Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 4b86ea55603eded752b5773179884a35e74e1a89 / . / src / rsn_supp / peerkey.c
blob: 3d5aac6b6e6d1b1fbd6ad1092881ac2629646e66 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
3 * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi>
4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "includes.h"
10
11#ifdef CONFIG_PEERKEY
12
13#include "common.h"
14#include "eloop.h"
15#include "crypto/sha1.h"
16#include "crypto/sha256.h"
17#include "crypto/random.h"
18#include "common/ieee802_11_defs.h"
19#include "wpa.h"
20#include "wpa_i.h"
21#include "wpa_ie.h"
22#include "peerkey.h"
23
24
25static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
26{
27 os_memcpy(pos, ie, ie_len);
28 return pos + ie_len;
29}
30
31
32static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
33{
34 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
35 *pos++ = RSN_SELECTOR_LEN + data_len;
36 RSN_SELECTOR_PUT(pos, kde);
37 pos += RSN_SELECTOR_LEN;
38 os_memcpy(pos, data, data_len);
39 pos += data_len;
40 return pos;
41}
42
43
44static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
45{
46#if 0
47 struct wpa_sm *sm = eloop_ctx;
48 struct wpa_peerkey *peerkey = timeout_ctx;
49#endif
50 /* TODO: time out SMK and any STK that was generated using this SMK */
51}
52
53
54static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
55 struct wpa_peerkey *peerkey)
56{
57 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
58 os_free(peerkey);
59}
60
61
62static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
63 const u8 *peer,
64 u16 mui, u16 error_type, int ver)
65{
66 size_t rlen;
67 struct wpa_eapol_key *err;
68 struct rsn_error_kde error;
69 u8 *rbuf, *pos;
70 size_t kde_len;
71 u16 key_info;
72
73 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
74 if (peer)
75 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
76
77 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
78 NULL, sizeof(*err) + kde_len, &rlen,
79 (void *) &err);
80 if (rbuf == NULL)
81 return -1;
82
83 err->type = EAPOL_KEY_TYPE_RSN;
84 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
85 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
86 WPA_KEY_INFO_REQUEST;
87 WPA_PUT_BE16(err->key_info, key_info);
88 WPA_PUT_BE16(err->key_length, 0);
89 os_memcpy(err->replay_counter, sm->request_counter,
90 WPA_REPLAY_COUNTER_LEN);
91 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
92
93 WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
94 pos = (u8 *) (err + 1);
95
96 if (peer) {
97 /* Peer MAC Address KDE */
98 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
99 }
100
101 /* Error KDE */
102 error.mui = host_to_be16(mui);
103 error.error_type = host_to_be16(error_type);
104 wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error));
105
106 if (peer) {
107 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
108 MACSTR " mui %d error_type %d)",
109 MAC2STR(peer), mui, error_type);
110 } else {
111 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
112 "(mui %d error_type %d)", mui, error_type);
113 }
114
115 wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
116 rbuf, rlen, err->key_mic);
117
118 return 0;
119}
120
121
122static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
123 const unsigned char *src_addr,
124 const struct wpa_eapol_key *key,
125 int ver, struct wpa_peerkey *peerkey)
126{
127 size_t rlen;
128 struct wpa_eapol_key *reply;
129 u8 *rbuf, *pos;
130 size_t kde_len;
131 u16 key_info;
132
133 /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
134 kde_len = peerkey->rsnie_p_len +
135 2 + RSN_SELECTOR_LEN + ETH_ALEN +
136 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
137
138 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
139 NULL, sizeof(*reply) + kde_len, &rlen,
140 (void *) &reply);
141 if (rbuf == NULL)
142 return -1;
143
144 reply->type = EAPOL_KEY_TYPE_RSN;
145 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
146 WPA_KEY_INFO_SECURE;
147 WPA_PUT_BE16(reply->key_info, key_info);
148 WPA_PUT_BE16(reply->key_length, 0);
149 os_memcpy(reply->replay_counter, key->replay_counter,
150 WPA_REPLAY_COUNTER_LEN);
151
152 os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
153
154 WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
155 pos = (u8 *) (reply + 1);
156
157 /* Peer RSN IE */
158 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
159
160 /* Initiator MAC Address KDE */
161 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
162
163 /* Initiator Nonce */
164 wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
165
166 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
167 wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
168 rbuf, rlen, reply->key_mic);
169
170 return 0;
171}
172
173
174static int wpa_supplicant_process_smk_m2(
175 struct wpa_sm *sm, const unsigned char *src_addr,
176 const struct wpa_eapol_key *key, size_t extra_len, int ver)
177{
178 struct wpa_peerkey *peerkey;
179 struct wpa_eapol_ie_parse kde;
180 struct wpa_ie_data ie;
181 int cipher;
182 struct rsn_ie_hdr *hdr;
183 u8 *pos;
184
185 wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
186
187 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
188 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
189 "the current network");
190 return -1;
191 }
192
193 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
194 0) {
195 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
196 return -1;
197 }
198
199 if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
200 kde.mac_addr_len < ETH_ALEN) {
201 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
202 "SMK M2");
203 return -1;
204 }
205
206 wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
207 MAC2STR(kde.mac_addr));
208
209 if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
210 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
211 "M2");
212 return -1;
213 }
214
215 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
216 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
217 return -1;
218 }
219
220 cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
221 if (cipher & WPA_CIPHER_CCMP) {
222 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
223 cipher = WPA_CIPHER_CCMP;
224 } else if (cipher & WPA_CIPHER_TKIP) {
225 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
226 cipher = WPA_CIPHER_TKIP;
227 } else {
228 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
229 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
230 STK_MUI_SMK, STK_ERR_CPHR_NS,
231 ver);
232 return -1;
233 }
234
235 /* TODO: find existing entry and if found, use that instead of adding
236 * a new one; how to handle the case where both ends initiate at the
237 * same time? */
238 peerkey = os_zalloc(sizeof(*peerkey));
239 if (peerkey == NULL)
240 return -1;
241 os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
242 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
243 os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
244 peerkey->rsnie_i_len = kde.rsn_ie_len;
245 peerkey->cipher = cipher;
246#ifdef CONFIG_IEEE80211W
247 if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 |
248 WPA_KEY_MGMT_PSK_SHA256))
249 peerkey->use_sha256 = 1;
250#endif /* CONFIG_IEEE80211W */
251
252 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
253 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
254 "WPA: Failed to get random data for PNonce");
255 wpa_supplicant_peerkey_free(sm, peerkey);
256 return -1;
257 }
258
259 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
260 hdr->elem_id = WLAN_EID_RSN;
261 WPA_PUT_LE16(hdr->version, RSN_VERSION);
262 pos = (u8 *) (hdr + 1);
263 /* Group Suite can be anything for SMK RSN IE; receiver will just
264 * ignore it. */
265 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
266 pos += RSN_SELECTOR_LEN;
267 /* Include only the selected cipher in pairwise cipher suite */
268 WPA_PUT_LE16(pos, 1);
269 pos += 2;
270 if (cipher == WPA_CIPHER_CCMP)
271 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
272 else if (cipher == WPA_CIPHER_TKIP)
273 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
274 pos += RSN_SELECTOR_LEN;
275
276 hdr->len = (pos - peerkey->rsnie_p) - 2;
277 peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
278 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
279 peerkey->rsnie_p, peerkey->rsnie_p_len);
280
281 wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
282
283 peerkey->next = sm->peerkey;
284 sm->peerkey = peerkey;
285
286 return 0;
287}
288
289
290/**
291 * rsn_smkid - Derive SMK identifier
292 * @smk: Station master key (32 bytes)
293 * @pnonce: Peer Nonce
294 * @mac_p: Peer MAC address
295 * @inonce: Initiator Nonce
296 * @mac_i: Initiator MAC address
297 * @use_sha256: Whether to use SHA256-based KDF
298 *
299 * 8.5.1.4 Station to station (STK) key hierarchy
300 * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
301 */
302static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
303 const u8 *inonce, const u8 *mac_i, u8 *smkid,
304 int use_sha256)
305{
306 char *title = "SMK Name";
307 const u8 *addr[5];
308 const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
309 ETH_ALEN };
310 unsigned char hash[SHA256_MAC_LEN];
311
312 addr[0] = (u8 *) title;
313 addr[1] = pnonce;
314 addr[2] = mac_p;
315 addr[3] = inonce;
316 addr[4] = mac_i;
317
318#ifdef CONFIG_IEEE80211W
319 if (use_sha256)
320 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash);
321 else
322#endif /* CONFIG_IEEE80211W */
323 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
324 os_memcpy(smkid, hash, PMKID_LEN);
325}
326
327
328static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
329 struct wpa_peerkey *peerkey)
330{
331 size_t mlen;
332 struct wpa_eapol_key *msg;
333 u8 *mbuf;
334 size_t kde_len;
335 u16 key_info, ver;
336
337 kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
338
339 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
340 sizeof(*msg) + kde_len, &mlen,
341 (void *) &msg);
342 if (mbuf == NULL)
343 return;
344
345 msg->type = EAPOL_KEY_TYPE_RSN;
346
347 if (peerkey->cipher == WPA_CIPHER_CCMP)
348 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
349 else
350 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
351
352 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
353 WPA_PUT_BE16(msg->key_info, key_info);
354
355 if (peerkey->cipher == WPA_CIPHER_CCMP)
356 WPA_PUT_BE16(msg->key_length, 16);
357 else
358 WPA_PUT_BE16(msg->key_length, 32);
359
360 os_memcpy(msg->replay_counter, peerkey->replay_counter,
361 WPA_REPLAY_COUNTER_LEN);
362 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
363
364 WPA_PUT_BE16(msg->key_data_length, kde_len);
365 wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
366 peerkey->smkid, PMKID_LEN);
367
368 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
369 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
370 "RSN: Failed to get random data for INonce (STK)");
371 os_free(mbuf);
372 return;
373 }
374 wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
375 peerkey->inonce, WPA_NONCE_LEN);
376 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
377
378 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
379 MAC2STR(peerkey->addr));
380 wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
381 mbuf, mlen, NULL);
382}
383
384
385static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
386 struct wpa_peerkey *peerkey)
387{
388 size_t mlen;
389 struct wpa_eapol_key *msg;
390 u8 *mbuf, *pos;
391 size_t kde_len;
392 u16 key_info, ver;
393 be32 lifetime;
394
395 kde_len = peerkey->rsnie_i_len +
396 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
397
398 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
399 sizeof(*msg) + kde_len, &mlen,
400 (void *) &msg);
401 if (mbuf == NULL)
402 return;
403
404 msg->type = EAPOL_KEY_TYPE_RSN;
405
406 if (peerkey->cipher == WPA_CIPHER_CCMP)
407 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
408 else
409 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
410
411 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
412 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
413 WPA_PUT_BE16(msg->key_info, key_info);
414
415 if (peerkey->cipher == WPA_CIPHER_CCMP)
416 WPA_PUT_BE16(msg->key_length, 16);
417 else
418 WPA_PUT_BE16(msg->key_length, 32);
419
420 os_memcpy(msg->replay_counter, peerkey->replay_counter,
421 WPA_REPLAY_COUNTER_LEN);
422 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
423
424 WPA_PUT_BE16(msg->key_data_length, kde_len);
425 pos = (u8 *) (msg + 1);
426 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
427 lifetime = host_to_be32(peerkey->lifetime);
428 wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
429 (u8 *) &lifetime, sizeof(lifetime));
430
431 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
432
433 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
434 MAC2STR(peerkey->addr));
435 wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
436 ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
437}
438
439
440static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey,
441 struct wpa_eapol_ie_parse *kde)
442{
443 wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")",
444 MAC2STR(kde->mac_addr));
445
446 if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0)
447 {
448 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
449 "match with the one used in SMK M3");
450 return -1;
451 }
452
453 if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
454 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not "
455 "match with the one received in SMK M2");
456 return -1;
457 }
458
459 return 0;
460}
461
462
463static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
464 const unsigned char *src_addr,
465 const struct wpa_eapol_key *key,
466 int ver,
467 struct wpa_peerkey *peerkey,
468 struct wpa_eapol_ie_parse *kde)
469{
470 int cipher;
471 struct wpa_ie_data ie;
472
473 wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
474 MAC2STR(kde->mac_addr));
475 if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
476 wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
477 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
478 /* TODO: abort negotiation */
479 return -1;
480 }
481
482 if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
483 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
484 "not match with INonce used in SMK M1");
485 return -1;
486 }
487
488 if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
489 {
490 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
491 "match with the one used in SMK M1");
492 return -1;
493 }
494
495 os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
496 peerkey->rsnie_p_len = kde->rsn_ie_len;
497 os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
498
499 cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
500 if (cipher & WPA_CIPHER_CCMP) {
501 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
502 peerkey->cipher = WPA_CIPHER_CCMP;
503 } else if (cipher & WPA_CIPHER_TKIP) {
504 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
505 peerkey->cipher = WPA_CIPHER_TKIP;
506 } else {
507 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
508 "unacceptable cipher", MAC2STR(kde->mac_addr));
509 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
510 STK_MUI_SMK, STK_ERR_CPHR_NS,
511 ver);
512 /* TODO: abort negotiation */
513 return -1;
514 }
515
516 return 0;
517}
518
519
520static int wpa_supplicant_process_smk_m45(
521 struct wpa_sm *sm, const unsigned char *src_addr,
522 const struct wpa_eapol_key *key, size_t extra_len, int ver)
523{
524 struct wpa_peerkey *peerkey;
525 struct wpa_eapol_ie_parse kde;
526 u32 lifetime;
527 struct os_time now;
528
529 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
530 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
531 "the current network");
532 return -1;
533 }
534
535 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
536 0) {
537 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
538 return -1;
539 }
540
541 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
542 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
543 kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
544 kde.lifetime == NULL || kde.lifetime_len < 4) {
545 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
546 "Lifetime KDE in SMK M4/M5");
547 return -1;
548 }
549
550 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
551 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
552 os_memcmp(peerkey->initiator ? peerkey->inonce :
553 peerkey->pnonce,
554 key->key_nonce, WPA_NONCE_LEN) == 0)
555 break;
556 }
557 if (peerkey == NULL) {
558 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
559 "for SMK M4/M5: peer " MACSTR,
560 MAC2STR(kde.mac_addr));
561 return -1;
562 }
563
564 if (peerkey->initiator) {
565 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver,
566 peerkey, &kde) < 0)
567 return -1;
568 } else {
569 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0)
570 return -1;
571 }
572
573 os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
574 peerkey->smk_complete = 1;
575 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
576 lifetime = WPA_GET_BE32(kde.lifetime);
577 wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
578 if (lifetime > 1000000000)
579 lifetime = 1000000000; /* avoid overflowing expiration time */
580 peerkey->lifetime = lifetime;
581 os_get_time(&now);
582 peerkey->expiration = now.sec + lifetime;
583 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
584 sm, peerkey);
585
586 if (peerkey->initiator) {
587 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
588 peerkey->inonce, sm->own_addr, peerkey->smkid,
589 peerkey->use_sha256);
590 wpa_supplicant_send_stk_1_of_4(sm, peerkey);
591 } else {
592 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
593 peerkey->inonce, peerkey->addr, peerkey->smkid,
594 peerkey->use_sha256);
595 }
596 wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
597
598 return 0;
599}
600
601
602static int wpa_supplicant_process_smk_error(
603 struct wpa_sm *sm, const unsigned char *src_addr,
604 const struct wpa_eapol_key *key, size_t extra_len)
605{
606 struct wpa_eapol_ie_parse kde;
607 struct rsn_error_kde error;
608 u8 peer[ETH_ALEN];
609 u16 error_type;
610
611 wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
612
613 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
614 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
615 "the current network");
616 return -1;
617 }
618
619 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
620 0) {
621 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
622 return -1;
623 }
624
625 if (kde.error == NULL || kde.error_len < sizeof(error)) {
626 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
627 return -1;
628 }
629
630 if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
631 os_memcpy(peer, kde.mac_addr, ETH_ALEN);
632 else
633 os_memset(peer, 0, ETH_ALEN);
634 os_memcpy(&error, kde.error, sizeof(error));
635 error_type = be_to_host16(error.error_type);
636 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
637 "RSN: SMK Error KDE received: MUI %d error_type %d peer "
638 MACSTR,
639 be_to_host16(error.mui), error_type,
640 MAC2STR(peer));
641
642 if (kde.mac_addr &&
643 (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
644 error_type == STK_ERR_CPHR_NS)) {
645 struct wpa_peerkey *peerkey;
646
647 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
648 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
649 0)
650 break;
651 }
652 if (peerkey == NULL) {
653 wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
654 "found for SMK Error");
655 return -1;
656 }
657 /* TODO: abort SMK/STK handshake and remove all related keys */
658 }
659
660 return 0;
661}
662
663
664static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
665 struct wpa_peerkey *peerkey,
666 const struct wpa_eapol_key *key,
667 u16 ver)
668{
669 struct wpa_eapol_ie_parse ie;
670 const u8 *kde;
671 size_t len, kde_buf_len;
672 struct wpa_ptk *stk;
673 u8 buf[8], *kde_buf, *pos;
674 be32 lifetime;
675
676 wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
677 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
678
679 os_memset(&ie, 0, sizeof(ie));
680
681 /* RSN: msg 1/4 should contain SMKID for the selected SMK */
682 kde = (const u8 *) (key + 1);
683 len = WPA_GET_BE16(key->key_data_length);
684 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
685 if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
686 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
687 return;
688 }
689 if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
690 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
691 ie.pmkid, PMKID_LEN);
692 return;
693 }
694
695 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
696 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
697 "RSN: Failed to get random data for PNonce");
698 return;
699 }
700 wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
701 peerkey->pnonce, WPA_NONCE_LEN);
702
703 /* Calculate STK which will be stored as a temporary STK until it has
704 * been verified when processing message 3/4. */
705 stk = &peerkey->tstk;
706 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
707 sm->own_addr, peerkey->addr,
708 peerkey->pnonce, key->key_nonce,
709 (u8 *) stk, sizeof(*stk),
710 peerkey->use_sha256);
711 /* Supplicant: swap tx/rx Mic keys */
712 os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
713 os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
714 os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
715 peerkey->tstk_set = 1;
716
717 kde_buf_len = peerkey->rsnie_p_len +
718 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
719 2 + RSN_SELECTOR_LEN + PMKID_LEN;
720 kde_buf = os_malloc(kde_buf_len);
721 if (kde_buf == NULL)
722 return;
723 pos = kde_buf;
724 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
725 lifetime = host_to_be32(peerkey->lifetime);
726 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
727 (u8 *) &lifetime, sizeof(lifetime));
728 wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
729
730 if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
731 peerkey->pnonce, kde_buf, kde_buf_len,
732 stk)) {
733 os_free(kde_buf);
734 return;
735 }
736 os_free(kde_buf);
737
738 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
739}
740
741
742static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
743 struct wpa_peerkey *peerkey,
744 struct wpa_eapol_ie_parse *kde)
745{
746 u32 lifetime;
747 struct os_time now;
748
749 if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
750 return;
751
752 lifetime = WPA_GET_BE32(kde->lifetime);
753
754 if (lifetime >= peerkey->lifetime) {
755 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
756 "which is larger than or equal to own value %u "
757 "seconds - ignored", lifetime, peerkey->lifetime);
758 return;
759 }
760
761 wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
762 "(own was %u seconds) - updated",
763 lifetime, peerkey->lifetime);
764 peerkey->lifetime = lifetime;
765
766 os_get_time(&now);
767 peerkey->expiration = now.sec + lifetime;
768 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
769 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
770 sm, peerkey);
771}
772
773
774static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
775 struct wpa_peerkey *peerkey,
776 const struct wpa_eapol_key *key,
777 u16 ver)
778{
779 struct wpa_eapol_ie_parse kde;
780 const u8 *keydata;
781 size_t len;
782
783 wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
784 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
785
786 os_memset(&kde, 0, sizeof(kde));
787
788 /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
789 * from the peer. It may also include Lifetime KDE. */
790 keydata = (const u8 *) (key + 1);
791 len = WPA_GET_BE16(key->key_data_length);
792 wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
793 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
794 kde.pmkid == NULL || kde.rsn_ie == NULL) {
795 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
796 return;
797 }
798
799 if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
800 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
801 kde.pmkid, PMKID_LEN);
802 return;
803 }
804
805 if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
806 os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
807 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
808 "handshakes did not match");
809 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
810 peerkey->rsnie_p, peerkey->rsnie_p_len);
811 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
812 kde.rsn_ie, kde.rsn_ie_len);
813 return;
814 }
815
816 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
817
818 wpa_supplicant_send_stk_3_of_4(sm, peerkey);
819 os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
820}
821
822
823static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
824 struct wpa_peerkey *peerkey,
825 const struct wpa_eapol_key *key,
826 u16 ver)
827{
828 struct wpa_eapol_ie_parse kde;
829 const u8 *keydata;
830 size_t len, key_len;
831 const u8 *_key;
832 u8 key_buf[32], rsc[6];
833
834 wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
835 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
836
837 os_memset(&kde, 0, sizeof(kde));
838
839 /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
840 * Lifetime KDE. */
841 keydata = (const u8 *) (key + 1);
842 len = WPA_GET_BE16(key->key_data_length);
843 wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
844 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
845 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
846 "STK 3/4");
847 return;
848 }
849
850 if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
851 os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
852 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
853 "handshakes did not match");
854 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
855 "handshake",
856 peerkey->rsnie_i, peerkey->rsnie_i_len);
857 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
858 "handshake",
859 kde.rsn_ie, kde.rsn_ie_len);
860 return;
861 }
862
863 if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
864 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
865 "4-Way Handshake differs from 3 of STK 4-Way "
866 "Handshake - drop packet (src=" MACSTR ")",
867 MAC2STR(peerkey->addr));
868 return;
869 }
870
871 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
872
873 if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
874 WPA_GET_BE16(key->key_info),
875 NULL, 0, &peerkey->stk))
876 return;
877
878 _key = (u8 *) peerkey->stk.tk1;
879 if (peerkey->cipher == WPA_CIPHER_TKIP) {
880 /* Swap Tx/Rx keys for Michael MIC */
881 os_memcpy(key_buf, _key, 16);
882 os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8);
883 os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8);
884 _key = key_buf;
885 key_len = 32;
886 } else
887 key_len = 16;
888
889 os_memset(rsc, 0, 6);
890 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
891 rsc, sizeof(rsc), _key, key_len) < 0) {
892 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
893 "driver.");
894 return;
895 }
896}
897
898
899static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
900 struct wpa_peerkey *peerkey,
901 const struct wpa_eapol_key *key,
902 u16 ver)
903{
904 u8 rsc[6];
905
906 wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
907 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
908
909 os_memset(rsc, 0, 6);
910 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
911 rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
912 peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
913 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
914 "driver.");
915 return;
916 }
917}
918
919
920/**
921 * peerkey_verify_eapol_key_mic - Verify PeerKey MIC
922 * @sm: Pointer to WPA state machine data from wpa_sm_init()
923 * @peerkey: Pointer to the PeerKey data for the peer
924 * @key: Pointer to the EAPOL-Key frame header
925 * @ver: Version bits from EAPOL-Key Key Info
926 * @buf: Pointer to the beginning of EAPOL-Key frame
927 * @len: Length of the EAPOL-Key frame
928 * Returns: 0 on success, -1 on failure
929 */
930int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
931 struct wpa_peerkey *peerkey,
932 struct wpa_eapol_key *key, u16 ver,
933 const u8 *buf, size_t len)
934{
935 u8 mic[16];
936 int ok = 0;
937
938 if (peerkey->initiator && !peerkey->stk_set) {
939 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
940 sm->own_addr, peerkey->addr,
941 peerkey->inonce, key->key_nonce,
942 (u8 *) &peerkey->stk, sizeof(peerkey->stk),
943 peerkey->use_sha256);
944 peerkey->stk_set = 1;
945 }
946
947 os_memcpy(mic, key->key_mic, 16);
948 if (peerkey->tstk_set) {
949 os_memset(key->key_mic, 0, 16);
950 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
951 key->key_mic);
952 if (os_memcmp(mic, key->key_mic, 16) != 0) {
953 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
954 "when using TSTK - ignoring TSTK");
955 } else {
956 ok = 1;
957 peerkey->tstk_set = 0;
958 peerkey->stk_set = 1;
959 os_memcpy(&peerkey->stk, &peerkey->tstk,
960 sizeof(peerkey->stk));
961 }
962 }
963
964 if (!ok && peerkey->stk_set) {
965 os_memset(key->key_mic, 0, 16);
966 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
967 key->key_mic);
968 if (os_memcmp(mic, key->key_mic, 16) != 0) {
969 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
970 "- dropping packet");
971 return -1;
972 }
973 ok = 1;
974 }
975
976 if (!ok) {
977 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
978 "- dropping packet");
979 return -1;
980 }
981
982 os_memcpy(peerkey->replay_counter, key->replay_counter,
983 WPA_REPLAY_COUNTER_LEN);
984 peerkey->replay_counter_set = 1;
985 return 0;
986}
987
988
989/**
990 * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
991 * @sm: Pointer to WPA state machine data from wpa_sm_init()
992 * @peer: MAC address of the peer STA
993 * Returns: 0 on success, or -1 on failure
994 *
995 * Send an EAPOL-Key Request to the current authenticator to start STK
996 * handshake with the peer.
997 */
998int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
999{
1000 size_t rlen, kde_len;
1001 struct wpa_eapol_key *req;
1002 int key_info, ver;
1003 u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
1004 u16 count;
1005 struct rsn_ie_hdr *hdr;
1006 struct wpa_peerkey *peerkey;
1007 struct wpa_ie_data ie;
1008
1009 if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled)
1010 return -1;
1011
1012 if (sm->ap_rsn_ie &&
1013 wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
1014 !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
1015 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
1016 return -1;
1017 }
1018
1019 if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
1020 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1021 else
1022 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1023
1024 if (wpa_sm_get_bssid(sm, bssid) < 0) {
1025 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
1026 "SMK M1");
1027 return -1;
1028 }
1029
1030 /* TODO: find existing entry and if found, use that instead of adding
1031 * a new one */
1032 peerkey = os_zalloc(sizeof(*peerkey));
1033 if (peerkey == NULL)
1034 return -1;
1035 peerkey->initiator = 1;
1036 os_memcpy(peerkey->addr, peer, ETH_ALEN);
1037#ifdef CONFIG_IEEE80211W
1038 if (wpa_key_mgmt_sha256(sm->key_mgmt))
1039 peerkey->use_sha256 = 1;
1040#endif /* CONFIG_IEEE80211W */
1041
1042 /* SMK M1:
1043 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1044 * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
1045 */
1046
1047 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
1048 hdr->elem_id = WLAN_EID_RSN;
1049 WPA_PUT_LE16(hdr->version, RSN_VERSION);
1050 pos = (u8 *) (hdr + 1);
1051 /* Group Suite can be anything for SMK RSN IE; receiver will just
1052 * ignore it. */
1053 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1054 pos += RSN_SELECTOR_LEN;
1055 count_pos = pos;
1056 pos += 2;
1057
1058 count = 0;
1059 if (sm->allowed_pairwise_cipher & WPA_CIPHER_CCMP) {
1060 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1061 pos += RSN_SELECTOR_LEN;
1062 count++;
1063 }
1064 if (sm->allowed_pairwise_cipher & WPA_CIPHER_TKIP) {
1065 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
1066 pos += RSN_SELECTOR_LEN;
1067 count++;
1068 }
1069 WPA_PUT_LE16(count_pos, count);
1070
1071 hdr->len = (pos - peerkey->rsnie_i) - 2;
1072 peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
1073 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
1074 peerkey->rsnie_i, peerkey->rsnie_i_len);
1075
1076 kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1077
1078 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1079 sizeof(*req) + kde_len, &rlen,
1080 (void *) &req);
1081 if (rbuf == NULL) {
1082 wpa_supplicant_peerkey_free(sm, peerkey);
1083 return -1;
1084 }
1085
1086 req->type = EAPOL_KEY_TYPE_RSN;
1087 key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
1088 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1089 WPA_PUT_BE16(req->key_info, key_info);
1090 WPA_PUT_BE16(req->key_length, 0);
1091 os_memcpy(req->replay_counter, sm->request_counter,
1092 WPA_REPLAY_COUNTER_LEN);
1093 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1094
1095 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
1096 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1097 "WPA: Failed to get random data for INonce");
1098 os_free(rbuf);
1099 wpa_supplicant_peerkey_free(sm, peerkey);
1100 return -1;
1101 }
1102 os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1103 wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1104 req->key_nonce, WPA_NONCE_LEN);
1105
1106 WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
1107 pos = (u8 *) (req + 1);
1108
1109 /* Initiator RSN IE */
1110 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
1111 /* Peer MAC address KDE */
1112 wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1113
1114 wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
1115 MACSTR ")", MAC2STR(peer));
1116 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1117 rbuf, rlen, req->key_mic);
1118
1119 peerkey->next = sm->peerkey;
1120 sm->peerkey = peerkey;
1121
1122 return 0;
1123}
1124
1125
1126/**
1127 * peerkey_deinit - Free PeerKey values
1128 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1129 */
1130void peerkey_deinit(struct wpa_sm *sm)
1131{
1132 struct wpa_peerkey *prev, *peerkey = sm->peerkey;
1133 while (peerkey) {
1134 prev = peerkey;
1135 peerkey = peerkey->next;
1136 os_free(prev);
1137 }
1138 sm->peerkey = NULL;
1139}
1140
1141
1142void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
1143 struct wpa_eapol_key *key, u16 key_info, u16 ver)
1144{
1145 if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
1146 (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
1147 /* 3/4 STK 4-Way Handshake */
1148 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
1149 } else if (key_info & WPA_KEY_INFO_ACK) {
1150 /* 1/4 STK 4-Way Handshake */
1151 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
1152 } else if (key_info & WPA_KEY_INFO_SECURE) {
1153 /* 4/4 STK 4-Way Handshake */
1154 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
1155 } else {
1156 /* 2/4 STK 4-Way Handshake */
1157 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
1158 }
1159}
1160
1161
1162void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
1163 struct wpa_eapol_key *key, size_t extra_len,
1164 u16 key_info, u16 ver)
1165{
1166 if (key_info & WPA_KEY_INFO_ERROR) {
1167 /* SMK Error */
1168 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len);
1169 } else if (key_info & WPA_KEY_INFO_ACK) {
1170 /* SMK M2 */
1171 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len,
1172 ver);
1173 } else {
1174 /* SMK M4 or M5 */
1175 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len,
1176 ver);
1177 }
1178}
1179
1180#endif /* CONFIG_PEERKEY */