Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd - IEEE 802.11i-2004 / WPA Authenticator
      3  * Copyright (c) 2004-2009, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License version 2 as
      7  * published by the Free Software Foundation.
      8  *
      9  * Alternatively, this software may be distributed under the terms of BSD
     10  * license.
     11  *
     12  * See README and COPYING for more details.
     13  */
     14 
     15 #include "utils/includes.h"
     16 
     17 #include "utils/common.h"
     18 #include "utils/eloop.h"
     19 #include "utils/state_machine.h"
     20 #include "common/ieee802_11_defs.h"
     21 #include "crypto/aes_wrap.h"
     22 #include "crypto/crypto.h"
     23 #include "crypto/sha1.h"
     24 #include "crypto/sha256.h"
     25 #include "crypto/random.h"
     26 #include "eapol_auth/eapol_auth_sm.h"
     27 #include "ap_config.h"
     28 #include "ieee802_11.h"
     29 #include "wpa_auth.h"
     30 #include "pmksa_cache_auth.h"
     31 #include "wpa_auth_i.h"
     32 #include "wpa_auth_ie.h"
     33 
     34 #define STATE_MACHINE_DATA struct wpa_state_machine
     35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
     36 #define STATE_MACHINE_ADDR sm->addr
     37 
     38 
     39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
     40 static int wpa_sm_step(struct wpa_state_machine *sm);
     41 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
     42 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
     43 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
     44 			      struct wpa_group *group);
     45 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
     46 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
     47 			  struct wpa_group *group);
     48 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
     49 				       struct wpa_group *group);
     50 
     51 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
     52 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
     53 static const u32 eapol_key_timeout_first = 100; /* ms */
     54 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
     55 
     56 /* TODO: make these configurable */
     57 static const int dot11RSNAConfigPMKLifetime = 43200;
     58 static const int dot11RSNAConfigPMKReauthThreshold = 70;
     59 static const int dot11RSNAConfigSATimeout = 60;
     60 
     61 
     62 static inline void wpa_auth_mic_failure_report(
     63 	struct wpa_authenticator *wpa_auth, const u8 *addr)
     64 {
     65 	if (wpa_auth->cb.mic_failure_report)
     66 		wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
     67 }
     68 
     69 
     70 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
     71 				      const u8 *addr, wpa_eapol_variable var,
     72 				      int value)
     73 {
     74 	if (wpa_auth->cb.set_eapol)
     75 		wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
     76 }
     77 
     78 
     79 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
     80 				     const u8 *addr, wpa_eapol_variable var)
     81 {
     82 	if (wpa_auth->cb.get_eapol == NULL)
     83 		return -1;
     84 	return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
     85 }
     86 
     87 
     88 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
     89 					  const u8 *addr, const u8 *prev_psk)
     90 {
     91 	if (wpa_auth->cb.get_psk == NULL)
     92 		return NULL;
     93 	return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
     94 }
     95 
     96 
     97 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
     98 				   const u8 *addr, u8 *msk, size_t *len)
     99 {
    100 	if (wpa_auth->cb.get_msk == NULL)
    101 		return -1;
    102 	return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
    103 }
    104 
    105 
    106 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
    107 				   int vlan_id,
    108 				   enum wpa_alg alg, const u8 *addr, int idx,
    109 				   u8 *key, size_t key_len)
    110 {
    111 	if (wpa_auth->cb.set_key == NULL)
    112 		return -1;
    113 	return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
    114 				    key, key_len);
    115 }
    116 
    117 
    118 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
    119 				      const u8 *addr, int idx, u8 *seq)
    120 {
    121 	if (wpa_auth->cb.get_seqnum == NULL)
    122 		return -1;
    123 	return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
    124 }
    125 
    126 
    127 static inline int
    128 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
    129 		    const u8 *data, size_t data_len, int encrypt)
    130 {
    131 	if (wpa_auth->cb.send_eapol == NULL)
    132 		return -1;
    133 	return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
    134 				       encrypt);
    135 }
    136 
    137 
    138 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
    139 			  int (*cb)(struct wpa_state_machine *sm, void *ctx),
    140 			  void *cb_ctx)
    141 {
    142 	if (wpa_auth->cb.for_each_sta == NULL)
    143 		return 0;
    144 	return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
    145 }
    146 
    147 
    148 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
    149 			   int (*cb)(struct wpa_authenticator *a, void *ctx),
    150 			   void *cb_ctx)
    151 {
    152 	if (wpa_auth->cb.for_each_auth == NULL)
    153 		return 0;
    154 	return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
    155 }
    156 
    157 
    158 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
    159 		     logger_level level, const char *txt)
    160 {
    161 	if (wpa_auth->cb.logger == NULL)
    162 		return;
    163 	wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
    164 }
    165 
    166 
    167 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
    168 		      logger_level level, const char *fmt, ...)
    169 {
    170 	char *format;
    171 	int maxlen;
    172 	va_list ap;
    173 
    174 	if (wpa_auth->cb.logger == NULL)
    175 		return;
    176 
    177 	maxlen = os_strlen(fmt) + 100;
    178 	format = os_malloc(maxlen);
    179 	if (!format)
    180 		return;
    181 
    182 	va_start(ap, fmt);
    183 	vsnprintf(format, maxlen, fmt, ap);
    184 	va_end(ap);
    185 
    186 	wpa_auth_logger(wpa_auth, addr, level, format);
    187 
    188 	os_free(format);
    189 }
    190 
    191 
    192 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
    193 			       const u8 *addr)
    194 {
    195 	if (wpa_auth->cb.disconnect == NULL)
    196 		return;
    197 	wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
    198 				WLAN_REASON_PREV_AUTH_NOT_VALID);
    199 }
    200 
    201 
    202 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
    203 {
    204 	int ret = 0;
    205 #ifdef CONFIG_IEEE80211R
    206 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
    207 		ret = 1;
    208 #endif /* CONFIG_IEEE80211R */
    209 #ifdef CONFIG_IEEE80211W
    210 	if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
    211 		ret = 1;
    212 #endif /* CONFIG_IEEE80211W */
    213 	return ret;
    214 }
    215 
    216 
    217 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
    218 {
    219 	struct wpa_authenticator *wpa_auth = eloop_ctx;
    220 
    221 	if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
    222 		wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
    223 			   "initialization.");
    224 	} else {
    225 		wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
    226 		wpa_hexdump_key(MSG_DEBUG, "GMK",
    227 				wpa_auth->group->GMK, WPA_GMK_LEN);
    228 	}
    229 
    230 	if (wpa_auth->conf.wpa_gmk_rekey) {
    231 		eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
    232 				       wpa_rekey_gmk, wpa_auth, NULL);
    233 	}
    234 }
    235 
    236 
    237 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
    238 {
    239 	struct wpa_authenticator *wpa_auth = eloop_ctx;
    240 	struct wpa_group *group;
    241 
    242 	wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
    243 	for (group = wpa_auth->group; group; group = group->next) {
    244 		group->GTKReKey = TRUE;
    245 		do {
    246 			group->changed = FALSE;
    247 			wpa_group_sm_step(wpa_auth, group);
    248 		} while (group->changed);
    249 	}
    250 
    251 	if (wpa_auth->conf.wpa_group_rekey) {
    252 		eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
    253 				       0, wpa_rekey_gtk, wpa_auth, NULL);
    254 	}
    255 }
    256 
    257 
    258 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
    259 {
    260 	struct wpa_authenticator *wpa_auth = eloop_ctx;
    261 	struct wpa_state_machine *sm = timeout_ctx;
    262 
    263 	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
    264 	wpa_request_new_ptk(sm);
    265 	wpa_sm_step(sm);
    266 }
    267 
    268 
    269 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
    270 {
    271 	if (sm->pmksa == ctx)
    272 		sm->pmksa = NULL;
    273 	return 0;
    274 }
    275 
    276 
    277 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
    278 				   void *ctx)
    279 {
    280 	struct wpa_authenticator *wpa_auth = ctx;
    281 	wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
    282 }
    283 
    284 
    285 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
    286 {
    287 	switch (cipher) {
    288 	case WPA_CIPHER_CCMP:
    289 		group->GTK_len = 16;
    290 		break;
    291 	case WPA_CIPHER_TKIP:
    292 		group->GTK_len = 32;
    293 		break;
    294 	case WPA_CIPHER_WEP104:
    295 		group->GTK_len = 13;
    296 		break;
    297 	case WPA_CIPHER_WEP40:
    298 		group->GTK_len = 5;
    299 		break;
    300 	}
    301 }
    302 
    303 
    304 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
    305 					  struct wpa_group *group)
    306 {
    307 	u8 buf[ETH_ALEN + 8 + sizeof(group)];
    308 	u8 rkey[32];
    309 
    310 	if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
    311 		return -1;
    312 	wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
    313 
    314 	/*
    315 	 * Counter = PRF-256(Random number, "Init Counter",
    316 	 *                   Local MAC Address || Time)
    317 	 */
    318 	os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
    319 	wpa_get_ntp_timestamp(buf + ETH_ALEN);
    320 	os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
    321 	if (random_get_bytes(rkey, sizeof(rkey)) < 0)
    322 		return -1;
    323 
    324 	if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
    325 		     group->Counter, WPA_NONCE_LEN) < 0)
    326 		return -1;
    327 	wpa_hexdump_key(MSG_DEBUG, "Key Counter",
    328 			group->Counter, WPA_NONCE_LEN);
    329 
    330 	return 0;
    331 }
    332 
    333 
    334 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
    335 					 int vlan_id)
    336 {
    337 	struct wpa_group *group;
    338 
    339 	group = os_zalloc(sizeof(struct wpa_group));
    340 	if (group == NULL)
    341 		return NULL;
    342 
    343 	group->GTKAuthenticator = TRUE;
    344 	group->vlan_id = vlan_id;
    345 
    346 	wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
    347 
    348 	if (random_pool_ready() != 1) {
    349 		wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
    350 			   "for secure operations - update keys later when "
    351 			   "the first station connects");
    352 #ifdef ANDROID_BRCM_P2P_PATCH
    353 		os_free(group);
    354 		return NULL;
    355 #endif
    356 	}
    357 
    358 	/*
    359 	 * Set initial GMK/Counter value here. The actual values that will be
    360 	 * used in negotiations will be set once the first station tries to
    361 	 * connect. This allows more time for collecting additional randomness
    362 	 * on embedded devices.
    363 	 */
    364 	if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
    365 		wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
    366 			   "initialization.");
    367 		os_free(group);
    368 		return NULL;
    369 	}
    370 
    371 	group->GInit = TRUE;
    372 	wpa_group_sm_step(wpa_auth, group);
    373 	group->GInit = FALSE;
    374 	wpa_group_sm_step(wpa_auth, group);
    375 
    376 	return group;
    377 }
    378 
    379 
    380 /**
    381  * wpa_init - Initialize WPA authenticator
    382  * @addr: Authenticator address
    383  * @conf: Configuration for WPA authenticator
    384  * @cb: Callback functions for WPA authenticator
    385  * Returns: Pointer to WPA authenticator data or %NULL on failure
    386  */
    387 struct wpa_authenticator * wpa_init(const u8 *addr,
    388 				    struct wpa_auth_config *conf,
    389 				    struct wpa_auth_callbacks *cb)
    390 {
    391 	struct wpa_authenticator *wpa_auth;
    392 
    393 	wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
    394 	if (wpa_auth == NULL)
    395 		return NULL;
    396 	os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
    397 	os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
    398 	os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
    399 
    400 	if (wpa_auth_gen_wpa_ie(wpa_auth)) {
    401 		wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
    402 		os_free(wpa_auth);
    403 		return NULL;
    404 	}
    405 
    406 	wpa_auth->group = wpa_group_init(wpa_auth, 0);
    407 	if (wpa_auth->group == NULL) {
    408 		os_free(wpa_auth->wpa_ie);
    409 		os_free(wpa_auth);
    410 		return NULL;
    411 	}
    412 
    413 	wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
    414 						wpa_auth);
    415 	if (wpa_auth->pmksa == NULL) {
    416 		wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
    417 		os_free(wpa_auth->wpa_ie);
    418 		os_free(wpa_auth);
    419 		return NULL;
    420 	}
    421 
    422 #ifdef CONFIG_IEEE80211R
    423 	wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
    424 	if (wpa_auth->ft_pmk_cache == NULL) {
    425 		wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
    426 		os_free(wpa_auth->wpa_ie);
    427 		pmksa_cache_auth_deinit(wpa_auth->pmksa);
    428 		os_free(wpa_auth);
    429 		return NULL;
    430 	}
    431 #endif /* CONFIG_IEEE80211R */
    432 
    433 	if (wpa_auth->conf.wpa_gmk_rekey) {
    434 		eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
    435 				       wpa_rekey_gmk, wpa_auth, NULL);
    436 	}
    437 
    438 	if (wpa_auth->conf.wpa_group_rekey) {
    439 		eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
    440 				       wpa_rekey_gtk, wpa_auth, NULL);
    441 	}
    442 
    443 	return wpa_auth;
    444 }
    445 
    446 
    447 /**
    448  * wpa_deinit - Deinitialize WPA authenticator
    449  * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
    450  */
    451 void wpa_deinit(struct wpa_authenticator *wpa_auth)
    452 {
    453 	struct wpa_group *group, *prev;
    454 
    455 	eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
    456 	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
    457 
    458 #ifdef CONFIG_PEERKEY
    459 	while (wpa_auth->stsl_negotiations)
    460 		wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
    461 #endif /* CONFIG_PEERKEY */
    462 
    463 	pmksa_cache_auth_deinit(wpa_auth->pmksa);
    464 
    465 #ifdef CONFIG_IEEE80211R
    466 	wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
    467 	wpa_auth->ft_pmk_cache = NULL;
    468 #endif /* CONFIG_IEEE80211R */
    469 
    470 	os_free(wpa_auth->wpa_ie);
    471 
    472 	group = wpa_auth->group;
    473 	while (group) {
    474 		prev = group;
    475 		group = group->next;
    476 		os_free(prev);
    477 	}
    478 
    479 	os_free(wpa_auth);
    480 }
    481 
    482 
    483 /**
    484  * wpa_reconfig - Update WPA authenticator configuration
    485  * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
    486  * @conf: Configuration for WPA authenticator
    487  */
    488 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
    489 		 struct wpa_auth_config *conf)
    490 {
    491 	struct wpa_group *group;
    492 	if (wpa_auth == NULL)
    493 		return 0;
    494 
    495 	os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
    496 	if (wpa_auth_gen_wpa_ie(wpa_auth)) {
    497 		wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
    498 		return -1;
    499 	}
    500 
    501 	/*
    502 	 * Reinitialize GTK to make sure it is suitable for the new
    503 	 * configuration.
    504 	 */
    505 	group = wpa_auth->group;
    506 	wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
    507 	group->GInit = TRUE;
    508 	wpa_group_sm_step(wpa_auth, group);
    509 	group->GInit = FALSE;
    510 	wpa_group_sm_step(wpa_auth, group);
    511 
    512 	return 0;
    513 }
    514 
    515 
    516 struct wpa_state_machine *
    517 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
    518 {
    519 	struct wpa_state_machine *sm;
    520 
    521 	sm = os_zalloc(sizeof(struct wpa_state_machine));
    522 	if (sm == NULL)
    523 		return NULL;
    524 	os_memcpy(sm->addr, addr, ETH_ALEN);
    525 
    526 	sm->wpa_auth = wpa_auth;
    527 	sm->group = wpa_auth->group;
    528 
    529 	return sm;
    530 }
    531 
    532 
    533 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
    534 			    struct wpa_state_machine *sm)
    535 {
    536 	if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
    537 		return -1;
    538 
    539 #ifdef CONFIG_IEEE80211R
    540 	if (sm->ft_completed) {
    541 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
    542 				"FT authentication already completed - do not "
    543 				"start 4-way handshake");
    544 		return 0;
    545 	}
    546 #endif /* CONFIG_IEEE80211R */
    547 
    548 	if (sm->started) {
    549 		os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
    550 		sm->ReAuthenticationRequest = TRUE;
    551 		return wpa_sm_step(sm);
    552 	}
    553 
    554 	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
    555 			"start authentication");
    556 	sm->started = 1;
    557 
    558 	sm->Init = TRUE;
    559 	if (wpa_sm_step(sm) == 1)
    560 		return 1; /* should not really happen */
    561 	sm->Init = FALSE;
    562 	sm->AuthenticationRequest = TRUE;
    563 	return wpa_sm_step(sm);
    564 }
    565 
    566 
    567 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
    568 {
    569 	/* WPA/RSN was not used - clear WPA state. This is needed if the STA
    570 	 * reassociates back to the same AP while the previous entry for the
    571 	 * STA has not yet been removed. */
    572 	if (sm == NULL)
    573 		return;
    574 
    575 	sm->wpa_key_mgmt = 0;
    576 }
    577 
    578 
    579 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
    580 {
    581 	if (sm->GUpdateStationKeys) {
    582 		sm->group->GKeyDoneStations--;
    583 		sm->GUpdateStationKeys = FALSE;
    584 	}
    585 #ifdef CONFIG_IEEE80211R
    586 	os_free(sm->assoc_resp_ftie);
    587 #endif /* CONFIG_IEEE80211R */
    588 	os_free(sm->last_rx_eapol_key);
    589 	os_free(sm->wpa_ie);
    590 	os_free(sm);
    591 }
    592 
    593 
    594 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
    595 {
    596 	if (sm == NULL)
    597 		return;
    598 
    599 	if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
    600 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
    601 				"strict rekeying - force GTK rekey since STA "
    602 				"is leaving");
    603 		eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
    604 		eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
    605 				       NULL);
    606 	}
    607 
    608 	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
    609 	sm->pending_1_of_4_timeout = 0;
    610 	eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
    611 	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
    612 	if (sm->in_step_loop) {
    613 		/* Must not free state machine while wpa_sm_step() is running.
    614 		 * Freeing will be completed in the end of wpa_sm_step(). */
    615 		wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
    616 			   "machine deinit for " MACSTR, MAC2STR(sm->addr));
    617 		sm->pending_deinit = 1;
    618 	} else
    619 		wpa_free_sta_sm(sm);
    620 }
    621 
    622 
    623 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
    624 {
    625 	if (sm == NULL)
    626 		return;
    627 
    628 	sm->PTKRequest = TRUE;
    629 	sm->PTK_valid = 0;
    630 }
    631 
    632 
    633 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
    634 				    const u8 *replay_counter)
    635 {
    636 	int i;
    637 	for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
    638 		if (!sm->key_replay[i].valid)
    639 			break;
    640 		if (os_memcmp(replay_counter, sm->key_replay[i].counter,
    641 			      WPA_REPLAY_COUNTER_LEN) == 0)
    642 			return 1;
    643 	}
    644 	return 0;
    645 }
    646 
    647 
    648 #ifdef CONFIG_IEEE80211R
    649 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
    650 			       struct wpa_state_machine *sm,
    651 			       struct wpa_eapol_ie_parse *kde)
    652 {
    653 	struct wpa_ie_data ie;
    654 	struct rsn_mdie *mdie;
    655 
    656 	if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
    657 	    ie.num_pmkid != 1 || ie.pmkid == NULL) {
    658 		wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
    659 			   "FT 4-way handshake message 2/4");
    660 		return -1;
    661 	}
    662 
    663 	os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
    664 	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
    665 		    sm->sup_pmk_r1_name, PMKID_LEN);
    666 
    667 	if (!kde->mdie || !kde->ftie) {
    668 		wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
    669 			   "message 2/4", kde->mdie ? "FTIE" : "MDIE");
    670 		return -1;
    671 	}
    672 
    673 	mdie = (struct rsn_mdie *) (kde->mdie + 2);
    674 	if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
    675 	    os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
    676 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
    677 		wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
    678 		return -1;
    679 	}
    680 
    681 	if (sm->assoc_resp_ftie &&
    682 	    (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
    683 	     os_memcmp(kde->ftie, sm->assoc_resp_ftie,
    684 		       2 + sm->assoc_resp_ftie[1]) != 0)) {
    685 		wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
    686 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
    687 			    kde->ftie, kde->ftie_len);
    688 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
    689 			    sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
    690 		return -1;
    691 	}
    692 
    693 	return 0;
    694 }
    695 #endif /* CONFIG_IEEE80211R */
    696 
    697 
    698 void wpa_receive(struct wpa_authenticator *wpa_auth,
    699 		 struct wpa_state_machine *sm,
    700 		 u8 *data, size_t data_len)
    701 {
    702 	struct ieee802_1x_hdr *hdr;
    703 	struct wpa_eapol_key *key;
    704 	u16 key_info, key_data_length;
    705 	enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
    706 	       SMK_M1, SMK_M3, SMK_ERROR } msg;
    707 	char *msgtxt;
    708 	struct wpa_eapol_ie_parse kde;
    709 	int ft;
    710 	const u8 *eapol_key_ie;
    711 	size_t eapol_key_ie_len;
    712 
    713 	if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
    714 		return;
    715 
    716 	if (data_len < sizeof(*hdr) + sizeof(*key))
    717 		return;
    718 
    719 	hdr = (struct ieee802_1x_hdr *) data;
    720 	key = (struct wpa_eapol_key *) (hdr + 1);
    721 	key_info = WPA_GET_BE16(key->key_info);
    722 	key_data_length = WPA_GET_BE16(key->key_data_length);
    723 	if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
    724 		wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
    725 			   "key_data overflow (%d > %lu)",
    726 			   key_data_length,
    727 			   (unsigned long) (data_len - sizeof(*hdr) -
    728 					    sizeof(*key)));
    729 		return;
    730 	}
    731 
    732 	if (sm->wpa == WPA_VERSION_WPA2) {
    733 		if (key->type != EAPOL_KEY_TYPE_RSN) {
    734 			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
    735 				   "unexpected type %d in RSN mode",
    736 				   key->type);
    737 			return;
    738 		}
    739 	} else {
    740 		if (key->type != EAPOL_KEY_TYPE_WPA) {
    741 			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
    742 				   "unexpected type %d in WPA mode",
    743 				   key->type);
    744 			return;
    745 		}
    746 	}
    747 
    748 	wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
    749 		    WPA_NONCE_LEN);
    750 	wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
    751 		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
    752 
    753 	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
    754 	 * are set */
    755 
    756 	if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
    757 	    (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
    758 		if (key_info & WPA_KEY_INFO_ERROR) {
    759 			msg = SMK_ERROR;
    760 			msgtxt = "SMK Error";
    761 		} else {
    762 			msg = SMK_M1;
    763 			msgtxt = "SMK M1";
    764 		}
    765 	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
    766 		msg = SMK_M3;
    767 		msgtxt = "SMK M3";
    768 	} else if (key_info & WPA_KEY_INFO_REQUEST) {
    769 		msg = REQUEST;
    770 		msgtxt = "Request";
    771 	} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
    772 		msg = GROUP_2;
    773 		msgtxt = "2/2 Group";
    774 	} else if (key_data_length == 0) {
    775 		msg = PAIRWISE_4;
    776 		msgtxt = "4/4 Pairwise";
    777 	} else {
    778 		msg = PAIRWISE_2;
    779 		msgtxt = "2/4 Pairwise";
    780 	}
    781 
    782 	/* TODO: key_info type validation for PeerKey */
    783 	if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
    784 	    msg == GROUP_2) {
    785 		u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
    786 		if (sm->pairwise == WPA_CIPHER_CCMP) {
    787 			if (wpa_use_aes_cmac(sm) &&
    788 			    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
    789 				wpa_auth_logger(wpa_auth, sm->addr,
    790 						LOGGER_WARNING,
    791 						"advertised support for "
    792 						"AES-128-CMAC, but did not "
    793 						"use it");
    794 				return;
    795 			}
    796 
    797 			if (!wpa_use_aes_cmac(sm) &&
    798 			    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
    799 				wpa_auth_logger(wpa_auth, sm->addr,
    800 						LOGGER_WARNING,
    801 						"did not use HMAC-SHA1-AES "
    802 						"with CCMP");
    803 				return;
    804 			}
    805 		}
    806 	}
    807 
    808 	if (key_info & WPA_KEY_INFO_REQUEST) {
    809 		if (sm->req_replay_counter_used &&
    810 		    os_memcmp(key->replay_counter, sm->req_replay_counter,
    811 			      WPA_REPLAY_COUNTER_LEN) <= 0) {
    812 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
    813 					"received EAPOL-Key request with "
    814 					"replayed counter");
    815 			return;
    816 		}
    817 	}
    818 
    819 	if (!(key_info & WPA_KEY_INFO_REQUEST) &&
    820 	    !wpa_replay_counter_valid(sm, key->replay_counter)) {
    821 		int i;
    822 		wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    823 				 "received EAPOL-Key %s with unexpected "
    824 				 "replay counter", msgtxt);
    825 		for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
    826 			if (!sm->key_replay[i].valid)
    827 				break;
    828 			wpa_hexdump(MSG_DEBUG, "pending replay counter",
    829 				    sm->key_replay[i].counter,
    830 				    WPA_REPLAY_COUNTER_LEN);
    831 		}
    832 		wpa_hexdump(MSG_DEBUG, "received replay counter",
    833 			    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
    834 		return;
    835 	}
    836 
    837 	switch (msg) {
    838 	case PAIRWISE_2:
    839 		if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
    840 		    sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
    841 			wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    842 					 "received EAPOL-Key msg 2/4 in "
    843 					 "invalid state (%d) - dropped",
    844 					 sm->wpa_ptk_state);
    845 			return;
    846 		}
    847 		random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
    848 		if (sm->group->reject_4way_hs_for_entropy) {
    849 			/*
    850 			 * The system did not have enough entropy to generate
    851 			 * strong random numbers. Reject the first 4-way
    852 			 * handshake(s) and collect some entropy based on the
    853 			 * information from it. Once enough entropy is
    854 			 * available, the next atempt will trigger GMK/Key
    855 			 * Counter update and the station will be allowed to
    856 			 * continue.
    857 			 */
    858 			wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
    859 				   "collect more entropy for random number "
    860 				   "generation");
    861 			sm->group->reject_4way_hs_for_entropy = FALSE;
    862 			random_mark_pool_ready();
    863 			sm->group->first_sta_seen = FALSE;
    864 			wpa_sta_disconnect(wpa_auth, sm->addr);
    865 			return;
    866 		}
    867 		if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
    868 				      &kde) < 0) {
    869 			wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    870 					 "received EAPOL-Key msg 2/4 with "
    871 					 "invalid Key Data contents");
    872 			return;
    873 		}
    874 		if (kde.rsn_ie) {
    875 			eapol_key_ie = kde.rsn_ie;
    876 			eapol_key_ie_len = kde.rsn_ie_len;
    877 		} else {
    878 			eapol_key_ie = kde.wpa_ie;
    879 			eapol_key_ie_len = kde.wpa_ie_len;
    880 		}
    881 		ft = sm->wpa == WPA_VERSION_WPA2 &&
    882 			wpa_key_mgmt_ft(sm->wpa_key_mgmt);
    883 		if (sm->wpa_ie == NULL ||
    884 		    wpa_compare_rsn_ie(ft,
    885 				       sm->wpa_ie, sm->wpa_ie_len,
    886 				       eapol_key_ie, eapol_key_ie_len)) {
    887 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    888 					"WPA IE from (Re)AssocReq did not "
    889 					"match with msg 2/4");
    890 			if (sm->wpa_ie) {
    891 				wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
    892 					    sm->wpa_ie, sm->wpa_ie_len);
    893 			}
    894 			wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
    895 				    eapol_key_ie, eapol_key_ie_len);
    896 			/* MLME-DEAUTHENTICATE.request */
    897 			wpa_sta_disconnect(wpa_auth, sm->addr);
    898 			return;
    899 		}
    900 #ifdef CONFIG_IEEE80211R
    901 		if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
    902 			wpa_sta_disconnect(wpa_auth, sm->addr);
    903 			return;
    904 		}
    905 #endif /* CONFIG_IEEE80211R */
    906 		break;
    907 	case PAIRWISE_4:
    908 		if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
    909 		    !sm->PTK_valid) {
    910 			wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    911 					 "received EAPOL-Key msg 4/4 in "
    912 					 "invalid state (%d) - dropped",
    913 					 sm->wpa_ptk_state);
    914 			return;
    915 		}
    916 		break;
    917 	case GROUP_2:
    918 		if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
    919 		    || !sm->PTK_valid) {
    920 			wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
    921 					 "received EAPOL-Key msg 2/2 in "
    922 					 "invalid state (%d) - dropped",
    923 					 sm->wpa_ptk_group_state);
    924 			return;
    925 		}
    926 		break;
    927 #ifdef CONFIG_PEERKEY
    928 	case SMK_M1:
    929 	case SMK_M3:
    930 	case SMK_ERROR:
    931 		if (!wpa_auth->conf.peerkey) {
    932 			wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
    933 				   "PeerKey use disabled - ignoring message");
    934 			return;
    935 		}
    936 		if (!sm->PTK_valid) {
    937 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    938 					"received EAPOL-Key msg SMK in "
    939 					"invalid state - dropped");
    940 			return;
    941 		}
    942 		break;
    943 #else /* CONFIG_PEERKEY */
    944 	case SMK_M1:
    945 	case SMK_M3:
    946 	case SMK_ERROR:
    947 		return; /* STSL disabled - ignore SMK messages */
    948 #endif /* CONFIG_PEERKEY */
    949 	case REQUEST:
    950 		break;
    951 	}
    952 
    953 	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
    954 			 "received EAPOL-Key frame (%s)", msgtxt);
    955 
    956 	if (key_info & WPA_KEY_INFO_ACK) {
    957 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    958 				"received invalid EAPOL-Key: Key Ack set");
    959 		return;
    960 	}
    961 
    962 	if (!(key_info & WPA_KEY_INFO_MIC)) {
    963 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    964 				"received invalid EAPOL-Key: Key MIC not set");
    965 		return;
    966 	}
    967 
    968 	sm->MICVerified = FALSE;
    969 	if (sm->PTK_valid) {
    970 		if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
    971 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    972 					"received EAPOL-Key with invalid MIC");
    973 			return;
    974 		}
    975 		sm->MICVerified = TRUE;
    976 		eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
    977 		sm->pending_1_of_4_timeout = 0;
    978 	}
    979 
    980 	if (key_info & WPA_KEY_INFO_REQUEST) {
    981 		if (sm->MICVerified) {
    982 			sm->req_replay_counter_used = 1;
    983 			os_memcpy(sm->req_replay_counter, key->replay_counter,
    984 				  WPA_REPLAY_COUNTER_LEN);
    985 		} else {
    986 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
    987 					"received EAPOL-Key request with "
    988 					"invalid MIC");
    989 			return;
    990 		}
    991 
    992 		/*
    993 		 * TODO: should decrypt key data field if encryption was used;
    994 		 * even though MAC address KDE is not normally encrypted,
    995 		 * supplicant is allowed to encrypt it.
    996 		 */
    997 		if (msg == SMK_ERROR) {
    998 #ifdef CONFIG_PEERKEY
    999 			wpa_smk_error(wpa_auth, sm, key);
   1000 #endif /* CONFIG_PEERKEY */
   1001 			return;
   1002 		} else if (key_info & WPA_KEY_INFO_ERROR) {
   1003 			/* Supplicant reported a Michael MIC error */
   1004 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
   1005 					"received EAPOL-Key Error Request "
   1006 					"(STA detected Michael MIC failure)");
   1007 			wpa_auth_mic_failure_report(wpa_auth, sm->addr);
   1008 			sm->dot11RSNAStatsTKIPRemoteMICFailures++;
   1009 			wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
   1010 			/* Error report is not a request for a new key
   1011 			 * handshake, but since Authenticator may do it, let's
   1012 			 * change the keys now anyway. */
   1013 			wpa_request_new_ptk(sm);
   1014 		} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
   1015 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
   1016 					"received EAPOL-Key Request for new "
   1017 					"4-Way Handshake");
   1018 			wpa_request_new_ptk(sm);
   1019 #ifdef CONFIG_PEERKEY
   1020 		} else if (msg == SMK_M1) {
   1021 			wpa_smk_m1(wpa_auth, sm, key);
   1022 #endif /* CONFIG_PEERKEY */
   1023 		} else if (key_data_length > 0 &&
   1024 			   wpa_parse_kde_ies((const u8 *) (key + 1),
   1025 					     key_data_length, &kde) == 0 &&
   1026 			   kde.mac_addr) {
   1027 		} else {
   1028 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
   1029 					"received EAPOL-Key Request for GTK "
   1030 					"rekeying");
   1031 			/* FIX: why was this triggering PTK rekeying for the
   1032 			 * STA that requested Group Key rekeying?? */
   1033 			/* wpa_request_new_ptk(sta->wpa_sm); */
   1034 			eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
   1035 			wpa_rekey_gtk(wpa_auth, NULL);
   1036 		}
   1037 	} else {
   1038 		/* Do not allow the same key replay counter to be reused. This
   1039 		 * does also invalidate all other pending replay counters if
   1040 		 * retransmissions were used, i.e., we will only process one of
   1041 		 * the pending replies and ignore rest if more than one is
   1042 		 * received. */
   1043 		sm->key_replay[0].valid = FALSE;
   1044 	}
   1045 
   1046 #ifdef CONFIG_PEERKEY
   1047 	if (msg == SMK_M3) {
   1048 		wpa_smk_m3(wpa_auth, sm, key);
   1049 		return;
   1050 	}
   1051 #endif /* CONFIG_PEERKEY */
   1052 
   1053 	os_free(sm->last_rx_eapol_key);
   1054 	sm->last_rx_eapol_key = os_malloc(data_len);
   1055 	if (sm->last_rx_eapol_key == NULL)
   1056 		return;
   1057 	os_memcpy(sm->last_rx_eapol_key, data, data_len);
   1058 	sm->last_rx_eapol_key_len = data_len;
   1059 
   1060 	sm->EAPOLKeyReceived = TRUE;
   1061 	sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
   1062 	sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
   1063 	os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
   1064 	wpa_sm_step(sm);
   1065 }
   1066 
   1067 
   1068 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
   1069 			  const u8 *gnonce, u8 *gtk, size_t gtk_len)
   1070 {
   1071 	u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
   1072 	u8 *pos;
   1073 	int ret = 0;
   1074 
   1075 	/* GTK = PRF-X(GMK, "Group key expansion",
   1076 	 *	AA || GNonce || Time || random data)
   1077 	 * The example described in the IEEE 802.11 standard uses only AA and
   1078 	 * GNonce as inputs here. Add some more entropy since this derivation
   1079 	 * is done only at the Authenticator and as such, does not need to be
   1080 	 * exactly same.
   1081 	 */
   1082 	os_memcpy(data, addr, ETH_ALEN);
   1083 	os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
   1084 	pos = data + ETH_ALEN + WPA_NONCE_LEN;
   1085 	wpa_get_ntp_timestamp(pos);
   1086 	pos += 8;
   1087 	if (random_get_bytes(pos, 16) < 0)
   1088 		ret = -1;
   1089 
   1090 #ifdef CONFIG_IEEE80211W
   1091 	sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
   1092 #else /* CONFIG_IEEE80211W */
   1093 	if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
   1094 	    < 0)
   1095 		ret = -1;
   1096 #endif /* CONFIG_IEEE80211W */
   1097 
   1098 	return ret;
   1099 }
   1100 
   1101 
   1102 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
   1103 {
   1104 	struct wpa_authenticator *wpa_auth = eloop_ctx;
   1105 	struct wpa_state_machine *sm = timeout_ctx;
   1106 
   1107 	sm->pending_1_of_4_timeout = 0;
   1108 	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
   1109 	sm->TimeoutEvt = TRUE;
   1110 	wpa_sm_step(sm);
   1111 }
   1112 
   1113 
   1114 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
   1115 		      struct wpa_state_machine *sm, int key_info,
   1116 		      const u8 *key_rsc, const u8 *nonce,
   1117 		      const u8 *kde, size_t kde_len,
   1118 		      int keyidx, int encr, int force_version)
   1119 {
   1120 	struct ieee802_1x_hdr *hdr;
   1121 	struct wpa_eapol_key *key;
   1122 	size_t len;
   1123 	int alg;
   1124 	int key_data_len, pad_len = 0;
   1125 	u8 *buf, *pos;
   1126 	int version, pairwise;
   1127 	int i;
   1128 
   1129 	len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
   1130 
   1131 	if (force_version)
   1132 		version = force_version;
   1133 	else if (wpa_use_aes_cmac(sm))
   1134 		version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
   1135 	else if (sm->pairwise == WPA_CIPHER_CCMP)
   1136 		version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
   1137 	else
   1138 		version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
   1139 
   1140 	pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
   1141 
   1142 	wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
   1143 		   "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
   1144 		   "encr=%d)",
   1145 		   version,
   1146 		   (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
   1147 		   (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
   1148 		   (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
   1149 		   (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
   1150 		   pairwise, (unsigned long) kde_len, keyidx, encr);
   1151 
   1152 	key_data_len = kde_len;
   1153 
   1154 	if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
   1155 	     version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
   1156 		pad_len = key_data_len % 8;
   1157 		if (pad_len)
   1158 			pad_len = 8 - pad_len;
   1159 		key_data_len += pad_len + 8;
   1160 	}
   1161 
   1162 	len += key_data_len;
   1163 
   1164 	hdr = os_zalloc(len);
   1165 	if (hdr == NULL)
   1166 		return;
   1167 	hdr->version = wpa_auth->conf.eapol_version;
   1168 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
   1169 	hdr->length = host_to_be16(len  - sizeof(*hdr));
   1170 	key = (struct wpa_eapol_key *) (hdr + 1);
   1171 
   1172 	key->type = sm->wpa == WPA_VERSION_WPA2 ?
   1173 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
   1174 	key_info |= version;
   1175 	if (encr && sm->wpa == WPA_VERSION_WPA2)
   1176 		key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
   1177 	if (sm->wpa != WPA_VERSION_WPA2)
   1178 		key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
   1179 	WPA_PUT_BE16(key->key_info, key_info);
   1180 
   1181 	alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
   1182 	switch (alg) {
   1183 	case WPA_CIPHER_CCMP:
   1184 		WPA_PUT_BE16(key->key_length, 16);
   1185 		break;
   1186 	case WPA_CIPHER_TKIP:
   1187 		WPA_PUT_BE16(key->key_length, 32);
   1188 		break;
   1189 	case WPA_CIPHER_WEP40:
   1190 		WPA_PUT_BE16(key->key_length, 5);
   1191 		break;
   1192 	case WPA_CIPHER_WEP104:
   1193 		WPA_PUT_BE16(key->key_length, 13);
   1194 		break;
   1195 	}
   1196 	if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
   1197 		WPA_PUT_BE16(key->key_length, 0);
   1198 
   1199 	/* FIX: STSL: what to use as key_replay_counter? */
   1200 	for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
   1201 		sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
   1202 		os_memcpy(sm->key_replay[i].counter,
   1203 			  sm->key_replay[i - 1].counter,
   1204 			  WPA_REPLAY_COUNTER_LEN);
   1205 	}
   1206 	inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
   1207 	os_memcpy(key->replay_counter, sm->key_replay[0].counter,
   1208 		  WPA_REPLAY_COUNTER_LEN);
   1209 	sm->key_replay[0].valid = TRUE;
   1210 
   1211 	if (nonce)
   1212 		os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
   1213 
   1214 	if (key_rsc)
   1215 		os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
   1216 
   1217 	if (kde && !encr) {
   1218 		os_memcpy(key + 1, kde, kde_len);
   1219 		WPA_PUT_BE16(key->key_data_length, kde_len);
   1220 	} else if (encr && kde) {
   1221 		buf = os_zalloc(key_data_len);
   1222 		if (buf == NULL) {
   1223 			os_free(hdr);
   1224 			return;
   1225 		}
   1226 		pos = buf;
   1227 		os_memcpy(pos, kde, kde_len);
   1228 		pos += kde_len;
   1229 
   1230 		if (pad_len)
   1231 			*pos++ = 0xdd;
   1232 
   1233 		wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
   1234 				buf, key_data_len);
   1235 		if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
   1236 		    version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
   1237 			if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
   1238 				     (u8 *) (key + 1))) {
   1239 				os_free(hdr);
   1240 				os_free(buf);
   1241 				return;
   1242 			}
   1243 			WPA_PUT_BE16(key->key_data_length, key_data_len);
   1244 		} else {
   1245 			u8 ek[32];
   1246 			os_memcpy(key->key_iv,
   1247 				  sm->group->Counter + WPA_NONCE_LEN - 16, 16);
   1248 			inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
   1249 			os_memcpy(ek, key->key_iv, 16);
   1250 			os_memcpy(ek + 16, sm->PTK.kek, 16);
   1251 			os_memcpy(key + 1, buf, key_data_len);
   1252 			rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
   1253 			WPA_PUT_BE16(key->key_data_length, key_data_len);
   1254 		}
   1255 		os_free(buf);
   1256 	}
   1257 
   1258 	if (key_info & WPA_KEY_INFO_MIC) {
   1259 		if (!sm->PTK_valid) {
   1260 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
   1261 					"PTK not valid when sending EAPOL-Key "
   1262 					"frame");
   1263 			os_free(hdr);
   1264 			return;
   1265 		}
   1266 		wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
   1267 				  key->key_mic);
   1268 	}
   1269 
   1270 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
   1271 			   1);
   1272 	wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
   1273 			    sm->pairwise_set);
   1274 	os_free(hdr);
   1275 }
   1276 
   1277 
   1278 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
   1279 			   struct wpa_state_machine *sm, int key_info,
   1280 			   const u8 *key_rsc, const u8 *nonce,
   1281 			   const u8 *kde, size_t kde_len,
   1282 			   int keyidx, int encr)
   1283 {
   1284 	int timeout_ms;
   1285 	int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
   1286 	int ctr;
   1287 
   1288 	if (sm == NULL)
   1289 		return;
   1290 
   1291 	__wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
   1292 			 keyidx, encr, 0);
   1293 
   1294 	ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
   1295 	if (ctr == 1 && wpa_auth->conf.tx_status)
   1296 		timeout_ms = eapol_key_timeout_first;
   1297 	else
   1298 		timeout_ms = eapol_key_timeout_subseq;
   1299 	if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
   1300 		sm->pending_1_of_4_timeout = 1;
   1301 	wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
   1302 		   "counter %d)", timeout_ms, ctr);
   1303 	eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
   1304 			       wpa_send_eapol_timeout, wpa_auth, sm);
   1305 }
   1306 
   1307 
   1308 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
   1309 {
   1310 	struct ieee802_1x_hdr *hdr;
   1311 	struct wpa_eapol_key *key;
   1312 	u16 key_info;
   1313 	int ret = 0;
   1314 	u8 mic[16];
   1315 
   1316 	if (data_len < sizeof(*hdr) + sizeof(*key))
   1317 		return -1;
   1318 
   1319 	hdr = (struct ieee802_1x_hdr *) data;
   1320 	key = (struct wpa_eapol_key *) (hdr + 1);
   1321 	key_info = WPA_GET_BE16(key->key_info);
   1322 	os_memcpy(mic, key->key_mic, 16);
   1323 	os_memset(key->key_mic, 0, 16);
   1324 	if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
   1325 			      data, data_len, key->key_mic) ||
   1326 	    os_memcmp(mic, key->key_mic, 16) != 0)
   1327 		ret = -1;
   1328 	os_memcpy(key->key_mic, mic, 16);
   1329 	return ret;
   1330 }
   1331 
   1332 
   1333 void wpa_remove_ptk(struct wpa_state_machine *sm)
   1334 {
   1335 	sm->PTK_valid = FALSE;
   1336 	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
   1337 	wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
   1338 	sm->pairwise_set = FALSE;
   1339 	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
   1340 }
   1341 
   1342 
   1343 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
   1344 {
   1345 	int remove_ptk = 1;
   1346 
   1347 	if (sm == NULL)
   1348 		return -1;
   1349 
   1350 	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   1351 			 "event %d notification", event);
   1352 
   1353 	switch (event) {
   1354 	case WPA_AUTH:
   1355 	case WPA_ASSOC:
   1356 		break;
   1357 	case WPA_DEAUTH:
   1358 	case WPA_DISASSOC:
   1359 		sm->DeauthenticationRequest = TRUE;
   1360 		break;
   1361 	case WPA_REAUTH:
   1362 	case WPA_REAUTH_EAPOL:
   1363 		if (!sm->started) {
   1364 			/*
   1365 			 * When using WPS, we may end up here if the STA
   1366 			 * manages to re-associate without the previous STA
   1367 			 * entry getting removed. Consequently, we need to make
   1368 			 * sure that the WPA state machines gets initialized
   1369 			 * properly at this point.
   1370 			 */
   1371 			wpa_printf(MSG_DEBUG, "WPA state machine had not been "
   1372 				   "started - initialize now");
   1373 			sm->started = 1;
   1374 			sm->Init = TRUE;
   1375 			if (wpa_sm_step(sm) == 1)
   1376 				return 1; /* should not really happen */
   1377 			sm->Init = FALSE;
   1378 			sm->AuthenticationRequest = TRUE;
   1379 			break;
   1380 		}
   1381 		if (sm->GUpdateStationKeys) {
   1382 			/*
   1383 			 * Reauthentication cancels the pending group key
   1384 			 * update for this STA.
   1385 			 */
   1386 			sm->group->GKeyDoneStations--;
   1387 			sm->GUpdateStationKeys = FALSE;
   1388 			sm->PtkGroupInit = TRUE;
   1389 		}
   1390 		sm->ReAuthenticationRequest = TRUE;
   1391 		break;
   1392 	case WPA_ASSOC_FT:
   1393 #ifdef CONFIG_IEEE80211R
   1394 		wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
   1395 			   "after association");
   1396 		wpa_ft_install_ptk(sm);
   1397 
   1398 		/* Using FT protocol, not WPA auth state machine */
   1399 		sm->ft_completed = 1;
   1400 		return 0;
   1401 #else /* CONFIG_IEEE80211R */
   1402 		break;
   1403 #endif /* CONFIG_IEEE80211R */
   1404 	}
   1405 
   1406 #ifdef CONFIG_IEEE80211R
   1407 	sm->ft_completed = 0;
   1408 #endif /* CONFIG_IEEE80211R */
   1409 
   1410 #ifdef CONFIG_IEEE80211W
   1411 	if (sm->mgmt_frame_prot && event == WPA_AUTH)
   1412 		remove_ptk = 0;
   1413 #endif /* CONFIG_IEEE80211W */
   1414 
   1415 	if (remove_ptk) {
   1416 		sm->PTK_valid = FALSE;
   1417 		os_memset(&sm->PTK, 0, sizeof(sm->PTK));
   1418 
   1419 		if (event != WPA_REAUTH_EAPOL)
   1420 			wpa_remove_ptk(sm);
   1421 	}
   1422 
   1423 	return wpa_sm_step(sm);
   1424 }
   1425 
   1426 
   1427 static enum wpa_alg wpa_alg_enum(int alg)
   1428 {
   1429 	switch (alg) {
   1430 	case WPA_CIPHER_CCMP:
   1431 		return WPA_ALG_CCMP;
   1432 	case WPA_CIPHER_TKIP:
   1433 		return WPA_ALG_TKIP;
   1434 	case WPA_CIPHER_WEP104:
   1435 	case WPA_CIPHER_WEP40:
   1436 		return WPA_ALG_WEP;
   1437 	default:
   1438 		return WPA_ALG_NONE;
   1439 	}
   1440 }
   1441 
   1442 
   1443 SM_STATE(WPA_PTK, INITIALIZE)
   1444 {
   1445 	SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
   1446 	if (sm->Init) {
   1447 		/* Init flag is not cleared here, so avoid busy
   1448 		 * loop by claiming nothing changed. */
   1449 		sm->changed = FALSE;
   1450 	}
   1451 
   1452 	sm->keycount = 0;
   1453 	if (sm->GUpdateStationKeys)
   1454 		sm->group->GKeyDoneStations--;
   1455 	sm->GUpdateStationKeys = FALSE;
   1456 	if (sm->wpa == WPA_VERSION_WPA)
   1457 		sm->PInitAKeys = FALSE;
   1458 	if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
   1459 	       * Local AA > Remote AA)) */) {
   1460 		sm->Pair = TRUE;
   1461 	}
   1462 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
   1463 	wpa_remove_ptk(sm);
   1464 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
   1465 	sm->TimeoutCtr = 0;
   1466 	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
   1467 		wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
   1468 				   WPA_EAPOL_authorized, 0);
   1469 	}
   1470 }
   1471 
   1472 
   1473 SM_STATE(WPA_PTK, DISCONNECT)
   1474 {
   1475 	SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
   1476 	sm->Disconnect = FALSE;
   1477 	wpa_sta_disconnect(sm->wpa_auth, sm->addr);
   1478 }
   1479 
   1480 
   1481 SM_STATE(WPA_PTK, DISCONNECTED)
   1482 {
   1483 	SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
   1484 	sm->DeauthenticationRequest = FALSE;
   1485 }
   1486 
   1487 
   1488 SM_STATE(WPA_PTK, AUTHENTICATION)
   1489 {
   1490 	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
   1491 	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
   1492 	sm->PTK_valid = FALSE;
   1493 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
   1494 			   1);
   1495 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
   1496 	sm->AuthenticationRequest = FALSE;
   1497 }
   1498 
   1499 
   1500 static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
   1501 				    struct wpa_group *group)
   1502 {
   1503 	/*
   1504 	 * System has run bit further than at the time hostapd was started
   1505 	 * potentially very early during boot up. This provides better chances
   1506 	 * of collecting more randomness on embedded systems. Re-initialize the
   1507 	 * GMK and Counter here to improve their strength if there was not
   1508 	 * enough entropy available immediately after system startup.
   1509 	 */
   1510 	wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
   1511 		   "station");
   1512 	if (random_pool_ready() != 1) {
   1513 		wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
   1514 			   "to proceed - reject first 4-way handshake");
   1515 		group->reject_4way_hs_for_entropy = TRUE;
   1516 	}
   1517 	wpa_group_init_gmk_and_counter(wpa_auth, group);
   1518 	wpa_gtk_update(wpa_auth, group);
   1519 	wpa_group_config_group_keys(wpa_auth, group);
   1520 }
   1521 
   1522 
   1523 SM_STATE(WPA_PTK, AUTHENTICATION2)
   1524 {
   1525 	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
   1526 
   1527 	if (!sm->group->first_sta_seen) {
   1528 		wpa_group_first_station(sm->wpa_auth, sm->group);
   1529 		sm->group->first_sta_seen = TRUE;
   1530 	}
   1531 
   1532 	os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
   1533 	wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
   1534 		    WPA_NONCE_LEN);
   1535 	inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
   1536 	sm->ReAuthenticationRequest = FALSE;
   1537 	/* IEEE 802.11i does not clear TimeoutCtr here, but this is more
   1538 	 * logical place than INITIALIZE since AUTHENTICATION2 can be
   1539 	 * re-entered on ReAuthenticationRequest without going through
   1540 	 * INITIALIZE. */
   1541 	sm->TimeoutCtr = 0;
   1542 }
   1543 
   1544 
   1545 SM_STATE(WPA_PTK, INITPMK)
   1546 {
   1547 	u8 msk[2 * PMK_LEN];
   1548 	size_t len = 2 * PMK_LEN;
   1549 
   1550 	SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
   1551 #ifdef CONFIG_IEEE80211R
   1552 	sm->xxkey_len = 0;
   1553 #endif /* CONFIG_IEEE80211R */
   1554 	if (sm->pmksa) {
   1555 		wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
   1556 		os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
   1557 	} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
   1558 		wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
   1559 			   "(len=%lu)", (unsigned long) len);
   1560 		os_memcpy(sm->PMK, msk, PMK_LEN);
   1561 #ifdef CONFIG_IEEE80211R
   1562 		if (len >= 2 * PMK_LEN) {
   1563 			os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
   1564 			sm->xxkey_len = PMK_LEN;
   1565 		}
   1566 #endif /* CONFIG_IEEE80211R */
   1567 	} else {
   1568 		wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
   1569 	}
   1570 
   1571 	sm->req_replay_counter_used = 0;
   1572 	/* IEEE 802.11i does not set keyRun to FALSE, but not doing this
   1573 	 * will break reauthentication since EAPOL state machines may not be
   1574 	 * get into AUTHENTICATING state that clears keyRun before WPA state
   1575 	 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
   1576 	 * state and takes PMK from the previously used AAA Key. This will
   1577 	 * eventually fail in 4-Way Handshake because Supplicant uses PMK
   1578 	 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
   1579 	 * be good workaround for this issue. */
   1580 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
   1581 }
   1582 
   1583 
   1584 SM_STATE(WPA_PTK, INITPSK)
   1585 {
   1586 	const u8 *psk;
   1587 	SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
   1588 	psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
   1589 	if (psk) {
   1590 		os_memcpy(sm->PMK, psk, PMK_LEN);
   1591 #ifdef CONFIG_IEEE80211R
   1592 		os_memcpy(sm->xxkey, psk, PMK_LEN);
   1593 		sm->xxkey_len = PMK_LEN;
   1594 #endif /* CONFIG_IEEE80211R */
   1595 	}
   1596 	sm->req_replay_counter_used = 0;
   1597 }
   1598 
   1599 
   1600 SM_STATE(WPA_PTK, PTKSTART)
   1601 {
   1602 	u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
   1603 	size_t pmkid_len = 0;
   1604 
   1605 	SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
   1606 	sm->PTKRequest = FALSE;
   1607 	sm->TimeoutEvt = FALSE;
   1608 
   1609 	sm->TimeoutCtr++;
   1610 	if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
   1611 		/* No point in sending the EAPOL-Key - we will disconnect
   1612 		 * immediately following this. */
   1613 		return;
   1614 	}
   1615 
   1616 	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   1617 			"sending 1/4 msg of 4-Way Handshake");
   1618 	/*
   1619 	 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
   1620 	 * one possible PSK for this STA.
   1621 	 */
   1622 	if (sm->wpa == WPA_VERSION_WPA2 &&
   1623 	    wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
   1624 		pmkid = buf;
   1625 		pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
   1626 		pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
   1627 		pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
   1628 		RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
   1629 		if (sm->pmksa)
   1630 			os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
   1631 				  sm->pmksa->pmkid, PMKID_LEN);
   1632 		else {
   1633 			/*
   1634 			 * Calculate PMKID since no PMKSA cache entry was
   1635 			 * available with pre-calculated PMKID.
   1636 			 */
   1637 			rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
   1638 				  sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
   1639 				  wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
   1640 		}
   1641 	}
   1642 	wpa_send_eapol(sm->wpa_auth, sm,
   1643 		       WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
   1644 		       sm->ANonce, pmkid, pmkid_len, 0, 0);
   1645 }
   1646 
   1647 
   1648 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
   1649 			  struct wpa_ptk *ptk)
   1650 {
   1651 	size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
   1652 #ifdef CONFIG_IEEE80211R
   1653 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
   1654 		return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
   1655 #endif /* CONFIG_IEEE80211R */
   1656 
   1657 	wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
   1658 		       sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
   1659 		       (u8 *) ptk, ptk_len,
   1660 		       wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
   1661 
   1662 	return 0;
   1663 }
   1664 
   1665 
   1666 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
   1667 {
   1668 	struct wpa_ptk PTK;
   1669 	int ok = 0;
   1670 	const u8 *pmk = NULL;
   1671 
   1672 	SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
   1673 	sm->EAPOLKeyReceived = FALSE;
   1674 
   1675 	/* WPA with IEEE 802.1X: use the derived PMK from EAP
   1676 	 * WPA-PSK: iterate through possible PSKs and select the one matching
   1677 	 * the packet */
   1678 	for (;;) {
   1679 		if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
   1680 			pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
   1681 			if (pmk == NULL)
   1682 				break;
   1683 		} else
   1684 			pmk = sm->PMK;
   1685 
   1686 		wpa_derive_ptk(sm, pmk, &PTK);
   1687 
   1688 		if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
   1689 				       sm->last_rx_eapol_key_len) == 0) {
   1690 			ok = 1;
   1691 			break;
   1692 		}
   1693 
   1694 		if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
   1695 			break;
   1696 	}
   1697 
   1698 	if (!ok) {
   1699 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   1700 				"invalid MIC in msg 2/4 of 4-Way Handshake");
   1701 		return;
   1702 	}
   1703 
   1704 #ifdef CONFIG_IEEE80211R
   1705 	if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
   1706 		/*
   1707 		 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
   1708 		 * with the value we derived.
   1709 		 */
   1710 		if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
   1711 			      WPA_PMK_NAME_LEN) != 0) {
   1712 			wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   1713 					"PMKR1Name mismatch in FT 4-way "
   1714 					"handshake");
   1715 			wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
   1716 				    "Supplicant",
   1717 				    sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
   1718 			wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
   1719 				    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
   1720 			return;
   1721 		}
   1722 	}
   1723 #endif /* CONFIG_IEEE80211R */
   1724 
   1725 	sm->pending_1_of_4_timeout = 0;
   1726 	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
   1727 
   1728 	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
   1729 		/* PSK may have changed from the previous choice, so update
   1730 		 * state machine data based on whatever PSK was selected here.
   1731 		 */
   1732 		os_memcpy(sm->PMK, pmk, PMK_LEN);
   1733 	}
   1734 
   1735 	sm->MICVerified = TRUE;
   1736 
   1737 	os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
   1738 	sm->PTK_valid = TRUE;
   1739 }
   1740 
   1741 
   1742 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
   1743 {
   1744 	SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
   1745 	sm->TimeoutCtr = 0;
   1746 }
   1747 
   1748 
   1749 #ifdef CONFIG_IEEE80211W
   1750 
   1751 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
   1752 {
   1753 	if (sm->mgmt_frame_prot) {
   1754 		return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
   1755 	}
   1756 
   1757 	return 0;
   1758 }
   1759 
   1760 
   1761 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
   1762 {
   1763 	struct wpa_igtk_kde igtk;
   1764 	struct wpa_group *gsm = sm->group;
   1765 
   1766 	if (!sm->mgmt_frame_prot)
   1767 		return pos;
   1768 
   1769 	igtk.keyid[0] = gsm->GN_igtk;
   1770 	igtk.keyid[1] = 0;
   1771 	if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
   1772 	    wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
   1773 		os_memset(igtk.pn, 0, sizeof(igtk.pn));
   1774 	os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
   1775 	pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
   1776 			  (const u8 *) &igtk, sizeof(igtk), NULL, 0);
   1777 
   1778 	return pos;
   1779 }
   1780 
   1781 #else /* CONFIG_IEEE80211W */
   1782 
   1783 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
   1784 {
   1785 	return 0;
   1786 }
   1787 
   1788 
   1789 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
   1790 {
   1791 	return pos;
   1792 }
   1793 
   1794 #endif /* CONFIG_IEEE80211W */
   1795 
   1796 
   1797 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
   1798 {
   1799 	u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
   1800 	size_t gtk_len, kde_len;
   1801 	struct wpa_group *gsm = sm->group;
   1802 	u8 *wpa_ie;
   1803 	int wpa_ie_len, secure, keyidx, encr = 0;
   1804 
   1805 	SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
   1806 	sm->TimeoutEvt = FALSE;
   1807 
   1808 	sm->TimeoutCtr++;
   1809 	if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
   1810 		/* No point in sending the EAPOL-Key - we will disconnect
   1811 		 * immediately following this. */
   1812 		return;
   1813 	}
   1814 
   1815 	/* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
   1816 	   GTK[GN], IGTK, [FTIE], [TIE * 2])
   1817 	 */
   1818 	os_memset(rsc, 0, WPA_KEY_RSC_LEN);
   1819 	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
   1820 	/* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
   1821 	wpa_ie = sm->wpa_auth->wpa_ie;
   1822 	wpa_ie_len = sm->wpa_auth->wpa_ie_len;
   1823 	if (sm->wpa == WPA_VERSION_WPA &&
   1824 	    (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
   1825 	    wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
   1826 		/* WPA-only STA, remove RSN IE */
   1827 		wpa_ie = wpa_ie + wpa_ie[1] + 2;
   1828 		wpa_ie_len = wpa_ie[1] + 2;
   1829 	}
   1830 	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   1831 			"sending 3/4 msg of 4-Way Handshake");
   1832 	if (sm->wpa == WPA_VERSION_WPA2) {
   1833 		/* WPA2 send GTK in the 4-way handshake */
   1834 		secure = 1;
   1835 		gtk = gsm->GTK[gsm->GN - 1];
   1836 		gtk_len = gsm->GTK_len;
   1837 		keyidx = gsm->GN;
   1838 		_rsc = rsc;
   1839 		encr = 1;
   1840 	} else {
   1841 		/* WPA does not include GTK in msg 3/4 */
   1842 		secure = 0;
   1843 		gtk = NULL;
   1844 		gtk_len = 0;
   1845 		keyidx = 0;
   1846 		_rsc = NULL;
   1847 	}
   1848 
   1849 	kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
   1850 	if (gtk)
   1851 		kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
   1852 #ifdef CONFIG_IEEE80211R
   1853 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
   1854 		kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
   1855 		kde_len += 300; /* FTIE + 2 * TIE */
   1856 	}
   1857 #endif /* CONFIG_IEEE80211R */
   1858 	kde = os_malloc(kde_len);
   1859 	if (kde == NULL)
   1860 		return;
   1861 
   1862 	pos = kde;
   1863 	os_memcpy(pos, wpa_ie, wpa_ie_len);
   1864 	pos += wpa_ie_len;
   1865 #ifdef CONFIG_IEEE80211R
   1866 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
   1867 		int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
   1868 		if (res < 0) {
   1869 			wpa_printf(MSG_ERROR, "FT: Failed to insert "
   1870 				   "PMKR1Name into RSN IE in EAPOL-Key data");
   1871 			os_free(kde);
   1872 			return;
   1873 		}
   1874 		pos += res;
   1875 	}
   1876 #endif /* CONFIG_IEEE80211R */
   1877 	if (gtk) {
   1878 		u8 hdr[2];
   1879 		hdr[0] = keyidx & 0x03;
   1880 		hdr[1] = 0;
   1881 		pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
   1882 				  gtk, gtk_len);
   1883 	}
   1884 	pos = ieee80211w_kde_add(sm, pos);
   1885 
   1886 #ifdef CONFIG_IEEE80211R
   1887 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
   1888 		int res;
   1889 		struct wpa_auth_config *conf;
   1890 
   1891 		conf = &sm->wpa_auth->conf;
   1892 		res = wpa_write_ftie(conf, conf->r0_key_holder,
   1893 				     conf->r0_key_holder_len,
   1894 				     NULL, NULL, pos, kde + kde_len - pos,
   1895 				     NULL, 0);
   1896 		if (res < 0) {
   1897 			wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
   1898 				   "into EAPOL-Key Key Data");
   1899 			os_free(kde);
   1900 			return;
   1901 		}
   1902 		pos += res;
   1903 
   1904 		/* TIE[ReassociationDeadline] (TU) */
   1905 		*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
   1906 		*pos++ = 5;
   1907 		*pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
   1908 		WPA_PUT_LE32(pos, conf->reassociation_deadline);
   1909 		pos += 4;
   1910 
   1911 		/* TIE[KeyLifetime] (seconds) */
   1912 		*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
   1913 		*pos++ = 5;
   1914 		*pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
   1915 		WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
   1916 		pos += 4;
   1917 	}
   1918 #endif /* CONFIG_IEEE80211R */
   1919 
   1920 	wpa_send_eapol(sm->wpa_auth, sm,
   1921 		       (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
   1922 		       WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
   1923 		       WPA_KEY_INFO_KEY_TYPE,
   1924 		       _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
   1925 	os_free(kde);
   1926 }
   1927 
   1928 
   1929 SM_STATE(WPA_PTK, PTKINITDONE)
   1930 {
   1931 	SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
   1932 	sm->EAPOLKeyReceived = FALSE;
   1933 	if (sm->Pair) {
   1934 		enum wpa_alg alg;
   1935 		int klen;
   1936 		if (sm->pairwise == WPA_CIPHER_TKIP) {
   1937 			alg = WPA_ALG_TKIP;
   1938 			klen = 32;
   1939 		} else {
   1940 			alg = WPA_ALG_CCMP;
   1941 			klen = 16;
   1942 		}
   1943 		if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
   1944 				     sm->PTK.tk1, klen)) {
   1945 			wpa_sta_disconnect(sm->wpa_auth, sm->addr);
   1946 			return;
   1947 		}
   1948 		/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
   1949 		sm->pairwise_set = TRUE;
   1950 
   1951 		if (sm->wpa_auth->conf.wpa_ptk_rekey) {
   1952 			eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
   1953 			eloop_register_timeout(sm->wpa_auth->conf.
   1954 					       wpa_ptk_rekey, 0, wpa_rekey_ptk,
   1955 					       sm->wpa_auth, sm);
   1956 		}
   1957 
   1958 		if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
   1959 			wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
   1960 					   WPA_EAPOL_authorized, 1);
   1961 		}
   1962 	}
   1963 
   1964 	if (0 /* IBSS == TRUE */) {
   1965 		sm->keycount++;
   1966 		if (sm->keycount == 2) {
   1967 			wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
   1968 					   WPA_EAPOL_portValid, 1);
   1969 		}
   1970 	} else {
   1971 		wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
   1972 				   1);
   1973 	}
   1974 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
   1975 	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
   1976 	if (sm->wpa == WPA_VERSION_WPA)
   1977 		sm->PInitAKeys = TRUE;
   1978 	else
   1979 		sm->has_GTK = TRUE;
   1980 	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
   1981 			 "pairwise key handshake completed (%s)",
   1982 			 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
   1983 
   1984 #ifdef CONFIG_IEEE80211R
   1985 	wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
   1986 #endif /* CONFIG_IEEE80211R */
   1987 }
   1988 
   1989 
   1990 SM_STEP(WPA_PTK)
   1991 {
   1992 	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
   1993 
   1994 	if (sm->Init)
   1995 		SM_ENTER(WPA_PTK, INITIALIZE);
   1996 	else if (sm->Disconnect
   1997 		 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
   1998 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
   1999 				"WPA_PTK: sm->Disconnect");
   2000 		SM_ENTER(WPA_PTK, DISCONNECT);
   2001 	}
   2002 	else if (sm->DeauthenticationRequest)
   2003 		SM_ENTER(WPA_PTK, DISCONNECTED);
   2004 	else if (sm->AuthenticationRequest)
   2005 		SM_ENTER(WPA_PTK, AUTHENTICATION);
   2006 	else if (sm->ReAuthenticationRequest)
   2007 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
   2008 	else if (sm->PTKRequest)
   2009 		SM_ENTER(WPA_PTK, PTKSTART);
   2010 	else switch (sm->wpa_ptk_state) {
   2011 	case WPA_PTK_INITIALIZE:
   2012 		break;
   2013 	case WPA_PTK_DISCONNECT:
   2014 		SM_ENTER(WPA_PTK, DISCONNECTED);
   2015 		break;
   2016 	case WPA_PTK_DISCONNECTED:
   2017 		SM_ENTER(WPA_PTK, INITIALIZE);
   2018 		break;
   2019 	case WPA_PTK_AUTHENTICATION:
   2020 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
   2021 		break;
   2022 	case WPA_PTK_AUTHENTICATION2:
   2023 		if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
   2024 		    wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
   2025 				       WPA_EAPOL_keyRun) > 0)
   2026 			SM_ENTER(WPA_PTK, INITPMK);
   2027 		else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
   2028 			 /* FIX: && 802.1X::keyRun */)
   2029 			SM_ENTER(WPA_PTK, INITPSK);
   2030 		break;
   2031 	case WPA_PTK_INITPMK:
   2032 		if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
   2033 				       WPA_EAPOL_keyAvailable) > 0)
   2034 			SM_ENTER(WPA_PTK, PTKSTART);
   2035 		else {
   2036 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
   2037 			wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
   2038 					"INITPMK - keyAvailable = false");
   2039 			SM_ENTER(WPA_PTK, DISCONNECT);
   2040 		}
   2041 		break;
   2042 	case WPA_PTK_INITPSK:
   2043 		if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
   2044 			SM_ENTER(WPA_PTK, PTKSTART);
   2045 		else {
   2046 			wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
   2047 					"no PSK configured for the STA");
   2048 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
   2049 			SM_ENTER(WPA_PTK, DISCONNECT);
   2050 		}
   2051 		break;
   2052 	case WPA_PTK_PTKSTART:
   2053 		if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
   2054 		    sm->EAPOLKeyPairwise)
   2055 			SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
   2056 		else if (sm->TimeoutCtr >
   2057 			 (int) dot11RSNAConfigPairwiseUpdateCount) {
   2058 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
   2059 			wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   2060 					 "PTKSTART: Retry limit %d reached",
   2061 					 dot11RSNAConfigPairwiseUpdateCount);
   2062 			SM_ENTER(WPA_PTK, DISCONNECT);
   2063 		} else if (sm->TimeoutEvt)
   2064 			SM_ENTER(WPA_PTK, PTKSTART);
   2065 		break;
   2066 	case WPA_PTK_PTKCALCNEGOTIATING:
   2067 		if (sm->MICVerified)
   2068 			SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
   2069 		else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
   2070 			 sm->EAPOLKeyPairwise)
   2071 			SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
   2072 		else if (sm->TimeoutEvt)
   2073 			SM_ENTER(WPA_PTK, PTKSTART);
   2074 		break;
   2075 	case WPA_PTK_PTKCALCNEGOTIATING2:
   2076 		SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
   2077 		break;
   2078 	case WPA_PTK_PTKINITNEGOTIATING:
   2079 		if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
   2080 		    sm->EAPOLKeyPairwise && sm->MICVerified)
   2081 			SM_ENTER(WPA_PTK, PTKINITDONE);
   2082 		else if (sm->TimeoutCtr >
   2083 			 (int) dot11RSNAConfigPairwiseUpdateCount) {
   2084 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
   2085 			wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   2086 					 "PTKINITNEGOTIATING: Retry limit %d "
   2087 					 "reached",
   2088 					 dot11RSNAConfigPairwiseUpdateCount);
   2089 			SM_ENTER(WPA_PTK, DISCONNECT);
   2090 		} else if (sm->TimeoutEvt)
   2091 			SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
   2092 		break;
   2093 	case WPA_PTK_PTKINITDONE:
   2094 		break;
   2095 	}
   2096 }
   2097 
   2098 
   2099 SM_STATE(WPA_PTK_GROUP, IDLE)
   2100 {
   2101 	SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
   2102 	if (sm->Init) {
   2103 		/* Init flag is not cleared here, so avoid busy
   2104 		 * loop by claiming nothing changed. */
   2105 		sm->changed = FALSE;
   2106 	}
   2107 	sm->GTimeoutCtr = 0;
   2108 }
   2109 
   2110 
   2111 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
   2112 {
   2113 	u8 rsc[WPA_KEY_RSC_LEN];
   2114 	struct wpa_group *gsm = sm->group;
   2115 	u8 *kde, *pos, hdr[2];
   2116 	size_t kde_len;
   2117 
   2118 	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
   2119 
   2120 	sm->GTimeoutCtr++;
   2121 	if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
   2122 		/* No point in sending the EAPOL-Key - we will disconnect
   2123 		 * immediately following this. */
   2124 		return;
   2125 	}
   2126 
   2127 	if (sm->wpa == WPA_VERSION_WPA)
   2128 		sm->PInitAKeys = FALSE;
   2129 	sm->TimeoutEvt = FALSE;
   2130 	/* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
   2131 	os_memset(rsc, 0, WPA_KEY_RSC_LEN);
   2132 	if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
   2133 		wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
   2134 	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   2135 			"sending 1/2 msg of Group Key Handshake");
   2136 
   2137 	if (sm->wpa == WPA_VERSION_WPA2) {
   2138 		kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
   2139 			ieee80211w_kde_len(sm);
   2140 		kde = os_malloc(kde_len);
   2141 		if (kde == NULL)
   2142 			return;
   2143 
   2144 		pos = kde;
   2145 		hdr[0] = gsm->GN & 0x03;
   2146 		hdr[1] = 0;
   2147 		pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
   2148 				  gsm->GTK[gsm->GN - 1], gsm->GTK_len);
   2149 		pos = ieee80211w_kde_add(sm, pos);
   2150 	} else {
   2151 		kde = gsm->GTK[gsm->GN - 1];
   2152 		pos = kde + gsm->GTK_len;
   2153 	}
   2154 
   2155 	wpa_send_eapol(sm->wpa_auth, sm,
   2156 		       WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
   2157 		       WPA_KEY_INFO_ACK |
   2158 		       (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
   2159 		       rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
   2160 	if (sm->wpa == WPA_VERSION_WPA2)
   2161 		os_free(kde);
   2162 }
   2163 
   2164 
   2165 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
   2166 {
   2167 	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
   2168 	sm->EAPOLKeyReceived = FALSE;
   2169 	if (sm->GUpdateStationKeys)
   2170 		sm->group->GKeyDoneStations--;
   2171 	sm->GUpdateStationKeys = FALSE;
   2172 	sm->GTimeoutCtr = 0;
   2173 	/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
   2174 	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
   2175 			 "group key handshake completed (%s)",
   2176 			 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
   2177 	sm->has_GTK = TRUE;
   2178 }
   2179 
   2180 
   2181 SM_STATE(WPA_PTK_GROUP, KEYERROR)
   2182 {
   2183 	SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
   2184 	if (sm->GUpdateStationKeys)
   2185 		sm->group->GKeyDoneStations--;
   2186 	sm->GUpdateStationKeys = FALSE;
   2187 	sm->Disconnect = TRUE;
   2188 }
   2189 
   2190 
   2191 SM_STEP(WPA_PTK_GROUP)
   2192 {
   2193 	if (sm->Init || sm->PtkGroupInit) {
   2194 		SM_ENTER(WPA_PTK_GROUP, IDLE);
   2195 		sm->PtkGroupInit = FALSE;
   2196 	} else switch (sm->wpa_ptk_group_state) {
   2197 	case WPA_PTK_GROUP_IDLE:
   2198 		if (sm->GUpdateStationKeys ||
   2199 		    (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
   2200 			SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
   2201 		break;
   2202 	case WPA_PTK_GROUP_REKEYNEGOTIATING:
   2203 		if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
   2204 		    !sm->EAPOLKeyPairwise && sm->MICVerified)
   2205 			SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
   2206 		else if (sm->GTimeoutCtr >
   2207 			 (int) dot11RSNAConfigGroupUpdateCount)
   2208 			SM_ENTER(WPA_PTK_GROUP, KEYERROR);
   2209 		else if (sm->TimeoutEvt)
   2210 			SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
   2211 		break;
   2212 	case WPA_PTK_GROUP_KEYERROR:
   2213 		SM_ENTER(WPA_PTK_GROUP, IDLE);
   2214 		break;
   2215 	case WPA_PTK_GROUP_REKEYESTABLISHED:
   2216 		SM_ENTER(WPA_PTK_GROUP, IDLE);
   2217 		break;
   2218 	}
   2219 }
   2220 
   2221 
   2222 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
   2223 			  struct wpa_group *group)
   2224 {
   2225 	int ret = 0;
   2226 
   2227 	os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
   2228 	inc_byte_array(group->Counter, WPA_NONCE_LEN);
   2229 	if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
   2230 			   wpa_auth->addr, group->GNonce,
   2231 			   group->GTK[group->GN - 1], group->GTK_len) < 0)
   2232 		ret = -1;
   2233 	wpa_hexdump_key(MSG_DEBUG, "GTK",
   2234 			group->GTK[group->GN - 1], group->GTK_len);
   2235 
   2236 #ifdef CONFIG_IEEE80211W
   2237 	if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
   2238 		os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
   2239 		inc_byte_array(group->Counter, WPA_NONCE_LEN);
   2240 		if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
   2241 				   wpa_auth->addr, group->GNonce,
   2242 				   group->IGTK[group->GN_igtk - 4],
   2243 				   WPA_IGTK_LEN) < 0)
   2244 			ret = -1;
   2245 		wpa_hexdump_key(MSG_DEBUG, "IGTK",
   2246 				group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
   2247 	}
   2248 #endif /* CONFIG_IEEE80211W */
   2249 
   2250 	return ret;
   2251 }
   2252 
   2253 
   2254 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
   2255 			       struct wpa_group *group)
   2256 {
   2257 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
   2258 		   "GTK_INIT (VLAN-ID %d)", group->vlan_id);
   2259 	group->changed = FALSE; /* GInit is not cleared here; avoid loop */
   2260 	group->wpa_group_state = WPA_GROUP_GTK_INIT;
   2261 
   2262 	/* GTK[0..N] = 0 */
   2263 	os_memset(group->GTK, 0, sizeof(group->GTK));
   2264 	group->GN = 1;
   2265 	group->GM = 2;
   2266 #ifdef CONFIG_IEEE80211W
   2267 	group->GN_igtk = 4;
   2268 	group->GM_igtk = 5;
   2269 #endif /* CONFIG_IEEE80211W */
   2270 	/* GTK[GN] = CalcGTK() */
   2271 	wpa_gtk_update(wpa_auth, group);
   2272 }
   2273 
   2274 
   2275 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
   2276 {
   2277 	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
   2278 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   2279 				"Not in PTKINITDONE; skip Group Key update");
   2280 		sm->GUpdateStationKeys = FALSE;
   2281 		return 0;
   2282 	}
   2283 	if (sm->GUpdateStationKeys) {
   2284 		/*
   2285 		 * This should not really happen, so add a debug log entry.
   2286 		 * Since we clear the GKeyDoneStations before the loop, the
   2287 		 * station needs to be counted here anyway.
   2288 		 */
   2289 		wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
   2290 				"GUpdateStationKeys was already set when "
   2291 				"marking station for GTK rekeying");
   2292 	}
   2293 
   2294 	sm->group->GKeyDoneStations++;
   2295 	sm->GUpdateStationKeys = TRUE;
   2296 
   2297 	wpa_sm_step(sm);
   2298 	return 0;
   2299 }
   2300 
   2301 
   2302 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
   2303 			      struct wpa_group *group)
   2304 {
   2305 	int tmp;
   2306 
   2307 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
   2308 		   "SETKEYS (VLAN-ID %d)", group->vlan_id);
   2309 	group->changed = TRUE;
   2310 	group->wpa_group_state = WPA_GROUP_SETKEYS;
   2311 	group->GTKReKey = FALSE;
   2312 	tmp = group->GM;
   2313 	group->GM = group->GN;
   2314 	group->GN = tmp;
   2315 #ifdef CONFIG_IEEE80211W
   2316 	tmp = group->GM_igtk;
   2317 	group->GM_igtk = group->GN_igtk;
   2318 	group->GN_igtk = tmp;
   2319 #endif /* CONFIG_IEEE80211W */
   2320 	/* "GKeyDoneStations = GNoStations" is done in more robust way by
   2321 	 * counting the STAs that are marked with GUpdateStationKeys instead of
   2322 	 * including all STAs that could be in not-yet-completed state. */
   2323 	wpa_gtk_update(wpa_auth, group);
   2324 
   2325 	if (group->GKeyDoneStations) {
   2326 		wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
   2327 			   "GKeyDoneStations=%d when starting new GTK rekey",
   2328 			   group->GKeyDoneStations);
   2329 		group->GKeyDoneStations = 0;
   2330 	}
   2331 	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
   2332 	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
   2333 		   group->GKeyDoneStations);
   2334 }
   2335 
   2336 
   2337 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
   2338 				       struct wpa_group *group)
   2339 {
   2340 	int ret = 0;
   2341 
   2342 	if (wpa_auth_set_key(wpa_auth, group->vlan_id,
   2343 			     wpa_alg_enum(wpa_auth->conf.wpa_group),
   2344 			     broadcast_ether_addr, group->GN,
   2345 			     group->GTK[group->GN - 1], group->GTK_len) < 0)
   2346 		ret = -1;
   2347 
   2348 #ifdef CONFIG_IEEE80211W
   2349 	if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
   2350 	    wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
   2351 			     broadcast_ether_addr, group->GN_igtk,
   2352 			     group->IGTK[group->GN_igtk - 4],
   2353 			     WPA_IGTK_LEN) < 0)
   2354 		ret = -1;
   2355 #endif /* CONFIG_IEEE80211W */
   2356 
   2357 	return ret;
   2358 }
   2359 
   2360 
   2361 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
   2362 				 struct wpa_group *group)
   2363 {
   2364 	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
   2365 		   "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
   2366 	group->changed = TRUE;
   2367 	group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
   2368 
   2369 	if (wpa_group_config_group_keys(wpa_auth, group) < 0)
   2370 		return -1;
   2371 
   2372 	return 0;
   2373 }
   2374 
   2375 
   2376 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
   2377 			      struct wpa_group *group)
   2378 {
   2379 	if (group->GInit) {
   2380 		wpa_group_gtk_init(wpa_auth, group);
   2381 	} else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
   2382 		   group->GTKAuthenticator) {
   2383 		wpa_group_setkeysdone(wpa_auth, group);
   2384 	} else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
   2385 		   group->GTKReKey) {
   2386 		wpa_group_setkeys(wpa_auth, group);
   2387 	} else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
   2388 		if (group->GKeyDoneStations == 0)
   2389 			wpa_group_setkeysdone(wpa_auth, group);
   2390 		else if (group->GTKReKey)
   2391 			wpa_group_setkeys(wpa_auth, group);
   2392 	}
   2393 }
   2394 
   2395 
   2396 static int wpa_sm_step(struct wpa_state_machine *sm)
   2397 {
   2398 	if (sm == NULL)
   2399 		return 0;
   2400 
   2401 	if (sm->in_step_loop) {
   2402 		/* This should not happen, but if it does, make sure we do not
   2403 		 * end up freeing the state machine too early by exiting the
   2404 		 * recursive call. */
   2405 		wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
   2406 		return 0;
   2407 	}
   2408 
   2409 	sm->in_step_loop = 1;
   2410 	do {
   2411 		if (sm->pending_deinit)
   2412 			break;
   2413 
   2414 		sm->changed = FALSE;
   2415 		sm->wpa_auth->group->changed = FALSE;
   2416 
   2417 		SM_STEP_RUN(WPA_PTK);
   2418 		if (sm->pending_deinit)
   2419 			break;
   2420 		SM_STEP_RUN(WPA_PTK_GROUP);
   2421 		if (sm->pending_deinit)
   2422 			break;
   2423 		wpa_group_sm_step(sm->wpa_auth, sm->group);
   2424 	} while (sm->changed || sm->wpa_auth->group->changed);
   2425 	sm->in_step_loop = 0;
   2426 
   2427 	if (sm->pending_deinit) {
   2428 		wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
   2429 			   "machine deinit for " MACSTR, MAC2STR(sm->addr));
   2430 		wpa_free_sta_sm(sm);
   2431 		return 1;
   2432 	}
   2433 	return 0;
   2434 }
   2435 
   2436 
   2437 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
   2438 {
   2439 	struct wpa_state_machine *sm = eloop_ctx;
   2440 	wpa_sm_step(sm);
   2441 }
   2442 
   2443 
   2444 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
   2445 {
   2446 	if (sm == NULL)
   2447 		return;
   2448 	eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
   2449 }
   2450 
   2451 
   2452 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
   2453 {
   2454 	int tmp, i;
   2455 	struct wpa_group *group;
   2456 
   2457 	if (wpa_auth == NULL)
   2458 		return;
   2459 
   2460 	group = wpa_auth->group;
   2461 
   2462 	for (i = 0; i < 2; i++) {
   2463 		tmp = group->GM;
   2464 		group->GM = group->GN;
   2465 		group->GN = tmp;
   2466 #ifdef CONFIG_IEEE80211W
   2467 		tmp = group->GM_igtk;
   2468 		group->GM_igtk = group->GN_igtk;
   2469 		group->GN_igtk = tmp;
   2470 #endif /* CONFIG_IEEE80211W */
   2471 		wpa_gtk_update(wpa_auth, group);
   2472 	}
   2473 }
   2474 
   2475 
   2476 static const char * wpa_bool_txt(int bool)
   2477 {
   2478 	return bool ? "TRUE" : "FALSE";
   2479 }
   2480 
   2481 
   2482 static int wpa_cipher_bits(int cipher)
   2483 {
   2484 	switch (cipher) {
   2485 	case WPA_CIPHER_CCMP:
   2486 		return 128;
   2487 	case WPA_CIPHER_TKIP:
   2488 		return 256;
   2489 	case WPA_CIPHER_WEP104:
   2490 		return 104;
   2491 	case WPA_CIPHER_WEP40:
   2492 		return 40;
   2493 	default:
   2494 		return 0;
   2495 	}
   2496 }
   2497 
   2498 
   2499 #define RSN_SUITE "%02x-%02x-%02x-%d"
   2500 #define RSN_SUITE_ARG(s) \
   2501 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
   2502 
   2503 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
   2504 {
   2505 	int len = 0, ret;
   2506 	char pmkid_txt[PMKID_LEN * 2 + 1];
   2507 #ifdef CONFIG_RSN_PREAUTH
   2508 	const int preauth = 1;
   2509 #else /* CONFIG_RSN_PREAUTH */
   2510 	const int preauth = 0;
   2511 #endif /* CONFIG_RSN_PREAUTH */
   2512 
   2513 	if (wpa_auth == NULL)
   2514 		return len;
   2515 
   2516 	ret = os_snprintf(buf + len, buflen - len,
   2517 			  "dot11RSNAOptionImplemented=TRUE\n"
   2518 			  "dot11RSNAPreauthenticationImplemented=%s\n"
   2519 			  "dot11RSNAEnabled=%s\n"
   2520 			  "dot11RSNAPreauthenticationEnabled=%s\n",
   2521 			  wpa_bool_txt(preauth),
   2522 			  wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
   2523 			  wpa_bool_txt(wpa_auth->conf.rsn_preauth));
   2524 	if (ret < 0 || (size_t) ret >= buflen - len)
   2525 		return len;
   2526 	len += ret;
   2527 
   2528 	wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
   2529 			 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
   2530 
   2531 	ret = os_snprintf(
   2532 		buf + len, buflen - len,
   2533 		"dot11RSNAConfigVersion=%u\n"
   2534 		"dot11RSNAConfigPairwiseKeysSupported=9999\n"
   2535 		/* FIX: dot11RSNAConfigGroupCipher */
   2536 		/* FIX: dot11RSNAConfigGroupRekeyMethod */
   2537 		/* FIX: dot11RSNAConfigGroupRekeyTime */
   2538 		/* FIX: dot11RSNAConfigGroupRekeyPackets */
   2539 		"dot11RSNAConfigGroupRekeyStrict=%u\n"
   2540 		"dot11RSNAConfigGroupUpdateCount=%u\n"
   2541 		"dot11RSNAConfigPairwiseUpdateCount=%u\n"
   2542 		"dot11RSNAConfigGroupCipherSize=%u\n"
   2543 		"dot11RSNAConfigPMKLifetime=%u\n"
   2544 		"dot11RSNAConfigPMKReauthThreshold=%u\n"
   2545 		"dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
   2546 		"dot11RSNAConfigSATimeout=%u\n"
   2547 		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
   2548 		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
   2549 		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
   2550 		"dot11RSNAPMKIDUsed=%s\n"
   2551 		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
   2552 		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
   2553 		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
   2554 		"dot11RSNATKIPCounterMeasuresInvoked=%u\n"
   2555 		"dot11RSNA4WayHandshakeFailures=%u\n"
   2556 		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
   2557 		RSN_VERSION,
   2558 		!!wpa_auth->conf.wpa_strict_rekey,
   2559 		dot11RSNAConfigGroupUpdateCount,
   2560 		dot11RSNAConfigPairwiseUpdateCount,
   2561 		wpa_cipher_bits(wpa_auth->conf.wpa_group),
   2562 		dot11RSNAConfigPMKLifetime,
   2563 		dot11RSNAConfigPMKReauthThreshold,
   2564 		dot11RSNAConfigSATimeout,
   2565 		RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
   2566 		RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
   2567 		RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
   2568 		pmkid_txt,
   2569 		RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
   2570 		RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
   2571 		RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
   2572 		wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
   2573 		wpa_auth->dot11RSNA4WayHandshakeFailures);
   2574 	if (ret < 0 || (size_t) ret >= buflen - len)
   2575 		return len;
   2576 	len += ret;
   2577 
   2578 	/* TODO: dot11RSNAConfigPairwiseCiphersTable */
   2579 	/* TODO: dot11RSNAConfigAuthenticationSuitesTable */
   2580 
   2581 	/* Private MIB */
   2582 	ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
   2583 			  wpa_auth->group->wpa_group_state);
   2584 	if (ret < 0 || (size_t) ret >= buflen - len)
   2585 		return len;
   2586 	len += ret;
   2587 
   2588 	return len;
   2589 }
   2590 
   2591 
   2592 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
   2593 {
   2594 	int len = 0, ret;
   2595 	u32 pairwise = 0;
   2596 
   2597 	if (sm == NULL)
   2598 		return 0;
   2599 
   2600 	/* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
   2601 
   2602 	/* dot11RSNAStatsEntry */
   2603 
   2604 	if (sm->wpa == WPA_VERSION_WPA) {
   2605 		if (sm->pairwise == WPA_CIPHER_CCMP)
   2606 			pairwise = WPA_CIPHER_SUITE_CCMP;
   2607 		else if (sm->pairwise == WPA_CIPHER_TKIP)
   2608 			pairwise = WPA_CIPHER_SUITE_TKIP;
   2609 		else if (sm->pairwise == WPA_CIPHER_WEP104)
   2610 			pairwise = WPA_CIPHER_SUITE_WEP104;
   2611 		else if (sm->pairwise == WPA_CIPHER_WEP40)
   2612 			pairwise = WPA_CIPHER_SUITE_WEP40;
   2613 		else if (sm->pairwise == WPA_CIPHER_NONE)
   2614 			pairwise = WPA_CIPHER_SUITE_NONE;
   2615 	} else if (sm->wpa == WPA_VERSION_WPA2) {
   2616 		if (sm->pairwise == WPA_CIPHER_CCMP)
   2617 			pairwise = RSN_CIPHER_SUITE_CCMP;
   2618 		else if (sm->pairwise == WPA_CIPHER_TKIP)
   2619 			pairwise = RSN_CIPHER_SUITE_TKIP;
   2620 		else if (sm->pairwise == WPA_CIPHER_WEP104)
   2621 			pairwise = RSN_CIPHER_SUITE_WEP104;
   2622 		else if (sm->pairwise == WPA_CIPHER_WEP40)
   2623 			pairwise = RSN_CIPHER_SUITE_WEP40;
   2624 		else if (sm->pairwise == WPA_CIPHER_NONE)
   2625 			pairwise = RSN_CIPHER_SUITE_NONE;
   2626 	} else
   2627 		return 0;
   2628 
   2629 	ret = os_snprintf(
   2630 		buf + len, buflen - len,
   2631 		/* TODO: dot11RSNAStatsIndex */
   2632 		"dot11RSNAStatsSTAAddress=" MACSTR "\n"
   2633 		"dot11RSNAStatsVersion=1\n"
   2634 		"dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
   2635 		/* TODO: dot11RSNAStatsTKIPICVErrors */
   2636 		"dot11RSNAStatsTKIPLocalMICFailures=%u\n"
   2637 		"dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
   2638 		/* TODO: dot11RSNAStatsCCMPReplays */
   2639 		/* TODO: dot11RSNAStatsCCMPDecryptErrors */
   2640 		/* TODO: dot11RSNAStatsTKIPReplays */,
   2641 		MAC2STR(sm->addr),
   2642 		RSN_SUITE_ARG(pairwise),
   2643 		sm->dot11RSNAStatsTKIPLocalMICFailures,
   2644 		sm->dot11RSNAStatsTKIPRemoteMICFailures);
   2645 	if (ret < 0 || (size_t) ret >= buflen - len)
   2646 		return len;
   2647 	len += ret;
   2648 
   2649 	/* Private MIB */
   2650 	ret = os_snprintf(buf + len, buflen - len,
   2651 			  "hostapdWPAPTKState=%d\n"
   2652 			  "hostapdWPAPTKGroupState=%d\n",
   2653 			  sm->wpa_ptk_state,
   2654 			  sm->wpa_ptk_group_state);
   2655 	if (ret < 0 || (size_t) ret >= buflen - len)
   2656 		return len;
   2657 	len += ret;
   2658 
   2659 	return len;
   2660 }
   2661 
   2662 
   2663 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
   2664 {
   2665 	if (wpa_auth)
   2666 		wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
   2667 }
   2668 
   2669 
   2670 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
   2671 {
   2672 	return sm && sm->pairwise_set;
   2673 }
   2674 
   2675 
   2676 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
   2677 {
   2678 	return sm->pairwise;
   2679 }
   2680 
   2681 
   2682 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
   2683 {
   2684 	if (sm == NULL)
   2685 		return -1;
   2686 	return sm->wpa_key_mgmt;
   2687 }
   2688 
   2689 
   2690 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
   2691 {
   2692 	if (sm == NULL)
   2693 		return 0;
   2694 	return sm->wpa;
   2695 }
   2696 
   2697 
   2698 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
   2699 			     struct rsn_pmksa_cache_entry *entry)
   2700 {
   2701 	if (sm == NULL || sm->pmksa != entry)
   2702 		return -1;
   2703 	sm->pmksa = NULL;
   2704 	return 0;
   2705 }
   2706 
   2707 
   2708 struct rsn_pmksa_cache_entry *
   2709 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
   2710 {
   2711 	return sm ? sm->pmksa : NULL;
   2712 }
   2713 
   2714 
   2715 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
   2716 {
   2717 	if (sm)
   2718 		sm->dot11RSNAStatsTKIPLocalMICFailures++;
   2719 }
   2720 
   2721 
   2722 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
   2723 {
   2724 	if (wpa_auth == NULL)
   2725 		return NULL;
   2726 	*len = wpa_auth->wpa_ie_len;
   2727 	return wpa_auth->wpa_ie;
   2728 }
   2729 
   2730 
   2731 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
   2732 		       int session_timeout, struct eapol_state_machine *eapol)
   2733 {
   2734 	if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 ||
   2735 	    sm->wpa_auth->conf.disable_pmksa_caching)
   2736 		return -1;
   2737 
   2738 	if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
   2739 				 sm->wpa_auth->addr, sm->addr, session_timeout,
   2740 				 eapol, sm->wpa_key_mgmt))
   2741 		return 0;
   2742 
   2743 	return -1;
   2744 }
   2745 
   2746 
   2747 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
   2748 			       const u8 *pmk, size_t len, const u8 *sta_addr,
   2749 			       int session_timeout,
   2750 			       struct eapol_state_machine *eapol)
   2751 {
   2752 	if (wpa_auth == NULL)
   2753 		return -1;
   2754 
   2755 	if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
   2756 				 sta_addr, session_timeout, eapol,
   2757 				 WPA_KEY_MGMT_IEEE8021X))
   2758 		return 0;
   2759 
   2760 	return -1;
   2761 }
   2762 
   2763 
   2764 static struct wpa_group *
   2765 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
   2766 {
   2767 	struct wpa_group *group;
   2768 
   2769 	if (wpa_auth == NULL || wpa_auth->group == NULL)
   2770 		return NULL;
   2771 
   2772 	wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
   2773 		   vlan_id);
   2774 	group = wpa_group_init(wpa_auth, vlan_id);
   2775 	if (group == NULL)
   2776 		return NULL;
   2777 
   2778 	group->next = wpa_auth->group->next;
   2779 	wpa_auth->group->next = group;
   2780 
   2781 	return group;
   2782 }
   2783 
   2784 
   2785 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
   2786 {
   2787 	struct wpa_group *group;
   2788 
   2789 	if (sm == NULL || sm->wpa_auth == NULL)
   2790 		return 0;
   2791 
   2792 	group = sm->wpa_auth->group;
   2793 	while (group) {
   2794 		if (group->vlan_id == vlan_id)
   2795 			break;
   2796 		group = group->next;
   2797 	}
   2798 
   2799 	if (group == NULL) {
   2800 		group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
   2801 		if (group == NULL)
   2802 			return -1;
   2803 	}
   2804 
   2805 	if (sm->group == group)
   2806 		return 0;
   2807 
   2808 	wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
   2809 		   "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
   2810 
   2811 	sm->group = group;
   2812 	return 0;
   2813 }
   2814 
   2815 
   2816 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
   2817 				  struct wpa_state_machine *sm, int ack)
   2818 {
   2819 	if (wpa_auth == NULL || sm == NULL)
   2820 		return;
   2821 	wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
   2822 		   " ack=%d", MAC2STR(sm->addr), ack);
   2823 	if (sm->pending_1_of_4_timeout && ack) {
   2824 		/*
   2825 		 * Some deployed supplicant implementations update their SNonce
   2826 		 * for each EAPOL-Key 2/4 message even within the same 4-way
   2827 		 * handshake and then fail to use the first SNonce when
   2828 		 * deriving the PTK. This results in unsuccessful 4-way
   2829 		 * handshake whenever the relatively short initial timeout is
   2830 		 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
   2831 		 * around this by increasing the timeout now that we know that
   2832 		 * the station has received the frame.
   2833 		 */
   2834 		int timeout_ms = eapol_key_timeout_subseq;
   2835 		wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
   2836 			   "timeout by %u ms because of acknowledged frame",
   2837 			   timeout_ms);
   2838 		eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
   2839 		eloop_register_timeout(timeout_ms / 1000,
   2840 				       (timeout_ms % 1000) * 1000,
   2841 				       wpa_send_eapol_timeout, wpa_auth, sm);
   2842 	}
   2843 }
   2844