Home | History | Annotate | Download | only in rsn_supp
      1 /*
      2  * WPA Supplicant - WPA state machine and EAPOL-Key processing
      3  * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "crypto/aes_wrap.h"
     13 #include "crypto/crypto.h"
     14 #include "crypto/random.h"
     15 #include "common/ieee802_11_defs.h"
     16 #include "eapol_supp/eapol_supp_sm.h"
     17 #include "wpa.h"
     18 #include "eloop.h"
     19 #include "preauth.h"
     20 #include "pmksa_cache.h"
     21 #include "wpa_i.h"
     22 #include "wpa_ie.h"
     23 #include "peerkey.h"
     24 
     25 
     26 /**
     27  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
     28  * @sm: Pointer to WPA state machine data from wpa_sm_init()
     29  * @kck: Key Confirmation Key (KCK, part of PTK)
     30  * @ver: Version field from Key Info
     31  * @dest: Destination address for the frame
     32  * @proto: Ethertype (usually ETH_P_EAPOL)
     33  * @msg: EAPOL-Key message
     34  * @msg_len: Length of message
     35  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
     36  */
     37 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
     38 			int ver, const u8 *dest, u16 proto,
     39 			u8 *msg, size_t msg_len, u8 *key_mic)
     40 {
     41 	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
     42 		/*
     43 		 * Association event was not yet received; try to fetch
     44 		 * BSSID from the driver.
     45 		 */
     46 		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
     47 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
     48 				"WPA: Failed to read BSSID for "
     49 				"EAPOL-Key destination address");
     50 		} else {
     51 			dest = sm->bssid;
     52 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
     53 				"WPA: Use BSSID (" MACSTR
     54 				") as the destination for EAPOL-Key",
     55 				MAC2STR(dest));
     56 		}
     57 	}
     58 	if (key_mic &&
     59 	    wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) {
     60 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
     61 			"WPA: Failed to generate EAPOL-Key "
     62 			"version %d MIC", ver);
     63 		goto out;
     64 	}
     65 	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, 16);
     66 	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, 16);
     67 	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
     68 	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
     69 	eapol_sm_notify_tx_eapol_key(sm->eapol);
     70 out:
     71 	os_free(msg);
     72 }
     73 
     74 
     75 /**
     76  * wpa_sm_key_request - Send EAPOL-Key Request
     77  * @sm: Pointer to WPA state machine data from wpa_sm_init()
     78  * @error: Indicate whether this is an Michael MIC error report
     79  * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
     80  *
     81  * Send an EAPOL-Key Request to the current authenticator. This function is
     82  * used to request rekeying and it is usually called when a local Michael MIC
     83  * failure is detected.
     84  */
     85 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
     86 {
     87 	size_t rlen;
     88 	struct wpa_eapol_key *reply;
     89 	int key_info, ver;
     90 	u8 bssid[ETH_ALEN], *rbuf;
     91 
     92 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN)
     93 		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
     94 	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
     95 		 wpa_key_mgmt_sha256(sm->key_mgmt))
     96 		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
     97 	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
     98 		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
     99 	else
    100 		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
    101 
    102 	if (wpa_sm_get_bssid(sm, bssid) < 0) {
    103 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    104 			"Failed to read BSSID for EAPOL-Key request");
    105 		return;
    106 	}
    107 
    108 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
    109 				  sizeof(*reply), &rlen, (void *) &reply);
    110 	if (rbuf == NULL)
    111 		return;
    112 
    113 	reply->type = (sm->proto == WPA_PROTO_RSN ||
    114 		       sm->proto == WPA_PROTO_OSEN) ?
    115 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
    116 	key_info = WPA_KEY_INFO_REQUEST | ver;
    117 	if (sm->ptk_set)
    118 		key_info |= WPA_KEY_INFO_MIC;
    119 	if (error)
    120 		key_info |= WPA_KEY_INFO_ERROR;
    121 	if (pairwise)
    122 		key_info |= WPA_KEY_INFO_KEY_TYPE;
    123 	WPA_PUT_BE16(reply->key_info, key_info);
    124 	WPA_PUT_BE16(reply->key_length, 0);
    125 	os_memcpy(reply->replay_counter, sm->request_counter,
    126 		  WPA_REPLAY_COUNTER_LEN);
    127 	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
    128 
    129 	WPA_PUT_BE16(reply->key_data_length, 0);
    130 
    131 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
    132 		"WPA: Sending EAPOL-Key Request (error=%d "
    133 		"pairwise=%d ptk_set=%d len=%lu)",
    134 		error, pairwise, sm->ptk_set, (unsigned long) rlen);
    135 	wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
    136 			   rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
    137 			   reply->key_mic : NULL);
    138 }
    139 
    140 
    141 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
    142 				  const unsigned char *src_addr,
    143 				  const u8 *pmkid)
    144 {
    145 	int abort_cached = 0;
    146 
    147 	if (pmkid && !sm->cur_pmksa) {
    148 		/* When using drivers that generate RSN IE, wpa_supplicant may
    149 		 * not have enough time to get the association information
    150 		 * event before receiving this 1/4 message, so try to find a
    151 		 * matching PMKSA cache entry here. */
    152 		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
    153 						NULL);
    154 		if (sm->cur_pmksa) {
    155 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    156 				"RSN: found matching PMKID from PMKSA cache");
    157 		} else {
    158 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    159 				"RSN: no matching PMKID found");
    160 			abort_cached = 1;
    161 		}
    162 	}
    163 
    164 	if (pmkid && sm->cur_pmksa &&
    165 	    os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
    166 		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
    167 		wpa_sm_set_pmk_from_pmksa(sm);
    168 		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
    169 				sm->pmk, sm->pmk_len);
    170 		eapol_sm_notify_cached(sm->eapol);
    171 #ifdef CONFIG_IEEE80211R
    172 		sm->xxkey_len = 0;
    173 #endif /* CONFIG_IEEE80211R */
    174 	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
    175 		int res, pmk_len;
    176 		pmk_len = PMK_LEN;
    177 		res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
    178 		if (res) {
    179 			/*
    180 			 * EAP-LEAP is an exception from other EAP methods: it
    181 			 * uses only 16-byte PMK.
    182 			 */
    183 			res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
    184 			pmk_len = 16;
    185 		} else {
    186 #ifdef CONFIG_IEEE80211R
    187 			u8 buf[2 * PMK_LEN];
    188 			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
    189 			{
    190 				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
    191 				sm->xxkey_len = PMK_LEN;
    192 				os_memset(buf, 0, sizeof(buf));
    193 			}
    194 #endif /* CONFIG_IEEE80211R */
    195 		}
    196 		if (res == 0) {
    197 			struct rsn_pmksa_cache_entry *sa = NULL;
    198 			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
    199 					"machines", sm->pmk, pmk_len);
    200 			sm->pmk_len = pmk_len;
    201 			if (sm->proto == WPA_PROTO_RSN &&
    202 			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
    203 				sa = pmksa_cache_add(sm->pmksa,
    204 						     sm->pmk, pmk_len,
    205 						     src_addr, sm->own_addr,
    206 						     sm->network_ctx,
    207 						     sm->key_mgmt);
    208 			}
    209 			if (!sm->cur_pmksa && pmkid &&
    210 			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
    211 			{
    212 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    213 					"RSN: the new PMK matches with the "
    214 					"PMKID");
    215 				abort_cached = 0;
    216 			}
    217 
    218 			if (!sm->cur_pmksa)
    219 				sm->cur_pmksa = sa;
    220 		} else {
    221 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    222 				"WPA: Failed to get master session key from "
    223 				"EAPOL state machines - key handshake "
    224 				"aborted");
    225 			if (sm->cur_pmksa) {
    226 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    227 					"RSN: Cancelled PMKSA caching "
    228 					"attempt");
    229 				sm->cur_pmksa = NULL;
    230 				abort_cached = 1;
    231 			} else if (!abort_cached) {
    232 				return -1;
    233 			}
    234 		}
    235 	}
    236 
    237 	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
    238 	    !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
    239 	{
    240 		/* Send EAPOL-Start to trigger full EAP authentication. */
    241 		u8 *buf;
    242 		size_t buflen;
    243 
    244 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    245 			"RSN: no PMKSA entry found - trigger "
    246 			"full EAP authentication");
    247 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
    248 					 NULL, 0, &buflen, NULL);
    249 		if (buf) {
    250 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
    251 					  buf, buflen);
    252 			os_free(buf);
    253 			return -2;
    254 		}
    255 
    256 		return -1;
    257 	}
    258 
    259 	return 0;
    260 }
    261 
    262 
    263 /**
    264  * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
    265  * @sm: Pointer to WPA state machine data from wpa_sm_init()
    266  * @dst: Destination address for the frame
    267  * @key: Pointer to the EAPOL-Key frame header
    268  * @ver: Version bits from EAPOL-Key Key Info
    269  * @nonce: Nonce value for the EAPOL-Key frame
    270  * @wpa_ie: WPA/RSN IE
    271  * @wpa_ie_len: Length of the WPA/RSN IE
    272  * @ptk: PTK to use for keyed hash and encryption
    273  * Returns: 0 on success, -1 on failure
    274  */
    275 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
    276 			       const struct wpa_eapol_key *key,
    277 			       int ver, const u8 *nonce,
    278 			       const u8 *wpa_ie, size_t wpa_ie_len,
    279 			       struct wpa_ptk *ptk)
    280 {
    281 	size_t rlen;
    282 	struct wpa_eapol_key *reply;
    283 	u8 *rbuf;
    284 	u8 *rsn_ie_buf = NULL;
    285 
    286 	if (wpa_ie == NULL) {
    287 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
    288 			"cannot generate msg 2/4");
    289 		return -1;
    290 	}
    291 
    292 #ifdef CONFIG_IEEE80211R
    293 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
    294 		int res;
    295 
    296 		/*
    297 		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
    298 		 * FTIE from (Re)Association Response.
    299 		 */
    300 		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
    301 				       sm->assoc_resp_ies_len);
    302 		if (rsn_ie_buf == NULL)
    303 			return -1;
    304 		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
    305 		res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
    306 				       sm->pmk_r1_name);
    307 		if (res < 0) {
    308 			os_free(rsn_ie_buf);
    309 			return -1;
    310 		}
    311 		wpa_ie_len += res;
    312 
    313 		if (sm->assoc_resp_ies) {
    314 			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
    315 				  sm->assoc_resp_ies_len);
    316 			wpa_ie_len += sm->assoc_resp_ies_len;
    317 		}
    318 
    319 		wpa_ie = rsn_ie_buf;
    320 	}
    321 #endif /* CONFIG_IEEE80211R */
    322 
    323 	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
    324 
    325 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
    326 				  NULL, sizeof(*reply) + wpa_ie_len,
    327 				  &rlen, (void *) &reply);
    328 	if (rbuf == NULL) {
    329 		os_free(rsn_ie_buf);
    330 		return -1;
    331 	}
    332 
    333 	reply->type = (sm->proto == WPA_PROTO_RSN ||
    334 		       sm->proto == WPA_PROTO_OSEN) ?
    335 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
    336 	WPA_PUT_BE16(reply->key_info,
    337 		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
    338 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
    339 		WPA_PUT_BE16(reply->key_length, 0);
    340 	else
    341 		os_memcpy(reply->key_length, key->key_length, 2);
    342 	os_memcpy(reply->replay_counter, key->replay_counter,
    343 		  WPA_REPLAY_COUNTER_LEN);
    344 	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
    345 		    WPA_REPLAY_COUNTER_LEN);
    346 
    347 	WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
    348 	os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
    349 	os_free(rsn_ie_buf);
    350 
    351 	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
    352 
    353 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
    354 	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
    355 			   rbuf, rlen, reply->key_mic);
    356 
    357 	return 0;
    358 }
    359 
    360 
    361 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
    362 			  const struct wpa_eapol_key *key,
    363 			  struct wpa_ptk *ptk)
    364 {
    365 	size_t ptk_len = wpa_cipher_key_len(sm->pairwise_cipher) + 32;
    366 #ifdef CONFIG_IEEE80211R
    367 	if (wpa_key_mgmt_ft(sm->key_mgmt))
    368 		return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
    369 #endif /* CONFIG_IEEE80211R */
    370 
    371 	wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
    372 		       sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
    373 		       (u8 *) ptk, ptk_len,
    374 		       wpa_key_mgmt_sha256(sm->key_mgmt));
    375 	return 0;
    376 }
    377 
    378 
    379 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
    380 					  const unsigned char *src_addr,
    381 					  const struct wpa_eapol_key *key,
    382 					  u16 ver, const u8 *key_data,
    383 					  size_t key_data_len)
    384 {
    385 	struct wpa_eapol_ie_parse ie;
    386 	struct wpa_ptk *ptk;
    387 	int res;
    388 	u8 *kde, *kde_buf = NULL;
    389 	size_t kde_len;
    390 
    391 	if (wpa_sm_get_network_ctx(sm) == NULL) {
    392 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
    393 			"found (msg 1 of 4)");
    394 		return;
    395 	}
    396 
    397 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
    398 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
    399 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
    400 
    401 	os_memset(&ie, 0, sizeof(ie));
    402 
    403 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
    404 		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
    405 		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
    406 			    key_data, key_data_len);
    407 		if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
    408 			goto failed;
    409 		if (ie.pmkid) {
    410 			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
    411 				    "Authenticator", ie.pmkid, PMKID_LEN);
    412 		}
    413 	}
    414 
    415 	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
    416 	if (res == -2) {
    417 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
    418 			"msg 1/4 - requesting full EAP authentication");
    419 		return;
    420 	}
    421 	if (res)
    422 		goto failed;
    423 
    424 	if (sm->renew_snonce) {
    425 		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
    426 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    427 				"WPA: Failed to get random data for SNonce");
    428 			goto failed;
    429 		}
    430 		sm->renew_snonce = 0;
    431 		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
    432 			    sm->snonce, WPA_NONCE_LEN);
    433 	}
    434 
    435 	/* Calculate PTK which will be stored as a temporary PTK until it has
    436 	 * been verified when processing message 3/4. */
    437 	ptk = &sm->tptk;
    438 	wpa_derive_ptk(sm, src_addr, key, ptk);
    439 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
    440 		u8 buf[8];
    441 		/* Supplicant: swap tx/rx Mic keys */
    442 		os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
    443 		os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
    444 		os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
    445 		os_memset(buf, 0, sizeof(buf));
    446 	}
    447 	sm->tptk_set = 1;
    448 
    449 	kde = sm->assoc_wpa_ie;
    450 	kde_len = sm->assoc_wpa_ie_len;
    451 
    452 #ifdef CONFIG_P2P
    453 	if (sm->p2p) {
    454 		kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
    455 		if (kde_buf) {
    456 			u8 *pos;
    457 			wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
    458 				   "into EAPOL-Key 2/4");
    459 			os_memcpy(kde_buf, kde, kde_len);
    460 			kde = kde_buf;
    461 			pos = kde + kde_len;
    462 			*pos++ = WLAN_EID_VENDOR_SPECIFIC;
    463 			*pos++ = RSN_SELECTOR_LEN + 1;
    464 			RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
    465 			pos += RSN_SELECTOR_LEN;
    466 			*pos++ = 0x01;
    467 			kde_len = pos - kde;
    468 		}
    469 	}
    470 #endif /* CONFIG_P2P */
    471 
    472 	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
    473 				       kde, kde_len, ptk))
    474 		goto failed;
    475 
    476 	os_free(kde_buf);
    477 	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
    478 	return;
    479 
    480 failed:
    481 	os_free(kde_buf);
    482 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
    483 }
    484 
    485 
    486 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
    487 {
    488 	struct wpa_sm *sm = eloop_ctx;
    489 	rsn_preauth_candidate_process(sm);
    490 }
    491 
    492 
    493 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
    494 					    const u8 *addr, int secure)
    495 {
    496 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
    497 		"WPA: Key negotiation completed with "
    498 		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
    499 		wpa_cipher_txt(sm->pairwise_cipher),
    500 		wpa_cipher_txt(sm->group_cipher));
    501 	wpa_sm_cancel_auth_timeout(sm);
    502 	wpa_sm_set_state(sm, WPA_COMPLETED);
    503 
    504 	if (secure) {
    505 		wpa_sm_mlme_setprotection(
    506 			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
    507 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
    508 		eapol_sm_notify_portValid(sm->eapol, TRUE);
    509 		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
    510 			eapol_sm_notify_eap_success(sm->eapol, TRUE);
    511 		/*
    512 		 * Start preauthentication after a short wait to avoid a
    513 		 * possible race condition between the data receive and key
    514 		 * configuration after the 4-Way Handshake. This increases the
    515 		 * likelihood of the first preauth EAPOL-Start frame getting to
    516 		 * the target AP.
    517 		 */
    518 		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
    519 	}
    520 
    521 	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
    522 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    523 			"RSN: Authenticator accepted "
    524 			"opportunistic PMKSA entry - marking it valid");
    525 		sm->cur_pmksa->opportunistic = 0;
    526 	}
    527 
    528 #ifdef CONFIG_IEEE80211R
    529 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
    530 		/* Prepare for the next transition */
    531 		wpa_ft_prepare_auth_request(sm, NULL);
    532 	}
    533 #endif /* CONFIG_IEEE80211R */
    534 }
    535 
    536 
    537 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
    538 {
    539 	struct wpa_sm *sm = eloop_ctx;
    540 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
    541 	wpa_sm_key_request(sm, 0, 1);
    542 }
    543 
    544 
    545 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
    546 				      const struct wpa_eapol_key *key)
    547 {
    548 	int keylen, rsclen;
    549 	enum wpa_alg alg;
    550 	const u8 *key_rsc;
    551 	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
    552 
    553 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    554 		"WPA: Installing PTK to the driver");
    555 
    556 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
    557 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
    558 			"Suite: NONE - do not use pairwise keys");
    559 		return 0;
    560 	}
    561 
    562 	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
    563 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    564 			"WPA: Unsupported pairwise cipher %d",
    565 			sm->pairwise_cipher);
    566 		return -1;
    567 	}
    568 
    569 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
    570 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
    571 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
    572 
    573 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
    574 		key_rsc = null_rsc;
    575 	} else {
    576 		key_rsc = key->key_rsc;
    577 		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
    578 	}
    579 
    580 	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
    581 			   (u8 *) sm->ptk.tk1, keylen) < 0) {
    582 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    583 			"WPA: Failed to set PTK to the "
    584 			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
    585 			alg, keylen, MAC2STR(sm->bssid));
    586 		return -1;
    587 	}
    588 
    589 	if (sm->wpa_ptk_rekey) {
    590 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
    591 		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
    592 				       sm, NULL);
    593 	}
    594 
    595 	return 0;
    596 }
    597 
    598 
    599 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
    600 					     int group_cipher,
    601 					     int keylen, int maxkeylen,
    602 					     int *key_rsc_len,
    603 					     enum wpa_alg *alg)
    604 {
    605 	int klen;
    606 
    607 	*alg = wpa_cipher_to_alg(group_cipher);
    608 	if (*alg == WPA_ALG_NONE) {
    609 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    610 			"WPA: Unsupported Group Cipher %d",
    611 			group_cipher);
    612 		return -1;
    613 	}
    614 	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
    615 
    616 	klen = wpa_cipher_key_len(group_cipher);
    617 	if (keylen != klen || maxkeylen < klen) {
    618 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    619 			"WPA: Unsupported %s Group Cipher key length %d (%d)",
    620 			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
    621 		return -1;
    622 	}
    623 	return 0;
    624 }
    625 
    626 
    627 struct wpa_gtk_data {
    628 	enum wpa_alg alg;
    629 	int tx, key_rsc_len, keyidx;
    630 	u8 gtk[32];
    631 	int gtk_len;
    632 };
    633 
    634 
    635 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
    636 				      const struct wpa_gtk_data *gd,
    637 				      const u8 *key_rsc)
    638 {
    639 	const u8 *_gtk = gd->gtk;
    640 	u8 gtk_buf[32];
    641 
    642 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
    643 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    644 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
    645 		gd->keyidx, gd->tx, gd->gtk_len);
    646 	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
    647 	if (sm->group_cipher == WPA_CIPHER_TKIP) {
    648 		/* Swap Tx/Rx keys for Michael MIC */
    649 		os_memcpy(gtk_buf, gd->gtk, 16);
    650 		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
    651 		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
    652 		_gtk = gtk_buf;
    653 	}
    654 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
    655 		if (wpa_sm_set_key(sm, gd->alg, NULL,
    656 				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
    657 				   _gtk, gd->gtk_len) < 0) {
    658 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    659 				"WPA: Failed to set GTK to the driver "
    660 				"(Group only)");
    661 			os_memset(gtk_buf, 0, sizeof(gtk_buf));
    662 			return -1;
    663 		}
    664 	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
    665 				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
    666 				  _gtk, gd->gtk_len) < 0) {
    667 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    668 			"WPA: Failed to set GTK to "
    669 			"the driver (alg=%d keylen=%d keyidx=%d)",
    670 			gd->alg, gd->gtk_len, gd->keyidx);
    671 		os_memset(gtk_buf, 0, sizeof(gtk_buf));
    672 		return -1;
    673 	}
    674 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
    675 
    676 	return 0;
    677 }
    678 
    679 
    680 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
    681 						int tx)
    682 {
    683 	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
    684 		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
    685 		 * seemed to set this bit (incorrectly, since Tx is only when
    686 		 * doing Group Key only APs) and without this workaround, the
    687 		 * data connection does not work because wpa_supplicant
    688 		 * configured non-zero keyidx to be used for unicast. */
    689 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
    690 			"WPA: Tx bit set for GTK, but pairwise "
    691 			"keys are used - ignore Tx bit");
    692 		return 0;
    693 	}
    694 	return tx;
    695 }
    696 
    697 
    698 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
    699 				       const struct wpa_eapol_key *key,
    700 				       const u8 *gtk, size_t gtk_len,
    701 				       int key_info)
    702 {
    703 	struct wpa_gtk_data gd;
    704 
    705 	/*
    706 	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
    707 	 * GTK KDE format:
    708 	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
    709 	 * Reserved [bits 0-7]
    710 	 * GTK
    711 	 */
    712 
    713 	os_memset(&gd, 0, sizeof(gd));
    714 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
    715 			gtk, gtk_len);
    716 
    717 	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
    718 		return -1;
    719 
    720 	gd.keyidx = gtk[0] & 0x3;
    721 	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
    722 						     !!(gtk[0] & BIT(2)));
    723 	gtk += 2;
    724 	gtk_len -= 2;
    725 
    726 	os_memcpy(gd.gtk, gtk, gtk_len);
    727 	gd.gtk_len = gtk_len;
    728 
    729 	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
    730 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
    731 					       gtk_len, gtk_len,
    732 					       &gd.key_rsc_len, &gd.alg) ||
    733 	     wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
    734 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    735 			"RSN: Failed to install GTK");
    736 		os_memset(&gd, 0, sizeof(gd));
    737 		return -1;
    738 	}
    739 	os_memset(&gd, 0, sizeof(gd));
    740 
    741 	wpa_supplicant_key_neg_complete(sm, sm->bssid,
    742 					key_info & WPA_KEY_INFO_SECURE);
    743 	return 0;
    744 }
    745 
    746 
    747 static int ieee80211w_set_keys(struct wpa_sm *sm,
    748 			       struct wpa_eapol_ie_parse *ie)
    749 {
    750 #ifdef CONFIG_IEEE80211W
    751 	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
    752 		return 0;
    753 
    754 	if (ie->igtk) {
    755 		size_t len;
    756 		const struct wpa_igtk_kde *igtk;
    757 		u16 keyidx;
    758 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
    759 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
    760 			return -1;
    761 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
    762 		keyidx = WPA_GET_LE16(igtk->keyid);
    763 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
    764 			"pn %02x%02x%02x%02x%02x%02x",
    765 			keyidx, MAC2STR(igtk->pn));
    766 		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
    767 				igtk->igtk, len);
    768 		if (keyidx > 4095) {
    769 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    770 				"WPA: Invalid IGTK KeyID %d", keyidx);
    771 			return -1;
    772 		}
    773 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
    774 				   broadcast_ether_addr,
    775 				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
    776 				   igtk->igtk, len) < 0) {
    777 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    778 				"WPA: Failed to configure IGTK to the driver");
    779 			return -1;
    780 		}
    781 	}
    782 
    783 	return 0;
    784 #else /* CONFIG_IEEE80211W */
    785 	return 0;
    786 #endif /* CONFIG_IEEE80211W */
    787 }
    788 
    789 
    790 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
    791 				   const char *reason, const u8 *src_addr,
    792 				   const u8 *wpa_ie, size_t wpa_ie_len,
    793 				   const u8 *rsn_ie, size_t rsn_ie_len)
    794 {
    795 	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
    796 		reason, MAC2STR(src_addr));
    797 
    798 	if (sm->ap_wpa_ie) {
    799 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
    800 			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
    801 	}
    802 	if (wpa_ie) {
    803 		if (!sm->ap_wpa_ie) {
    804 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
    805 				"WPA: No WPA IE in Beacon/ProbeResp");
    806 		}
    807 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
    808 			    wpa_ie, wpa_ie_len);
    809 	}
    810 
    811 	if (sm->ap_rsn_ie) {
    812 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
    813 			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
    814 	}
    815 	if (rsn_ie) {
    816 		if (!sm->ap_rsn_ie) {
    817 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
    818 				"WPA: No RSN IE in Beacon/ProbeResp");
    819 		}
    820 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
    821 			    rsn_ie, rsn_ie_len);
    822 	}
    823 
    824 	wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
    825 }
    826 
    827 
    828 #ifdef CONFIG_IEEE80211R
    829 
    830 static int ft_validate_mdie(struct wpa_sm *sm,
    831 			    const unsigned char *src_addr,
    832 			    struct wpa_eapol_ie_parse *ie,
    833 			    const u8 *assoc_resp_mdie)
    834 {
    835 	struct rsn_mdie *mdie;
    836 
    837 	mdie = (struct rsn_mdie *) (ie->mdie + 2);
    838 	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
    839 	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
    840 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
    841 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
    842 			"not match with the current mobility domain");
    843 		return -1;
    844 	}
    845 
    846 	if (assoc_resp_mdie &&
    847 	    (assoc_resp_mdie[1] != ie->mdie[1] ||
    848 	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
    849 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
    850 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
    851 			    ie->mdie, 2 + ie->mdie[1]);
    852 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
    853 			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
    854 		return -1;
    855 	}
    856 
    857 	return 0;
    858 }
    859 
    860 
    861 static int ft_validate_ftie(struct wpa_sm *sm,
    862 			    const unsigned char *src_addr,
    863 			    struct wpa_eapol_ie_parse *ie,
    864 			    const u8 *assoc_resp_ftie)
    865 {
    866 	if (ie->ftie == NULL) {
    867 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    868 			"FT: No FTIE in EAPOL-Key msg 3/4");
    869 		return -1;
    870 	}
    871 
    872 	if (assoc_resp_ftie == NULL)
    873 		return 0;
    874 
    875 	if (assoc_resp_ftie[1] != ie->ftie[1] ||
    876 	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
    877 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
    878 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
    879 			    ie->ftie, 2 + ie->ftie[1]);
    880 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
    881 			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
    882 		return -1;
    883 	}
    884 
    885 	return 0;
    886 }
    887 
    888 
    889 static int ft_validate_rsnie(struct wpa_sm *sm,
    890 			     const unsigned char *src_addr,
    891 			     struct wpa_eapol_ie_parse *ie)
    892 {
    893 	struct wpa_ie_data rsn;
    894 
    895 	if (!ie->rsn_ie)
    896 		return 0;
    897 
    898 	/*
    899 	 * Verify that PMKR1Name from EAPOL-Key message 3/4
    900 	 * matches with the value we derived.
    901 	 */
    902 	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
    903 	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
    904 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
    905 			"FT 4-way handshake message 3/4");
    906 		return -1;
    907 	}
    908 
    909 	if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
    910 	{
    911 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    912 			"FT: PMKR1Name mismatch in "
    913 			"FT 4-way handshake message 3/4");
    914 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
    915 			    rsn.pmkid, WPA_PMK_NAME_LEN);
    916 		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
    917 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
    918 		return -1;
    919 	}
    920 
    921 	return 0;
    922 }
    923 
    924 
    925 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
    926 					 const unsigned char *src_addr,
    927 					 struct wpa_eapol_ie_parse *ie)
    928 {
    929 	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
    930 
    931 	if (sm->assoc_resp_ies) {
    932 		pos = sm->assoc_resp_ies;
    933 		end = pos + sm->assoc_resp_ies_len;
    934 		while (pos + 2 < end) {
    935 			if (pos + 2 + pos[1] > end)
    936 				break;
    937 			switch (*pos) {
    938 			case WLAN_EID_MOBILITY_DOMAIN:
    939 				mdie = pos;
    940 				break;
    941 			case WLAN_EID_FAST_BSS_TRANSITION:
    942 				ftie = pos;
    943 				break;
    944 			}
    945 			pos += 2 + pos[1];
    946 		}
    947 	}
    948 
    949 	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
    950 	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
    951 	    ft_validate_rsnie(sm, src_addr, ie) < 0)
    952 		return -1;
    953 
    954 	return 0;
    955 }
    956 
    957 #endif /* CONFIG_IEEE80211R */
    958 
    959 
    960 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
    961 				      const unsigned char *src_addr,
    962 				      struct wpa_eapol_ie_parse *ie)
    963 {
    964 	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
    965 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    966 			"WPA: No WPA/RSN IE for this AP known. "
    967 			"Trying to get from scan results");
    968 		if (wpa_sm_get_beacon_ie(sm) < 0) {
    969 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
    970 				"WPA: Could not find AP from "
    971 				"the scan results");
    972 		} else {
    973 			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
    974 				"WPA: Found the current AP from "
    975 				"updated scan results");
    976 		}
    977 	}
    978 
    979 	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
    980 	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
    981 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
    982 				       "with IE in Beacon/ProbeResp (no IE?)",
    983 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
    984 				       ie->rsn_ie, ie->rsn_ie_len);
    985 		return -1;
    986 	}
    987 
    988 	if ((ie->wpa_ie && sm->ap_wpa_ie &&
    989 	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
    990 	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
    991 	    (ie->rsn_ie && sm->ap_rsn_ie &&
    992 	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
    993 				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
    994 				ie->rsn_ie, ie->rsn_ie_len))) {
    995 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
    996 				       "with IE in Beacon/ProbeResp",
    997 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
    998 				       ie->rsn_ie, ie->rsn_ie_len);
    999 		return -1;
   1000 	}
   1001 
   1002 	if (sm->proto == WPA_PROTO_WPA &&
   1003 	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
   1004 		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
   1005 				       "detected - RSN was enabled and RSN IE "
   1006 				       "was in msg 3/4, but not in "
   1007 				       "Beacon/ProbeResp",
   1008 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
   1009 				       ie->rsn_ie, ie->rsn_ie_len);
   1010 		return -1;
   1011 	}
   1012 
   1013 #ifdef CONFIG_IEEE80211R
   1014 	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
   1015 	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
   1016 		return -1;
   1017 #endif /* CONFIG_IEEE80211R */
   1018 
   1019 	return 0;
   1020 }
   1021 
   1022 
   1023 /**
   1024  * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
   1025  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   1026  * @dst: Destination address for the frame
   1027  * @key: Pointer to the EAPOL-Key frame header
   1028  * @ver: Version bits from EAPOL-Key Key Info
   1029  * @key_info: Key Info
   1030  * @ptk: PTK to use for keyed hash and encryption
   1031  * Returns: 0 on success, -1 on failure
   1032  */
   1033 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
   1034 			       const struct wpa_eapol_key *key,
   1035 			       u16 ver, u16 key_info,
   1036 			       struct wpa_ptk *ptk)
   1037 {
   1038 	size_t rlen;
   1039 	struct wpa_eapol_key *reply;
   1040 	u8 *rbuf;
   1041 
   1042 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
   1043 				  sizeof(*reply), &rlen, (void *) &reply);
   1044 	if (rbuf == NULL)
   1045 		return -1;
   1046 
   1047 	reply->type = (sm->proto == WPA_PROTO_RSN ||
   1048 		       sm->proto == WPA_PROTO_OSEN) ?
   1049 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
   1050 	key_info &= WPA_KEY_INFO_SECURE;
   1051 	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
   1052 	WPA_PUT_BE16(reply->key_info, key_info);
   1053 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
   1054 		WPA_PUT_BE16(reply->key_length, 0);
   1055 	else
   1056 		os_memcpy(reply->key_length, key->key_length, 2);
   1057 	os_memcpy(reply->replay_counter, key->replay_counter,
   1058 		  WPA_REPLAY_COUNTER_LEN);
   1059 
   1060 	WPA_PUT_BE16(reply->key_data_length, 0);
   1061 
   1062 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
   1063 	wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
   1064 			   rbuf, rlen, reply->key_mic);
   1065 
   1066 	return 0;
   1067 }
   1068 
   1069 
   1070 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
   1071 					  const struct wpa_eapol_key *key,
   1072 					  u16 ver, const u8 *key_data,
   1073 					  size_t key_data_len)
   1074 {
   1075 	u16 key_info, keylen;
   1076 	struct wpa_eapol_ie_parse ie;
   1077 
   1078 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
   1079 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
   1080 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
   1081 
   1082 	key_info = WPA_GET_BE16(key->key_info);
   1083 
   1084 	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
   1085 	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
   1086 		goto failed;
   1087 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
   1088 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1089 			"WPA: GTK IE in unencrypted key data");
   1090 		goto failed;
   1091 	}
   1092 #ifdef CONFIG_IEEE80211W
   1093 	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
   1094 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1095 			"WPA: IGTK KDE in unencrypted key data");
   1096 		goto failed;
   1097 	}
   1098 
   1099 	if (ie.igtk &&
   1100 	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
   1101 	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
   1102 	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
   1103 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1104 			"WPA: Invalid IGTK KDE length %lu",
   1105 			(unsigned long) ie.igtk_len);
   1106 		goto failed;
   1107 	}
   1108 #endif /* CONFIG_IEEE80211W */
   1109 
   1110 	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
   1111 		goto failed;
   1112 
   1113 	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
   1114 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1115 			"WPA: ANonce from message 1 of 4-Way Handshake "
   1116 			"differs from 3 of 4-Way Handshake - drop packet (src="
   1117 			MACSTR ")", MAC2STR(sm->bssid));
   1118 		goto failed;
   1119 	}
   1120 
   1121 	keylen = WPA_GET_BE16(key->key_length);
   1122 	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
   1123 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1124 			"WPA: Invalid %s key length %d (src=" MACSTR
   1125 			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
   1126 			MAC2STR(sm->bssid));
   1127 		goto failed;
   1128 	}
   1129 
   1130 #ifdef CONFIG_P2P
   1131 	if (ie.ip_addr_alloc) {
   1132 		os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
   1133 		wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
   1134 			    sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
   1135 	}
   1136 #endif /* CONFIG_P2P */
   1137 
   1138 	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
   1139 				       &sm->ptk)) {
   1140 		goto failed;
   1141 	}
   1142 
   1143 	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
   1144 	 * for the next 4-Way Handshake. If msg 3 is received again, the old
   1145 	 * SNonce will still be used to avoid changing PTK. */
   1146 	sm->renew_snonce = 1;
   1147 
   1148 	if (key_info & WPA_KEY_INFO_INSTALL) {
   1149 		if (wpa_supplicant_install_ptk(sm, key))
   1150 			goto failed;
   1151 	}
   1152 
   1153 	if (key_info & WPA_KEY_INFO_SECURE) {
   1154 		wpa_sm_mlme_setprotection(
   1155 			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
   1156 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
   1157 		eapol_sm_notify_portValid(sm->eapol, TRUE);
   1158 	}
   1159 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
   1160 
   1161 	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
   1162 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
   1163 						key_info & WPA_KEY_INFO_SECURE);
   1164 	} else if (ie.gtk &&
   1165 	    wpa_supplicant_pairwise_gtk(sm, key,
   1166 					ie.gtk, ie.gtk_len, key_info) < 0) {
   1167 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1168 			"RSN: Failed to configure GTK");
   1169 		goto failed;
   1170 	}
   1171 
   1172 	if (ieee80211w_set_keys(sm, &ie) < 0) {
   1173 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1174 			"RSN: Failed to configure IGTK");
   1175 		goto failed;
   1176 	}
   1177 
   1178 	if (ie.gtk)
   1179 		wpa_sm_set_rekey_offload(sm);
   1180 
   1181 	return;
   1182 
   1183 failed:
   1184 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
   1185 }
   1186 
   1187 
   1188 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
   1189 					     const u8 *keydata,
   1190 					     size_t keydatalen,
   1191 					     u16 key_info,
   1192 					     struct wpa_gtk_data *gd)
   1193 {
   1194 	int maxkeylen;
   1195 	struct wpa_eapol_ie_parse ie;
   1196 
   1197 	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
   1198 	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
   1199 		return -1;
   1200 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
   1201 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1202 			"WPA: GTK IE in unencrypted key data");
   1203 		return -1;
   1204 	}
   1205 	if (ie.gtk == NULL) {
   1206 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1207 			"WPA: No GTK IE in Group Key msg 1/2");
   1208 		return -1;
   1209 	}
   1210 	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
   1211 
   1212 	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
   1213 					      gd->gtk_len, maxkeylen,
   1214 					      &gd->key_rsc_len, &gd->alg))
   1215 		return -1;
   1216 
   1217 	wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
   1218 		    ie.gtk, ie.gtk_len);
   1219 	gd->keyidx = ie.gtk[0] & 0x3;
   1220 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
   1221 						      !!(ie.gtk[0] & BIT(2)));
   1222 	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
   1223 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1224 			"RSN: Too long GTK in GTK IE (len=%lu)",
   1225 			(unsigned long) ie.gtk_len - 2);
   1226 		return -1;
   1227 	}
   1228 	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
   1229 
   1230 	if (ieee80211w_set_keys(sm, &ie) < 0)
   1231 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1232 			"RSN: Failed to configure IGTK");
   1233 
   1234 	return 0;
   1235 }
   1236 
   1237 
   1238 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
   1239 					     const struct wpa_eapol_key *key,
   1240 					     const u8 *key_data,
   1241 					     size_t key_data_len, u16 key_info,
   1242 					     u16 ver, struct wpa_gtk_data *gd)
   1243 {
   1244 	size_t maxkeylen;
   1245 
   1246 	gd->gtk_len = WPA_GET_BE16(key->key_length);
   1247 	maxkeylen = key_data_len;
   1248 	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
   1249 		if (maxkeylen < 8) {
   1250 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1251 				"WPA: Too short maxkeylen (%lu)",
   1252 				(unsigned long) maxkeylen);
   1253 			return -1;
   1254 		}
   1255 		maxkeylen -= 8;
   1256 	}
   1257 
   1258 	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
   1259 					      gd->gtk_len, maxkeylen,
   1260 					      &gd->key_rsc_len, &gd->alg))
   1261 		return -1;
   1262 
   1263 	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
   1264 		WPA_KEY_INFO_KEY_INDEX_SHIFT;
   1265 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
   1266 		u8 ek[32];
   1267 		if (key_data_len > sizeof(gd->gtk)) {
   1268 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1269 				"WPA: RC4 key data too long (%lu)",
   1270 				(unsigned long) key_data_len);
   1271 			return -1;
   1272 		}
   1273 		os_memcpy(ek, key->key_iv, 16);
   1274 		os_memcpy(ek + 16, sm->ptk.kek, 16);
   1275 		os_memcpy(gd->gtk, key_data, key_data_len);
   1276 		if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
   1277 			os_memset(ek, 0, sizeof(ek));
   1278 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
   1279 				"WPA: RC4 failed");
   1280 			return -1;
   1281 		}
   1282 		os_memset(ek, 0, sizeof(ek));
   1283 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
   1284 		if (maxkeylen % 8) {
   1285 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1286 				"WPA: Unsupported AES-WRAP len %lu",
   1287 				(unsigned long) maxkeylen);
   1288 			return -1;
   1289 		}
   1290 		if (maxkeylen > sizeof(gd->gtk)) {
   1291 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1292 				"WPA: AES-WRAP key data "
   1293 				"too long (keydatalen=%lu maxkeylen=%lu)",
   1294 				(unsigned long) key_data_len,
   1295 				(unsigned long) maxkeylen);
   1296 			return -1;
   1297 		}
   1298 		if (aes_unwrap(sm->ptk.kek, 16, maxkeylen / 8, key_data,
   1299 			       gd->gtk)) {
   1300 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1301 				"WPA: AES unwrap failed - could not decrypt "
   1302 				"GTK");
   1303 			return -1;
   1304 		}
   1305 	} else {
   1306 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1307 			"WPA: Unsupported key_info type %d", ver);
   1308 		return -1;
   1309 	}
   1310 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
   1311 		sm, !!(key_info & WPA_KEY_INFO_TXRX));
   1312 	return 0;
   1313 }
   1314 
   1315 
   1316 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
   1317 				      const struct wpa_eapol_key *key,
   1318 				      int ver, u16 key_info)
   1319 {
   1320 	size_t rlen;
   1321 	struct wpa_eapol_key *reply;
   1322 	u8 *rbuf;
   1323 
   1324 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
   1325 				  sizeof(*reply), &rlen, (void *) &reply);
   1326 	if (rbuf == NULL)
   1327 		return -1;
   1328 
   1329 	reply->type = (sm->proto == WPA_PROTO_RSN ||
   1330 		       sm->proto == WPA_PROTO_OSEN) ?
   1331 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
   1332 	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
   1333 	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
   1334 	WPA_PUT_BE16(reply->key_info, key_info);
   1335 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
   1336 		WPA_PUT_BE16(reply->key_length, 0);
   1337 	else
   1338 		os_memcpy(reply->key_length, key->key_length, 2);
   1339 	os_memcpy(reply->replay_counter, key->replay_counter,
   1340 		  WPA_REPLAY_COUNTER_LEN);
   1341 
   1342 	WPA_PUT_BE16(reply->key_data_length, 0);
   1343 
   1344 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
   1345 	wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
   1346 			   rbuf, rlen, reply->key_mic);
   1347 
   1348 	return 0;
   1349 }
   1350 
   1351 
   1352 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
   1353 					  const unsigned char *src_addr,
   1354 					  const struct wpa_eapol_key *key,
   1355 					  const u8 *key_data,
   1356 					  size_t key_data_len, u16 ver)
   1357 {
   1358 	u16 key_info;
   1359 	int rekey, ret;
   1360 	struct wpa_gtk_data gd;
   1361 
   1362 	os_memset(&gd, 0, sizeof(gd));
   1363 
   1364 	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
   1365 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
   1366 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
   1367 
   1368 	key_info = WPA_GET_BE16(key->key_info);
   1369 
   1370 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
   1371 		ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
   1372 							key_data_len, key_info,
   1373 							&gd);
   1374 	} else {
   1375 		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
   1376 							key_data_len,
   1377 							key_info, ver, &gd);
   1378 	}
   1379 
   1380 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
   1381 
   1382 	if (ret)
   1383 		goto failed;
   1384 
   1385 	if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
   1386 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
   1387 		goto failed;
   1388 
   1389 	if (rekey) {
   1390 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
   1391 			"completed with " MACSTR " [GTK=%s]",
   1392 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
   1393 		wpa_sm_cancel_auth_timeout(sm);
   1394 		wpa_sm_set_state(sm, WPA_COMPLETED);
   1395 	} else {
   1396 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
   1397 						key_info &
   1398 						WPA_KEY_INFO_SECURE);
   1399 	}
   1400 
   1401 	wpa_sm_set_rekey_offload(sm);
   1402 
   1403 	return;
   1404 
   1405 failed:
   1406 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
   1407 }
   1408 
   1409 
   1410 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
   1411 					       struct wpa_eapol_key *key,
   1412 					       u16 ver,
   1413 					       const u8 *buf, size_t len)
   1414 {
   1415 	u8 mic[16];
   1416 	int ok = 0;
   1417 
   1418 	os_memcpy(mic, key->key_mic, 16);
   1419 	if (sm->tptk_set) {
   1420 		os_memset(key->key_mic, 0, 16);
   1421 		wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
   1422 				  key->key_mic);
   1423 		if (os_memcmp_const(mic, key->key_mic, 16) != 0) {
   1424 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1425 				"WPA: Invalid EAPOL-Key MIC "
   1426 				"when using TPTK - ignoring TPTK");
   1427 		} else {
   1428 			ok = 1;
   1429 			sm->tptk_set = 0;
   1430 			sm->ptk_set = 1;
   1431 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
   1432 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
   1433 		}
   1434 	}
   1435 
   1436 	if (!ok && sm->ptk_set) {
   1437 		os_memset(key->key_mic, 0, 16);
   1438 		wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
   1439 				  key->key_mic);
   1440 		if (os_memcmp_const(mic, key->key_mic, 16) != 0) {
   1441 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1442 				"WPA: Invalid EAPOL-Key MIC - "
   1443 				"dropping packet");
   1444 			return -1;
   1445 		}
   1446 		ok = 1;
   1447 	}
   1448 
   1449 	if (!ok) {
   1450 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1451 			"WPA: Could not verify EAPOL-Key MIC - "
   1452 			"dropping packet");
   1453 		return -1;
   1454 	}
   1455 
   1456 	os_memcpy(sm->rx_replay_counter, key->replay_counter,
   1457 		  WPA_REPLAY_COUNTER_LEN);
   1458 	sm->rx_replay_counter_set = 1;
   1459 	return 0;
   1460 }
   1461 
   1462 
   1463 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
   1464 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
   1465 					   struct wpa_eapol_key *key, u16 ver,
   1466 					   u8 *key_data, size_t *key_data_len)
   1467 {
   1468 	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
   1469 		    key_data, *key_data_len);
   1470 	if (!sm->ptk_set) {
   1471 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1472 			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
   1473 			"Data");
   1474 		return -1;
   1475 	}
   1476 
   1477 	/* Decrypt key data here so that this operation does not need
   1478 	 * to be implemented separately for each message type. */
   1479 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
   1480 		u8 ek[32];
   1481 		os_memcpy(ek, key->key_iv, 16);
   1482 		os_memcpy(ek + 16, sm->ptk.kek, 16);
   1483 		if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
   1484 			os_memset(ek, 0, sizeof(ek));
   1485 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
   1486 				"WPA: RC4 failed");
   1487 			return -1;
   1488 		}
   1489 		os_memset(ek, 0, sizeof(ek));
   1490 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
   1491 		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
   1492 		   sm->key_mgmt == WPA_KEY_MGMT_OSEN) {
   1493 		u8 *buf;
   1494 		if (*key_data_len < 8 || *key_data_len % 8) {
   1495 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1496 				"WPA: Unsupported AES-WRAP len %u",
   1497 				(unsigned int) *key_data_len);
   1498 			return -1;
   1499 		}
   1500 		*key_data_len -= 8; /* AES-WRAP adds 8 bytes */
   1501 		buf = os_malloc(*key_data_len);
   1502 		if (buf == NULL) {
   1503 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1504 				"WPA: No memory for AES-UNWRAP buffer");
   1505 			return -1;
   1506 		}
   1507 		if (aes_unwrap(sm->ptk.kek, 16, *key_data_len / 8,
   1508 			       key_data, buf)) {
   1509 			os_free(buf);
   1510 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1511 				"WPA: AES unwrap failed - "
   1512 				"could not decrypt EAPOL-Key key data");
   1513 			return -1;
   1514 		}
   1515 		os_memcpy(key_data, buf, *key_data_len);
   1516 		os_free(buf);
   1517 		WPA_PUT_BE16(key->key_data_length, *key_data_len);
   1518 	} else {
   1519 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1520 			"WPA: Unsupported key_info type %d", ver);
   1521 		return -1;
   1522 	}
   1523 	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
   1524 			key_data, *key_data_len);
   1525 	return 0;
   1526 }
   1527 
   1528 
   1529 /**
   1530  * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
   1531  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   1532  */
   1533 void wpa_sm_aborted_cached(struct wpa_sm *sm)
   1534 {
   1535 	if (sm && sm->cur_pmksa) {
   1536 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1537 			"RSN: Cancelling PMKSA caching attempt");
   1538 		sm->cur_pmksa = NULL;
   1539 	}
   1540 }
   1541 
   1542 
   1543 static void wpa_eapol_key_dump(struct wpa_sm *sm,
   1544 			       const struct wpa_eapol_key *key)
   1545 {
   1546 #ifndef CONFIG_NO_STDOUT_DEBUG
   1547 	u16 key_info = WPA_GET_BE16(key->key_info);
   1548 
   1549 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
   1550 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1551 		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
   1552 		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
   1553 		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
   1554 		WPA_KEY_INFO_KEY_INDEX_SHIFT,
   1555 		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
   1556 		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
   1557 		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
   1558 		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
   1559 		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
   1560 		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
   1561 		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
   1562 		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
   1563 		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
   1564 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1565 		"  key_length=%u key_data_length=%u",
   1566 		WPA_GET_BE16(key->key_length),
   1567 		WPA_GET_BE16(key->key_data_length));
   1568 	wpa_hexdump(MSG_DEBUG, "  replay_counter",
   1569 		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
   1570 	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
   1571 	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
   1572 	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
   1573 	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
   1574 	wpa_hexdump(MSG_DEBUG, "  key_mic", key->key_mic, 16);
   1575 #endif /* CONFIG_NO_STDOUT_DEBUG */
   1576 }
   1577 
   1578 
   1579 /**
   1580  * wpa_sm_rx_eapol - Process received WPA EAPOL frames
   1581  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   1582  * @src_addr: Source MAC address of the EAPOL packet
   1583  * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
   1584  * @len: Length of the EAPOL frame
   1585  * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
   1586  *
   1587  * This function is called for each received EAPOL frame. Other than EAPOL-Key
   1588  * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
   1589  * only processing WPA and WPA2 EAPOL-Key frames.
   1590  *
   1591  * The received EAPOL-Key packets are validated and valid packets are replied
   1592  * to. In addition, key material (PTK, GTK) is configured at the end of a
   1593  * successful key handshake.
   1594  */
   1595 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
   1596 		    const u8 *buf, size_t len)
   1597 {
   1598 	size_t plen, data_len, key_data_len;
   1599 	const struct ieee802_1x_hdr *hdr;
   1600 	struct wpa_eapol_key *key;
   1601 	u16 key_info, ver;
   1602 	u8 *tmp = NULL;
   1603 	int ret = -1;
   1604 	struct wpa_peerkey *peerkey = NULL;
   1605 	u8 *key_data;
   1606 
   1607 #ifdef CONFIG_IEEE80211R
   1608 	sm->ft_completed = 0;
   1609 #endif /* CONFIG_IEEE80211R */
   1610 
   1611 	if (len < sizeof(*hdr) + sizeof(*key)) {
   1612 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1613 			"WPA: EAPOL frame too short to be a WPA "
   1614 			"EAPOL-Key (len %lu, expecting at least %lu)",
   1615 			(unsigned long) len,
   1616 			(unsigned long) sizeof(*hdr) + sizeof(*key));
   1617 		return 0;
   1618 	}
   1619 
   1620 	hdr = (const struct ieee802_1x_hdr *) buf;
   1621 	plen = be_to_host16(hdr->length);
   1622 	data_len = plen + sizeof(*hdr);
   1623 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1624 		"IEEE 802.1X RX: version=%d type=%d length=%lu",
   1625 		hdr->version, hdr->type, (unsigned long) plen);
   1626 
   1627 	if (hdr->version < EAPOL_VERSION) {
   1628 		/* TODO: backwards compatibility */
   1629 	}
   1630 	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
   1631 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1632 			"WPA: EAPOL frame (type %u) discarded, "
   1633 			"not a Key frame", hdr->type);
   1634 		ret = 0;
   1635 		goto out;
   1636 	}
   1637 	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
   1638 	if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
   1639 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1640 			"WPA: EAPOL frame payload size %lu "
   1641 			"invalid (frame size %lu)",
   1642 			(unsigned long) plen, (unsigned long) len);
   1643 		ret = 0;
   1644 		goto out;
   1645 	}
   1646 	if (data_len < len) {
   1647 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1648 			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
   1649 			(unsigned long) len - data_len);
   1650 	}
   1651 
   1652 	/*
   1653 	 * Make a copy of the frame since we need to modify the buffer during
   1654 	 * MAC validation and Key Data decryption.
   1655 	 */
   1656 	tmp = os_malloc(data_len);
   1657 	if (tmp == NULL)
   1658 		goto out;
   1659 	os_memcpy(tmp, buf, data_len);
   1660 	key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
   1661 	key_data = (u8 *) (key + 1);
   1662 
   1663 	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
   1664 	{
   1665 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1666 			"WPA: EAPOL-Key type (%d) unknown, discarded",
   1667 			key->type);
   1668 		ret = 0;
   1669 		goto out;
   1670 	}
   1671 	wpa_eapol_key_dump(sm, key);
   1672 
   1673 	key_data_len = WPA_GET_BE16(key->key_data_length);
   1674 	if (key_data_len > plen - sizeof(struct wpa_eapol_key)) {
   1675 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
   1676 			"frame - key_data overflow (%u > %u)",
   1677 			(unsigned int) key_data_len,
   1678 			(unsigned int) (plen - sizeof(struct wpa_eapol_key)));
   1679 		goto out;
   1680 	}
   1681 
   1682 	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
   1683 	key_info = WPA_GET_BE16(key->key_info);
   1684 	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
   1685 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
   1686 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
   1687 	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
   1688 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
   1689 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
   1690 	    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
   1691 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1692 			"WPA: Unsupported EAPOL-Key descriptor version %d",
   1693 			ver);
   1694 		goto out;
   1695 	}
   1696 
   1697 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
   1698 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
   1699 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1700 			"OSEN: Unsupported EAPOL-Key descriptor version %d",
   1701 			ver);
   1702 		goto out;
   1703 	}
   1704 
   1705 #ifdef CONFIG_IEEE80211R
   1706 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
   1707 		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
   1708 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
   1709 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1710 				"FT: AP did not use AES-128-CMAC");
   1711 			goto out;
   1712 		}
   1713 	} else
   1714 #endif /* CONFIG_IEEE80211R */
   1715 #ifdef CONFIG_IEEE80211W
   1716 	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
   1717 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
   1718 		    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
   1719 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1720 				"WPA: AP did not use the "
   1721 				"negotiated AES-128-CMAC");
   1722 			goto out;
   1723 		}
   1724 	} else
   1725 #endif /* CONFIG_IEEE80211W */
   1726 	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
   1727 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
   1728 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1729 			"WPA: CCMP is used, but EAPOL-Key "
   1730 			"descriptor version (%d) is not 2", ver);
   1731 		if (sm->group_cipher != WPA_CIPHER_CCMP &&
   1732 		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
   1733 			/* Earlier versions of IEEE 802.11i did not explicitly
   1734 			 * require version 2 descriptor for all EAPOL-Key
   1735 			 * packets, so allow group keys to use version 1 if
   1736 			 * CCMP is not used for them. */
   1737 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1738 				"WPA: Backwards compatibility: allow invalid "
   1739 				"version for non-CCMP group keys");
   1740 		} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
   1741 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1742 				"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
   1743 		} else
   1744 			goto out;
   1745 	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
   1746 		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
   1747 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1748 			"WPA: GCMP is used, but EAPOL-Key "
   1749 			"descriptor version (%d) is not 2", ver);
   1750 		goto out;
   1751 	}
   1752 
   1753 #ifdef CONFIG_PEERKEY
   1754 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
   1755 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
   1756 			break;
   1757 	}
   1758 
   1759 	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
   1760 		if (!peerkey->initiator && peerkey->replay_counter_set &&
   1761 		    os_memcmp(key->replay_counter, peerkey->replay_counter,
   1762 			      WPA_REPLAY_COUNTER_LEN) <= 0) {
   1763 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1764 				"RSN: EAPOL-Key Replay Counter did not "
   1765 				"increase (STK) - dropping packet");
   1766 			goto out;
   1767 		} else if (peerkey->initiator) {
   1768 			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
   1769 			os_memcpy(_tmp, key->replay_counter,
   1770 				  WPA_REPLAY_COUNTER_LEN);
   1771 			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
   1772 			if (os_memcmp(_tmp, peerkey->replay_counter,
   1773 				      WPA_REPLAY_COUNTER_LEN) != 0) {
   1774 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   1775 					"RSN: EAPOL-Key Replay "
   1776 					"Counter did not match (STK) - "
   1777 					"dropping packet");
   1778 				goto out;
   1779 			}
   1780 		}
   1781 	}
   1782 
   1783 	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
   1784 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1785 			"RSN: Ack bit in key_info from STK peer");
   1786 		goto out;
   1787 	}
   1788 #endif /* CONFIG_PEERKEY */
   1789 
   1790 	if (!peerkey && sm->rx_replay_counter_set &&
   1791 	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
   1792 		      WPA_REPLAY_COUNTER_LEN) <= 0) {
   1793 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1794 			"WPA: EAPOL-Key Replay Counter did not increase - "
   1795 			"dropping packet");
   1796 		goto out;
   1797 	}
   1798 
   1799 	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
   1800 #ifdef CONFIG_PEERKEY
   1801 	    && (peerkey == NULL || !peerkey->initiator)
   1802 #endif /* CONFIG_PEERKEY */
   1803 		) {
   1804 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1805 			"WPA: No Ack bit in key_info");
   1806 		goto out;
   1807 	}
   1808 
   1809 	if (key_info & WPA_KEY_INFO_REQUEST) {
   1810 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
   1811 			"WPA: EAPOL-Key with Request bit - dropped");
   1812 		goto out;
   1813 	}
   1814 
   1815 	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
   1816 	    wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
   1817 		goto out;
   1818 
   1819 #ifdef CONFIG_PEERKEY
   1820 	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
   1821 	    peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
   1822 		goto out;
   1823 #endif /* CONFIG_PEERKEY */
   1824 
   1825 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
   1826 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
   1827 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
   1828 						    &key_data_len))
   1829 			goto out;
   1830 	}
   1831 
   1832 	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
   1833 		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
   1834 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1835 				"WPA: Ignored EAPOL-Key (Pairwise) with "
   1836 				"non-zero key index");
   1837 			goto out;
   1838 		}
   1839 		if (peerkey) {
   1840 			/* PeerKey 4-Way Handshake */
   1841 			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
   1842 					      key_data, key_data_len);
   1843 		} else if (key_info & WPA_KEY_INFO_MIC) {
   1844 			/* 3/4 4-Way Handshake */
   1845 			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
   1846 						      key_data_len);
   1847 		} else {
   1848 			/* 1/4 4-Way Handshake */
   1849 			wpa_supplicant_process_1_of_4(sm, src_addr, key,
   1850 						      ver, key_data,
   1851 						      key_data_len);
   1852 		}
   1853 	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
   1854 		/* PeerKey SMK Handshake */
   1855 		peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
   1856 				     ver);
   1857 	} else {
   1858 		if (key_info & WPA_KEY_INFO_MIC) {
   1859 			/* 1/2 Group Key Handshake */
   1860 			wpa_supplicant_process_1_of_2(sm, src_addr, key,
   1861 						      key_data, key_data_len,
   1862 						      ver);
   1863 		} else {
   1864 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
   1865 				"WPA: EAPOL-Key (Group) without Mic bit - "
   1866 				"dropped");
   1867 		}
   1868 	}
   1869 
   1870 	ret = 1;
   1871 
   1872 out:
   1873 	os_free(tmp);
   1874 	return ret;
   1875 }
   1876 
   1877 
   1878 #ifdef CONFIG_CTRL_IFACE
   1879 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
   1880 {
   1881 	switch (sm->key_mgmt) {
   1882 	case WPA_KEY_MGMT_IEEE8021X:
   1883 		return ((sm->proto == WPA_PROTO_RSN ||
   1884 			 sm->proto == WPA_PROTO_OSEN) ?
   1885 			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
   1886 			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
   1887 	case WPA_KEY_MGMT_PSK:
   1888 		return (sm->proto == WPA_PROTO_RSN ?
   1889 			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
   1890 			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
   1891 #ifdef CONFIG_IEEE80211R
   1892 	case WPA_KEY_MGMT_FT_IEEE8021X:
   1893 		return RSN_AUTH_KEY_MGMT_FT_802_1X;
   1894 	case WPA_KEY_MGMT_FT_PSK:
   1895 		return RSN_AUTH_KEY_MGMT_FT_PSK;
   1896 #endif /* CONFIG_IEEE80211R */
   1897 #ifdef CONFIG_IEEE80211W
   1898 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
   1899 		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
   1900 	case WPA_KEY_MGMT_PSK_SHA256:
   1901 		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
   1902 #endif /* CONFIG_IEEE80211W */
   1903 	case WPA_KEY_MGMT_CCKM:
   1904 		return (sm->proto == WPA_PROTO_RSN ?
   1905 			RSN_AUTH_KEY_MGMT_CCKM:
   1906 			WPA_AUTH_KEY_MGMT_CCKM);
   1907 	case WPA_KEY_MGMT_WPA_NONE:
   1908 		return WPA_AUTH_KEY_MGMT_NONE;
   1909 	default:
   1910 		return 0;
   1911 	}
   1912 }
   1913 
   1914 
   1915 #define RSN_SUITE "%02x-%02x-%02x-%d"
   1916 #define RSN_SUITE_ARG(s) \
   1917 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
   1918 
   1919 /**
   1920  * wpa_sm_get_mib - Dump text list of MIB entries
   1921  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   1922  * @buf: Buffer for the list
   1923  * @buflen: Length of the buffer
   1924  * Returns: Number of bytes written to buffer
   1925  *
   1926  * This function is used fetch dot11 MIB variables.
   1927  */
   1928 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
   1929 {
   1930 	char pmkid_txt[PMKID_LEN * 2 + 1];
   1931 	int rsna, ret;
   1932 	size_t len;
   1933 
   1934 	if (sm->cur_pmksa) {
   1935 		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
   1936 				 sm->cur_pmksa->pmkid, PMKID_LEN);
   1937 	} else
   1938 		pmkid_txt[0] = '\0';
   1939 
   1940 	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
   1941 	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
   1942 	    sm->proto == WPA_PROTO_RSN)
   1943 		rsna = 1;
   1944 	else
   1945 		rsna = 0;
   1946 
   1947 	ret = os_snprintf(buf, buflen,
   1948 			  "dot11RSNAOptionImplemented=TRUE\n"
   1949 			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
   1950 			  "dot11RSNAEnabled=%s\n"
   1951 			  "dot11RSNAPreauthenticationEnabled=%s\n"
   1952 			  "dot11RSNAConfigVersion=%d\n"
   1953 			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
   1954 			  "dot11RSNAConfigGroupCipherSize=%d\n"
   1955 			  "dot11RSNAConfigPMKLifetime=%d\n"
   1956 			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
   1957 			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
   1958 			  "dot11RSNAConfigSATimeout=%d\n",
   1959 			  rsna ? "TRUE" : "FALSE",
   1960 			  rsna ? "TRUE" : "FALSE",
   1961 			  RSN_VERSION,
   1962 			  wpa_cipher_key_len(sm->group_cipher) * 8,
   1963 			  sm->dot11RSNAConfigPMKLifetime,
   1964 			  sm->dot11RSNAConfigPMKReauthThreshold,
   1965 			  sm->dot11RSNAConfigSATimeout);
   1966 	if (ret < 0 || (size_t) ret >= buflen)
   1967 		return 0;
   1968 	len = ret;
   1969 
   1970 	ret = os_snprintf(
   1971 		buf + len, buflen - len,
   1972 		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
   1973 		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
   1974 		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
   1975 		"dot11RSNAPMKIDUsed=%s\n"
   1976 		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
   1977 		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
   1978 		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
   1979 		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
   1980 		"dot11RSNA4WayHandshakeFailures=%u\n",
   1981 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
   1982 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
   1983 						  sm->pairwise_cipher)),
   1984 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
   1985 						  sm->group_cipher)),
   1986 		pmkid_txt,
   1987 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
   1988 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
   1989 						  sm->pairwise_cipher)),
   1990 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
   1991 						  sm->group_cipher)),
   1992 		sm->dot11RSNA4WayHandshakeFailures);
   1993 	if (ret >= 0 && (size_t) ret < buflen)
   1994 		len += ret;
   1995 
   1996 	return (int) len;
   1997 }
   1998 #endif /* CONFIG_CTRL_IFACE */
   1999 
   2000 
   2001 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
   2002 				 void *ctx, enum pmksa_free_reason reason)
   2003 {
   2004 	struct wpa_sm *sm = ctx;
   2005 	int deauth = 0;
   2006 
   2007 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
   2008 		MACSTR " reason=%d", MAC2STR(entry->aa), reason);
   2009 
   2010 	if (sm->cur_pmksa == entry) {
   2011 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2012 			"RSN: %s current PMKSA entry",
   2013 			reason == PMKSA_REPLACE ? "replaced" : "removed");
   2014 		pmksa_cache_clear_current(sm);
   2015 
   2016 		/*
   2017 		 * If an entry is simply being replaced, there's no need to
   2018 		 * deauthenticate because it will be immediately re-added.
   2019 		 * This happens when EAP authentication is completed again
   2020 		 * (reauth or failed PMKSA caching attempt).
   2021 		 */
   2022 		if (reason != PMKSA_REPLACE)
   2023 			deauth = 1;
   2024 	}
   2025 
   2026 	if (reason == PMKSA_EXPIRE &&
   2027 	    (sm->pmk_len == entry->pmk_len &&
   2028 	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
   2029 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2030 			"RSN: deauthenticating due to expired PMK");
   2031 		pmksa_cache_clear_current(sm);
   2032 		deauth = 1;
   2033 	}
   2034 
   2035 	if (deauth) {
   2036 		os_memset(sm->pmk, 0, sizeof(sm->pmk));
   2037 		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
   2038 	}
   2039 }
   2040 
   2041 
   2042 /**
   2043  * wpa_sm_init - Initialize WPA state machine
   2044  * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
   2045  * Returns: Pointer to the allocated WPA state machine data
   2046  *
   2047  * This function is used to allocate a new WPA state machine and the returned
   2048  * value is passed to all WPA state machine calls.
   2049  */
   2050 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
   2051 {
   2052 	struct wpa_sm *sm;
   2053 
   2054 	sm = os_zalloc(sizeof(*sm));
   2055 	if (sm == NULL)
   2056 		return NULL;
   2057 	dl_list_init(&sm->pmksa_candidates);
   2058 	sm->renew_snonce = 1;
   2059 	sm->ctx = ctx;
   2060 
   2061 	sm->dot11RSNAConfigPMKLifetime = 43200;
   2062 	sm->dot11RSNAConfigPMKReauthThreshold = 70;
   2063 	sm->dot11RSNAConfigSATimeout = 60;
   2064 
   2065 	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
   2066 	if (sm->pmksa == NULL) {
   2067 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
   2068 			"RSN: PMKSA cache initialization failed");
   2069 		os_free(sm);
   2070 		return NULL;
   2071 	}
   2072 
   2073 	return sm;
   2074 }
   2075 
   2076 
   2077 /**
   2078  * wpa_sm_deinit - Deinitialize WPA state machine
   2079  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2080  */
   2081 void wpa_sm_deinit(struct wpa_sm *sm)
   2082 {
   2083 	if (sm == NULL)
   2084 		return;
   2085 	pmksa_cache_deinit(sm->pmksa);
   2086 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
   2087 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
   2088 	os_free(sm->assoc_wpa_ie);
   2089 	os_free(sm->ap_wpa_ie);
   2090 	os_free(sm->ap_rsn_ie);
   2091 	os_free(sm->ctx);
   2092 	peerkey_deinit(sm);
   2093 #ifdef CONFIG_IEEE80211R
   2094 	os_free(sm->assoc_resp_ies);
   2095 #endif /* CONFIG_IEEE80211R */
   2096 	os_free(sm);
   2097 }
   2098 
   2099 
   2100 /**
   2101  * wpa_sm_notify_assoc - Notify WPA state machine about association
   2102  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2103  * @bssid: The BSSID of the new association
   2104  *
   2105  * This function is called to let WPA state machine know that the connection
   2106  * was established.
   2107  */
   2108 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
   2109 {
   2110 	int clear_ptk = 1;
   2111 
   2112 	if (sm == NULL)
   2113 		return;
   2114 
   2115 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2116 		"WPA: Association event - clear replay counter");
   2117 	os_memcpy(sm->bssid, bssid, ETH_ALEN);
   2118 	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
   2119 	sm->rx_replay_counter_set = 0;
   2120 	sm->renew_snonce = 1;
   2121 	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
   2122 		rsn_preauth_deinit(sm);
   2123 
   2124 #ifdef CONFIG_IEEE80211R
   2125 	if (wpa_ft_is_completed(sm)) {
   2126 		/*
   2127 		 * Clear portValid to kick EAPOL state machine to re-enter
   2128 		 * AUTHENTICATED state to get the EAPOL port Authorized.
   2129 		 */
   2130 		eapol_sm_notify_portValid(sm->eapol, FALSE);
   2131 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
   2132 
   2133 		/* Prepare for the next transition */
   2134 		wpa_ft_prepare_auth_request(sm, NULL);
   2135 
   2136 		clear_ptk = 0;
   2137 	}
   2138 #endif /* CONFIG_IEEE80211R */
   2139 
   2140 	if (clear_ptk) {
   2141 		/*
   2142 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
   2143 		 * this is not part of a Fast BSS Transition.
   2144 		 */
   2145 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
   2146 		sm->ptk_set = 0;
   2147 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
   2148 		sm->tptk_set = 0;
   2149 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
   2150 	}
   2151 
   2152 #ifdef CONFIG_TDLS
   2153 	wpa_tdls_assoc(sm);
   2154 #endif /* CONFIG_TDLS */
   2155 
   2156 #ifdef CONFIG_P2P
   2157 	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
   2158 #endif /* CONFIG_P2P */
   2159 }
   2160 
   2161 
   2162 /**
   2163  * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
   2164  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2165  *
   2166  * This function is called to let WPA state machine know that the connection
   2167  * was lost. This will abort any existing pre-authentication session.
   2168  */
   2169 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
   2170 {
   2171 	peerkey_deinit(sm);
   2172 	rsn_preauth_deinit(sm);
   2173 	pmksa_cache_clear_current(sm);
   2174 	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
   2175 		sm->dot11RSNA4WayHandshakeFailures++;
   2176 #ifdef CONFIG_TDLS
   2177 	wpa_tdls_disassoc(sm);
   2178 #endif /* CONFIG_TDLS */
   2179 }
   2180 
   2181 
   2182 /**
   2183  * wpa_sm_set_pmk - Set PMK
   2184  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2185  * @pmk: The new PMK
   2186  * @pmk_len: The length of the new PMK in bytes
   2187  *
   2188  * Configure the PMK for WPA state machine.
   2189  */
   2190 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
   2191 {
   2192 	if (sm == NULL)
   2193 		return;
   2194 
   2195 	sm->pmk_len = pmk_len;
   2196 	os_memcpy(sm->pmk, pmk, pmk_len);
   2197 
   2198 #ifdef CONFIG_IEEE80211R
   2199 	/* Set XXKey to be PSK for FT key derivation */
   2200 	sm->xxkey_len = pmk_len;
   2201 	os_memcpy(sm->xxkey, pmk, pmk_len);
   2202 #endif /* CONFIG_IEEE80211R */
   2203 }
   2204 
   2205 
   2206 /**
   2207  * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
   2208  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2209  *
   2210  * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
   2211  * will be cleared.
   2212  */
   2213 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
   2214 {
   2215 	if (sm == NULL)
   2216 		return;
   2217 
   2218 	if (sm->cur_pmksa) {
   2219 		sm->pmk_len = sm->cur_pmksa->pmk_len;
   2220 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
   2221 	} else {
   2222 		sm->pmk_len = PMK_LEN;
   2223 		os_memset(sm->pmk, 0, PMK_LEN);
   2224 	}
   2225 }
   2226 
   2227 
   2228 /**
   2229  * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
   2230  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2231  * @fast_reauth: Whether fast reauthentication (EAP) is allowed
   2232  */
   2233 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
   2234 {
   2235 	if (sm)
   2236 		sm->fast_reauth = fast_reauth;
   2237 }
   2238 
   2239 
   2240 /**
   2241  * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
   2242  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2243  * @scard_ctx: Context pointer for smartcard related callback functions
   2244  */
   2245 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
   2246 {
   2247 	if (sm == NULL)
   2248 		return;
   2249 	sm->scard_ctx = scard_ctx;
   2250 	if (sm->preauth_eapol)
   2251 		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
   2252 }
   2253 
   2254 
   2255 /**
   2256  * wpa_sm_set_config - Notification of current configration change
   2257  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2258  * @config: Pointer to current network configuration
   2259  *
   2260  * Notify WPA state machine that configuration has changed. config will be
   2261  * stored as a backpointer to network configuration. This can be %NULL to clear
   2262  * the stored pointed.
   2263  */
   2264 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
   2265 {
   2266 	if (!sm)
   2267 		return;
   2268 
   2269 	if (config) {
   2270 		sm->network_ctx = config->network_ctx;
   2271 		sm->peerkey_enabled = config->peerkey_enabled;
   2272 		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
   2273 		sm->proactive_key_caching = config->proactive_key_caching;
   2274 		sm->eap_workaround = config->eap_workaround;
   2275 		sm->eap_conf_ctx = config->eap_conf_ctx;
   2276 		if (config->ssid) {
   2277 			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
   2278 			sm->ssid_len = config->ssid_len;
   2279 		} else
   2280 			sm->ssid_len = 0;
   2281 		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
   2282 		sm->p2p = config->p2p;
   2283 	} else {
   2284 		sm->network_ctx = NULL;
   2285 		sm->peerkey_enabled = 0;
   2286 		sm->allowed_pairwise_cipher = 0;
   2287 		sm->proactive_key_caching = 0;
   2288 		sm->eap_workaround = 0;
   2289 		sm->eap_conf_ctx = NULL;
   2290 		sm->ssid_len = 0;
   2291 		sm->wpa_ptk_rekey = 0;
   2292 		sm->p2p = 0;
   2293 	}
   2294 }
   2295 
   2296 
   2297 /**
   2298  * wpa_sm_set_own_addr - Set own MAC address
   2299  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2300  * @addr: Own MAC address
   2301  */
   2302 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
   2303 {
   2304 	if (sm)
   2305 		os_memcpy(sm->own_addr, addr, ETH_ALEN);
   2306 }
   2307 
   2308 
   2309 /**
   2310  * wpa_sm_set_ifname - Set network interface name
   2311  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2312  * @ifname: Interface name
   2313  * @bridge_ifname: Optional bridge interface name (for pre-auth)
   2314  */
   2315 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
   2316 		       const char *bridge_ifname)
   2317 {
   2318 	if (sm) {
   2319 		sm->ifname = ifname;
   2320 		sm->bridge_ifname = bridge_ifname;
   2321 	}
   2322 }
   2323 
   2324 
   2325 /**
   2326  * wpa_sm_set_eapol - Set EAPOL state machine pointer
   2327  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2328  * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
   2329  */
   2330 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
   2331 {
   2332 	if (sm)
   2333 		sm->eapol = eapol;
   2334 }
   2335 
   2336 
   2337 /**
   2338  * wpa_sm_set_param - Set WPA state machine parameters
   2339  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2340  * @param: Parameter field
   2341  * @value: Parameter value
   2342  * Returns: 0 on success, -1 on failure
   2343  */
   2344 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
   2345 		     unsigned int value)
   2346 {
   2347 	int ret = 0;
   2348 
   2349 	if (sm == NULL)
   2350 		return -1;
   2351 
   2352 	switch (param) {
   2353 	case RSNA_PMK_LIFETIME:
   2354 		if (value > 0)
   2355 			sm->dot11RSNAConfigPMKLifetime = value;
   2356 		else
   2357 			ret = -1;
   2358 		break;
   2359 	case RSNA_PMK_REAUTH_THRESHOLD:
   2360 		if (value > 0 && value <= 100)
   2361 			sm->dot11RSNAConfigPMKReauthThreshold = value;
   2362 		else
   2363 			ret = -1;
   2364 		break;
   2365 	case RSNA_SA_TIMEOUT:
   2366 		if (value > 0)
   2367 			sm->dot11RSNAConfigSATimeout = value;
   2368 		else
   2369 			ret = -1;
   2370 		break;
   2371 	case WPA_PARAM_PROTO:
   2372 		sm->proto = value;
   2373 		break;
   2374 	case WPA_PARAM_PAIRWISE:
   2375 		sm->pairwise_cipher = value;
   2376 		break;
   2377 	case WPA_PARAM_GROUP:
   2378 		sm->group_cipher = value;
   2379 		break;
   2380 	case WPA_PARAM_KEY_MGMT:
   2381 		sm->key_mgmt = value;
   2382 		break;
   2383 #ifdef CONFIG_IEEE80211W
   2384 	case WPA_PARAM_MGMT_GROUP:
   2385 		sm->mgmt_group_cipher = value;
   2386 		break;
   2387 #endif /* CONFIG_IEEE80211W */
   2388 	case WPA_PARAM_RSN_ENABLED:
   2389 		sm->rsn_enabled = value;
   2390 		break;
   2391 	case WPA_PARAM_MFP:
   2392 		sm->mfp = value;
   2393 		break;
   2394 	default:
   2395 		break;
   2396 	}
   2397 
   2398 	return ret;
   2399 }
   2400 
   2401 
   2402 /**
   2403  * wpa_sm_get_status - Get WPA state machine
   2404  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2405  * @buf: Buffer for status information
   2406  * @buflen: Maximum buffer length
   2407  * @verbose: Whether to include verbose status information
   2408  * Returns: Number of bytes written to buf.
   2409  *
   2410  * Query WPA state machine for status information. This function fills in
   2411  * a text area with current status information. If the buffer (buf) is not
   2412  * large enough, status information will be truncated to fit the buffer.
   2413  */
   2414 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
   2415 		      int verbose)
   2416 {
   2417 	char *pos = buf, *end = buf + buflen;
   2418 	int ret;
   2419 
   2420 	ret = os_snprintf(pos, end - pos,
   2421 			  "pairwise_cipher=%s\n"
   2422 			  "group_cipher=%s\n"
   2423 			  "key_mgmt=%s\n",
   2424 			  wpa_cipher_txt(sm->pairwise_cipher),
   2425 			  wpa_cipher_txt(sm->group_cipher),
   2426 			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
   2427 	if (ret < 0 || ret >= end - pos)
   2428 		return pos - buf;
   2429 	pos += ret;
   2430 
   2431 	if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
   2432 		struct wpa_ie_data rsn;
   2433 		if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
   2434 		    >= 0 &&
   2435 		    rsn.capabilities & (WPA_CAPABILITY_MFPR |
   2436 					WPA_CAPABILITY_MFPC)) {
   2437 			ret = os_snprintf(pos, end - pos, "pmf=%d\n",
   2438 					  (rsn.capabilities &
   2439 					   WPA_CAPABILITY_MFPR) ? 2 : 1);
   2440 			if (ret < 0 || ret >= end - pos)
   2441 				return pos - buf;
   2442 			pos += ret;
   2443 		}
   2444 	}
   2445 
   2446 	return pos - buf;
   2447 }
   2448 
   2449 
   2450 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
   2451 {
   2452 	struct wpa_ie_data rsn;
   2453 
   2454 	if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
   2455 		return 0;
   2456 
   2457 	if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
   2458 	    rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
   2459 		return 1;
   2460 
   2461 	return 0;
   2462 }
   2463 
   2464 
   2465 /**
   2466  * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
   2467  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2468  * @wpa_ie: Pointer to buffer for WPA/RSN IE
   2469  * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
   2470  * Returns: 0 on success, -1 on failure
   2471  */
   2472 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
   2473 				    size_t *wpa_ie_len)
   2474 {
   2475 	int res;
   2476 
   2477 	if (sm == NULL)
   2478 		return -1;
   2479 
   2480 	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
   2481 	if (res < 0)
   2482 		return -1;
   2483 	*wpa_ie_len = res;
   2484 
   2485 	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
   2486 		    wpa_ie, *wpa_ie_len);
   2487 
   2488 	if (sm->assoc_wpa_ie == NULL) {
   2489 		/*
   2490 		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
   2491 		 * the correct version of the IE even if PMKSA caching is
   2492 		 * aborted (which would remove PMKID from IE generation).
   2493 		 */
   2494 		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
   2495 		if (sm->assoc_wpa_ie == NULL)
   2496 			return -1;
   2497 
   2498 		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
   2499 		sm->assoc_wpa_ie_len = *wpa_ie_len;
   2500 	}
   2501 
   2502 	return 0;
   2503 }
   2504 
   2505 
   2506 /**
   2507  * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
   2508  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2509  * @ie: Pointer to IE data (starting from id)
   2510  * @len: IE length
   2511  * Returns: 0 on success, -1 on failure
   2512  *
   2513  * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
   2514  * Request frame. The IE will be used to override the default value generated
   2515  * with wpa_sm_set_assoc_wpa_ie_default().
   2516  */
   2517 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
   2518 {
   2519 	if (sm == NULL)
   2520 		return -1;
   2521 
   2522 	os_free(sm->assoc_wpa_ie);
   2523 	if (ie == NULL || len == 0) {
   2524 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2525 			"WPA: clearing own WPA/RSN IE");
   2526 		sm->assoc_wpa_ie = NULL;
   2527 		sm->assoc_wpa_ie_len = 0;
   2528 	} else {
   2529 		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
   2530 		sm->assoc_wpa_ie = os_malloc(len);
   2531 		if (sm->assoc_wpa_ie == NULL)
   2532 			return -1;
   2533 
   2534 		os_memcpy(sm->assoc_wpa_ie, ie, len);
   2535 		sm->assoc_wpa_ie_len = len;
   2536 	}
   2537 
   2538 	return 0;
   2539 }
   2540 
   2541 
   2542 /**
   2543  * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
   2544  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2545  * @ie: Pointer to IE data (starting from id)
   2546  * @len: IE length
   2547  * Returns: 0 on success, -1 on failure
   2548  *
   2549  * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
   2550  * frame.
   2551  */
   2552 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
   2553 {
   2554 	if (sm == NULL)
   2555 		return -1;
   2556 
   2557 	os_free(sm->ap_wpa_ie);
   2558 	if (ie == NULL || len == 0) {
   2559 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2560 			"WPA: clearing AP WPA IE");
   2561 		sm->ap_wpa_ie = NULL;
   2562 		sm->ap_wpa_ie_len = 0;
   2563 	} else {
   2564 		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
   2565 		sm->ap_wpa_ie = os_malloc(len);
   2566 		if (sm->ap_wpa_ie == NULL)
   2567 			return -1;
   2568 
   2569 		os_memcpy(sm->ap_wpa_ie, ie, len);
   2570 		sm->ap_wpa_ie_len = len;
   2571 	}
   2572 
   2573 	return 0;
   2574 }
   2575 
   2576 
   2577 /**
   2578  * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
   2579  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2580  * @ie: Pointer to IE data (starting from id)
   2581  * @len: IE length
   2582  * Returns: 0 on success, -1 on failure
   2583  *
   2584  * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
   2585  * frame.
   2586  */
   2587 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
   2588 {
   2589 	if (sm == NULL)
   2590 		return -1;
   2591 
   2592 	os_free(sm->ap_rsn_ie);
   2593 	if (ie == NULL || len == 0) {
   2594 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2595 			"WPA: clearing AP RSN IE");
   2596 		sm->ap_rsn_ie = NULL;
   2597 		sm->ap_rsn_ie_len = 0;
   2598 	} else {
   2599 		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
   2600 		sm->ap_rsn_ie = os_malloc(len);
   2601 		if (sm->ap_rsn_ie == NULL)
   2602 			return -1;
   2603 
   2604 		os_memcpy(sm->ap_rsn_ie, ie, len);
   2605 		sm->ap_rsn_ie_len = len;
   2606 	}
   2607 
   2608 	return 0;
   2609 }
   2610 
   2611 
   2612 /**
   2613  * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
   2614  * @sm: Pointer to WPA state machine data from wpa_sm_init()
   2615  * @data: Pointer to data area for parsing results
   2616  * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
   2617  *
   2618  * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
   2619  * parsed data into data.
   2620  */
   2621 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
   2622 {
   2623 	if (sm == NULL)
   2624 		return -1;
   2625 
   2626 	if (sm->assoc_wpa_ie == NULL) {
   2627 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
   2628 			"WPA: No WPA/RSN IE available from association info");
   2629 		return -1;
   2630 	}
   2631 	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
   2632 		return -2;
   2633 	return 0;
   2634 }
   2635 
   2636 
   2637 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
   2638 {
   2639 	return pmksa_cache_list(sm->pmksa, buf, len);
   2640 }
   2641 
   2642 
   2643 #ifdef CONFIG_TESTING_OPTIONS
   2644 void wpa_sm_drop_sa(struct wpa_sm *sm)
   2645 {
   2646 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
   2647 	sm->ptk_set = 0;
   2648 	sm->tptk_set = 0;
   2649 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
   2650 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
   2651 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
   2652 }
   2653 #endif /* CONFIG_TESTING_OPTIONS */
   2654 
   2655 
   2656 int wpa_sm_has_ptk(struct wpa_sm *sm)
   2657 {
   2658 	if (sm == NULL)
   2659 		return 0;
   2660 	return sm->ptk_set;
   2661 }
   2662 
   2663 
   2664 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
   2665 {
   2666 	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
   2667 }
   2668 
   2669 
   2670 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
   2671 {
   2672 	pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
   2673 }
   2674 
   2675 
   2676 #ifdef CONFIG_WNM
   2677 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
   2678 {
   2679 	u16 keyinfo;
   2680 	u8 keylen;  /* plaintext key len */
   2681 	u8 *key_rsc;
   2682 
   2683 	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
   2684 		struct wpa_gtk_data gd;
   2685 
   2686 		os_memset(&gd, 0, sizeof(gd));
   2687 		keylen = wpa_cipher_key_len(sm->group_cipher);
   2688 		gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
   2689 		gd.alg = wpa_cipher_to_alg(sm->group_cipher);
   2690 		if (gd.alg == WPA_ALG_NONE) {
   2691 			wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
   2692 			return -1;
   2693 		}
   2694 
   2695 		key_rsc = buf + 5;
   2696 		keyinfo = WPA_GET_LE16(buf + 2);
   2697 		gd.gtk_len = keylen;
   2698 		if (gd.gtk_len != buf[4]) {
   2699 			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
   2700 				   gd.gtk_len, buf[4]);
   2701 			return -1;
   2702 		}
   2703 		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
   2704 		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
   2705 		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
   2706 
   2707 		os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
   2708 
   2709 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
   2710 				gd.gtk, gd.gtk_len);
   2711 		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
   2712 			os_memset(&gd, 0, sizeof(gd));
   2713 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
   2714 				   "WNM mode");
   2715 			return -1;
   2716 		}
   2717 		os_memset(&gd, 0, sizeof(gd));
   2718 #ifdef CONFIG_IEEE80211W
   2719 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
   2720 		struct wpa_igtk_kde igd;
   2721 		u16 keyidx;
   2722 
   2723 		os_memset(&igd, 0, sizeof(igd));
   2724 		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
   2725 		os_memcpy(igd.keyid, buf + 2, 2);
   2726 		os_memcpy(igd.pn, buf + 4, 6);
   2727 
   2728 		keyidx = WPA_GET_LE16(igd.keyid);
   2729 		os_memcpy(igd.igtk, buf + 10, keylen);
   2730 
   2731 		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
   2732 				igd.igtk, keylen);
   2733 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
   2734 				   broadcast_ether_addr,
   2735 				   keyidx, 0, igd.pn, sizeof(igd.pn),
   2736 				   igd.igtk, keylen) < 0) {
   2737 			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
   2738 				   "WNM mode");
   2739 			os_memset(&igd, 0, sizeof(igd));
   2740 			return -1;
   2741 		}
   2742 		os_memset(&igd, 0, sizeof(igd));
   2743 #endif /* CONFIG_IEEE80211W */
   2744 	} else {
   2745 		wpa_printf(MSG_DEBUG, "Unknown element id");
   2746 		return -1;
   2747 	}
   2748 
   2749 	return 0;
   2750 }
   2751 #endif /* CONFIG_WNM */
   2752 
   2753 
   2754 #ifdef CONFIG_PEERKEY
   2755 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
   2756 			    const u8 *buf, size_t len)
   2757 {
   2758 	struct wpa_peerkey *peerkey;
   2759 
   2760 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
   2761 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
   2762 			break;
   2763 	}
   2764 
   2765 	if (!peerkey)
   2766 		return 0;
   2767 
   2768 	wpa_sm_rx_eapol(sm, src_addr, buf, len);
   2769 
   2770 	return 1;
   2771 }
   2772 #endif /* CONFIG_PEERKEY */
   2773 
   2774 
   2775 #ifdef CONFIG_P2P
   2776 
   2777 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
   2778 {
   2779 	if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
   2780 		return -1;
   2781 	os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
   2782 	return 0;
   2783 }
   2784 
   2785 #endif /* CONFIG_P2P */
   2786