Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 0cfd5f779f6cdd2f774a27bb1dec95d3940cd16a / . / src / rsn_supp / wpa.c
blob: 77d7991f162035c7207c43f4295f8e02ff211cfe [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/aes_wrap.h"
13#include "crypto/crypto.h"
14#include "crypto/random.h"
15#include "common/ieee802_11_defs.h"
16#include "eapol_supp/eapol_supp_sm.h"
17#include "wpa.h"
18#include "eloop.h"
19#include "preauth.h"
20#include "pmksa_cache.h"
21#include "wpa_i.h"
22#include "wpa_ie.h"
23#include "peerkey.h"
24
25
26/**
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @ver: Version field from Key Info
31 * @dest: Destination address for the frame
32 * @proto: Ethertype (usually ETH_P_EAPOL)
33 * @msg: EAPOL-Key message
34 * @msg_len: Length of message
35 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
36 */
37void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
38 int ver, const u8 *dest, u16 proto,
39 u8 *msg, size_t msg_len, u8 *key_mic)
40{
41 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
42 /*
43 * Association event was not yet received; try to fetch
44 * BSSID from the driver.
45 */
46 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
47 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
48 "WPA: Failed to read BSSID for "
49 "EAPOL-Key destination address");
50 } else {
51 dest = sm->bssid;
52 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
53 "WPA: Use BSSID (" MACSTR
54 ") as the destination for EAPOL-Key",
55 MAC2STR(dest));
56 }
57 }
58 if (key_mic &&
59 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) {
60 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
61 "WPA: Failed to generate EAPOL-Key "
62 "version %d MIC", ver);
63 goto out;
64 }
65 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16);
66 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16);
67 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
68 wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
69 eapol_sm_notify_tx_eapol_key(sm->eapol);
70out:
71 os_free(msg);
72}
73
74
75/**
76 * wpa_sm_key_request - Send EAPOL-Key Request
77 * @sm: Pointer to WPA state machine data from wpa_sm_init()
78 * @error: Indicate whether this is an Michael MIC error report
79 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
80 *
81 * Send an EAPOL-Key Request to the current authenticator. This function is
82 * used to request rekeying and it is usually called when a local Michael MIC
83 * failure is detected.
84 */
85void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
86{
87 size_t rlen;
88 struct wpa_eapol_key *reply;
89 int key_info, ver;
90 u8 bssid[ETH_ALEN], *rbuf;
91
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]92 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN)
93 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
94 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
95 wpa_key_mgmt_sha256(sm->key_mgmt))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]96 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]97 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]98 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
99 else
100 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
101
102 if (wpa_sm_get_bssid(sm, bssid) < 0) {
103 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
104 "Failed to read BSSID for EAPOL-Key request");
105 return;
106 }
107
108 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
109 sizeof(*reply), &rlen, (void *) &reply);
110 if (rbuf == NULL)
111 return;
112
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]113 reply->type = (sm->proto == WPA_PROTO_RSN ||
114 sm->proto == WPA_PROTO_OSEN) ?
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]115 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
116 key_info = WPA_KEY_INFO_REQUEST | ver;
117 if (sm->ptk_set)
118 key_info |= WPA_KEY_INFO_MIC;
119 if (error)
120 key_info |= WPA_KEY_INFO_ERROR;
121 if (pairwise)
122 key_info |= WPA_KEY_INFO_KEY_TYPE;
123 WPA_PUT_BE16(reply->key_info, key_info);
124 WPA_PUT_BE16(reply->key_length, 0);
125 os_memcpy(reply->replay_counter, sm->request_counter,
126 WPA_REPLAY_COUNTER_LEN);
127 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
128
129 WPA_PUT_BE16(reply->key_data_length, 0);
130
131 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
132 "WPA: Sending EAPOL-Key Request (error=%d "
133 "pairwise=%d ptk_set=%d len=%lu)",
134 error, pairwise, sm->ptk_set, (unsigned long) rlen);
135 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
136 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
137 reply->key_mic : NULL);
138}
139
140
141static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
142 const unsigned char *src_addr,
143 const u8 *pmkid)
144{
145 int abort_cached = 0;
146
147 if (pmkid && !sm->cur_pmksa) {
148 /* When using drivers that generate RSN IE, wpa_supplicant may
149 * not have enough time to get the association information
150 * event before receiving this 1/4 message, so try to find a
151 * matching PMKSA cache entry here. */
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]152 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
153 NULL);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]154 if (sm->cur_pmksa) {
155 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
156 "RSN: found matching PMKID from PMKSA cache");
157 } else {
158 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
159 "RSN: no matching PMKID found");
160 abort_cached = 1;
161 }
162 }
163
164 if (pmkid && sm->cur_pmksa &&
165 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
166 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
167 wpa_sm_set_pmk_from_pmksa(sm);
168 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
169 sm->pmk, sm->pmk_len);
170 eapol_sm_notify_cached(sm->eapol);
171#ifdef CONFIG_IEEE80211R
172 sm->xxkey_len = 0;
173#endif /* CONFIG_IEEE80211R */
174 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
175 int res, pmk_len;
176 pmk_len = PMK_LEN;
177 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
178 if (res) {
179 /*
180 * EAP-LEAP is an exception from other EAP methods: it
181 * uses only 16-byte PMK.
182 */
183 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
184 pmk_len = 16;
185 } else {
186#ifdef CONFIG_IEEE80211R
187 u8 buf[2 * PMK_LEN];
188 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
189 {
190 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
191 sm->xxkey_len = PMK_LEN;
192 os_memset(buf, 0, sizeof(buf));
193 }
194#endif /* CONFIG_IEEE80211R */
195 }
196 if (res == 0) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]197 struct rsn_pmksa_cache_entry *sa = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]198 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
199 "machines", sm->pmk, pmk_len);
200 sm->pmk_len = pmk_len;
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]201 if (sm->proto == WPA_PROTO_RSN &&
202 !wpa_key_mgmt_ft(sm->key_mgmt)) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]203 sa = pmksa_cache_add(sm->pmksa,
204 sm->pmk, pmk_len,
205 src_addr, sm->own_addr,
206 sm->network_ctx,
207 sm->key_mgmt);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]208 }
209 if (!sm->cur_pmksa && pmkid &&
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]210 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
211 {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]212 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
213 "RSN: the new PMK matches with the "
214 "PMKID");
215 abort_cached = 0;
216 }
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]217
218 if (!sm->cur_pmksa)
219 sm->cur_pmksa = sa;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]220 } else {
221 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
222 "WPA: Failed to get master session key from "
223 "EAPOL state machines - key handshake "
224 "aborted");
225 if (sm->cur_pmksa) {
226 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
227 "RSN: Cancelled PMKSA caching "
228 "attempt");
229 sm->cur_pmksa = NULL;
230 abort_cached = 1;
231 } else if (!abort_cached) {
232 return -1;
233 }
234 }
235 }
236
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]237 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]238 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
239 {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]240 /* Send EAPOL-Start to trigger full EAP authentication. */
241 u8 *buf;
242 size_t buflen;
243
244 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
245 "RSN: no PMKSA entry found - trigger "
246 "full EAP authentication");
247 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
248 NULL, 0, &buflen, NULL);
249 if (buf) {
250 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
251 buf, buflen);
252 os_free(buf);
253 return -2;
254 }
255
256 return -1;
257 }
258
259 return 0;
260}
261
262
263/**
264 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
265 * @sm: Pointer to WPA state machine data from wpa_sm_init()
266 * @dst: Destination address for the frame
267 * @key: Pointer to the EAPOL-Key frame header
268 * @ver: Version bits from EAPOL-Key Key Info
269 * @nonce: Nonce value for the EAPOL-Key frame
270 * @wpa_ie: WPA/RSN IE
271 * @wpa_ie_len: Length of the WPA/RSN IE
272 * @ptk: PTK to use for keyed hash and encryption
273 * Returns: 0 on success, -1 on failure
274 */
275int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
276 const struct wpa_eapol_key *key,
277 int ver, const u8 *nonce,
278 const u8 *wpa_ie, size_t wpa_ie_len,
279 struct wpa_ptk *ptk)
280{
281 size_t rlen;
282 struct wpa_eapol_key *reply;
283 u8 *rbuf;
284 u8 *rsn_ie_buf = NULL;
285
286 if (wpa_ie == NULL) {
287 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
288 "cannot generate msg 2/4");
289 return -1;
290 }
291
292#ifdef CONFIG_IEEE80211R
293 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
294 int res;
295
296 /*
297 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
298 * FTIE from (Re)Association Response.
299 */
300 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
301 sm->assoc_resp_ies_len);
302 if (rsn_ie_buf == NULL)
303 return -1;
304 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
305 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
306 sm->pmk_r1_name);
307 if (res < 0) {
308 os_free(rsn_ie_buf);
309 return -1;
310 }
311 wpa_ie_len += res;
312
313 if (sm->assoc_resp_ies) {
314 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
315 sm->assoc_resp_ies_len);
316 wpa_ie_len += sm->assoc_resp_ies_len;
317 }
318
319 wpa_ie = rsn_ie_buf;
320 }
321#endif /* CONFIG_IEEE80211R */
322
323 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
324
325 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
326 NULL, sizeof(*reply) + wpa_ie_len,
327 &rlen, (void *) &reply);
328 if (rbuf == NULL) {
329 os_free(rsn_ie_buf);
330 return -1;
331 }
332
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]333 reply->type = (sm->proto == WPA_PROTO_RSN ||
334 sm->proto == WPA_PROTO_OSEN) ?
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]335 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
336 WPA_PUT_BE16(reply->key_info,
337 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]338 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]339 WPA_PUT_BE16(reply->key_length, 0);
340 else
341 os_memcpy(reply->key_length, key->key_length, 2);
342 os_memcpy(reply->replay_counter, key->replay_counter,
343 WPA_REPLAY_COUNTER_LEN);
344 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
345 WPA_REPLAY_COUNTER_LEN);
346
347 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
348 os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
349 os_free(rsn_ie_buf);
350
351 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
352
353 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
354 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
355 rbuf, rlen, reply->key_mic);
356
357 return 0;
358}
359
360
361static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
362 const struct wpa_eapol_key *key,
363 struct wpa_ptk *ptk)
364{
Dmitry Shmidt98660862014-03-11 17:26:21 -0700[diff] [blame]365 size_t ptk_len = wpa_cipher_key_len(sm->pairwise_cipher) + 32;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]366#ifdef CONFIG_IEEE80211R
367 if (wpa_key_mgmt_ft(sm->key_mgmt))
368 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
369#endif /* CONFIG_IEEE80211R */
370
371 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
372 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
373 (u8 *) ptk, ptk_len,
374 wpa_key_mgmt_sha256(sm->key_mgmt));
375 return 0;
376}
377
378
379static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
380 const unsigned char *src_addr,
381 const struct wpa_eapol_key *key,
382 u16 ver)
383{
384 struct wpa_eapol_ie_parse ie;
385 struct wpa_ptk *ptk;
386 u8 buf[8];
387 int res;
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]388 u8 *kde, *kde_buf = NULL;
389 size_t kde_len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]390
391 if (wpa_sm_get_network_ctx(sm) == NULL) {
392 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
393 "found (msg 1 of 4)");
394 return;
395 }
396
397 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
398 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
399 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
400
401 os_memset(&ie, 0, sizeof(ie));
402
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]403 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]404 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
405 const u8 *_buf = (const u8 *) (key + 1);
406 size_t len = WPA_GET_BE16(key->key_data_length);
407 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]408 if (wpa_supplicant_parse_ies(_buf, len, &ie) < 0)
409 goto failed;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]410 if (ie.pmkid) {
411 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
412 "Authenticator", ie.pmkid, PMKID_LEN);
413 }
414 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]415
416 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
417 if (res == -2) {
418 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
419 "msg 1/4 - requesting full EAP authentication");
420 return;
421 }
422 if (res)
423 goto failed;
424
425 if (sm->renew_snonce) {
426 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
427 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
428 "WPA: Failed to get random data for SNonce");
429 goto failed;
430 }
431 sm->renew_snonce = 0;
432 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
433 sm->snonce, WPA_NONCE_LEN);
434 }
435
436 /* Calculate PTK which will be stored as a temporary PTK until it has
437 * been verified when processing message 3/4. */
438 ptk = &sm->tptk;
439 wpa_derive_ptk(sm, src_addr, key, ptk);
Dmitry Shmidt98660862014-03-11 17:26:21 -0700[diff] [blame]440 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
441 /* Supplicant: swap tx/rx Mic keys */
442 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
443 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
444 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
445 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]446 sm->tptk_set = 1;
447
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]448 kde = sm->assoc_wpa_ie;
449 kde_len = sm->assoc_wpa_ie_len;
450
451#ifdef CONFIG_P2P
452 if (sm->p2p) {
453 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
454 if (kde_buf) {
455 u8 *pos;
456 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
457 "into EAPOL-Key 2/4");
458 os_memcpy(kde_buf, kde, kde_len);
459 kde = kde_buf;
460 pos = kde + kde_len;
461 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
462 *pos++ = RSN_SELECTOR_LEN + 1;
463 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
464 pos += RSN_SELECTOR_LEN;
465 *pos++ = 0x01;
466 kde_len = pos - kde;
467 }
468 }
469#endif /* CONFIG_P2P */
470
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]471 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]472 kde, kde_len, ptk))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]473 goto failed;
474
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]475 os_free(kde_buf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]476 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
477 return;
478
479failed:
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]480 os_free(kde_buf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]481 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
482}
483
484
485static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
486{
487 struct wpa_sm *sm = eloop_ctx;
488 rsn_preauth_candidate_process(sm);
489}
490
491
492static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
493 const u8 *addr, int secure)
494{
495 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
496 "WPA: Key negotiation completed with "
497 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
498 wpa_cipher_txt(sm->pairwise_cipher),
499 wpa_cipher_txt(sm->group_cipher));
500 wpa_sm_cancel_auth_timeout(sm);
501 wpa_sm_set_state(sm, WPA_COMPLETED);
502
503 if (secure) {
504 wpa_sm_mlme_setprotection(
505 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
506 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
507 eapol_sm_notify_portValid(sm->eapol, TRUE);
508 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
509 eapol_sm_notify_eap_success(sm->eapol, TRUE);
510 /*
511 * Start preauthentication after a short wait to avoid a
512 * possible race condition between the data receive and key
513 * configuration after the 4-Way Handshake. This increases the
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]514 * likelihood of the first preauth EAPOL-Start frame getting to
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]515 * the target AP.
516 */
517 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
518 }
519
520 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
521 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
522 "RSN: Authenticator accepted "
523 "opportunistic PMKSA entry - marking it valid");
524 sm->cur_pmksa->opportunistic = 0;
525 }
526
527#ifdef CONFIG_IEEE80211R
528 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
529 /* Prepare for the next transition */
530 wpa_ft_prepare_auth_request(sm, NULL);
531 }
532#endif /* CONFIG_IEEE80211R */
533}
534
535
536static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
537{
538 struct wpa_sm *sm = eloop_ctx;
539 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
540 wpa_sm_key_request(sm, 0, 1);
541}
542
543
544static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
545 const struct wpa_eapol_key *key)
546{
547 int keylen, rsclen;
548 enum wpa_alg alg;
549 const u8 *key_rsc;
550 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
551
552 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
553 "WPA: Installing PTK to the driver");
554
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]555 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]556 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
557 "Suite: NONE - do not use pairwise keys");
558 return 0;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]559 }
560
561 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]562 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
563 "WPA: Unsupported pairwise cipher %d",
564 sm->pairwise_cipher);
565 return -1;
566 }
567
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]568 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
569 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
570 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
571
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]572 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]573 key_rsc = null_rsc;
574 } else {
575 key_rsc = key->key_rsc;
576 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
577 }
578
579 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
580 (u8 *) sm->ptk.tk1, keylen) < 0) {
581 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
582 "WPA: Failed to set PTK to the "
583 "driver (alg=%d keylen=%d bssid=" MACSTR ")",
584 alg, keylen, MAC2STR(sm->bssid));
585 return -1;
586 }
587
588 if (sm->wpa_ptk_rekey) {
589 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
590 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
591 sm, NULL);
592 }
593
594 return 0;
595}
596
597
598static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
599 int group_cipher,
600 int keylen, int maxkeylen,
601 int *key_rsc_len,
602 enum wpa_alg *alg)
603{
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]604 int klen;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]605
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]606 *alg = wpa_cipher_to_alg(group_cipher);
607 if (*alg == WPA_ALG_NONE) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]608 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
609 "WPA: Unsupported Group Cipher %d",
610 group_cipher);
611 return -1;
612 }
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]613 *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]614
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]615 klen = wpa_cipher_key_len(group_cipher);
616 if (keylen != klen || maxkeylen < klen) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]617 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
618 "WPA: Unsupported %s Group Cipher key length %d (%d)",
619 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]620 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]621 }
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]622 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]623}
624
625
626struct wpa_gtk_data {
627 enum wpa_alg alg;
628 int tx, key_rsc_len, keyidx;
629 u8 gtk[32];
630 int gtk_len;
631};
632
633
634static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
635 const struct wpa_gtk_data *gd,
636 const u8 *key_rsc)
637{
638 const u8 *_gtk = gd->gtk;
639 u8 gtk_buf[32];
640
641 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
642 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
643 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
644 gd->keyidx, gd->tx, gd->gtk_len);
645 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
646 if (sm->group_cipher == WPA_CIPHER_TKIP) {
647 /* Swap Tx/Rx keys for Michael MIC */
648 os_memcpy(gtk_buf, gd->gtk, 16);
649 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
650 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
651 _gtk = gtk_buf;
652 }
653 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
654 if (wpa_sm_set_key(sm, gd->alg, NULL,
655 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
656 _gtk, gd->gtk_len) < 0) {
657 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
658 "WPA: Failed to set GTK to the driver "
659 "(Group only)");
660 return -1;
661 }
662 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
663 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
664 _gtk, gd->gtk_len) < 0) {
665 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
666 "WPA: Failed to set GTK to "
667 "the driver (alg=%d keylen=%d keyidx=%d)",
668 gd->alg, gd->gtk_len, gd->keyidx);
669 return -1;
670 }
671
672 return 0;
673}
674
675
676static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
677 int tx)
678{
679 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
680 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
681 * seemed to set this bit (incorrectly, since Tx is only when
682 * doing Group Key only APs) and without this workaround, the
683 * data connection does not work because wpa_supplicant
684 * configured non-zero keyidx to be used for unicast. */
685 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
686 "WPA: Tx bit set for GTK, but pairwise "
687 "keys are used - ignore Tx bit");
688 return 0;
689 }
690 return tx;
691}
692
693
694static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
695 const struct wpa_eapol_key *key,
696 const u8 *gtk, size_t gtk_len,
697 int key_info)
698{
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]699 struct wpa_gtk_data gd;
700
701 /*
702 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
703 * GTK KDE format:
704 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
705 * Reserved [bits 0-7]
706 * GTK
707 */
708
709 os_memset(&gd, 0, sizeof(gd));
710 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
711 gtk, gtk_len);
712
713 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
714 return -1;
715
716 gd.keyidx = gtk[0] & 0x3;
717 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
718 !!(gtk[0] & BIT(2)));
719 gtk += 2;
720 gtk_len -= 2;
721
722 os_memcpy(gd.gtk, gtk, gtk_len);
723 gd.gtk_len = gtk_len;
724
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]725 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
726 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
727 gtk_len, gtk_len,
728 &gd.key_rsc_len, &gd.alg) ||
729 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]730 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
731 "RSN: Failed to install GTK");
732 return -1;
733 }
734
735 wpa_supplicant_key_neg_complete(sm, sm->bssid,
736 key_info & WPA_KEY_INFO_SECURE);
737 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]738}
739
740
741static int ieee80211w_set_keys(struct wpa_sm *sm,
742 struct wpa_eapol_ie_parse *ie)
743{
744#ifdef CONFIG_IEEE80211W
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]745 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]746 return 0;
747
748 if (ie->igtk) {
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]749 size_t len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]750 const struct wpa_igtk_kde *igtk;
751 u16 keyidx;
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]752 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
753 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]754 return -1;
755 igtk = (const struct wpa_igtk_kde *) ie->igtk;
756 keyidx = WPA_GET_LE16(igtk->keyid);
757 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
758 "pn %02x%02x%02x%02x%02x%02x",
759 keyidx, MAC2STR(igtk->pn));
760 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]761 igtk->igtk, len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]762 if (keyidx > 4095) {
763 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
764 "WPA: Invalid IGTK KeyID %d", keyidx);
765 return -1;
766 }
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]767 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
768 broadcast_ether_addr,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]769 keyidx, 0, igtk->pn, sizeof(igtk->pn),
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]770 igtk->igtk, len) < 0) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]771 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
772 "WPA: Failed to configure IGTK to the driver");
773 return -1;
774 }
775 }
776
777 return 0;
778#else /* CONFIG_IEEE80211W */
779 return 0;
780#endif /* CONFIG_IEEE80211W */
781}
782
783
784static void wpa_report_ie_mismatch(struct wpa_sm *sm,
785 const char *reason, const u8 *src_addr,
786 const u8 *wpa_ie, size_t wpa_ie_len,
787 const u8 *rsn_ie, size_t rsn_ie_len)
788{
789 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
790 reason, MAC2STR(src_addr));
791
792 if (sm->ap_wpa_ie) {
793 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
794 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
795 }
796 if (wpa_ie) {
797 if (!sm->ap_wpa_ie) {
798 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
799 "WPA: No WPA IE in Beacon/ProbeResp");
800 }
801 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
802 wpa_ie, wpa_ie_len);
803 }
804
805 if (sm->ap_rsn_ie) {
806 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
807 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
808 }
809 if (rsn_ie) {
810 if (!sm->ap_rsn_ie) {
811 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
812 "WPA: No RSN IE in Beacon/ProbeResp");
813 }
814 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
815 rsn_ie, rsn_ie_len);
816 }
817
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]818 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]819}
820
821
822#ifdef CONFIG_IEEE80211R
823
824static int ft_validate_mdie(struct wpa_sm *sm,
825 const unsigned char *src_addr,
826 struct wpa_eapol_ie_parse *ie,
827 const u8 *assoc_resp_mdie)
828{
829 struct rsn_mdie *mdie;
830
831 mdie = (struct rsn_mdie *) (ie->mdie + 2);
832 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
833 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
834 MOBILITY_DOMAIN_ID_LEN) != 0) {
835 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
836 "not match with the current mobility domain");
837 return -1;
838 }
839
840 if (assoc_resp_mdie &&
841 (assoc_resp_mdie[1] != ie->mdie[1] ||
842 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
843 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
844 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
845 ie->mdie, 2 + ie->mdie[1]);
846 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
847 assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
848 return -1;
849 }
850
851 return 0;
852}
853
854
855static int ft_validate_ftie(struct wpa_sm *sm,
856 const unsigned char *src_addr,
857 struct wpa_eapol_ie_parse *ie,
858 const u8 *assoc_resp_ftie)
859{
860 if (ie->ftie == NULL) {
861 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
862 "FT: No FTIE in EAPOL-Key msg 3/4");
863 return -1;
864 }
865
866 if (assoc_resp_ftie == NULL)
867 return 0;
868
869 if (assoc_resp_ftie[1] != ie->ftie[1] ||
870 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
871 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
872 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
873 ie->ftie, 2 + ie->ftie[1]);
874 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
875 assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
876 return -1;
877 }
878
879 return 0;
880}
881
882
883static int ft_validate_rsnie(struct wpa_sm *sm,
884 const unsigned char *src_addr,
885 struct wpa_eapol_ie_parse *ie)
886{
887 struct wpa_ie_data rsn;
888
889 if (!ie->rsn_ie)
890 return 0;
891
892 /*
893 * Verify that PMKR1Name from EAPOL-Key message 3/4
894 * matches with the value we derived.
895 */
896 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
897 rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
898 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
899 "FT 4-way handshake message 3/4");
900 return -1;
901 }
902
903 if (os_memcmp(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) {
904 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
905 "FT: PMKR1Name mismatch in "
906 "FT 4-way handshake message 3/4");
907 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
908 rsn.pmkid, WPA_PMK_NAME_LEN);
909 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
910 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
911 return -1;
912 }
913
914 return 0;
915}
916
917
918static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
919 const unsigned char *src_addr,
920 struct wpa_eapol_ie_parse *ie)
921{
922 const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
923
924 if (sm->assoc_resp_ies) {
925 pos = sm->assoc_resp_ies;
926 end = pos + sm->assoc_resp_ies_len;
927 while (pos + 2 < end) {
928 if (pos + 2 + pos[1] > end)
929 break;
930 switch (*pos) {
931 case WLAN_EID_MOBILITY_DOMAIN:
932 mdie = pos;
933 break;
934 case WLAN_EID_FAST_BSS_TRANSITION:
935 ftie = pos;
936 break;
937 }
938 pos += 2 + pos[1];
939 }
940 }
941
942 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
943 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
944 ft_validate_rsnie(sm, src_addr, ie) < 0)
945 return -1;
946
947 return 0;
948}
949
950#endif /* CONFIG_IEEE80211R */
951
952
953static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
954 const unsigned char *src_addr,
955 struct wpa_eapol_ie_parse *ie)
956{
957 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
958 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
959 "WPA: No WPA/RSN IE for this AP known. "
960 "Trying to get from scan results");
961 if (wpa_sm_get_beacon_ie(sm) < 0) {
962 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
963 "WPA: Could not find AP from "
964 "the scan results");
965 } else {
966 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
967 "WPA: Found the current AP from "
968 "updated scan results");
969 }
970 }
971
972 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
973 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
974 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
975 "with IE in Beacon/ProbeResp (no IE?)",
976 src_addr, ie->wpa_ie, ie->wpa_ie_len,
977 ie->rsn_ie, ie->rsn_ie_len);
978 return -1;
979 }
980
981 if ((ie->wpa_ie && sm->ap_wpa_ie &&
982 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
983 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
984 (ie->rsn_ie && sm->ap_rsn_ie &&
985 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
986 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
987 ie->rsn_ie, ie->rsn_ie_len))) {
988 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
989 "with IE in Beacon/ProbeResp",
990 src_addr, ie->wpa_ie, ie->wpa_ie_len,
991 ie->rsn_ie, ie->rsn_ie_len);
992 return -1;
993 }
994
995 if (sm->proto == WPA_PROTO_WPA &&
996 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
997 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
998 "detected - RSN was enabled and RSN IE "
999 "was in msg 3/4, but not in "
1000 "Beacon/ProbeResp",
1001 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1002 ie->rsn_ie, ie->rsn_ie_len);
1003 return -1;
1004 }
1005
1006#ifdef CONFIG_IEEE80211R
1007 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1008 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1009 return -1;
1010#endif /* CONFIG_IEEE80211R */
1011
1012 return 0;
1013}
1014
1015
1016/**
1017 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1018 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1019 * @dst: Destination address for the frame
1020 * @key: Pointer to the EAPOL-Key frame header
1021 * @ver: Version bits from EAPOL-Key Key Info
1022 * @key_info: Key Info
1023 * @kde: KDEs to include the EAPOL-Key frame
1024 * @kde_len: Length of KDEs
1025 * @ptk: PTK to use for keyed hash and encryption
1026 * Returns: 0 on success, -1 on failure
1027 */
1028int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1029 const struct wpa_eapol_key *key,
1030 u16 ver, u16 key_info,
1031 const u8 *kde, size_t kde_len,
1032 struct wpa_ptk *ptk)
1033{
1034 size_t rlen;
1035 struct wpa_eapol_key *reply;
1036 u8 *rbuf;
1037
1038 if (kde)
1039 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
1040
1041 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1042 sizeof(*reply) + kde_len,
1043 &rlen, (void *) &reply);
1044 if (rbuf == NULL)
1045 return -1;
1046
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1047 reply->type = (sm->proto == WPA_PROTO_RSN ||
1048 sm->proto == WPA_PROTO_OSEN) ?
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1049 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1050 key_info &= WPA_KEY_INFO_SECURE;
1051 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1052 WPA_PUT_BE16(reply->key_info, key_info);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1053 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1054 WPA_PUT_BE16(reply->key_length, 0);
1055 else
1056 os_memcpy(reply->key_length, key->key_length, 2);
1057 os_memcpy(reply->replay_counter, key->replay_counter,
1058 WPA_REPLAY_COUNTER_LEN);
1059
1060 WPA_PUT_BE16(reply->key_data_length, kde_len);
1061 if (kde)
1062 os_memcpy(reply + 1, kde, kde_len);
1063
1064 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1065 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1066 rbuf, rlen, reply->key_mic);
1067
1068 return 0;
1069}
1070
1071
1072static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1073 const struct wpa_eapol_key *key,
1074 u16 ver)
1075{
1076 u16 key_info, keylen, len;
1077 const u8 *pos;
1078 struct wpa_eapol_ie_parse ie;
1079
1080 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1081 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1082 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1083
1084 key_info = WPA_GET_BE16(key->key_info);
1085
1086 pos = (const u8 *) (key + 1);
1087 len = WPA_GET_BE16(key->key_data_length);
1088 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1089 if (wpa_supplicant_parse_ies(pos, len, &ie) < 0)
1090 goto failed;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1091 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1092 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1093 "WPA: GTK IE in unencrypted key data");
1094 goto failed;
1095 }
1096#ifdef CONFIG_IEEE80211W
1097 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1098 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1099 "WPA: IGTK KDE in unencrypted key data");
1100 goto failed;
1101 }
1102
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1103 if (ie.igtk &&
1104 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1105 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1106 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1107 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1108 "WPA: Invalid IGTK KDE length %lu",
1109 (unsigned long) ie.igtk_len);
1110 goto failed;
1111 }
1112#endif /* CONFIG_IEEE80211W */
1113
1114 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1115 goto failed;
1116
1117 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1118 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1119 "WPA: ANonce from message 1 of 4-Way Handshake "
1120 "differs from 3 of 4-Way Handshake - drop packet (src="
1121 MACSTR ")", MAC2STR(sm->bssid));
1122 goto failed;
1123 }
1124
1125 keylen = WPA_GET_BE16(key->key_length);
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1126 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1127 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1128 "WPA: Invalid %s key length %d (src=" MACSTR
1129 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1130 MAC2STR(sm->bssid));
1131 goto failed;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1132 }
1133
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]1134#ifdef CONFIG_P2P
1135 if (ie.ip_addr_alloc) {
1136 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1137 wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1138 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1139 }
1140#endif /* CONFIG_P2P */
1141
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1142 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1143 NULL, 0, &sm->ptk)) {
1144 goto failed;
1145 }
1146
1147 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1148 * for the next 4-Way Handshake. If msg 3 is received again, the old
1149 * SNonce will still be used to avoid changing PTK. */
1150 sm->renew_snonce = 1;
1151
1152 if (key_info & WPA_KEY_INFO_INSTALL) {
1153 if (wpa_supplicant_install_ptk(sm, key))
1154 goto failed;
1155 }
1156
1157 if (key_info & WPA_KEY_INFO_SECURE) {
1158 wpa_sm_mlme_setprotection(
1159 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1160 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1161 eapol_sm_notify_portValid(sm->eapol, TRUE);
1162 }
1163 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1164
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1165 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1166 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1167 key_info & WPA_KEY_INFO_SECURE);
1168 } else if (ie.gtk &&
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1169 wpa_supplicant_pairwise_gtk(sm, key,
1170 ie.gtk, ie.gtk_len, key_info) < 0) {
1171 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1172 "RSN: Failed to configure GTK");
1173 goto failed;
1174 }
1175
1176 if (ieee80211w_set_keys(sm, &ie) < 0) {
1177 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1178 "RSN: Failed to configure IGTK");
1179 goto failed;
1180 }
1181
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1182 if (ie.gtk)
1183 wpa_sm_set_rekey_offload(sm);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1184
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1185 return;
1186
1187failed:
1188 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1189}
1190
1191
1192static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1193 const u8 *keydata,
1194 size_t keydatalen,
1195 u16 key_info,
1196 struct wpa_gtk_data *gd)
1197{
1198 int maxkeylen;
1199 struct wpa_eapol_ie_parse ie;
1200
1201 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1202 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1203 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1204 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1205 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1206 "WPA: GTK IE in unencrypted key data");
1207 return -1;
1208 }
1209 if (ie.gtk == NULL) {
1210 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1211 "WPA: No GTK IE in Group Key msg 1/2");
1212 return -1;
1213 }
1214 maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1215
1216 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1217 gd->gtk_len, maxkeylen,
1218 &gd->key_rsc_len, &gd->alg))
1219 return -1;
1220
1221 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
1222 ie.gtk, ie.gtk_len);
1223 gd->keyidx = ie.gtk[0] & 0x3;
1224 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1225 !!(ie.gtk[0] & BIT(2)));
1226 if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1227 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1228 "RSN: Too long GTK in GTK IE (len=%lu)",
1229 (unsigned long) ie.gtk_len - 2);
1230 return -1;
1231 }
1232 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1233
1234 if (ieee80211w_set_keys(sm, &ie) < 0)
1235 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1236 "RSN: Failed to configure IGTK");
1237
1238 return 0;
1239}
1240
1241
1242static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1243 const struct wpa_eapol_key *key,
1244 size_t keydatalen, int key_info,
1245 size_t extra_len, u16 ver,
1246 struct wpa_gtk_data *gd)
1247{
1248 size_t maxkeylen;
1249 u8 ek[32];
1250
1251 gd->gtk_len = WPA_GET_BE16(key->key_length);
1252 maxkeylen = keydatalen;
1253 if (keydatalen > extra_len) {
1254 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1255 "WPA: Truncated EAPOL-Key packet: "
1256 "key_data_length=%lu > extra_len=%lu",
1257 (unsigned long) keydatalen, (unsigned long) extra_len);
1258 return -1;
1259 }
1260 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1261 if (maxkeylen < 8) {
1262 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1263 "WPA: Too short maxkeylen (%lu)",
1264 (unsigned long) maxkeylen);
1265 return -1;
1266 }
1267 maxkeylen -= 8;
1268 }
1269
1270 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1271 gd->gtk_len, maxkeylen,
1272 &gd->key_rsc_len, &gd->alg))
1273 return -1;
1274
1275 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1276 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1277 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1278 os_memcpy(ek, key->key_iv, 16);
1279 os_memcpy(ek + 16, sm->ptk.kek, 16);
1280 if (keydatalen > sizeof(gd->gtk)) {
1281 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1282 "WPA: RC4 key data too long (%lu)",
1283 (unsigned long) keydatalen);
1284 return -1;
1285 }
1286 os_memcpy(gd->gtk, key + 1, keydatalen);
1287 if (rc4_skip(ek, 32, 256, gd->gtk, keydatalen)) {
1288 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1289 "WPA: RC4 failed");
1290 return -1;
1291 }
1292 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1293 if (keydatalen % 8) {
1294 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1295 "WPA: Unsupported AES-WRAP len %lu",
1296 (unsigned long) keydatalen);
1297 return -1;
1298 }
1299 if (maxkeylen > sizeof(gd->gtk)) {
1300 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1301 "WPA: AES-WRAP key data "
1302 "too long (keydatalen=%lu maxkeylen=%lu)",
1303 (unsigned long) keydatalen,
1304 (unsigned long) maxkeylen);
1305 return -1;
1306 }
1307 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
1308 (const u8 *) (key + 1), gd->gtk)) {
1309 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1310 "WPA: AES unwrap failed - could not decrypt "
1311 "GTK");
1312 return -1;
1313 }
1314 } else {
1315 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1316 "WPA: Unsupported key_info type %d", ver);
1317 return -1;
1318 }
1319 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1320 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1321 return 0;
1322}
1323
1324
1325static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1326 const struct wpa_eapol_key *key,
1327 int ver, u16 key_info)
1328{
1329 size_t rlen;
1330 struct wpa_eapol_key *reply;
1331 u8 *rbuf;
1332
1333 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1334 sizeof(*reply), &rlen, (void *) &reply);
1335 if (rbuf == NULL)
1336 return -1;
1337
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1338 reply->type = (sm->proto == WPA_PROTO_RSN ||
1339 sm->proto == WPA_PROTO_OSEN) ?
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1340 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1341 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1342 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1343 WPA_PUT_BE16(reply->key_info, key_info);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1344 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1345 WPA_PUT_BE16(reply->key_length, 0);
1346 else
1347 os_memcpy(reply->key_length, key->key_length, 2);
1348 os_memcpy(reply->replay_counter, key->replay_counter,
1349 WPA_REPLAY_COUNTER_LEN);
1350
1351 WPA_PUT_BE16(reply->key_data_length, 0);
1352
1353 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1354 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
1355 rbuf, rlen, reply->key_mic);
1356
1357 return 0;
1358}
1359
1360
1361static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1362 const unsigned char *src_addr,
1363 const struct wpa_eapol_key *key,
1364 int extra_len, u16 ver)
1365{
1366 u16 key_info, keydatalen;
1367 int rekey, ret;
1368 struct wpa_gtk_data gd;
1369
1370 os_memset(&gd, 0, sizeof(gd));
1371
1372 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1373 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1374 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1375
1376 key_info = WPA_GET_BE16(key->key_info);
1377 keydatalen = WPA_GET_BE16(key->key_data_length);
1378
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1379 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1380 ret = wpa_supplicant_process_1_of_2_rsn(sm,
1381 (const u8 *) (key + 1),
1382 keydatalen, key_info,
1383 &gd);
1384 } else {
1385 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
1386 key_info, extra_len,
1387 ver, &gd);
1388 }
1389
1390 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1391
1392 if (ret)
1393 goto failed;
1394
1395 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1396 wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1397 goto failed;
1398
1399 if (rekey) {
1400 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1401 "completed with " MACSTR " [GTK=%s]",
1402 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1403 wpa_sm_cancel_auth_timeout(sm);
1404 wpa_sm_set_state(sm, WPA_COMPLETED);
1405 } else {
1406 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1407 key_info &
1408 WPA_KEY_INFO_SECURE);
1409 }
Dmitry Shmidtcce06662013-11-04 18:44:24 -0800[diff] [blame]1410
1411 wpa_sm_set_rekey_offload(sm);
1412
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1413 return;
1414
1415failed:
1416 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1417}
1418
1419
1420static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1421 struct wpa_eapol_key *key,
1422 u16 ver,
1423 const u8 *buf, size_t len)
1424{
1425 u8 mic[16];
1426 int ok = 0;
1427
1428 os_memcpy(mic, key->key_mic, 16);
1429 if (sm->tptk_set) {
1430 os_memset(key->key_mic, 0, 16);
1431 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
1432 key->key_mic);
1433 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1434 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1435 "WPA: Invalid EAPOL-Key MIC "
1436 "when using TPTK - ignoring TPTK");
1437 } else {
1438 ok = 1;
1439 sm->tptk_set = 0;
1440 sm->ptk_set = 1;
1441 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1442 }
1443 }
1444
1445 if (!ok && sm->ptk_set) {
1446 os_memset(key->key_mic, 0, 16);
1447 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
1448 key->key_mic);
1449 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1450 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1451 "WPA: Invalid EAPOL-Key MIC - "
1452 "dropping packet");
1453 return -1;
1454 }
1455 ok = 1;
1456 }
1457
1458 if (!ok) {
1459 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1460 "WPA: Could not verify EAPOL-Key MIC - "
1461 "dropping packet");
1462 return -1;
1463 }
1464
1465 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1466 WPA_REPLAY_COUNTER_LEN);
1467 sm->rx_replay_counter_set = 1;
1468 return 0;
1469}
1470
1471
1472/* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1473static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1474 struct wpa_eapol_key *key, u16 ver)
1475{
1476 u16 keydatalen = WPA_GET_BE16(key->key_data_length);
1477
1478 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1479 (u8 *) (key + 1), keydatalen);
1480 if (!sm->ptk_set) {
1481 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1482 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1483 "Data");
1484 return -1;
1485 }
1486
1487 /* Decrypt key data here so that this operation does not need
1488 * to be implemented separately for each message type. */
1489 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1490 u8 ek[32];
1491 os_memcpy(ek, key->key_iv, 16);
1492 os_memcpy(ek + 16, sm->ptk.kek, 16);
1493 if (rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen)) {
1494 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1495 "WPA: RC4 failed");
1496 return -1;
1497 }
1498 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1499 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1500 sm->key_mgmt == WPA_KEY_MGMT_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1501 u8 *buf;
1502 if (keydatalen % 8) {
1503 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1504 "WPA: Unsupported AES-WRAP len %d",
1505 keydatalen);
1506 return -1;
1507 }
1508 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
1509 buf = os_malloc(keydatalen);
1510 if (buf == NULL) {
1511 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1512 "WPA: No memory for AES-UNWRAP buffer");
1513 return -1;
1514 }
1515 if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
1516 (u8 *) (key + 1), buf)) {
1517 os_free(buf);
1518 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1519 "WPA: AES unwrap failed - "
1520 "could not decrypt EAPOL-Key key data");
1521 return -1;
1522 }
1523 os_memcpy(key + 1, buf, keydatalen);
1524 os_free(buf);
1525 WPA_PUT_BE16(key->key_data_length, keydatalen);
1526 } else {
1527 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1528 "WPA: Unsupported key_info type %d", ver);
1529 return -1;
1530 }
1531 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1532 (u8 *) (key + 1), keydatalen);
1533 return 0;
1534}
1535
1536
1537/**
1538 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1539 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1540 */
1541void wpa_sm_aborted_cached(struct wpa_sm *sm)
1542{
1543 if (sm && sm->cur_pmksa) {
1544 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1545 "RSN: Cancelling PMKSA caching attempt");
1546 sm->cur_pmksa = NULL;
1547 }
1548}
1549
1550
1551static void wpa_eapol_key_dump(struct wpa_sm *sm,
1552 const struct wpa_eapol_key *key)
1553{
1554#ifndef CONFIG_NO_STDOUT_DEBUG
1555 u16 key_info = WPA_GET_BE16(key->key_info);
1556
1557 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1558 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1559 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1560 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1561 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1562 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1563 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1564 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1565 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1566 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1567 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1568 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1569 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1570 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1571 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1572 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1573 " key_length=%u key_data_length=%u",
1574 WPA_GET_BE16(key->key_length),
1575 WPA_GET_BE16(key->key_data_length));
1576 wpa_hexdump(MSG_DEBUG, " replay_counter",
1577 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1578 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
1579 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
1580 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
1581 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
1582 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16);
1583#endif /* CONFIG_NO_STDOUT_DEBUG */
1584}
1585
1586
1587/**
1588 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1589 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1590 * @src_addr: Source MAC address of the EAPOL packet
1591 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1592 * @len: Length of the EAPOL frame
1593 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1594 *
1595 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1596 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1597 * only processing WPA and WPA2 EAPOL-Key frames.
1598 *
1599 * The received EAPOL-Key packets are validated and valid packets are replied
1600 * to. In addition, key material (PTK, GTK) is configured at the end of a
1601 * successful key handshake.
1602 */
1603int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1604 const u8 *buf, size_t len)
1605{
1606 size_t plen, data_len, extra_len;
1607 struct ieee802_1x_hdr *hdr;
1608 struct wpa_eapol_key *key;
1609 u16 key_info, ver;
1610 u8 *tmp;
1611 int ret = -1;
1612 struct wpa_peerkey *peerkey = NULL;
1613
1614#ifdef CONFIG_IEEE80211R
1615 sm->ft_completed = 0;
1616#endif /* CONFIG_IEEE80211R */
1617
1618 if (len < sizeof(*hdr) + sizeof(*key)) {
1619 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1620 "WPA: EAPOL frame too short to be a WPA "
1621 "EAPOL-Key (len %lu, expecting at least %lu)",
1622 (unsigned long) len,
1623 (unsigned long) sizeof(*hdr) + sizeof(*key));
1624 return 0;
1625 }
1626
1627 tmp = os_malloc(len);
1628 if (tmp == NULL)
1629 return -1;
1630 os_memcpy(tmp, buf, len);
1631
1632 hdr = (struct ieee802_1x_hdr *) tmp;
1633 key = (struct wpa_eapol_key *) (hdr + 1);
1634 plen = be_to_host16(hdr->length);
1635 data_len = plen + sizeof(*hdr);
1636 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1637 "IEEE 802.1X RX: version=%d type=%d length=%lu",
1638 hdr->version, hdr->type, (unsigned long) plen);
1639
1640 if (hdr->version < EAPOL_VERSION) {
1641 /* TODO: backwards compatibility */
1642 }
1643 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1644 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1645 "WPA: EAPOL frame (type %u) discarded, "
1646 "not a Key frame", hdr->type);
1647 ret = 0;
1648 goto out;
1649 }
1650 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
1651 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1652 "WPA: EAPOL frame payload size %lu "
1653 "invalid (frame size %lu)",
1654 (unsigned long) plen, (unsigned long) len);
1655 ret = 0;
1656 goto out;
1657 }
1658
1659 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1660 {
1661 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1662 "WPA: EAPOL-Key type (%d) unknown, discarded",
1663 key->type);
1664 ret = 0;
1665 goto out;
1666 }
1667 wpa_eapol_key_dump(sm, key);
1668
1669 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1670 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
1671 if (data_len < len) {
1672 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1673 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
1674 (unsigned long) len - data_len);
1675 }
1676 key_info = WPA_GET_BE16(key->key_info);
1677 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1678 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1679#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1680 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1681#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1682 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1683 sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1684 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1685 "WPA: Unsupported EAPOL-Key descriptor version %d",
1686 ver);
1687 goto out;
1688 }
1689
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1690 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1691 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1692 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1693 "OSEN: Unsupported EAPOL-Key descriptor version %d",
1694 ver);
1695 goto out;
1696 }
1697
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1698#ifdef CONFIG_IEEE80211R
1699 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1700 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1701 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1702 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1703 "FT: AP did not use AES-128-CMAC");
1704 goto out;
1705 }
1706 } else
1707#endif /* CONFIG_IEEE80211R */
1708#ifdef CONFIG_IEEE80211W
1709 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1710 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1711 sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1712 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1713 "WPA: AP did not use the "
1714 "negotiated AES-128-CMAC");
1715 goto out;
1716 }
1717 } else
1718#endif /* CONFIG_IEEE80211W */
1719 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1720 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1721 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1722 "WPA: CCMP is used, but EAPOL-Key "
1723 "descriptor version (%d) is not 2", ver);
1724 if (sm->group_cipher != WPA_CIPHER_CCMP &&
1725 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1726 /* Earlier versions of IEEE 802.11i did not explicitly
1727 * require version 2 descriptor for all EAPOL-Key
1728 * packets, so allow group keys to use version 1 if
1729 * CCMP is not used for them. */
1730 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1731 "WPA: Backwards compatibility: allow invalid "
1732 "version for non-CCMP group keys");
1733 } else
1734 goto out;
1735 }
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]1736 if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1737 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1738 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1739 "WPA: GCMP is used, but EAPOL-Key "
1740 "descriptor version (%d) is not 2", ver);
1741 goto out;
1742 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1743
1744#ifdef CONFIG_PEERKEY
1745 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1746 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1747 break;
1748 }
1749
1750 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1751 if (!peerkey->initiator && peerkey->replay_counter_set &&
1752 os_memcmp(key->replay_counter, peerkey->replay_counter,
1753 WPA_REPLAY_COUNTER_LEN) <= 0) {
1754 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1755 "RSN: EAPOL-Key Replay Counter did not "
1756 "increase (STK) - dropping packet");
1757 goto out;
1758 } else if (peerkey->initiator) {
1759 u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1760 os_memcpy(_tmp, key->replay_counter,
1761 WPA_REPLAY_COUNTER_LEN);
1762 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1763 if (os_memcmp(_tmp, peerkey->replay_counter,
1764 WPA_REPLAY_COUNTER_LEN) != 0) {
1765 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1766 "RSN: EAPOL-Key Replay "
1767 "Counter did not match (STK) - "
1768 "dropping packet");
1769 goto out;
1770 }
1771 }
1772 }
1773
1774 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1775 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1776 "RSN: Ack bit in key_info from STK peer");
1777 goto out;
1778 }
1779#endif /* CONFIG_PEERKEY */
1780
1781 if (!peerkey && sm->rx_replay_counter_set &&
1782 os_memcmp(key->replay_counter, sm->rx_replay_counter,
1783 WPA_REPLAY_COUNTER_LEN) <= 0) {
1784 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1785 "WPA: EAPOL-Key Replay Counter did not increase - "
1786 "dropping packet");
1787 goto out;
1788 }
1789
1790 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1791#ifdef CONFIG_PEERKEY
1792 && (peerkey == NULL || !peerkey->initiator)
1793#endif /* CONFIG_PEERKEY */
1794 ) {
1795 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1796 "WPA: No Ack bit in key_info");
1797 goto out;
1798 }
1799
1800 if (key_info & WPA_KEY_INFO_REQUEST) {
1801 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1802 "WPA: EAPOL-Key with Request bit - dropped");
1803 goto out;
1804 }
1805
1806 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1807 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
1808 goto out;
1809
1810#ifdef CONFIG_PEERKEY
1811 if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1812 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
1813 goto out;
1814#endif /* CONFIG_PEERKEY */
1815
1816 extra_len = data_len - sizeof(*hdr) - sizeof(*key);
1817
1818 if (WPA_GET_BE16(key->key_data_length) > extra_len) {
1819 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1820 "frame - key_data overflow (%d > %lu)",
1821 WPA_GET_BE16(key->key_data_length),
1822 (unsigned long) extra_len);
1823 goto out;
1824 }
1825 extra_len = WPA_GET_BE16(key->key_data_length);
1826
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1827 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1828 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1829 if (wpa_supplicant_decrypt_key_data(sm, key, ver))
1830 goto out;
1831 extra_len = WPA_GET_BE16(key->key_data_length);
1832 }
1833
1834 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1835 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1836 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1837 "WPA: Ignored EAPOL-Key (Pairwise) with "
1838 "non-zero key index");
1839 goto out;
1840 }
1841 if (peerkey) {
1842 /* PeerKey 4-Way Handshake */
1843 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
1844 } else if (key_info & WPA_KEY_INFO_MIC) {
1845 /* 3/4 4-Way Handshake */
1846 wpa_supplicant_process_3_of_4(sm, key, ver);
1847 } else {
1848 /* 1/4 4-Way Handshake */
1849 wpa_supplicant_process_1_of_4(sm, src_addr, key,
1850 ver);
1851 }
1852 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1853 /* PeerKey SMK Handshake */
1854 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info,
1855 ver);
1856 } else {
1857 if (key_info & WPA_KEY_INFO_MIC) {
1858 /* 1/2 Group Key Handshake */
1859 wpa_supplicant_process_1_of_2(sm, src_addr, key,
1860 extra_len, ver);
1861 } else {
1862 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1863 "WPA: EAPOL-Key (Group) without Mic bit - "
1864 "dropped");
1865 }
1866 }
1867
1868 ret = 1;
1869
1870out:
1871 os_free(tmp);
1872 return ret;
1873}
1874
1875
1876#ifdef CONFIG_CTRL_IFACE
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1877static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
1878{
1879 switch (sm->key_mgmt) {
1880 case WPA_KEY_MGMT_IEEE8021X:
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]1881 return ((sm->proto == WPA_PROTO_RSN ||
1882 sm->proto == WPA_PROTO_OSEN) ?
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1883 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
1884 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
1885 case WPA_KEY_MGMT_PSK:
1886 return (sm->proto == WPA_PROTO_RSN ?
1887 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
1888 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
1889#ifdef CONFIG_IEEE80211R
1890 case WPA_KEY_MGMT_FT_IEEE8021X:
1891 return RSN_AUTH_KEY_MGMT_FT_802_1X;
1892 case WPA_KEY_MGMT_FT_PSK:
1893 return RSN_AUTH_KEY_MGMT_FT_PSK;
1894#endif /* CONFIG_IEEE80211R */
1895#ifdef CONFIG_IEEE80211W
1896 case WPA_KEY_MGMT_IEEE8021X_SHA256:
1897 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
1898 case WPA_KEY_MGMT_PSK_SHA256:
1899 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
1900#endif /* CONFIG_IEEE80211W */
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]1901 case WPA_KEY_MGMT_CCKM:
1902 return (sm->proto == WPA_PROTO_RSN ?
1903 RSN_AUTH_KEY_MGMT_CCKM:
1904 WPA_AUTH_KEY_MGMT_CCKM);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1905 case WPA_KEY_MGMT_WPA_NONE:
1906 return WPA_AUTH_KEY_MGMT_NONE;
1907 default:
1908 return 0;
1909 }
1910}
1911
1912
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1913#define RSN_SUITE "%02x-%02x-%02x-%d"
1914#define RSN_SUITE_ARG(s) \
1915((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
1916
1917/**
1918 * wpa_sm_get_mib - Dump text list of MIB entries
1919 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1920 * @buf: Buffer for the list
1921 * @buflen: Length of the buffer
1922 * Returns: Number of bytes written to buffer
1923 *
1924 * This function is used fetch dot11 MIB variables.
1925 */
1926int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
1927{
1928 char pmkid_txt[PMKID_LEN * 2 + 1];
1929 int rsna, ret;
1930 size_t len;
1931
1932 if (sm->cur_pmksa) {
1933 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
1934 sm->cur_pmksa->pmkid, PMKID_LEN);
1935 } else
1936 pmkid_txt[0] = '\0';
1937
1938 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1939 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1940 sm->proto == WPA_PROTO_RSN)
1941 rsna = 1;
1942 else
1943 rsna = 0;
1944
1945 ret = os_snprintf(buf, buflen,
1946 "dot11RSNAOptionImplemented=TRUE\n"
1947 "dot11RSNAPreauthenticationImplemented=TRUE\n"
1948 "dot11RSNAEnabled=%s\n"
1949 "dot11RSNAPreauthenticationEnabled=%s\n"
1950 "dot11RSNAConfigVersion=%d\n"
1951 "dot11RSNAConfigPairwiseKeysSupported=5\n"
1952 "dot11RSNAConfigGroupCipherSize=%d\n"
1953 "dot11RSNAConfigPMKLifetime=%d\n"
1954 "dot11RSNAConfigPMKReauthThreshold=%d\n"
1955 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
1956 "dot11RSNAConfigSATimeout=%d\n",
1957 rsna ? "TRUE" : "FALSE",
1958 rsna ? "TRUE" : "FALSE",
1959 RSN_VERSION,
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1960 wpa_cipher_key_len(sm->group_cipher) * 8,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1961 sm->dot11RSNAConfigPMKLifetime,
1962 sm->dot11RSNAConfigPMKReauthThreshold,
1963 sm->dot11RSNAConfigSATimeout);
1964 if (ret < 0 || (size_t) ret >= buflen)
1965 return 0;
1966 len = ret;
1967
1968 ret = os_snprintf(
1969 buf + len, buflen - len,
1970 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
1971 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
1972 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
1973 "dot11RSNAPMKIDUsed=%s\n"
1974 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
1975 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
1976 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
1977 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
1978 "dot11RSNA4WayHandshakeFailures=%u\n",
1979 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1980 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1981 sm->pairwise_cipher)),
1982 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1983 sm->group_cipher)),
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1984 pmkid_txt,
1985 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1986 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1987 sm->pairwise_cipher)),
1988 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
1989 sm->group_cipher)),
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1990 sm->dot11RSNA4WayHandshakeFailures);
1991 if (ret >= 0 && (size_t) ret < buflen)
1992 len += ret;
1993
1994 return (int) len;
1995}
1996#endif /* CONFIG_CTRL_IFACE */
1997
1998
1999static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2000 void *ctx, enum pmksa_free_reason reason)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2001{
2002 struct wpa_sm *sm = ctx;
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2003 int deauth = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2004
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2005 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2006 MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2007
2008 if (sm->cur_pmksa == entry) {
2009 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2010 "RSN: %s current PMKSA entry",
2011 reason == PMKSA_REPLACE ? "replaced" : "removed");
2012 pmksa_cache_clear_current(sm);
2013
2014 /*
2015 * If an entry is simply being replaced, there's no need to
2016 * deauthenticate because it will be immediately re-added.
2017 * This happens when EAP authentication is completed again
2018 * (reauth or failed PMKSA caching attempt).
2019 */
2020 if (reason != PMKSA_REPLACE)
2021 deauth = 1;
2022 }
2023
2024 if (reason == PMKSA_EXPIRE &&
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2025 (sm->pmk_len == entry->pmk_len &&
2026 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2027 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2028 "RSN: deauthenticating due to expired PMK");
2029 pmksa_cache_clear_current(sm);
2030 deauth = 1;
2031 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2032
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2033 if (deauth) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2034 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2035 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2036 }
2037}
2038
2039
2040/**
2041 * wpa_sm_init - Initialize WPA state machine
2042 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2043 * Returns: Pointer to the allocated WPA state machine data
2044 *
2045 * This function is used to allocate a new WPA state machine and the returned
2046 * value is passed to all WPA state machine calls.
2047 */
2048struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2049{
2050 struct wpa_sm *sm;
2051
2052 sm = os_zalloc(sizeof(*sm));
2053 if (sm == NULL)
2054 return NULL;
2055 dl_list_init(&sm->pmksa_candidates);
2056 sm->renew_snonce = 1;
2057 sm->ctx = ctx;
2058
2059 sm->dot11RSNAConfigPMKLifetime = 43200;
2060 sm->dot11RSNAConfigPMKReauthThreshold = 70;
2061 sm->dot11RSNAConfigSATimeout = 60;
2062
2063 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2064 if (sm->pmksa == NULL) {
2065 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2066 "RSN: PMKSA cache initialization failed");
2067 os_free(sm);
2068 return NULL;
2069 }
2070
2071 return sm;
2072}
2073
2074
2075/**
2076 * wpa_sm_deinit - Deinitialize WPA state machine
2077 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2078 */
2079void wpa_sm_deinit(struct wpa_sm *sm)
2080{
2081 if (sm == NULL)
2082 return;
2083 pmksa_cache_deinit(sm->pmksa);
2084 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2085 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2086 os_free(sm->assoc_wpa_ie);
2087 os_free(sm->ap_wpa_ie);
2088 os_free(sm->ap_rsn_ie);
2089 os_free(sm->ctx);
2090 peerkey_deinit(sm);
2091#ifdef CONFIG_IEEE80211R
2092 os_free(sm->assoc_resp_ies);
2093#endif /* CONFIG_IEEE80211R */
2094 os_free(sm);
2095}
2096
2097
2098/**
2099 * wpa_sm_notify_assoc - Notify WPA state machine about association
2100 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2101 * @bssid: The BSSID of the new association
2102 *
2103 * This function is called to let WPA state machine know that the connection
2104 * was established.
2105 */
2106void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2107{
2108 int clear_ptk = 1;
2109
2110 if (sm == NULL)
2111 return;
2112
2113 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2114 "WPA: Association event - clear replay counter");
2115 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2116 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2117 sm->rx_replay_counter_set = 0;
2118 sm->renew_snonce = 1;
2119 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2120 rsn_preauth_deinit(sm);
2121
2122#ifdef CONFIG_IEEE80211R
2123 if (wpa_ft_is_completed(sm)) {
2124 /*
2125 * Clear portValid to kick EAPOL state machine to re-enter
2126 * AUTHENTICATED state to get the EAPOL port Authorized.
2127 */
2128 eapol_sm_notify_portValid(sm->eapol, FALSE);
2129 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2130
2131 /* Prepare for the next transition */
2132 wpa_ft_prepare_auth_request(sm, NULL);
2133
2134 clear_ptk = 0;
2135 }
2136#endif /* CONFIG_IEEE80211R */
2137
2138 if (clear_ptk) {
2139 /*
2140 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2141 * this is not part of a Fast BSS Transition.
2142 */
2143 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2144 sm->ptk_set = 0;
2145 sm->tptk_set = 0;
2146 }
2147
2148#ifdef CONFIG_TDLS
2149 wpa_tdls_assoc(sm);
2150#endif /* CONFIG_TDLS */
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]2151
2152#ifdef CONFIG_P2P
2153 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2154#endif /* CONFIG_P2P */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2155}
2156
2157
2158/**
2159 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2160 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2161 *
2162 * This function is called to let WPA state machine know that the connection
2163 * was lost. This will abort any existing pre-authentication session.
2164 */
2165void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2166{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]2167 peerkey_deinit(sm);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2168 rsn_preauth_deinit(sm);
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2169 pmksa_cache_clear_current(sm);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2170 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2171 sm->dot11RSNA4WayHandshakeFailures++;
2172#ifdef CONFIG_TDLS
2173 wpa_tdls_disassoc(sm);
2174#endif /* CONFIG_TDLS */
2175}
2176
2177
2178/**
2179 * wpa_sm_set_pmk - Set PMK
2180 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2181 * @pmk: The new PMK
2182 * @pmk_len: The length of the new PMK in bytes
2183 *
2184 * Configure the PMK for WPA state machine.
2185 */
2186void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
2187{
2188 if (sm == NULL)
2189 return;
2190
2191 sm->pmk_len = pmk_len;
2192 os_memcpy(sm->pmk, pmk, pmk_len);
2193
2194#ifdef CONFIG_IEEE80211R
2195 /* Set XXKey to be PSK for FT key derivation */
2196 sm->xxkey_len = pmk_len;
2197 os_memcpy(sm->xxkey, pmk, pmk_len);
2198#endif /* CONFIG_IEEE80211R */
2199}
2200
2201
2202/**
2203 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2204 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2205 *
2206 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2207 * will be cleared.
2208 */
2209void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2210{
2211 if (sm == NULL)
2212 return;
2213
2214 if (sm->cur_pmksa) {
2215 sm->pmk_len = sm->cur_pmksa->pmk_len;
2216 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2217 } else {
2218 sm->pmk_len = PMK_LEN;
2219 os_memset(sm->pmk, 0, PMK_LEN);
2220 }
2221}
2222
2223
2224/**
2225 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2226 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2227 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2228 */
2229void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2230{
2231 if (sm)
2232 sm->fast_reauth = fast_reauth;
2233}
2234
2235
2236/**
2237 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2238 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2239 * @scard_ctx: Context pointer for smartcard related callback functions
2240 */
2241void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2242{
2243 if (sm == NULL)
2244 return;
2245 sm->scard_ctx = scard_ctx;
2246 if (sm->preauth_eapol)
2247 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2248}
2249
2250
2251/**
2252 * wpa_sm_set_config - Notification of current configration change
2253 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2254 * @config: Pointer to current network configuration
2255 *
2256 * Notify WPA state machine that configuration has changed. config will be
2257 * stored as a backpointer to network configuration. This can be %NULL to clear
2258 * the stored pointed.
2259 */
2260void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2261{
2262 if (!sm)
2263 return;
2264
2265 if (config) {
2266 sm->network_ctx = config->network_ctx;
2267 sm->peerkey_enabled = config->peerkey_enabled;
2268 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2269 sm->proactive_key_caching = config->proactive_key_caching;
2270 sm->eap_workaround = config->eap_workaround;
2271 sm->eap_conf_ctx = config->eap_conf_ctx;
2272 if (config->ssid) {
2273 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2274 sm->ssid_len = config->ssid_len;
2275 } else
2276 sm->ssid_len = 0;
2277 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]2278 sm->p2p = config->p2p;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2279 } else {
2280 sm->network_ctx = NULL;
2281 sm->peerkey_enabled = 0;
2282 sm->allowed_pairwise_cipher = 0;
2283 sm->proactive_key_caching = 0;
2284 sm->eap_workaround = 0;
2285 sm->eap_conf_ctx = NULL;
2286 sm->ssid_len = 0;
2287 sm->wpa_ptk_rekey = 0;
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]2288 sm->p2p = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2289 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2290}
2291
2292
2293/**
2294 * wpa_sm_set_own_addr - Set own MAC address
2295 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2296 * @addr: Own MAC address
2297 */
2298void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2299{
2300 if (sm)
2301 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2302}
2303
2304
2305/**
2306 * wpa_sm_set_ifname - Set network interface name
2307 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2308 * @ifname: Interface name
2309 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2310 */
2311void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2312 const char *bridge_ifname)
2313{
2314 if (sm) {
2315 sm->ifname = ifname;
2316 sm->bridge_ifname = bridge_ifname;
2317 }
2318}
2319
2320
2321/**
2322 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2323 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2324 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2325 */
2326void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2327{
2328 if (sm)
2329 sm->eapol = eapol;
2330}
2331
2332
2333/**
2334 * wpa_sm_set_param - Set WPA state machine parameters
2335 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2336 * @param: Parameter field
2337 * @value: Parameter value
2338 * Returns: 0 on success, -1 on failure
2339 */
2340int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2341 unsigned int value)
2342{
2343 int ret = 0;
2344
2345 if (sm == NULL)
2346 return -1;
2347
2348 switch (param) {
2349 case RSNA_PMK_LIFETIME:
2350 if (value > 0)
2351 sm->dot11RSNAConfigPMKLifetime = value;
2352 else
2353 ret = -1;
2354 break;
2355 case RSNA_PMK_REAUTH_THRESHOLD:
2356 if (value > 0 && value <= 100)
2357 sm->dot11RSNAConfigPMKReauthThreshold = value;
2358 else
2359 ret = -1;
2360 break;
2361 case RSNA_SA_TIMEOUT:
2362 if (value > 0)
2363 sm->dot11RSNAConfigSATimeout = value;
2364 else
2365 ret = -1;
2366 break;
2367 case WPA_PARAM_PROTO:
2368 sm->proto = value;
2369 break;
2370 case WPA_PARAM_PAIRWISE:
2371 sm->pairwise_cipher = value;
2372 break;
2373 case WPA_PARAM_GROUP:
2374 sm->group_cipher = value;
2375 break;
2376 case WPA_PARAM_KEY_MGMT:
2377 sm->key_mgmt = value;
2378 break;
2379#ifdef CONFIG_IEEE80211W
2380 case WPA_PARAM_MGMT_GROUP:
2381 sm->mgmt_group_cipher = value;
2382 break;
2383#endif /* CONFIG_IEEE80211W */
2384 case WPA_PARAM_RSN_ENABLED:
2385 sm->rsn_enabled = value;
2386 break;
2387 case WPA_PARAM_MFP:
2388 sm->mfp = value;
2389 break;
2390 default:
2391 break;
2392 }
2393
2394 return ret;
2395}
2396
2397
2398/**
2399 * wpa_sm_get_param - Get WPA state machine parameters
2400 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2401 * @param: Parameter field
2402 * Returns: Parameter value
2403 */
2404unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
2405{
2406 if (sm == NULL)
2407 return 0;
2408
2409 switch (param) {
2410 case RSNA_PMK_LIFETIME:
2411 return sm->dot11RSNAConfigPMKLifetime;
2412 case RSNA_PMK_REAUTH_THRESHOLD:
2413 return sm->dot11RSNAConfigPMKReauthThreshold;
2414 case RSNA_SA_TIMEOUT:
2415 return sm->dot11RSNAConfigSATimeout;
2416 case WPA_PARAM_PROTO:
2417 return sm->proto;
2418 case WPA_PARAM_PAIRWISE:
2419 return sm->pairwise_cipher;
2420 case WPA_PARAM_GROUP:
2421 return sm->group_cipher;
2422 case WPA_PARAM_KEY_MGMT:
2423 return sm->key_mgmt;
2424#ifdef CONFIG_IEEE80211W
2425 case WPA_PARAM_MGMT_GROUP:
2426 return sm->mgmt_group_cipher;
2427#endif /* CONFIG_IEEE80211W */
2428 case WPA_PARAM_RSN_ENABLED:
2429 return sm->rsn_enabled;
2430 default:
2431 return 0;
2432 }
2433}
2434
2435
2436/**
2437 * wpa_sm_get_status - Get WPA state machine
2438 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2439 * @buf: Buffer for status information
2440 * @buflen: Maximum buffer length
2441 * @verbose: Whether to include verbose status information
2442 * Returns: Number of bytes written to buf.
2443 *
2444 * Query WPA state machine for status information. This function fills in
2445 * a text area with current status information. If the buffer (buf) is not
2446 * large enough, status information will be truncated to fit the buffer.
2447 */
2448int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2449 int verbose)
2450{
2451 char *pos = buf, *end = buf + buflen;
2452 int ret;
2453
2454 ret = os_snprintf(pos, end - pos,
2455 "pairwise_cipher=%s\n"
2456 "group_cipher=%s\n"
2457 "key_mgmt=%s\n",
2458 wpa_cipher_txt(sm->pairwise_cipher),
2459 wpa_cipher_txt(sm->group_cipher),
2460 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2461 if (ret < 0 || ret >= end - pos)
2462 return pos - buf;
2463 pos += ret;
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]2464
2465 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2466 struct wpa_ie_data rsn;
2467 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2468 >= 0 &&
2469 rsn.capabilities & (WPA_CAPABILITY_MFPR |
2470 WPA_CAPABILITY_MFPC)) {
2471 ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2472 (rsn.capabilities &
2473 WPA_CAPABILITY_MFPR) ? 2 : 1);
2474 if (ret < 0 || ret >= end - pos)
2475 return pos - buf;
2476 pos += ret;
2477 }
2478 }
2479
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2480 return pos - buf;
2481}
2482
2483
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]2484int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2485{
2486 struct wpa_ie_data rsn;
2487
2488 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2489 return 0;
2490
2491 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2492 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2493 return 1;
2494
2495 return 0;
2496}
2497
2498
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2499/**
2500 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2501 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2502 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2503 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2504 * Returns: 0 on success, -1 on failure
2505 */
2506int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2507 size_t *wpa_ie_len)
2508{
2509 int res;
2510
2511 if (sm == NULL)
2512 return -1;
2513
2514 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2515 if (res < 0)
2516 return -1;
2517 *wpa_ie_len = res;
2518
2519 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2520 wpa_ie, *wpa_ie_len);
2521
2522 if (sm->assoc_wpa_ie == NULL) {
2523 /*
2524 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2525 * the correct version of the IE even if PMKSA caching is
2526 * aborted (which would remove PMKID from IE generation).
2527 */
2528 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2529 if (sm->assoc_wpa_ie == NULL)
2530 return -1;
2531
2532 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2533 sm->assoc_wpa_ie_len = *wpa_ie_len;
2534 }
2535
2536 return 0;
2537}
2538
2539
2540/**
2541 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2542 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2543 * @ie: Pointer to IE data (starting from id)
2544 * @len: IE length
2545 * Returns: 0 on success, -1 on failure
2546 *
2547 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2548 * Request frame. The IE will be used to override the default value generated
2549 * with wpa_sm_set_assoc_wpa_ie_default().
2550 */
2551int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2552{
2553 if (sm == NULL)
2554 return -1;
2555
2556 os_free(sm->assoc_wpa_ie);
2557 if (ie == NULL || len == 0) {
2558 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2559 "WPA: clearing own WPA/RSN IE");
2560 sm->assoc_wpa_ie = NULL;
2561 sm->assoc_wpa_ie_len = 0;
2562 } else {
2563 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2564 sm->assoc_wpa_ie = os_malloc(len);
2565 if (sm->assoc_wpa_ie == NULL)
2566 return -1;
2567
2568 os_memcpy(sm->assoc_wpa_ie, ie, len);
2569 sm->assoc_wpa_ie_len = len;
2570 }
2571
2572 return 0;
2573}
2574
2575
2576/**
2577 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2578 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2579 * @ie: Pointer to IE data (starting from id)
2580 * @len: IE length
2581 * Returns: 0 on success, -1 on failure
2582 *
2583 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2584 * frame.
2585 */
2586int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2587{
2588 if (sm == NULL)
2589 return -1;
2590
2591 os_free(sm->ap_wpa_ie);
2592 if (ie == NULL || len == 0) {
2593 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2594 "WPA: clearing AP WPA IE");
2595 sm->ap_wpa_ie = NULL;
2596 sm->ap_wpa_ie_len = 0;
2597 } else {
2598 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2599 sm->ap_wpa_ie = os_malloc(len);
2600 if (sm->ap_wpa_ie == NULL)
2601 return -1;
2602
2603 os_memcpy(sm->ap_wpa_ie, ie, len);
2604 sm->ap_wpa_ie_len = len;
2605 }
2606
2607 return 0;
2608}
2609
2610
2611/**
2612 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2613 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2614 * @ie: Pointer to IE data (starting from id)
2615 * @len: IE length
2616 * Returns: 0 on success, -1 on failure
2617 *
2618 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2619 * frame.
2620 */
2621int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2622{
2623 if (sm == NULL)
2624 return -1;
2625
2626 os_free(sm->ap_rsn_ie);
2627 if (ie == NULL || len == 0) {
2628 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2629 "WPA: clearing AP RSN IE");
2630 sm->ap_rsn_ie = NULL;
2631 sm->ap_rsn_ie_len = 0;
2632 } else {
2633 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2634 sm->ap_rsn_ie = os_malloc(len);
2635 if (sm->ap_rsn_ie == NULL)
2636 return -1;
2637
2638 os_memcpy(sm->ap_rsn_ie, ie, len);
2639 sm->ap_rsn_ie_len = len;
2640 }
2641
2642 return 0;
2643}
2644
2645
2646/**
2647 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2648 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2649 * @data: Pointer to data area for parsing results
2650 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2651 *
2652 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2653 * parsed data into data.
2654 */
2655int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2656{
2657 if (sm == NULL)
2658 return -1;
2659
2660 if (sm->assoc_wpa_ie == NULL) {
2661 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2662 "WPA: No WPA/RSN IE available from association info");
2663 return -1;
2664 }
2665 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2666 return -2;
2667 return 0;
2668}
2669
2670
2671int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2672{
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2673 return pmksa_cache_list(sm->pmksa, buf, len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2674}
2675
2676
2677void wpa_sm_drop_sa(struct wpa_sm *sm)
2678{
2679 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2680 sm->ptk_set = 0;
2681 sm->tptk_set = 0;
2682 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2683 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2684 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2685}
2686
2687
2688int wpa_sm_has_ptk(struct wpa_sm *sm)
2689{
2690 if (sm == NULL)
2691 return 0;
2692 return sm->ptk_set;
2693}
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2694
2695
2696void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2697{
2698 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2699}
2700
2701
2702void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2703{
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]2704 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2705}
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2706
2707
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]2708#ifdef CONFIG_WNM
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2709int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2710{
2711 struct wpa_gtk_data gd;
2712#ifdef CONFIG_IEEE80211W
2713 struct wpa_igtk_kde igd;
2714 u16 keyidx;
2715#endif /* CONFIG_IEEE80211W */
2716 u16 keyinfo;
2717 u8 keylen; /* plaintext key len */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2718 u8 *key_rsc;
2719
2720 os_memset(&gd, 0, sizeof(gd));
2721#ifdef CONFIG_IEEE80211W
2722 os_memset(&igd, 0, sizeof(igd));
2723#endif /* CONFIG_IEEE80211W */
2724
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]2725 keylen = wpa_cipher_key_len(sm->group_cipher);
2726 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2727 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2728 if (gd.alg == WPA_ALG_NONE) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2729 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2730 return -1;
2731 }
2732
2733 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2734 key_rsc = buf + 5;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]2735 keyinfo = WPA_GET_LE16(buf + 2);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2736 gd.gtk_len = keylen;
2737 if (gd.gtk_len != buf[4]) {
2738 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2739 gd.gtk_len, buf[4]);
2740 return -1;
2741 }
2742 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2743 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2744 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2745
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]2746 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2747
2748 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2749 gd.gtk, gd.gtk_len);
2750 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2751 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2752 "WNM mode");
2753 return -1;
2754 }
2755#ifdef CONFIG_IEEE80211W
2756 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]2757 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2758 os_memcpy(igd.keyid, buf + 2, 2);
2759 os_memcpy(igd.pn, buf + 4, 6);
2760
2761 keyidx = WPA_GET_LE16(igd.keyid);
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]2762 os_memcpy(igd.igtk, buf + 10, keylen);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2763
2764 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]2765 igd.igtk, keylen);
2766 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2767 broadcast_ether_addr,
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2768 keyidx, 0, igd.pn, sizeof(igd.pn),
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]2769 igd.igtk, keylen) < 0) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2770 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2771 "WNM mode");
2772 return -1;
2773 }
2774#endif /* CONFIG_IEEE80211W */
2775 } else {
2776 wpa_printf(MSG_DEBUG, "Unknown element id");
2777 return -1;
2778 }
2779
2780 return 0;
2781}
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]2782#endif /* CONFIG_WNM */
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]2783
2784
2785#ifdef CONFIG_PEERKEY
2786int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2787 const u8 *buf, size_t len)
2788{
2789 struct wpa_peerkey *peerkey;
2790
2791 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2792 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2793 break;
2794 }
2795
2796 if (!peerkey)
2797 return 0;
2798
2799 wpa_sm_rx_eapol(sm, src_addr, buf, len);
2800
2801 return 1;
2802}
2803#endif /* CONFIG_PEERKEY */
Dmitry Shmidtcf32e602014-01-28 10:57:39 -0800[diff] [blame]2804
2805
2806#ifdef CONFIG_P2P
2807
2808int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
2809{
2810 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
2811 return -1;
2812 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
2813 return 0;
2814}
2815
2816#endif /* CONFIG_P2P */