1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/aes_wrap.h" 13 #include "crypto/crypto.h" 14 #include "crypto/random.h" 15 #include "common/ieee802_11_defs.h" 16 #include "eapol_supp/eapol_supp_sm.h" 17 #include "wpa.h" 18 #include "eloop.h" 19 #include "preauth.h" 20 #include "pmksa_cache.h" 21 #include "wpa_i.h" 22 #include "wpa_ie.h" 23 #include "peerkey.h" 24 25 26 /** 27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 28 * @sm: Pointer to WPA state machine data from wpa_sm_init() 29 * @kck: Key Confirmation Key (KCK, part of PTK) 30 * @ver: Version field from Key Info 31 * @dest: Destination address for the frame 32 * @proto: Ethertype (usually ETH_P_EAPOL) 33 * @msg: EAPOL-Key message 34 * @msg_len: Length of message 35 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 36 */ 37 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, 38 int ver, const u8 *dest, u16 proto, 39 u8 *msg, size_t msg_len, u8 *key_mic) 40 { 41 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 42 /* 43 * Association event was not yet received; try to fetch 44 * BSSID from the driver. 45 */ 46 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 47 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 48 "WPA: Failed to read BSSID for " 49 "EAPOL-Key destination address"); 50 } else { 51 dest = sm->bssid; 52 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 53 "WPA: Use BSSID (" MACSTR 54 ") as the destination for EAPOL-Key", 55 MAC2STR(dest)); 56 } 57 } 58 if (key_mic && 59 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) { 60 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 61 "WPA: Failed to generate EAPOL-Key " 62 "version %d MIC", ver); 63 goto out; 64 } 65 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16); 66 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16); 67 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 68 wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 69 eapol_sm_notify_tx_eapol_key(sm->eapol); 70 out: 71 os_free(msg); 72 } 73 74 75 /** 76 * wpa_sm_key_request - Send EAPOL-Key Request 77 * @sm: Pointer to WPA state machine data from wpa_sm_init() 78 * @error: Indicate whether this is an Michael MIC error report 79 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 80 * 81 * Send an EAPOL-Key Request to the current authenticator. This function is 82 * used to request rekeying and it is usually called when a local Michael MIC 83 * failure is detected. 84 */ 85 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 86 { 87 size_t rlen; 88 struct wpa_eapol_key *reply; 89 int key_info, ver; 90 u8 bssid[ETH_ALEN], *rbuf; 91 92 if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt)) 93 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 94 else if (sm->pairwise_cipher == WPA_CIPHER_CCMP) 95 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 96 else 97 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 98 99 if (wpa_sm_get_bssid(sm, bssid) < 0) { 100 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 101 "Failed to read BSSID for EAPOL-Key request"); 102 return; 103 } 104 105 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 106 sizeof(*reply), &rlen, (void *) &reply); 107 if (rbuf == NULL) 108 return; 109 110 reply->type = sm->proto == WPA_PROTO_RSN ? 111 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 112 key_info = WPA_KEY_INFO_REQUEST | ver; 113 if (sm->ptk_set) 114 key_info |= WPA_KEY_INFO_MIC; 115 if (error) 116 key_info |= WPA_KEY_INFO_ERROR; 117 if (pairwise) 118 key_info |= WPA_KEY_INFO_KEY_TYPE; 119 WPA_PUT_BE16(reply->key_info, key_info); 120 WPA_PUT_BE16(reply->key_length, 0); 121 os_memcpy(reply->replay_counter, sm->request_counter, 122 WPA_REPLAY_COUNTER_LEN); 123 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 124 125 WPA_PUT_BE16(reply->key_data_length, 0); 126 127 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 128 "WPA: Sending EAPOL-Key Request (error=%d " 129 "pairwise=%d ptk_set=%d len=%lu)", 130 error, pairwise, sm->ptk_set, (unsigned long) rlen); 131 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL, 132 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ? 133 reply->key_mic : NULL); 134 } 135 136 137 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 138 const unsigned char *src_addr, 139 const u8 *pmkid) 140 { 141 int abort_cached = 0; 142 143 if (pmkid && !sm->cur_pmksa) { 144 /* When using drivers that generate RSN IE, wpa_supplicant may 145 * not have enough time to get the association information 146 * event before receiving this 1/4 message, so try to find a 147 * matching PMKSA cache entry here. */ 148 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 149 NULL); 150 if (sm->cur_pmksa) { 151 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 152 "RSN: found matching PMKID from PMKSA cache"); 153 } else { 154 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 155 "RSN: no matching PMKID found"); 156 abort_cached = 1; 157 } 158 } 159 160 if (pmkid && sm->cur_pmksa && 161 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 162 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 163 wpa_sm_set_pmk_from_pmksa(sm); 164 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 165 sm->pmk, sm->pmk_len); 166 eapol_sm_notify_cached(sm->eapol); 167 #ifdef CONFIG_IEEE80211R 168 sm->xxkey_len = 0; 169 #endif /* CONFIG_IEEE80211R */ 170 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 171 int res, pmk_len; 172 pmk_len = PMK_LEN; 173 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN); 174 if (res) { 175 /* 176 * EAP-LEAP is an exception from other EAP methods: it 177 * uses only 16-byte PMK. 178 */ 179 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 180 pmk_len = 16; 181 } else { 182 #ifdef CONFIG_IEEE80211R 183 u8 buf[2 * PMK_LEN]; 184 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 185 { 186 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 187 sm->xxkey_len = PMK_LEN; 188 os_memset(buf, 0, sizeof(buf)); 189 } 190 #endif /* CONFIG_IEEE80211R */ 191 } 192 if (res == 0) { 193 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 194 "machines", sm->pmk, pmk_len); 195 sm->pmk_len = pmk_len; 196 if (sm->proto == WPA_PROTO_RSN && 197 !wpa_key_mgmt_ft(sm->key_mgmt)) { 198 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, 199 src_addr, sm->own_addr, 200 sm->network_ctx, sm->key_mgmt); 201 } 202 if (!sm->cur_pmksa && pmkid && 203 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 204 { 205 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 206 "RSN: the new PMK matches with the " 207 "PMKID"); 208 abort_cached = 0; 209 } 210 } else { 211 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 212 "WPA: Failed to get master session key from " 213 "EAPOL state machines - key handshake " 214 "aborted"); 215 if (sm->cur_pmksa) { 216 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 217 "RSN: Cancelled PMKSA caching " 218 "attempt"); 219 sm->cur_pmksa = NULL; 220 abort_cached = 1; 221 } else if (!abort_cached) { 222 return -1; 223 } 224 } 225 } 226 227 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 228 !wpa_key_mgmt_ft(sm->key_mgmt)) { 229 /* Send EAPOL-Start to trigger full EAP authentication. */ 230 u8 *buf; 231 size_t buflen; 232 233 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 234 "RSN: no PMKSA entry found - trigger " 235 "full EAP authentication"); 236 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 237 NULL, 0, &buflen, NULL); 238 if (buf) { 239 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 240 buf, buflen); 241 os_free(buf); 242 return -2; 243 } 244 245 return -1; 246 } 247 248 return 0; 249 } 250 251 252 /** 253 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 254 * @sm: Pointer to WPA state machine data from wpa_sm_init() 255 * @dst: Destination address for the frame 256 * @key: Pointer to the EAPOL-Key frame header 257 * @ver: Version bits from EAPOL-Key Key Info 258 * @nonce: Nonce value for the EAPOL-Key frame 259 * @wpa_ie: WPA/RSN IE 260 * @wpa_ie_len: Length of the WPA/RSN IE 261 * @ptk: PTK to use for keyed hash and encryption 262 * Returns: 0 on success, -1 on failure 263 */ 264 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 265 const struct wpa_eapol_key *key, 266 int ver, const u8 *nonce, 267 const u8 *wpa_ie, size_t wpa_ie_len, 268 struct wpa_ptk *ptk) 269 { 270 size_t rlen; 271 struct wpa_eapol_key *reply; 272 u8 *rbuf; 273 u8 *rsn_ie_buf = NULL; 274 275 if (wpa_ie == NULL) { 276 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 277 "cannot generate msg 2/4"); 278 return -1; 279 } 280 281 #ifdef CONFIG_IEEE80211R 282 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 283 int res; 284 285 /* 286 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 287 * FTIE from (Re)Association Response. 288 */ 289 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 290 sm->assoc_resp_ies_len); 291 if (rsn_ie_buf == NULL) 292 return -1; 293 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 294 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len, 295 sm->pmk_r1_name); 296 if (res < 0) { 297 os_free(rsn_ie_buf); 298 return -1; 299 } 300 wpa_ie_len += res; 301 302 if (sm->assoc_resp_ies) { 303 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 304 sm->assoc_resp_ies_len); 305 wpa_ie_len += sm->assoc_resp_ies_len; 306 } 307 308 wpa_ie = rsn_ie_buf; 309 } 310 #endif /* CONFIG_IEEE80211R */ 311 312 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 313 314 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 315 NULL, sizeof(*reply) + wpa_ie_len, 316 &rlen, (void *) &reply); 317 if (rbuf == NULL) { 318 os_free(rsn_ie_buf); 319 return -1; 320 } 321 322 reply->type = sm->proto == WPA_PROTO_RSN ? 323 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 324 WPA_PUT_BE16(reply->key_info, 325 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC); 326 if (sm->proto == WPA_PROTO_RSN) 327 WPA_PUT_BE16(reply->key_length, 0); 328 else 329 os_memcpy(reply->key_length, key->key_length, 2); 330 os_memcpy(reply->replay_counter, key->replay_counter, 331 WPA_REPLAY_COUNTER_LEN); 332 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 333 WPA_REPLAY_COUNTER_LEN); 334 335 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len); 336 os_memcpy(reply + 1, wpa_ie, wpa_ie_len); 337 os_free(rsn_ie_buf); 338 339 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 340 341 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 342 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 343 rbuf, rlen, reply->key_mic); 344 345 return 0; 346 } 347 348 349 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 350 const struct wpa_eapol_key *key, 351 struct wpa_ptk *ptk) 352 { 353 size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64; 354 #ifdef CONFIG_IEEE80211R 355 if (wpa_key_mgmt_ft(sm->key_mgmt)) 356 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len); 357 #endif /* CONFIG_IEEE80211R */ 358 359 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 360 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce, 361 (u8 *) ptk, ptk_len, 362 wpa_key_mgmt_sha256(sm->key_mgmt)); 363 return 0; 364 } 365 366 367 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 368 const unsigned char *src_addr, 369 const struct wpa_eapol_key *key, 370 u16 ver) 371 { 372 struct wpa_eapol_ie_parse ie; 373 struct wpa_ptk *ptk; 374 u8 buf[8]; 375 int res; 376 377 if (wpa_sm_get_network_ctx(sm) == NULL) { 378 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 379 "found (msg 1 of 4)"); 380 return; 381 } 382 383 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 384 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 385 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 386 387 os_memset(&ie, 0, sizeof(ie)); 388 389 #ifndef CONFIG_NO_WPA2 390 if (sm->proto == WPA_PROTO_RSN) { 391 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 392 const u8 *_buf = (const u8 *) (key + 1); 393 size_t len = WPA_GET_BE16(key->key_data_length); 394 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len); 395 if (wpa_supplicant_parse_ies(_buf, len, &ie) < 0) 396 goto failed; 397 if (ie.pmkid) { 398 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 399 "Authenticator", ie.pmkid, PMKID_LEN); 400 } 401 } 402 #endif /* CONFIG_NO_WPA2 */ 403 404 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 405 if (res == -2) { 406 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 407 "msg 1/4 - requesting full EAP authentication"); 408 return; 409 } 410 if (res) 411 goto failed; 412 413 if (sm->renew_snonce) { 414 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 415 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 416 "WPA: Failed to get random data for SNonce"); 417 goto failed; 418 } 419 sm->renew_snonce = 0; 420 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 421 sm->snonce, WPA_NONCE_LEN); 422 } 423 424 /* Calculate PTK which will be stored as a temporary PTK until it has 425 * been verified when processing message 3/4. */ 426 ptk = &sm->tptk; 427 wpa_derive_ptk(sm, src_addr, key, ptk); 428 /* Supplicant: swap tx/rx Mic keys */ 429 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8); 430 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8); 431 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8); 432 sm->tptk_set = 1; 433 434 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 435 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, 436 ptk)) 437 goto failed; 438 439 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 440 return; 441 442 failed: 443 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 444 } 445 446 447 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 448 { 449 struct wpa_sm *sm = eloop_ctx; 450 rsn_preauth_candidate_process(sm); 451 } 452 453 454 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 455 const u8 *addr, int secure) 456 { 457 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 458 "WPA: Key negotiation completed with " 459 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 460 wpa_cipher_txt(sm->pairwise_cipher), 461 wpa_cipher_txt(sm->group_cipher)); 462 wpa_sm_cancel_auth_timeout(sm); 463 wpa_sm_set_state(sm, WPA_COMPLETED); 464 465 if (secure) { 466 wpa_sm_mlme_setprotection( 467 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 468 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 469 eapol_sm_notify_portValid(sm->eapol, TRUE); 470 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 471 eapol_sm_notify_eap_success(sm->eapol, TRUE); 472 /* 473 * Start preauthentication after a short wait to avoid a 474 * possible race condition between the data receive and key 475 * configuration after the 4-Way Handshake. This increases the 476 * likelihood of the first preauth EAPOL-Start frame getting to 477 * the target AP. 478 */ 479 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 480 } 481 482 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 483 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 484 "RSN: Authenticator accepted " 485 "opportunistic PMKSA entry - marking it valid"); 486 sm->cur_pmksa->opportunistic = 0; 487 } 488 489 #ifdef CONFIG_IEEE80211R 490 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 491 /* Prepare for the next transition */ 492 wpa_ft_prepare_auth_request(sm, NULL); 493 } 494 #endif /* CONFIG_IEEE80211R */ 495 } 496 497 498 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 499 { 500 struct wpa_sm *sm = eloop_ctx; 501 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 502 wpa_sm_key_request(sm, 0, 1); 503 } 504 505 506 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 507 const struct wpa_eapol_key *key) 508 { 509 int keylen, rsclen; 510 enum wpa_alg alg; 511 const u8 *key_rsc; 512 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 513 514 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 515 "WPA: Installing PTK to the driver"); 516 517 switch (sm->pairwise_cipher) { 518 case WPA_CIPHER_CCMP: 519 alg = WPA_ALG_CCMP; 520 keylen = 16; 521 rsclen = 6; 522 break; 523 case WPA_CIPHER_TKIP: 524 alg = WPA_ALG_TKIP; 525 keylen = 32; 526 rsclen = 6; 527 break; 528 case WPA_CIPHER_NONE: 529 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 530 "Suite: NONE - do not use pairwise keys"); 531 return 0; 532 default: 533 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 534 "WPA: Unsupported pairwise cipher %d", 535 sm->pairwise_cipher); 536 return -1; 537 } 538 539 if (sm->proto == WPA_PROTO_RSN) { 540 key_rsc = null_rsc; 541 } else { 542 key_rsc = key->key_rsc; 543 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 544 } 545 546 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 547 (u8 *) sm->ptk.tk1, keylen) < 0) { 548 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 549 "WPA: Failed to set PTK to the " 550 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 551 alg, keylen, MAC2STR(sm->bssid)); 552 return -1; 553 } 554 555 if (sm->wpa_ptk_rekey) { 556 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 557 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 558 sm, NULL); 559 } 560 561 return 0; 562 } 563 564 565 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 566 int group_cipher, 567 int keylen, int maxkeylen, 568 int *key_rsc_len, 569 enum wpa_alg *alg) 570 { 571 int ret = 0; 572 573 switch (group_cipher) { 574 case WPA_CIPHER_CCMP: 575 if (keylen != 16 || maxkeylen < 16) { 576 ret = -1; 577 break; 578 } 579 *key_rsc_len = 6; 580 *alg = WPA_ALG_CCMP; 581 break; 582 case WPA_CIPHER_TKIP: 583 if (keylen != 32 || maxkeylen < 32) { 584 ret = -1; 585 break; 586 } 587 *key_rsc_len = 6; 588 *alg = WPA_ALG_TKIP; 589 break; 590 case WPA_CIPHER_WEP104: 591 if (keylen != 13 || maxkeylen < 13) { 592 ret = -1; 593 break; 594 } 595 *key_rsc_len = 0; 596 *alg = WPA_ALG_WEP; 597 break; 598 case WPA_CIPHER_WEP40: 599 if (keylen != 5 || maxkeylen < 5) { 600 ret = -1; 601 break; 602 } 603 *key_rsc_len = 0; 604 *alg = WPA_ALG_WEP; 605 break; 606 default: 607 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 608 "WPA: Unsupported Group Cipher %d", 609 group_cipher); 610 return -1; 611 } 612 613 if (ret < 0 ) { 614 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 615 "WPA: Unsupported %s Group Cipher key length %d (%d)", 616 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 617 } 618 619 return ret; 620 } 621 622 623 struct wpa_gtk_data { 624 enum wpa_alg alg; 625 int tx, key_rsc_len, keyidx; 626 u8 gtk[32]; 627 int gtk_len; 628 }; 629 630 631 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 632 const struct wpa_gtk_data *gd, 633 const u8 *key_rsc) 634 { 635 const u8 *_gtk = gd->gtk; 636 u8 gtk_buf[32]; 637 638 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 639 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 640 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 641 gd->keyidx, gd->tx, gd->gtk_len); 642 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 643 if (sm->group_cipher == WPA_CIPHER_TKIP) { 644 /* Swap Tx/Rx keys for Michael MIC */ 645 os_memcpy(gtk_buf, gd->gtk, 16); 646 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 647 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 648 _gtk = gtk_buf; 649 } 650 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 651 if (wpa_sm_set_key(sm, gd->alg, NULL, 652 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 653 _gtk, gd->gtk_len) < 0) { 654 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 655 "WPA: Failed to set GTK to the driver " 656 "(Group only)"); 657 return -1; 658 } 659 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 660 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 661 _gtk, gd->gtk_len) < 0) { 662 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 663 "WPA: Failed to set GTK to " 664 "the driver (alg=%d keylen=%d keyidx=%d)", 665 gd->alg, gd->gtk_len, gd->keyidx); 666 return -1; 667 } 668 669 return 0; 670 } 671 672 673 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 674 int tx) 675 { 676 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 677 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 678 * seemed to set this bit (incorrectly, since Tx is only when 679 * doing Group Key only APs) and without this workaround, the 680 * data connection does not work because wpa_supplicant 681 * configured non-zero keyidx to be used for unicast. */ 682 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 683 "WPA: Tx bit set for GTK, but pairwise " 684 "keys are used - ignore Tx bit"); 685 return 0; 686 } 687 return tx; 688 } 689 690 691 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 692 const struct wpa_eapol_key *key, 693 const u8 *gtk, size_t gtk_len, 694 int key_info) 695 { 696 #ifndef CONFIG_NO_WPA2 697 struct wpa_gtk_data gd; 698 699 /* 700 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 701 * GTK KDE format: 702 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 703 * Reserved [bits 0-7] 704 * GTK 705 */ 706 707 os_memset(&gd, 0, sizeof(gd)); 708 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 709 gtk, gtk_len); 710 711 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 712 return -1; 713 714 gd.keyidx = gtk[0] & 0x3; 715 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 716 !!(gtk[0] & BIT(2))); 717 gtk += 2; 718 gtk_len -= 2; 719 720 os_memcpy(gd.gtk, gtk, gtk_len); 721 gd.gtk_len = gtk_len; 722 723 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 724 gtk_len, gtk_len, 725 &gd.key_rsc_len, &gd.alg) || 726 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) { 727 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 728 "RSN: Failed to install GTK"); 729 return -1; 730 } 731 732 wpa_supplicant_key_neg_complete(sm, sm->bssid, 733 key_info & WPA_KEY_INFO_SECURE); 734 return 0; 735 #else /* CONFIG_NO_WPA2 */ 736 return -1; 737 #endif /* CONFIG_NO_WPA2 */ 738 } 739 740 741 static int ieee80211w_set_keys(struct wpa_sm *sm, 742 struct wpa_eapol_ie_parse *ie) 743 { 744 #ifdef CONFIG_IEEE80211W 745 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) 746 return 0; 747 748 if (ie->igtk) { 749 const struct wpa_igtk_kde *igtk; 750 u16 keyidx; 751 if (ie->igtk_len != sizeof(*igtk)) 752 return -1; 753 igtk = (const struct wpa_igtk_kde *) ie->igtk; 754 keyidx = WPA_GET_LE16(igtk->keyid); 755 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 756 "pn %02x%02x%02x%02x%02x%02x", 757 keyidx, MAC2STR(igtk->pn)); 758 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 759 igtk->igtk, WPA_IGTK_LEN); 760 if (keyidx > 4095) { 761 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 762 "WPA: Invalid IGTK KeyID %d", keyidx); 763 return -1; 764 } 765 if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, 766 keyidx, 0, igtk->pn, sizeof(igtk->pn), 767 igtk->igtk, WPA_IGTK_LEN) < 0) { 768 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 769 "WPA: Failed to configure IGTK to the driver"); 770 return -1; 771 } 772 } 773 774 return 0; 775 #else /* CONFIG_IEEE80211W */ 776 return 0; 777 #endif /* CONFIG_IEEE80211W */ 778 } 779 780 781 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 782 const char *reason, const u8 *src_addr, 783 const u8 *wpa_ie, size_t wpa_ie_len, 784 const u8 *rsn_ie, size_t rsn_ie_len) 785 { 786 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 787 reason, MAC2STR(src_addr)); 788 789 if (sm->ap_wpa_ie) { 790 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 791 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 792 } 793 if (wpa_ie) { 794 if (!sm->ap_wpa_ie) { 795 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 796 "WPA: No WPA IE in Beacon/ProbeResp"); 797 } 798 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 799 wpa_ie, wpa_ie_len); 800 } 801 802 if (sm->ap_rsn_ie) { 803 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 804 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 805 } 806 if (rsn_ie) { 807 if (!sm->ap_rsn_ie) { 808 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 809 "WPA: No RSN IE in Beacon/ProbeResp"); 810 } 811 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 812 rsn_ie, rsn_ie_len); 813 } 814 815 wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 816 } 817 818 819 #ifdef CONFIG_IEEE80211R 820 821 static int ft_validate_mdie(struct wpa_sm *sm, 822 const unsigned char *src_addr, 823 struct wpa_eapol_ie_parse *ie, 824 const u8 *assoc_resp_mdie) 825 { 826 struct rsn_mdie *mdie; 827 828 mdie = (struct rsn_mdie *) (ie->mdie + 2); 829 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 830 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 831 MOBILITY_DOMAIN_ID_LEN) != 0) { 832 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 833 "not match with the current mobility domain"); 834 return -1; 835 } 836 837 if (assoc_resp_mdie && 838 (assoc_resp_mdie[1] != ie->mdie[1] || 839 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 840 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 841 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 842 ie->mdie, 2 + ie->mdie[1]); 843 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 844 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 845 return -1; 846 } 847 848 return 0; 849 } 850 851 852 static int ft_validate_ftie(struct wpa_sm *sm, 853 const unsigned char *src_addr, 854 struct wpa_eapol_ie_parse *ie, 855 const u8 *assoc_resp_ftie) 856 { 857 if (ie->ftie == NULL) { 858 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 859 "FT: No FTIE in EAPOL-Key msg 3/4"); 860 return -1; 861 } 862 863 if (assoc_resp_ftie == NULL) 864 return 0; 865 866 if (assoc_resp_ftie[1] != ie->ftie[1] || 867 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 868 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 869 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 870 ie->ftie, 2 + ie->ftie[1]); 871 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 872 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 873 return -1; 874 } 875 876 return 0; 877 } 878 879 880 static int ft_validate_rsnie(struct wpa_sm *sm, 881 const unsigned char *src_addr, 882 struct wpa_eapol_ie_parse *ie) 883 { 884 struct wpa_ie_data rsn; 885 886 if (!ie->rsn_ie) 887 return 0; 888 889 /* 890 * Verify that PMKR1Name from EAPOL-Key message 3/4 891 * matches with the value we derived. 892 */ 893 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 894 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 895 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 896 "FT 4-way handshake message 3/4"); 897 return -1; 898 } 899 900 if (os_memcmp(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) { 901 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 902 "FT: PMKR1Name mismatch in " 903 "FT 4-way handshake message 3/4"); 904 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 905 rsn.pmkid, WPA_PMK_NAME_LEN); 906 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 907 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 908 return -1; 909 } 910 911 return 0; 912 } 913 914 915 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 916 const unsigned char *src_addr, 917 struct wpa_eapol_ie_parse *ie) 918 { 919 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 920 921 if (sm->assoc_resp_ies) { 922 pos = sm->assoc_resp_ies; 923 end = pos + sm->assoc_resp_ies_len; 924 while (pos + 2 < end) { 925 if (pos + 2 + pos[1] > end) 926 break; 927 switch (*pos) { 928 case WLAN_EID_MOBILITY_DOMAIN: 929 mdie = pos; 930 break; 931 case WLAN_EID_FAST_BSS_TRANSITION: 932 ftie = pos; 933 break; 934 } 935 pos += 2 + pos[1]; 936 } 937 } 938 939 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 940 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 941 ft_validate_rsnie(sm, src_addr, ie) < 0) 942 return -1; 943 944 return 0; 945 } 946 947 #endif /* CONFIG_IEEE80211R */ 948 949 950 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 951 const unsigned char *src_addr, 952 struct wpa_eapol_ie_parse *ie) 953 { 954 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 955 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 956 "WPA: No WPA/RSN IE for this AP known. " 957 "Trying to get from scan results"); 958 if (wpa_sm_get_beacon_ie(sm) < 0) { 959 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 960 "WPA: Could not find AP from " 961 "the scan results"); 962 } else { 963 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 964 "WPA: Found the current AP from " 965 "updated scan results"); 966 } 967 } 968 969 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 970 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 971 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 972 "with IE in Beacon/ProbeResp (no IE?)", 973 src_addr, ie->wpa_ie, ie->wpa_ie_len, 974 ie->rsn_ie, ie->rsn_ie_len); 975 return -1; 976 } 977 978 if ((ie->wpa_ie && sm->ap_wpa_ie && 979 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 980 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 981 (ie->rsn_ie && sm->ap_rsn_ie && 982 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 983 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 984 ie->rsn_ie, ie->rsn_ie_len))) { 985 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 986 "with IE in Beacon/ProbeResp", 987 src_addr, ie->wpa_ie, ie->wpa_ie_len, 988 ie->rsn_ie, ie->rsn_ie_len); 989 return -1; 990 } 991 992 if (sm->proto == WPA_PROTO_WPA && 993 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 994 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 995 "detected - RSN was enabled and RSN IE " 996 "was in msg 3/4, but not in " 997 "Beacon/ProbeResp", 998 src_addr, ie->wpa_ie, ie->wpa_ie_len, 999 ie->rsn_ie, ie->rsn_ie_len); 1000 return -1; 1001 } 1002 1003 #ifdef CONFIG_IEEE80211R 1004 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1005 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1006 return -1; 1007 #endif /* CONFIG_IEEE80211R */ 1008 1009 return 0; 1010 } 1011 1012 1013 /** 1014 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1015 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1016 * @dst: Destination address for the frame 1017 * @key: Pointer to the EAPOL-Key frame header 1018 * @ver: Version bits from EAPOL-Key Key Info 1019 * @key_info: Key Info 1020 * @kde: KDEs to include the EAPOL-Key frame 1021 * @kde_len: Length of KDEs 1022 * @ptk: PTK to use for keyed hash and encryption 1023 * Returns: 0 on success, -1 on failure 1024 */ 1025 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1026 const struct wpa_eapol_key *key, 1027 u16 ver, u16 key_info, 1028 const u8 *kde, size_t kde_len, 1029 struct wpa_ptk *ptk) 1030 { 1031 size_t rlen; 1032 struct wpa_eapol_key *reply; 1033 u8 *rbuf; 1034 1035 if (kde) 1036 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len); 1037 1038 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1039 sizeof(*reply) + kde_len, 1040 &rlen, (void *) &reply); 1041 if (rbuf == NULL) 1042 return -1; 1043 1044 reply->type = sm->proto == WPA_PROTO_RSN ? 1045 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1046 key_info &= WPA_KEY_INFO_SECURE; 1047 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC; 1048 WPA_PUT_BE16(reply->key_info, key_info); 1049 if (sm->proto == WPA_PROTO_RSN) 1050 WPA_PUT_BE16(reply->key_length, 0); 1051 else 1052 os_memcpy(reply->key_length, key->key_length, 2); 1053 os_memcpy(reply->replay_counter, key->replay_counter, 1054 WPA_REPLAY_COUNTER_LEN); 1055 1056 WPA_PUT_BE16(reply->key_data_length, kde_len); 1057 if (kde) 1058 os_memcpy(reply + 1, kde, kde_len); 1059 1060 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1061 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, 1062 rbuf, rlen, reply->key_mic); 1063 1064 return 0; 1065 } 1066 1067 1068 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1069 const struct wpa_eapol_key *key, 1070 u16 ver) 1071 { 1072 u16 key_info, keylen, len; 1073 const u8 *pos; 1074 struct wpa_eapol_ie_parse ie; 1075 1076 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1077 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1078 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1079 1080 key_info = WPA_GET_BE16(key->key_info); 1081 1082 pos = (const u8 *) (key + 1); 1083 len = WPA_GET_BE16(key->key_data_length); 1084 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len); 1085 if (wpa_supplicant_parse_ies(pos, len, &ie) < 0) 1086 goto failed; 1087 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1088 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1089 "WPA: GTK IE in unencrypted key data"); 1090 goto failed; 1091 } 1092 #ifdef CONFIG_IEEE80211W 1093 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1094 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1095 "WPA: IGTK KDE in unencrypted key data"); 1096 goto failed; 1097 } 1098 1099 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) { 1100 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1101 "WPA: Invalid IGTK KDE length %lu", 1102 (unsigned long) ie.igtk_len); 1103 goto failed; 1104 } 1105 #endif /* CONFIG_IEEE80211W */ 1106 1107 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1108 goto failed; 1109 1110 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1111 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1112 "WPA: ANonce from message 1 of 4-Way Handshake " 1113 "differs from 3 of 4-Way Handshake - drop packet (src=" 1114 MACSTR ")", MAC2STR(sm->bssid)); 1115 goto failed; 1116 } 1117 1118 keylen = WPA_GET_BE16(key->key_length); 1119 switch (sm->pairwise_cipher) { 1120 case WPA_CIPHER_CCMP: 1121 if (keylen != 16) { 1122 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1123 "WPA: Invalid CCMP key length %d (src=" MACSTR 1124 ")", keylen, MAC2STR(sm->bssid)); 1125 goto failed; 1126 } 1127 break; 1128 case WPA_CIPHER_TKIP: 1129 if (keylen != 32) { 1130 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1131 "WPA: Invalid TKIP key length %d (src=" MACSTR 1132 ")", keylen, MAC2STR(sm->bssid)); 1133 goto failed; 1134 } 1135 break; 1136 } 1137 1138 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1139 NULL, 0, &sm->ptk)) { 1140 goto failed; 1141 } 1142 1143 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1144 * for the next 4-Way Handshake. If msg 3 is received again, the old 1145 * SNonce will still be used to avoid changing PTK. */ 1146 sm->renew_snonce = 1; 1147 1148 if (key_info & WPA_KEY_INFO_INSTALL) { 1149 if (wpa_supplicant_install_ptk(sm, key)) 1150 goto failed; 1151 } 1152 1153 if (key_info & WPA_KEY_INFO_SECURE) { 1154 wpa_sm_mlme_setprotection( 1155 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1156 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1157 eapol_sm_notify_portValid(sm->eapol, TRUE); 1158 } 1159 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1160 1161 if (ie.gtk && 1162 wpa_supplicant_pairwise_gtk(sm, key, 1163 ie.gtk, ie.gtk_len, key_info) < 0) { 1164 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1165 "RSN: Failed to configure GTK"); 1166 goto failed; 1167 } 1168 1169 if (ieee80211w_set_keys(sm, &ie) < 0) { 1170 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1171 "RSN: Failed to configure IGTK"); 1172 goto failed; 1173 } 1174 1175 wpa_sm_set_rekey_offload(sm); 1176 1177 return; 1178 1179 failed: 1180 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1181 } 1182 1183 1184 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1185 const u8 *keydata, 1186 size_t keydatalen, 1187 u16 key_info, 1188 struct wpa_gtk_data *gd) 1189 { 1190 int maxkeylen; 1191 struct wpa_eapol_ie_parse ie; 1192 1193 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); 1194 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1195 return -1; 1196 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1197 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1198 "WPA: GTK IE in unencrypted key data"); 1199 return -1; 1200 } 1201 if (ie.gtk == NULL) { 1202 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1203 "WPA: No GTK IE in Group Key msg 1/2"); 1204 return -1; 1205 } 1206 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1207 1208 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1209 gd->gtk_len, maxkeylen, 1210 &gd->key_rsc_len, &gd->alg)) 1211 return -1; 1212 1213 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake", 1214 ie.gtk, ie.gtk_len); 1215 gd->keyidx = ie.gtk[0] & 0x3; 1216 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1217 !!(ie.gtk[0] & BIT(2))); 1218 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1219 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1220 "RSN: Too long GTK in GTK IE (len=%lu)", 1221 (unsigned long) ie.gtk_len - 2); 1222 return -1; 1223 } 1224 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1225 1226 if (ieee80211w_set_keys(sm, &ie) < 0) 1227 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1228 "RSN: Failed to configure IGTK"); 1229 1230 return 0; 1231 } 1232 1233 1234 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1235 const struct wpa_eapol_key *key, 1236 size_t keydatalen, int key_info, 1237 size_t extra_len, u16 ver, 1238 struct wpa_gtk_data *gd) 1239 { 1240 size_t maxkeylen; 1241 u8 ek[32]; 1242 1243 gd->gtk_len = WPA_GET_BE16(key->key_length); 1244 maxkeylen = keydatalen; 1245 if (keydatalen > extra_len) { 1246 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1247 "WPA: Truncated EAPOL-Key packet: " 1248 "key_data_length=%lu > extra_len=%lu", 1249 (unsigned long) keydatalen, (unsigned long) extra_len); 1250 return -1; 1251 } 1252 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1253 if (maxkeylen < 8) { 1254 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1255 "WPA: Too short maxkeylen (%lu)", 1256 (unsigned long) maxkeylen); 1257 return -1; 1258 } 1259 maxkeylen -= 8; 1260 } 1261 1262 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1263 gd->gtk_len, maxkeylen, 1264 &gd->key_rsc_len, &gd->alg)) 1265 return -1; 1266 1267 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1268 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1269 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1270 os_memcpy(ek, key->key_iv, 16); 1271 os_memcpy(ek + 16, sm->ptk.kek, 16); 1272 if (keydatalen > sizeof(gd->gtk)) { 1273 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1274 "WPA: RC4 key data too long (%lu)", 1275 (unsigned long) keydatalen); 1276 return -1; 1277 } 1278 os_memcpy(gd->gtk, key + 1, keydatalen); 1279 if (rc4_skip(ek, 32, 256, gd->gtk, keydatalen)) { 1280 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1281 "WPA: RC4 failed"); 1282 return -1; 1283 } 1284 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1285 if (keydatalen % 8) { 1286 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1287 "WPA: Unsupported AES-WRAP len %lu", 1288 (unsigned long) keydatalen); 1289 return -1; 1290 } 1291 if (maxkeylen > sizeof(gd->gtk)) { 1292 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1293 "WPA: AES-WRAP key data " 1294 "too long (keydatalen=%lu maxkeylen=%lu)", 1295 (unsigned long) keydatalen, 1296 (unsigned long) maxkeylen); 1297 return -1; 1298 } 1299 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8, 1300 (const u8 *) (key + 1), gd->gtk)) { 1301 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1302 "WPA: AES unwrap failed - could not decrypt " 1303 "GTK"); 1304 return -1; 1305 } 1306 } else { 1307 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1308 "WPA: Unsupported key_info type %d", ver); 1309 return -1; 1310 } 1311 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1312 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1313 return 0; 1314 } 1315 1316 1317 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1318 const struct wpa_eapol_key *key, 1319 int ver, u16 key_info) 1320 { 1321 size_t rlen; 1322 struct wpa_eapol_key *reply; 1323 u8 *rbuf; 1324 1325 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1326 sizeof(*reply), &rlen, (void *) &reply); 1327 if (rbuf == NULL) 1328 return -1; 1329 1330 reply->type = sm->proto == WPA_PROTO_RSN ? 1331 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1332 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1333 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 1334 WPA_PUT_BE16(reply->key_info, key_info); 1335 if (sm->proto == WPA_PROTO_RSN) 1336 WPA_PUT_BE16(reply->key_length, 0); 1337 else 1338 os_memcpy(reply->key_length, key->key_length, 2); 1339 os_memcpy(reply->replay_counter, key->replay_counter, 1340 WPA_REPLAY_COUNTER_LEN); 1341 1342 WPA_PUT_BE16(reply->key_data_length, 0); 1343 1344 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1345 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL, 1346 rbuf, rlen, reply->key_mic); 1347 1348 return 0; 1349 } 1350 1351 1352 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1353 const unsigned char *src_addr, 1354 const struct wpa_eapol_key *key, 1355 int extra_len, u16 ver) 1356 { 1357 u16 key_info, keydatalen; 1358 int rekey, ret; 1359 struct wpa_gtk_data gd; 1360 1361 os_memset(&gd, 0, sizeof(gd)); 1362 1363 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1364 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1365 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1366 1367 key_info = WPA_GET_BE16(key->key_info); 1368 keydatalen = WPA_GET_BE16(key->key_data_length); 1369 1370 if (sm->proto == WPA_PROTO_RSN) { 1371 ret = wpa_supplicant_process_1_of_2_rsn(sm, 1372 (const u8 *) (key + 1), 1373 keydatalen, key_info, 1374 &gd); 1375 } else { 1376 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen, 1377 key_info, extra_len, 1378 ver, &gd); 1379 } 1380 1381 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1382 1383 if (ret) 1384 goto failed; 1385 1386 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) || 1387 wpa_supplicant_send_2_of_2(sm, key, ver, key_info)) 1388 goto failed; 1389 1390 if (rekey) { 1391 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1392 "completed with " MACSTR " [GTK=%s]", 1393 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1394 wpa_sm_cancel_auth_timeout(sm); 1395 wpa_sm_set_state(sm, WPA_COMPLETED); 1396 1397 wpa_sm_set_rekey_offload(sm); 1398 } else { 1399 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1400 key_info & 1401 WPA_KEY_INFO_SECURE); 1402 } 1403 return; 1404 1405 failed: 1406 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1407 } 1408 1409 1410 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1411 struct wpa_eapol_key *key, 1412 u16 ver, 1413 const u8 *buf, size_t len) 1414 { 1415 u8 mic[16]; 1416 int ok = 0; 1417 1418 os_memcpy(mic, key->key_mic, 16); 1419 if (sm->tptk_set) { 1420 os_memset(key->key_mic, 0, 16); 1421 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len, 1422 key->key_mic); 1423 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1424 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1425 "WPA: Invalid EAPOL-Key MIC " 1426 "when using TPTK - ignoring TPTK"); 1427 } else { 1428 ok = 1; 1429 sm->tptk_set = 0; 1430 sm->ptk_set = 1; 1431 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1432 } 1433 } 1434 1435 if (!ok && sm->ptk_set) { 1436 os_memset(key->key_mic, 0, 16); 1437 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len, 1438 key->key_mic); 1439 if (os_memcmp(mic, key->key_mic, 16) != 0) { 1440 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1441 "WPA: Invalid EAPOL-Key MIC - " 1442 "dropping packet"); 1443 return -1; 1444 } 1445 ok = 1; 1446 } 1447 1448 if (!ok) { 1449 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1450 "WPA: Could not verify EAPOL-Key MIC - " 1451 "dropping packet"); 1452 return -1; 1453 } 1454 1455 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1456 WPA_REPLAY_COUNTER_LEN); 1457 sm->rx_replay_counter_set = 1; 1458 return 0; 1459 } 1460 1461 1462 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1463 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1464 struct wpa_eapol_key *key, u16 ver) 1465 { 1466 u16 keydatalen = WPA_GET_BE16(key->key_data_length); 1467 1468 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1469 (u8 *) (key + 1), keydatalen); 1470 if (!sm->ptk_set) { 1471 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1472 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1473 "Data"); 1474 return -1; 1475 } 1476 1477 /* Decrypt key data here so that this operation does not need 1478 * to be implemented separately for each message type. */ 1479 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1480 u8 ek[32]; 1481 os_memcpy(ek, key->key_iv, 16); 1482 os_memcpy(ek + 16, sm->ptk.kek, 16); 1483 if (rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen)) { 1484 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1485 "WPA: RC4 failed"); 1486 return -1; 1487 } 1488 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1489 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1490 u8 *buf; 1491 if (keydatalen % 8) { 1492 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1493 "WPA: Unsupported AES-WRAP len %d", 1494 keydatalen); 1495 return -1; 1496 } 1497 keydatalen -= 8; /* AES-WRAP adds 8 bytes */ 1498 buf = os_malloc(keydatalen); 1499 if (buf == NULL) { 1500 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1501 "WPA: No memory for AES-UNWRAP buffer"); 1502 return -1; 1503 } 1504 if (aes_unwrap(sm->ptk.kek, keydatalen / 8, 1505 (u8 *) (key + 1), buf)) { 1506 os_free(buf); 1507 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1508 "WPA: AES unwrap failed - " 1509 "could not decrypt EAPOL-Key key data"); 1510 return -1; 1511 } 1512 os_memcpy(key + 1, buf, keydatalen); 1513 os_free(buf); 1514 WPA_PUT_BE16(key->key_data_length, keydatalen); 1515 } else { 1516 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1517 "WPA: Unsupported key_info type %d", ver); 1518 return -1; 1519 } 1520 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1521 (u8 *) (key + 1), keydatalen); 1522 return 0; 1523 } 1524 1525 1526 /** 1527 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1528 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1529 */ 1530 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1531 { 1532 if (sm && sm->cur_pmksa) { 1533 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1534 "RSN: Cancelling PMKSA caching attempt"); 1535 sm->cur_pmksa = NULL; 1536 } 1537 } 1538 1539 1540 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1541 const struct wpa_eapol_key *key) 1542 { 1543 #ifndef CONFIG_NO_STDOUT_DEBUG 1544 u16 key_info = WPA_GET_BE16(key->key_info); 1545 1546 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1547 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1548 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1549 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1550 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1551 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1552 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1553 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1554 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1555 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1556 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1557 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1558 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1559 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1560 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1561 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1562 " key_length=%u key_data_length=%u", 1563 WPA_GET_BE16(key->key_length), 1564 WPA_GET_BE16(key->key_data_length)); 1565 wpa_hexdump(MSG_DEBUG, " replay_counter", 1566 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1567 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1568 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1569 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1570 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1571 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16); 1572 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1573 } 1574 1575 1576 /** 1577 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1578 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1579 * @src_addr: Source MAC address of the EAPOL packet 1580 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1581 * @len: Length of the EAPOL frame 1582 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1583 * 1584 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1585 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1586 * only processing WPA and WPA2 EAPOL-Key frames. 1587 * 1588 * The received EAPOL-Key packets are validated and valid packets are replied 1589 * to. In addition, key material (PTK, GTK) is configured at the end of a 1590 * successful key handshake. 1591 */ 1592 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1593 const u8 *buf, size_t len) 1594 { 1595 size_t plen, data_len, extra_len; 1596 struct ieee802_1x_hdr *hdr; 1597 struct wpa_eapol_key *key; 1598 u16 key_info, ver; 1599 u8 *tmp; 1600 int ret = -1; 1601 struct wpa_peerkey *peerkey = NULL; 1602 1603 #ifdef CONFIG_IEEE80211R 1604 sm->ft_completed = 0; 1605 #endif /* CONFIG_IEEE80211R */ 1606 1607 if (len < sizeof(*hdr) + sizeof(*key)) { 1608 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1609 "WPA: EAPOL frame too short to be a WPA " 1610 "EAPOL-Key (len %lu, expecting at least %lu)", 1611 (unsigned long) len, 1612 (unsigned long) sizeof(*hdr) + sizeof(*key)); 1613 return 0; 1614 } 1615 1616 tmp = os_malloc(len); 1617 if (tmp == NULL) 1618 return -1; 1619 os_memcpy(tmp, buf, len); 1620 1621 hdr = (struct ieee802_1x_hdr *) tmp; 1622 key = (struct wpa_eapol_key *) (hdr + 1); 1623 plen = be_to_host16(hdr->length); 1624 data_len = plen + sizeof(*hdr); 1625 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1626 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1627 hdr->version, hdr->type, (unsigned long) plen); 1628 1629 if (hdr->version < EAPOL_VERSION) { 1630 /* TODO: backwards compatibility */ 1631 } 1632 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1633 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1634 "WPA: EAPOL frame (type %u) discarded, " 1635 "not a Key frame", hdr->type); 1636 ret = 0; 1637 goto out; 1638 } 1639 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 1640 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1641 "WPA: EAPOL frame payload size %lu " 1642 "invalid (frame size %lu)", 1643 (unsigned long) plen, (unsigned long) len); 1644 ret = 0; 1645 goto out; 1646 } 1647 1648 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1649 { 1650 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1651 "WPA: EAPOL-Key type (%d) unknown, discarded", 1652 key->type); 1653 ret = 0; 1654 goto out; 1655 } 1656 wpa_eapol_key_dump(sm, key); 1657 1658 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1659 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len); 1660 if (data_len < len) { 1661 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1662 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1663 (unsigned long) len - data_len); 1664 } 1665 key_info = WPA_GET_BE16(key->key_info); 1666 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1667 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1668 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1669 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1670 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 1671 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1672 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1673 "WPA: Unsupported EAPOL-Key descriptor version %d", 1674 ver); 1675 goto out; 1676 } 1677 1678 #ifdef CONFIG_IEEE80211R 1679 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 1680 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 1681 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1682 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1683 "FT: AP did not use AES-128-CMAC"); 1684 goto out; 1685 } 1686 } else 1687 #endif /* CONFIG_IEEE80211R */ 1688 #ifdef CONFIG_IEEE80211W 1689 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 1690 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 1691 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1692 "WPA: AP did not use the " 1693 "negotiated AES-128-CMAC"); 1694 goto out; 1695 } 1696 } else 1697 #endif /* CONFIG_IEEE80211W */ 1698 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 1699 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1700 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1701 "WPA: CCMP is used, but EAPOL-Key " 1702 "descriptor version (%d) is not 2", ver); 1703 if (sm->group_cipher != WPA_CIPHER_CCMP && 1704 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1705 /* Earlier versions of IEEE 802.11i did not explicitly 1706 * require version 2 descriptor for all EAPOL-Key 1707 * packets, so allow group keys to use version 1 if 1708 * CCMP is not used for them. */ 1709 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1710 "WPA: Backwards compatibility: allow invalid " 1711 "version for non-CCMP group keys"); 1712 } else 1713 goto out; 1714 } 1715 1716 #ifdef CONFIG_PEERKEY 1717 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 1718 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 1719 break; 1720 } 1721 1722 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 1723 if (!peerkey->initiator && peerkey->replay_counter_set && 1724 os_memcmp(key->replay_counter, peerkey->replay_counter, 1725 WPA_REPLAY_COUNTER_LEN) <= 0) { 1726 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1727 "RSN: EAPOL-Key Replay Counter did not " 1728 "increase (STK) - dropping packet"); 1729 goto out; 1730 } else if (peerkey->initiator) { 1731 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 1732 os_memcpy(_tmp, key->replay_counter, 1733 WPA_REPLAY_COUNTER_LEN); 1734 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 1735 if (os_memcmp(_tmp, peerkey->replay_counter, 1736 WPA_REPLAY_COUNTER_LEN) != 0) { 1737 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1738 "RSN: EAPOL-Key Replay " 1739 "Counter did not match (STK) - " 1740 "dropping packet"); 1741 goto out; 1742 } 1743 } 1744 } 1745 1746 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 1747 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1748 "RSN: Ack bit in key_info from STK peer"); 1749 goto out; 1750 } 1751 #endif /* CONFIG_PEERKEY */ 1752 1753 if (!peerkey && sm->rx_replay_counter_set && 1754 os_memcmp(key->replay_counter, sm->rx_replay_counter, 1755 WPA_REPLAY_COUNTER_LEN) <= 0) { 1756 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1757 "WPA: EAPOL-Key Replay Counter did not increase - " 1758 "dropping packet"); 1759 goto out; 1760 } 1761 1762 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 1763 #ifdef CONFIG_PEERKEY 1764 && (peerkey == NULL || !peerkey->initiator) 1765 #endif /* CONFIG_PEERKEY */ 1766 ) { 1767 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1768 "WPA: No Ack bit in key_info"); 1769 goto out; 1770 } 1771 1772 if (key_info & WPA_KEY_INFO_REQUEST) { 1773 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1774 "WPA: EAPOL-Key with Request bit - dropped"); 1775 goto out; 1776 } 1777 1778 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 1779 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) 1780 goto out; 1781 1782 #ifdef CONFIG_PEERKEY 1783 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 1784 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len)) 1785 goto out; 1786 #endif /* CONFIG_PEERKEY */ 1787 1788 extra_len = data_len - sizeof(*hdr) - sizeof(*key); 1789 1790 if (WPA_GET_BE16(key->key_data_length) > extra_len) { 1791 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1792 "frame - key_data overflow (%d > %lu)", 1793 WPA_GET_BE16(key->key_data_length), 1794 (unsigned long) extra_len); 1795 goto out; 1796 } 1797 extra_len = WPA_GET_BE16(key->key_data_length); 1798 1799 if (sm->proto == WPA_PROTO_RSN && 1800 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1801 if (wpa_supplicant_decrypt_key_data(sm, key, ver)) 1802 goto out; 1803 extra_len = WPA_GET_BE16(key->key_data_length); 1804 } 1805 1806 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1807 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1808 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1809 "WPA: Ignored EAPOL-Key (Pairwise) with " 1810 "non-zero key index"); 1811 goto out; 1812 } 1813 if (peerkey) { 1814 /* PeerKey 4-Way Handshake */ 1815 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver); 1816 } else if (key_info & WPA_KEY_INFO_MIC) { 1817 /* 3/4 4-Way Handshake */ 1818 wpa_supplicant_process_3_of_4(sm, key, ver); 1819 } else { 1820 /* 1/4 4-Way Handshake */ 1821 wpa_supplicant_process_1_of_4(sm, src_addr, key, 1822 ver); 1823 } 1824 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 1825 /* PeerKey SMK Handshake */ 1826 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info, 1827 ver); 1828 } else { 1829 if (key_info & WPA_KEY_INFO_MIC) { 1830 /* 1/2 Group Key Handshake */ 1831 wpa_supplicant_process_1_of_2(sm, src_addr, key, 1832 extra_len, ver); 1833 } else { 1834 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1835 "WPA: EAPOL-Key (Group) without Mic bit - " 1836 "dropped"); 1837 } 1838 } 1839 1840 ret = 1; 1841 1842 out: 1843 os_free(tmp); 1844 return ret; 1845 } 1846 1847 1848 #ifdef CONFIG_CTRL_IFACE 1849 static int wpa_cipher_bits(int cipher) 1850 { 1851 switch (cipher) { 1852 case WPA_CIPHER_CCMP: 1853 return 128; 1854 case WPA_CIPHER_TKIP: 1855 return 256; 1856 case WPA_CIPHER_WEP104: 1857 return 104; 1858 case WPA_CIPHER_WEP40: 1859 return 40; 1860 default: 1861 return 0; 1862 } 1863 } 1864 1865 1866 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 1867 { 1868 switch (sm->key_mgmt) { 1869 case WPA_KEY_MGMT_IEEE8021X: 1870 return (sm->proto == WPA_PROTO_RSN ? 1871 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 1872 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 1873 case WPA_KEY_MGMT_PSK: 1874 return (sm->proto == WPA_PROTO_RSN ? 1875 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 1876 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 1877 #ifdef CONFIG_IEEE80211R 1878 case WPA_KEY_MGMT_FT_IEEE8021X: 1879 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1880 case WPA_KEY_MGMT_FT_PSK: 1881 return RSN_AUTH_KEY_MGMT_FT_PSK; 1882 #endif /* CONFIG_IEEE80211R */ 1883 #ifdef CONFIG_IEEE80211W 1884 case WPA_KEY_MGMT_IEEE8021X_SHA256: 1885 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1886 case WPA_KEY_MGMT_PSK_SHA256: 1887 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1888 #endif /* CONFIG_IEEE80211W */ 1889 case WPA_KEY_MGMT_WPA_NONE: 1890 return WPA_AUTH_KEY_MGMT_NONE; 1891 default: 1892 return 0; 1893 } 1894 } 1895 1896 1897 static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher) 1898 { 1899 switch (cipher) { 1900 case WPA_CIPHER_CCMP: 1901 return (sm->proto == WPA_PROTO_RSN ? 1902 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); 1903 case WPA_CIPHER_TKIP: 1904 return (sm->proto == WPA_PROTO_RSN ? 1905 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); 1906 case WPA_CIPHER_WEP104: 1907 return (sm->proto == WPA_PROTO_RSN ? 1908 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); 1909 case WPA_CIPHER_WEP40: 1910 return (sm->proto == WPA_PROTO_RSN ? 1911 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); 1912 case WPA_CIPHER_NONE: 1913 return (sm->proto == WPA_PROTO_RSN ? 1914 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); 1915 default: 1916 return 0; 1917 } 1918 } 1919 1920 1921 #define RSN_SUITE "%02x-%02x-%02x-%d" 1922 #define RSN_SUITE_ARG(s) \ 1923 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 1924 1925 /** 1926 * wpa_sm_get_mib - Dump text list of MIB entries 1927 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1928 * @buf: Buffer for the list 1929 * @buflen: Length of the buffer 1930 * Returns: Number of bytes written to buffer 1931 * 1932 * This function is used fetch dot11 MIB variables. 1933 */ 1934 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 1935 { 1936 char pmkid_txt[PMKID_LEN * 2 + 1]; 1937 int rsna, ret; 1938 size_t len; 1939 1940 if (sm->cur_pmksa) { 1941 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 1942 sm->cur_pmksa->pmkid, PMKID_LEN); 1943 } else 1944 pmkid_txt[0] = '\0'; 1945 1946 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 1947 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 1948 sm->proto == WPA_PROTO_RSN) 1949 rsna = 1; 1950 else 1951 rsna = 0; 1952 1953 ret = os_snprintf(buf, buflen, 1954 "dot11RSNAOptionImplemented=TRUE\n" 1955 "dot11RSNAPreauthenticationImplemented=TRUE\n" 1956 "dot11RSNAEnabled=%s\n" 1957 "dot11RSNAPreauthenticationEnabled=%s\n" 1958 "dot11RSNAConfigVersion=%d\n" 1959 "dot11RSNAConfigPairwiseKeysSupported=5\n" 1960 "dot11RSNAConfigGroupCipherSize=%d\n" 1961 "dot11RSNAConfigPMKLifetime=%d\n" 1962 "dot11RSNAConfigPMKReauthThreshold=%d\n" 1963 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 1964 "dot11RSNAConfigSATimeout=%d\n", 1965 rsna ? "TRUE" : "FALSE", 1966 rsna ? "TRUE" : "FALSE", 1967 RSN_VERSION, 1968 wpa_cipher_bits(sm->group_cipher), 1969 sm->dot11RSNAConfigPMKLifetime, 1970 sm->dot11RSNAConfigPMKReauthThreshold, 1971 sm->dot11RSNAConfigSATimeout); 1972 if (ret < 0 || (size_t) ret >= buflen) 1973 return 0; 1974 len = ret; 1975 1976 ret = os_snprintf( 1977 buf + len, buflen - len, 1978 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 1979 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 1980 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 1981 "dot11RSNAPMKIDUsed=%s\n" 1982 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 1983 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 1984 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 1985 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 1986 "dot11RSNA4WayHandshakeFailures=%u\n", 1987 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1988 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1989 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1990 pmkid_txt, 1991 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 1992 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)), 1993 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)), 1994 sm->dot11RSNA4WayHandshakeFailures); 1995 if (ret >= 0 && (size_t) ret < buflen) 1996 len += ret; 1997 1998 return (int) len; 1999 } 2000 #endif /* CONFIG_CTRL_IFACE */ 2001 2002 2003 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2004 void *ctx, int replace) 2005 { 2006 struct wpa_sm *sm = ctx; 2007 2008 if (sm->cur_pmksa == entry || 2009 (sm->pmk_len == entry->pmk_len && 2010 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2011 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2012 "RSN: removed current PMKSA entry"); 2013 sm->cur_pmksa = NULL; 2014 2015 if (replace) { 2016 /* A new entry is being added, so no need to 2017 * deauthenticate in this case. This happens when EAP 2018 * authentication is completed again (reauth or failed 2019 * PMKSA caching attempt). */ 2020 return; 2021 } 2022 2023 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2024 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2025 } 2026 } 2027 2028 2029 /** 2030 * wpa_sm_init - Initialize WPA state machine 2031 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2032 * Returns: Pointer to the allocated WPA state machine data 2033 * 2034 * This function is used to allocate a new WPA state machine and the returned 2035 * value is passed to all WPA state machine calls. 2036 */ 2037 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2038 { 2039 struct wpa_sm *sm; 2040 2041 sm = os_zalloc(sizeof(*sm)); 2042 if (sm == NULL) 2043 return NULL; 2044 dl_list_init(&sm->pmksa_candidates); 2045 sm->renew_snonce = 1; 2046 sm->ctx = ctx; 2047 2048 sm->dot11RSNAConfigPMKLifetime = 43200; 2049 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2050 sm->dot11RSNAConfigSATimeout = 60; 2051 2052 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2053 if (sm->pmksa == NULL) { 2054 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2055 "RSN: PMKSA cache initialization failed"); 2056 os_free(sm); 2057 return NULL; 2058 } 2059 2060 return sm; 2061 } 2062 2063 2064 /** 2065 * wpa_sm_deinit - Deinitialize WPA state machine 2066 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2067 */ 2068 void wpa_sm_deinit(struct wpa_sm *sm) 2069 { 2070 if (sm == NULL) 2071 return; 2072 pmksa_cache_deinit(sm->pmksa); 2073 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2074 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2075 os_free(sm->assoc_wpa_ie); 2076 os_free(sm->ap_wpa_ie); 2077 os_free(sm->ap_rsn_ie); 2078 os_free(sm->ctx); 2079 peerkey_deinit(sm); 2080 #ifdef CONFIG_IEEE80211R 2081 os_free(sm->assoc_resp_ies); 2082 #endif /* CONFIG_IEEE80211R */ 2083 os_free(sm); 2084 } 2085 2086 2087 /** 2088 * wpa_sm_notify_assoc - Notify WPA state machine about association 2089 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2090 * @bssid: The BSSID of the new association 2091 * 2092 * This function is called to let WPA state machine know that the connection 2093 * was established. 2094 */ 2095 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2096 { 2097 int clear_ptk = 1; 2098 2099 if (sm == NULL) 2100 return; 2101 2102 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2103 "WPA: Association event - clear replay counter"); 2104 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2105 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2106 sm->rx_replay_counter_set = 0; 2107 sm->renew_snonce = 1; 2108 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2109 rsn_preauth_deinit(sm); 2110 2111 #ifdef CONFIG_IEEE80211R 2112 if (wpa_ft_is_completed(sm)) { 2113 /* 2114 * Clear portValid to kick EAPOL state machine to re-enter 2115 * AUTHENTICATED state to get the EAPOL port Authorized. 2116 */ 2117 eapol_sm_notify_portValid(sm->eapol, FALSE); 2118 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2119 2120 /* Prepare for the next transition */ 2121 wpa_ft_prepare_auth_request(sm, NULL); 2122 2123 clear_ptk = 0; 2124 } 2125 #endif /* CONFIG_IEEE80211R */ 2126 2127 if (clear_ptk) { 2128 /* 2129 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2130 * this is not part of a Fast BSS Transition. 2131 */ 2132 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2133 sm->ptk_set = 0; 2134 sm->tptk_set = 0; 2135 } 2136 2137 #ifdef CONFIG_TDLS 2138 wpa_tdls_assoc(sm); 2139 #endif /* CONFIG_TDLS */ 2140 } 2141 2142 2143 /** 2144 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2145 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2146 * 2147 * This function is called to let WPA state machine know that the connection 2148 * was lost. This will abort any existing pre-authentication session. 2149 */ 2150 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2151 { 2152 rsn_preauth_deinit(sm); 2153 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2154 sm->dot11RSNA4WayHandshakeFailures++; 2155 #ifdef CONFIG_TDLS 2156 wpa_tdls_disassoc(sm); 2157 #endif /* CONFIG_TDLS */ 2158 } 2159 2160 2161 /** 2162 * wpa_sm_set_pmk - Set PMK 2163 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2164 * @pmk: The new PMK 2165 * @pmk_len: The length of the new PMK in bytes 2166 * 2167 * Configure the PMK for WPA state machine. 2168 */ 2169 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len) 2170 { 2171 if (sm == NULL) 2172 return; 2173 2174 sm->pmk_len = pmk_len; 2175 os_memcpy(sm->pmk, pmk, pmk_len); 2176 2177 #ifdef CONFIG_IEEE80211R 2178 /* Set XXKey to be PSK for FT key derivation */ 2179 sm->xxkey_len = pmk_len; 2180 os_memcpy(sm->xxkey, pmk, pmk_len); 2181 #endif /* CONFIG_IEEE80211R */ 2182 } 2183 2184 2185 /** 2186 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2187 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2188 * 2189 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2190 * will be cleared. 2191 */ 2192 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2193 { 2194 if (sm == NULL) 2195 return; 2196 2197 if (sm->cur_pmksa) { 2198 sm->pmk_len = sm->cur_pmksa->pmk_len; 2199 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2200 } else { 2201 sm->pmk_len = PMK_LEN; 2202 os_memset(sm->pmk, 0, PMK_LEN); 2203 } 2204 } 2205 2206 2207 /** 2208 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2209 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2210 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2211 */ 2212 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2213 { 2214 if (sm) 2215 sm->fast_reauth = fast_reauth; 2216 } 2217 2218 2219 /** 2220 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2221 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2222 * @scard_ctx: Context pointer for smartcard related callback functions 2223 */ 2224 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2225 { 2226 if (sm == NULL) 2227 return; 2228 sm->scard_ctx = scard_ctx; 2229 if (sm->preauth_eapol) 2230 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2231 } 2232 2233 2234 /** 2235 * wpa_sm_set_config - Notification of current configration change 2236 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2237 * @config: Pointer to current network configuration 2238 * 2239 * Notify WPA state machine that configuration has changed. config will be 2240 * stored as a backpointer to network configuration. This can be %NULL to clear 2241 * the stored pointed. 2242 */ 2243 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2244 { 2245 if (!sm) 2246 return; 2247 2248 if (config) { 2249 sm->network_ctx = config->network_ctx; 2250 sm->peerkey_enabled = config->peerkey_enabled; 2251 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2252 sm->proactive_key_caching = config->proactive_key_caching; 2253 sm->eap_workaround = config->eap_workaround; 2254 sm->eap_conf_ctx = config->eap_conf_ctx; 2255 if (config->ssid) { 2256 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2257 sm->ssid_len = config->ssid_len; 2258 } else 2259 sm->ssid_len = 0; 2260 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2261 } else { 2262 sm->network_ctx = NULL; 2263 sm->peerkey_enabled = 0; 2264 sm->allowed_pairwise_cipher = 0; 2265 sm->proactive_key_caching = 0; 2266 sm->eap_workaround = 0; 2267 sm->eap_conf_ctx = NULL; 2268 sm->ssid_len = 0; 2269 sm->wpa_ptk_rekey = 0; 2270 } 2271 } 2272 2273 2274 /** 2275 * wpa_sm_set_own_addr - Set own MAC address 2276 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2277 * @addr: Own MAC address 2278 */ 2279 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2280 { 2281 if (sm) 2282 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2283 } 2284 2285 2286 /** 2287 * wpa_sm_set_ifname - Set network interface name 2288 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2289 * @ifname: Interface name 2290 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2291 */ 2292 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2293 const char *bridge_ifname) 2294 { 2295 if (sm) { 2296 sm->ifname = ifname; 2297 sm->bridge_ifname = bridge_ifname; 2298 } 2299 } 2300 2301 2302 /** 2303 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2304 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2305 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2306 */ 2307 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2308 { 2309 if (sm) 2310 sm->eapol = eapol; 2311 } 2312 2313 2314 /** 2315 * wpa_sm_set_param - Set WPA state machine parameters 2316 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2317 * @param: Parameter field 2318 * @value: Parameter value 2319 * Returns: 0 on success, -1 on failure 2320 */ 2321 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2322 unsigned int value) 2323 { 2324 int ret = 0; 2325 2326 if (sm == NULL) 2327 return -1; 2328 2329 switch (param) { 2330 case RSNA_PMK_LIFETIME: 2331 if (value > 0) 2332 sm->dot11RSNAConfigPMKLifetime = value; 2333 else 2334 ret = -1; 2335 break; 2336 case RSNA_PMK_REAUTH_THRESHOLD: 2337 if (value > 0 && value <= 100) 2338 sm->dot11RSNAConfigPMKReauthThreshold = value; 2339 else 2340 ret = -1; 2341 break; 2342 case RSNA_SA_TIMEOUT: 2343 if (value > 0) 2344 sm->dot11RSNAConfigSATimeout = value; 2345 else 2346 ret = -1; 2347 break; 2348 case WPA_PARAM_PROTO: 2349 sm->proto = value; 2350 break; 2351 case WPA_PARAM_PAIRWISE: 2352 sm->pairwise_cipher = value; 2353 break; 2354 case WPA_PARAM_GROUP: 2355 sm->group_cipher = value; 2356 break; 2357 case WPA_PARAM_KEY_MGMT: 2358 sm->key_mgmt = value; 2359 break; 2360 #ifdef CONFIG_IEEE80211W 2361 case WPA_PARAM_MGMT_GROUP: 2362 sm->mgmt_group_cipher = value; 2363 break; 2364 #endif /* CONFIG_IEEE80211W */ 2365 case WPA_PARAM_RSN_ENABLED: 2366 sm->rsn_enabled = value; 2367 break; 2368 case WPA_PARAM_MFP: 2369 sm->mfp = value; 2370 break; 2371 default: 2372 break; 2373 } 2374 2375 return ret; 2376 } 2377 2378 2379 /** 2380 * wpa_sm_get_param - Get WPA state machine parameters 2381 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2382 * @param: Parameter field 2383 * Returns: Parameter value 2384 */ 2385 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param) 2386 { 2387 if (sm == NULL) 2388 return 0; 2389 2390 switch (param) { 2391 case RSNA_PMK_LIFETIME: 2392 return sm->dot11RSNAConfigPMKLifetime; 2393 case RSNA_PMK_REAUTH_THRESHOLD: 2394 return sm->dot11RSNAConfigPMKReauthThreshold; 2395 case RSNA_SA_TIMEOUT: 2396 return sm->dot11RSNAConfigSATimeout; 2397 case WPA_PARAM_PROTO: 2398 return sm->proto; 2399 case WPA_PARAM_PAIRWISE: 2400 return sm->pairwise_cipher; 2401 case WPA_PARAM_GROUP: 2402 return sm->group_cipher; 2403 case WPA_PARAM_KEY_MGMT: 2404 return sm->key_mgmt; 2405 #ifdef CONFIG_IEEE80211W 2406 case WPA_PARAM_MGMT_GROUP: 2407 return sm->mgmt_group_cipher; 2408 #endif /* CONFIG_IEEE80211W */ 2409 case WPA_PARAM_RSN_ENABLED: 2410 return sm->rsn_enabled; 2411 default: 2412 return 0; 2413 } 2414 } 2415 2416 2417 /** 2418 * wpa_sm_get_status - Get WPA state machine 2419 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2420 * @buf: Buffer for status information 2421 * @buflen: Maximum buffer length 2422 * @verbose: Whether to include verbose status information 2423 * Returns: Number of bytes written to buf. 2424 * 2425 * Query WPA state machine for status information. This function fills in 2426 * a text area with current status information. If the buffer (buf) is not 2427 * large enough, status information will be truncated to fit the buffer. 2428 */ 2429 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2430 int verbose) 2431 { 2432 char *pos = buf, *end = buf + buflen; 2433 int ret; 2434 2435 ret = os_snprintf(pos, end - pos, 2436 "pairwise_cipher=%s\n" 2437 "group_cipher=%s\n" 2438 "key_mgmt=%s\n", 2439 wpa_cipher_txt(sm->pairwise_cipher), 2440 wpa_cipher_txt(sm->group_cipher), 2441 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2442 if (ret < 0 || ret >= end - pos) 2443 return pos - buf; 2444 pos += ret; 2445 return pos - buf; 2446 } 2447 2448 2449 /** 2450 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2451 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2452 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2453 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2454 * Returns: 0 on success, -1 on failure 2455 */ 2456 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2457 size_t *wpa_ie_len) 2458 { 2459 int res; 2460 2461 if (sm == NULL) 2462 return -1; 2463 2464 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2465 if (res < 0) 2466 return -1; 2467 *wpa_ie_len = res; 2468 2469 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2470 wpa_ie, *wpa_ie_len); 2471 2472 if (sm->assoc_wpa_ie == NULL) { 2473 /* 2474 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2475 * the correct version of the IE even if PMKSA caching is 2476 * aborted (which would remove PMKID from IE generation). 2477 */ 2478 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2479 if (sm->assoc_wpa_ie == NULL) 2480 return -1; 2481 2482 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2483 sm->assoc_wpa_ie_len = *wpa_ie_len; 2484 } 2485 2486 return 0; 2487 } 2488 2489 2490 /** 2491 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2492 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2493 * @ie: Pointer to IE data (starting from id) 2494 * @len: IE length 2495 * Returns: 0 on success, -1 on failure 2496 * 2497 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2498 * Request frame. The IE will be used to override the default value generated 2499 * with wpa_sm_set_assoc_wpa_ie_default(). 2500 */ 2501 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2502 { 2503 if (sm == NULL) 2504 return -1; 2505 2506 os_free(sm->assoc_wpa_ie); 2507 if (ie == NULL || len == 0) { 2508 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2509 "WPA: clearing own WPA/RSN IE"); 2510 sm->assoc_wpa_ie = NULL; 2511 sm->assoc_wpa_ie_len = 0; 2512 } else { 2513 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2514 sm->assoc_wpa_ie = os_malloc(len); 2515 if (sm->assoc_wpa_ie == NULL) 2516 return -1; 2517 2518 os_memcpy(sm->assoc_wpa_ie, ie, len); 2519 sm->assoc_wpa_ie_len = len; 2520 } 2521 2522 return 0; 2523 } 2524 2525 2526 /** 2527 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2528 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2529 * @ie: Pointer to IE data (starting from id) 2530 * @len: IE length 2531 * Returns: 0 on success, -1 on failure 2532 * 2533 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2534 * frame. 2535 */ 2536 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2537 { 2538 if (sm == NULL) 2539 return -1; 2540 2541 os_free(sm->ap_wpa_ie); 2542 if (ie == NULL || len == 0) { 2543 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2544 "WPA: clearing AP WPA IE"); 2545 sm->ap_wpa_ie = NULL; 2546 sm->ap_wpa_ie_len = 0; 2547 } else { 2548 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2549 sm->ap_wpa_ie = os_malloc(len); 2550 if (sm->ap_wpa_ie == NULL) 2551 return -1; 2552 2553 os_memcpy(sm->ap_wpa_ie, ie, len); 2554 sm->ap_wpa_ie_len = len; 2555 } 2556 2557 return 0; 2558 } 2559 2560 2561 /** 2562 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2563 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2564 * @ie: Pointer to IE data (starting from id) 2565 * @len: IE length 2566 * Returns: 0 on success, -1 on failure 2567 * 2568 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2569 * frame. 2570 */ 2571 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2572 { 2573 if (sm == NULL) 2574 return -1; 2575 2576 os_free(sm->ap_rsn_ie); 2577 if (ie == NULL || len == 0) { 2578 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2579 "WPA: clearing AP RSN IE"); 2580 sm->ap_rsn_ie = NULL; 2581 sm->ap_rsn_ie_len = 0; 2582 } else { 2583 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2584 sm->ap_rsn_ie = os_malloc(len); 2585 if (sm->ap_rsn_ie == NULL) 2586 return -1; 2587 2588 os_memcpy(sm->ap_rsn_ie, ie, len); 2589 sm->ap_rsn_ie_len = len; 2590 } 2591 2592 return 0; 2593 } 2594 2595 2596 /** 2597 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 2598 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2599 * @data: Pointer to data area for parsing results 2600 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 2601 * 2602 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 2603 * parsed data into data. 2604 */ 2605 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 2606 { 2607 if (sm == NULL) 2608 return -1; 2609 2610 if (sm->assoc_wpa_ie == NULL) { 2611 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2612 "WPA: No WPA/RSN IE available from association info"); 2613 return -1; 2614 } 2615 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 2616 return -2; 2617 return 0; 2618 } 2619 2620 2621 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 2622 { 2623 #ifndef CONFIG_NO_WPA2 2624 return pmksa_cache_list(sm->pmksa, buf, len); 2625 #else /* CONFIG_NO_WPA2 */ 2626 return -1; 2627 #endif /* CONFIG_NO_WPA2 */ 2628 } 2629 2630 2631 void wpa_sm_drop_sa(struct wpa_sm *sm) 2632 { 2633 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2634 sm->ptk_set = 0; 2635 sm->tptk_set = 0; 2636 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2637 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2638 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2639 } 2640 2641 2642 int wpa_sm_has_ptk(struct wpa_sm *sm) 2643 { 2644 if (sm == NULL) 2645 return 0; 2646 return sm->ptk_set; 2647 } 2648 2649 2650 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 2651 { 2652 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 2653 } 2654 2655 2656 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 2657 { 2658 #ifndef CONFIG_NO_WPA2 2659 pmksa_cache_flush(sm->pmksa, network_ctx); 2660 #endif /* CONFIG_NO_WPA2 */ 2661 } 2662
