| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1 | /* |
| 2 | * WPA Supplicant - WPA state machine and EAPOL-Key processing |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3 | * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 4 | * Copyright(c) 2015 Intel Deutschland GmbH |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 5 | * |
| Dmitry Shmidt | c5ec7f5 | 2012-03-06 16:33:24 -0800 | [diff] [blame] | 6 | * This software may be distributed under the terms of the BSD license. |
| 7 | * See README for more details. |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 8 | */ |
| 9 | |
| 10 | #include "includes.h" |
| 11 | |
| 12 | #include "common.h" |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 13 | #include "crypto/aes.h" |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 14 | #include "crypto/aes_wrap.h" |
| 15 | #include "crypto/crypto.h" |
| 16 | #include "crypto/random.h" |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 17 | #include "crypto/aes_siv.h" |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 18 | #include "crypto/sha256.h" |
| 19 | #include "crypto/sha384.h" |
| 20 | #include "crypto/sha512.h" |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 21 | #include "common/ieee802_11_defs.h" |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 22 | #include "common/ieee802_11_common.h" |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 23 | #include "eap_common/eap_defs.h" |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 24 | #include "eapol_supp/eapol_supp_sm.h" |
| 25 | #include "wpa.h" |
| 26 | #include "eloop.h" |
| 27 | #include "preauth.h" |
| 28 | #include "pmksa_cache.h" |
| 29 | #include "wpa_i.h" |
| 30 | #include "wpa_ie.h" |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 31 | |
| 32 | |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 33 | static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; |
| 34 | |
| 35 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 36 | /** |
| 37 | * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message |
| 38 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 39 | * @ptk: PTK for Key Confirmation/Encryption Key |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 40 | * @ver: Version field from Key Info |
| 41 | * @dest: Destination address for the frame |
| 42 | * @proto: Ethertype (usually ETH_P_EAPOL) |
| 43 | * @msg: EAPOL-Key message |
| 44 | * @msg_len: Length of message |
| 45 | * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 46 | * Returns: >= 0 on success, < 0 on failure |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 47 | */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 48 | int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk, |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 49 | int ver, const u8 *dest, u16 proto, |
| 50 | u8 *msg, size_t msg_len, u8 *key_mic) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 51 | { |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 52 | int ret = -1; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 53 | size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 54 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 55 | wpa_printf(MSG_DEBUG, "WPA: Send EAPOL-Key frame to " MACSTR |
| 56 | " ver=%d mic_len=%d key_mgmt=0x%x", |
| 57 | MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 58 | if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { |
| 59 | /* |
| 60 | * Association event was not yet received; try to fetch |
| 61 | * BSSID from the driver. |
| 62 | */ |
| 63 | if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { |
| 64 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 65 | "WPA: Failed to read BSSID for " |
| 66 | "EAPOL-Key destination address"); |
| 67 | } else { |
| 68 | dest = sm->bssid; |
| 69 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 70 | "WPA: Use BSSID (" MACSTR |
| 71 | ") as the destination for EAPOL-Key", |
| 72 | MAC2STR(dest)); |
| 73 | } |
| 74 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 75 | |
| 76 | if (mic_len) { |
| 77 | if (key_mic && (!ptk || !ptk->kck_len)) |
| 78 | goto out; |
| 79 | |
| 80 | if (key_mic && |
| 81 | wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver, |
| 82 | msg, msg_len, key_mic)) { |
| 83 | wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, |
| 84 | "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", |
| 85 | ver, sm->key_mgmt); |
| 86 | goto out; |
| 87 | } |
| Dmitry Shmidt | 2933359 | 2017-01-09 12:27:11 -0800 | [diff] [blame] | 88 | if (ptk) |
| 89 | wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", |
| 90 | ptk->kck, ptk->kck_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 91 | wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", |
| 92 | key_mic, mic_len); |
| 93 | } else { |
| 94 | #ifdef CONFIG_FILS |
| 95 | /* AEAD cipher - Key MIC field not used */ |
| 96 | struct ieee802_1x_hdr *s_hdr, *hdr; |
| 97 | struct wpa_eapol_key *s_key, *key; |
| 98 | u8 *buf, *s_key_data, *key_data; |
| 99 | size_t buf_len = msg_len + AES_BLOCK_SIZE; |
| 100 | size_t key_data_len; |
| 101 | u16 eapol_len; |
| 102 | const u8 *aad[1]; |
| 103 | size_t aad_len[1]; |
| 104 | |
| 105 | if (!ptk || !ptk->kek_len) |
| 106 | goto out; |
| 107 | |
| 108 | key_data_len = msg_len - sizeof(struct ieee802_1x_hdr) - |
| 109 | sizeof(struct wpa_eapol_key) - 2; |
| 110 | |
| 111 | buf = os_malloc(buf_len); |
| 112 | if (!buf) |
| 113 | goto out; |
| 114 | |
| 115 | os_memcpy(buf, msg, msg_len); |
| 116 | hdr = (struct ieee802_1x_hdr *) buf; |
| 117 | key = (struct wpa_eapol_key *) (hdr + 1); |
| 118 | key_data = ((u8 *) (key + 1)) + 2; |
| 119 | |
| 120 | /* Update EAPOL header to include AES-SIV overhead */ |
| 121 | eapol_len = be_to_host16(hdr->length); |
| 122 | eapol_len += AES_BLOCK_SIZE; |
| 123 | hdr->length = host_to_be16(eapol_len); |
| 124 | |
| 125 | /* Update Key Data Length field to include AES-SIV overhead */ |
| 126 | WPA_PUT_BE16((u8 *) (key + 1), AES_BLOCK_SIZE + key_data_len); |
| 127 | |
| 128 | s_hdr = (struct ieee802_1x_hdr *) msg; |
| 129 | s_key = (struct wpa_eapol_key *) (s_hdr + 1); |
| 130 | s_key_data = ((u8 *) (s_key + 1)) + 2; |
| 131 | |
| 132 | wpa_hexdump_key(MSG_DEBUG, "WPA: Plaintext Key Data", |
| 133 | s_key_data, key_data_len); |
| 134 | |
| 135 | wpa_hexdump_key(MSG_DEBUG, "WPA: KEK", ptk->kek, ptk->kek_len); |
| 136 | /* AES-SIV AAD from EAPOL protocol version field (inclusive) to |
| 137 | * to Key Data (exclusive). */ |
| 138 | aad[0] = buf; |
| 139 | aad_len[0] = key_data - buf; |
| 140 | if (aes_siv_encrypt(ptk->kek, ptk->kek_len, |
| 141 | s_key_data, key_data_len, |
| 142 | 1, aad, aad_len, key_data) < 0) { |
| 143 | os_free(buf); |
| 144 | goto out; |
| 145 | } |
| 146 | |
| 147 | wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV", |
| 148 | key_data, AES_BLOCK_SIZE + key_data_len); |
| 149 | |
| 150 | os_free(msg); |
| 151 | msg = buf; |
| 152 | msg_len = buf_len; |
| 153 | #else /* CONFIG_FILS */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 154 | goto out; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 155 | #endif /* CONFIG_FILS */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 156 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 157 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 158 | wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 159 | ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 160 | eapol_sm_notify_tx_eapol_key(sm->eapol); |
| 161 | out: |
| 162 | os_free(msg); |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 163 | return ret; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 164 | } |
| 165 | |
| 166 | |
| 167 | /** |
| 168 | * wpa_sm_key_request - Send EAPOL-Key Request |
| 169 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 170 | * @error: Indicate whether this is an Michael MIC error report |
| 171 | * @pairwise: 1 = error report for pairwise packet, 0 = for group packet |
| 172 | * |
| 173 | * Send an EAPOL-Key Request to the current authenticator. This function is |
| 174 | * used to request rekeying and it is usually called when a local Michael MIC |
| 175 | * failure is detected. |
| 176 | */ |
| 177 | void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) |
| 178 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 179 | size_t mic_len, hdrlen, rlen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 180 | struct wpa_eapol_key *reply; |
| 181 | int key_info, ver; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 182 | u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 183 | |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 184 | if (wpa_use_akm_defined(sm->key_mgmt)) |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 185 | ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; |
| 186 | else if (wpa_key_mgmt_ft(sm->key_mgmt) || |
| 187 | wpa_key_mgmt_sha256(sm->key_mgmt)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 188 | ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 189 | else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 190 | ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; |
| 191 | else |
| 192 | ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; |
| 193 | |
| 194 | if (wpa_sm_get_bssid(sm, bssid) < 0) { |
| 195 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 196 | "Failed to read BSSID for EAPOL-Key request"); |
| 197 | return; |
| 198 | } |
| 199 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 200 | mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 201 | hdrlen = sizeof(*reply) + mic_len + 2; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 202 | rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 203 | hdrlen, &rlen, (void *) &reply); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 204 | if (rbuf == NULL) |
| 205 | return; |
| 206 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 207 | reply->type = (sm->proto == WPA_PROTO_RSN || |
| 208 | sm->proto == WPA_PROTO_OSEN) ? |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 209 | EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; |
| 210 | key_info = WPA_KEY_INFO_REQUEST | ver; |
| 211 | if (sm->ptk_set) |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 212 | key_info |= WPA_KEY_INFO_SECURE; |
| 213 | if (sm->ptk_set && mic_len) |
| 214 | key_info |= WPA_KEY_INFO_MIC; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 215 | if (error) |
| 216 | key_info |= WPA_KEY_INFO_ERROR; |
| 217 | if (pairwise) |
| 218 | key_info |= WPA_KEY_INFO_KEY_TYPE; |
| 219 | WPA_PUT_BE16(reply->key_info, key_info); |
| 220 | WPA_PUT_BE16(reply->key_length, 0); |
| 221 | os_memcpy(reply->replay_counter, sm->request_counter, |
| 222 | WPA_REPLAY_COUNTER_LEN); |
| 223 | inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); |
| 224 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 225 | mic = (u8 *) (reply + 1); |
| 226 | WPA_PUT_BE16(mic + mic_len, 0); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 227 | if (!(key_info & WPA_KEY_INFO_MIC)) |
| 228 | key_mic = NULL; |
| 229 | else |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 230 | key_mic = mic; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 231 | |
| 232 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 233 | "WPA: Sending EAPOL-Key Request (error=%d " |
| 234 | "pairwise=%d ptk_set=%d len=%lu)", |
| 235 | error, pairwise, sm->ptk_set, (unsigned long) rlen); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 236 | wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen, |
| 237 | key_mic); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 238 | } |
| 239 | |
| 240 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 241 | static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) |
| 242 | { |
| 243 | #ifdef CONFIG_IEEE80211R |
| 244 | if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { |
| 245 | if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) |
| 246 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 247 | "RSN: Cannot set low order 256 bits of MSK for key management offload"); |
| 248 | } else { |
| 249 | #endif /* CONFIG_IEEE80211R */ |
| 250 | if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) |
| 251 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 252 | "RSN: Cannot set PMK for key management offload"); |
| 253 | #ifdef CONFIG_IEEE80211R |
| 254 | } |
| 255 | #endif /* CONFIG_IEEE80211R */ |
| 256 | } |
| 257 | |
| 258 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 259 | static int wpa_supplicant_get_pmk(struct wpa_sm *sm, |
| 260 | const unsigned char *src_addr, |
| 261 | const u8 *pmkid) |
| 262 | { |
| 263 | int abort_cached = 0; |
| 264 | |
| 265 | if (pmkid && !sm->cur_pmksa) { |
| 266 | /* When using drivers that generate RSN IE, wpa_supplicant may |
| 267 | * not have enough time to get the association information |
| 268 | * event before receiving this 1/4 message, so try to find a |
| 269 | * matching PMKSA cache entry here. */ |
| Dmitry Shmidt | c5ec7f5 | 2012-03-06 16:33:24 -0800 | [diff] [blame] | 270 | sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 271 | NULL, 0); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 272 | if (sm->cur_pmksa) { |
| 273 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 274 | "RSN: found matching PMKID from PMKSA cache"); |
| 275 | } else { |
| 276 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 277 | "RSN: no matching PMKID found"); |
| 278 | abort_cached = 1; |
| 279 | } |
| 280 | } |
| 281 | |
| 282 | if (pmkid && sm->cur_pmksa && |
| Dmitry Shmidt | c281702 | 2014-07-02 10:32:10 -0700 | [diff] [blame] | 283 | os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 284 | wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); |
| 285 | wpa_sm_set_pmk_from_pmksa(sm); |
| 286 | wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", |
| 287 | sm->pmk, sm->pmk_len); |
| 288 | eapol_sm_notify_cached(sm->eapol); |
| 289 | #ifdef CONFIG_IEEE80211R |
| 290 | sm->xxkey_len = 0; |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 291 | #ifdef CONFIG_SAE |
| 292 | if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE && |
| 293 | sm->pmk_len == PMK_LEN) { |
| 294 | /* Need to allow FT key derivation to proceed with |
| 295 | * PMK from SAE being used as the XXKey in cases where |
| 296 | * the PMKID in msg 1/4 matches the PMKSA entry that was |
| 297 | * just added based on SAE authentication for the |
| 298 | * initial mobility domain association. */ |
| 299 | os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len); |
| 300 | sm->xxkey_len = sm->pmk_len; |
| 301 | } |
| 302 | #endif /* CONFIG_SAE */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 303 | #endif /* CONFIG_IEEE80211R */ |
| 304 | } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { |
| 305 | int res, pmk_len; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 306 | |
| Dmitry Shmidt | ebd93af | 2017-02-21 13:40:44 -0800 | [diff] [blame] | 307 | if (wpa_key_mgmt_sha384(sm->key_mgmt)) |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 308 | pmk_len = PMK_LEN_SUITE_B_192; |
| 309 | else |
| 310 | pmk_len = PMK_LEN; |
| 311 | res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 312 | if (res) { |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 313 | if (pmk_len == PMK_LEN) { |
| 314 | /* |
| 315 | * EAP-LEAP is an exception from other EAP |
| 316 | * methods: it uses only 16-byte PMK. |
| 317 | */ |
| 318 | res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); |
| 319 | pmk_len = 16; |
| 320 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 321 | } else { |
| 322 | #ifdef CONFIG_IEEE80211R |
| 323 | u8 buf[2 * PMK_LEN]; |
| 324 | if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) |
| 325 | { |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 326 | if (wpa_key_mgmt_sha384(sm->key_mgmt)) { |
| 327 | os_memcpy(sm->xxkey, buf, |
| 328 | SHA384_MAC_LEN); |
| 329 | sm->xxkey_len = SHA384_MAC_LEN; |
| 330 | } else { |
| 331 | os_memcpy(sm->xxkey, buf + PMK_LEN, |
| 332 | PMK_LEN); |
| 333 | sm->xxkey_len = PMK_LEN; |
| 334 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 335 | os_memset(buf, 0, sizeof(buf)); |
| 336 | } |
| 337 | #endif /* CONFIG_IEEE80211R */ |
| 338 | } |
| 339 | if (res == 0) { |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 340 | struct rsn_pmksa_cache_entry *sa = NULL; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 341 | const u8 *fils_cache_id = NULL; |
| 342 | |
| 343 | #ifdef CONFIG_FILS |
| 344 | if (sm->fils_cache_id_set) |
| 345 | fils_cache_id = sm->fils_cache_id; |
| 346 | #endif /* CONFIG_FILS */ |
| 347 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 348 | wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " |
| 349 | "machines", sm->pmk, pmk_len); |
| 350 | sm->pmk_len = pmk_len; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 351 | wpa_supplicant_key_mgmt_set_pmk(sm); |
| Dmitry Shmidt | c55524a | 2011-07-07 11:18:38 -0700 | [diff] [blame] | 352 | if (sm->proto == WPA_PROTO_RSN && |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 353 | !wpa_key_mgmt_suite_b(sm->key_mgmt) && |
| Dmitry Shmidt | c55524a | 2011-07-07 11:18:38 -0700 | [diff] [blame] | 354 | !wpa_key_mgmt_ft(sm->key_mgmt)) { |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 355 | sa = pmksa_cache_add(sm->pmksa, |
| Dmitry Shmidt | 57c2d39 | 2016-02-23 13:40:19 -0800 | [diff] [blame] | 356 | sm->pmk, pmk_len, NULL, |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 357 | NULL, 0, |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 358 | src_addr, sm->own_addr, |
| 359 | sm->network_ctx, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 360 | sm->key_mgmt, |
| 361 | fils_cache_id); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 362 | } |
| 363 | if (!sm->cur_pmksa && pmkid && |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 364 | pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL, |
| 365 | 0)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 366 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 367 | "RSN: the new PMK matches with the " |
| 368 | "PMKID"); |
| 369 | abort_cached = 0; |
| Jouni Malinen | 6ec3038 | 2015-07-08 20:48:18 +0300 | [diff] [blame] | 370 | } else if (sa && !sm->cur_pmksa && pmkid) { |
| 371 | /* |
| 372 | * It looks like the authentication server |
| 373 | * derived mismatching MSK. This should not |
| 374 | * really happen, but bugs happen.. There is not |
| 375 | * much we can do here without knowing what |
| 376 | * exactly caused the server to misbehave. |
| 377 | */ |
| Dmitry Shmidt | 014a3ff | 2015-12-28 13:27:49 -0800 | [diff] [blame] | 378 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| Jouni Malinen | 6ec3038 | 2015-07-08 20:48:18 +0300 | [diff] [blame] | 379 | "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); |
| 380 | return -1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 381 | } |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 382 | |
| 383 | if (!sm->cur_pmksa) |
| 384 | sm->cur_pmksa = sa; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 385 | } else { |
| 386 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 387 | "WPA: Failed to get master session key from " |
| 388 | "EAPOL state machines - key handshake " |
| 389 | "aborted"); |
| 390 | if (sm->cur_pmksa) { |
| 391 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 392 | "RSN: Cancelled PMKSA caching " |
| 393 | "attempt"); |
| 394 | sm->cur_pmksa = NULL; |
| 395 | abort_cached = 1; |
| 396 | } else if (!abort_cached) { |
| 397 | return -1; |
| 398 | } |
| 399 | } |
| 400 | } |
| 401 | |
| Dmitry Shmidt | c55524a | 2011-07-07 11:18:38 -0700 | [diff] [blame] | 402 | if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 403 | !wpa_key_mgmt_suite_b(sm->key_mgmt) && |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 404 | !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) |
| 405 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 406 | /* Send EAPOL-Start to trigger full EAP authentication. */ |
| 407 | u8 *buf; |
| 408 | size_t buflen; |
| 409 | |
| 410 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 411 | "RSN: no PMKSA entry found - trigger " |
| 412 | "full EAP authentication"); |
| 413 | buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, |
| 414 | NULL, 0, &buflen, NULL); |
| 415 | if (buf) { |
| 416 | wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, |
| 417 | buf, buflen); |
| 418 | os_free(buf); |
| 419 | return -2; |
| 420 | } |
| 421 | |
| 422 | return -1; |
| 423 | } |
| 424 | |
| 425 | return 0; |
| 426 | } |
| 427 | |
| 428 | |
| 429 | /** |
| 430 | * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake |
| 431 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 432 | * @dst: Destination address for the frame |
| 433 | * @key: Pointer to the EAPOL-Key frame header |
| 434 | * @ver: Version bits from EAPOL-Key Key Info |
| 435 | * @nonce: Nonce value for the EAPOL-Key frame |
| 436 | * @wpa_ie: WPA/RSN IE |
| 437 | * @wpa_ie_len: Length of the WPA/RSN IE |
| 438 | * @ptk: PTK to use for keyed hash and encryption |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 439 | * Returns: >= 0 on success, < 0 on failure |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 440 | */ |
| 441 | int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, |
| 442 | const struct wpa_eapol_key *key, |
| 443 | int ver, const u8 *nonce, |
| 444 | const u8 *wpa_ie, size_t wpa_ie_len, |
| 445 | struct wpa_ptk *ptk) |
| 446 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 447 | size_t mic_len, hdrlen, rlen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 448 | struct wpa_eapol_key *reply; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 449 | u8 *rbuf, *key_mic; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 450 | u8 *rsn_ie_buf = NULL; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 451 | u16 key_info; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 452 | |
| 453 | if (wpa_ie == NULL) { |
| 454 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " |
| 455 | "cannot generate msg 2/4"); |
| 456 | return -1; |
| 457 | } |
| 458 | |
| 459 | #ifdef CONFIG_IEEE80211R |
| 460 | if (wpa_key_mgmt_ft(sm->key_mgmt)) { |
| 461 | int res; |
| 462 | |
| 463 | /* |
| 464 | * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and |
| 465 | * FTIE from (Re)Association Response. |
| 466 | */ |
| 467 | rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + |
| 468 | sm->assoc_resp_ies_len); |
| 469 | if (rsn_ie_buf == NULL) |
| 470 | return -1; |
| 471 | os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 472 | res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 473 | sm->pmk_r1_name); |
| 474 | if (res < 0) { |
| 475 | os_free(rsn_ie_buf); |
| 476 | return -1; |
| 477 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 478 | |
| 479 | if (sm->assoc_resp_ies) { |
| 480 | os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, |
| 481 | sm->assoc_resp_ies_len); |
| 482 | wpa_ie_len += sm->assoc_resp_ies_len; |
| 483 | } |
| 484 | |
| 485 | wpa_ie = rsn_ie_buf; |
| 486 | } |
| 487 | #endif /* CONFIG_IEEE80211R */ |
| 488 | |
| 489 | wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); |
| 490 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 491 | mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 492 | hdrlen = sizeof(*reply) + mic_len + 2; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 493 | rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 494 | NULL, hdrlen + wpa_ie_len, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 495 | &rlen, (void *) &reply); |
| 496 | if (rbuf == NULL) { |
| 497 | os_free(rsn_ie_buf); |
| 498 | return -1; |
| 499 | } |
| 500 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 501 | reply->type = (sm->proto == WPA_PROTO_RSN || |
| 502 | sm->proto == WPA_PROTO_OSEN) ? |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 503 | EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 504 | key_info = ver | WPA_KEY_INFO_KEY_TYPE; |
| 505 | if (mic_len) |
| 506 | key_info |= WPA_KEY_INFO_MIC; |
| 507 | else |
| 508 | key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; |
| 509 | WPA_PUT_BE16(reply->key_info, key_info); |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 510 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 511 | WPA_PUT_BE16(reply->key_length, 0); |
| 512 | else |
| 513 | os_memcpy(reply->key_length, key->key_length, 2); |
| 514 | os_memcpy(reply->replay_counter, key->replay_counter, |
| 515 | WPA_REPLAY_COUNTER_LEN); |
| 516 | wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, |
| 517 | WPA_REPLAY_COUNTER_LEN); |
| 518 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 519 | key_mic = (u8 *) (reply + 1); |
| 520 | WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len); /* Key Data Length */ |
| 521 | os_memcpy(key_mic + mic_len + 2, wpa_ie, wpa_ie_len); /* Key Data */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 522 | os_free(rsn_ie_buf); |
| 523 | |
| 524 | os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); |
| 525 | |
| Roshan Pius | 5e7db94 | 2018-04-12 12:27:41 -0700 | [diff] [blame] | 526 | wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 2/4"); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 527 | return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, |
| 528 | key_mic); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 529 | } |
| 530 | |
| 531 | |
| 532 | static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 533 | const struct wpa_eapol_key *key, struct wpa_ptk *ptk) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 534 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 535 | #ifdef CONFIG_IEEE80211R |
| 536 | if (wpa_key_mgmt_ft(sm->key_mgmt)) |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 537 | return wpa_derive_ptk_ft(sm, src_addr, key, ptk); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 538 | #endif /* CONFIG_IEEE80211R */ |
| 539 | |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 540 | return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", |
| 541 | sm->own_addr, sm->bssid, sm->snonce, |
| 542 | key->key_nonce, ptk, sm->key_mgmt, |
| 543 | sm->pairwise_cipher); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 544 | } |
| 545 | |
| 546 | |
| 547 | static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, |
| 548 | const unsigned char *src_addr, |
| 549 | const struct wpa_eapol_key *key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 550 | u16 ver, const u8 *key_data, |
| 551 | size_t key_data_len) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 552 | { |
| 553 | struct wpa_eapol_ie_parse ie; |
| 554 | struct wpa_ptk *ptk; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 555 | int res; |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 556 | u8 *kde, *kde_buf = NULL; |
| 557 | size_t kde_len; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 558 | |
| 559 | if (wpa_sm_get_network_ctx(sm) == NULL) { |
| 560 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " |
| 561 | "found (msg 1 of 4)"); |
| 562 | return; |
| 563 | } |
| 564 | |
| 565 | wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); |
| Roshan Pius | 5e7db94 | 2018-04-12 12:27:41 -0700 | [diff] [blame] | 566 | wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 1 of 4-Way " |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 567 | "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); |
| 568 | |
| 569 | os_memset(&ie, 0, sizeof(ie)); |
| 570 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 571 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 572 | /* RSN: msg 1/4 should contain PMKID for the selected PMK */ |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 573 | wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", |
| 574 | key_data, key_data_len); |
| 575 | if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 576 | goto failed; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 577 | if (ie.pmkid) { |
| 578 | wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " |
| 579 | "Authenticator", ie.pmkid, PMKID_LEN); |
| 580 | } |
| 581 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 582 | |
| 583 | res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); |
| 584 | if (res == -2) { |
| 585 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " |
| 586 | "msg 1/4 - requesting full EAP authentication"); |
| 587 | return; |
| 588 | } |
| 589 | if (res) |
| 590 | goto failed; |
| 591 | |
| 592 | if (sm->renew_snonce) { |
| 593 | if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { |
| 594 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 595 | "WPA: Failed to get random data for SNonce"); |
| 596 | goto failed; |
| 597 | } |
| 598 | sm->renew_snonce = 0; |
| 599 | wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", |
| 600 | sm->snonce, WPA_NONCE_LEN); |
| 601 | } |
| 602 | |
| 603 | /* Calculate PTK which will be stored as a temporary PTK until it has |
| 604 | * been verified when processing message 3/4. */ |
| 605 | ptk = &sm->tptk; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 606 | if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) |
| 607 | goto failed; |
| Dmitry Shmidt | 9866086 | 2014-03-11 17:26:21 -0700 | [diff] [blame] | 608 | if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 609 | u8 buf[8]; |
| Dmitry Shmidt | 9866086 | 2014-03-11 17:26:21 -0700 | [diff] [blame] | 610 | /* Supplicant: swap tx/rx Mic keys */ |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 611 | os_memcpy(buf, &ptk->tk[16], 8); |
| 612 | os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); |
| 613 | os_memcpy(&ptk->tk[24], buf, 8); |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 614 | os_memset(buf, 0, sizeof(buf)); |
| Dmitry Shmidt | 9866086 | 2014-03-11 17:26:21 -0700 | [diff] [blame] | 615 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 616 | sm->tptk_set = 1; |
| 617 | |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 618 | kde = sm->assoc_wpa_ie; |
| 619 | kde_len = sm->assoc_wpa_ie_len; |
| 620 | |
| 621 | #ifdef CONFIG_P2P |
| 622 | if (sm->p2p) { |
| 623 | kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); |
| 624 | if (kde_buf) { |
| 625 | u8 *pos; |
| 626 | wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " |
| 627 | "into EAPOL-Key 2/4"); |
| 628 | os_memcpy(kde_buf, kde, kde_len); |
| 629 | kde = kde_buf; |
| 630 | pos = kde + kde_len; |
| 631 | *pos++ = WLAN_EID_VENDOR_SPECIFIC; |
| 632 | *pos++ = RSN_SELECTOR_LEN + 1; |
| 633 | RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); |
| 634 | pos += RSN_SELECTOR_LEN; |
| 635 | *pos++ = 0x01; |
| 636 | kde_len = pos - kde; |
| 637 | } |
| 638 | } |
| 639 | #endif /* CONFIG_P2P */ |
| 640 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 641 | if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 642 | kde, kde_len, ptk) < 0) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 643 | goto failed; |
| 644 | |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 645 | os_free(kde_buf); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 646 | os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); |
| 647 | return; |
| 648 | |
| 649 | failed: |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 650 | os_free(kde_buf); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 651 | wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); |
| 652 | } |
| 653 | |
| 654 | |
| 655 | static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) |
| 656 | { |
| 657 | struct wpa_sm *sm = eloop_ctx; |
| 658 | rsn_preauth_candidate_process(sm); |
| 659 | } |
| 660 | |
| 661 | |
| 662 | static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, |
| 663 | const u8 *addr, int secure) |
| 664 | { |
| 665 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 666 | "WPA: Key negotiation completed with " |
| 667 | MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), |
| 668 | wpa_cipher_txt(sm->pairwise_cipher), |
| 669 | wpa_cipher_txt(sm->group_cipher)); |
| 670 | wpa_sm_cancel_auth_timeout(sm); |
| 671 | wpa_sm_set_state(sm, WPA_COMPLETED); |
| 672 | |
| 673 | if (secure) { |
| 674 | wpa_sm_mlme_setprotection( |
| 675 | sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, |
| 676 | MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); |
| 677 | eapol_sm_notify_portValid(sm->eapol, TRUE); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 678 | if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) || |
| 679 | sm->key_mgmt == WPA_KEY_MGMT_DPP || |
| 680 | sm->key_mgmt == WPA_KEY_MGMT_OWE) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 681 | eapol_sm_notify_eap_success(sm->eapol, TRUE); |
| 682 | /* |
| 683 | * Start preauthentication after a short wait to avoid a |
| 684 | * possible race condition between the data receive and key |
| 685 | * configuration after the 4-Way Handshake. This increases the |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 686 | * likelihood of the first preauth EAPOL-Start frame getting to |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 687 | * the target AP. |
| 688 | */ |
| 689 | eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); |
| 690 | } |
| 691 | |
| 692 | if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { |
| 693 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 694 | "RSN: Authenticator accepted " |
| 695 | "opportunistic PMKSA entry - marking it valid"); |
| 696 | sm->cur_pmksa->opportunistic = 0; |
| 697 | } |
| 698 | |
| 699 | #ifdef CONFIG_IEEE80211R |
| 700 | if (wpa_key_mgmt_ft(sm->key_mgmt)) { |
| 701 | /* Prepare for the next transition */ |
| 702 | wpa_ft_prepare_auth_request(sm, NULL); |
| 703 | } |
| 704 | #endif /* CONFIG_IEEE80211R */ |
| 705 | } |
| 706 | |
| 707 | |
| 708 | static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) |
| 709 | { |
| 710 | struct wpa_sm *sm = eloop_ctx; |
| 711 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); |
| 712 | wpa_sm_key_request(sm, 0, 1); |
| 713 | } |
| 714 | |
| 715 | |
| 716 | static int wpa_supplicant_install_ptk(struct wpa_sm *sm, |
| 717 | const struct wpa_eapol_key *key) |
| 718 | { |
| 719 | int keylen, rsclen; |
| 720 | enum wpa_alg alg; |
| 721 | const u8 *key_rsc; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 722 | |
| Mathy Vanhoef | c66556c | 2017-09-29 04:22:51 +0200 | [diff] [blame] | 723 | if (sm->ptk.installed) { |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 724 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 725 | "WPA: Do not re-install same PTK to the driver"); |
| 726 | return 0; |
| 727 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 728 | |
| 729 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 730 | "WPA: Installing PTK to the driver"); |
| 731 | |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 732 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 733 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " |
| 734 | "Suite: NONE - do not use pairwise keys"); |
| 735 | return 0; |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 736 | } |
| 737 | |
| 738 | if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 739 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 740 | "WPA: Unsupported pairwise cipher %d", |
| 741 | sm->pairwise_cipher); |
| 742 | return -1; |
| 743 | } |
| 744 | |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 745 | alg = wpa_cipher_to_alg(sm->pairwise_cipher); |
| 746 | keylen = wpa_cipher_key_len(sm->pairwise_cipher); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 747 | if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { |
| 748 | wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu", |
| 749 | keylen, (long unsigned int) sm->ptk.tk_len); |
| 750 | return -1; |
| 751 | } |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 752 | rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); |
| 753 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 754 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 755 | key_rsc = null_rsc; |
| 756 | } else { |
| 757 | key_rsc = key->key_rsc; |
| 758 | wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); |
| 759 | } |
| 760 | |
| 761 | if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 762 | sm->ptk.tk, keylen) < 0) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 763 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 764 | "WPA: Failed to set PTK to the " |
| 765 | "driver (alg=%d keylen=%d bssid=" MACSTR ")", |
| 766 | alg, keylen, MAC2STR(sm->bssid)); |
| 767 | return -1; |
| 768 | } |
| 769 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 770 | /* TK is not needed anymore in supplicant */ |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 771 | os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 772 | sm->ptk.tk_len = 0; |
| Mathy Vanhoef | c66556c | 2017-09-29 04:22:51 +0200 | [diff] [blame] | 773 | sm->ptk.installed = 1; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 774 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 775 | if (sm->wpa_ptk_rekey) { |
| 776 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); |
| 777 | eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, |
| 778 | sm, NULL); |
| 779 | } |
| 780 | |
| 781 | return 0; |
| 782 | } |
| 783 | |
| 784 | |
| 785 | static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, |
| 786 | int group_cipher, |
| 787 | int keylen, int maxkeylen, |
| 788 | int *key_rsc_len, |
| 789 | enum wpa_alg *alg) |
| 790 | { |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 791 | int klen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 792 | |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 793 | *alg = wpa_cipher_to_alg(group_cipher); |
| 794 | if (*alg == WPA_ALG_NONE) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 795 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 796 | "WPA: Unsupported Group Cipher %d", |
| 797 | group_cipher); |
| 798 | return -1; |
| 799 | } |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 800 | *key_rsc_len = wpa_cipher_rsc_len(group_cipher); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 801 | |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 802 | klen = wpa_cipher_key_len(group_cipher); |
| 803 | if (keylen != klen || maxkeylen < klen) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 804 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 805 | "WPA: Unsupported %s Group Cipher key length %d (%d)", |
| 806 | wpa_cipher_txt(group_cipher), keylen, maxkeylen); |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 807 | return -1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 808 | } |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 809 | return 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 810 | } |
| 811 | |
| 812 | |
| 813 | struct wpa_gtk_data { |
| 814 | enum wpa_alg alg; |
| 815 | int tx, key_rsc_len, keyidx; |
| 816 | u8 gtk[32]; |
| 817 | int gtk_len; |
| 818 | }; |
| 819 | |
| 820 | |
| 821 | static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
| 822 | const struct wpa_gtk_data *gd, |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 823 | const u8 *key_rsc, int wnm_sleep) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 824 | { |
| 825 | const u8 *_gtk = gd->gtk; |
| 826 | u8 gtk_buf[32]; |
| 827 | |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 828 | /* Detect possible key reinstallation */ |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 829 | if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && |
| 830 | os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || |
| 831 | (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && |
| 832 | os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, |
| 833 | sm->gtk_wnm_sleep.gtk_len) == 0)) { |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 834 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 835 | "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", |
| 836 | gd->keyidx, gd->tx, gd->gtk_len); |
| 837 | return 0; |
| 838 | } |
| 839 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 840 | wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); |
| 841 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 842 | "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", |
| 843 | gd->keyidx, gd->tx, gd->gtk_len); |
| 844 | wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); |
| 845 | if (sm->group_cipher == WPA_CIPHER_TKIP) { |
| 846 | /* Swap Tx/Rx keys for Michael MIC */ |
| 847 | os_memcpy(gtk_buf, gd->gtk, 16); |
| 848 | os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); |
| 849 | os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); |
| 850 | _gtk = gtk_buf; |
| 851 | } |
| 852 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { |
| 853 | if (wpa_sm_set_key(sm, gd->alg, NULL, |
| 854 | gd->keyidx, 1, key_rsc, gd->key_rsc_len, |
| 855 | _gtk, gd->gtk_len) < 0) { |
| 856 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 857 | "WPA: Failed to set GTK to the driver " |
| 858 | "(Group only)"); |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 859 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 860 | return -1; |
| 861 | } |
| 862 | } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, |
| 863 | gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, |
| 864 | _gtk, gd->gtk_len) < 0) { |
| 865 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 866 | "WPA: Failed to set GTK to " |
| 867 | "the driver (alg=%d keylen=%d keyidx=%d)", |
| 868 | gd->alg, gd->gtk_len, gd->keyidx); |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 869 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 870 | return -1; |
| 871 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 872 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 873 | |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 874 | if (wnm_sleep) { |
| 875 | sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; |
| 876 | os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, |
| 877 | sm->gtk_wnm_sleep.gtk_len); |
| 878 | } else { |
| 879 | sm->gtk.gtk_len = gd->gtk_len; |
| 880 | os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
| 881 | } |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 882 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 883 | return 0; |
| 884 | } |
| 885 | |
| 886 | |
| 887 | static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, |
| 888 | int tx) |
| 889 | { |
| 890 | if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { |
| 891 | /* Ignore Tx bit for GTK if a pairwise key is used. One AP |
| 892 | * seemed to set this bit (incorrectly, since Tx is only when |
| 893 | * doing Group Key only APs) and without this workaround, the |
| 894 | * data connection does not work because wpa_supplicant |
| 895 | * configured non-zero keyidx to be used for unicast. */ |
| 896 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 897 | "WPA: Tx bit set for GTK, but pairwise " |
| 898 | "keys are used - ignore Tx bit"); |
| 899 | return 0; |
| 900 | } |
| 901 | return tx; |
| 902 | } |
| 903 | |
| 904 | |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 905 | static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, |
| 906 | const u8 *rsc) |
| 907 | { |
| 908 | int rsclen; |
| 909 | |
| 910 | if (!sm->wpa_rsc_relaxation) |
| 911 | return 0; |
| 912 | |
| 913 | rsclen = wpa_cipher_rsc_len(sm->group_cipher); |
| 914 | |
| 915 | /* |
| 916 | * Try to detect RSC (endian) corruption issue where the AP sends |
| 917 | * the RSC bytes in EAPOL-Key message in the wrong order, both if |
| 918 | * it's actually a 6-byte field (as it should be) and if it treats |
| 919 | * it as an 8-byte field. |
| 920 | * An AP model known to have this bug is the Sapido RB-1632. |
| 921 | */ |
| 922 | if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) { |
| 923 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 924 | "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0", |
| 925 | rsc[0], rsc[1], rsc[2], rsc[3], |
| 926 | rsc[4], rsc[5], rsc[6], rsc[7]); |
| 927 | |
| 928 | return 1; |
| 929 | } |
| 930 | |
| 931 | return 0; |
| 932 | } |
| 933 | |
| 934 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 935 | static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
| 936 | const struct wpa_eapol_key *key, |
| 937 | const u8 *gtk, size_t gtk_len, |
| 938 | int key_info) |
| 939 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 940 | struct wpa_gtk_data gd; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 941 | const u8 *key_rsc; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 942 | |
| 943 | /* |
| 944 | * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x |
| 945 | * GTK KDE format: |
| 946 | * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] |
| 947 | * Reserved [bits 0-7] |
| 948 | * GTK |
| 949 | */ |
| 950 | |
| 951 | os_memset(&gd, 0, sizeof(gd)); |
| 952 | wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", |
| 953 | gtk, gtk_len); |
| 954 | |
| 955 | if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) |
| 956 | return -1; |
| 957 | |
| 958 | gd.keyidx = gtk[0] & 0x3; |
| 959 | gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, |
| 960 | !!(gtk[0] & BIT(2))); |
| 961 | gtk += 2; |
| 962 | gtk_len -= 2; |
| 963 | |
| 964 | os_memcpy(gd.gtk, gtk, gtk_len); |
| 965 | gd.gtk_len = gtk_len; |
| 966 | |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 967 | key_rsc = key->key_rsc; |
| 968 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) |
| 969 | key_rsc = null_rsc; |
| 970 | |
| Dmitry Shmidt | fb79edc | 2014-01-10 10:45:54 -0800 | [diff] [blame] | 971 | if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && |
| 972 | (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
| 973 | gtk_len, gtk_len, |
| 974 | &gd.key_rsc_len, &gd.alg) || |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 975 | wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 976 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 977 | "RSN: Failed to install GTK"); |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 978 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 979 | return -1; |
| 980 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 981 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 982 | |
| 983 | wpa_supplicant_key_neg_complete(sm, sm->bssid, |
| 984 | key_info & WPA_KEY_INFO_SECURE); |
| 985 | return 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 986 | } |
| 987 | |
| 988 | |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 989 | #ifdef CONFIG_IEEE80211W |
| 990 | static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 991 | const struct wpa_igtk_kde *igtk, |
| 992 | int wnm_sleep) |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 993 | { |
| 994 | size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
| 995 | u16 keyidx = WPA_GET_LE16(igtk->keyid); |
| 996 | |
| 997 | /* Detect possible key reinstallation */ |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 998 | if ((sm->igtk.igtk_len == len && |
| 999 | os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || |
| 1000 | (sm->igtk_wnm_sleep.igtk_len == len && |
| 1001 | os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
| 1002 | sm->igtk_wnm_sleep.igtk_len) == 0)) { |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 1003 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1004 | "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", |
| 1005 | keyidx); |
| 1006 | return 0; |
| 1007 | } |
| 1008 | |
| 1009 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1010 | "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", |
| 1011 | keyidx, MAC2STR(igtk->pn)); |
| 1012 | wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); |
| 1013 | if (keyidx > 4095) { |
| 1014 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1015 | "WPA: Invalid IGTK KeyID %d", keyidx); |
| 1016 | return -1; |
| 1017 | } |
| 1018 | if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), |
| 1019 | broadcast_ether_addr, |
| 1020 | keyidx, 0, igtk->pn, sizeof(igtk->pn), |
| 1021 | igtk->igtk, len) < 0) { |
| 1022 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1023 | "WPA: Failed to configure IGTK to the driver"); |
| 1024 | return -1; |
| 1025 | } |
| 1026 | |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 1027 | if (wnm_sleep) { |
| 1028 | sm->igtk_wnm_sleep.igtk_len = len; |
| 1029 | os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
| 1030 | sm->igtk_wnm_sleep.igtk_len); |
| 1031 | } else { |
| 1032 | sm->igtk.igtk_len = len; |
| 1033 | os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
| 1034 | } |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 1035 | |
| 1036 | return 0; |
| 1037 | } |
| 1038 | #endif /* CONFIG_IEEE80211W */ |
| 1039 | |
| 1040 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1041 | static int ieee80211w_set_keys(struct wpa_sm *sm, |
| 1042 | struct wpa_eapol_ie_parse *ie) |
| 1043 | { |
| 1044 | #ifdef CONFIG_IEEE80211W |
| Dmitry Shmidt | b36ed7c | 2014-03-17 10:57:26 -0700 | [diff] [blame] | 1045 | if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1046 | return 0; |
| 1047 | |
| 1048 | if (ie->igtk) { |
| Dmitry Shmidt | b36ed7c | 2014-03-17 10:57:26 -0700 | [diff] [blame] | 1049 | size_t len; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1050 | const struct wpa_igtk_kde *igtk; |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 1051 | |
| Dmitry Shmidt | b36ed7c | 2014-03-17 10:57:26 -0700 | [diff] [blame] | 1052 | len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
| 1053 | if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1054 | return -1; |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 1055 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1056 | igtk = (const struct wpa_igtk_kde *) ie->igtk; |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 1057 | if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1058 | return -1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1059 | } |
| 1060 | |
| 1061 | return 0; |
| 1062 | #else /* CONFIG_IEEE80211W */ |
| 1063 | return 0; |
| 1064 | #endif /* CONFIG_IEEE80211W */ |
| 1065 | } |
| 1066 | |
| 1067 | |
| 1068 | static void wpa_report_ie_mismatch(struct wpa_sm *sm, |
| 1069 | const char *reason, const u8 *src_addr, |
| 1070 | const u8 *wpa_ie, size_t wpa_ie_len, |
| 1071 | const u8 *rsn_ie, size_t rsn_ie_len) |
| 1072 | { |
| 1073 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", |
| 1074 | reason, MAC2STR(src_addr)); |
| 1075 | |
| 1076 | if (sm->ap_wpa_ie) { |
| 1077 | wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", |
| 1078 | sm->ap_wpa_ie, sm->ap_wpa_ie_len); |
| 1079 | } |
| 1080 | if (wpa_ie) { |
| 1081 | if (!sm->ap_wpa_ie) { |
| 1082 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1083 | "WPA: No WPA IE in Beacon/ProbeResp"); |
| 1084 | } |
| 1085 | wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", |
| 1086 | wpa_ie, wpa_ie_len); |
| 1087 | } |
| 1088 | |
| 1089 | if (sm->ap_rsn_ie) { |
| 1090 | wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", |
| 1091 | sm->ap_rsn_ie, sm->ap_rsn_ie_len); |
| 1092 | } |
| 1093 | if (rsn_ie) { |
| 1094 | if (!sm->ap_rsn_ie) { |
| 1095 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1096 | "WPA: No RSN IE in Beacon/ProbeResp"); |
| 1097 | } |
| 1098 | wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", |
| 1099 | rsn_ie, rsn_ie_len); |
| 1100 | } |
| 1101 | |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 1102 | wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1103 | } |
| 1104 | |
| 1105 | |
| 1106 | #ifdef CONFIG_IEEE80211R |
| 1107 | |
| 1108 | static int ft_validate_mdie(struct wpa_sm *sm, |
| 1109 | const unsigned char *src_addr, |
| 1110 | struct wpa_eapol_ie_parse *ie, |
| 1111 | const u8 *assoc_resp_mdie) |
| 1112 | { |
| 1113 | struct rsn_mdie *mdie; |
| 1114 | |
| 1115 | mdie = (struct rsn_mdie *) (ie->mdie + 2); |
| 1116 | if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || |
| 1117 | os_memcmp(mdie->mobility_domain, sm->mobility_domain, |
| 1118 | MOBILITY_DOMAIN_ID_LEN) != 0) { |
| 1119 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " |
| 1120 | "not match with the current mobility domain"); |
| 1121 | return -1; |
| 1122 | } |
| 1123 | |
| 1124 | if (assoc_resp_mdie && |
| 1125 | (assoc_resp_mdie[1] != ie->mdie[1] || |
| 1126 | os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { |
| 1127 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); |
| 1128 | wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", |
| 1129 | ie->mdie, 2 + ie->mdie[1]); |
| 1130 | wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", |
| 1131 | assoc_resp_mdie, 2 + assoc_resp_mdie[1]); |
| 1132 | return -1; |
| 1133 | } |
| 1134 | |
| 1135 | return 0; |
| 1136 | } |
| 1137 | |
| 1138 | |
| 1139 | static int ft_validate_ftie(struct wpa_sm *sm, |
| 1140 | const unsigned char *src_addr, |
| 1141 | struct wpa_eapol_ie_parse *ie, |
| 1142 | const u8 *assoc_resp_ftie) |
| 1143 | { |
| 1144 | if (ie->ftie == NULL) { |
| 1145 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1146 | "FT: No FTIE in EAPOL-Key msg 3/4"); |
| 1147 | return -1; |
| 1148 | } |
| 1149 | |
| 1150 | if (assoc_resp_ftie == NULL) |
| 1151 | return 0; |
| 1152 | |
| 1153 | if (assoc_resp_ftie[1] != ie->ftie[1] || |
| 1154 | os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { |
| 1155 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); |
| 1156 | wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", |
| 1157 | ie->ftie, 2 + ie->ftie[1]); |
| 1158 | wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", |
| 1159 | assoc_resp_ftie, 2 + assoc_resp_ftie[1]); |
| 1160 | return -1; |
| 1161 | } |
| 1162 | |
| 1163 | return 0; |
| 1164 | } |
| 1165 | |
| 1166 | |
| 1167 | static int ft_validate_rsnie(struct wpa_sm *sm, |
| 1168 | const unsigned char *src_addr, |
| 1169 | struct wpa_eapol_ie_parse *ie) |
| 1170 | { |
| 1171 | struct wpa_ie_data rsn; |
| 1172 | |
| 1173 | if (!ie->rsn_ie) |
| 1174 | return 0; |
| 1175 | |
| 1176 | /* |
| 1177 | * Verify that PMKR1Name from EAPOL-Key message 3/4 |
| 1178 | * matches with the value we derived. |
| 1179 | */ |
| 1180 | if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || |
| 1181 | rsn.num_pmkid != 1 || rsn.pmkid == NULL) { |
| 1182 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " |
| 1183 | "FT 4-way handshake message 3/4"); |
| 1184 | return -1; |
| 1185 | } |
| 1186 | |
| Dmitry Shmidt | c281702 | 2014-07-02 10:32:10 -0700 | [diff] [blame] | 1187 | if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) |
| 1188 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1189 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1190 | "FT: PMKR1Name mismatch in " |
| 1191 | "FT 4-way handshake message 3/4"); |
| 1192 | wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", |
| 1193 | rsn.pmkid, WPA_PMK_NAME_LEN); |
| 1194 | wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", |
| 1195 | sm->pmk_r1_name, WPA_PMK_NAME_LEN); |
| 1196 | return -1; |
| 1197 | } |
| 1198 | |
| 1199 | return 0; |
| 1200 | } |
| 1201 | |
| 1202 | |
| 1203 | static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, |
| 1204 | const unsigned char *src_addr, |
| 1205 | struct wpa_eapol_ie_parse *ie) |
| 1206 | { |
| 1207 | const u8 *pos, *end, *mdie = NULL, *ftie = NULL; |
| 1208 | |
| 1209 | if (sm->assoc_resp_ies) { |
| 1210 | pos = sm->assoc_resp_ies; |
| 1211 | end = pos + sm->assoc_resp_ies_len; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1212 | while (end - pos > 2) { |
| 1213 | if (2 + pos[1] > end - pos) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1214 | break; |
| 1215 | switch (*pos) { |
| 1216 | case WLAN_EID_MOBILITY_DOMAIN: |
| 1217 | mdie = pos; |
| 1218 | break; |
| 1219 | case WLAN_EID_FAST_BSS_TRANSITION: |
| 1220 | ftie = pos; |
| 1221 | break; |
| 1222 | } |
| 1223 | pos += 2 + pos[1]; |
| 1224 | } |
| 1225 | } |
| 1226 | |
| 1227 | if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || |
| 1228 | ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || |
| 1229 | ft_validate_rsnie(sm, src_addr, ie) < 0) |
| 1230 | return -1; |
| 1231 | |
| 1232 | return 0; |
| 1233 | } |
| 1234 | |
| 1235 | #endif /* CONFIG_IEEE80211R */ |
| 1236 | |
| 1237 | |
| 1238 | static int wpa_supplicant_validate_ie(struct wpa_sm *sm, |
| 1239 | const unsigned char *src_addr, |
| 1240 | struct wpa_eapol_ie_parse *ie) |
| 1241 | { |
| 1242 | if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { |
| 1243 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1244 | "WPA: No WPA/RSN IE for this AP known. " |
| 1245 | "Trying to get from scan results"); |
| 1246 | if (wpa_sm_get_beacon_ie(sm) < 0) { |
| 1247 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1248 | "WPA: Could not find AP from " |
| 1249 | "the scan results"); |
| 1250 | } else { |
| 1251 | wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1252 | "WPA: Found the current AP from " |
| 1253 | "updated scan results"); |
| 1254 | } |
| 1255 | } |
| 1256 | |
| 1257 | if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && |
| 1258 | (sm->ap_wpa_ie || sm->ap_rsn_ie)) { |
| 1259 | wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " |
| 1260 | "with IE in Beacon/ProbeResp (no IE?)", |
| 1261 | src_addr, ie->wpa_ie, ie->wpa_ie_len, |
| 1262 | ie->rsn_ie, ie->rsn_ie_len); |
| 1263 | return -1; |
| 1264 | } |
| 1265 | |
| 1266 | if ((ie->wpa_ie && sm->ap_wpa_ie && |
| 1267 | (ie->wpa_ie_len != sm->ap_wpa_ie_len || |
| 1268 | os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || |
| 1269 | (ie->rsn_ie && sm->ap_rsn_ie && |
| 1270 | wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), |
| 1271 | sm->ap_rsn_ie, sm->ap_rsn_ie_len, |
| 1272 | ie->rsn_ie, ie->rsn_ie_len))) { |
| 1273 | wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " |
| 1274 | "with IE in Beacon/ProbeResp", |
| 1275 | src_addr, ie->wpa_ie, ie->wpa_ie_len, |
| 1276 | ie->rsn_ie, ie->rsn_ie_len); |
| 1277 | return -1; |
| 1278 | } |
| 1279 | |
| 1280 | if (sm->proto == WPA_PROTO_WPA && |
| 1281 | ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { |
| 1282 | wpa_report_ie_mismatch(sm, "Possible downgrade attack " |
| 1283 | "detected - RSN was enabled and RSN IE " |
| 1284 | "was in msg 3/4, but not in " |
| 1285 | "Beacon/ProbeResp", |
| 1286 | src_addr, ie->wpa_ie, ie->wpa_ie_len, |
| 1287 | ie->rsn_ie, ie->rsn_ie_len); |
| 1288 | return -1; |
| 1289 | } |
| 1290 | |
| 1291 | #ifdef CONFIG_IEEE80211R |
| 1292 | if (wpa_key_mgmt_ft(sm->key_mgmt) && |
| 1293 | wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) |
| 1294 | return -1; |
| 1295 | #endif /* CONFIG_IEEE80211R */ |
| 1296 | |
| 1297 | return 0; |
| 1298 | } |
| 1299 | |
| 1300 | |
| 1301 | /** |
| 1302 | * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake |
| 1303 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 1304 | * @dst: Destination address for the frame |
| 1305 | * @key: Pointer to the EAPOL-Key frame header |
| 1306 | * @ver: Version bits from EAPOL-Key Key Info |
| 1307 | * @key_info: Key Info |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1308 | * @ptk: PTK to use for keyed hash and encryption |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1309 | * Returns: >= 0 on success, < 0 on failure |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1310 | */ |
| 1311 | int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, |
| 1312 | const struct wpa_eapol_key *key, |
| 1313 | u16 ver, u16 key_info, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1314 | struct wpa_ptk *ptk) |
| 1315 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1316 | size_t mic_len, hdrlen, rlen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1317 | struct wpa_eapol_key *reply; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1318 | u8 *rbuf, *key_mic; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1319 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1320 | mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1321 | hdrlen = sizeof(*reply) + mic_len + 2; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1322 | rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1323 | hdrlen, &rlen, (void *) &reply); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1324 | if (rbuf == NULL) |
| 1325 | return -1; |
| 1326 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1327 | reply->type = (sm->proto == WPA_PROTO_RSN || |
| 1328 | sm->proto == WPA_PROTO_OSEN) ? |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1329 | EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; |
| 1330 | key_info &= WPA_KEY_INFO_SECURE; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1331 | key_info |= ver | WPA_KEY_INFO_KEY_TYPE; |
| 1332 | if (mic_len) |
| 1333 | key_info |= WPA_KEY_INFO_MIC; |
| 1334 | else |
| 1335 | key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1336 | WPA_PUT_BE16(reply->key_info, key_info); |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1337 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1338 | WPA_PUT_BE16(reply->key_length, 0); |
| 1339 | else |
| 1340 | os_memcpy(reply->key_length, key->key_length, 2); |
| 1341 | os_memcpy(reply->replay_counter, key->replay_counter, |
| 1342 | WPA_REPLAY_COUNTER_LEN); |
| 1343 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1344 | key_mic = (u8 *) (reply + 1); |
| 1345 | WPA_PUT_BE16(key_mic + mic_len, 0); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1346 | |
| Roshan Pius | 5e7db94 | 2018-04-12 12:27:41 -0700 | [diff] [blame] | 1347 | wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 4/4"); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1348 | return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, |
| 1349 | key_mic); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1350 | } |
| 1351 | |
| 1352 | |
| 1353 | static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, |
| 1354 | const struct wpa_eapol_key *key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1355 | u16 ver, const u8 *key_data, |
| 1356 | size_t key_data_len) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1357 | { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1358 | u16 key_info, keylen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1359 | struct wpa_eapol_ie_parse ie; |
| 1360 | |
| 1361 | wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); |
| Roshan Pius | 5e7db94 | 2018-04-12 12:27:41 -0700 | [diff] [blame] | 1362 | wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: RX message 3 of 4-Way " |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1363 | "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); |
| 1364 | |
| 1365 | key_info = WPA_GET_BE16(key->key_info); |
| 1366 | |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1367 | wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); |
| 1368 | if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 1369 | goto failed; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1370 | if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
| 1371 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1372 | "WPA: GTK IE in unencrypted key data"); |
| 1373 | goto failed; |
| 1374 | } |
| 1375 | #ifdef CONFIG_IEEE80211W |
| 1376 | if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
| 1377 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1378 | "WPA: IGTK KDE in unencrypted key data"); |
| 1379 | goto failed; |
| 1380 | } |
| 1381 | |
| Dmitry Shmidt | b36ed7c | 2014-03-17 10:57:26 -0700 | [diff] [blame] | 1382 | if (ie.igtk && |
| 1383 | wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && |
| 1384 | ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + |
| 1385 | (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1386 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1387 | "WPA: Invalid IGTK KDE length %lu", |
| 1388 | (unsigned long) ie.igtk_len); |
| 1389 | goto failed; |
| 1390 | } |
| 1391 | #endif /* CONFIG_IEEE80211W */ |
| 1392 | |
| 1393 | if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) |
| 1394 | goto failed; |
| 1395 | |
| 1396 | if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { |
| 1397 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1398 | "WPA: ANonce from message 1 of 4-Way Handshake " |
| 1399 | "differs from 3 of 4-Way Handshake - drop packet (src=" |
| 1400 | MACSTR ")", MAC2STR(sm->bssid)); |
| 1401 | goto failed; |
| 1402 | } |
| 1403 | |
| 1404 | keylen = WPA_GET_BE16(key->key_length); |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 1405 | if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { |
| 1406 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1407 | "WPA: Invalid %s key length %d (src=" MACSTR |
| 1408 | ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, |
| 1409 | MAC2STR(sm->bssid)); |
| 1410 | goto failed; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1411 | } |
| 1412 | |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 1413 | #ifdef CONFIG_P2P |
| 1414 | if (ie.ip_addr_alloc) { |
| 1415 | os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); |
| 1416 | wpa_hexdump(MSG_DEBUG, "P2P: IP address info", |
| 1417 | sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); |
| 1418 | } |
| 1419 | #endif /* CONFIG_P2P */ |
| 1420 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1421 | if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1422 | &sm->ptk) < 0) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1423 | goto failed; |
| 1424 | } |
| 1425 | |
| 1426 | /* SNonce was successfully used in msg 3/4, so mark it to be renewed |
| 1427 | * for the next 4-Way Handshake. If msg 3 is received again, the old |
| 1428 | * SNonce will still be used to avoid changing PTK. */ |
| 1429 | sm->renew_snonce = 1; |
| 1430 | |
| 1431 | if (key_info & WPA_KEY_INFO_INSTALL) { |
| 1432 | if (wpa_supplicant_install_ptk(sm, key)) |
| 1433 | goto failed; |
| 1434 | } |
| 1435 | |
| 1436 | if (key_info & WPA_KEY_INFO_SECURE) { |
| 1437 | wpa_sm_mlme_setprotection( |
| 1438 | sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, |
| 1439 | MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); |
| 1440 | eapol_sm_notify_portValid(sm->eapol, TRUE); |
| 1441 | } |
| 1442 | wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); |
| 1443 | |
| Dmitry Shmidt | fb79edc | 2014-01-10 10:45:54 -0800 | [diff] [blame] | 1444 | if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { |
| 1445 | wpa_supplicant_key_neg_complete(sm, sm->bssid, |
| 1446 | key_info & WPA_KEY_INFO_SECURE); |
| 1447 | } else if (ie.gtk && |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1448 | wpa_supplicant_pairwise_gtk(sm, key, |
| 1449 | ie.gtk, ie.gtk_len, key_info) < 0) { |
| 1450 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1451 | "RSN: Failed to configure GTK"); |
| 1452 | goto failed; |
| 1453 | } |
| 1454 | |
| 1455 | if (ieee80211w_set_keys(sm, &ie) < 0) { |
| 1456 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1457 | "RSN: Failed to configure IGTK"); |
| 1458 | goto failed; |
| 1459 | } |
| 1460 | |
| Dmitry Shmidt | cce0666 | 2013-11-04 18:44:24 -0800 | [diff] [blame] | 1461 | if (ie.gtk) |
| 1462 | wpa_sm_set_rekey_offload(sm); |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 1463 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1464 | if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { |
| 1465 | struct rsn_pmksa_cache_entry *sa; |
| 1466 | |
| Dmitry Shmidt | 57c2d39 | 2016-02-23 13:40:19 -0800 | [diff] [blame] | 1467 | sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1468 | sm->ptk.kck, sm->ptk.kck_len, |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1469 | sm->bssid, sm->own_addr, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1470 | sm->network_ctx, sm->key_mgmt, NULL); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1471 | if (!sm->cur_pmksa) |
| 1472 | sm->cur_pmksa = sa; |
| 1473 | } |
| 1474 | |
| Dmitry Shmidt | 4dd28dc | 2015-03-10 11:21:43 -0700 | [diff] [blame] | 1475 | sm->msg_3_of_4_ok = 1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1476 | return; |
| 1477 | |
| 1478 | failed: |
| 1479 | wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); |
| 1480 | } |
| 1481 | |
| 1482 | |
| 1483 | static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, |
| 1484 | const u8 *keydata, |
| 1485 | size_t keydatalen, |
| 1486 | u16 key_info, |
| 1487 | struct wpa_gtk_data *gd) |
| 1488 | { |
| 1489 | int maxkeylen; |
| 1490 | struct wpa_eapol_ie_parse ie; |
| 1491 | |
| Dmitry Shmidt | ebd93af | 2017-02-21 13:40:44 -0800 | [diff] [blame] | 1492 | wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data", |
| 1493 | keydata, keydatalen); |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 1494 | if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) |
| 1495 | return -1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1496 | if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
| 1497 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1498 | "WPA: GTK IE in unencrypted key data"); |
| 1499 | return -1; |
| 1500 | } |
| 1501 | if (ie.gtk == NULL) { |
| 1502 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1503 | "WPA: No GTK IE in Group Key msg 1/2"); |
| 1504 | return -1; |
| 1505 | } |
| 1506 | maxkeylen = gd->gtk_len = ie.gtk_len - 2; |
| 1507 | |
| 1508 | if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
| 1509 | gd->gtk_len, maxkeylen, |
| 1510 | &gd->key_rsc_len, &gd->alg)) |
| 1511 | return -1; |
| 1512 | |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1513 | wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", |
| 1514 | ie.gtk, ie.gtk_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1515 | gd->keyidx = ie.gtk[0] & 0x3; |
| 1516 | gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, |
| 1517 | !!(ie.gtk[0] & BIT(2))); |
| 1518 | if (ie.gtk_len - 2 > sizeof(gd->gtk)) { |
| 1519 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1520 | "RSN: Too long GTK in GTK IE (len=%lu)", |
| 1521 | (unsigned long) ie.gtk_len - 2); |
| 1522 | return -1; |
| 1523 | } |
| 1524 | os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); |
| 1525 | |
| 1526 | if (ieee80211w_set_keys(sm, &ie) < 0) |
| 1527 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1528 | "RSN: Failed to configure IGTK"); |
| 1529 | |
| 1530 | return 0; |
| 1531 | } |
| 1532 | |
| 1533 | |
| 1534 | static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, |
| 1535 | const struct wpa_eapol_key *key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1536 | const u8 *key_data, |
| 1537 | size_t key_data_len, u16 key_info, |
| 1538 | u16 ver, struct wpa_gtk_data *gd) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1539 | { |
| 1540 | size_t maxkeylen; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1541 | u16 gtk_len; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1542 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1543 | gtk_len = WPA_GET_BE16(key->key_length); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1544 | maxkeylen = key_data_len; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1545 | if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |
| 1546 | if (maxkeylen < 8) { |
| 1547 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1548 | "WPA: Too short maxkeylen (%lu)", |
| 1549 | (unsigned long) maxkeylen); |
| 1550 | return -1; |
| 1551 | } |
| 1552 | maxkeylen -= 8; |
| 1553 | } |
| 1554 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1555 | if (gtk_len > maxkeylen || |
| 1556 | wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
| 1557 | gtk_len, maxkeylen, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1558 | &gd->key_rsc_len, &gd->alg)) |
| 1559 | return -1; |
| 1560 | |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1561 | gd->gtk_len = gtk_len; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1562 | gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> |
| 1563 | WPA_KEY_INFO_KEY_INDEX_SHIFT; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1564 | if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1565 | #ifdef CONFIG_NO_RC4 |
| 1566 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1567 | "WPA: RC4 not supported in the build"); |
| 1568 | return -1; |
| 1569 | #else /* CONFIG_NO_RC4 */ |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1570 | u8 ek[32]; |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1571 | if (key_data_len > sizeof(gd->gtk)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1572 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1573 | "WPA: RC4 key data too long (%lu)", |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1574 | (unsigned long) key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1575 | return -1; |
| 1576 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1577 | os_memcpy(ek, key->key_iv, 16); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1578 | os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1579 | os_memcpy(gd->gtk, key_data, key_data_len); |
| 1580 | if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1581 | os_memset(ek, 0, sizeof(ek)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1582 | wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, |
| 1583 | "WPA: RC4 failed"); |
| 1584 | return -1; |
| 1585 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1586 | os_memset(ek, 0, sizeof(ek)); |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1587 | #endif /* CONFIG_NO_RC4 */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1588 | } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1589 | if (maxkeylen % 8) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1590 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1591 | "WPA: Unsupported AES-WRAP len %lu", |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1592 | (unsigned long) maxkeylen); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1593 | return -1; |
| 1594 | } |
| 1595 | if (maxkeylen > sizeof(gd->gtk)) { |
| 1596 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1597 | "WPA: AES-WRAP key data " |
| 1598 | "too long (keydatalen=%lu maxkeylen=%lu)", |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1599 | (unsigned long) key_data_len, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1600 | (unsigned long) maxkeylen); |
| 1601 | return -1; |
| 1602 | } |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1603 | if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, |
| 1604 | key_data, gd->gtk)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1605 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1606 | "WPA: AES unwrap failed - could not decrypt " |
| 1607 | "GTK"); |
| 1608 | return -1; |
| 1609 | } |
| 1610 | } else { |
| 1611 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1612 | "WPA: Unsupported key_info type %d", ver); |
| 1613 | return -1; |
| 1614 | } |
| 1615 | gd->tx = wpa_supplicant_gtk_tx_bit_workaround( |
| 1616 | sm, !!(key_info & WPA_KEY_INFO_TXRX)); |
| 1617 | return 0; |
| 1618 | } |
| 1619 | |
| 1620 | |
| 1621 | static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, |
| 1622 | const struct wpa_eapol_key *key, |
| 1623 | int ver, u16 key_info) |
| 1624 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1625 | size_t mic_len, hdrlen, rlen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1626 | struct wpa_eapol_key *reply; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1627 | u8 *rbuf, *key_mic; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1628 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1629 | mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1630 | hdrlen = sizeof(*reply) + mic_len + 2; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1631 | rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1632 | hdrlen, &rlen, (void *) &reply); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1633 | if (rbuf == NULL) |
| 1634 | return -1; |
| 1635 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1636 | reply->type = (sm->proto == WPA_PROTO_RSN || |
| 1637 | sm->proto == WPA_PROTO_OSEN) ? |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1638 | EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; |
| 1639 | key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1640 | key_info |= ver | WPA_KEY_INFO_SECURE; |
| 1641 | if (mic_len) |
| 1642 | key_info |= WPA_KEY_INFO_MIC; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1643 | else |
| 1644 | key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1645 | WPA_PUT_BE16(reply->key_info, key_info); |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1646 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1647 | WPA_PUT_BE16(reply->key_length, 0); |
| 1648 | else |
| 1649 | os_memcpy(reply->key_length, key->key_length, 2); |
| 1650 | os_memcpy(reply->replay_counter, key->replay_counter, |
| 1651 | WPA_REPLAY_COUNTER_LEN); |
| 1652 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1653 | key_mic = (u8 *) (reply + 1); |
| 1654 | WPA_PUT_BE16(key_mic + mic_len, 0); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1655 | |
| 1656 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1657 | return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL, |
| 1658 | rbuf, rlen, key_mic); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1659 | } |
| 1660 | |
| 1661 | |
| 1662 | static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, |
| 1663 | const unsigned char *src_addr, |
| 1664 | const struct wpa_eapol_key *key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1665 | const u8 *key_data, |
| 1666 | size_t key_data_len, u16 ver) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1667 | { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1668 | u16 key_info; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1669 | int rekey, ret; |
| 1670 | struct wpa_gtk_data gd; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1671 | const u8 *key_rsc; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1672 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1673 | if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) { |
| Dmitry Shmidt | 4dd28dc | 2015-03-10 11:21:43 -0700 | [diff] [blame] | 1674 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 1675 | "WPA: Group Key Handshake started prior to completion of 4-way handshake"); |
| 1676 | goto failed; |
| 1677 | } |
| 1678 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1679 | os_memset(&gd, 0, sizeof(gd)); |
| 1680 | |
| 1681 | rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; |
| 1682 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " |
| 1683 | "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); |
| 1684 | |
| 1685 | key_info = WPA_GET_BE16(key->key_info); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1686 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1687 | if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1688 | ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, |
| 1689 | key_data_len, key_info, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1690 | &gd); |
| 1691 | } else { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1692 | ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, |
| 1693 | key_data_len, |
| 1694 | key_info, ver, &gd); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1695 | } |
| 1696 | |
| 1697 | wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); |
| 1698 | |
| 1699 | if (ret) |
| 1700 | goto failed; |
| 1701 | |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1702 | key_rsc = key->key_rsc; |
| 1703 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) |
| 1704 | key_rsc = null_rsc; |
| 1705 | |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 1706 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1707 | wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1708 | goto failed; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1709 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1710 | |
| 1711 | if (rekey) { |
| 1712 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " |
| 1713 | "completed with " MACSTR " [GTK=%s]", |
| 1714 | MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); |
| 1715 | wpa_sm_cancel_auth_timeout(sm); |
| 1716 | wpa_sm_set_state(sm, WPA_COMPLETED); |
| 1717 | } else { |
| 1718 | wpa_supplicant_key_neg_complete(sm, sm->bssid, |
| 1719 | key_info & |
| 1720 | WPA_KEY_INFO_SECURE); |
| 1721 | } |
| Dmitry Shmidt | cce0666 | 2013-11-04 18:44:24 -0800 | [diff] [blame] | 1722 | |
| 1723 | wpa_sm_set_rekey_offload(sm); |
| 1724 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1725 | return; |
| 1726 | |
| 1727 | failed: |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 1728 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1729 | wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); |
| 1730 | } |
| 1731 | |
| 1732 | |
| 1733 | static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1734 | struct wpa_eapol_key *key, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1735 | u16 ver, |
| 1736 | const u8 *buf, size_t len) |
| 1737 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1738 | u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1739 | int ok = 0; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1740 | size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1741 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1742 | os_memcpy(mic, key + 1, mic_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1743 | if (sm->tptk_set) { |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1744 | os_memset(key + 1, 0, mic_len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1745 | if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, |
| 1746 | sm->key_mgmt, |
| 1747 | ver, buf, len, (u8 *) (key + 1)) < 0 || |
| 1748 | os_memcmp_const(mic, key + 1, mic_len) != 0) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1749 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1750 | "WPA: Invalid EAPOL-Key MIC " |
| 1751 | "when using TPTK - ignoring TPTK"); |
| 1752 | } else { |
| 1753 | ok = 1; |
| 1754 | sm->tptk_set = 0; |
| 1755 | sm->ptk_set = 1; |
| 1756 | os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1757 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1758 | /* |
| 1759 | * This assures the same TPTK in sm->tptk can never be |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 1760 | * copied twice to sm->ptk as the new PTK. In |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1761 | * combination with the installed flag in the wpa_ptk |
| 1762 | * struct, this assures the same PTK is only installed |
| 1763 | * once. |
| 1764 | */ |
| 1765 | sm->renew_snonce = 1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1766 | } |
| 1767 | } |
| 1768 | |
| 1769 | if (!ok && sm->ptk_set) { |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1770 | os_memset(key + 1, 0, mic_len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1771 | if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, |
| 1772 | sm->key_mgmt, |
| 1773 | ver, buf, len, (u8 *) (key + 1)) < 0 || |
| 1774 | os_memcmp_const(mic, key + 1, mic_len) != 0) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1775 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1776 | "WPA: Invalid EAPOL-Key MIC - " |
| 1777 | "dropping packet"); |
| 1778 | return -1; |
| 1779 | } |
| 1780 | ok = 1; |
| 1781 | } |
| 1782 | |
| 1783 | if (!ok) { |
| 1784 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1785 | "WPA: Could not verify EAPOL-Key MIC - " |
| 1786 | "dropping packet"); |
| 1787 | return -1; |
| 1788 | } |
| 1789 | |
| 1790 | os_memcpy(sm->rx_replay_counter, key->replay_counter, |
| 1791 | WPA_REPLAY_COUNTER_LEN); |
| 1792 | sm->rx_replay_counter_set = 1; |
| 1793 | return 0; |
| 1794 | } |
| 1795 | |
| 1796 | |
| 1797 | /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ |
| 1798 | static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1799 | struct wpa_eapol_key *key, |
| 1800 | size_t mic_len, u16 ver, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1801 | u8 *key_data, size_t *key_data_len) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1802 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1803 | wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1804 | key_data, *key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1805 | if (!sm->ptk_set) { |
| 1806 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1807 | "WPA: PTK not available, cannot decrypt EAPOL-Key Key " |
| 1808 | "Data"); |
| 1809 | return -1; |
| 1810 | } |
| 1811 | |
| 1812 | /* Decrypt key data here so that this operation does not need |
| 1813 | * to be implemented separately for each message type. */ |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1814 | if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1815 | #ifdef CONFIG_NO_RC4 |
| 1816 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1817 | "WPA: RC4 not supported in the build"); |
| 1818 | return -1; |
| 1819 | #else /* CONFIG_NO_RC4 */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1820 | u8 ek[32]; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1821 | |
| 1822 | wpa_printf(MSG_DEBUG, "WPA: Decrypt Key Data using RC4"); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1823 | os_memcpy(ek, key->key_iv, 16); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1824 | os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1825 | if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1826 | os_memset(ek, 0, sizeof(ek)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1827 | wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, |
| 1828 | "WPA: RC4 failed"); |
| 1829 | return -1; |
| 1830 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 1831 | os_memset(ek, 0, sizeof(ek)); |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 1832 | #endif /* CONFIG_NO_RC4 */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1833 | } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 1834 | ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 1835 | wpa_use_aes_key_wrap(sm->key_mgmt)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1836 | u8 *buf; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 1837 | |
| 1838 | wpa_printf(MSG_DEBUG, |
| 1839 | "WPA: Decrypt Key Data using AES-UNWRAP (KEK length %u)", |
| 1840 | (unsigned int) sm->ptk.kek_len); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1841 | if (*key_data_len < 8 || *key_data_len % 8) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1842 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1843 | "WPA: Unsupported AES-WRAP len %u", |
| 1844 | (unsigned int) *key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1845 | return -1; |
| 1846 | } |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1847 | *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ |
| 1848 | buf = os_malloc(*key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1849 | if (buf == NULL) { |
| 1850 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1851 | "WPA: No memory for AES-UNWRAP buffer"); |
| 1852 | return -1; |
| 1853 | } |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1854 | if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1855 | key_data, buf)) { |
| Dmitry Shmidt | 7d56b75 | 2015-12-22 10:59:44 -0800 | [diff] [blame] | 1856 | bin_clear_free(buf, *key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1857 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1858 | "WPA: AES unwrap failed - " |
| 1859 | "could not decrypt EAPOL-Key key data"); |
| 1860 | return -1; |
| 1861 | } |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1862 | os_memcpy(key_data, buf, *key_data_len); |
| Dmitry Shmidt | 7d56b75 | 2015-12-22 10:59:44 -0800 | [diff] [blame] | 1863 | bin_clear_free(buf, *key_data_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1864 | WPA_PUT_BE16(((u8 *) (key + 1)) + mic_len, *key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1865 | } else { |
| 1866 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 1867 | "WPA: Unsupported key_info type %d", ver); |
| 1868 | return -1; |
| 1869 | } |
| 1870 | wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 1871 | key_data, *key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1872 | return 0; |
| 1873 | } |
| 1874 | |
| 1875 | |
| 1876 | /** |
| 1877 | * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted |
| 1878 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 1879 | */ |
| 1880 | void wpa_sm_aborted_cached(struct wpa_sm *sm) |
| 1881 | { |
| 1882 | if (sm && sm->cur_pmksa) { |
| 1883 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1884 | "RSN: Cancelling PMKSA caching attempt"); |
| 1885 | sm->cur_pmksa = NULL; |
| 1886 | } |
| 1887 | } |
| 1888 | |
| 1889 | |
| 1890 | static void wpa_eapol_key_dump(struct wpa_sm *sm, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1891 | const struct wpa_eapol_key *key, |
| 1892 | unsigned int key_data_len, |
| 1893 | const u8 *mic, unsigned int mic_len) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1894 | { |
| 1895 | #ifndef CONFIG_NO_STDOUT_DEBUG |
| 1896 | u16 key_info = WPA_GET_BE16(key->key_info); |
| 1897 | |
| 1898 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); |
| 1899 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1900 | " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", |
| 1901 | key_info, key_info & WPA_KEY_INFO_TYPE_MASK, |
| 1902 | (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> |
| 1903 | WPA_KEY_INFO_KEY_INDEX_SHIFT, |
| 1904 | (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, |
| 1905 | key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", |
| 1906 | key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", |
| 1907 | key_info & WPA_KEY_INFO_ACK ? " Ack" : "", |
| 1908 | key_info & WPA_KEY_INFO_MIC ? " MIC" : "", |
| 1909 | key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", |
| 1910 | key_info & WPA_KEY_INFO_ERROR ? " Error" : "", |
| 1911 | key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", |
| 1912 | key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); |
| 1913 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 1914 | " key_length=%u key_data_length=%u", |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1915 | WPA_GET_BE16(key->key_length), key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1916 | wpa_hexdump(MSG_DEBUG, " replay_counter", |
| 1917 | key->replay_counter, WPA_REPLAY_COUNTER_LEN); |
| 1918 | wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); |
| 1919 | wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); |
| 1920 | wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); |
| 1921 | wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 1922 | wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1923 | #endif /* CONFIG_NO_STDOUT_DEBUG */ |
| 1924 | } |
| 1925 | |
| 1926 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 1927 | #ifdef CONFIG_FILS |
| 1928 | static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len, |
| 1929 | size_t *key_data_len) |
| 1930 | { |
| 1931 | struct wpa_ptk *ptk; |
| 1932 | struct ieee802_1x_hdr *hdr; |
| 1933 | struct wpa_eapol_key *key; |
| 1934 | u8 *pos, *tmp; |
| 1935 | const u8 *aad[1]; |
| 1936 | size_t aad_len[1]; |
| 1937 | |
| 1938 | if (*key_data_len < AES_BLOCK_SIZE) { |
| 1939 | wpa_printf(MSG_INFO, "No room for AES-SIV data in the frame"); |
| 1940 | return -1; |
| 1941 | } |
| 1942 | |
| 1943 | if (sm->tptk_set) |
| 1944 | ptk = &sm->tptk; |
| 1945 | else if (sm->ptk_set) |
| 1946 | ptk = &sm->ptk; |
| 1947 | else |
| 1948 | return -1; |
| 1949 | |
| 1950 | hdr = (struct ieee802_1x_hdr *) buf; |
| 1951 | key = (struct wpa_eapol_key *) (hdr + 1); |
| 1952 | pos = (u8 *) (key + 1); |
| 1953 | pos += 2; /* Pointing at the Encrypted Key Data field */ |
| 1954 | |
| 1955 | tmp = os_malloc(*key_data_len); |
| 1956 | if (!tmp) |
| 1957 | return -1; |
| 1958 | |
| 1959 | /* AES-SIV AAD from EAPOL protocol version field (inclusive) to |
| 1960 | * to Key Data (exclusive). */ |
| 1961 | aad[0] = buf; |
| 1962 | aad_len[0] = pos - buf; |
| 1963 | if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, *key_data_len, |
| 1964 | 1, aad, aad_len, tmp) < 0) { |
| 1965 | wpa_printf(MSG_INFO, "Invalid AES-SIV data in the frame"); |
| 1966 | bin_clear_free(tmp, *key_data_len); |
| 1967 | return -1; |
| 1968 | } |
| 1969 | |
| 1970 | /* AEAD decryption and validation completed successfully */ |
| 1971 | (*key_data_len) -= AES_BLOCK_SIZE; |
| 1972 | wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data", |
| 1973 | tmp, *key_data_len); |
| 1974 | |
| 1975 | /* Replace Key Data field with the decrypted version */ |
| 1976 | os_memcpy(pos, tmp, *key_data_len); |
| 1977 | pos -= 2; /* Key Data Length field */ |
| 1978 | WPA_PUT_BE16(pos, *key_data_len); |
| 1979 | bin_clear_free(tmp, *key_data_len); |
| 1980 | |
| 1981 | if (sm->tptk_set) { |
| 1982 | sm->tptk_set = 0; |
| 1983 | sm->ptk_set = 1; |
| 1984 | os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); |
| 1985 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| 1986 | } |
| 1987 | |
| 1988 | os_memcpy(sm->rx_replay_counter, key->replay_counter, |
| 1989 | WPA_REPLAY_COUNTER_LEN); |
| 1990 | sm->rx_replay_counter_set = 1; |
| 1991 | |
| 1992 | return 0; |
| 1993 | } |
| 1994 | #endif /* CONFIG_FILS */ |
| 1995 | |
| 1996 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1997 | /** |
| 1998 | * wpa_sm_rx_eapol - Process received WPA EAPOL frames |
| 1999 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2000 | * @src_addr: Source MAC address of the EAPOL packet |
| 2001 | * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) |
| 2002 | * @len: Length of the EAPOL frame |
| 2003 | * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure |
| 2004 | * |
| 2005 | * This function is called for each received EAPOL frame. Other than EAPOL-Key |
| 2006 | * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is |
| 2007 | * only processing WPA and WPA2 EAPOL-Key frames. |
| 2008 | * |
| 2009 | * The received EAPOL-Key packets are validated and valid packets are replied |
| 2010 | * to. In addition, key material (PTK, GTK) is configured at the end of a |
| 2011 | * successful key handshake. |
| 2012 | */ |
| 2013 | int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, |
| 2014 | const u8 *buf, size_t len) |
| 2015 | { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2016 | size_t plen, data_len, key_data_len; |
| 2017 | const struct ieee802_1x_hdr *hdr; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2018 | struct wpa_eapol_key *key; |
| 2019 | u16 key_info, ver; |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2020 | u8 *tmp = NULL; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2021 | int ret = -1; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2022 | u8 *mic, *key_data; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2023 | size_t mic_len, keyhdrlen; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2024 | |
| 2025 | #ifdef CONFIG_IEEE80211R |
| 2026 | sm->ft_completed = 0; |
| 2027 | #endif /* CONFIG_IEEE80211R */ |
| 2028 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2029 | mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2030 | keyhdrlen = sizeof(*key) + mic_len + 2; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2031 | |
| 2032 | if (len < sizeof(*hdr) + keyhdrlen) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2033 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2034 | "WPA: EAPOL frame too short to be a WPA " |
| 2035 | "EAPOL-Key (len %lu, expecting at least %lu)", |
| 2036 | (unsigned long) len, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2037 | (unsigned long) sizeof(*hdr) + keyhdrlen); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2038 | return 0; |
| 2039 | } |
| 2040 | |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2041 | hdr = (const struct ieee802_1x_hdr *) buf; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2042 | plen = be_to_host16(hdr->length); |
| 2043 | data_len = plen + sizeof(*hdr); |
| 2044 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2045 | "IEEE 802.1X RX: version=%d type=%d length=%lu", |
| 2046 | hdr->version, hdr->type, (unsigned long) plen); |
| 2047 | |
| 2048 | if (hdr->version < EAPOL_VERSION) { |
| 2049 | /* TODO: backwards compatibility */ |
| 2050 | } |
| 2051 | if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { |
| 2052 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2053 | "WPA: EAPOL frame (type %u) discarded, " |
| 2054 | "not a Key frame", hdr->type); |
| 2055 | ret = 0; |
| 2056 | goto out; |
| 2057 | } |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2058 | wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2059 | if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2060 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2061 | "WPA: EAPOL frame payload size %lu " |
| 2062 | "invalid (frame size %lu)", |
| 2063 | (unsigned long) plen, (unsigned long) len); |
| 2064 | ret = 0; |
| 2065 | goto out; |
| 2066 | } |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2067 | if (data_len < len) { |
| 2068 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2069 | "WPA: ignoring %lu bytes after the IEEE 802.1X data", |
| 2070 | (unsigned long) len - data_len); |
| 2071 | } |
| 2072 | |
| 2073 | /* |
| 2074 | * Make a copy of the frame since we need to modify the buffer during |
| 2075 | * MAC validation and Key Data decryption. |
| 2076 | */ |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2077 | tmp = os_memdup(buf, data_len); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2078 | if (tmp == NULL) |
| 2079 | goto out; |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2080 | key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2081 | mic = (u8 *) (key + 1); |
| 2082 | key_data = mic + mic_len + 2; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2083 | |
| 2084 | if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) |
| 2085 | { |
| 2086 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2087 | "WPA: EAPOL-Key type (%d) unknown, discarded", |
| 2088 | key->type); |
| 2089 | ret = 0; |
| 2090 | goto out; |
| 2091 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2092 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2093 | key_data_len = WPA_GET_BE16(mic + mic_len); |
| 2094 | wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len); |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2095 | |
| 2096 | if (key_data_len > plen - keyhdrlen) { |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2097 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " |
| 2098 | "frame - key_data overflow (%u > %u)", |
| 2099 | (unsigned int) key_data_len, |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2100 | (unsigned int) (plen - keyhdrlen)); |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2101 | goto out; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2102 | } |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2103 | |
| 2104 | eapol_sm_notify_lower_layer_success(sm->eapol, 0); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2105 | key_info = WPA_GET_BE16(key->key_info); |
| 2106 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; |
| 2107 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && |
| 2108 | #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) |
| 2109 | ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && |
| 2110 | #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 2111 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2112 | !wpa_use_akm_defined(sm->key_mgmt)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2113 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2114 | "WPA: Unsupported EAPOL-Key descriptor version %d", |
| 2115 | ver); |
| 2116 | goto out; |
| 2117 | } |
| 2118 | |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2119 | if (wpa_use_akm_defined(sm->key_mgmt) && |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2120 | ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { |
| 2121 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2122 | "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", |
| 2123 | ver); |
| 2124 | goto out; |
| 2125 | } |
| 2126 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2127 | #ifdef CONFIG_IEEE80211R |
| 2128 | if (wpa_key_mgmt_ft(sm->key_mgmt)) { |
| 2129 | /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2130 | if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && |
| 2131 | !wpa_use_akm_defined(sm->key_mgmt)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2132 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2133 | "FT: AP did not use AES-128-CMAC"); |
| 2134 | goto out; |
| 2135 | } |
| 2136 | } else |
| 2137 | #endif /* CONFIG_IEEE80211R */ |
| 2138 | #ifdef CONFIG_IEEE80211W |
| 2139 | if (wpa_key_mgmt_sha256(sm->key_mgmt)) { |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 2140 | if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2141 | !wpa_use_akm_defined(sm->key_mgmt)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2142 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2143 | "WPA: AP did not use the " |
| 2144 | "negotiated AES-128-CMAC"); |
| 2145 | goto out; |
| 2146 | } |
| 2147 | } else |
| 2148 | #endif /* CONFIG_IEEE80211W */ |
| 2149 | if (sm->pairwise_cipher == WPA_CIPHER_CCMP && |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2150 | !wpa_use_akm_defined(sm->key_mgmt) && |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2151 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |
| 2152 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2153 | "WPA: CCMP is used, but EAPOL-Key " |
| 2154 | "descriptor version (%d) is not 2", ver); |
| 2155 | if (sm->group_cipher != WPA_CIPHER_CCMP && |
| 2156 | !(key_info & WPA_KEY_INFO_KEY_TYPE)) { |
| 2157 | /* Earlier versions of IEEE 802.11i did not explicitly |
| 2158 | * require version 2 descriptor for all EAPOL-Key |
| 2159 | * packets, so allow group keys to use version 1 if |
| 2160 | * CCMP is not used for them. */ |
| 2161 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2162 | "WPA: Backwards compatibility: allow invalid " |
| 2163 | "version for non-CCMP group keys"); |
| Jouni Malinen | 658fb4a | 2014-11-14 20:57:05 +0200 | [diff] [blame] | 2164 | } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { |
| 2165 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2166 | "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2167 | } else |
| 2168 | goto out; |
| Dmitry Shmidt | 7175743 | 2014-06-02 13:50:35 -0700 | [diff] [blame] | 2169 | } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2170 | !wpa_use_akm_defined(sm->key_mgmt) && |
| Dmitry Shmidt | 7175743 | 2014-06-02 13:50:35 -0700 | [diff] [blame] | 2171 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 2172 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2173 | "WPA: GCMP is used, but EAPOL-Key " |
| 2174 | "descriptor version (%d) is not 2", ver); |
| 2175 | goto out; |
| 2176 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2177 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2178 | if (sm->rx_replay_counter_set && |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2179 | os_memcmp(key->replay_counter, sm->rx_replay_counter, |
| 2180 | WPA_REPLAY_COUNTER_LEN) <= 0) { |
| 2181 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 2182 | "WPA: EAPOL-Key Replay Counter did not increase - " |
| 2183 | "dropping packet"); |
| 2184 | goto out; |
| 2185 | } |
| 2186 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2187 | if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { |
| 2188 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2189 | "WPA: Unsupported SMK bit in key_info"); |
| 2190 | goto out; |
| 2191 | } |
| 2192 | |
| 2193 | if (!(key_info & WPA_KEY_INFO_ACK)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2194 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2195 | "WPA: No Ack bit in key_info"); |
| 2196 | goto out; |
| 2197 | } |
| 2198 | |
| 2199 | if (key_info & WPA_KEY_INFO_REQUEST) { |
| 2200 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, |
| 2201 | "WPA: EAPOL-Key with Request bit - dropped"); |
| 2202 | goto out; |
| 2203 | } |
| 2204 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2205 | if ((key_info & WPA_KEY_INFO_MIC) && |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2206 | wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2207 | goto out; |
| 2208 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2209 | #ifdef CONFIG_FILS |
| 2210 | if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
| 2211 | if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len)) |
| 2212 | goto out; |
| 2213 | } |
| 2214 | #endif /* CONFIG_FILS */ |
| 2215 | |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 2216 | if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2217 | (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) { |
| 2218 | if (wpa_supplicant_decrypt_key_data(sm, key, mic_len, |
| 2219 | ver, key_data, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2220 | &key_data_len)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2221 | goto out; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2222 | } |
| 2223 | |
| 2224 | if (key_info & WPA_KEY_INFO_KEY_TYPE) { |
| 2225 | if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { |
| 2226 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 2227 | "WPA: Ignored EAPOL-Key (Pairwise) with " |
| 2228 | "non-zero key index"); |
| 2229 | goto out; |
| 2230 | } |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2231 | if (key_info & (WPA_KEY_INFO_MIC | |
| 2232 | WPA_KEY_INFO_ENCR_KEY_DATA)) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2233 | /* 3/4 4-Way Handshake */ |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2234 | wpa_supplicant_process_3_of_4(sm, key, ver, key_data, |
| 2235 | key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2236 | } else { |
| 2237 | /* 1/4 4-Way Handshake */ |
| 2238 | wpa_supplicant_process_1_of_4(sm, src_addr, key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2239 | ver, key_data, |
| 2240 | key_data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2241 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2242 | } else { |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2243 | if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) || |
| 2244 | (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2245 | /* 1/2 Group Key Handshake */ |
| 2246 | wpa_supplicant_process_1_of_2(sm, src_addr, key, |
| Dmitry Shmidt | 43cb578 | 2014-06-16 16:23:22 -0700 | [diff] [blame] | 2247 | key_data, key_data_len, |
| 2248 | ver); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2249 | } else { |
| 2250 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2251 | "WPA: EAPOL-Key (Group) without Mic/Encr bit - " |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2252 | "dropped"); |
| 2253 | } |
| 2254 | } |
| 2255 | |
| 2256 | ret = 1; |
| 2257 | |
| 2258 | out: |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2259 | bin_clear_free(tmp, data_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2260 | return ret; |
| 2261 | } |
| 2262 | |
| 2263 | |
| 2264 | #ifdef CONFIG_CTRL_IFACE |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2265 | static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) |
| 2266 | { |
| 2267 | switch (sm->key_mgmt) { |
| 2268 | case WPA_KEY_MGMT_IEEE8021X: |
| Dmitry Shmidt | f21452a | 2014-02-26 10:55:25 -0800 | [diff] [blame] | 2269 | return ((sm->proto == WPA_PROTO_RSN || |
| 2270 | sm->proto == WPA_PROTO_OSEN) ? |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2271 | RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : |
| 2272 | WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); |
| 2273 | case WPA_KEY_MGMT_PSK: |
| 2274 | return (sm->proto == WPA_PROTO_RSN ? |
| 2275 | RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : |
| 2276 | WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); |
| 2277 | #ifdef CONFIG_IEEE80211R |
| 2278 | case WPA_KEY_MGMT_FT_IEEE8021X: |
| 2279 | return RSN_AUTH_KEY_MGMT_FT_802_1X; |
| 2280 | case WPA_KEY_MGMT_FT_PSK: |
| 2281 | return RSN_AUTH_KEY_MGMT_FT_PSK; |
| 2282 | #endif /* CONFIG_IEEE80211R */ |
| 2283 | #ifdef CONFIG_IEEE80211W |
| 2284 | case WPA_KEY_MGMT_IEEE8021X_SHA256: |
| 2285 | return RSN_AUTH_KEY_MGMT_802_1X_SHA256; |
| 2286 | case WPA_KEY_MGMT_PSK_SHA256: |
| 2287 | return RSN_AUTH_KEY_MGMT_PSK_SHA256; |
| 2288 | #endif /* CONFIG_IEEE80211W */ |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2289 | case WPA_KEY_MGMT_CCKM: |
| 2290 | return (sm->proto == WPA_PROTO_RSN ? |
| 2291 | RSN_AUTH_KEY_MGMT_CCKM: |
| 2292 | WPA_AUTH_KEY_MGMT_CCKM); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2293 | case WPA_KEY_MGMT_WPA_NONE: |
| 2294 | return WPA_AUTH_KEY_MGMT_NONE; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2295 | case WPA_KEY_MGMT_IEEE8021X_SUITE_B: |
| 2296 | return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 2297 | case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: |
| 2298 | return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2299 | default: |
| 2300 | return 0; |
| 2301 | } |
| 2302 | } |
| 2303 | |
| 2304 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2305 | #define RSN_SUITE "%02x-%02x-%02x-%d" |
| 2306 | #define RSN_SUITE_ARG(s) \ |
| 2307 | ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff |
| 2308 | |
| 2309 | /** |
| 2310 | * wpa_sm_get_mib - Dump text list of MIB entries |
| 2311 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2312 | * @buf: Buffer for the list |
| 2313 | * @buflen: Length of the buffer |
| 2314 | * Returns: Number of bytes written to buffer |
| 2315 | * |
| 2316 | * This function is used fetch dot11 MIB variables. |
| 2317 | */ |
| 2318 | int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) |
| 2319 | { |
| 2320 | char pmkid_txt[PMKID_LEN * 2 + 1]; |
| 2321 | int rsna, ret; |
| 2322 | size_t len; |
| 2323 | |
| 2324 | if (sm->cur_pmksa) { |
| 2325 | wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), |
| 2326 | sm->cur_pmksa->pmkid, PMKID_LEN); |
| 2327 | } else |
| 2328 | pmkid_txt[0] = '\0'; |
| 2329 | |
| 2330 | if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || |
| 2331 | wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && |
| 2332 | sm->proto == WPA_PROTO_RSN) |
| 2333 | rsna = 1; |
| 2334 | else |
| 2335 | rsna = 0; |
| 2336 | |
| 2337 | ret = os_snprintf(buf, buflen, |
| 2338 | "dot11RSNAOptionImplemented=TRUE\n" |
| 2339 | "dot11RSNAPreauthenticationImplemented=TRUE\n" |
| 2340 | "dot11RSNAEnabled=%s\n" |
| 2341 | "dot11RSNAPreauthenticationEnabled=%s\n" |
| 2342 | "dot11RSNAConfigVersion=%d\n" |
| 2343 | "dot11RSNAConfigPairwiseKeysSupported=5\n" |
| 2344 | "dot11RSNAConfigGroupCipherSize=%d\n" |
| 2345 | "dot11RSNAConfigPMKLifetime=%d\n" |
| 2346 | "dot11RSNAConfigPMKReauthThreshold=%d\n" |
| 2347 | "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" |
| 2348 | "dot11RSNAConfigSATimeout=%d\n", |
| 2349 | rsna ? "TRUE" : "FALSE", |
| 2350 | rsna ? "TRUE" : "FALSE", |
| 2351 | RSN_VERSION, |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 2352 | wpa_cipher_key_len(sm->group_cipher) * 8, |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2353 | sm->dot11RSNAConfigPMKLifetime, |
| 2354 | sm->dot11RSNAConfigPMKReauthThreshold, |
| 2355 | sm->dot11RSNAConfigSATimeout); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2356 | if (os_snprintf_error(buflen, ret)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2357 | return 0; |
| 2358 | len = ret; |
| 2359 | |
| 2360 | ret = os_snprintf( |
| 2361 | buf + len, buflen - len, |
| 2362 | "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" |
| 2363 | "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" |
| 2364 | "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" |
| 2365 | "dot11RSNAPMKIDUsed=%s\n" |
| 2366 | "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" |
| 2367 | "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" |
| 2368 | "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" |
| 2369 | "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" |
| 2370 | "dot11RSNA4WayHandshakeFailures=%u\n", |
| 2371 | RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 2372 | RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, |
| 2373 | sm->pairwise_cipher)), |
| 2374 | RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, |
| 2375 | sm->group_cipher)), |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2376 | pmkid_txt, |
| 2377 | RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), |
| Dmitry Shmidt | 4530cfd | 2012-09-09 15:20:40 -0700 | [diff] [blame] | 2378 | RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, |
| 2379 | sm->pairwise_cipher)), |
| 2380 | RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, |
| 2381 | sm->group_cipher)), |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2382 | sm->dot11RSNA4WayHandshakeFailures); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2383 | if (!os_snprintf_error(buflen - len, ret)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2384 | len += ret; |
| 2385 | |
| 2386 | return (int) len; |
| 2387 | } |
| 2388 | #endif /* CONFIG_CTRL_IFACE */ |
| 2389 | |
| 2390 | |
| 2391 | static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2392 | void *ctx, enum pmksa_free_reason reason) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2393 | { |
| 2394 | struct wpa_sm *sm = ctx; |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2395 | int deauth = 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2396 | |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2397 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " |
| 2398 | MACSTR " reason=%d", MAC2STR(entry->aa), reason); |
| 2399 | |
| 2400 | if (sm->cur_pmksa == entry) { |
| 2401 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2402 | "RSN: %s current PMKSA entry", |
| 2403 | reason == PMKSA_REPLACE ? "replaced" : "removed"); |
| 2404 | pmksa_cache_clear_current(sm); |
| 2405 | |
| 2406 | /* |
| 2407 | * If an entry is simply being replaced, there's no need to |
| 2408 | * deauthenticate because it will be immediately re-added. |
| 2409 | * This happens when EAP authentication is completed again |
| 2410 | * (reauth or failed PMKSA caching attempt). |
| 2411 | */ |
| 2412 | if (reason != PMKSA_REPLACE) |
| 2413 | deauth = 1; |
| 2414 | } |
| 2415 | |
| 2416 | if (reason == PMKSA_EXPIRE && |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2417 | (sm->pmk_len == entry->pmk_len && |
| 2418 | os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { |
| 2419 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2420 | "RSN: deauthenticating due to expired PMK"); |
| 2421 | pmksa_cache_clear_current(sm); |
| 2422 | deauth = 1; |
| 2423 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2424 | |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2425 | if (deauth) { |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 2426 | sm->pmk_len = 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2427 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); |
| 2428 | wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); |
| 2429 | } |
| 2430 | } |
| 2431 | |
| 2432 | |
| 2433 | /** |
| 2434 | * wpa_sm_init - Initialize WPA state machine |
| 2435 | * @ctx: Context pointer for callbacks; this needs to be an allocated buffer |
| 2436 | * Returns: Pointer to the allocated WPA state machine data |
| 2437 | * |
| 2438 | * This function is used to allocate a new WPA state machine and the returned |
| 2439 | * value is passed to all WPA state machine calls. |
| 2440 | */ |
| 2441 | struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) |
| 2442 | { |
| 2443 | struct wpa_sm *sm; |
| 2444 | |
| 2445 | sm = os_zalloc(sizeof(*sm)); |
| 2446 | if (sm == NULL) |
| 2447 | return NULL; |
| 2448 | dl_list_init(&sm->pmksa_candidates); |
| 2449 | sm->renew_snonce = 1; |
| 2450 | sm->ctx = ctx; |
| 2451 | |
| 2452 | sm->dot11RSNAConfigPMKLifetime = 43200; |
| 2453 | sm->dot11RSNAConfigPMKReauthThreshold = 70; |
| 2454 | sm->dot11RSNAConfigSATimeout = 60; |
| 2455 | |
| 2456 | sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); |
| 2457 | if (sm->pmksa == NULL) { |
| 2458 | wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, |
| 2459 | "RSN: PMKSA cache initialization failed"); |
| 2460 | os_free(sm); |
| 2461 | return NULL; |
| 2462 | } |
| 2463 | |
| 2464 | return sm; |
| 2465 | } |
| 2466 | |
| 2467 | |
| 2468 | /** |
| 2469 | * wpa_sm_deinit - Deinitialize WPA state machine |
| 2470 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2471 | */ |
| 2472 | void wpa_sm_deinit(struct wpa_sm *sm) |
| 2473 | { |
| 2474 | if (sm == NULL) |
| 2475 | return; |
| 2476 | pmksa_cache_deinit(sm->pmksa); |
| 2477 | eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); |
| 2478 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); |
| 2479 | os_free(sm->assoc_wpa_ie); |
| 2480 | os_free(sm->ap_wpa_ie); |
| 2481 | os_free(sm->ap_rsn_ie); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2482 | wpa_sm_drop_sa(sm); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2483 | os_free(sm->ctx); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2484 | #ifdef CONFIG_IEEE80211R |
| 2485 | os_free(sm->assoc_resp_ies); |
| 2486 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 2487 | #ifdef CONFIG_TESTING_OPTIONS |
| 2488 | wpabuf_free(sm->test_assoc_ie); |
| 2489 | #endif /* CONFIG_TESTING_OPTIONS */ |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2490 | #ifdef CONFIG_FILS_SK_PFS |
| 2491 | crypto_ecdh_deinit(sm->fils_ecdh); |
| 2492 | #endif /* CONFIG_FILS_SK_PFS */ |
| 2493 | #ifdef CONFIG_FILS |
| 2494 | wpabuf_free(sm->fils_ft_ies); |
| 2495 | #endif /* CONFIG_FILS */ |
| 2496 | #ifdef CONFIG_OWE |
| 2497 | crypto_ecdh_deinit(sm->owe_ecdh); |
| 2498 | #endif /* CONFIG_OWE */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2499 | os_free(sm); |
| 2500 | } |
| 2501 | |
| 2502 | |
| 2503 | /** |
| 2504 | * wpa_sm_notify_assoc - Notify WPA state machine about association |
| 2505 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2506 | * @bssid: The BSSID of the new association |
| 2507 | * |
| 2508 | * This function is called to let WPA state machine know that the connection |
| 2509 | * was established. |
| 2510 | */ |
| 2511 | void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
| 2512 | { |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2513 | int clear_keys = 1; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2514 | |
| 2515 | if (sm == NULL) |
| 2516 | return; |
| 2517 | |
| 2518 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2519 | "WPA: Association event - clear replay counter"); |
| 2520 | os_memcpy(sm->bssid, bssid, ETH_ALEN); |
| 2521 | os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); |
| 2522 | sm->rx_replay_counter_set = 0; |
| 2523 | sm->renew_snonce = 1; |
| 2524 | if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) |
| 2525 | rsn_preauth_deinit(sm); |
| 2526 | |
| 2527 | #ifdef CONFIG_IEEE80211R |
| 2528 | if (wpa_ft_is_completed(sm)) { |
| 2529 | /* |
| 2530 | * Clear portValid to kick EAPOL state machine to re-enter |
| 2531 | * AUTHENTICATED state to get the EAPOL port Authorized. |
| 2532 | */ |
| 2533 | eapol_sm_notify_portValid(sm->eapol, FALSE); |
| 2534 | wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); |
| 2535 | |
| 2536 | /* Prepare for the next transition */ |
| 2537 | wpa_ft_prepare_auth_request(sm, NULL); |
| 2538 | |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2539 | clear_keys = 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2540 | } |
| 2541 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2542 | #ifdef CONFIG_FILS |
| 2543 | if (sm->fils_completed) { |
| 2544 | /* |
| 2545 | * Clear portValid to kick EAPOL state machine to re-enter |
| 2546 | * AUTHENTICATED state to get the EAPOL port Authorized. |
| 2547 | */ |
| 2548 | wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2549 | clear_keys = 0; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2550 | } |
| 2551 | #endif /* CONFIG_FILS */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2552 | |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2553 | if (clear_keys) { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2554 | /* |
| 2555 | * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if |
| 2556 | * this is not part of a Fast BSS Transition. |
| 2557 | */ |
| 2558 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); |
| 2559 | sm->ptk_set = 0; |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 2560 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2561 | sm->tptk_set = 0; |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 2562 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2563 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 2564 | os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2565 | #ifdef CONFIG_IEEE80211W |
| 2566 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 2567 | os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 2568 | #endif /* CONFIG_IEEE80211W */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2569 | } |
| 2570 | |
| 2571 | #ifdef CONFIG_TDLS |
| 2572 | wpa_tdls_assoc(sm); |
| 2573 | #endif /* CONFIG_TDLS */ |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 2574 | |
| 2575 | #ifdef CONFIG_P2P |
| 2576 | os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); |
| 2577 | #endif /* CONFIG_P2P */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2578 | } |
| 2579 | |
| 2580 | |
| 2581 | /** |
| 2582 | * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation |
| 2583 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2584 | * |
| 2585 | * This function is called to let WPA state machine know that the connection |
| 2586 | * was lost. This will abort any existing pre-authentication session. |
| 2587 | */ |
| 2588 | void wpa_sm_notify_disassoc(struct wpa_sm *sm) |
| 2589 | { |
| Dmitry Shmidt | 4dd28dc | 2015-03-10 11:21:43 -0700 | [diff] [blame] | 2590 | eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); |
| 2591 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2592 | rsn_preauth_deinit(sm); |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2593 | pmksa_cache_clear_current(sm); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2594 | if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) |
| 2595 | sm->dot11RSNA4WayHandshakeFailures++; |
| 2596 | #ifdef CONFIG_TDLS |
| 2597 | wpa_tdls_disassoc(sm); |
| 2598 | #endif /* CONFIG_TDLS */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2599 | #ifdef CONFIG_FILS |
| 2600 | sm->fils_completed = 0; |
| 2601 | #endif /* CONFIG_FILS */ |
| Jouni Malinen | 4283f9e | 2017-09-22 12:06:37 +0300 | [diff] [blame] | 2602 | #ifdef CONFIG_IEEE80211R |
| 2603 | sm->ft_reassoc_completed = 0; |
| 2604 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2605 | |
| 2606 | /* Keys are not needed in the WPA state machine anymore */ |
| 2607 | wpa_sm_drop_sa(sm); |
| Dmitry Shmidt | 4dd28dc | 2015-03-10 11:21:43 -0700 | [diff] [blame] | 2608 | |
| 2609 | sm->msg_3_of_4_ok = 0; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2610 | os_memset(sm->bssid, 0, ETH_ALEN); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2611 | } |
| 2612 | |
| 2613 | |
| 2614 | /** |
| 2615 | * wpa_sm_set_pmk - Set PMK |
| 2616 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2617 | * @pmk: The new PMK |
| 2618 | * @pmk_len: The length of the new PMK in bytes |
| Dmitry Shmidt | 57c2d39 | 2016-02-23 13:40:19 -0800 | [diff] [blame] | 2619 | * @pmkid: Calculated PMKID |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2620 | * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2621 | * |
| 2622 | * Configure the PMK for WPA state machine. |
| 2623 | */ |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2624 | void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, |
| Dmitry Shmidt | 57c2d39 | 2016-02-23 13:40:19 -0800 | [diff] [blame] | 2625 | const u8 *pmkid, const u8 *bssid) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2626 | { |
| 2627 | if (sm == NULL) |
| 2628 | return; |
| 2629 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2630 | wpa_hexdump_key(MSG_DEBUG, "WPA: Set PMK based on external data", |
| 2631 | pmk, pmk_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2632 | sm->pmk_len = pmk_len; |
| 2633 | os_memcpy(sm->pmk, pmk, pmk_len); |
| 2634 | |
| 2635 | #ifdef CONFIG_IEEE80211R |
| 2636 | /* Set XXKey to be PSK for FT key derivation */ |
| 2637 | sm->xxkey_len = pmk_len; |
| 2638 | os_memcpy(sm->xxkey, pmk, pmk_len); |
| 2639 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2640 | |
| 2641 | if (bssid) { |
| Dmitry Shmidt | 57c2d39 | 2016-02-23 13:40:19 -0800 | [diff] [blame] | 2642 | pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2643 | bssid, sm->own_addr, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2644 | sm->network_ctx, sm->key_mgmt, NULL); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2645 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2646 | } |
| 2647 | |
| 2648 | |
| 2649 | /** |
| 2650 | * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA |
| 2651 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2652 | * |
| 2653 | * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK |
| 2654 | * will be cleared. |
| 2655 | */ |
| 2656 | void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) |
| 2657 | { |
| 2658 | if (sm == NULL) |
| 2659 | return; |
| 2660 | |
| 2661 | if (sm->cur_pmksa) { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2662 | wpa_hexdump_key(MSG_DEBUG, |
| 2663 | "WPA: Set PMK based on current PMKSA", |
| 2664 | sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2665 | sm->pmk_len = sm->cur_pmksa->pmk_len; |
| 2666 | os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); |
| 2667 | } else { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2668 | wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK"); |
| 2669 | sm->pmk_len = 0; |
| 2670 | os_memset(sm->pmk, 0, PMK_LEN_MAX); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2671 | } |
| 2672 | } |
| 2673 | |
| 2674 | |
| 2675 | /** |
| 2676 | * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled |
| 2677 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2678 | * @fast_reauth: Whether fast reauthentication (EAP) is allowed |
| 2679 | */ |
| 2680 | void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) |
| 2681 | { |
| 2682 | if (sm) |
| 2683 | sm->fast_reauth = fast_reauth; |
| 2684 | } |
| 2685 | |
| 2686 | |
| 2687 | /** |
| 2688 | * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks |
| 2689 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2690 | * @scard_ctx: Context pointer for smartcard related callback functions |
| 2691 | */ |
| 2692 | void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) |
| 2693 | { |
| 2694 | if (sm == NULL) |
| 2695 | return; |
| 2696 | sm->scard_ctx = scard_ctx; |
| 2697 | if (sm->preauth_eapol) |
| 2698 | eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); |
| 2699 | } |
| 2700 | |
| 2701 | |
| 2702 | /** |
| 2703 | * wpa_sm_set_config - Notification of current configration change |
| 2704 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2705 | * @config: Pointer to current network configuration |
| 2706 | * |
| 2707 | * Notify WPA state machine that configuration has changed. config will be |
| 2708 | * stored as a backpointer to network configuration. This can be %NULL to clear |
| 2709 | * the stored pointed. |
| 2710 | */ |
| 2711 | void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) |
| 2712 | { |
| 2713 | if (!sm) |
| 2714 | return; |
| 2715 | |
| 2716 | if (config) { |
| 2717 | sm->network_ctx = config->network_ctx; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2718 | sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; |
| 2719 | sm->proactive_key_caching = config->proactive_key_caching; |
| 2720 | sm->eap_workaround = config->eap_workaround; |
| 2721 | sm->eap_conf_ctx = config->eap_conf_ctx; |
| 2722 | if (config->ssid) { |
| 2723 | os_memcpy(sm->ssid, config->ssid, config->ssid_len); |
| 2724 | sm->ssid_len = config->ssid_len; |
| 2725 | } else |
| 2726 | sm->ssid_len = 0; |
| 2727 | sm->wpa_ptk_rekey = config->wpa_ptk_rekey; |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 2728 | sm->p2p = config->p2p; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 2729 | sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2730 | #ifdef CONFIG_FILS |
| 2731 | if (config->fils_cache_id) { |
| 2732 | sm->fils_cache_id_set = 1; |
| 2733 | os_memcpy(sm->fils_cache_id, config->fils_cache_id, |
| 2734 | FILS_CACHE_ID_LEN); |
| 2735 | } else { |
| 2736 | sm->fils_cache_id_set = 0; |
| 2737 | } |
| 2738 | #endif /* CONFIG_FILS */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2739 | } else { |
| 2740 | sm->network_ctx = NULL; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2741 | sm->allowed_pairwise_cipher = 0; |
| 2742 | sm->proactive_key_caching = 0; |
| 2743 | sm->eap_workaround = 0; |
| 2744 | sm->eap_conf_ctx = NULL; |
| 2745 | sm->ssid_len = 0; |
| 2746 | sm->wpa_ptk_rekey = 0; |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 2747 | sm->p2p = 0; |
| Dmitry Shmidt | d80a401 | 2015-11-05 16:35:40 -0800 | [diff] [blame] | 2748 | sm->wpa_rsc_relaxation = 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2749 | } |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2750 | } |
| 2751 | |
| 2752 | |
| 2753 | /** |
| 2754 | * wpa_sm_set_own_addr - Set own MAC address |
| 2755 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2756 | * @addr: Own MAC address |
| 2757 | */ |
| 2758 | void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) |
| 2759 | { |
| 2760 | if (sm) |
| 2761 | os_memcpy(sm->own_addr, addr, ETH_ALEN); |
| 2762 | } |
| 2763 | |
| 2764 | |
| 2765 | /** |
| 2766 | * wpa_sm_set_ifname - Set network interface name |
| 2767 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2768 | * @ifname: Interface name |
| 2769 | * @bridge_ifname: Optional bridge interface name (for pre-auth) |
| 2770 | */ |
| 2771 | void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, |
| 2772 | const char *bridge_ifname) |
| 2773 | { |
| 2774 | if (sm) { |
| 2775 | sm->ifname = ifname; |
| 2776 | sm->bridge_ifname = bridge_ifname; |
| 2777 | } |
| 2778 | } |
| 2779 | |
| 2780 | |
| 2781 | /** |
| 2782 | * wpa_sm_set_eapol - Set EAPOL state machine pointer |
| 2783 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2784 | * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() |
| 2785 | */ |
| 2786 | void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) |
| 2787 | { |
| 2788 | if (sm) |
| 2789 | sm->eapol = eapol; |
| 2790 | } |
| 2791 | |
| 2792 | |
| 2793 | /** |
| 2794 | * wpa_sm_set_param - Set WPA state machine parameters |
| 2795 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2796 | * @param: Parameter field |
| 2797 | * @value: Parameter value |
| 2798 | * Returns: 0 on success, -1 on failure |
| 2799 | */ |
| 2800 | int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, |
| 2801 | unsigned int value) |
| 2802 | { |
| 2803 | int ret = 0; |
| 2804 | |
| 2805 | if (sm == NULL) |
| 2806 | return -1; |
| 2807 | |
| 2808 | switch (param) { |
| 2809 | case RSNA_PMK_LIFETIME: |
| 2810 | if (value > 0) |
| 2811 | sm->dot11RSNAConfigPMKLifetime = value; |
| 2812 | else |
| 2813 | ret = -1; |
| 2814 | break; |
| 2815 | case RSNA_PMK_REAUTH_THRESHOLD: |
| 2816 | if (value > 0 && value <= 100) |
| 2817 | sm->dot11RSNAConfigPMKReauthThreshold = value; |
| 2818 | else |
| 2819 | ret = -1; |
| 2820 | break; |
| 2821 | case RSNA_SA_TIMEOUT: |
| 2822 | if (value > 0) |
| 2823 | sm->dot11RSNAConfigSATimeout = value; |
| 2824 | else |
| 2825 | ret = -1; |
| 2826 | break; |
| 2827 | case WPA_PARAM_PROTO: |
| 2828 | sm->proto = value; |
| 2829 | break; |
| 2830 | case WPA_PARAM_PAIRWISE: |
| 2831 | sm->pairwise_cipher = value; |
| 2832 | break; |
| 2833 | case WPA_PARAM_GROUP: |
| 2834 | sm->group_cipher = value; |
| 2835 | break; |
| 2836 | case WPA_PARAM_KEY_MGMT: |
| 2837 | sm->key_mgmt = value; |
| 2838 | break; |
| 2839 | #ifdef CONFIG_IEEE80211W |
| 2840 | case WPA_PARAM_MGMT_GROUP: |
| 2841 | sm->mgmt_group_cipher = value; |
| 2842 | break; |
| 2843 | #endif /* CONFIG_IEEE80211W */ |
| 2844 | case WPA_PARAM_RSN_ENABLED: |
| 2845 | sm->rsn_enabled = value; |
| 2846 | break; |
| 2847 | case WPA_PARAM_MFP: |
| 2848 | sm->mfp = value; |
| 2849 | break; |
| 2850 | default: |
| 2851 | break; |
| 2852 | } |
| 2853 | |
| 2854 | return ret; |
| 2855 | } |
| 2856 | |
| 2857 | |
| 2858 | /** |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2859 | * wpa_sm_get_status - Get WPA state machine |
| 2860 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2861 | * @buf: Buffer for status information |
| 2862 | * @buflen: Maximum buffer length |
| 2863 | * @verbose: Whether to include verbose status information |
| 2864 | * Returns: Number of bytes written to buf. |
| 2865 | * |
| 2866 | * Query WPA state machine for status information. This function fills in |
| 2867 | * a text area with current status information. If the buffer (buf) is not |
| 2868 | * large enough, status information will be truncated to fit the buffer. |
| 2869 | */ |
| 2870 | int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, |
| 2871 | int verbose) |
| 2872 | { |
| 2873 | char *pos = buf, *end = buf + buflen; |
| 2874 | int ret; |
| 2875 | |
| 2876 | ret = os_snprintf(pos, end - pos, |
| 2877 | "pairwise_cipher=%s\n" |
| 2878 | "group_cipher=%s\n" |
| 2879 | "key_mgmt=%s\n", |
| 2880 | wpa_cipher_txt(sm->pairwise_cipher), |
| 2881 | wpa_cipher_txt(sm->group_cipher), |
| 2882 | wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2883 | if (os_snprintf_error(end - pos, ret)) |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2884 | return pos - buf; |
| 2885 | pos += ret; |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2886 | |
| 2887 | if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { |
| 2888 | struct wpa_ie_data rsn; |
| 2889 | if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) |
| 2890 | >= 0 && |
| 2891 | rsn.capabilities & (WPA_CAPABILITY_MFPR | |
| 2892 | WPA_CAPABILITY_MFPC)) { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2893 | ret = os_snprintf(pos, end - pos, "pmf=%d\n" |
| 2894 | "mgmt_group_cipher=%s\n", |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2895 | (rsn.capabilities & |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2896 | WPA_CAPABILITY_MFPR) ? 2 : 1, |
| 2897 | wpa_cipher_txt( |
| 2898 | sm->mgmt_group_cipher)); |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 2899 | if (os_snprintf_error(end - pos, ret)) |
| Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 2900 | return pos - buf; |
| 2901 | pos += ret; |
| 2902 | } |
| 2903 | } |
| 2904 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2905 | return pos - buf; |
| 2906 | } |
| 2907 | |
| 2908 | |
| Dmitry Shmidt | f7e0a99 | 2013-05-23 11:03:10 -0700 | [diff] [blame] | 2909 | int wpa_sm_pmf_enabled(struct wpa_sm *sm) |
| 2910 | { |
| 2911 | struct wpa_ie_data rsn; |
| 2912 | |
| 2913 | if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) |
| 2914 | return 0; |
| 2915 | |
| 2916 | if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && |
| 2917 | rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) |
| 2918 | return 1; |
| 2919 | |
| 2920 | return 0; |
| 2921 | } |
| 2922 | |
| 2923 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2924 | /** |
| 2925 | * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration |
| 2926 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2927 | * @wpa_ie: Pointer to buffer for WPA/RSN IE |
| 2928 | * @wpa_ie_len: Pointer to the length of the wpa_ie buffer |
| 2929 | * Returns: 0 on success, -1 on failure |
| 2930 | */ |
| 2931 | int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, |
| 2932 | size_t *wpa_ie_len) |
| 2933 | { |
| 2934 | int res; |
| 2935 | |
| 2936 | if (sm == NULL) |
| 2937 | return -1; |
| 2938 | |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 2939 | #ifdef CONFIG_TESTING_OPTIONS |
| 2940 | if (sm->test_assoc_ie) { |
| 2941 | wpa_printf(MSG_DEBUG, |
| 2942 | "TESTING: Replace association WPA/RSN IE"); |
| 2943 | if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie)) |
| 2944 | return -1; |
| 2945 | os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie), |
| 2946 | wpabuf_len(sm->test_assoc_ie)); |
| 2947 | res = wpabuf_len(sm->test_assoc_ie); |
| 2948 | } else |
| 2949 | #endif /* CONFIG_TESTING_OPTIONS */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2950 | res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); |
| 2951 | if (res < 0) |
| 2952 | return -1; |
| 2953 | *wpa_ie_len = res; |
| 2954 | |
| 2955 | wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", |
| 2956 | wpa_ie, *wpa_ie_len); |
| 2957 | |
| 2958 | if (sm->assoc_wpa_ie == NULL) { |
| 2959 | /* |
| 2960 | * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets |
| 2961 | * the correct version of the IE even if PMKSA caching is |
| 2962 | * aborted (which would remove PMKID from IE generation). |
| 2963 | */ |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 2964 | sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2965 | if (sm->assoc_wpa_ie == NULL) |
| 2966 | return -1; |
| 2967 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2968 | sm->assoc_wpa_ie_len = *wpa_ie_len; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 2969 | } else { |
| 2970 | wpa_hexdump(MSG_DEBUG, |
| 2971 | "WPA: Leave previously set WPA IE default", |
| 2972 | sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 2973 | } |
| 2974 | |
| 2975 | return 0; |
| 2976 | } |
| 2977 | |
| 2978 | |
| 2979 | /** |
| 2980 | * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq |
| 2981 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 2982 | * @ie: Pointer to IE data (starting from id) |
| 2983 | * @len: IE length |
| 2984 | * Returns: 0 on success, -1 on failure |
| 2985 | * |
| 2986 | * Inform WPA state machine about the WPA/RSN IE used in (Re)Association |
| 2987 | * Request frame. The IE will be used to override the default value generated |
| 2988 | * with wpa_sm_set_assoc_wpa_ie_default(). |
| 2989 | */ |
| 2990 | int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) |
| 2991 | { |
| 2992 | if (sm == NULL) |
| 2993 | return -1; |
| 2994 | |
| 2995 | os_free(sm->assoc_wpa_ie); |
| 2996 | if (ie == NULL || len == 0) { |
| 2997 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 2998 | "WPA: clearing own WPA/RSN IE"); |
| 2999 | sm->assoc_wpa_ie = NULL; |
| 3000 | sm->assoc_wpa_ie_len = 0; |
| 3001 | } else { |
| 3002 | wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3003 | sm->assoc_wpa_ie = os_memdup(ie, len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3004 | if (sm->assoc_wpa_ie == NULL) |
| 3005 | return -1; |
| 3006 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3007 | sm->assoc_wpa_ie_len = len; |
| 3008 | } |
| 3009 | |
| 3010 | return 0; |
| 3011 | } |
| 3012 | |
| 3013 | |
| 3014 | /** |
| 3015 | * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp |
| 3016 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 3017 | * @ie: Pointer to IE data (starting from id) |
| 3018 | * @len: IE length |
| 3019 | * Returns: 0 on success, -1 on failure |
| 3020 | * |
| 3021 | * Inform WPA state machine about the WPA IE used in Beacon / Probe Response |
| 3022 | * frame. |
| 3023 | */ |
| 3024 | int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) |
| 3025 | { |
| 3026 | if (sm == NULL) |
| 3027 | return -1; |
| 3028 | |
| 3029 | os_free(sm->ap_wpa_ie); |
| 3030 | if (ie == NULL || len == 0) { |
| 3031 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 3032 | "WPA: clearing AP WPA IE"); |
| 3033 | sm->ap_wpa_ie = NULL; |
| 3034 | sm->ap_wpa_ie_len = 0; |
| 3035 | } else { |
| 3036 | wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3037 | sm->ap_wpa_ie = os_memdup(ie, len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3038 | if (sm->ap_wpa_ie == NULL) |
| 3039 | return -1; |
| 3040 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3041 | sm->ap_wpa_ie_len = len; |
| 3042 | } |
| 3043 | |
| 3044 | return 0; |
| 3045 | } |
| 3046 | |
| 3047 | |
| 3048 | /** |
| 3049 | * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp |
| 3050 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 3051 | * @ie: Pointer to IE data (starting from id) |
| 3052 | * @len: IE length |
| 3053 | * Returns: 0 on success, -1 on failure |
| 3054 | * |
| 3055 | * Inform WPA state machine about the RSN IE used in Beacon / Probe Response |
| 3056 | * frame. |
| 3057 | */ |
| 3058 | int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) |
| 3059 | { |
| 3060 | if (sm == NULL) |
| 3061 | return -1; |
| 3062 | |
| 3063 | os_free(sm->ap_rsn_ie); |
| 3064 | if (ie == NULL || len == 0) { |
| 3065 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 3066 | "WPA: clearing AP RSN IE"); |
| 3067 | sm->ap_rsn_ie = NULL; |
| 3068 | sm->ap_rsn_ie_len = 0; |
| 3069 | } else { |
| 3070 | wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3071 | sm->ap_rsn_ie = os_memdup(ie, len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3072 | if (sm->ap_rsn_ie == NULL) |
| 3073 | return -1; |
| 3074 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3075 | sm->ap_rsn_ie_len = len; |
| 3076 | } |
| 3077 | |
| 3078 | return 0; |
| 3079 | } |
| 3080 | |
| 3081 | |
| 3082 | /** |
| 3083 | * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE |
| 3084 | * @sm: Pointer to WPA state machine data from wpa_sm_init() |
| 3085 | * @data: Pointer to data area for parsing results |
| 3086 | * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure |
| 3087 | * |
| 3088 | * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the |
| 3089 | * parsed data into data. |
| 3090 | */ |
| 3091 | int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) |
| 3092 | { |
| 3093 | if (sm == NULL) |
| 3094 | return -1; |
| 3095 | |
| 3096 | if (sm->assoc_wpa_ie == NULL) { |
| 3097 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| 3098 | "WPA: No WPA/RSN IE available from association info"); |
| 3099 | return -1; |
| 3100 | } |
| 3101 | if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) |
| 3102 | return -2; |
| 3103 | return 0; |
| 3104 | } |
| 3105 | |
| 3106 | |
| 3107 | int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) |
| 3108 | { |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3109 | return pmksa_cache_list(sm->pmksa, buf, len); |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3110 | } |
| 3111 | |
| 3112 | |
| Dmitry Shmidt | 2933359 | 2017-01-09 12:27:11 -0800 | [diff] [blame] | 3113 | struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm) |
| 3114 | { |
| 3115 | return pmksa_cache_head(sm->pmksa); |
| 3116 | } |
| 3117 | |
| 3118 | |
| 3119 | struct rsn_pmksa_cache_entry * |
| 3120 | wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm, |
| 3121 | struct rsn_pmksa_cache_entry * entry) |
| 3122 | { |
| 3123 | return pmksa_cache_add_entry(sm->pmksa, entry); |
| 3124 | } |
| 3125 | |
| 3126 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3127 | void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, |
| 3128 | const u8 *pmkid, const u8 *bssid, |
| 3129 | const u8 *fils_cache_id) |
| 3130 | { |
| 3131 | sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, |
| 3132 | bssid, sm->own_addr, sm->network_ctx, |
| 3133 | sm->key_mgmt, fils_cache_id); |
| 3134 | } |
| 3135 | |
| 3136 | |
| 3137 | int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid, |
| 3138 | const void *network_ctx) |
| 3139 | { |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3140 | return pmksa_cache_get(sm->pmksa, bssid, NULL, network_ctx, 0) != NULL; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3141 | } |
| 3142 | |
| 3143 | |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3144 | void wpa_sm_drop_sa(struct wpa_sm *sm) |
| 3145 | { |
| 3146 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); |
| 3147 | sm->ptk_set = 0; |
| 3148 | sm->tptk_set = 0; |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3149 | sm->pmk_len = 0; |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3150 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); |
| 3151 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
| 3152 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 3153 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 3154 | os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 3155 | #ifdef CONFIG_IEEE80211W |
| 3156 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 3157 | os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 3158 | #endif /* CONFIG_IEEE80211W */ |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3159 | #ifdef CONFIG_IEEE80211R |
| 3160 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3161 | sm->xxkey_len = 0; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3162 | os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3163 | sm->pmk_r0_len = 0; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3164 | os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3165 | sm->pmk_r1_len = 0; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3166 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 3167 | } |
| 3168 | |
| 3169 | |
| 3170 | int wpa_sm_has_ptk(struct wpa_sm *sm) |
| 3171 | { |
| 3172 | if (sm == NULL) |
| 3173 | return 0; |
| 3174 | return sm->ptk_set; |
| 3175 | } |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 3176 | |
| 3177 | |
| 3178 | void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) |
| 3179 | { |
| 3180 | os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); |
| 3181 | } |
| 3182 | |
| 3183 | |
| 3184 | void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) |
| 3185 | { |
| Dmitry Shmidt | f7e0a99 | 2013-05-23 11:03:10 -0700 | [diff] [blame] | 3186 | pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); |
| Dmitry Shmidt | 1f69aa5 | 2012-01-24 16:10:04 -0800 | [diff] [blame] | 3187 | } |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3188 | |
| 3189 | |
| Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 3190 | #ifdef CONFIG_WNM |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3191 | int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
| 3192 | { |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3193 | u16 keyinfo; |
| 3194 | u8 keylen; /* plaintext key len */ |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3195 | u8 *key_rsc; |
| 3196 | |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3197 | if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 3198 | struct wpa_gtk_data gd; |
| 3199 | |
| 3200 | os_memset(&gd, 0, sizeof(gd)); |
| 3201 | keylen = wpa_cipher_key_len(sm->group_cipher); |
| 3202 | gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); |
| 3203 | gd.alg = wpa_cipher_to_alg(sm->group_cipher); |
| 3204 | if (gd.alg == WPA_ALG_NONE) { |
| 3205 | wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); |
| 3206 | return -1; |
| 3207 | } |
| 3208 | |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3209 | key_rsc = buf + 5; |
| Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 3210 | keyinfo = WPA_GET_LE16(buf + 2); |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3211 | gd.gtk_len = keylen; |
| 3212 | if (gd.gtk_len != buf[4]) { |
| 3213 | wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", |
| 3214 | gd.gtk_len, buf[4]); |
| 3215 | return -1; |
| 3216 | } |
| 3217 | gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ |
| 3218 | gd.tx = wpa_supplicant_gtk_tx_bit_workaround( |
| 3219 | sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); |
| 3220 | |
| Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 3221 | os_memcpy(gd.gtk, buf + 13, gd.gtk_len); |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3222 | |
| 3223 | wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", |
| 3224 | gd.gtk, gd.gtk_len); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 3225 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 3226 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3227 | wpa_printf(MSG_DEBUG, "Failed to install the GTK in " |
| 3228 | "WNM mode"); |
| 3229 | return -1; |
| 3230 | } |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 3231 | os_memset(&gd, 0, sizeof(gd)); |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3232 | #ifdef CONFIG_IEEE80211W |
| 3233 | } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 3234 | const struct wpa_igtk_kde *igtk; |
| Dmitry Shmidt | 61593f0 | 2014-04-21 16:27:35 -0700 | [diff] [blame] | 3235 | |
| Mathy Vanhoef | 10bfd64 | 2017-07-12 16:03:24 +0200 | [diff] [blame] | 3236 | igtk = (const struct wpa_igtk_kde *) (buf + 2); |
| Jouni Malinen | 58c0e96 | 2017-10-01 12:12:24 +0300 | [diff] [blame] | 3237 | if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3238 | return -1; |
| Dmitry Shmidt | 61d9df3 | 2012-08-29 16:22:06 -0700 | [diff] [blame] | 3239 | #endif /* CONFIG_IEEE80211W */ |
| 3240 | } else { |
| 3241 | wpa_printf(MSG_DEBUG, "Unknown element id"); |
| 3242 | return -1; |
| 3243 | } |
| 3244 | |
| 3245 | return 0; |
| 3246 | } |
| Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 3247 | #endif /* CONFIG_WNM */ |
| Dmitry Shmidt | fb79edc | 2014-01-10 10:45:54 -0800 | [diff] [blame] | 3248 | |
| 3249 | |
| Dmitry Shmidt | cf32e60 | 2014-01-28 10:57:39 -0800 | [diff] [blame] | 3250 | #ifdef CONFIG_P2P |
| 3251 | |
| 3252 | int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) |
| 3253 | { |
| 3254 | if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) |
| 3255 | return -1; |
| 3256 | os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); |
| 3257 | return 0; |
| 3258 | } |
| 3259 | |
| 3260 | #endif /* CONFIG_P2P */ |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3261 | |
| 3262 | |
| 3263 | void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) |
| 3264 | { |
| 3265 | if (rx_replay_counter == NULL) |
| 3266 | return; |
| 3267 | |
| 3268 | os_memcpy(sm->rx_replay_counter, rx_replay_counter, |
| 3269 | WPA_REPLAY_COUNTER_LEN); |
| 3270 | sm->rx_replay_counter_set = 1; |
| 3271 | wpa_printf(MSG_DEBUG, "Updated key replay counter"); |
| 3272 | } |
| 3273 | |
| 3274 | |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 3275 | void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, |
| 3276 | const u8 *ptk_kck, size_t ptk_kck_len, |
| 3277 | const u8 *ptk_kek, size_t ptk_kek_len) |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3278 | { |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 3279 | if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { |
| 3280 | os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); |
| 3281 | sm->ptk.kck_len = ptk_kck_len; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3282 | wpa_printf(MSG_DEBUG, "Updated PTK KCK"); |
| 3283 | } |
| Dmitry Shmidt | 807291d | 2015-01-27 13:40:23 -0800 | [diff] [blame] | 3284 | if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { |
| 3285 | os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); |
| 3286 | sm->ptk.kek_len = ptk_kek_len; |
| Dmitry Shmidt | 6c0da2b | 2015-01-05 13:08:17 -0800 | [diff] [blame] | 3287 | wpa_printf(MSG_DEBUG, "Updated PTK KEK"); |
| 3288 | } |
| 3289 | sm->ptk_set = 1; |
| 3290 | } |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 3291 | |
| 3292 | |
| 3293 | #ifdef CONFIG_TESTING_OPTIONS |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3294 | |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 3295 | void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) |
| 3296 | { |
| 3297 | wpabuf_free(sm->test_assoc_ie); |
| 3298 | sm->test_assoc_ie = buf; |
| 3299 | } |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3300 | |
| 3301 | |
| 3302 | const u8 * wpa_sm_get_anonce(struct wpa_sm *sm) |
| 3303 | { |
| 3304 | return sm->anonce; |
| 3305 | } |
| 3306 | |
| Dmitry Shmidt | 55840ad | 2015-12-14 12:45:46 -0800 | [diff] [blame] | 3307 | #endif /* CONFIG_TESTING_OPTIONS */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3308 | |
| 3309 | |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3310 | unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm) |
| 3311 | { |
| 3312 | return sm->key_mgmt; |
| 3313 | } |
| 3314 | |
| 3315 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3316 | #ifdef CONFIG_FILS |
| 3317 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3318 | struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md) |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3319 | { |
| 3320 | struct wpabuf *buf = NULL; |
| 3321 | struct wpabuf *erp_msg; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3322 | struct wpabuf *pub = NULL; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3323 | |
| 3324 | erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol); |
| 3325 | if (!erp_msg && !sm->cur_pmksa) { |
| 3326 | wpa_printf(MSG_DEBUG, |
| 3327 | "FILS: Neither ERP EAP-Initiate/Re-auth nor PMKSA cache entry is available - skip FILS"); |
| 3328 | goto fail; |
| 3329 | } |
| 3330 | |
| 3331 | wpa_printf(MSG_DEBUG, "FILS: Try to use FILS (erp=%d pmksa_cache=%d)", |
| 3332 | erp_msg != NULL, sm->cur_pmksa != NULL); |
| 3333 | |
| 3334 | sm->fils_completed = 0; |
| 3335 | |
| 3336 | if (!sm->assoc_wpa_ie) { |
| 3337 | wpa_printf(MSG_INFO, "FILS: No own RSN IE set for FILS"); |
| 3338 | goto fail; |
| 3339 | } |
| 3340 | |
| 3341 | if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 || |
| 3342 | random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0) |
| 3343 | goto fail; |
| 3344 | |
| 3345 | wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Nonce", |
| 3346 | sm->fils_nonce, FILS_NONCE_LEN); |
| 3347 | wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Session", |
| 3348 | sm->fils_session, FILS_SESSION_LEN); |
| 3349 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3350 | #ifdef CONFIG_FILS_SK_PFS |
| 3351 | sm->fils_dh_group = dh_group; |
| 3352 | if (dh_group) { |
| 3353 | crypto_ecdh_deinit(sm->fils_ecdh); |
| 3354 | sm->fils_ecdh = crypto_ecdh_init(dh_group); |
| 3355 | if (!sm->fils_ecdh) { |
| 3356 | wpa_printf(MSG_INFO, |
| 3357 | "FILS: Could not initialize ECDH with group %d", |
| 3358 | dh_group); |
| 3359 | goto fail; |
| 3360 | } |
| 3361 | pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1); |
| 3362 | if (!pub) |
| 3363 | goto fail; |
| 3364 | wpa_hexdump_buf(MSG_DEBUG, "FILS: Element (DH public key)", |
| 3365 | pub); |
| 3366 | sm->fils_dh_elem_len = wpabuf_len(pub); |
| 3367 | } |
| 3368 | #endif /* CONFIG_FILS_SK_PFS */ |
| 3369 | |
| 3370 | buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len + |
| 3371 | (pub ? wpabuf_len(pub) : 0)); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3372 | if (!buf) |
| 3373 | goto fail; |
| 3374 | |
| 3375 | /* Fields following the Authentication algorithm number field */ |
| 3376 | |
| 3377 | /* Authentication Transaction seq# */ |
| 3378 | wpabuf_put_le16(buf, 1); |
| 3379 | |
| 3380 | /* Status Code */ |
| 3381 | wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); |
| 3382 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3383 | /* TODO: FILS PK */ |
| 3384 | #ifdef CONFIG_FILS_SK_PFS |
| 3385 | if (dh_group) { |
| 3386 | /* Finite Cyclic Group */ |
| 3387 | wpabuf_put_le16(buf, dh_group); |
| 3388 | /* Element */ |
| 3389 | wpabuf_put_buf(buf, pub); |
| 3390 | } |
| 3391 | #endif /* CONFIG_FILS_SK_PFS */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3392 | |
| 3393 | /* RSNE */ |
| 3394 | wpa_hexdump(MSG_DEBUG, "FILS: RSNE in FILS Authentication frame", |
| 3395 | sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); |
| 3396 | wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); |
| 3397 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3398 | if (md) { |
| 3399 | /* MDE when using FILS for FT initial association */ |
| 3400 | struct rsn_mdie *mdie; |
| 3401 | |
| 3402 | wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN); |
| 3403 | wpabuf_put_u8(buf, sizeof(*mdie)); |
| 3404 | mdie = wpabuf_put(buf, sizeof(*mdie)); |
| 3405 | os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); |
| 3406 | mdie->ft_capab = 0; |
| 3407 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3408 | |
| 3409 | /* FILS Nonce */ |
| 3410 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3411 | wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN); /* Length */ |
| 3412 | /* Element ID Extension */ |
| 3413 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE); |
| 3414 | wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN); |
| 3415 | |
| 3416 | /* FILS Session */ |
| 3417 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3418 | wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */ |
| 3419 | /* Element ID Extension */ |
| 3420 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION); |
| 3421 | wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); |
| 3422 | |
| 3423 | /* FILS Wrapped Data */ |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3424 | sm->fils_erp_pmkid_set = 0; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3425 | if (erp_msg) { |
| 3426 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3427 | wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg)); /* Length */ |
| 3428 | /* Element ID Extension */ |
| 3429 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_WRAPPED_DATA); |
| 3430 | wpabuf_put_buf(buf, erp_msg); |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3431 | /* Calculate pending PMKID here so that we do not need to |
| 3432 | * maintain a copy of the EAP-Initiate/Reauth message. */ |
| 3433 | if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg), |
| 3434 | wpabuf_len(erp_msg), |
| 3435 | sm->fils_erp_pmkid) == 0) |
| 3436 | sm->fils_erp_pmkid_set = 1; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3437 | } |
| 3438 | |
| 3439 | wpa_hexdump_buf(MSG_DEBUG, "RSN: FILS fields for Authentication frame", |
| 3440 | buf); |
| 3441 | |
| 3442 | fail: |
| 3443 | wpabuf_free(erp_msg); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3444 | wpabuf_free(pub); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3445 | return buf; |
| 3446 | } |
| 3447 | |
| 3448 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3449 | int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data, |
| 3450 | size_t len) |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3451 | { |
| 3452 | const u8 *pos, *end; |
| 3453 | struct ieee802_11_elems elems; |
| 3454 | struct wpa_ie_data rsn; |
| 3455 | int pmkid_match = 0; |
| 3456 | u8 ick[FILS_ICK_MAX_LEN]; |
| 3457 | size_t ick_len; |
| 3458 | int res; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3459 | struct wpabuf *dh_ss = NULL; |
| 3460 | const u8 *g_sta = NULL; |
| 3461 | size_t g_sta_len = 0; |
| 3462 | const u8 *g_ap = NULL; |
| 3463 | size_t g_ap_len = 0; |
| 3464 | struct wpabuf *pub = NULL; |
| 3465 | |
| 3466 | os_memcpy(sm->bssid, bssid, ETH_ALEN); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3467 | |
| 3468 | wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields", |
| 3469 | data, len); |
| 3470 | pos = data; |
| 3471 | end = data + len; |
| 3472 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3473 | /* TODO: FILS PK */ |
| 3474 | #ifdef CONFIG_FILS_SK_PFS |
| 3475 | if (sm->fils_dh_group) { |
| 3476 | u16 group; |
| 3477 | |
| 3478 | /* Using FILS PFS */ |
| 3479 | |
| 3480 | /* Finite Cyclic Group */ |
| 3481 | if (end - pos < 2) { |
| 3482 | wpa_printf(MSG_DEBUG, |
| 3483 | "FILS: No room for Finite Cyclic Group"); |
| 3484 | goto fail; |
| 3485 | } |
| 3486 | group = WPA_GET_LE16(pos); |
| 3487 | pos += 2; |
| 3488 | if (group != sm->fils_dh_group) { |
| 3489 | wpa_printf(MSG_DEBUG, |
| 3490 | "FILS: Unexpected change in Finite Cyclic Group: %u (expected %u)", |
| 3491 | group, sm->fils_dh_group); |
| 3492 | goto fail; |
| 3493 | } |
| 3494 | |
| 3495 | /* Element */ |
| 3496 | if ((size_t) (end - pos) < sm->fils_dh_elem_len) { |
| 3497 | wpa_printf(MSG_DEBUG, "FILS: No room for Element"); |
| 3498 | goto fail; |
| 3499 | } |
| 3500 | |
| 3501 | if (!sm->fils_ecdh) { |
| 3502 | wpa_printf(MSG_DEBUG, "FILS: No ECDH state available"); |
| 3503 | goto fail; |
| 3504 | } |
| 3505 | dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos, |
| 3506 | sm->fils_dh_elem_len); |
| 3507 | if (!dh_ss) { |
| 3508 | wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed"); |
| 3509 | goto fail; |
| 3510 | } |
| 3511 | wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", dh_ss); |
| 3512 | g_ap = pos; |
| 3513 | g_ap_len = sm->fils_dh_elem_len; |
| 3514 | pos += sm->fils_dh_elem_len; |
| 3515 | } |
| 3516 | #endif /* CONFIG_FILS_SK_PFS */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3517 | |
| 3518 | wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos); |
| 3519 | if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) { |
| 3520 | wpa_printf(MSG_DEBUG, "FILS: Could not parse elements"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3521 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3522 | } |
| 3523 | |
| 3524 | /* RSNE */ |
| 3525 | wpa_hexdump(MSG_DEBUG, "FILS: RSN element", elems.rsn_ie, |
| 3526 | elems.rsn_ie_len); |
| 3527 | if (!elems.rsn_ie || |
| 3528 | wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2, |
| 3529 | &rsn) < 0) { |
| 3530 | wpa_printf(MSG_DEBUG, "FILS: No RSN element"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3531 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3532 | } |
| 3533 | |
| 3534 | if (!elems.fils_nonce) { |
| 3535 | wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3536 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3537 | } |
| 3538 | os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN); |
| 3539 | wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN); |
| 3540 | |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3541 | #ifdef CONFIG_IEEE80211R |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3542 | if (wpa_key_mgmt_ft(sm->key_mgmt)) { |
| 3543 | struct wpa_ft_ies parse; |
| 3544 | |
| 3545 | if (!elems.mdie || !elems.ftie) { |
| 3546 | wpa_printf(MSG_DEBUG, "FILS+FT: No MDE or FTE"); |
| 3547 | goto fail; |
| 3548 | } |
| 3549 | |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3550 | if (wpa_ft_parse_ies(pos, end - pos, &parse, |
| 3551 | wpa_key_mgmt_sha384(sm->key_mgmt)) < 0) { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3552 | wpa_printf(MSG_DEBUG, "FILS+FT: Failed to parse IEs"); |
| 3553 | goto fail; |
| 3554 | } |
| 3555 | |
| 3556 | if (!parse.r0kh_id) { |
| 3557 | wpa_printf(MSG_DEBUG, |
| 3558 | "FILS+FT: No R0KH-ID subelem in FTE"); |
| 3559 | goto fail; |
| 3560 | } |
| 3561 | os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len); |
| 3562 | sm->r0kh_id_len = parse.r0kh_id_len; |
| 3563 | wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID", |
| 3564 | sm->r0kh_id, sm->r0kh_id_len); |
| 3565 | |
| 3566 | if (!parse.r1kh_id) { |
| 3567 | wpa_printf(MSG_DEBUG, |
| 3568 | "FILS+FT: No R1KH-ID subelem in FTE"); |
| 3569 | goto fail; |
| 3570 | } |
| 3571 | os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN); |
| 3572 | wpa_hexdump(MSG_DEBUG, "FILS+FT: R1KH-ID", |
| 3573 | sm->r1kh_id, FT_R1KH_ID_LEN); |
| 3574 | |
| 3575 | /* TODO: Check MDE and FTE payload */ |
| 3576 | |
| 3577 | wpabuf_free(sm->fils_ft_ies); |
| 3578 | sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len + |
| 3579 | 2 + elems.ftie_len); |
| 3580 | if (!sm->fils_ft_ies) |
| 3581 | goto fail; |
| 3582 | wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2, |
| 3583 | 2 + elems.mdie_len); |
| 3584 | wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2, |
| 3585 | 2 + elems.ftie_len); |
| 3586 | } else { |
| 3587 | wpabuf_free(sm->fils_ft_ies); |
| 3588 | sm->fils_ft_ies = NULL; |
| 3589 | } |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3590 | #endif /* CONFIG_IEEE80211R */ |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3591 | |
| 3592 | /* PMKID List */ |
| 3593 | if (rsn.pmkid && rsn.num_pmkid > 0) { |
| 3594 | wpa_hexdump(MSG_DEBUG, "FILS: PMKID List", |
| 3595 | rsn.pmkid, rsn.num_pmkid * PMKID_LEN); |
| 3596 | |
| 3597 | if (rsn.num_pmkid != 1) { |
| 3598 | wpa_printf(MSG_DEBUG, "FILS: Invalid PMKID selection"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3599 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3600 | } |
| 3601 | wpa_hexdump(MSG_DEBUG, "FILS: PMKID", rsn.pmkid, PMKID_LEN); |
| 3602 | if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0) |
| 3603 | { |
| 3604 | wpa_printf(MSG_DEBUG, "FILS: PMKID mismatch"); |
| 3605 | wpa_hexdump(MSG_DEBUG, "FILS: Expected PMKID", |
| 3606 | sm->cur_pmksa->pmkid, PMKID_LEN); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3607 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3608 | } |
| 3609 | wpa_printf(MSG_DEBUG, |
| 3610 | "FILS: Matching PMKID - continue using PMKSA caching"); |
| 3611 | pmkid_match = 1; |
| 3612 | } |
| 3613 | if (!pmkid_match && sm->cur_pmksa) { |
| 3614 | wpa_printf(MSG_DEBUG, |
| 3615 | "FILS: No PMKID match - cannot use cached PMKSA entry"); |
| 3616 | sm->cur_pmksa = NULL; |
| 3617 | } |
| 3618 | |
| 3619 | /* FILS Session */ |
| 3620 | if (!elems.fils_session) { |
| 3621 | wpa_printf(MSG_DEBUG, "FILS: No FILS Session element"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3622 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3623 | } |
| 3624 | wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session, |
| 3625 | FILS_SESSION_LEN); |
| 3626 | if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN) |
| 3627 | != 0) { |
| 3628 | wpa_printf(MSG_DEBUG, "FILS: Session mismatch"); |
| 3629 | wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session", |
| 3630 | sm->fils_session, FILS_SESSION_LEN); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3631 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3632 | } |
| 3633 | |
| 3634 | /* FILS Wrapped Data */ |
| 3635 | if (!sm->cur_pmksa && elems.fils_wrapped_data) { |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3636 | u8 rmsk[ERP_MAX_KEY_LEN]; |
| 3637 | size_t rmsk_len; |
| 3638 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3639 | wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data", |
| 3640 | elems.fils_wrapped_data, |
| 3641 | elems.fils_wrapped_data_len); |
| 3642 | eapol_sm_process_erp_finish(sm->eapol, elems.fils_wrapped_data, |
| 3643 | elems.fils_wrapped_data_len); |
| 3644 | if (eapol_sm_failed(sm->eapol)) |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3645 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3646 | |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3647 | rmsk_len = ERP_MAX_KEY_LEN; |
| 3648 | res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); |
| 3649 | if (res == PMK_LEN) { |
| 3650 | rmsk_len = PMK_LEN; |
| 3651 | res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); |
| 3652 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3653 | if (res) |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3654 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3655 | |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3656 | res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3657 | sm->fils_nonce, sm->fils_anonce, |
| 3658 | dh_ss ? wpabuf_head(dh_ss) : NULL, |
| 3659 | dh_ss ? wpabuf_len(dh_ss) : 0, |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3660 | sm->pmk, &sm->pmk_len); |
| 3661 | os_memset(rmsk, 0, sizeof(rmsk)); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3662 | |
| 3663 | /* Don't use DHss in PTK derivation if PMKSA caching is not |
| 3664 | * used. */ |
| 3665 | wpabuf_clear_free(dh_ss); |
| 3666 | dh_ss = NULL; |
| 3667 | |
| Dmitry Shmidt | ebd93af | 2017-02-21 13:40:44 -0800 | [diff] [blame] | 3668 | if (res) |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3669 | goto fail; |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3670 | |
| 3671 | if (!sm->fils_erp_pmkid_set) { |
| 3672 | wpa_printf(MSG_DEBUG, "FILS: PMKID not available"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3673 | goto fail; |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3674 | } |
| 3675 | wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid, |
| 3676 | PMKID_LEN); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3677 | wpa_printf(MSG_DEBUG, "FILS: ERP processing succeeded - add PMKSA cache entry for the result"); |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3678 | sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, |
| 3679 | sm->fils_erp_pmkid, NULL, 0, |
| 3680 | sm->bssid, sm->own_addr, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3681 | sm->network_ctx, sm->key_mgmt, |
| 3682 | NULL); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3683 | } |
| 3684 | |
| 3685 | if (!sm->cur_pmksa) { |
| 3686 | wpa_printf(MSG_DEBUG, |
| 3687 | "FILS: No remaining options to continue FILS authentication"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3688 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3689 | } |
| 3690 | |
| 3691 | if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3692 | sm->fils_nonce, sm->fils_anonce, |
| 3693 | dh_ss ? wpabuf_head(dh_ss) : NULL, |
| 3694 | dh_ss ? wpabuf_len(dh_ss) : 0, |
| 3695 | &sm->ptk, ick, &ick_len, |
| 3696 | sm->key_mgmt, sm->pairwise_cipher, |
| 3697 | sm->fils_ft, &sm->fils_ft_len) < 0) { |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3698 | wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3699 | goto fail; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3700 | } |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3701 | |
| 3702 | wpabuf_clear_free(dh_ss); |
| 3703 | dh_ss = NULL; |
| 3704 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3705 | sm->ptk_set = 1; |
| 3706 | sm->tptk_set = 0; |
| 3707 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| 3708 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3709 | #ifdef CONFIG_FILS_SK_PFS |
| 3710 | if (sm->fils_dh_group) { |
| 3711 | if (!sm->fils_ecdh) { |
| 3712 | wpa_printf(MSG_INFO, "FILS: ECDH not initialized"); |
| 3713 | goto fail; |
| 3714 | } |
| 3715 | pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1); |
| 3716 | if (!pub) |
| 3717 | goto fail; |
| 3718 | wpa_hexdump_buf(MSG_DEBUG, "FILS: gSTA", pub); |
| 3719 | g_sta = wpabuf_head(pub); |
| 3720 | g_sta_len = wpabuf_len(pub); |
| 3721 | if (!g_ap) { |
| 3722 | wpa_printf(MSG_INFO, "FILS: gAP not available"); |
| 3723 | goto fail; |
| 3724 | } |
| 3725 | wpa_hexdump(MSG_DEBUG, "FILS: gAP", g_ap, g_ap_len); |
| 3726 | } |
| 3727 | #endif /* CONFIG_FILS_SK_PFS */ |
| 3728 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3729 | res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce, |
| 3730 | sm->fils_anonce, sm->own_addr, sm->bssid, |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3731 | g_sta, g_sta_len, g_ap, g_ap_len, |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3732 | sm->key_mgmt, sm->fils_key_auth_sta, |
| 3733 | sm->fils_key_auth_ap, |
| 3734 | &sm->fils_key_auth_len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3735 | wpabuf_free(pub); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3736 | os_memset(ick, 0, sizeof(ick)); |
| 3737 | return res; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3738 | fail: |
| 3739 | wpabuf_free(pub); |
| 3740 | wpabuf_clear_free(dh_ss); |
| 3741 | return -1; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3742 | } |
| 3743 | |
| 3744 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3745 | #ifdef CONFIG_IEEE80211R |
| 3746 | static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf) |
| 3747 | { |
| 3748 | struct rsn_ie_hdr *rsnie; |
| 3749 | u16 capab; |
| 3750 | u8 *pos; |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3751 | int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3752 | |
| 3753 | /* RSNIE[PMKR0Name/PMKR1Name] */ |
| 3754 | rsnie = wpabuf_put(buf, sizeof(*rsnie)); |
| 3755 | rsnie->elem_id = WLAN_EID_RSN; |
| 3756 | WPA_PUT_LE16(rsnie->version, RSN_VERSION); |
| 3757 | |
| 3758 | /* Group Suite Selector */ |
| 3759 | if (!wpa_cipher_valid_group(sm->group_cipher)) { |
| 3760 | wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)", |
| 3761 | sm->group_cipher); |
| 3762 | return -1; |
| 3763 | } |
| 3764 | pos = wpabuf_put(buf, RSN_SELECTOR_LEN); |
| 3765 | RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, |
| 3766 | sm->group_cipher)); |
| 3767 | |
| 3768 | /* Pairwise Suite Count */ |
| 3769 | wpabuf_put_le16(buf, 1); |
| 3770 | |
| 3771 | /* Pairwise Suite List */ |
| 3772 | if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { |
| 3773 | wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)", |
| 3774 | sm->pairwise_cipher); |
| 3775 | return -1; |
| 3776 | } |
| 3777 | pos = wpabuf_put(buf, RSN_SELECTOR_LEN); |
| 3778 | RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, |
| 3779 | sm->pairwise_cipher)); |
| 3780 | |
| 3781 | /* Authenticated Key Management Suite Count */ |
| 3782 | wpabuf_put_le16(buf, 1); |
| 3783 | |
| 3784 | /* Authenticated Key Management Suite List */ |
| 3785 | pos = wpabuf_put(buf, RSN_SELECTOR_LEN); |
| 3786 | if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256) |
| 3787 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256); |
| 3788 | else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) |
| 3789 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384); |
| 3790 | else { |
| 3791 | wpa_printf(MSG_WARNING, |
| 3792 | "FILS+FT: Invalid key management type (%d)", |
| 3793 | sm->key_mgmt); |
| 3794 | return -1; |
| 3795 | } |
| 3796 | |
| 3797 | /* RSN Capabilities */ |
| 3798 | capab = 0; |
| 3799 | #ifdef CONFIG_IEEE80211W |
| 3800 | if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) |
| 3801 | capab |= WPA_CAPABILITY_MFPC; |
| 3802 | #endif /* CONFIG_IEEE80211W */ |
| 3803 | wpabuf_put_le16(buf, capab); |
| 3804 | |
| 3805 | /* PMKID Count */ |
| 3806 | wpabuf_put_le16(buf, 1); |
| 3807 | |
| 3808 | /* PMKID List [PMKR1Name] */ |
| 3809 | wpa_hexdump_key(MSG_DEBUG, "FILS+FT: XXKey (FILS-FT)", |
| 3810 | sm->fils_ft, sm->fils_ft_len); |
| 3811 | wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len); |
| 3812 | wpa_hexdump(MSG_DEBUG, "FILS+FT: MDID", |
| 3813 | sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN); |
| 3814 | wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID", |
| 3815 | sm->r0kh_id, sm->r0kh_id_len); |
| 3816 | if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid, |
| 3817 | sm->ssid_len, sm->mobility_domain, |
| 3818 | sm->r0kh_id, sm->r0kh_id_len, sm->own_addr, |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3819 | sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0) { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3820 | wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMK-R0"); |
| 3821 | return -1; |
| 3822 | } |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3823 | sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; |
| 3824 | wpa_hexdump_key(MSG_DEBUG, "FILS+FT: PMK-R0", |
| 3825 | sm->pmk_r0, sm->pmk_r0_len); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3826 | wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR0Name", |
| 3827 | sm->pmk_r0_name, WPA_PMK_NAME_LEN); |
| 3828 | wpa_printf(MSG_DEBUG, "FILS+FT: R1KH-ID: " MACSTR, |
| 3829 | MAC2STR(sm->r1kh_id)); |
| 3830 | pos = wpabuf_put(buf, WPA_PMK_NAME_LEN); |
| 3831 | if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr, |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 3832 | pos, use_sha384) < 0) { |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3833 | wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name"); |
| 3834 | return -1; |
| 3835 | } |
| 3836 | wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", pos, WPA_PMK_NAME_LEN); |
| 3837 | |
| 3838 | #ifdef CONFIG_IEEE80211W |
| 3839 | if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) { |
| 3840 | /* Management Group Cipher Suite */ |
| 3841 | pos = wpabuf_put(buf, RSN_SELECTOR_LEN); |
| 3842 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); |
| 3843 | } |
| 3844 | #endif /* CONFIG_IEEE80211W */ |
| 3845 | |
| 3846 | rsnie->len = ((u8 *) wpabuf_put(buf, 0) - (u8 *) rsnie) - 2; |
| 3847 | return 0; |
| 3848 | } |
| 3849 | #endif /* CONFIG_IEEE80211R */ |
| 3850 | |
| 3851 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3852 | struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, |
| 3853 | size_t *kek_len, const u8 **snonce, |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3854 | const u8 **anonce, |
| 3855 | const struct wpabuf **hlp, |
| 3856 | unsigned int num_hlp) |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3857 | { |
| 3858 | struct wpabuf *buf; |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3859 | size_t len; |
| 3860 | unsigned int i; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3861 | |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3862 | len = 1000; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3863 | #ifdef CONFIG_IEEE80211R |
| 3864 | if (sm->fils_ft_ies) |
| 3865 | len += wpabuf_len(sm->fils_ft_ies); |
| 3866 | if (wpa_key_mgmt_ft(sm->key_mgmt)) |
| 3867 | len += 256; |
| 3868 | #endif /* CONFIG_IEEE80211R */ |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3869 | for (i = 0; hlp && i < num_hlp; i++) |
| 3870 | len += 10 + wpabuf_len(hlp[i]); |
| 3871 | buf = wpabuf_alloc(len); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3872 | if (!buf) |
| 3873 | return NULL; |
| 3874 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 3875 | #ifdef CONFIG_IEEE80211R |
| 3876 | if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) { |
| 3877 | /* MDE and FTE when using FILS+FT */ |
| 3878 | wpabuf_put_buf(buf, sm->fils_ft_ies); |
| 3879 | /* RSNE with PMKR1Name in PMKID field */ |
| 3880 | if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) { |
| 3881 | wpabuf_free(buf); |
| 3882 | return NULL; |
| 3883 | } |
| 3884 | } |
| 3885 | #endif /* CONFIG_IEEE80211R */ |
| 3886 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3887 | /* FILS Session */ |
| 3888 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3889 | wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */ |
| 3890 | /* Element ID Extension */ |
| 3891 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION); |
| 3892 | wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); |
| 3893 | |
| 3894 | /* Everything after FILS Session element gets encrypted in the driver |
| 3895 | * with KEK. The buffer returned from here is the plaintext version. */ |
| 3896 | |
| 3897 | /* TODO: FILS Public Key */ |
| 3898 | |
| 3899 | /* FILS Key Confirm */ |
| 3900 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3901 | wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */ |
| 3902 | /* Element ID Extension */ |
| 3903 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_KEY_CONFIRM); |
| 3904 | wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len); |
| 3905 | |
| Paul Stewart | 092955c | 2017-02-06 09:13:09 -0800 | [diff] [blame] | 3906 | /* FILS HLP Container */ |
| 3907 | for (i = 0; hlp && i < num_hlp; i++) { |
| 3908 | const u8 *pos = wpabuf_head(hlp[i]); |
| 3909 | size_t left = wpabuf_len(hlp[i]); |
| 3910 | |
| 3911 | wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ |
| 3912 | if (left <= 254) |
| 3913 | len = 1 + left; |
| 3914 | else |
| 3915 | len = 255; |
| 3916 | wpabuf_put_u8(buf, len); /* Length */ |
| 3917 | /* Element ID Extension */ |
| 3918 | wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_HLP_CONTAINER); |
| 3919 | /* Destination MAC Address, Source MAC Address, HLP Packet. |
| 3920 | * HLP Packet is in MSDU format (i.e., included the LLC/SNAP |
| 3921 | * header when LPD is used). */ |
| 3922 | wpabuf_put_data(buf, pos, len - 1); |
| 3923 | pos += len - 1; |
| 3924 | left -= len - 1; |
| 3925 | while (left) { |
| 3926 | wpabuf_put_u8(buf, WLAN_EID_FRAGMENT); |
| 3927 | len = left > 255 ? 255 : left; |
| 3928 | wpabuf_put_u8(buf, len); |
| 3929 | wpabuf_put_data(buf, pos, len); |
| 3930 | pos += len; |
| 3931 | left -= len; |
| 3932 | } |
| 3933 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 3934 | |
| 3935 | /* TODO: FILS IP Address Assignment */ |
| 3936 | |
| 3937 | wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf); |
| 3938 | |
| 3939 | *kek = sm->ptk.kek; |
| 3940 | *kek_len = sm->ptk.kek_len; |
| 3941 | wpa_hexdump_key(MSG_DEBUG, "FILS: KEK for AEAD", *kek, *kek_len); |
| 3942 | *snonce = sm->fils_nonce; |
| 3943 | wpa_hexdump(MSG_DEBUG, "FILS: SNonce for AEAD AAD", |
| 3944 | *snonce, FILS_NONCE_LEN); |
| 3945 | *anonce = sm->fils_anonce; |
| 3946 | wpa_hexdump(MSG_DEBUG, "FILS: ANonce for AEAD AAD", |
| 3947 | *anonce, FILS_NONCE_LEN); |
| 3948 | |
| 3949 | return buf; |
| 3950 | } |
| 3951 | |
| 3952 | |
| Dmitry Shmidt | ebd93af | 2017-02-21 13:40:44 -0800 | [diff] [blame] | 3953 | static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len) |
| 3954 | { |
| 3955 | const u8 *pos, *end; |
| 3956 | |
| 3957 | wpa_hexdump(MSG_MSGDUMP, "FILS: HLP response", resp, len); |
| 3958 | if (len < 2 * ETH_ALEN) |
| 3959 | return; |
| 3960 | pos = resp + 2 * ETH_ALEN; |
| 3961 | end = resp + len; |
| 3962 | if (end - pos >= 6 && |
| 3963 | os_memcmp(pos, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) |
| 3964 | pos += 6; /* Remove SNAP/LLC header */ |
| 3965 | wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos); |
| 3966 | } |
| 3967 | |
| 3968 | |
| 3969 | static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos, |
| 3970 | size_t len) |
| 3971 | { |
| 3972 | const u8 *end = pos + len; |
| 3973 | u8 *tmp, *tmp_pos; |
| 3974 | |
| 3975 | /* Check if there are any FILS HLP Container elements */ |
| 3976 | while (end - pos >= 2) { |
| 3977 | if (2 + pos[1] > end - pos) |
| 3978 | return; |
| 3979 | if (pos[0] == WLAN_EID_EXTENSION && |
| 3980 | pos[1] >= 1 + 2 * ETH_ALEN && |
| 3981 | pos[2] == WLAN_EID_EXT_FILS_HLP_CONTAINER) |
| 3982 | break; |
| 3983 | pos += 2 + pos[1]; |
| 3984 | } |
| 3985 | if (end - pos < 2) |
| 3986 | return; /* No FILS HLP Container elements */ |
| 3987 | |
| 3988 | tmp = os_malloc(end - pos); |
| 3989 | if (!tmp) |
| 3990 | return; |
| 3991 | |
| 3992 | while (end - pos >= 2) { |
| 3993 | if (2 + pos[1] > end - pos || |
| 3994 | pos[0] != WLAN_EID_EXTENSION || |
| 3995 | pos[1] < 1 + 2 * ETH_ALEN || |
| 3996 | pos[2] != WLAN_EID_EXT_FILS_HLP_CONTAINER) |
| 3997 | break; |
| 3998 | tmp_pos = tmp; |
| 3999 | os_memcpy(tmp_pos, pos + 3, pos[1] - 1); |
| 4000 | tmp_pos += pos[1] - 1; |
| 4001 | pos += 2 + pos[1]; |
| 4002 | |
| 4003 | /* Add possible fragments */ |
| 4004 | while (end - pos >= 2 && pos[0] == WLAN_EID_FRAGMENT && |
| 4005 | 2 + pos[1] <= end - pos) { |
| 4006 | os_memcpy(tmp_pos, pos + 2, pos[1]); |
| 4007 | tmp_pos += pos[1]; |
| 4008 | pos += 2 + pos[1]; |
| 4009 | } |
| 4010 | |
| 4011 | fils_process_hlp_resp(sm, tmp, tmp_pos - tmp); |
| 4012 | } |
| 4013 | |
| 4014 | os_free(tmp); |
| 4015 | } |
| 4016 | |
| 4017 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4018 | int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) |
| 4019 | { |
| 4020 | const struct ieee80211_mgmt *mgmt; |
| 4021 | const u8 *end, *ie_start; |
| 4022 | struct ieee802_11_elems elems; |
| 4023 | int keylen, rsclen; |
| 4024 | enum wpa_alg alg; |
| 4025 | struct wpa_gtk_data gd; |
| 4026 | int maxkeylen; |
| 4027 | struct wpa_eapol_ie_parse kde; |
| 4028 | |
| 4029 | if (!sm || !sm->ptk_set) { |
| 4030 | wpa_printf(MSG_DEBUG, "FILS: No KEK available"); |
| 4031 | return -1; |
| 4032 | } |
| 4033 | |
| 4034 | if (!wpa_key_mgmt_fils(sm->key_mgmt)) { |
| 4035 | wpa_printf(MSG_DEBUG, "FILS: Not a FILS AKM"); |
| 4036 | return -1; |
| 4037 | } |
| 4038 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4039 | if (sm->fils_completed) { |
| 4040 | wpa_printf(MSG_DEBUG, |
| 4041 | "FILS: Association has already been completed for this FILS authentication - ignore unexpected retransmission"); |
| 4042 | return -1; |
| 4043 | } |
| 4044 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4045 | wpa_hexdump(MSG_DEBUG, "FILS: (Re)Association Response frame", |
| 4046 | resp, len); |
| 4047 | |
| 4048 | mgmt = (const struct ieee80211_mgmt *) resp; |
| 4049 | if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp)) |
| 4050 | return -1; |
| 4051 | |
| 4052 | end = resp + len; |
| 4053 | /* Same offset for Association Response and Reassociation Response */ |
| 4054 | ie_start = mgmt->u.assoc_resp.variable; |
| 4055 | |
| 4056 | if (ieee802_11_parse_elems(ie_start, end - ie_start, &elems, 1) == |
| 4057 | ParseFailed) { |
| 4058 | wpa_printf(MSG_DEBUG, |
| 4059 | "FILS: Failed to parse decrypted elements"); |
| 4060 | goto fail; |
| 4061 | } |
| 4062 | |
| 4063 | if (!elems.fils_session) { |
| 4064 | wpa_printf(MSG_DEBUG, "FILS: No FILS Session element"); |
| 4065 | return -1; |
| 4066 | } |
| 4067 | if (os_memcmp(elems.fils_session, sm->fils_session, |
| 4068 | FILS_SESSION_LEN) != 0) { |
| 4069 | wpa_printf(MSG_DEBUG, "FILS: FILS Session mismatch"); |
| 4070 | wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session", |
| 4071 | elems.fils_session, FILS_SESSION_LEN); |
| 4072 | wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session", |
| 4073 | sm->fils_session, FILS_SESSION_LEN); |
| 4074 | } |
| 4075 | |
| 4076 | /* TODO: FILS Public Key */ |
| 4077 | |
| 4078 | if (!elems.fils_key_confirm) { |
| 4079 | wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element"); |
| 4080 | goto fail; |
| 4081 | } |
| 4082 | if (elems.fils_key_confirm_len != sm->fils_key_auth_len) { |
| 4083 | wpa_printf(MSG_DEBUG, |
| 4084 | "FILS: Unexpected Key-Auth length %d (expected %d)", |
| 4085 | elems.fils_key_confirm_len, |
| 4086 | (int) sm->fils_key_auth_len); |
| 4087 | goto fail; |
| 4088 | } |
| 4089 | if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap, |
| 4090 | sm->fils_key_auth_len) != 0) { |
| 4091 | wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch"); |
| 4092 | wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth", |
| 4093 | elems.fils_key_confirm, |
| 4094 | elems.fils_key_confirm_len); |
| 4095 | wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth", |
| 4096 | sm->fils_key_auth_ap, sm->fils_key_auth_len); |
| 4097 | goto fail; |
| 4098 | } |
| 4099 | |
| 4100 | /* Key Delivery */ |
| 4101 | if (!elems.key_delivery) { |
| 4102 | wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element"); |
| 4103 | goto fail; |
| 4104 | } |
| 4105 | |
| 4106 | /* Parse GTK and set the key to the driver */ |
| 4107 | os_memset(&gd, 0, sizeof(gd)); |
| 4108 | if (wpa_supplicant_parse_ies(elems.key_delivery + WPA_KEY_RSC_LEN, |
| 4109 | elems.key_delivery_len - WPA_KEY_RSC_LEN, |
| 4110 | &kde) < 0) { |
| 4111 | wpa_printf(MSG_DEBUG, "FILS: Failed to parse KDEs"); |
| 4112 | goto fail; |
| 4113 | } |
| 4114 | if (!kde.gtk) { |
| 4115 | wpa_printf(MSG_DEBUG, "FILS: No GTK KDE"); |
| 4116 | goto fail; |
| 4117 | } |
| 4118 | maxkeylen = gd.gtk_len = kde.gtk_len - 2; |
| 4119 | if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
| 4120 | gd.gtk_len, maxkeylen, |
| 4121 | &gd.key_rsc_len, &gd.alg)) |
| 4122 | goto fail; |
| 4123 | |
| 4124 | wpa_hexdump_key(MSG_DEBUG, "FILS: Received GTK", kde.gtk, kde.gtk_len); |
| 4125 | gd.keyidx = kde.gtk[0] & 0x3; |
| 4126 | gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, |
| 4127 | !!(kde.gtk[0] & BIT(2))); |
| 4128 | if (kde.gtk_len - 2 > sizeof(gd.gtk)) { |
| 4129 | wpa_printf(MSG_DEBUG, "FILS: Too long GTK in GTK KDE (len=%lu)", |
| 4130 | (unsigned long) kde.gtk_len - 2); |
| 4131 | goto fail; |
| 4132 | } |
| 4133 | os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2); |
| 4134 | |
| 4135 | wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver"); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4136 | if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) { |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4137 | wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK"); |
| 4138 | goto fail; |
| 4139 | } |
| 4140 | |
| 4141 | if (ieee80211w_set_keys(sm, &kde) < 0) { |
| 4142 | wpa_printf(MSG_DEBUG, "FILS: Failed to set IGTK"); |
| 4143 | goto fail; |
| 4144 | } |
| 4145 | |
| 4146 | alg = wpa_cipher_to_alg(sm->pairwise_cipher); |
| 4147 | keylen = wpa_cipher_key_len(sm->pairwise_cipher); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4148 | if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) { |
| 4149 | wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu", |
| 4150 | keylen, (long unsigned int) sm->ptk.tk_len); |
| 4151 | goto fail; |
| 4152 | } |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4153 | rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); |
| 4154 | wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver", |
| 4155 | sm->ptk.tk, keylen); |
| 4156 | if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen, |
| 4157 | sm->ptk.tk, keylen) < 0) { |
| 4158 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
| 4159 | "FILS: Failed to set PTK to the driver (alg=%d keylen=%d bssid=" |
| 4160 | MACSTR ")", |
| 4161 | alg, keylen, MAC2STR(sm->bssid)); |
| 4162 | goto fail; |
| 4163 | } |
| 4164 | |
| 4165 | /* TODO: TK could be cleared after auth frame exchange now that driver |
| 4166 | * takes care of association frame encryption/decryption. */ |
| 4167 | /* TK is not needed anymore in supplicant */ |
| 4168 | os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4169 | sm->ptk.tk_len = 0; |
| Mathy Vanhoef | c66556c | 2017-09-29 04:22:51 +0200 | [diff] [blame] | 4170 | sm->ptk.installed = 1; |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4171 | |
| Dmitry Shmidt | ebd93af | 2017-02-21 13:40:44 -0800 | [diff] [blame] | 4172 | /* FILS HLP Container */ |
| 4173 | fils_process_hlp_container(sm, ie_start, end - ie_start); |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4174 | |
| 4175 | /* TODO: FILS IP Address Assignment */ |
| 4176 | |
| 4177 | wpa_printf(MSG_DEBUG, "FILS: Auth+Assoc completed successfully"); |
| 4178 | sm->fils_completed = 1; |
| 4179 | |
| 4180 | return 0; |
| 4181 | fail: |
| 4182 | return -1; |
| 4183 | } |
| 4184 | |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4185 | |
| 4186 | void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set) |
| 4187 | { |
| 4188 | if (sm) |
| 4189 | sm->fils_completed = !!set; |
| 4190 | } |
| 4191 | |
| Dmitry Shmidt | 9839ecd | 2016-11-07 11:05:47 -0800 | [diff] [blame] | 4192 | #endif /* CONFIG_FILS */ |
| 4193 | |
| 4194 | |
| 4195 | int wpa_fils_is_completed(struct wpa_sm *sm) |
| 4196 | { |
| 4197 | #ifdef CONFIG_FILS |
| 4198 | return sm && sm->fils_completed; |
| 4199 | #else /* CONFIG_FILS */ |
| 4200 | return 0; |
| 4201 | #endif /* CONFIG_FILS */ |
| 4202 | } |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4203 | |
| 4204 | |
| 4205 | #ifdef CONFIG_OWE |
| 4206 | |
| 4207 | struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group) |
| 4208 | { |
| 4209 | struct wpabuf *ie = NULL, *pub = NULL; |
| 4210 | size_t prime_len; |
| 4211 | |
| 4212 | if (group == 19) |
| 4213 | prime_len = 32; |
| 4214 | else if (group == 20) |
| 4215 | prime_len = 48; |
| 4216 | else if (group == 21) |
| 4217 | prime_len = 66; |
| 4218 | else |
| 4219 | return NULL; |
| 4220 | |
| 4221 | crypto_ecdh_deinit(sm->owe_ecdh); |
| 4222 | sm->owe_ecdh = crypto_ecdh_init(group); |
| 4223 | if (!sm->owe_ecdh) |
| 4224 | goto fail; |
| 4225 | sm->owe_group = group; |
| 4226 | pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0); |
| 4227 | pub = wpabuf_zeropad(pub, prime_len); |
| 4228 | if (!pub) |
| 4229 | goto fail; |
| 4230 | |
| 4231 | ie = wpabuf_alloc(5 + wpabuf_len(pub)); |
| 4232 | if (!ie) |
| 4233 | goto fail; |
| 4234 | wpabuf_put_u8(ie, WLAN_EID_EXTENSION); |
| 4235 | wpabuf_put_u8(ie, 1 + 2 + wpabuf_len(pub)); |
| 4236 | wpabuf_put_u8(ie, WLAN_EID_EXT_OWE_DH_PARAM); |
| 4237 | wpabuf_put_le16(ie, group); |
| 4238 | wpabuf_put_buf(ie, pub); |
| 4239 | wpabuf_free(pub); |
| 4240 | wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element", |
| 4241 | ie); |
| 4242 | |
| 4243 | return ie; |
| 4244 | fail: |
| 4245 | wpabuf_free(pub); |
| 4246 | crypto_ecdh_deinit(sm->owe_ecdh); |
| 4247 | sm->owe_ecdh = NULL; |
| 4248 | return NULL; |
| 4249 | } |
| 4250 | |
| 4251 | |
| 4252 | int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid, |
| 4253 | const u8 *resp_ies, size_t resp_ies_len) |
| 4254 | { |
| 4255 | struct ieee802_11_elems elems; |
| 4256 | u16 group; |
| 4257 | struct wpabuf *secret, *pub, *hkey; |
| 4258 | int res; |
| 4259 | u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN]; |
| 4260 | const char *info = "OWE Key Generation"; |
| 4261 | const u8 *addr[2]; |
| 4262 | size_t len[2]; |
| 4263 | size_t hash_len, prime_len; |
| 4264 | struct wpa_ie_data data; |
| 4265 | |
| 4266 | if (!resp_ies || |
| 4267 | ieee802_11_parse_elems(resp_ies, resp_ies_len, &elems, 1) == |
| 4268 | ParseFailed) { |
| 4269 | wpa_printf(MSG_INFO, |
| 4270 | "OWE: Could not parse Association Response frame elements"); |
| 4271 | return -1; |
| 4272 | } |
| 4273 | |
| 4274 | if (sm->cur_pmksa && elems.rsn_ie && |
| 4275 | wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, 2 + elems.rsn_ie_len, |
| 4276 | &data) == 0 && |
| 4277 | data.num_pmkid == 1 && data.pmkid && |
| 4278 | os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) { |
| 4279 | wpa_printf(MSG_DEBUG, "OWE: Use PMKSA caching"); |
| 4280 | wpa_sm_set_pmk_from_pmksa(sm); |
| 4281 | return 0; |
| 4282 | } |
| 4283 | |
| 4284 | if (!elems.owe_dh) { |
| 4285 | wpa_printf(MSG_INFO, |
| 4286 | "OWE: No Diffie-Hellman Parameter element found in Association Response frame"); |
| 4287 | return -1; |
| 4288 | } |
| 4289 | |
| 4290 | group = WPA_GET_LE16(elems.owe_dh); |
| 4291 | if (group != sm->owe_group) { |
| 4292 | wpa_printf(MSG_INFO, |
| 4293 | "OWE: Unexpected Diffie-Hellman group in response: %u", |
| 4294 | group); |
| 4295 | return -1; |
| 4296 | } |
| 4297 | |
| 4298 | if (!sm->owe_ecdh) { |
| 4299 | wpa_printf(MSG_INFO, "OWE: No ECDH state available"); |
| 4300 | return -1; |
| 4301 | } |
| 4302 | |
| 4303 | if (group == 19) |
| 4304 | prime_len = 32; |
| 4305 | else if (group == 20) |
| 4306 | prime_len = 48; |
| 4307 | else if (group == 21) |
| 4308 | prime_len = 66; |
| 4309 | else |
| 4310 | return -1; |
| 4311 | |
| 4312 | secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0, |
| 4313 | elems.owe_dh + 2, |
| 4314 | elems.owe_dh_len - 2); |
| 4315 | secret = wpabuf_zeropad(secret, prime_len); |
| 4316 | if (!secret) { |
| 4317 | wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key"); |
| 4318 | return -1; |
| 4319 | } |
| 4320 | wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret); |
| 4321 | |
| 4322 | /* prk = HKDF-extract(C | A | group, z) */ |
| 4323 | |
| 4324 | pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0); |
| 4325 | if (!pub) { |
| 4326 | wpabuf_clear_free(secret); |
| 4327 | return -1; |
| 4328 | } |
| 4329 | |
| 4330 | /* PMKID = Truncate-128(Hash(C | A)) */ |
| 4331 | addr[0] = wpabuf_head(pub); |
| 4332 | len[0] = wpabuf_len(pub); |
| 4333 | addr[1] = elems.owe_dh + 2; |
| 4334 | len[1] = elems.owe_dh_len - 2; |
| 4335 | if (group == 19) { |
| 4336 | res = sha256_vector(2, addr, len, pmkid); |
| 4337 | hash_len = SHA256_MAC_LEN; |
| 4338 | } else if (group == 20) { |
| 4339 | res = sha384_vector(2, addr, len, pmkid); |
| 4340 | hash_len = SHA384_MAC_LEN; |
| 4341 | } else if (group == 21) { |
| 4342 | res = sha512_vector(2, addr, len, pmkid); |
| 4343 | hash_len = SHA512_MAC_LEN; |
| 4344 | } else { |
| 4345 | res = -1; |
| 4346 | hash_len = 0; |
| 4347 | } |
| 4348 | pub = wpabuf_zeropad(pub, prime_len); |
| 4349 | if (res < 0 || !pub) { |
| 4350 | wpabuf_free(pub); |
| 4351 | wpabuf_clear_free(secret); |
| 4352 | return -1; |
| 4353 | } |
| 4354 | |
| 4355 | hkey = wpabuf_alloc(wpabuf_len(pub) + elems.owe_dh_len - 2 + 2); |
| 4356 | if (!hkey) { |
| 4357 | wpabuf_free(pub); |
| 4358 | wpabuf_clear_free(secret); |
| 4359 | return -1; |
| 4360 | } |
| 4361 | |
| 4362 | wpabuf_put_buf(hkey, pub); /* C */ |
| 4363 | wpabuf_free(pub); |
| 4364 | wpabuf_put_data(hkey, elems.owe_dh + 2, elems.owe_dh_len - 2); /* A */ |
| 4365 | wpabuf_put_le16(hkey, sm->owe_group); /* group */ |
| 4366 | if (group == 19) |
| 4367 | res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey), |
| 4368 | wpabuf_head(secret), wpabuf_len(secret), prk); |
| 4369 | else if (group == 20) |
| 4370 | res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey), |
| 4371 | wpabuf_head(secret), wpabuf_len(secret), prk); |
| 4372 | else if (group == 21) |
| 4373 | res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey), |
| 4374 | wpabuf_head(secret), wpabuf_len(secret), prk); |
| 4375 | wpabuf_clear_free(hkey); |
| 4376 | wpabuf_clear_free(secret); |
| 4377 | if (res < 0) |
| 4378 | return -1; |
| 4379 | |
| 4380 | wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len); |
| 4381 | |
| 4382 | /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */ |
| 4383 | |
| 4384 | if (group == 19) |
| 4385 | res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info, |
| 4386 | os_strlen(info), sm->pmk, hash_len); |
| 4387 | else if (group == 20) |
| 4388 | res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info, |
| 4389 | os_strlen(info), sm->pmk, hash_len); |
| 4390 | else if (group == 21) |
| 4391 | res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info, |
| 4392 | os_strlen(info), sm->pmk, hash_len); |
| 4393 | os_memset(prk, 0, SHA512_MAC_LEN); |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 4394 | if (res < 0) { |
| 4395 | sm->pmk_len = 0; |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4396 | return -1; |
| Roshan Pius | 3a1667e | 2018-07-03 15:17:14 -0700 | [diff] [blame] | 4397 | } |
| Dmitry Shmidt | d2986c2 | 2017-10-23 14:22:09 -0700 | [diff] [blame] | 4398 | sm->pmk_len = hash_len; |
| 4399 | |
| 4400 | wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len); |
| 4401 | wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN); |
| 4402 | pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0, |
| 4403 | bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt, |
| 4404 | NULL); |
| 4405 | |
| 4406 | return 0; |
| 4407 | } |
| 4408 | |
| 4409 | #endif /* CONFIG_OWE */ |
| 4410 | |
| 4411 | |
| 4412 | void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id) |
| 4413 | { |
| 4414 | #ifdef CONFIG_FILS |
| 4415 | if (sm && fils_cache_id) { |
| 4416 | sm->fils_cache_id_set = 1; |
| 4417 | os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN); |
| 4418 | } |
| 4419 | #endif /* CONFIG_FILS */ |
| 4420 | } |