkid, const u8 *fils_cache_id,
+ const u8 *pmk, size_t pmk_len);
int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
- const u8 *pmkid);
+ const u8 *pmkid, const u8 *fils_cache_id);
void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
const struct wpa_config_blob * (*get_config_blob)(void *ctx,
const char *name);
@@ -99,7 +100,6 @@
struct rsn_supp_config {
void *network_ctx;
- int peerkey_enabled;
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
int proactive_key_caching;
int eap_workaround;
@@ -109,6 +109,7 @@
int wpa_ptk_rekey;
int p2p;
int wpa_rsc_relaxation;
+ const u8 *fils_cache_id;
};
#ifndef CONFIG_NO_WPA
@@ -155,6 +156,11 @@
struct rsn_pmksa_cache_entry *
wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
struct rsn_pmksa_cache_entry * entry);
+void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
+ const u8 *pmkid, const u8 *bssid,
+ const u8 *fils_cache_id);
+int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid,
+ const void *network_ctx);
void wpa_sm_drop_sa(struct wpa_sm *sm);
int wpa_sm_has_ptk(struct wpa_sm *sm);
@@ -168,6 +174,7 @@
void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
const u8 *ptk_kck, size_t ptk_kck_len,
const u8 *ptk_kek, size_t ptk_kek_len);
+int wpa_fils_is_completed(struct wpa_sm *sm);
#else /* CONFIG_NO_WPA */
@@ -335,24 +342,12 @@
{
}
-#endif /* CONFIG_NO_WPA */
-
-#ifdef CONFIG_PEERKEY
-int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer);
-int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len);
-#else /* CONFIG_PEERKEY */
-static inline int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
-{
- return -1;
-}
-
-static inline int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
- const u8 *buf, size_t len)
+static inline int wpa_fils_is_completed(struct wpa_sm *sm)
{
return 0;
}
-#endif /* CONFIG_PEERKEY */
+
+#endif /* CONFIG_NO_WPA */
#ifdef CONFIG_IEEE80211R
@@ -433,15 +428,23 @@
int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf);
void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf);
+const u8 * wpa_sm_get_anonce(struct wpa_sm *sm);
-struct wpabuf * fils_build_auth(struct wpa_sm *sm);
-int fils_process_auth(struct wpa_sm *sm, const u8 *data, size_t len);
+struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md);
+int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
+ size_t len);
struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
size_t *kek_len, const u8 **snonce,
const u8 **anonce,
const struct wpabuf **hlp,
unsigned int num_hlp);
int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len);
-int wpa_fils_is_completed(struct wpa_sm *sm);
+
+struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group);
+int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
+ const u8 *resp_ies, size_t resp_ies_len);
+
+void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set);
+void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id);
#endif /* WPA_H */
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index d45bb45..1ff7afe 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -205,6 +205,12 @@
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+#ifdef CONFIG_FILS
+ else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
+ else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
+#endif /* CONFIG_FILS */
else {
wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
sm->key_mgmt);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index b061638..e8da194 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -1,6 +1,6 @@
/*
* Internal WPA/RSN supplicant state machine definitions
- * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -11,7 +11,6 @@
#include "utils/list.h"
-struct wpa_peerkey;
struct wpa_tdls_peer;
struct wpa_eapol_key;
@@ -57,7 +56,6 @@
int fast_reauth; /* whether EAP fast re-authentication is enabled */
void *network_ctx;
- int peerkey_enabled;
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
int proactive_key_caching;
int eap_workaround;
@@ -94,9 +92,6 @@
u8 *ap_wpa_ie, *ap_rsn_ie;
size_t ap_wpa_ie_len, ap_rsn_ie_len;
-#ifdef CONFIG_PEERKEY
- struct wpa_peerkey *peerkey;
-#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_TDLS
struct wpa_tdls_peer *tdls;
int tdls_prohibited;
@@ -154,8 +149,21 @@
size_t fils_key_auth_len;
unsigned int fils_completed:1;
unsigned int fils_erp_pmkid_set:1;
+ unsigned int fils_cache_id_set:1;
u8 fils_erp_pmkid[PMKID_LEN];
+ u8 fils_cache_id[FILS_CACHE_ID_LEN];
+ struct crypto_ecdh *fils_ecdh;
+ int fils_dh_group;
+ size_t fils_dh_elem_len;
+ struct wpabuf *fils_ft_ies;
+ u8 fils_ft[FILS_FT_MAX_LEN];
+ size_t fils_ft_len;
#endif /* CONFIG_FILS */
+
+#ifdef CONFIG_OWE
+ struct crypto_ecdh *owe_ecdh;
+ u16 owe_group;
+#endif /* CONFIG_OWE */
};
@@ -228,17 +236,22 @@
}
static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
- const u8 *bssid, const u8 *pmkid)
+ const u8 *bssid, const u8 *pmkid,
+ const u8 *cache_id, const u8 *pmk,
+ size_t pmk_len)
{
WPA_ASSERT(sm->ctx->add_pmkid);
- return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid);
+ return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
+ cache_id, pmk, pmk_len);
}
static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,
- const u8 *bssid, const u8 *pmkid)
+ const u8 *bssid, const u8 *pmkid,
+ const u8 *cache_id)
{
WPA_ASSERT(sm->ctx->remove_pmkid);
- return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid);
+ return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
+ cache_id);
}
static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 3be3087..d649058 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -192,6 +192,14 @@
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
#endif /* CONFIG_IEEE80211R */
#endif /* CONFIG_FILS */
+#ifdef CONFIG_OWE
+ } else if (key_mgmt & WPA_KEY_MGMT_OWE) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
+#endif /* CONFIG_OWE */
+#ifdef CONFIG_DPP
+ } else if (key_mgmt & WPA_KEY_MGMT_DPP) {
+ RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
+#endif /* CONFIG_DPP */
} else {
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
key_mgmt);
@@ -417,44 +425,6 @@
return 0;
}
-#ifdef CONFIG_PEERKEY
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
- ie->smk = pos + 2 + RSN_SELECTOR_LEN;
- ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump_key(MSG_DEBUG, "WPA: SMK in EAPOL-Key",
- pos, pos[1] + 2);
- return 0;
- }
-
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
- ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
- ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: Nonce in EAPOL-Key",
- pos, pos[1] + 2);
- return 0;
- }
-
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
- ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
- ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: Lifetime in EAPOL-Key",
- pos, pos[1] + 2);
- return 0;
- }
-
- if (pos[1] > RSN_SELECTOR_LEN + 2 &&
- RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
- ie->error = pos + 2 + RSN_SELECTOR_LEN;
- ie->error_len = pos[1] - RSN_SELECTOR_LEN;
- wpa_hexdump(MSG_DEBUG, "WPA: Error in EAPOL-Key",
- pos, pos[1] + 2);
- return 0;
- }
-#endif /* CONFIG_PEERKEY */
-
#ifdef CONFIG_IEEE80211W
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
diff --git a/src/rsn_supp/wpa_ie.h b/src/rsn_supp/wpa_ie.h
index fe95af0..0e72af5 100644
--- a/src/rsn_supp/wpa_ie.h
+++ b/src/rsn_supp/wpa_ie.h
@@ -21,16 +21,6 @@
size_t gtk_len;
const u8 *mac_addr;
size_t mac_addr_len;
-#ifdef CONFIG_PEERKEY
- const u8 *smk;
- size_t smk_len;
- const u8 *nonce;
- size_t nonce_len;
- const u8 *lifetime;
- size_t lifetime_len;
- const u8 *error;
- size_t error_len;
-#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211W
const u8 *igtk;
size_t igtk_len;