1 /* 2 * WPA Supplicant - PeerKey for Direct Link Setup (DLS) 3 * Copyright (c) 2006-2008, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #ifdef CONFIG_PEERKEY 12 13 #include "common.h" 14 #include "eloop.h" 15 #include "crypto/sha1.h" 16 #include "crypto/sha256.h" 17 #include "crypto/random.h" 18 #include "common/ieee802_11_defs.h" 19 #include "wpa.h" 20 #include "wpa_i.h" 21 #include "wpa_ie.h" 22 #include "peerkey.h" 23 24 25 static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len) 26 { 27 os_memcpy(pos, ie, ie_len); 28 return pos + ie_len; 29 } 30 31 32 static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len) 33 { 34 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 35 *pos++ = RSN_SELECTOR_LEN + data_len; 36 RSN_SELECTOR_PUT(pos, kde); 37 pos += RSN_SELECTOR_LEN; 38 os_memcpy(pos, data, data_len); 39 pos += data_len; 40 return pos; 41 } 42 43 44 static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx) 45 { 46 #if 0 47 struct wpa_sm *sm = eloop_ctx; 48 struct wpa_peerkey *peerkey = timeout_ctx; 49 #endif 50 /* TODO: time out SMK and any STK that was generated using this SMK */ 51 } 52 53 54 static void wpa_supplicant_peerkey_free(struct wpa_sm *sm, 55 struct wpa_peerkey *peerkey) 56 { 57 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey); 58 os_free(peerkey); 59 } 60 61 62 static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst, 63 const u8 *peer, 64 u16 mui, u16 error_type, int ver) 65 { 66 size_t rlen; 67 struct wpa_eapol_key *err; 68 struct rsn_error_kde error; 69 u8 *rbuf, *pos; 70 size_t kde_len; 71 u16 key_info; 72 73 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error); 74 if (peer) 75 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN; 76 77 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 78 NULL, sizeof(*err) + kde_len, &rlen, 79 (void *) &err); 80 if (rbuf == NULL) 81 return -1; 82 83 err->type = EAPOL_KEY_TYPE_RSN; 84 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 85 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR | 86 WPA_KEY_INFO_REQUEST; 87 WPA_PUT_BE16(err->key_info, key_info); 88 WPA_PUT_BE16(err->key_length, 0); 89 os_memcpy(err->replay_counter, sm->request_counter, 90 WPA_REPLAY_COUNTER_LEN); 91 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 92 93 WPA_PUT_BE16(err->key_data_length, (u16) kde_len); 94 pos = (u8 *) (err + 1); 95 96 if (peer) { 97 /* Peer MAC Address KDE */ 98 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN); 99 } 100 101 /* Error KDE */ 102 error.mui = host_to_be16(mui); 103 error.error_type = host_to_be16(error_type); 104 wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error)); 105 106 if (peer) { 107 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer " 108 MACSTR " mui %d error_type %d)", 109 MAC2STR(peer), mui, error_type); 110 } else { 111 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error " 112 "(mui %d error_type %d)", mui, error_type); 113 } 114 115 wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL, 116 rbuf, rlen, err->key_mic); 117 118 return 0; 119 } 120 121 122 static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm, 123 const unsigned char *src_addr, 124 const struct wpa_eapol_key *key, 125 int ver, struct wpa_peerkey *peerkey) 126 { 127 size_t rlen; 128 struct wpa_eapol_key *reply; 129 u8 *rbuf, *pos; 130 size_t kde_len; 131 u16 key_info; 132 133 /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */ 134 kde_len = peerkey->rsnie_p_len + 135 2 + RSN_SELECTOR_LEN + ETH_ALEN + 136 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN; 137 138 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 139 NULL, sizeof(*reply) + kde_len, &rlen, 140 (void *) &reply); 141 if (rbuf == NULL) 142 return -1; 143 144 reply->type = EAPOL_KEY_TYPE_RSN; 145 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 146 WPA_KEY_INFO_SECURE; 147 WPA_PUT_BE16(reply->key_info, key_info); 148 WPA_PUT_BE16(reply->key_length, 0); 149 os_memcpy(reply->replay_counter, key->replay_counter, 150 WPA_REPLAY_COUNTER_LEN); 151 152 os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN); 153 154 WPA_PUT_BE16(reply->key_data_length, (u16) kde_len); 155 pos = (u8 *) (reply + 1); 156 157 /* Peer RSN IE */ 158 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len); 159 160 /* Initiator MAC Address KDE */ 161 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN); 162 163 /* Initiator Nonce */ 164 wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN); 165 166 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3"); 167 wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL, 168 rbuf, rlen, reply->key_mic); 169 170 return 0; 171 } 172 173 174 static int wpa_supplicant_process_smk_m2( 175 struct wpa_sm *sm, const unsigned char *src_addr, 176 const struct wpa_eapol_key *key, size_t extra_len, int ver) 177 { 178 struct wpa_peerkey *peerkey; 179 struct wpa_eapol_ie_parse kde; 180 struct wpa_ie_data ie; 181 int cipher; 182 struct rsn_ie_hdr *hdr; 183 u8 *pos; 184 185 wpa_printf(MSG_DEBUG, "RSN: Received SMK M2"); 186 187 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 188 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for " 189 "the current network"); 190 return -1; 191 } 192 193 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 194 0) { 195 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2"); 196 return -1; 197 } 198 199 if (kde.rsn_ie == NULL || kde.mac_addr == NULL || 200 kde.mac_addr_len < ETH_ALEN) { 201 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in " 202 "SMK M2"); 203 return -1; 204 } 205 206 wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR, 207 MAC2STR(kde.mac_addr)); 208 209 if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) { 210 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK " 211 "M2"); 212 return -1; 213 } 214 215 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) { 216 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2"); 217 return -1; 218 } 219 220 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher & 221 sm->allowed_pairwise_cipher, 0); 222 if (cipher < 0) { 223 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2"); 224 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr, 225 STK_MUI_SMK, STK_ERR_CPHR_NS, 226 ver); 227 return -1; 228 } 229 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey", 230 wpa_cipher_txt(cipher)); 231 232 /* TODO: find existing entry and if found, use that instead of adding 233 * a new one; how to handle the case where both ends initiate at the 234 * same time? */ 235 peerkey = os_zalloc(sizeof(*peerkey)); 236 if (peerkey == NULL) 237 return -1; 238 os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN); 239 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN); 240 os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); 241 peerkey->rsnie_i_len = kde.rsn_ie_len; 242 peerkey->cipher = cipher; 243 #ifdef CONFIG_IEEE80211W 244 if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 | 245 WPA_KEY_MGMT_PSK_SHA256)) 246 peerkey->use_sha256 = 1; 247 #endif /* CONFIG_IEEE80211W */ 248 249 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) { 250 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 251 "WPA: Failed to get random data for PNonce"); 252 wpa_supplicant_peerkey_free(sm, peerkey); 253 return -1; 254 } 255 256 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p; 257 hdr->elem_id = WLAN_EID_RSN; 258 WPA_PUT_LE16(hdr->version, RSN_VERSION); 259 pos = (u8 *) (hdr + 1); 260 /* Group Suite can be anything for SMK RSN IE; receiver will just 261 * ignore it. */ 262 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 263 pos += RSN_SELECTOR_LEN; 264 /* Include only the selected cipher in pairwise cipher suite */ 265 WPA_PUT_LE16(pos, 1); 266 pos += 2; 267 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher)); 268 pos += RSN_SELECTOR_LEN; 269 270 hdr->len = (pos - peerkey->rsnie_p) - 2; 271 peerkey->rsnie_p_len = pos - peerkey->rsnie_p; 272 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake", 273 peerkey->rsnie_p, peerkey->rsnie_p_len); 274 275 wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey); 276 277 peerkey->next = sm->peerkey; 278 sm->peerkey = peerkey; 279 280 return 0; 281 } 282 283 284 /** 285 * rsn_smkid - Derive SMK identifier 286 * @smk: Station master key (32 bytes) 287 * @pnonce: Peer Nonce 288 * @mac_p: Peer MAC address 289 * @inonce: Initiator Nonce 290 * @mac_i: Initiator MAC address 291 * @use_sha256: Whether to use SHA256-based KDF 292 * 293 * 8.5.1.4 Station to station (STK) key hierarchy 294 * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I) 295 */ 296 static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p, 297 const u8 *inonce, const u8 *mac_i, u8 *smkid, 298 int use_sha256) 299 { 300 char *title = "SMK Name"; 301 const u8 *addr[5]; 302 const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN, 303 ETH_ALEN }; 304 unsigned char hash[SHA256_MAC_LEN]; 305 306 addr[0] = (u8 *) title; 307 addr[1] = pnonce; 308 addr[2] = mac_p; 309 addr[3] = inonce; 310 addr[4] = mac_i; 311 312 #ifdef CONFIG_IEEE80211W 313 if (use_sha256) 314 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash); 315 else 316 #endif /* CONFIG_IEEE80211W */ 317 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash); 318 os_memcpy(smkid, hash, PMKID_LEN); 319 } 320 321 322 static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm, 323 struct wpa_peerkey *peerkey) 324 { 325 size_t mlen; 326 struct wpa_eapol_key *msg; 327 u8 *mbuf; 328 size_t kde_len; 329 u16 key_info, ver; 330 331 kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; 332 333 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 334 sizeof(*msg) + kde_len, &mlen, 335 (void *) &msg); 336 if (mbuf == NULL) 337 return; 338 339 msg->type = EAPOL_KEY_TYPE_RSN; 340 341 if (peerkey->cipher != WPA_CIPHER_TKIP) 342 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 343 else 344 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 345 346 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK; 347 WPA_PUT_BE16(msg->key_info, key_info); 348 349 if (peerkey->cipher != WPA_CIPHER_TKIP) 350 WPA_PUT_BE16(msg->key_length, 16); 351 else 352 WPA_PUT_BE16(msg->key_length, 32); 353 354 os_memcpy(msg->replay_counter, peerkey->replay_counter, 355 WPA_REPLAY_COUNTER_LEN); 356 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); 357 358 WPA_PUT_BE16(msg->key_data_length, kde_len); 359 wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID, 360 peerkey->smkid, PMKID_LEN); 361 362 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) { 363 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 364 "RSN: Failed to get random data for INonce (STK)"); 365 os_free(mbuf); 366 return; 367 } 368 wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake", 369 peerkey->inonce, WPA_NONCE_LEN); 370 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 371 372 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR, 373 MAC2STR(peerkey->addr)); 374 wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL, 375 mbuf, mlen, NULL); 376 } 377 378 379 static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm, 380 struct wpa_peerkey *peerkey) 381 { 382 size_t mlen; 383 struct wpa_eapol_key *msg; 384 u8 *mbuf, *pos; 385 size_t kde_len; 386 u16 key_info, ver; 387 be32 lifetime; 388 389 kde_len = peerkey->rsnie_i_len + 390 2 + RSN_SELECTOR_LEN + sizeof(lifetime); 391 392 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 393 sizeof(*msg) + kde_len, &mlen, 394 (void *) &msg); 395 if (mbuf == NULL) 396 return; 397 398 msg->type = EAPOL_KEY_TYPE_RSN; 399 400 if (peerkey->cipher != WPA_CIPHER_TKIP) 401 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 402 else 403 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 404 405 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK | 406 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE; 407 WPA_PUT_BE16(msg->key_info, key_info); 408 409 if (peerkey->cipher != WPA_CIPHER_TKIP) 410 WPA_PUT_BE16(msg->key_length, 16); 411 else 412 WPA_PUT_BE16(msg->key_length, 32); 413 414 os_memcpy(msg->replay_counter, peerkey->replay_counter, 415 WPA_REPLAY_COUNTER_LEN); 416 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN); 417 418 WPA_PUT_BE16(msg->key_data_length, kde_len); 419 pos = (u8 *) (msg + 1); 420 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len); 421 lifetime = host_to_be32(peerkey->lifetime); 422 wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, 423 (u8 *) &lifetime, sizeof(lifetime)); 424 425 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 426 427 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR, 428 MAC2STR(peerkey->addr)); 429 wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr, 430 ETH_P_EAPOL, mbuf, mlen, msg->key_mic); 431 } 432 433 434 static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey, 435 struct wpa_eapol_ie_parse *kde) 436 { 437 wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")", 438 MAC2STR(kde->mac_addr)); 439 440 if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0) 441 { 442 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not " 443 "match with the one used in SMK M3"); 444 return -1; 445 } 446 447 if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) { 448 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not " 449 "match with the one received in SMK M2"); 450 return -1; 451 } 452 453 return 0; 454 } 455 456 457 static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm, 458 const unsigned char *src_addr, 459 const struct wpa_eapol_key *key, 460 int ver, 461 struct wpa_peerkey *peerkey, 462 struct wpa_eapol_ie_parse *kde) 463 { 464 int cipher; 465 struct wpa_ie_data ie; 466 467 wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")", 468 MAC2STR(kde->mac_addr)); 469 if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN || 470 wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) { 471 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5"); 472 /* TODO: abort negotiation */ 473 return -1; 474 } 475 476 if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) { 477 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does " 478 "not match with INonce used in SMK M1"); 479 return -1; 480 } 481 482 if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0) 483 { 484 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not " 485 "match with the one used in SMK M1"); 486 return -1; 487 } 488 489 os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len); 490 peerkey->rsnie_p_len = kde->rsn_ie_len; 491 os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN); 492 493 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher & 494 sm->allowed_pairwise_cipher, 0); 495 if (cipher < 0) { 496 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected " 497 "unacceptable cipher", MAC2STR(kde->mac_addr)); 498 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr, 499 STK_MUI_SMK, STK_ERR_CPHR_NS, 500 ver); 501 /* TODO: abort negotiation */ 502 return -1; 503 } 504 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey", 505 wpa_cipher_txt(cipher)); 506 peerkey->cipher = cipher; 507 508 return 0; 509 } 510 511 512 static int wpa_supplicant_process_smk_m45( 513 struct wpa_sm *sm, const unsigned char *src_addr, 514 const struct wpa_eapol_key *key, size_t extra_len, int ver) 515 { 516 struct wpa_peerkey *peerkey; 517 struct wpa_eapol_ie_parse kde; 518 u32 lifetime; 519 struct os_time now; 520 521 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 522 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for " 523 "the current network"); 524 return -1; 525 } 526 527 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 528 0) { 529 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5"); 530 return -1; 531 } 532 533 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN || 534 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN || 535 kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN || 536 kde.lifetime == NULL || kde.lifetime_len < 4) { 537 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or " 538 "Lifetime KDE in SMK M4/M5"); 539 return -1; 540 } 541 542 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 543 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 && 544 os_memcmp(peerkey->initiator ? peerkey->inonce : 545 peerkey->pnonce, 546 key->key_nonce, WPA_NONCE_LEN) == 0) 547 break; 548 } 549 if (peerkey == NULL) { 550 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found " 551 "for SMK M4/M5: peer " MACSTR, 552 MAC2STR(kde.mac_addr)); 553 return -1; 554 } 555 556 if (peerkey->initiator) { 557 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver, 558 peerkey, &kde) < 0) 559 return -1; 560 } else { 561 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0) 562 return -1; 563 } 564 565 os_memcpy(peerkey->smk, kde.smk, PMK_LEN); 566 peerkey->smk_complete = 1; 567 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN); 568 lifetime = WPA_GET_BE32(kde.lifetime); 569 wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime); 570 if (lifetime > 1000000000) 571 lifetime = 1000000000; /* avoid overflowing expiration time */ 572 peerkey->lifetime = lifetime; 573 os_get_time(&now); 574 peerkey->expiration = now.sec + lifetime; 575 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout, 576 sm, peerkey); 577 578 if (peerkey->initiator) { 579 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr, 580 peerkey->inonce, sm->own_addr, peerkey->smkid, 581 peerkey->use_sha256); 582 wpa_supplicant_send_stk_1_of_4(sm, peerkey); 583 } else { 584 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr, 585 peerkey->inonce, peerkey->addr, peerkey->smkid, 586 peerkey->use_sha256); 587 } 588 wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN); 589 590 return 0; 591 } 592 593 594 static int wpa_supplicant_process_smk_error( 595 struct wpa_sm *sm, const unsigned char *src_addr, 596 const struct wpa_eapol_key *key, size_t extra_len) 597 { 598 struct wpa_eapol_ie_parse kde; 599 struct rsn_error_kde error; 600 u8 peer[ETH_ALEN]; 601 u16 error_type; 602 603 wpa_printf(MSG_DEBUG, "RSN: Received SMK Error"); 604 605 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) { 606 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for " 607 "the current network"); 608 return -1; 609 } 610 611 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) < 612 0) { 613 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error"); 614 return -1; 615 } 616 617 if (kde.error == NULL || kde.error_len < sizeof(error)) { 618 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error"); 619 return -1; 620 } 621 622 if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN) 623 os_memcpy(peer, kde.mac_addr, ETH_ALEN); 624 else 625 os_memset(peer, 0, ETH_ALEN); 626 os_memcpy(&error, kde.error, sizeof(error)); 627 error_type = be_to_host16(error.error_type); 628 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 629 "RSN: SMK Error KDE received: MUI %d error_type %d peer " 630 MACSTR, 631 be_to_host16(error.mui), error_type, 632 MAC2STR(peer)); 633 634 if (kde.mac_addr && 635 (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN || 636 error_type == STK_ERR_CPHR_NS)) { 637 struct wpa_peerkey *peerkey; 638 639 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 640 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 641 0) 642 break; 643 } 644 if (peerkey == NULL) { 645 wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake " 646 "found for SMK Error"); 647 return -1; 648 } 649 /* TODO: abort SMK/STK handshake and remove all related keys */ 650 } 651 652 return 0; 653 } 654 655 656 static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm, 657 struct wpa_peerkey *peerkey, 658 const struct wpa_eapol_key *key, 659 u16 ver) 660 { 661 struct wpa_eapol_ie_parse ie; 662 const u8 *kde; 663 size_t len, kde_buf_len; 664 struct wpa_ptk *stk; 665 u8 buf[8], *kde_buf, *pos; 666 be32 lifetime; 667 668 wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from " 669 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 670 671 os_memset(&ie, 0, sizeof(ie)); 672 673 /* RSN: msg 1/4 should contain SMKID for the selected SMK */ 674 kde = (const u8 *) (key + 1); 675 len = WPA_GET_BE16(key->key_data_length); 676 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len); 677 if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) { 678 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4"); 679 return; 680 } 681 if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) { 682 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4", 683 ie.pmkid, PMKID_LEN); 684 return; 685 } 686 687 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) { 688 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 689 "RSN: Failed to get random data for PNonce"); 690 return; 691 } 692 wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce", 693 peerkey->pnonce, WPA_NONCE_LEN); 694 695 /* Calculate STK which will be stored as a temporary STK until it has 696 * been verified when processing message 3/4. */ 697 stk = &peerkey->tstk; 698 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion", 699 sm->own_addr, peerkey->addr, 700 peerkey->pnonce, key->key_nonce, 701 (u8 *) stk, sizeof(*stk), 702 peerkey->use_sha256); 703 /* Supplicant: swap tx/rx Mic keys */ 704 os_memcpy(buf, stk->u.auth.tx_mic_key, 8); 705 os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8); 706 os_memcpy(stk->u.auth.rx_mic_key, buf, 8); 707 peerkey->tstk_set = 1; 708 709 kde_buf_len = peerkey->rsnie_p_len + 710 2 + RSN_SELECTOR_LEN + sizeof(lifetime) + 711 2 + RSN_SELECTOR_LEN + PMKID_LEN; 712 kde_buf = os_malloc(kde_buf_len); 713 if (kde_buf == NULL) 714 return; 715 pos = kde_buf; 716 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len); 717 lifetime = host_to_be32(peerkey->lifetime); 718 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, 719 (u8 *) &lifetime, sizeof(lifetime)); 720 wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN); 721 722 if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver, 723 peerkey->pnonce, kde_buf, kde_buf_len, 724 stk)) { 725 os_free(kde_buf); 726 return; 727 } 728 os_free(kde_buf); 729 730 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN); 731 } 732 733 734 static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm, 735 struct wpa_peerkey *peerkey, 736 struct wpa_eapol_ie_parse *kde) 737 { 738 u32 lifetime; 739 struct os_time now; 740 741 if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime)) 742 return; 743 744 lifetime = WPA_GET_BE32(kde->lifetime); 745 746 if (lifetime >= peerkey->lifetime) { 747 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds " 748 "which is larger than or equal to own value %u " 749 "seconds - ignored", lifetime, peerkey->lifetime); 750 return; 751 } 752 753 wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds " 754 "(own was %u seconds) - updated", 755 lifetime, peerkey->lifetime); 756 peerkey->lifetime = lifetime; 757 758 os_get_time(&now); 759 peerkey->expiration = now.sec + lifetime; 760 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey); 761 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout, 762 sm, peerkey); 763 } 764 765 766 static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm, 767 struct wpa_peerkey *peerkey, 768 const struct wpa_eapol_key *key, 769 u16 ver) 770 { 771 struct wpa_eapol_ie_parse kde; 772 const u8 *keydata; 773 size_t len; 774 775 wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from " 776 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 777 778 os_memset(&kde, 0, sizeof(kde)); 779 780 /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE 781 * from the peer. It may also include Lifetime KDE. */ 782 keydata = (const u8 *) (key + 1); 783 len = WPA_GET_BE16(key->key_data_length); 784 wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len); 785 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 || 786 kde.pmkid == NULL || kde.rsn_ie == NULL) { 787 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4"); 788 return; 789 } 790 791 if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) { 792 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4", 793 kde.pmkid, PMKID_LEN); 794 return; 795 } 796 797 if (kde.rsn_ie_len != peerkey->rsnie_p_len || 798 os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) { 799 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK " 800 "handshakes did not match"); 801 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake", 802 peerkey->rsnie_p, peerkey->rsnie_p_len); 803 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake", 804 kde.rsn_ie, kde.rsn_ie_len); 805 return; 806 } 807 808 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde); 809 810 wpa_supplicant_send_stk_3_of_4(sm, peerkey); 811 os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN); 812 } 813 814 815 static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm, 816 struct wpa_peerkey *peerkey, 817 const struct wpa_eapol_key *key, 818 u16 ver) 819 { 820 struct wpa_eapol_ie_parse kde; 821 const u8 *keydata; 822 size_t len, key_len; 823 const u8 *_key; 824 u8 key_buf[32], rsc[6]; 825 826 wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from " 827 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 828 829 os_memset(&kde, 0, sizeof(kde)); 830 831 /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include 832 * Lifetime KDE. */ 833 keydata = (const u8 *) (key + 1); 834 len = WPA_GET_BE16(key->key_data_length); 835 wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len); 836 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) { 837 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in " 838 "STK 3/4"); 839 return; 840 } 841 842 if (kde.rsn_ie_len != peerkey->rsnie_i_len || 843 os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) { 844 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK " 845 "handshakes did not match"); 846 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK " 847 "handshake", 848 peerkey->rsnie_i, peerkey->rsnie_i_len); 849 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK " 850 "handshake", 851 kde.rsn_ie, kde.rsn_ie_len); 852 return; 853 } 854 855 if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 856 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK " 857 "4-Way Handshake differs from 3 of STK 4-Way " 858 "Handshake - drop packet (src=" MACSTR ")", 859 MAC2STR(peerkey->addr)); 860 return; 861 } 862 863 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde); 864 865 if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver, 866 WPA_GET_BE16(key->key_info), 867 NULL, 0, &peerkey->stk)) 868 return; 869 870 _key = (u8 *) peerkey->stk.tk1; 871 if (peerkey->cipher == WPA_CIPHER_TKIP) { 872 /* Swap Tx/Rx keys for Michael MIC */ 873 os_memcpy(key_buf, _key, 16); 874 os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8); 875 os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8); 876 _key = key_buf; 877 key_len = 32; 878 } else 879 key_len = 16; 880 881 os_memset(rsc, 0, 6); 882 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1, 883 rsc, sizeof(rsc), _key, key_len) < 0) { 884 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the " 885 "driver."); 886 return; 887 } 888 } 889 890 891 static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm, 892 struct wpa_peerkey *peerkey, 893 const struct wpa_eapol_key *key, 894 u16 ver) 895 { 896 u8 rsc[6]; 897 898 wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from " 899 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver); 900 901 os_memset(rsc, 0, 6); 902 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1, 903 rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1, 904 peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) { 905 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the " 906 "driver."); 907 return; 908 } 909 } 910 911 912 /** 913 * peerkey_verify_eapol_key_mic - Verify PeerKey MIC 914 * @sm: Pointer to WPA state machine data from wpa_sm_init() 915 * @peerkey: Pointer to the PeerKey data for the peer 916 * @key: Pointer to the EAPOL-Key frame header 917 * @ver: Version bits from EAPOL-Key Key Info 918 * @buf: Pointer to the beginning of EAPOL-Key frame 919 * @len: Length of the EAPOL-Key frame 920 * Returns: 0 on success, -1 on failure 921 */ 922 int peerkey_verify_eapol_key_mic(struct wpa_sm *sm, 923 struct wpa_peerkey *peerkey, 924 struct wpa_eapol_key *key, u16 ver, 925 const u8 *buf, size_t len) 926 { 927 u8 mic[16]; 928 int ok = 0; 929 930 if (peerkey->initiator && !peerkey->stk_set) { 931 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion", 932 sm->own_addr, peerkey->addr, 933 peerkey->inonce, key->key_nonce, 934 (u8 *) &peerkey->stk, sizeof(peerkey->stk), 935 peerkey->use_sha256); 936 peerkey->stk_set = 1; 937 } 938 939 os_memcpy(mic, key->key_mic, 16); 940 if (peerkey->tstk_set) { 941 os_memset(key->key_mic, 0, 16); 942 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len, 943 key->key_mic); 944 if (os_memcmp(mic, key->key_mic, 16) != 0) { 945 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC " 946 "when using TSTK - ignoring TSTK"); 947 } else { 948 ok = 1; 949 peerkey->tstk_set = 0; 950 peerkey->stk_set = 1; 951 os_memcpy(&peerkey->stk, &peerkey->tstk, 952 sizeof(peerkey->stk)); 953 } 954 } 955 956 if (!ok && peerkey->stk_set) { 957 os_memset(key->key_mic, 0, 16); 958 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len, 959 key->key_mic); 960 if (os_memcmp(mic, key->key_mic, 16) != 0) { 961 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC " 962 "- dropping packet"); 963 return -1; 964 } 965 ok = 1; 966 } 967 968 if (!ok) { 969 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC " 970 "- dropping packet"); 971 return -1; 972 } 973 974 os_memcpy(peerkey->replay_counter, key->replay_counter, 975 WPA_REPLAY_COUNTER_LEN); 976 peerkey->replay_counter_set = 1; 977 return 0; 978 } 979 980 981 /** 982 * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1) 983 * @sm: Pointer to WPA state machine data from wpa_sm_init() 984 * @peer: MAC address of the peer STA 985 * Returns: 0 on success, or -1 on failure 986 * 987 * Send an EAPOL-Key Request to the current authenticator to start STK 988 * handshake with the peer. 989 */ 990 int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer) 991 { 992 size_t rlen, kde_len; 993 struct wpa_eapol_key *req; 994 int key_info, ver; 995 u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos; 996 u16 count; 997 struct rsn_ie_hdr *hdr; 998 struct wpa_peerkey *peerkey; 999 struct wpa_ie_data ie; 1000 1001 if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled) 1002 return -1; 1003 1004 if (sm->ap_rsn_ie && 1005 wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 && 1006 !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) { 1007 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK"); 1008 return -1; 1009 } 1010 1011 if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 1012 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 1013 else 1014 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 1015 1016 if (wpa_sm_get_bssid(sm, bssid) < 0) { 1017 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key " 1018 "SMK M1"); 1019 return -1; 1020 } 1021 1022 /* TODO: find existing entry and if found, use that instead of adding 1023 * a new one */ 1024 peerkey = os_zalloc(sizeof(*peerkey)); 1025 if (peerkey == NULL) 1026 return -1; 1027 peerkey->initiator = 1; 1028 os_memcpy(peerkey->addr, peer, ETH_ALEN); 1029 #ifdef CONFIG_IEEE80211W 1030 if (wpa_key_mgmt_sha256(sm->key_mgmt)) 1031 peerkey->use_sha256 = 1; 1032 #endif /* CONFIG_IEEE80211W */ 1033 1034 /* SMK M1: 1035 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce, 1036 * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE)) 1037 */ 1038 1039 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i; 1040 hdr->elem_id = WLAN_EID_RSN; 1041 WPA_PUT_LE16(hdr->version, RSN_VERSION); 1042 pos = (u8 *) (hdr + 1); 1043 /* Group Suite can be anything for SMK RSN IE; receiver will just 1044 * ignore it. */ 1045 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 1046 pos += RSN_SELECTOR_LEN; 1047 count_pos = pos; 1048 pos += 2; 1049 1050 count = rsn_cipher_put_suites(pos, sm->allowed_pairwise_cipher); 1051 pos += count * RSN_SELECTOR_LEN; 1052 WPA_PUT_LE16(count_pos, count); 1053 1054 hdr->len = (pos - peerkey->rsnie_i) - 2; 1055 peerkey->rsnie_i_len = pos - peerkey->rsnie_i; 1056 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake", 1057 peerkey->rsnie_i, peerkey->rsnie_i_len); 1058 1059 kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN; 1060 1061 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1062 sizeof(*req) + kde_len, &rlen, 1063 (void *) &req); 1064 if (rbuf == NULL) { 1065 wpa_supplicant_peerkey_free(sm, peerkey); 1066 return -1; 1067 } 1068 1069 req->type = EAPOL_KEY_TYPE_RSN; 1070 key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC | 1071 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver; 1072 WPA_PUT_BE16(req->key_info, key_info); 1073 WPA_PUT_BE16(req->key_length, 0); 1074 os_memcpy(req->replay_counter, sm->request_counter, 1075 WPA_REPLAY_COUNTER_LEN); 1076 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 1077 1078 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) { 1079 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1080 "WPA: Failed to get random data for INonce"); 1081 os_free(rbuf); 1082 wpa_supplicant_peerkey_free(sm, peerkey); 1083 return -1; 1084 } 1085 os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN); 1086 wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake", 1087 req->key_nonce, WPA_NONCE_LEN); 1088 1089 WPA_PUT_BE16(req->key_data_length, (u16) kde_len); 1090 pos = (u8 *) (req + 1); 1091 1092 /* Initiator RSN IE */ 1093 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len); 1094 /* Peer MAC address KDE */ 1095 wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN); 1096 1097 wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer " 1098 MACSTR ")", MAC2STR(peer)); 1099 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL, 1100 rbuf, rlen, req->key_mic); 1101 1102 peerkey->next = sm->peerkey; 1103 sm->peerkey = peerkey; 1104 1105 return 0; 1106 } 1107 1108 1109 /** 1110 * peerkey_deinit - Free PeerKey values 1111 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1112 */ 1113 void peerkey_deinit(struct wpa_sm *sm) 1114 { 1115 struct wpa_peerkey *prev, *peerkey = sm->peerkey; 1116 while (peerkey) { 1117 prev = peerkey; 1118 peerkey = peerkey->next; 1119 os_free(prev); 1120 } 1121 sm->peerkey = NULL; 1122 } 1123 1124 1125 void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey, 1126 struct wpa_eapol_key *key, u16 key_info, u16 ver) 1127 { 1128 if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) == 1129 (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) { 1130 /* 3/4 STK 4-Way Handshake */ 1131 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver); 1132 } else if (key_info & WPA_KEY_INFO_ACK) { 1133 /* 1/4 STK 4-Way Handshake */ 1134 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver); 1135 } else if (key_info & WPA_KEY_INFO_SECURE) { 1136 /* 4/4 STK 4-Way Handshake */ 1137 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver); 1138 } else { 1139 /* 2/4 STK 4-Way Handshake */ 1140 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver); 1141 } 1142 } 1143 1144 1145 void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr, 1146 struct wpa_eapol_key *key, size_t extra_len, 1147 u16 key_info, u16 ver) 1148 { 1149 if (key_info & WPA_KEY_INFO_ERROR) { 1150 /* SMK Error */ 1151 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len); 1152 } else if (key_info & WPA_KEY_INFO_ACK) { 1153 /* SMK M2 */ 1154 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len, 1155 ver); 1156 } else { 1157 /* SMK M4 or M5 */ 1158 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len, 1159 ver); 1160 } 1161 } 1162 1163 #endif /* CONFIG_PEERKEY */ 1164
