1 /* 2 * WPA Supplicant - WPA state machine and EAPOL-Key processing 3 * Copyright (c) 2003-2015, Jouni Malinen <j (at) w1.fi> 4 * Copyright(c) 2015 Intel Deutschland GmbH 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "includes.h" 11 12 #include "common.h" 13 #include "crypto/aes.h" 14 #include "crypto/aes_wrap.h" 15 #include "crypto/crypto.h" 16 #include "crypto/random.h" 17 #include "crypto/aes_siv.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "eap_common/eap_defs.h" 21 #include "eapol_supp/eapol_supp_sm.h" 22 #include "wpa.h" 23 #include "eloop.h" 24 #include "preauth.h" 25 #include "pmksa_cache.h" 26 #include "wpa_i.h" 27 #include "wpa_ie.h" 28 #include "peerkey.h" 29 30 31 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 32 33 34 /** 35 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message 36 * @sm: Pointer to WPA state machine data from wpa_sm_init() 37 * @ptk: PTK for Key Confirmation/Encryption Key 38 * @ver: Version field from Key Info 39 * @dest: Destination address for the frame 40 * @proto: Ethertype (usually ETH_P_EAPOL) 41 * @msg: EAPOL-Key message 42 * @msg_len: Length of message 43 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written 44 * Returns: >= 0 on success, < 0 on failure 45 */ 46 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk, 47 int ver, const u8 *dest, u16 proto, 48 u8 *msg, size_t msg_len, u8 *key_mic) 49 { 50 int ret = -1; 51 size_t mic_len = wpa_mic_len(sm->key_mgmt); 52 53 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) { 54 /* 55 * Association event was not yet received; try to fetch 56 * BSSID from the driver. 57 */ 58 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { 59 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 60 "WPA: Failed to read BSSID for " 61 "EAPOL-Key destination address"); 62 } else { 63 dest = sm->bssid; 64 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 65 "WPA: Use BSSID (" MACSTR 66 ") as the destination for EAPOL-Key", 67 MAC2STR(dest)); 68 } 69 } 70 71 if (mic_len) { 72 if (key_mic && (!ptk || !ptk->kck_len)) 73 goto out; 74 75 if (key_mic && 76 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver, 77 msg, msg_len, key_mic)) { 78 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 79 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", 80 ver, sm->key_mgmt); 81 goto out; 82 } 83 if (ptk) 84 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", 85 ptk->kck, ptk->kck_len); 86 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", 87 key_mic, mic_len); 88 } else { 89 #ifdef CONFIG_FILS 90 /* AEAD cipher - Key MIC field not used */ 91 struct ieee802_1x_hdr *s_hdr, *hdr; 92 struct wpa_eapol_key *s_key, *key; 93 u8 *buf, *s_key_data, *key_data; 94 size_t buf_len = msg_len + AES_BLOCK_SIZE; 95 size_t key_data_len; 96 u16 eapol_len; 97 const u8 *aad[1]; 98 size_t aad_len[1]; 99 100 if (!ptk || !ptk->kek_len) 101 goto out; 102 103 key_data_len = msg_len - sizeof(struct ieee802_1x_hdr) - 104 sizeof(struct wpa_eapol_key) - 2; 105 106 buf = os_malloc(buf_len); 107 if (!buf) 108 goto out; 109 110 os_memcpy(buf, msg, msg_len); 111 hdr = (struct ieee802_1x_hdr *) buf; 112 key = (struct wpa_eapol_key *) (hdr + 1); 113 key_data = ((u8 *) (key + 1)) + 2; 114 115 /* Update EAPOL header to include AES-SIV overhead */ 116 eapol_len = be_to_host16(hdr->length); 117 eapol_len += AES_BLOCK_SIZE; 118 hdr->length = host_to_be16(eapol_len); 119 120 /* Update Key Data Length field to include AES-SIV overhead */ 121 WPA_PUT_BE16((u8 *) (key + 1), AES_BLOCK_SIZE + key_data_len); 122 123 s_hdr = (struct ieee802_1x_hdr *) msg; 124 s_key = (struct wpa_eapol_key *) (s_hdr + 1); 125 s_key_data = ((u8 *) (s_key + 1)) + 2; 126 127 wpa_hexdump_key(MSG_DEBUG, "WPA: Plaintext Key Data", 128 s_key_data, key_data_len); 129 130 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK", ptk->kek, ptk->kek_len); 131 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to 132 * to Key Data (exclusive). */ 133 aad[0] = buf; 134 aad_len[0] = key_data - buf; 135 if (aes_siv_encrypt(ptk->kek, ptk->kek_len, 136 s_key_data, key_data_len, 137 1, aad, aad_len, key_data) < 0) { 138 os_free(buf); 139 goto out; 140 } 141 142 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV", 143 key_data, AES_BLOCK_SIZE + key_data_len); 144 145 os_free(msg); 146 msg = buf; 147 msg_len = buf_len; 148 #else /* CONFIG_FILS */ 149 goto out; 150 #endif /* CONFIG_FILS */ 151 } 152 153 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len); 154 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len); 155 eapol_sm_notify_tx_eapol_key(sm->eapol); 156 out: 157 os_free(msg); 158 return ret; 159 } 160 161 162 /** 163 * wpa_sm_key_request - Send EAPOL-Key Request 164 * @sm: Pointer to WPA state machine data from wpa_sm_init() 165 * @error: Indicate whether this is an Michael MIC error report 166 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet 167 * 168 * Send an EAPOL-Key Request to the current authenticator. This function is 169 * used to request rekeying and it is usually called when a local Michael MIC 170 * failure is detected. 171 */ 172 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) 173 { 174 size_t mic_len, hdrlen, rlen; 175 struct wpa_eapol_key *reply; 176 int key_info, ver; 177 u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic; 178 179 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN || 180 wpa_key_mgmt_suite_b(sm->key_mgmt)) 181 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED; 182 else if (wpa_key_mgmt_ft(sm->key_mgmt) || 183 wpa_key_mgmt_sha256(sm->key_mgmt)) 184 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC; 185 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP) 186 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 187 else 188 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 189 190 if (wpa_sm_get_bssid(sm, bssid) < 0) { 191 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 192 "Failed to read BSSID for EAPOL-Key request"); 193 return; 194 } 195 196 mic_len = wpa_mic_len(sm->key_mgmt); 197 hdrlen = sizeof(*reply) + mic_len + 2; 198 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 199 hdrlen, &rlen, (void *) &reply); 200 if (rbuf == NULL) 201 return; 202 203 reply->type = (sm->proto == WPA_PROTO_RSN || 204 sm->proto == WPA_PROTO_OSEN) ? 205 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 206 key_info = WPA_KEY_INFO_REQUEST | ver; 207 if (sm->ptk_set) 208 key_info |= WPA_KEY_INFO_SECURE; 209 if (sm->ptk_set && mic_len) 210 key_info |= WPA_KEY_INFO_MIC; 211 if (error) 212 key_info |= WPA_KEY_INFO_ERROR; 213 if (pairwise) 214 key_info |= WPA_KEY_INFO_KEY_TYPE; 215 WPA_PUT_BE16(reply->key_info, key_info); 216 WPA_PUT_BE16(reply->key_length, 0); 217 os_memcpy(reply->replay_counter, sm->request_counter, 218 WPA_REPLAY_COUNTER_LEN); 219 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN); 220 221 mic = (u8 *) (reply + 1); 222 WPA_PUT_BE16(mic + mic_len, 0); 223 if (!(key_info & WPA_KEY_INFO_MIC)) 224 key_mic = NULL; 225 else 226 key_mic = mic; 227 228 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 229 "WPA: Sending EAPOL-Key Request (error=%d " 230 "pairwise=%d ptk_set=%d len=%lu)", 231 error, pairwise, sm->ptk_set, (unsigned long) rlen); 232 wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen, 233 key_mic); 234 } 235 236 237 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm) 238 { 239 #ifdef CONFIG_IEEE80211R 240 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { 241 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len)) 242 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 243 "RSN: Cannot set low order 256 bits of MSK for key management offload"); 244 } else { 245 #endif /* CONFIG_IEEE80211R */ 246 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len)) 247 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 248 "RSN: Cannot set PMK for key management offload"); 249 #ifdef CONFIG_IEEE80211R 250 } 251 #endif /* CONFIG_IEEE80211R */ 252 } 253 254 255 static int wpa_supplicant_get_pmk(struct wpa_sm *sm, 256 const unsigned char *src_addr, 257 const u8 *pmkid) 258 { 259 int abort_cached = 0; 260 261 if (pmkid && !sm->cur_pmksa) { 262 /* When using drivers that generate RSN IE, wpa_supplicant may 263 * not have enough time to get the association information 264 * event before receiving this 1/4 message, so try to find a 265 * matching PMKSA cache entry here. */ 266 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid, 267 NULL); 268 if (sm->cur_pmksa) { 269 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 270 "RSN: found matching PMKID from PMKSA cache"); 271 } else { 272 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 273 "RSN: no matching PMKID found"); 274 abort_cached = 1; 275 } 276 } 277 278 if (pmkid && sm->cur_pmksa && 279 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) { 280 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN); 281 wpa_sm_set_pmk_from_pmksa(sm); 282 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache", 283 sm->pmk, sm->pmk_len); 284 eapol_sm_notify_cached(sm->eapol); 285 #ifdef CONFIG_IEEE80211R 286 sm->xxkey_len = 0; 287 #endif /* CONFIG_IEEE80211R */ 288 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { 289 int res, pmk_len; 290 291 if (wpa_key_mgmt_sha384(sm->key_mgmt)) 292 pmk_len = PMK_LEN_SUITE_B_192; 293 else 294 pmk_len = PMK_LEN; 295 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len); 296 if (res) { 297 if (pmk_len == PMK_LEN) { 298 /* 299 * EAP-LEAP is an exception from other EAP 300 * methods: it uses only 16-byte PMK. 301 */ 302 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16); 303 pmk_len = 16; 304 } 305 } else { 306 #ifdef CONFIG_IEEE80211R 307 u8 buf[2 * PMK_LEN]; 308 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) 309 { 310 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); 311 sm->xxkey_len = PMK_LEN; 312 os_memset(buf, 0, sizeof(buf)); 313 } 314 #endif /* CONFIG_IEEE80211R */ 315 } 316 if (res == 0) { 317 struct rsn_pmksa_cache_entry *sa = NULL; 318 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state " 319 "machines", sm->pmk, pmk_len); 320 sm->pmk_len = pmk_len; 321 wpa_supplicant_key_mgmt_set_pmk(sm); 322 if (sm->proto == WPA_PROTO_RSN && 323 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 324 !wpa_key_mgmt_ft(sm->key_mgmt)) { 325 sa = pmksa_cache_add(sm->pmksa, 326 sm->pmk, pmk_len, NULL, 327 NULL, 0, 328 src_addr, sm->own_addr, 329 sm->network_ctx, 330 sm->key_mgmt); 331 } 332 if (!sm->cur_pmksa && pmkid && 333 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL)) 334 { 335 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 336 "RSN: the new PMK matches with the " 337 "PMKID"); 338 abort_cached = 0; 339 } else if (sa && !sm->cur_pmksa && pmkid) { 340 /* 341 * It looks like the authentication server 342 * derived mismatching MSK. This should not 343 * really happen, but bugs happen.. There is not 344 * much we can do here without knowing what 345 * exactly caused the server to misbehave. 346 */ 347 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 348 "RSN: PMKID mismatch - authentication server may have derived different MSK?!"); 349 return -1; 350 } 351 352 if (!sm->cur_pmksa) 353 sm->cur_pmksa = sa; 354 } else { 355 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 356 "WPA: Failed to get master session key from " 357 "EAPOL state machines - key handshake " 358 "aborted"); 359 if (sm->cur_pmksa) { 360 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 361 "RSN: Cancelled PMKSA caching " 362 "attempt"); 363 sm->cur_pmksa = NULL; 364 abort_cached = 1; 365 } else if (!abort_cached) { 366 return -1; 367 } 368 } 369 } 370 371 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && 372 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 373 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN) 374 { 375 /* Send EAPOL-Start to trigger full EAP authentication. */ 376 u8 *buf; 377 size_t buflen; 378 379 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 380 "RSN: no PMKSA entry found - trigger " 381 "full EAP authentication"); 382 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START, 383 NULL, 0, &buflen, NULL); 384 if (buf) { 385 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, 386 buf, buflen); 387 os_free(buf); 388 return -2; 389 } 390 391 return -1; 392 } 393 394 return 0; 395 } 396 397 398 /** 399 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake 400 * @sm: Pointer to WPA state machine data from wpa_sm_init() 401 * @dst: Destination address for the frame 402 * @key: Pointer to the EAPOL-Key frame header 403 * @ver: Version bits from EAPOL-Key Key Info 404 * @nonce: Nonce value for the EAPOL-Key frame 405 * @wpa_ie: WPA/RSN IE 406 * @wpa_ie_len: Length of the WPA/RSN IE 407 * @ptk: PTK to use for keyed hash and encryption 408 * Returns: >= 0 on success, < 0 on failure 409 */ 410 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, 411 const struct wpa_eapol_key *key, 412 int ver, const u8 *nonce, 413 const u8 *wpa_ie, size_t wpa_ie_len, 414 struct wpa_ptk *ptk) 415 { 416 size_t mic_len, hdrlen, rlen; 417 struct wpa_eapol_key *reply; 418 u8 *rbuf, *key_mic; 419 u8 *rsn_ie_buf = NULL; 420 u16 key_info; 421 422 if (wpa_ie == NULL) { 423 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - " 424 "cannot generate msg 2/4"); 425 return -1; 426 } 427 428 #ifdef CONFIG_IEEE80211R 429 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 430 int res; 431 432 /* 433 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and 434 * FTIE from (Re)Association Response. 435 */ 436 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN + 437 sm->assoc_resp_ies_len); 438 if (rsn_ie_buf == NULL) 439 return -1; 440 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len); 441 res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len, 442 sm->pmk_r1_name); 443 if (res < 0) { 444 os_free(rsn_ie_buf); 445 return -1; 446 } 447 448 if (sm->assoc_resp_ies) { 449 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies, 450 sm->assoc_resp_ies_len); 451 wpa_ie_len += sm->assoc_resp_ies_len; 452 } 453 454 wpa_ie = rsn_ie_buf; 455 } 456 #endif /* CONFIG_IEEE80211R */ 457 458 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 459 460 mic_len = wpa_mic_len(sm->key_mgmt); 461 hdrlen = sizeof(*reply) + mic_len + 2; 462 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, 463 NULL, hdrlen + wpa_ie_len, 464 &rlen, (void *) &reply); 465 if (rbuf == NULL) { 466 os_free(rsn_ie_buf); 467 return -1; 468 } 469 470 reply->type = (sm->proto == WPA_PROTO_RSN || 471 sm->proto == WPA_PROTO_OSEN) ? 472 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 473 key_info = ver | WPA_KEY_INFO_KEY_TYPE; 474 if (mic_len) 475 key_info |= WPA_KEY_INFO_MIC; 476 else 477 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 478 WPA_PUT_BE16(reply->key_info, key_info); 479 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 480 WPA_PUT_BE16(reply->key_length, 0); 481 else 482 os_memcpy(reply->key_length, key->key_length, 2); 483 os_memcpy(reply->replay_counter, key->replay_counter, 484 WPA_REPLAY_COUNTER_LEN); 485 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter, 486 WPA_REPLAY_COUNTER_LEN); 487 488 key_mic = (u8 *) (reply + 1); 489 WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len); /* Key Data Length */ 490 os_memcpy(key_mic + mic_len + 2, wpa_ie, wpa_ie_len); /* Key Data */ 491 os_free(rsn_ie_buf); 492 493 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN); 494 495 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 496 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, 497 key_mic); 498 } 499 500 501 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, 502 const struct wpa_eapol_key *key, struct wpa_ptk *ptk) 503 { 504 #ifdef CONFIG_IEEE80211R 505 if (wpa_key_mgmt_ft(sm->key_mgmt)) 506 return wpa_derive_ptk_ft(sm, src_addr, key, ptk); 507 #endif /* CONFIG_IEEE80211R */ 508 509 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", 510 sm->own_addr, sm->bssid, sm->snonce, 511 key->key_nonce, ptk, sm->key_mgmt, 512 sm->pairwise_cipher); 513 } 514 515 516 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 517 const unsigned char *src_addr, 518 const struct wpa_eapol_key *key, 519 u16 ver, const u8 *key_data, 520 size_t key_data_len) 521 { 522 struct wpa_eapol_ie_parse ie; 523 struct wpa_ptk *ptk; 524 int res; 525 u8 *kde, *kde_buf = NULL; 526 size_t kde_len; 527 528 if (wpa_sm_get_network_ctx(sm) == NULL) { 529 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info " 530 "found (msg 1 of 4)"); 531 return; 532 } 533 534 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 535 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way " 536 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 537 538 os_memset(&ie, 0, sizeof(ie)); 539 540 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 541 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 542 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 543 key_data, key_data_len); 544 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 545 goto failed; 546 if (ie.pmkid) { 547 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 548 "Authenticator", ie.pmkid, PMKID_LEN); 549 } 550 } 551 552 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); 553 if (res == -2) { 554 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " 555 "msg 1/4 - requesting full EAP authentication"); 556 return; 557 } 558 if (res) 559 goto failed; 560 561 if (sm->renew_snonce) { 562 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) { 563 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 564 "WPA: Failed to get random data for SNonce"); 565 goto failed; 566 } 567 sm->renew_snonce = 0; 568 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 569 sm->snonce, WPA_NONCE_LEN); 570 } 571 572 /* Calculate PTK which will be stored as a temporary PTK until it has 573 * been verified when processing message 3/4. */ 574 ptk = &sm->tptk; 575 wpa_derive_ptk(sm, src_addr, key, ptk); 576 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 577 u8 buf[8]; 578 /* Supplicant: swap tx/rx Mic keys */ 579 os_memcpy(buf, &ptk->tk[16], 8); 580 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 581 os_memcpy(&ptk->tk[24], buf, 8); 582 os_memset(buf, 0, sizeof(buf)); 583 } 584 sm->tptk_set = 1; 585 sm->tk_to_set = 1; 586 587 kde = sm->assoc_wpa_ie; 588 kde_len = sm->assoc_wpa_ie_len; 589 590 #ifdef CONFIG_P2P 591 if (sm->p2p) { 592 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 593 if (kde_buf) { 594 u8 *pos; 595 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 596 "into EAPOL-Key 2/4"); 597 os_memcpy(kde_buf, kde, kde_len); 598 kde = kde_buf; 599 pos = kde + kde_len; 600 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 601 *pos++ = RSN_SELECTOR_LEN + 1; 602 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ); 603 pos += RSN_SELECTOR_LEN; 604 *pos++ = 0x01; 605 kde_len = pos - kde; 606 } 607 } 608 #endif /* CONFIG_P2P */ 609 610 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, 611 kde, kde_len, ptk) < 0) 612 goto failed; 613 614 os_free(kde_buf); 615 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN); 616 return; 617 618 failed: 619 os_free(kde_buf); 620 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 621 } 622 623 624 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx) 625 { 626 struct wpa_sm *sm = eloop_ctx; 627 rsn_preauth_candidate_process(sm); 628 } 629 630 631 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, 632 const u8 *addr, int secure) 633 { 634 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 635 "WPA: Key negotiation completed with " 636 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), 637 wpa_cipher_txt(sm->pairwise_cipher), 638 wpa_cipher_txt(sm->group_cipher)); 639 wpa_sm_cancel_auth_timeout(sm); 640 wpa_sm_set_state(sm, WPA_COMPLETED); 641 642 if (secure) { 643 wpa_sm_mlme_setprotection( 644 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX, 645 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 646 eapol_sm_notify_portValid(sm->eapol, TRUE); 647 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt)) 648 eapol_sm_notify_eap_success(sm->eapol, TRUE); 649 /* 650 * Start preauthentication after a short wait to avoid a 651 * possible race condition between the data receive and key 652 * configuration after the 4-Way Handshake. This increases the 653 * likelihood of the first preauth EAPOL-Start frame getting to 654 * the target AP. 655 */ 656 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL); 657 } 658 659 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) { 660 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 661 "RSN: Authenticator accepted " 662 "opportunistic PMKSA entry - marking it valid"); 663 sm->cur_pmksa->opportunistic = 0; 664 } 665 666 #ifdef CONFIG_IEEE80211R 667 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 668 /* Prepare for the next transition */ 669 wpa_ft_prepare_auth_request(sm, NULL); 670 } 671 #endif /* CONFIG_IEEE80211R */ 672 } 673 674 675 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx) 676 { 677 struct wpa_sm *sm = eloop_ctx; 678 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 679 wpa_sm_key_request(sm, 0, 1); 680 } 681 682 683 static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 684 const struct wpa_eapol_key *key) 685 { 686 int keylen, rsclen; 687 enum wpa_alg alg; 688 const u8 *key_rsc; 689 690 if (!sm->tk_to_set) { 691 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 692 "WPA: Do not re-install same PTK to the driver"); 693 return 0; 694 } 695 696 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 697 "WPA: Installing PTK to the driver"); 698 699 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 700 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 701 "Suite: NONE - do not use pairwise keys"); 702 return 0; 703 } 704 705 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) { 706 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 707 "WPA: Unsupported pairwise cipher %d", 708 sm->pairwise_cipher); 709 return -1; 710 } 711 712 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 713 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 714 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 715 716 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 717 key_rsc = null_rsc; 718 } else { 719 key_rsc = key->key_rsc; 720 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 721 } 722 723 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 724 sm->ptk.tk, keylen) < 0) { 725 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 726 "WPA: Failed to set PTK to the " 727 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 728 alg, keylen, MAC2STR(sm->bssid)); 729 return -1; 730 } 731 732 /* TK is not needed anymore in supplicant */ 733 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 734 sm->tk_to_set = 0; 735 736 if (sm->wpa_ptk_rekey) { 737 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 738 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 739 sm, NULL); 740 } 741 742 return 0; 743 } 744 745 746 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 747 int group_cipher, 748 int keylen, int maxkeylen, 749 int *key_rsc_len, 750 enum wpa_alg *alg) 751 { 752 int klen; 753 754 *alg = wpa_cipher_to_alg(group_cipher); 755 if (*alg == WPA_ALG_NONE) { 756 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 757 "WPA: Unsupported Group Cipher %d", 758 group_cipher); 759 return -1; 760 } 761 *key_rsc_len = wpa_cipher_rsc_len(group_cipher); 762 763 klen = wpa_cipher_key_len(group_cipher); 764 if (keylen != klen || maxkeylen < klen) { 765 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 766 "WPA: Unsupported %s Group Cipher key length %d (%d)", 767 wpa_cipher_txt(group_cipher), keylen, maxkeylen); 768 return -1; 769 } 770 return 0; 771 } 772 773 774 struct wpa_gtk_data { 775 enum wpa_alg alg; 776 int tx, key_rsc_len, keyidx; 777 u8 gtk[32]; 778 int gtk_len; 779 }; 780 781 782 static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 783 const struct wpa_gtk_data *gd, 784 const u8 *key_rsc) 785 { 786 const u8 *_gtk = gd->gtk; 787 u8 gtk_buf[32]; 788 789 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 790 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 791 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 792 gd->keyidx, gd->tx, gd->gtk_len); 793 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 794 if (sm->group_cipher == WPA_CIPHER_TKIP) { 795 /* Swap Tx/Rx keys for Michael MIC */ 796 os_memcpy(gtk_buf, gd->gtk, 16); 797 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 798 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 799 _gtk = gtk_buf; 800 } 801 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 802 if (wpa_sm_set_key(sm, gd->alg, NULL, 803 gd->keyidx, 1, key_rsc, gd->key_rsc_len, 804 _gtk, gd->gtk_len) < 0) { 805 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 806 "WPA: Failed to set GTK to the driver " 807 "(Group only)"); 808 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 809 return -1; 810 } 811 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 812 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 813 _gtk, gd->gtk_len) < 0) { 814 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 815 "WPA: Failed to set GTK to " 816 "the driver (alg=%d keylen=%d keyidx=%d)", 817 gd->alg, gd->gtk_len, gd->keyidx); 818 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 819 return -1; 820 } 821 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 822 823 return 0; 824 } 825 826 827 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 828 int tx) 829 { 830 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 831 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 832 * seemed to set this bit (incorrectly, since Tx is only when 833 * doing Group Key only APs) and without this workaround, the 834 * data connection does not work because wpa_supplicant 835 * configured non-zero keyidx to be used for unicast. */ 836 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 837 "WPA: Tx bit set for GTK, but pairwise " 838 "keys are used - ignore Tx bit"); 839 return 0; 840 } 841 return tx; 842 } 843 844 845 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, 846 const u8 *rsc) 847 { 848 int rsclen; 849 850 if (!sm->wpa_rsc_relaxation) 851 return 0; 852 853 rsclen = wpa_cipher_rsc_len(sm->group_cipher); 854 855 /* 856 * Try to detect RSC (endian) corruption issue where the AP sends 857 * the RSC bytes in EAPOL-Key message in the wrong order, both if 858 * it's actually a 6-byte field (as it should be) and if it treats 859 * it as an 8-byte field. 860 * An AP model known to have this bug is the Sapido RB-1632. 861 */ 862 if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) { 863 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 864 "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0", 865 rsc[0], rsc[1], rsc[2], rsc[3], 866 rsc[4], rsc[5], rsc[6], rsc[7]); 867 868 return 1; 869 } 870 871 return 0; 872 } 873 874 875 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 876 const struct wpa_eapol_key *key, 877 const u8 *gtk, size_t gtk_len, 878 int key_info) 879 { 880 struct wpa_gtk_data gd; 881 const u8 *key_rsc; 882 883 /* 884 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x 885 * GTK KDE format: 886 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7] 887 * Reserved [bits 0-7] 888 * GTK 889 */ 890 891 os_memset(&gd, 0, sizeof(gd)); 892 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake", 893 gtk, gtk_len); 894 895 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk)) 896 return -1; 897 898 gd.keyidx = gtk[0] & 0x3; 899 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 900 !!(gtk[0] & BIT(2))); 901 gtk += 2; 902 gtk_len -= 2; 903 904 os_memcpy(gd.gtk, gtk, gtk_len); 905 gd.gtk_len = gtk_len; 906 907 key_rsc = key->key_rsc; 908 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 909 key_rsc = null_rsc; 910 911 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 912 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 913 gtk_len, gtk_len, 914 &gd.key_rsc_len, &gd.alg) || 915 wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { 916 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 917 "RSN: Failed to install GTK"); 918 os_memset(&gd, 0, sizeof(gd)); 919 return -1; 920 } 921 os_memset(&gd, 0, sizeof(gd)); 922 923 wpa_supplicant_key_neg_complete(sm, sm->bssid, 924 key_info & WPA_KEY_INFO_SECURE); 925 return 0; 926 } 927 928 929 static int ieee80211w_set_keys(struct wpa_sm *sm, 930 struct wpa_eapol_ie_parse *ie) 931 { 932 #ifdef CONFIG_IEEE80211W 933 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 934 return 0; 935 936 if (ie->igtk) { 937 size_t len; 938 const struct wpa_igtk_kde *igtk; 939 u16 keyidx; 940 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 941 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 942 return -1; 943 igtk = (const struct wpa_igtk_kde *) ie->igtk; 944 keyidx = WPA_GET_LE16(igtk->keyid); 945 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 946 "pn %02x%02x%02x%02x%02x%02x", 947 keyidx, MAC2STR(igtk->pn)); 948 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 949 igtk->igtk, len); 950 if (keyidx > 4095) { 951 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 952 "WPA: Invalid IGTK KeyID %d", keyidx); 953 return -1; 954 } 955 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 956 broadcast_ether_addr, 957 keyidx, 0, igtk->pn, sizeof(igtk->pn), 958 igtk->igtk, len) < 0) { 959 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 960 "WPA: Failed to configure IGTK to the driver"); 961 return -1; 962 } 963 } 964 965 return 0; 966 #else /* CONFIG_IEEE80211W */ 967 return 0; 968 #endif /* CONFIG_IEEE80211W */ 969 } 970 971 972 static void wpa_report_ie_mismatch(struct wpa_sm *sm, 973 const char *reason, const u8 *src_addr, 974 const u8 *wpa_ie, size_t wpa_ie_len, 975 const u8 *rsn_ie, size_t rsn_ie_len) 976 { 977 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")", 978 reason, MAC2STR(src_addr)); 979 980 if (sm->ap_wpa_ie) { 981 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 982 sm->ap_wpa_ie, sm->ap_wpa_ie_len); 983 } 984 if (wpa_ie) { 985 if (!sm->ap_wpa_ie) { 986 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 987 "WPA: No WPA IE in Beacon/ProbeResp"); 988 } 989 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", 990 wpa_ie, wpa_ie_len); 991 } 992 993 if (sm->ap_rsn_ie) { 994 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp", 995 sm->ap_rsn_ie, sm->ap_rsn_ie_len); 996 } 997 if (rsn_ie) { 998 if (!sm->ap_rsn_ie) { 999 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1000 "WPA: No RSN IE in Beacon/ProbeResp"); 1001 } 1002 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", 1003 rsn_ie, rsn_ie_len); 1004 } 1005 1006 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); 1007 } 1008 1009 1010 #ifdef CONFIG_IEEE80211R 1011 1012 static int ft_validate_mdie(struct wpa_sm *sm, 1013 const unsigned char *src_addr, 1014 struct wpa_eapol_ie_parse *ie, 1015 const u8 *assoc_resp_mdie) 1016 { 1017 struct rsn_mdie *mdie; 1018 1019 mdie = (struct rsn_mdie *) (ie->mdie + 2); 1020 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) || 1021 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 1022 MOBILITY_DOMAIN_ID_LEN) != 0) { 1023 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did " 1024 "not match with the current mobility domain"); 1025 return -1; 1026 } 1027 1028 if (assoc_resp_mdie && 1029 (assoc_resp_mdie[1] != ie->mdie[1] || 1030 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) { 1031 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch"); 1032 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4", 1033 ie->mdie, 2 + ie->mdie[1]); 1034 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response", 1035 assoc_resp_mdie, 2 + assoc_resp_mdie[1]); 1036 return -1; 1037 } 1038 1039 return 0; 1040 } 1041 1042 1043 static int ft_validate_ftie(struct wpa_sm *sm, 1044 const unsigned char *src_addr, 1045 struct wpa_eapol_ie_parse *ie, 1046 const u8 *assoc_resp_ftie) 1047 { 1048 if (ie->ftie == NULL) { 1049 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1050 "FT: No FTIE in EAPOL-Key msg 3/4"); 1051 return -1; 1052 } 1053 1054 if (assoc_resp_ftie == NULL) 1055 return 0; 1056 1057 if (assoc_resp_ftie[1] != ie->ftie[1] || 1058 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) { 1059 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch"); 1060 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4", 1061 ie->ftie, 2 + ie->ftie[1]); 1062 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response", 1063 assoc_resp_ftie, 2 + assoc_resp_ftie[1]); 1064 return -1; 1065 } 1066 1067 return 0; 1068 } 1069 1070 1071 static int ft_validate_rsnie(struct wpa_sm *sm, 1072 const unsigned char *src_addr, 1073 struct wpa_eapol_ie_parse *ie) 1074 { 1075 struct wpa_ie_data rsn; 1076 1077 if (!ie->rsn_ie) 1078 return 0; 1079 1080 /* 1081 * Verify that PMKR1Name from EAPOL-Key message 3/4 1082 * matches with the value we derived. 1083 */ 1084 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 || 1085 rsn.num_pmkid != 1 || rsn.pmkid == NULL) { 1086 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in " 1087 "FT 4-way handshake message 3/4"); 1088 return -1; 1089 } 1090 1091 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0) 1092 { 1093 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1094 "FT: PMKR1Name mismatch in " 1095 "FT 4-way handshake message 3/4"); 1096 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator", 1097 rsn.pmkid, WPA_PMK_NAME_LEN); 1098 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", 1099 sm->pmk_r1_name, WPA_PMK_NAME_LEN); 1100 return -1; 1101 } 1102 1103 return 0; 1104 } 1105 1106 1107 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm, 1108 const unsigned char *src_addr, 1109 struct wpa_eapol_ie_parse *ie) 1110 { 1111 const u8 *pos, *end, *mdie = NULL, *ftie = NULL; 1112 1113 if (sm->assoc_resp_ies) { 1114 pos = sm->assoc_resp_ies; 1115 end = pos + sm->assoc_resp_ies_len; 1116 while (end - pos > 2) { 1117 if (2 + pos[1] > end - pos) 1118 break; 1119 switch (*pos) { 1120 case WLAN_EID_MOBILITY_DOMAIN: 1121 mdie = pos; 1122 break; 1123 case WLAN_EID_FAST_BSS_TRANSITION: 1124 ftie = pos; 1125 break; 1126 } 1127 pos += 2 + pos[1]; 1128 } 1129 } 1130 1131 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 || 1132 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 || 1133 ft_validate_rsnie(sm, src_addr, ie) < 0) 1134 return -1; 1135 1136 return 0; 1137 } 1138 1139 #endif /* CONFIG_IEEE80211R */ 1140 1141 1142 static int wpa_supplicant_validate_ie(struct wpa_sm *sm, 1143 const unsigned char *src_addr, 1144 struct wpa_eapol_ie_parse *ie) 1145 { 1146 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) { 1147 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1148 "WPA: No WPA/RSN IE for this AP known. " 1149 "Trying to get from scan results"); 1150 if (wpa_sm_get_beacon_ie(sm) < 0) { 1151 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1152 "WPA: Could not find AP from " 1153 "the scan results"); 1154 } else { 1155 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, 1156 "WPA: Found the current AP from " 1157 "updated scan results"); 1158 } 1159 } 1160 1161 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && 1162 (sm->ap_wpa_ie || sm->ap_rsn_ie)) { 1163 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1164 "with IE in Beacon/ProbeResp (no IE?)", 1165 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1166 ie->rsn_ie, ie->rsn_ie_len); 1167 return -1; 1168 } 1169 1170 if ((ie->wpa_ie && sm->ap_wpa_ie && 1171 (ie->wpa_ie_len != sm->ap_wpa_ie_len || 1172 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) || 1173 (ie->rsn_ie && sm->ap_rsn_ie && 1174 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), 1175 sm->ap_rsn_ie, sm->ap_rsn_ie_len, 1176 ie->rsn_ie, ie->rsn_ie_len))) { 1177 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match " 1178 "with IE in Beacon/ProbeResp", 1179 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1180 ie->rsn_ie, ie->rsn_ie_len); 1181 return -1; 1182 } 1183 1184 if (sm->proto == WPA_PROTO_WPA && 1185 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) { 1186 wpa_report_ie_mismatch(sm, "Possible downgrade attack " 1187 "detected - RSN was enabled and RSN IE " 1188 "was in msg 3/4, but not in " 1189 "Beacon/ProbeResp", 1190 src_addr, ie->wpa_ie, ie->wpa_ie_len, 1191 ie->rsn_ie, ie->rsn_ie_len); 1192 return -1; 1193 } 1194 1195 #ifdef CONFIG_IEEE80211R 1196 if (wpa_key_mgmt_ft(sm->key_mgmt) && 1197 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0) 1198 return -1; 1199 #endif /* CONFIG_IEEE80211R */ 1200 1201 return 0; 1202 } 1203 1204 1205 /** 1206 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake 1207 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1208 * @dst: Destination address for the frame 1209 * @key: Pointer to the EAPOL-Key frame header 1210 * @ver: Version bits from EAPOL-Key Key Info 1211 * @key_info: Key Info 1212 * @ptk: PTK to use for keyed hash and encryption 1213 * Returns: >= 0 on success, < 0 on failure 1214 */ 1215 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, 1216 const struct wpa_eapol_key *key, 1217 u16 ver, u16 key_info, 1218 struct wpa_ptk *ptk) 1219 { 1220 size_t mic_len, hdrlen, rlen; 1221 struct wpa_eapol_key *reply; 1222 u8 *rbuf, *key_mic; 1223 1224 mic_len = wpa_mic_len(sm->key_mgmt); 1225 hdrlen = sizeof(*reply) + mic_len + 2; 1226 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1227 hdrlen, &rlen, (void *) &reply); 1228 if (rbuf == NULL) 1229 return -1; 1230 1231 reply->type = (sm->proto == WPA_PROTO_RSN || 1232 sm->proto == WPA_PROTO_OSEN) ? 1233 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1234 key_info &= WPA_KEY_INFO_SECURE; 1235 key_info |= ver | WPA_KEY_INFO_KEY_TYPE; 1236 if (mic_len) 1237 key_info |= WPA_KEY_INFO_MIC; 1238 else 1239 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; 1240 WPA_PUT_BE16(reply->key_info, key_info); 1241 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1242 WPA_PUT_BE16(reply->key_length, 0); 1243 else 1244 os_memcpy(reply->key_length, key->key_length, 2); 1245 os_memcpy(reply->replay_counter, key->replay_counter, 1246 WPA_REPLAY_COUNTER_LEN); 1247 1248 key_mic = (u8 *) (reply + 1); 1249 WPA_PUT_BE16(key_mic + mic_len, 0); 1250 1251 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1252 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, 1253 key_mic); 1254 } 1255 1256 1257 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, 1258 const struct wpa_eapol_key *key, 1259 u16 ver, const u8 *key_data, 1260 size_t key_data_len) 1261 { 1262 u16 key_info, keylen; 1263 struct wpa_eapol_ie_parse ie; 1264 1265 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); 1266 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way " 1267 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); 1268 1269 key_info = WPA_GET_BE16(key->key_info); 1270 1271 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); 1272 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) 1273 goto failed; 1274 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1275 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1276 "WPA: GTK IE in unencrypted key data"); 1277 goto failed; 1278 } 1279 #ifdef CONFIG_IEEE80211W 1280 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1281 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1282 "WPA: IGTK KDE in unencrypted key data"); 1283 goto failed; 1284 } 1285 1286 if (ie.igtk && 1287 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && 1288 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN + 1289 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { 1290 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1291 "WPA: Invalid IGTK KDE length %lu", 1292 (unsigned long) ie.igtk_len); 1293 goto failed; 1294 } 1295 #endif /* CONFIG_IEEE80211W */ 1296 1297 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0) 1298 goto failed; 1299 1300 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1301 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1302 "WPA: ANonce from message 1 of 4-Way Handshake " 1303 "differs from 3 of 4-Way Handshake - drop packet (src=" 1304 MACSTR ")", MAC2STR(sm->bssid)); 1305 goto failed; 1306 } 1307 1308 keylen = WPA_GET_BE16(key->key_length); 1309 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { 1310 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1311 "WPA: Invalid %s key length %d (src=" MACSTR 1312 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, 1313 MAC2STR(sm->bssid)); 1314 goto failed; 1315 } 1316 1317 #ifdef CONFIG_P2P 1318 if (ie.ip_addr_alloc) { 1319 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4); 1320 wpa_hexdump(MSG_DEBUG, "P2P: IP address info", 1321 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr)); 1322 } 1323 #endif /* CONFIG_P2P */ 1324 1325 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, 1326 &sm->ptk) < 0) { 1327 goto failed; 1328 } 1329 1330 /* SNonce was successfully used in msg 3/4, so mark it to be renewed 1331 * for the next 4-Way Handshake. If msg 3 is received again, the old 1332 * SNonce will still be used to avoid changing PTK. */ 1333 sm->renew_snonce = 1; 1334 1335 if (key_info & WPA_KEY_INFO_INSTALL) { 1336 if (wpa_supplicant_install_ptk(sm, key)) 1337 goto failed; 1338 } 1339 1340 if (key_info & WPA_KEY_INFO_SECURE) { 1341 wpa_sm_mlme_setprotection( 1342 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, 1343 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 1344 eapol_sm_notify_portValid(sm->eapol, TRUE); 1345 } 1346 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1347 1348 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { 1349 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1350 key_info & WPA_KEY_INFO_SECURE); 1351 } else if (ie.gtk && 1352 wpa_supplicant_pairwise_gtk(sm, key, 1353 ie.gtk, ie.gtk_len, key_info) < 0) { 1354 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1355 "RSN: Failed to configure GTK"); 1356 goto failed; 1357 } 1358 1359 if (ieee80211w_set_keys(sm, &ie) < 0) { 1360 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1361 "RSN: Failed to configure IGTK"); 1362 goto failed; 1363 } 1364 1365 if (ie.gtk) 1366 wpa_sm_set_rekey_offload(sm); 1367 1368 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1369 struct rsn_pmksa_cache_entry *sa; 1370 1371 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, 1372 sm->ptk.kck, sm->ptk.kck_len, 1373 sm->bssid, sm->own_addr, 1374 sm->network_ctx, sm->key_mgmt); 1375 if (!sm->cur_pmksa) 1376 sm->cur_pmksa = sa; 1377 } 1378 1379 sm->msg_3_of_4_ok = 1; 1380 return; 1381 1382 failed: 1383 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1384 } 1385 1386 1387 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, 1388 const u8 *keydata, 1389 size_t keydatalen, 1390 u16 key_info, 1391 struct wpa_gtk_data *gd) 1392 { 1393 int maxkeylen; 1394 struct wpa_eapol_ie_parse ie; 1395 1396 wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data", 1397 keydata, keydatalen); 1398 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0) 1399 return -1; 1400 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1401 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1402 "WPA: GTK IE in unencrypted key data"); 1403 return -1; 1404 } 1405 if (ie.gtk == NULL) { 1406 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1407 "WPA: No GTK IE in Group Key msg 1/2"); 1408 return -1; 1409 } 1410 maxkeylen = gd->gtk_len = ie.gtk_len - 2; 1411 1412 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1413 gd->gtk_len, maxkeylen, 1414 &gd->key_rsc_len, &gd->alg)) 1415 return -1; 1416 1417 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake", 1418 ie.gtk, ie.gtk_len); 1419 gd->keyidx = ie.gtk[0] & 0x3; 1420 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 1421 !!(ie.gtk[0] & BIT(2))); 1422 if (ie.gtk_len - 2 > sizeof(gd->gtk)) { 1423 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1424 "RSN: Too long GTK in GTK IE (len=%lu)", 1425 (unsigned long) ie.gtk_len - 2); 1426 return -1; 1427 } 1428 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); 1429 1430 if (ieee80211w_set_keys(sm, &ie) < 0) 1431 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1432 "RSN: Failed to configure IGTK"); 1433 1434 return 0; 1435 } 1436 1437 1438 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm, 1439 const struct wpa_eapol_key *key, 1440 const u8 *key_data, 1441 size_t key_data_len, u16 key_info, 1442 u16 ver, struct wpa_gtk_data *gd) 1443 { 1444 size_t maxkeylen; 1445 u16 gtk_len; 1446 1447 gtk_len = WPA_GET_BE16(key->key_length); 1448 maxkeylen = key_data_len; 1449 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1450 if (maxkeylen < 8) { 1451 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1452 "WPA: Too short maxkeylen (%lu)", 1453 (unsigned long) maxkeylen); 1454 return -1; 1455 } 1456 maxkeylen -= 8; 1457 } 1458 1459 if (gtk_len > maxkeylen || 1460 wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 1461 gtk_len, maxkeylen, 1462 &gd->key_rsc_len, &gd->alg)) 1463 return -1; 1464 1465 gd->gtk_len = gtk_len; 1466 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1467 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1468 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1469 #ifdef CONFIG_NO_RC4 1470 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1471 "WPA: RC4 not supported in the build"); 1472 return -1; 1473 #else /* CONFIG_NO_RC4 */ 1474 u8 ek[32]; 1475 if (key_data_len > sizeof(gd->gtk)) { 1476 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1477 "WPA: RC4 key data too long (%lu)", 1478 (unsigned long) key_data_len); 1479 return -1; 1480 } 1481 os_memcpy(ek, key->key_iv, 16); 1482 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1483 os_memcpy(gd->gtk, key_data, key_data_len); 1484 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { 1485 os_memset(ek, 0, sizeof(ek)); 1486 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1487 "WPA: RC4 failed"); 1488 return -1; 1489 } 1490 os_memset(ek, 0, sizeof(ek)); 1491 #endif /* CONFIG_NO_RC4 */ 1492 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1493 if (maxkeylen % 8) { 1494 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1495 "WPA: Unsupported AES-WRAP len %lu", 1496 (unsigned long) maxkeylen); 1497 return -1; 1498 } 1499 if (maxkeylen > sizeof(gd->gtk)) { 1500 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1501 "WPA: AES-WRAP key data " 1502 "too long (keydatalen=%lu maxkeylen=%lu)", 1503 (unsigned long) key_data_len, 1504 (unsigned long) maxkeylen); 1505 return -1; 1506 } 1507 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, 1508 key_data, gd->gtk)) { 1509 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1510 "WPA: AES unwrap failed - could not decrypt " 1511 "GTK"); 1512 return -1; 1513 } 1514 } else { 1515 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1516 "WPA: Unsupported key_info type %d", ver); 1517 return -1; 1518 } 1519 gd->tx = wpa_supplicant_gtk_tx_bit_workaround( 1520 sm, !!(key_info & WPA_KEY_INFO_TXRX)); 1521 return 0; 1522 } 1523 1524 1525 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, 1526 const struct wpa_eapol_key *key, 1527 int ver, u16 key_info) 1528 { 1529 size_t mic_len, hdrlen, rlen; 1530 struct wpa_eapol_key *reply; 1531 u8 *rbuf, *key_mic; 1532 1533 mic_len = wpa_mic_len(sm->key_mgmt); 1534 hdrlen = sizeof(*reply) + mic_len + 2; 1535 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, 1536 hdrlen, &rlen, (void *) &reply); 1537 if (rbuf == NULL) 1538 return -1; 1539 1540 reply->type = (sm->proto == WPA_PROTO_RSN || 1541 sm->proto == WPA_PROTO_OSEN) ? 1542 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1543 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK; 1544 key_info |= ver | WPA_KEY_INFO_SECURE; 1545 if (mic_len) 1546 key_info |= WPA_KEY_INFO_MIC; 1547 WPA_PUT_BE16(reply->key_info, key_info); 1548 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) 1549 WPA_PUT_BE16(reply->key_length, 0); 1550 else 1551 os_memcpy(reply->key_length, key->key_length, 2); 1552 os_memcpy(reply->replay_counter, key->replay_counter, 1553 WPA_REPLAY_COUNTER_LEN); 1554 1555 key_mic = (u8 *) (reply + 1); 1556 WPA_PUT_BE16(key_mic + mic_len, 0); 1557 1558 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1559 return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL, 1560 rbuf, rlen, key_mic); 1561 } 1562 1563 1564 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 1565 const unsigned char *src_addr, 1566 const struct wpa_eapol_key *key, 1567 const u8 *key_data, 1568 size_t key_data_len, u16 ver) 1569 { 1570 u16 key_info; 1571 int rekey, ret; 1572 struct wpa_gtk_data gd; 1573 const u8 *key_rsc; 1574 1575 if (!sm->msg_3_of_4_ok) { 1576 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 1577 "WPA: Group Key Handshake started prior to completion of 4-way handshake"); 1578 goto failed; 1579 } 1580 1581 os_memset(&gd, 0, sizeof(gd)); 1582 1583 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED; 1584 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key " 1585 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1586 1587 key_info = WPA_GET_BE16(key->key_info); 1588 1589 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) { 1590 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data, 1591 key_data_len, key_info, 1592 &gd); 1593 } else { 1594 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data, 1595 key_data_len, 1596 key_info, ver, &gd); 1597 } 1598 1599 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1600 1601 if (ret) 1602 goto failed; 1603 1604 key_rsc = key->key_rsc; 1605 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 1606 key_rsc = null_rsc; 1607 1608 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || 1609 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) 1610 goto failed; 1611 os_memset(&gd, 0, sizeof(gd)); 1612 1613 if (rekey) { 1614 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1615 "completed with " MACSTR " [GTK=%s]", 1616 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1617 wpa_sm_cancel_auth_timeout(sm); 1618 wpa_sm_set_state(sm, WPA_COMPLETED); 1619 } else { 1620 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1621 key_info & 1622 WPA_KEY_INFO_SECURE); 1623 } 1624 1625 wpa_sm_set_rekey_offload(sm); 1626 1627 return; 1628 1629 failed: 1630 os_memset(&gd, 0, sizeof(gd)); 1631 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 1632 } 1633 1634 1635 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm, 1636 struct wpa_eapol_key *key, 1637 u16 ver, 1638 const u8 *buf, size_t len) 1639 { 1640 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 1641 int ok = 0; 1642 size_t mic_len = wpa_mic_len(sm->key_mgmt); 1643 1644 os_memcpy(mic, key + 1, mic_len); 1645 if (sm->tptk_set) { 1646 os_memset(key + 1, 0, mic_len); 1647 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, 1648 ver, buf, len, (u8 *) (key + 1)); 1649 if (os_memcmp_const(mic, key + 1, mic_len) != 0) { 1650 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1651 "WPA: Invalid EAPOL-Key MIC " 1652 "when using TPTK - ignoring TPTK"); 1653 } else { 1654 ok = 1; 1655 sm->tptk_set = 0; 1656 sm->ptk_set = 1; 1657 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1658 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1659 } 1660 } 1661 1662 if (!ok && sm->ptk_set) { 1663 os_memset(key + 1, 0, mic_len); 1664 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, 1665 ver, buf, len, (u8 *) (key + 1)); 1666 if (os_memcmp_const(mic, key + 1, mic_len) != 0) { 1667 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1668 "WPA: Invalid EAPOL-Key MIC - " 1669 "dropping packet"); 1670 return -1; 1671 } 1672 ok = 1; 1673 } 1674 1675 if (!ok) { 1676 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1677 "WPA: Could not verify EAPOL-Key MIC - " 1678 "dropping packet"); 1679 return -1; 1680 } 1681 1682 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1683 WPA_REPLAY_COUNTER_LEN); 1684 sm->rx_replay_counter_set = 1; 1685 return 0; 1686 } 1687 1688 1689 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1690 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm, 1691 struct wpa_eapol_key *key, 1692 size_t mic_len, u16 ver, 1693 u8 *key_data, size_t *key_data_len) 1694 { 1695 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1696 key_data, *key_data_len); 1697 if (!sm->ptk_set) { 1698 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1699 "WPA: PTK not available, cannot decrypt EAPOL-Key Key " 1700 "Data"); 1701 return -1; 1702 } 1703 1704 /* Decrypt key data here so that this operation does not need 1705 * to be implemented separately for each message type. */ 1706 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) { 1707 #ifdef CONFIG_NO_RC4 1708 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1709 "WPA: RC4 not supported in the build"); 1710 return -1; 1711 #else /* CONFIG_NO_RC4 */ 1712 u8 ek[32]; 1713 os_memcpy(ek, key->key_iv, 16); 1714 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); 1715 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { 1716 os_memset(ek, 0, sizeof(ek)); 1717 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 1718 "WPA: RC4 failed"); 1719 return -1; 1720 } 1721 os_memset(ek, 0, sizeof(ek)); 1722 #endif /* CONFIG_NO_RC4 */ 1723 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || 1724 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC || 1725 sm->key_mgmt == WPA_KEY_MGMT_OSEN || 1726 wpa_key_mgmt_suite_b(sm->key_mgmt)) { 1727 u8 *buf; 1728 if (*key_data_len < 8 || *key_data_len % 8) { 1729 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1730 "WPA: Unsupported AES-WRAP len %u", 1731 (unsigned int) *key_data_len); 1732 return -1; 1733 } 1734 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */ 1735 buf = os_malloc(*key_data_len); 1736 if (buf == NULL) { 1737 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1738 "WPA: No memory for AES-UNWRAP buffer"); 1739 return -1; 1740 } 1741 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, 1742 key_data, buf)) { 1743 bin_clear_free(buf, *key_data_len); 1744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1745 "WPA: AES unwrap failed - " 1746 "could not decrypt EAPOL-Key key data"); 1747 return -1; 1748 } 1749 os_memcpy(key_data, buf, *key_data_len); 1750 bin_clear_free(buf, *key_data_len); 1751 WPA_PUT_BE16(((u8 *) (key + 1)) + mic_len, *key_data_len); 1752 } else { 1753 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1754 "WPA: Unsupported key_info type %d", ver); 1755 return -1; 1756 } 1757 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1758 key_data, *key_data_len); 1759 return 0; 1760 } 1761 1762 1763 /** 1764 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted 1765 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1766 */ 1767 void wpa_sm_aborted_cached(struct wpa_sm *sm) 1768 { 1769 if (sm && sm->cur_pmksa) { 1770 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1771 "RSN: Cancelling PMKSA caching attempt"); 1772 sm->cur_pmksa = NULL; 1773 } 1774 } 1775 1776 1777 static void wpa_eapol_key_dump(struct wpa_sm *sm, 1778 const struct wpa_eapol_key *key, 1779 unsigned int key_data_len, 1780 const u8 *mic, unsigned int mic_len) 1781 { 1782 #ifndef CONFIG_NO_STDOUT_DEBUG 1783 u16 key_info = WPA_GET_BE16(key->key_info); 1784 1785 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1786 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1787 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)", 1788 key_info, key_info & WPA_KEY_INFO_TYPE_MASK, 1789 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1790 WPA_KEY_INFO_KEY_INDEX_SHIFT, 1791 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13, 1792 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group", 1793 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "", 1794 key_info & WPA_KEY_INFO_ACK ? " Ack" : "", 1795 key_info & WPA_KEY_INFO_MIC ? " MIC" : "", 1796 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "", 1797 key_info & WPA_KEY_INFO_ERROR ? " Error" : "", 1798 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "", 1799 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : ""); 1800 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1801 " key_length=%u key_data_length=%u", 1802 WPA_GET_BE16(key->key_length), key_data_len); 1803 wpa_hexdump(MSG_DEBUG, " replay_counter", 1804 key->replay_counter, WPA_REPLAY_COUNTER_LEN); 1805 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN); 1806 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16); 1807 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); 1808 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); 1809 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); 1810 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1811 } 1812 1813 1814 #ifdef CONFIG_FILS 1815 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len, 1816 size_t *key_data_len) 1817 { 1818 struct wpa_ptk *ptk; 1819 struct ieee802_1x_hdr *hdr; 1820 struct wpa_eapol_key *key; 1821 u8 *pos, *tmp; 1822 const u8 *aad[1]; 1823 size_t aad_len[1]; 1824 1825 if (*key_data_len < AES_BLOCK_SIZE) { 1826 wpa_printf(MSG_INFO, "No room for AES-SIV data in the frame"); 1827 return -1; 1828 } 1829 1830 if (sm->tptk_set) 1831 ptk = &sm->tptk; 1832 else if (sm->ptk_set) 1833 ptk = &sm->ptk; 1834 else 1835 return -1; 1836 1837 hdr = (struct ieee802_1x_hdr *) buf; 1838 key = (struct wpa_eapol_key *) (hdr + 1); 1839 pos = (u8 *) (key + 1); 1840 pos += 2; /* Pointing at the Encrypted Key Data field */ 1841 1842 tmp = os_malloc(*key_data_len); 1843 if (!tmp) 1844 return -1; 1845 1846 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to 1847 * to Key Data (exclusive). */ 1848 aad[0] = buf; 1849 aad_len[0] = pos - buf; 1850 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, *key_data_len, 1851 1, aad, aad_len, tmp) < 0) { 1852 wpa_printf(MSG_INFO, "Invalid AES-SIV data in the frame"); 1853 bin_clear_free(tmp, *key_data_len); 1854 return -1; 1855 } 1856 1857 /* AEAD decryption and validation completed successfully */ 1858 (*key_data_len) -= AES_BLOCK_SIZE; 1859 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data", 1860 tmp, *key_data_len); 1861 1862 /* Replace Key Data field with the decrypted version */ 1863 os_memcpy(pos, tmp, *key_data_len); 1864 pos -= 2; /* Key Data Length field */ 1865 WPA_PUT_BE16(pos, *key_data_len); 1866 bin_clear_free(tmp, *key_data_len); 1867 1868 if (sm->tptk_set) { 1869 sm->tptk_set = 0; 1870 sm->ptk_set = 1; 1871 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk)); 1872 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 1873 } 1874 1875 os_memcpy(sm->rx_replay_counter, key->replay_counter, 1876 WPA_REPLAY_COUNTER_LEN); 1877 sm->rx_replay_counter_set = 1; 1878 1879 return 0; 1880 } 1881 #endif /* CONFIG_FILS */ 1882 1883 1884 /** 1885 * wpa_sm_rx_eapol - Process received WPA EAPOL frames 1886 * @sm: Pointer to WPA state machine data from wpa_sm_init() 1887 * @src_addr: Source MAC address of the EAPOL packet 1888 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header) 1889 * @len: Length of the EAPOL frame 1890 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure 1891 * 1892 * This function is called for each received EAPOL frame. Other than EAPOL-Key 1893 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is 1894 * only processing WPA and WPA2 EAPOL-Key frames. 1895 * 1896 * The received EAPOL-Key packets are validated and valid packets are replied 1897 * to. In addition, key material (PTK, GTK) is configured at the end of a 1898 * successful key handshake. 1899 */ 1900 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, 1901 const u8 *buf, size_t len) 1902 { 1903 size_t plen, data_len, key_data_len; 1904 const struct ieee802_1x_hdr *hdr; 1905 struct wpa_eapol_key *key; 1906 u16 key_info, ver; 1907 u8 *tmp = NULL; 1908 int ret = -1; 1909 struct wpa_peerkey *peerkey = NULL; 1910 u8 *mic, *key_data; 1911 size_t mic_len, keyhdrlen; 1912 1913 #ifdef CONFIG_IEEE80211R 1914 sm->ft_completed = 0; 1915 #endif /* CONFIG_IEEE80211R */ 1916 1917 mic_len = wpa_mic_len(sm->key_mgmt); 1918 keyhdrlen = sizeof(*key) + mic_len + 2; 1919 1920 if (len < sizeof(*hdr) + keyhdrlen) { 1921 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1922 "WPA: EAPOL frame too short to be a WPA " 1923 "EAPOL-Key (len %lu, expecting at least %lu)", 1924 (unsigned long) len, 1925 (unsigned long) sizeof(*hdr) + keyhdrlen); 1926 return 0; 1927 } 1928 1929 hdr = (const struct ieee802_1x_hdr *) buf; 1930 plen = be_to_host16(hdr->length); 1931 data_len = plen + sizeof(*hdr); 1932 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1933 "IEEE 802.1X RX: version=%d type=%d length=%lu", 1934 hdr->version, hdr->type, (unsigned long) plen); 1935 1936 if (hdr->version < EAPOL_VERSION) { 1937 /* TODO: backwards compatibility */ 1938 } 1939 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1940 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1941 "WPA: EAPOL frame (type %u) discarded, " 1942 "not a Key frame", hdr->type); 1943 ret = 0; 1944 goto out; 1945 } 1946 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1947 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { 1948 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1949 "WPA: EAPOL frame payload size %lu " 1950 "invalid (frame size %lu)", 1951 (unsigned long) plen, (unsigned long) len); 1952 ret = 0; 1953 goto out; 1954 } 1955 if (data_len < len) { 1956 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1957 "WPA: ignoring %lu bytes after the IEEE 802.1X data", 1958 (unsigned long) len - data_len); 1959 } 1960 1961 /* 1962 * Make a copy of the frame since we need to modify the buffer during 1963 * MAC validation and Key Data decryption. 1964 */ 1965 tmp = os_malloc(data_len); 1966 if (tmp == NULL) 1967 goto out; 1968 os_memcpy(tmp, buf, data_len); 1969 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr)); 1970 mic = (u8 *) (key + 1); 1971 key_data = mic + mic_len + 2; 1972 1973 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) 1974 { 1975 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 1976 "WPA: EAPOL-Key type (%d) unknown, discarded", 1977 key->type); 1978 ret = 0; 1979 goto out; 1980 } 1981 1982 key_data_len = WPA_GET_BE16(mic + mic_len); 1983 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len); 1984 1985 if (key_data_len > plen - keyhdrlen) { 1986 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key " 1987 "frame - key_data overflow (%u > %u)", 1988 (unsigned int) key_data_len, 1989 (unsigned int) (plen - keyhdrlen)); 1990 goto out; 1991 } 1992 1993 eapol_sm_notify_lower_layer_success(sm->eapol, 0); 1994 key_info = WPA_GET_BE16(key->key_info); 1995 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1996 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1997 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 1998 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 1999 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 2000 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && 2001 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 2002 !wpa_key_mgmt_fils(sm->key_mgmt) && 2003 sm->key_mgmt != WPA_KEY_MGMT_OSEN) { 2004 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2005 "WPA: Unsupported EAPOL-Key descriptor version %d", 2006 ver); 2007 goto out; 2008 } 2009 2010 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN && 2011 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 2012 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2013 "OSEN: Unsupported EAPOL-Key descriptor version %d", 2014 ver); 2015 goto out; 2016 } 2017 2018 if ((wpa_key_mgmt_suite_b(sm->key_mgmt) || 2019 wpa_key_mgmt_fils(sm->key_mgmt)) && 2020 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { 2021 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2022 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)", 2023 ver); 2024 goto out; 2025 } 2026 2027 #ifdef CONFIG_IEEE80211R 2028 if (wpa_key_mgmt_ft(sm->key_mgmt)) { 2029 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */ 2030 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { 2031 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2032 "FT: AP did not use AES-128-CMAC"); 2033 goto out; 2034 } 2035 } else 2036 #endif /* CONFIG_IEEE80211R */ 2037 #ifdef CONFIG_IEEE80211W 2038 if (wpa_key_mgmt_sha256(sm->key_mgmt)) { 2039 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && 2040 sm->key_mgmt != WPA_KEY_MGMT_OSEN && 2041 !wpa_key_mgmt_fils(sm->key_mgmt) && 2042 !wpa_key_mgmt_suite_b(sm->key_mgmt)) { 2043 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2044 "WPA: AP did not use the " 2045 "negotiated AES-128-CMAC"); 2046 goto out; 2047 } 2048 } else 2049 #endif /* CONFIG_IEEE80211W */ 2050 if (sm->pairwise_cipher == WPA_CIPHER_CCMP && 2051 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 2052 !wpa_key_mgmt_fils(sm->key_mgmt) && 2053 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 2054 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2055 "WPA: CCMP is used, but EAPOL-Key " 2056 "descriptor version (%d) is not 2", ver); 2057 if (sm->group_cipher != WPA_CIPHER_CCMP && 2058 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 2059 /* Earlier versions of IEEE 802.11i did not explicitly 2060 * require version 2 descriptor for all EAPOL-Key 2061 * packets, so allow group keys to use version 1 if 2062 * CCMP is not used for them. */ 2063 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2064 "WPA: Backwards compatibility: allow invalid " 2065 "version for non-CCMP group keys"); 2066 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { 2067 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2068 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); 2069 } else 2070 goto out; 2071 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP && 2072 !wpa_key_mgmt_suite_b(sm->key_mgmt) && 2073 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 2074 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2075 "WPA: GCMP is used, but EAPOL-Key " 2076 "descriptor version (%d) is not 2", ver); 2077 goto out; 2078 } 2079 2080 #ifdef CONFIG_PEERKEY 2081 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 2082 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 2083 break; 2084 } 2085 2086 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) { 2087 if (!peerkey->initiator && peerkey->replay_counter_set && 2088 os_memcmp(key->replay_counter, peerkey->replay_counter, 2089 WPA_REPLAY_COUNTER_LEN) <= 0) { 2090 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2091 "RSN: EAPOL-Key Replay Counter did not " 2092 "increase (STK) - dropping packet"); 2093 goto out; 2094 } else if (peerkey->initiator) { 2095 u8 _tmp[WPA_REPLAY_COUNTER_LEN]; 2096 os_memcpy(_tmp, key->replay_counter, 2097 WPA_REPLAY_COUNTER_LEN); 2098 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN); 2099 if (os_memcmp(_tmp, peerkey->replay_counter, 2100 WPA_REPLAY_COUNTER_LEN) != 0) { 2101 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2102 "RSN: EAPOL-Key Replay " 2103 "Counter did not match (STK) - " 2104 "dropping packet"); 2105 goto out; 2106 } 2107 } 2108 } 2109 2110 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) { 2111 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2112 "RSN: Ack bit in key_info from STK peer"); 2113 goto out; 2114 } 2115 #endif /* CONFIG_PEERKEY */ 2116 2117 if (!peerkey && sm->rx_replay_counter_set && 2118 os_memcmp(key->replay_counter, sm->rx_replay_counter, 2119 WPA_REPLAY_COUNTER_LEN) <= 0) { 2120 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2121 "WPA: EAPOL-Key Replay Counter did not increase - " 2122 "dropping packet"); 2123 goto out; 2124 } 2125 2126 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE)) 2127 #ifdef CONFIG_PEERKEY 2128 && (peerkey == NULL || !peerkey->initiator) 2129 #endif /* CONFIG_PEERKEY */ 2130 ) { 2131 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2132 "WPA: No Ack bit in key_info"); 2133 goto out; 2134 } 2135 2136 if (key_info & WPA_KEY_INFO_REQUEST) { 2137 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, 2138 "WPA: EAPOL-Key with Request bit - dropped"); 2139 goto out; 2140 } 2141 2142 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey && 2143 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len)) 2144 goto out; 2145 2146 #ifdef CONFIG_PEERKEY 2147 if ((key_info & WPA_KEY_INFO_MIC) && peerkey && 2148 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, 2149 data_len)) 2150 goto out; 2151 #endif /* CONFIG_PEERKEY */ 2152 2153 #ifdef CONFIG_FILS 2154 if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 2155 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len)) 2156 goto out; 2157 } 2158 #endif /* CONFIG_FILS */ 2159 2160 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && 2161 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) { 2162 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len, 2163 ver, key_data, 2164 &key_data_len)) 2165 goto out; 2166 } 2167 2168 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 2169 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 2170 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2171 "WPA: Ignored EAPOL-Key (Pairwise) with " 2172 "non-zero key index"); 2173 goto out; 2174 } 2175 if (peerkey) { 2176 /* PeerKey 4-Way Handshake */ 2177 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 2178 key_data, key_data_len); 2179 } else if (key_info & (WPA_KEY_INFO_MIC | 2180 WPA_KEY_INFO_ENCR_KEY_DATA)) { 2181 /* 3/4 4-Way Handshake */ 2182 wpa_supplicant_process_3_of_4(sm, key, ver, key_data, 2183 key_data_len); 2184 } else { 2185 /* 1/4 4-Way Handshake */ 2186 wpa_supplicant_process_1_of_4(sm, src_addr, key, 2187 ver, key_data, 2188 key_data_len); 2189 } 2190 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { 2191 /* PeerKey SMK Handshake */ 2192 peerkey_rx_eapol_smk(sm, src_addr, key, key_data, key_data_len, 2193 key_info, ver); 2194 } else { 2195 if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) || 2196 (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) { 2197 /* 1/2 Group Key Handshake */ 2198 wpa_supplicant_process_1_of_2(sm, src_addr, key, 2199 key_data, key_data_len, 2200 ver); 2201 } else { 2202 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 2203 "WPA: EAPOL-Key (Group) without Mic/Encr bit - " 2204 "dropped"); 2205 } 2206 } 2207 2208 ret = 1; 2209 2210 out: 2211 bin_clear_free(tmp, data_len); 2212 return ret; 2213 } 2214 2215 2216 #ifdef CONFIG_CTRL_IFACE 2217 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm) 2218 { 2219 switch (sm->key_mgmt) { 2220 case WPA_KEY_MGMT_IEEE8021X: 2221 return ((sm->proto == WPA_PROTO_RSN || 2222 sm->proto == WPA_PROTO_OSEN) ? 2223 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X : 2224 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 2225 case WPA_KEY_MGMT_PSK: 2226 return (sm->proto == WPA_PROTO_RSN ? 2227 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X : 2228 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 2229 #ifdef CONFIG_IEEE80211R 2230 case WPA_KEY_MGMT_FT_IEEE8021X: 2231 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2232 case WPA_KEY_MGMT_FT_PSK: 2233 return RSN_AUTH_KEY_MGMT_FT_PSK; 2234 #endif /* CONFIG_IEEE80211R */ 2235 #ifdef CONFIG_IEEE80211W 2236 case WPA_KEY_MGMT_IEEE8021X_SHA256: 2237 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2238 case WPA_KEY_MGMT_PSK_SHA256: 2239 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2240 #endif /* CONFIG_IEEE80211W */ 2241 case WPA_KEY_MGMT_CCKM: 2242 return (sm->proto == WPA_PROTO_RSN ? 2243 RSN_AUTH_KEY_MGMT_CCKM: 2244 WPA_AUTH_KEY_MGMT_CCKM); 2245 case WPA_KEY_MGMT_WPA_NONE: 2246 return WPA_AUTH_KEY_MGMT_NONE; 2247 case WPA_KEY_MGMT_IEEE8021X_SUITE_B: 2248 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2249 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192: 2250 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2251 default: 2252 return 0; 2253 } 2254 } 2255 2256 2257 #define RSN_SUITE "%02x-%02x-%02x-%d" 2258 #define RSN_SUITE_ARG(s) \ 2259 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff 2260 2261 /** 2262 * wpa_sm_get_mib - Dump text list of MIB entries 2263 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2264 * @buf: Buffer for the list 2265 * @buflen: Length of the buffer 2266 * Returns: Number of bytes written to buffer 2267 * 2268 * This function is used fetch dot11 MIB variables. 2269 */ 2270 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen) 2271 { 2272 char pmkid_txt[PMKID_LEN * 2 + 1]; 2273 int rsna, ret; 2274 size_t len; 2275 2276 if (sm->cur_pmksa) { 2277 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), 2278 sm->cur_pmksa->pmkid, PMKID_LEN); 2279 } else 2280 pmkid_txt[0] = '\0'; 2281 2282 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) || 2283 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) && 2284 sm->proto == WPA_PROTO_RSN) 2285 rsna = 1; 2286 else 2287 rsna = 0; 2288 2289 ret = os_snprintf(buf, buflen, 2290 "dot11RSNAOptionImplemented=TRUE\n" 2291 "dot11RSNAPreauthenticationImplemented=TRUE\n" 2292 "dot11RSNAEnabled=%s\n" 2293 "dot11RSNAPreauthenticationEnabled=%s\n" 2294 "dot11RSNAConfigVersion=%d\n" 2295 "dot11RSNAConfigPairwiseKeysSupported=5\n" 2296 "dot11RSNAConfigGroupCipherSize=%d\n" 2297 "dot11RSNAConfigPMKLifetime=%d\n" 2298 "dot11RSNAConfigPMKReauthThreshold=%d\n" 2299 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n" 2300 "dot11RSNAConfigSATimeout=%d\n", 2301 rsna ? "TRUE" : "FALSE", 2302 rsna ? "TRUE" : "FALSE", 2303 RSN_VERSION, 2304 wpa_cipher_key_len(sm->group_cipher) * 8, 2305 sm->dot11RSNAConfigPMKLifetime, 2306 sm->dot11RSNAConfigPMKReauthThreshold, 2307 sm->dot11RSNAConfigSATimeout); 2308 if (os_snprintf_error(buflen, ret)) 2309 return 0; 2310 len = ret; 2311 2312 ret = os_snprintf( 2313 buf + len, buflen - len, 2314 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" 2315 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" 2316 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" 2317 "dot11RSNAPMKIDUsed=%s\n" 2318 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" 2319 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" 2320 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" 2321 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n" 2322 "dot11RSNA4WayHandshakeFailures=%u\n", 2323 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2324 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2325 sm->pairwise_cipher)), 2326 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2327 sm->group_cipher)), 2328 pmkid_txt, 2329 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)), 2330 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2331 sm->pairwise_cipher)), 2332 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto, 2333 sm->group_cipher)), 2334 sm->dot11RSNA4WayHandshakeFailures); 2335 if (!os_snprintf_error(buflen - len, ret)) 2336 len += ret; 2337 2338 return (int) len; 2339 } 2340 #endif /* CONFIG_CTRL_IFACE */ 2341 2342 2343 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, 2344 void *ctx, enum pmksa_free_reason reason) 2345 { 2346 struct wpa_sm *sm = ctx; 2347 int deauth = 0; 2348 2349 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: " 2350 MACSTR " reason=%d", MAC2STR(entry->aa), reason); 2351 2352 if (sm->cur_pmksa == entry) { 2353 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2354 "RSN: %s current PMKSA entry", 2355 reason == PMKSA_REPLACE ? "replaced" : "removed"); 2356 pmksa_cache_clear_current(sm); 2357 2358 /* 2359 * If an entry is simply being replaced, there's no need to 2360 * deauthenticate because it will be immediately re-added. 2361 * This happens when EAP authentication is completed again 2362 * (reauth or failed PMKSA caching attempt). 2363 */ 2364 if (reason != PMKSA_REPLACE) 2365 deauth = 1; 2366 } 2367 2368 if (reason == PMKSA_EXPIRE && 2369 (sm->pmk_len == entry->pmk_len && 2370 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) { 2371 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2372 "RSN: deauthenticating due to expired PMK"); 2373 pmksa_cache_clear_current(sm); 2374 deauth = 1; 2375 } 2376 2377 if (deauth) { 2378 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2379 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); 2380 } 2381 } 2382 2383 2384 /** 2385 * wpa_sm_init - Initialize WPA state machine 2386 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer 2387 * Returns: Pointer to the allocated WPA state machine data 2388 * 2389 * This function is used to allocate a new WPA state machine and the returned 2390 * value is passed to all WPA state machine calls. 2391 */ 2392 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx) 2393 { 2394 struct wpa_sm *sm; 2395 2396 sm = os_zalloc(sizeof(*sm)); 2397 if (sm == NULL) 2398 return NULL; 2399 dl_list_init(&sm->pmksa_candidates); 2400 sm->renew_snonce = 1; 2401 sm->ctx = ctx; 2402 2403 sm->dot11RSNAConfigPMKLifetime = 43200; 2404 sm->dot11RSNAConfigPMKReauthThreshold = 70; 2405 sm->dot11RSNAConfigSATimeout = 60; 2406 2407 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm); 2408 if (sm->pmksa == NULL) { 2409 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, 2410 "RSN: PMKSA cache initialization failed"); 2411 os_free(sm); 2412 return NULL; 2413 } 2414 2415 return sm; 2416 } 2417 2418 2419 /** 2420 * wpa_sm_deinit - Deinitialize WPA state machine 2421 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2422 */ 2423 void wpa_sm_deinit(struct wpa_sm *sm) 2424 { 2425 if (sm == NULL) 2426 return; 2427 pmksa_cache_deinit(sm->pmksa); 2428 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2429 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2430 os_free(sm->assoc_wpa_ie); 2431 os_free(sm->ap_wpa_ie); 2432 os_free(sm->ap_rsn_ie); 2433 wpa_sm_drop_sa(sm); 2434 os_free(sm->ctx); 2435 peerkey_deinit(sm); 2436 #ifdef CONFIG_IEEE80211R 2437 os_free(sm->assoc_resp_ies); 2438 #endif /* CONFIG_IEEE80211R */ 2439 #ifdef CONFIG_TESTING_OPTIONS 2440 wpabuf_free(sm->test_assoc_ie); 2441 #endif /* CONFIG_TESTING_OPTIONS */ 2442 os_free(sm); 2443 } 2444 2445 2446 /** 2447 * wpa_sm_notify_assoc - Notify WPA state machine about association 2448 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2449 * @bssid: The BSSID of the new association 2450 * 2451 * This function is called to let WPA state machine know that the connection 2452 * was established. 2453 */ 2454 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2455 { 2456 int clear_ptk = 1; 2457 2458 if (sm == NULL) 2459 return; 2460 2461 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2462 "WPA: Association event - clear replay counter"); 2463 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2464 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2465 sm->rx_replay_counter_set = 0; 2466 sm->renew_snonce = 1; 2467 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2468 rsn_preauth_deinit(sm); 2469 2470 #ifdef CONFIG_IEEE80211R 2471 if (wpa_ft_is_completed(sm)) { 2472 /* 2473 * Clear portValid to kick EAPOL state machine to re-enter 2474 * AUTHENTICATED state to get the EAPOL port Authorized. 2475 */ 2476 eapol_sm_notify_portValid(sm->eapol, FALSE); 2477 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2478 2479 /* Prepare for the next transition */ 2480 wpa_ft_prepare_auth_request(sm, NULL); 2481 2482 clear_ptk = 0; 2483 } 2484 #endif /* CONFIG_IEEE80211R */ 2485 #ifdef CONFIG_FILS 2486 if (sm->fils_completed) { 2487 /* 2488 * Clear portValid to kick EAPOL state machine to re-enter 2489 * AUTHENTICATED state to get the EAPOL port Authorized. 2490 */ 2491 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2492 clear_ptk = 0; 2493 } 2494 #endif /* CONFIG_FILS */ 2495 2496 if (clear_ptk) { 2497 /* 2498 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2499 * this is not part of a Fast BSS Transition. 2500 */ 2501 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2502 sm->ptk_set = 0; 2503 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2504 sm->tptk_set = 0; 2505 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2506 } 2507 2508 #ifdef CONFIG_TDLS 2509 wpa_tdls_assoc(sm); 2510 #endif /* CONFIG_TDLS */ 2511 2512 #ifdef CONFIG_P2P 2513 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2514 #endif /* CONFIG_P2P */ 2515 } 2516 2517 2518 /** 2519 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation 2520 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2521 * 2522 * This function is called to let WPA state machine know that the connection 2523 * was lost. This will abort any existing pre-authentication session. 2524 */ 2525 void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2526 { 2527 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2528 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2529 peerkey_deinit(sm); 2530 rsn_preauth_deinit(sm); 2531 pmksa_cache_clear_current(sm); 2532 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2533 sm->dot11RSNA4WayHandshakeFailures++; 2534 #ifdef CONFIG_TDLS 2535 wpa_tdls_disassoc(sm); 2536 #endif /* CONFIG_TDLS */ 2537 #ifdef CONFIG_FILS 2538 sm->fils_completed = 0; 2539 #endif /* CONFIG_FILS */ 2540 2541 /* Keys are not needed in the WPA state machine anymore */ 2542 wpa_sm_drop_sa(sm); 2543 2544 sm->msg_3_of_4_ok = 0; 2545 } 2546 2547 2548 /** 2549 * wpa_sm_set_pmk - Set PMK 2550 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2551 * @pmk: The new PMK 2552 * @pmk_len: The length of the new PMK in bytes 2553 * @pmkid: Calculated PMKID 2554 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK 2555 * 2556 * Configure the PMK for WPA state machine. 2557 */ 2558 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, 2559 const u8 *pmkid, const u8 *bssid) 2560 { 2561 if (sm == NULL) 2562 return; 2563 2564 sm->pmk_len = pmk_len; 2565 os_memcpy(sm->pmk, pmk, pmk_len); 2566 2567 #ifdef CONFIG_IEEE80211R 2568 /* Set XXKey to be PSK for FT key derivation */ 2569 sm->xxkey_len = pmk_len; 2570 os_memcpy(sm->xxkey, pmk, pmk_len); 2571 #endif /* CONFIG_IEEE80211R */ 2572 2573 if (bssid) { 2574 pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0, 2575 bssid, sm->own_addr, 2576 sm->network_ctx, sm->key_mgmt); 2577 } 2578 } 2579 2580 2581 /** 2582 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA 2583 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2584 * 2585 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK 2586 * will be cleared. 2587 */ 2588 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) 2589 { 2590 if (sm == NULL) 2591 return; 2592 2593 if (sm->cur_pmksa) { 2594 sm->pmk_len = sm->cur_pmksa->pmk_len; 2595 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); 2596 } else { 2597 sm->pmk_len = PMK_LEN; 2598 os_memset(sm->pmk, 0, PMK_LEN); 2599 } 2600 } 2601 2602 2603 /** 2604 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled 2605 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2606 * @fast_reauth: Whether fast reauthentication (EAP) is allowed 2607 */ 2608 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth) 2609 { 2610 if (sm) 2611 sm->fast_reauth = fast_reauth; 2612 } 2613 2614 2615 /** 2616 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks 2617 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2618 * @scard_ctx: Context pointer for smartcard related callback functions 2619 */ 2620 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx) 2621 { 2622 if (sm == NULL) 2623 return; 2624 sm->scard_ctx = scard_ctx; 2625 if (sm->preauth_eapol) 2626 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx); 2627 } 2628 2629 2630 /** 2631 * wpa_sm_set_config - Notification of current configration change 2632 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2633 * @config: Pointer to current network configuration 2634 * 2635 * Notify WPA state machine that configuration has changed. config will be 2636 * stored as a backpointer to network configuration. This can be %NULL to clear 2637 * the stored pointed. 2638 */ 2639 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) 2640 { 2641 if (!sm) 2642 return; 2643 2644 if (config) { 2645 sm->network_ctx = config->network_ctx; 2646 sm->peerkey_enabled = config->peerkey_enabled; 2647 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher; 2648 sm->proactive_key_caching = config->proactive_key_caching; 2649 sm->eap_workaround = config->eap_workaround; 2650 sm->eap_conf_ctx = config->eap_conf_ctx; 2651 if (config->ssid) { 2652 os_memcpy(sm->ssid, config->ssid, config->ssid_len); 2653 sm->ssid_len = config->ssid_len; 2654 } else 2655 sm->ssid_len = 0; 2656 sm->wpa_ptk_rekey = config->wpa_ptk_rekey; 2657 sm->p2p = config->p2p; 2658 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation; 2659 } else { 2660 sm->network_ctx = NULL; 2661 sm->peerkey_enabled = 0; 2662 sm->allowed_pairwise_cipher = 0; 2663 sm->proactive_key_caching = 0; 2664 sm->eap_workaround = 0; 2665 sm->eap_conf_ctx = NULL; 2666 sm->ssid_len = 0; 2667 sm->wpa_ptk_rekey = 0; 2668 sm->p2p = 0; 2669 sm->wpa_rsc_relaxation = 0; 2670 } 2671 } 2672 2673 2674 /** 2675 * wpa_sm_set_own_addr - Set own MAC address 2676 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2677 * @addr: Own MAC address 2678 */ 2679 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) 2680 { 2681 if (sm) 2682 os_memcpy(sm->own_addr, addr, ETH_ALEN); 2683 } 2684 2685 2686 /** 2687 * wpa_sm_set_ifname - Set network interface name 2688 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2689 * @ifname: Interface name 2690 * @bridge_ifname: Optional bridge interface name (for pre-auth) 2691 */ 2692 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, 2693 const char *bridge_ifname) 2694 { 2695 if (sm) { 2696 sm->ifname = ifname; 2697 sm->bridge_ifname = bridge_ifname; 2698 } 2699 } 2700 2701 2702 /** 2703 * wpa_sm_set_eapol - Set EAPOL state machine pointer 2704 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2705 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init() 2706 */ 2707 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol) 2708 { 2709 if (sm) 2710 sm->eapol = eapol; 2711 } 2712 2713 2714 /** 2715 * wpa_sm_set_param - Set WPA state machine parameters 2716 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2717 * @param: Parameter field 2718 * @value: Parameter value 2719 * Returns: 0 on success, -1 on failure 2720 */ 2721 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, 2722 unsigned int value) 2723 { 2724 int ret = 0; 2725 2726 if (sm == NULL) 2727 return -1; 2728 2729 switch (param) { 2730 case RSNA_PMK_LIFETIME: 2731 if (value > 0) 2732 sm->dot11RSNAConfigPMKLifetime = value; 2733 else 2734 ret = -1; 2735 break; 2736 case RSNA_PMK_REAUTH_THRESHOLD: 2737 if (value > 0 && value <= 100) 2738 sm->dot11RSNAConfigPMKReauthThreshold = value; 2739 else 2740 ret = -1; 2741 break; 2742 case RSNA_SA_TIMEOUT: 2743 if (value > 0) 2744 sm->dot11RSNAConfigSATimeout = value; 2745 else 2746 ret = -1; 2747 break; 2748 case WPA_PARAM_PROTO: 2749 sm->proto = value; 2750 break; 2751 case WPA_PARAM_PAIRWISE: 2752 sm->pairwise_cipher = value; 2753 break; 2754 case WPA_PARAM_GROUP: 2755 sm->group_cipher = value; 2756 break; 2757 case WPA_PARAM_KEY_MGMT: 2758 sm->key_mgmt = value; 2759 break; 2760 #ifdef CONFIG_IEEE80211W 2761 case WPA_PARAM_MGMT_GROUP: 2762 sm->mgmt_group_cipher = value; 2763 break; 2764 #endif /* CONFIG_IEEE80211W */ 2765 case WPA_PARAM_RSN_ENABLED: 2766 sm->rsn_enabled = value; 2767 break; 2768 case WPA_PARAM_MFP: 2769 sm->mfp = value; 2770 break; 2771 default: 2772 break; 2773 } 2774 2775 return ret; 2776 } 2777 2778 2779 /** 2780 * wpa_sm_get_status - Get WPA state machine 2781 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2782 * @buf: Buffer for status information 2783 * @buflen: Maximum buffer length 2784 * @verbose: Whether to include verbose status information 2785 * Returns: Number of bytes written to buf. 2786 * 2787 * Query WPA state machine for status information. This function fills in 2788 * a text area with current status information. If the buffer (buf) is not 2789 * large enough, status information will be truncated to fit the buffer. 2790 */ 2791 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, 2792 int verbose) 2793 { 2794 char *pos = buf, *end = buf + buflen; 2795 int ret; 2796 2797 ret = os_snprintf(pos, end - pos, 2798 "pairwise_cipher=%s\n" 2799 "group_cipher=%s\n" 2800 "key_mgmt=%s\n", 2801 wpa_cipher_txt(sm->pairwise_cipher), 2802 wpa_cipher_txt(sm->group_cipher), 2803 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto)); 2804 if (os_snprintf_error(end - pos, ret)) 2805 return pos - buf; 2806 pos += ret; 2807 2808 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) { 2809 struct wpa_ie_data rsn; 2810 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) 2811 >= 0 && 2812 rsn.capabilities & (WPA_CAPABILITY_MFPR | 2813 WPA_CAPABILITY_MFPC)) { 2814 ret = os_snprintf(pos, end - pos, "pmf=%d\n", 2815 (rsn.capabilities & 2816 WPA_CAPABILITY_MFPR) ? 2 : 1); 2817 if (os_snprintf_error(end - pos, ret)) 2818 return pos - buf; 2819 pos += ret; 2820 } 2821 } 2822 2823 return pos - buf; 2824 } 2825 2826 2827 int wpa_sm_pmf_enabled(struct wpa_sm *sm) 2828 { 2829 struct wpa_ie_data rsn; 2830 2831 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie) 2832 return 0; 2833 2834 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && 2835 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC)) 2836 return 1; 2837 2838 return 0; 2839 } 2840 2841 2842 /** 2843 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration 2844 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2845 * @wpa_ie: Pointer to buffer for WPA/RSN IE 2846 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer 2847 * Returns: 0 on success, -1 on failure 2848 */ 2849 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, 2850 size_t *wpa_ie_len) 2851 { 2852 int res; 2853 2854 if (sm == NULL) 2855 return -1; 2856 2857 #ifdef CONFIG_TESTING_OPTIONS 2858 if (sm->test_assoc_ie) { 2859 wpa_printf(MSG_DEBUG, 2860 "TESTING: Replace association WPA/RSN IE"); 2861 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie)) 2862 return -1; 2863 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie), 2864 wpabuf_len(sm->test_assoc_ie)); 2865 res = wpabuf_len(sm->test_assoc_ie); 2866 } else 2867 #endif /* CONFIG_TESTING_OPTIONS */ 2868 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len); 2869 if (res < 0) 2870 return -1; 2871 *wpa_ie_len = res; 2872 2873 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default", 2874 wpa_ie, *wpa_ie_len); 2875 2876 if (sm->assoc_wpa_ie == NULL) { 2877 /* 2878 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets 2879 * the correct version of the IE even if PMKSA caching is 2880 * aborted (which would remove PMKID from IE generation). 2881 */ 2882 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len); 2883 if (sm->assoc_wpa_ie == NULL) 2884 return -1; 2885 2886 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len); 2887 sm->assoc_wpa_ie_len = *wpa_ie_len; 2888 } else { 2889 wpa_hexdump(MSG_DEBUG, 2890 "WPA: Leave previously set WPA IE default", 2891 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); 2892 } 2893 2894 return 0; 2895 } 2896 2897 2898 /** 2899 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq 2900 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2901 * @ie: Pointer to IE data (starting from id) 2902 * @len: IE length 2903 * Returns: 0 on success, -1 on failure 2904 * 2905 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association 2906 * Request frame. The IE will be used to override the default value generated 2907 * with wpa_sm_set_assoc_wpa_ie_default(). 2908 */ 2909 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2910 { 2911 if (sm == NULL) 2912 return -1; 2913 2914 os_free(sm->assoc_wpa_ie); 2915 if (ie == NULL || len == 0) { 2916 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2917 "WPA: clearing own WPA/RSN IE"); 2918 sm->assoc_wpa_ie = NULL; 2919 sm->assoc_wpa_ie_len = 0; 2920 } else { 2921 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len); 2922 sm->assoc_wpa_ie = os_malloc(len); 2923 if (sm->assoc_wpa_ie == NULL) 2924 return -1; 2925 2926 os_memcpy(sm->assoc_wpa_ie, ie, len); 2927 sm->assoc_wpa_ie_len = len; 2928 } 2929 2930 return 0; 2931 } 2932 2933 2934 /** 2935 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp 2936 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2937 * @ie: Pointer to IE data (starting from id) 2938 * @len: IE length 2939 * Returns: 0 on success, -1 on failure 2940 * 2941 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response 2942 * frame. 2943 */ 2944 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2945 { 2946 if (sm == NULL) 2947 return -1; 2948 2949 os_free(sm->ap_wpa_ie); 2950 if (ie == NULL || len == 0) { 2951 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2952 "WPA: clearing AP WPA IE"); 2953 sm->ap_wpa_ie = NULL; 2954 sm->ap_wpa_ie_len = 0; 2955 } else { 2956 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); 2957 sm->ap_wpa_ie = os_malloc(len); 2958 if (sm->ap_wpa_ie == NULL) 2959 return -1; 2960 2961 os_memcpy(sm->ap_wpa_ie, ie, len); 2962 sm->ap_wpa_ie_len = len; 2963 } 2964 2965 return 0; 2966 } 2967 2968 2969 /** 2970 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp 2971 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2972 * @ie: Pointer to IE data (starting from id) 2973 * @len: IE length 2974 * Returns: 0 on success, -1 on failure 2975 * 2976 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response 2977 * frame. 2978 */ 2979 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) 2980 { 2981 if (sm == NULL) 2982 return -1; 2983 2984 os_free(sm->ap_rsn_ie); 2985 if (ie == NULL || len == 0) { 2986 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2987 "WPA: clearing AP RSN IE"); 2988 sm->ap_rsn_ie = NULL; 2989 sm->ap_rsn_ie_len = 0; 2990 } else { 2991 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); 2992 sm->ap_rsn_ie = os_malloc(len); 2993 if (sm->ap_rsn_ie == NULL) 2994 return -1; 2995 2996 os_memcpy(sm->ap_rsn_ie, ie, len); 2997 sm->ap_rsn_ie_len = len; 2998 } 2999 3000 return 0; 3001 } 3002 3003 3004 /** 3005 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE 3006 * @sm: Pointer to WPA state machine data from wpa_sm_init() 3007 * @data: Pointer to data area for parsing results 3008 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure 3009 * 3010 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the 3011 * parsed data into data. 3012 */ 3013 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data) 3014 { 3015 if (sm == NULL) 3016 return -1; 3017 3018 if (sm->assoc_wpa_ie == NULL) { 3019 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 3020 "WPA: No WPA/RSN IE available from association info"); 3021 return -1; 3022 } 3023 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data)) 3024 return -2; 3025 return 0; 3026 } 3027 3028 3029 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len) 3030 { 3031 return pmksa_cache_list(sm->pmksa, buf, len); 3032 } 3033 3034 3035 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm) 3036 { 3037 return pmksa_cache_head(sm->pmksa); 3038 } 3039 3040 3041 struct rsn_pmksa_cache_entry * 3042 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm, 3043 struct rsn_pmksa_cache_entry * entry) 3044 { 3045 return pmksa_cache_add_entry(sm->pmksa, entry); 3046 } 3047 3048 3049 void wpa_sm_drop_sa(struct wpa_sm *sm) 3050 { 3051 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 3052 sm->ptk_set = 0; 3053 sm->tptk_set = 0; 3054 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 3055 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 3056 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 3057 #ifdef CONFIG_IEEE80211R 3058 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 3059 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 3060 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 3061 #endif /* CONFIG_IEEE80211R */ 3062 } 3063 3064 3065 int wpa_sm_has_ptk(struct wpa_sm *sm) 3066 { 3067 if (sm == NULL) 3068 return 0; 3069 return sm->ptk_set; 3070 } 3071 3072 3073 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) 3074 { 3075 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN); 3076 } 3077 3078 3079 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx) 3080 { 3081 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0); 3082 } 3083 3084 3085 #ifdef CONFIG_WNM 3086 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 3087 { 3088 u16 keyinfo; 3089 u8 keylen; /* plaintext key len */ 3090 u8 *key_rsc; 3091 3092 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) { 3093 struct wpa_gtk_data gd; 3094 3095 os_memset(&gd, 0, sizeof(gd)); 3096 keylen = wpa_cipher_key_len(sm->group_cipher); 3097 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher); 3098 gd.alg = wpa_cipher_to_alg(sm->group_cipher); 3099 if (gd.alg == WPA_ALG_NONE) { 3100 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite"); 3101 return -1; 3102 } 3103 3104 key_rsc = buf + 5; 3105 keyinfo = WPA_GET_LE16(buf + 2); 3106 gd.gtk_len = keylen; 3107 if (gd.gtk_len != buf[4]) { 3108 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 3109 gd.gtk_len, buf[4]); 3110 return -1; 3111 } 3112 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 3113 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 3114 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 3115 3116 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 3117 3118 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 3119 gd.gtk, gd.gtk_len); 3120 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { 3121 os_memset(&gd, 0, sizeof(gd)); 3122 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 3123 "WNM mode"); 3124 return -1; 3125 } 3126 os_memset(&gd, 0, sizeof(gd)); 3127 #ifdef CONFIG_IEEE80211W 3128 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 3129 struct wpa_igtk_kde igd; 3130 u16 keyidx; 3131 3132 os_memset(&igd, 0, sizeof(igd)); 3133 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); 3134 os_memcpy(igd.keyid, buf + 2, 2); 3135 os_memcpy(igd.pn, buf + 4, 6); 3136 3137 keyidx = WPA_GET_LE16(igd.keyid); 3138 os_memcpy(igd.igtk, buf + 10, keylen); 3139 3140 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", 3141 igd.igtk, keylen); 3142 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 3143 broadcast_ether_addr, 3144 keyidx, 0, igd.pn, sizeof(igd.pn), 3145 igd.igtk, keylen) < 0) { 3146 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " 3147 "WNM mode"); 3148 os_memset(&igd, 0, sizeof(igd)); 3149 return -1; 3150 } 3151 os_memset(&igd, 0, sizeof(igd)); 3152 #endif /* CONFIG_IEEE80211W */ 3153 } else { 3154 wpa_printf(MSG_DEBUG, "Unknown element id"); 3155 return -1; 3156 } 3157 3158 return 0; 3159 } 3160 #endif /* CONFIG_WNM */ 3161 3162 3163 #ifdef CONFIG_PEERKEY 3164 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 3165 const u8 *buf, size_t len) 3166 { 3167 struct wpa_peerkey *peerkey; 3168 3169 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) { 3170 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0) 3171 break; 3172 } 3173 3174 if (!peerkey) 3175 return 0; 3176 3177 wpa_sm_rx_eapol(sm, src_addr, buf, len); 3178 3179 return 1; 3180 } 3181 #endif /* CONFIG_PEERKEY */ 3182 3183 3184 #ifdef CONFIG_P2P 3185 3186 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf) 3187 { 3188 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0) 3189 return -1; 3190 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4); 3191 return 0; 3192 } 3193 3194 #endif /* CONFIG_P2P */ 3195 3196 3197 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter) 3198 { 3199 if (rx_replay_counter == NULL) 3200 return; 3201 3202 os_memcpy(sm->rx_replay_counter, rx_replay_counter, 3203 WPA_REPLAY_COUNTER_LEN); 3204 sm->rx_replay_counter_set = 1; 3205 wpa_printf(MSG_DEBUG, "Updated key replay counter"); 3206 } 3207 3208 3209 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, 3210 const u8 *ptk_kck, size_t ptk_kck_len, 3211 const u8 *ptk_kek, size_t ptk_kek_len) 3212 { 3213 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) { 3214 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len); 3215 sm->ptk.kck_len = ptk_kck_len; 3216 wpa_printf(MSG_DEBUG, "Updated PTK KCK"); 3217 } 3218 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) { 3219 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len); 3220 sm->ptk.kek_len = ptk_kek_len; 3221 wpa_printf(MSG_DEBUG, "Updated PTK KEK"); 3222 } 3223 sm->ptk_set = 1; 3224 } 3225 3226 3227 #ifdef CONFIG_TESTING_OPTIONS 3228 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) 3229 { 3230 wpabuf_free(sm->test_assoc_ie); 3231 sm->test_assoc_ie = buf; 3232 } 3233 #endif /* CONFIG_TESTING_OPTIONS */ 3234 3235 3236 #ifdef CONFIG_FILS 3237 3238 struct wpabuf * fils_build_auth(struct wpa_sm *sm) 3239 { 3240 struct wpabuf *buf = NULL; 3241 struct wpabuf *erp_msg; 3242 3243 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol); 3244 if (!erp_msg && !sm->cur_pmksa) { 3245 wpa_printf(MSG_DEBUG, 3246 "FILS: Neither ERP EAP-Initiate/Re-auth nor PMKSA cache entry is available - skip FILS"); 3247 goto fail; 3248 } 3249 3250 wpa_printf(MSG_DEBUG, "FILS: Try to use FILS (erp=%d pmksa_cache=%d)", 3251 erp_msg != NULL, sm->cur_pmksa != NULL); 3252 3253 sm->fils_completed = 0; 3254 3255 if (!sm->assoc_wpa_ie) { 3256 wpa_printf(MSG_INFO, "FILS: No own RSN IE set for FILS"); 3257 goto fail; 3258 } 3259 3260 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 || 3261 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0) 3262 goto fail; 3263 3264 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Nonce", 3265 sm->fils_nonce, FILS_NONCE_LEN); 3266 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Session", 3267 sm->fils_session, FILS_SESSION_LEN); 3268 3269 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len); 3270 if (!buf) 3271 goto fail; 3272 3273 /* Fields following the Authentication algorithm number field */ 3274 3275 /* Authentication Transaction seq# */ 3276 wpabuf_put_le16(buf, 1); 3277 3278 /* Status Code */ 3279 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 3280 3281 /* TODO: Finite Cyclic Group when using PK or PFS */ 3282 /* TODO: Element when using PK or PFS */ 3283 3284 /* RSNE */ 3285 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in FILS Authentication frame", 3286 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); 3287 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); 3288 3289 /* TODO: MDE when using FILS for FT initial association */ 3290 /* TODO: FTE when using FILS for FT initial association */ 3291 3292 /* FILS Nonce */ 3293 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3294 wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN); /* Length */ 3295 /* Element ID Extension */ 3296 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE); 3297 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN); 3298 3299 /* FILS Session */ 3300 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3301 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */ 3302 /* Element ID Extension */ 3303 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION); 3304 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); 3305 3306 /* FILS Wrapped Data */ 3307 sm->fils_erp_pmkid_set = 0; 3308 if (erp_msg) { 3309 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3310 wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg)); /* Length */ 3311 /* Element ID Extension */ 3312 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_WRAPPED_DATA); 3313 wpabuf_put_buf(buf, erp_msg); 3314 /* Calculate pending PMKID here so that we do not need to 3315 * maintain a copy of the EAP-Initiate/Reauth message. */ 3316 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg), 3317 wpabuf_len(erp_msg), 3318 sm->fils_erp_pmkid) == 0) 3319 sm->fils_erp_pmkid_set = 1; 3320 } 3321 3322 wpa_hexdump_buf(MSG_DEBUG, "RSN: FILS fields for Authentication frame", 3323 buf); 3324 3325 fail: 3326 wpabuf_free(erp_msg); 3327 return buf; 3328 } 3329 3330 3331 int fils_process_auth(struct wpa_sm *sm, const u8 *data, size_t len) 3332 { 3333 const u8 *pos, *end; 3334 struct ieee802_11_elems elems; 3335 struct wpa_ie_data rsn; 3336 int pmkid_match = 0; 3337 u8 ick[FILS_ICK_MAX_LEN]; 3338 size_t ick_len; 3339 int res; 3340 3341 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields", 3342 data, len); 3343 pos = data; 3344 end = data + len; 3345 3346 /* TODO: Finite Cyclic Group when using PK or PFS */ 3347 /* TODO: Element when using PK or PFS */ 3348 3349 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos); 3350 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) { 3351 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements"); 3352 return -1; 3353 } 3354 3355 /* RSNE */ 3356 wpa_hexdump(MSG_DEBUG, "FILS: RSN element", elems.rsn_ie, 3357 elems.rsn_ie_len); 3358 if (!elems.rsn_ie || 3359 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2, 3360 &rsn) < 0) { 3361 wpa_printf(MSG_DEBUG, "FILS: No RSN element"); 3362 return -1; 3363 } 3364 3365 if (!elems.fils_nonce) { 3366 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field"); 3367 return -1; 3368 } 3369 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN); 3370 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN); 3371 3372 /* TODO: MDE when using FILS+FT */ 3373 /* TODO: FTE when using FILS+FT */ 3374 3375 /* PMKID List */ 3376 if (rsn.pmkid && rsn.num_pmkid > 0) { 3377 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List", 3378 rsn.pmkid, rsn.num_pmkid * PMKID_LEN); 3379 3380 if (rsn.num_pmkid != 1) { 3381 wpa_printf(MSG_DEBUG, "FILS: Invalid PMKID selection"); 3382 return -1; 3383 } 3384 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", rsn.pmkid, PMKID_LEN); 3385 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0) 3386 { 3387 wpa_printf(MSG_DEBUG, "FILS: PMKID mismatch"); 3388 wpa_hexdump(MSG_DEBUG, "FILS: Expected PMKID", 3389 sm->cur_pmksa->pmkid, PMKID_LEN); 3390 return -1; 3391 } 3392 wpa_printf(MSG_DEBUG, 3393 "FILS: Matching PMKID - continue using PMKSA caching"); 3394 pmkid_match = 1; 3395 } 3396 if (!pmkid_match && sm->cur_pmksa) { 3397 wpa_printf(MSG_DEBUG, 3398 "FILS: No PMKID match - cannot use cached PMKSA entry"); 3399 sm->cur_pmksa = NULL; 3400 } 3401 3402 /* FILS Session */ 3403 if (!elems.fils_session) { 3404 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element"); 3405 return -1; 3406 } 3407 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session, 3408 FILS_SESSION_LEN); 3409 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN) 3410 != 0) { 3411 wpa_printf(MSG_DEBUG, "FILS: Session mismatch"); 3412 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session", 3413 sm->fils_session, FILS_SESSION_LEN); 3414 return -1; 3415 } 3416 3417 /* FILS Wrapped Data */ 3418 if (!sm->cur_pmksa && elems.fils_wrapped_data) { 3419 u8 rmsk[ERP_MAX_KEY_LEN]; 3420 size_t rmsk_len; 3421 3422 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data", 3423 elems.fils_wrapped_data, 3424 elems.fils_wrapped_data_len); 3425 eapol_sm_process_erp_finish(sm->eapol, elems.fils_wrapped_data, 3426 elems.fils_wrapped_data_len); 3427 if (eapol_sm_failed(sm->eapol)) 3428 return -1; 3429 3430 rmsk_len = ERP_MAX_KEY_LEN; 3431 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); 3432 if (res == PMK_LEN) { 3433 rmsk_len = PMK_LEN; 3434 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len); 3435 } 3436 if (res) 3437 return -1; 3438 3439 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len, 3440 sm->fils_nonce, sm->fils_anonce, NULL, 0, 3441 sm->pmk, &sm->pmk_len); 3442 os_memset(rmsk, 0, sizeof(rmsk)); 3443 if (res) 3444 return -1; 3445 3446 if (!sm->fils_erp_pmkid_set) { 3447 wpa_printf(MSG_DEBUG, "FILS: PMKID not available"); 3448 return -1; 3449 } 3450 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid, 3451 PMKID_LEN); 3452 wpa_printf(MSG_DEBUG, "FILS: ERP processing succeeded - add PMKSA cache entry for the result"); 3453 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, 3454 sm->fils_erp_pmkid, NULL, 0, 3455 sm->bssid, sm->own_addr, 3456 sm->network_ctx, sm->key_mgmt); 3457 } 3458 3459 if (!sm->cur_pmksa) { 3460 wpa_printf(MSG_DEBUG, 3461 "FILS: No remaining options to continue FILS authentication"); 3462 return -1; 3463 } 3464 3465 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid, 3466 sm->fils_nonce, sm->fils_anonce, &sm->ptk, 3467 ick, &ick_len, sm->key_mgmt, sm->pairwise_cipher) < 3468 0) { 3469 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK"); 3470 return -1; 3471 } 3472 sm->ptk_set = 1; 3473 sm->tptk_set = 0; 3474 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 3475 3476 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce, 3477 sm->fils_anonce, sm->own_addr, sm->bssid, 3478 NULL, 0, NULL, 0, /* TODO: SK+PFS */ 3479 sm->key_mgmt, sm->fils_key_auth_sta, 3480 sm->fils_key_auth_ap, 3481 &sm->fils_key_auth_len); 3482 os_memset(ick, 0, sizeof(ick)); 3483 return res; 3484 } 3485 3486 3487 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, 3488 size_t *kek_len, const u8 **snonce, 3489 const u8 **anonce, 3490 const struct wpabuf **hlp, 3491 unsigned int num_hlp) 3492 { 3493 struct wpabuf *buf; 3494 size_t len; 3495 unsigned int i; 3496 3497 len = 1000; 3498 for (i = 0; hlp && i < num_hlp; i++) 3499 len += 10 + wpabuf_len(hlp[i]); 3500 buf = wpabuf_alloc(len); 3501 if (!buf) 3502 return NULL; 3503 3504 /* FILS Session */ 3505 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3506 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */ 3507 /* Element ID Extension */ 3508 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION); 3509 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN); 3510 3511 /* Everything after FILS Session element gets encrypted in the driver 3512 * with KEK. The buffer returned from here is the plaintext version. */ 3513 3514 /* TODO: FILS Public Key */ 3515 3516 /* FILS Key Confirm */ 3517 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3518 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */ 3519 /* Element ID Extension */ 3520 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_KEY_CONFIRM); 3521 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len); 3522 3523 /* FILS HLP Container */ 3524 for (i = 0; hlp && i < num_hlp; i++) { 3525 const u8 *pos = wpabuf_head(hlp[i]); 3526 size_t left = wpabuf_len(hlp[i]); 3527 3528 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ 3529 if (left <= 254) 3530 len = 1 + left; 3531 else 3532 len = 255; 3533 wpabuf_put_u8(buf, len); /* Length */ 3534 /* Element ID Extension */ 3535 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_HLP_CONTAINER); 3536 /* Destination MAC Address, Source MAC Address, HLP Packet. 3537 * HLP Packet is in MSDU format (i.e., included the LLC/SNAP 3538 * header when LPD is used). */ 3539 wpabuf_put_data(buf, pos, len - 1); 3540 pos += len - 1; 3541 left -= len - 1; 3542 while (left) { 3543 wpabuf_put_u8(buf, WLAN_EID_FRAGMENT); 3544 len = left > 255 ? 255 : left; 3545 wpabuf_put_u8(buf, len); 3546 wpabuf_put_data(buf, pos, len); 3547 pos += len; 3548 left -= len; 3549 } 3550 } 3551 3552 /* TODO: FILS IP Address Assignment */ 3553 3554 wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf); 3555 3556 *kek = sm->ptk.kek; 3557 *kek_len = sm->ptk.kek_len; 3558 wpa_hexdump_key(MSG_DEBUG, "FILS: KEK for AEAD", *kek, *kek_len); 3559 *snonce = sm->fils_nonce; 3560 wpa_hexdump(MSG_DEBUG, "FILS: SNonce for AEAD AAD", 3561 *snonce, FILS_NONCE_LEN); 3562 *anonce = sm->fils_anonce; 3563 wpa_hexdump(MSG_DEBUG, "FILS: ANonce for AEAD AAD", 3564 *anonce, FILS_NONCE_LEN); 3565 3566 return buf; 3567 } 3568 3569 3570 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len) 3571 { 3572 const u8 *pos, *end; 3573 3574 wpa_hexdump(MSG_MSGDUMP, "FILS: HLP response", resp, len); 3575 if (len < 2 * ETH_ALEN) 3576 return; 3577 pos = resp + 2 * ETH_ALEN; 3578 end = resp + len; 3579 if (end - pos >= 6 && 3580 os_memcmp(pos, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) 3581 pos += 6; /* Remove SNAP/LLC header */ 3582 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos); 3583 } 3584 3585 3586 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos, 3587 size_t len) 3588 { 3589 const u8 *end = pos + len; 3590 u8 *tmp, *tmp_pos; 3591 3592 /* Check if there are any FILS HLP Container elements */ 3593 while (end - pos >= 2) { 3594 if (2 + pos[1] > end - pos) 3595 return; 3596 if (pos[0] == WLAN_EID_EXTENSION && 3597 pos[1] >= 1 + 2 * ETH_ALEN && 3598 pos[2] == WLAN_EID_EXT_FILS_HLP_CONTAINER) 3599 break; 3600 pos += 2 + pos[1]; 3601 } 3602 if (end - pos < 2) 3603 return; /* No FILS HLP Container elements */ 3604 3605 tmp = os_malloc(end - pos); 3606 if (!tmp) 3607 return; 3608 3609 while (end - pos >= 2) { 3610 if (2 + pos[1] > end - pos || 3611 pos[0] != WLAN_EID_EXTENSION || 3612 pos[1] < 1 + 2 * ETH_ALEN || 3613 pos[2] != WLAN_EID_EXT_FILS_HLP_CONTAINER) 3614 break; 3615 tmp_pos = tmp; 3616 os_memcpy(tmp_pos, pos + 3, pos[1] - 1); 3617 tmp_pos += pos[1] - 1; 3618 pos += 2 + pos[1]; 3619 3620 /* Add possible fragments */ 3621 while (end - pos >= 2 && pos[0] == WLAN_EID_FRAGMENT && 3622 2 + pos[1] <= end - pos) { 3623 os_memcpy(tmp_pos, pos + 2, pos[1]); 3624 tmp_pos += pos[1]; 3625 pos += 2 + pos[1]; 3626 } 3627 3628 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp); 3629 } 3630 3631 os_free(tmp); 3632 } 3633 3634 3635 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) 3636 { 3637 const struct ieee80211_mgmt *mgmt; 3638 const u8 *end, *ie_start; 3639 struct ieee802_11_elems elems; 3640 int keylen, rsclen; 3641 enum wpa_alg alg; 3642 struct wpa_gtk_data gd; 3643 int maxkeylen; 3644 struct wpa_eapol_ie_parse kde; 3645 3646 if (!sm || !sm->ptk_set) { 3647 wpa_printf(MSG_DEBUG, "FILS: No KEK available"); 3648 return -1; 3649 } 3650 3651 if (!wpa_key_mgmt_fils(sm->key_mgmt)) { 3652 wpa_printf(MSG_DEBUG, "FILS: Not a FILS AKM"); 3653 return -1; 3654 } 3655 3656 wpa_hexdump(MSG_DEBUG, "FILS: (Re)Association Response frame", 3657 resp, len); 3658 3659 mgmt = (const struct ieee80211_mgmt *) resp; 3660 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp)) 3661 return -1; 3662 3663 end = resp + len; 3664 /* Same offset for Association Response and Reassociation Response */ 3665 ie_start = mgmt->u.assoc_resp.variable; 3666 3667 if (ieee802_11_parse_elems(ie_start, end - ie_start, &elems, 1) == 3668 ParseFailed) { 3669 wpa_printf(MSG_DEBUG, 3670 "FILS: Failed to parse decrypted elements"); 3671 goto fail; 3672 } 3673 3674 if (!elems.fils_session) { 3675 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element"); 3676 return -1; 3677 } 3678 if (os_memcmp(elems.fils_session, sm->fils_session, 3679 FILS_SESSION_LEN) != 0) { 3680 wpa_printf(MSG_DEBUG, "FILS: FILS Session mismatch"); 3681 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session", 3682 elems.fils_session, FILS_SESSION_LEN); 3683 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session", 3684 sm->fils_session, FILS_SESSION_LEN); 3685 } 3686 3687 /* TODO: FILS Public Key */ 3688 3689 if (!elems.fils_key_confirm) { 3690 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element"); 3691 goto fail; 3692 } 3693 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) { 3694 wpa_printf(MSG_DEBUG, 3695 "FILS: Unexpected Key-Auth length %d (expected %d)", 3696 elems.fils_key_confirm_len, 3697 (int) sm->fils_key_auth_len); 3698 goto fail; 3699 } 3700 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap, 3701 sm->fils_key_auth_len) != 0) { 3702 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch"); 3703 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth", 3704 elems.fils_key_confirm, 3705 elems.fils_key_confirm_len); 3706 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth", 3707 sm->fils_key_auth_ap, sm->fils_key_auth_len); 3708 goto fail; 3709 } 3710 3711 /* Key Delivery */ 3712 if (!elems.key_delivery) { 3713 wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element"); 3714 goto fail; 3715 } 3716 3717 /* Parse GTK and set the key to the driver */ 3718 os_memset(&gd, 0, sizeof(gd)); 3719 if (wpa_supplicant_parse_ies(elems.key_delivery + WPA_KEY_RSC_LEN, 3720 elems.key_delivery_len - WPA_KEY_RSC_LEN, 3721 &kde) < 0) { 3722 wpa_printf(MSG_DEBUG, "FILS: Failed to parse KDEs"); 3723 goto fail; 3724 } 3725 if (!kde.gtk) { 3726 wpa_printf(MSG_DEBUG, "FILS: No GTK KDE"); 3727 goto fail; 3728 } 3729 maxkeylen = gd.gtk_len = kde.gtk_len - 2; 3730 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 3731 gd.gtk_len, maxkeylen, 3732 &gd.key_rsc_len, &gd.alg)) 3733 goto fail; 3734 3735 wpa_hexdump_key(MSG_DEBUG, "FILS: Received GTK", kde.gtk, kde.gtk_len); 3736 gd.keyidx = kde.gtk[0] & 0x3; 3737 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm, 3738 !!(kde.gtk[0] & BIT(2))); 3739 if (kde.gtk_len - 2 > sizeof(gd.gtk)) { 3740 wpa_printf(MSG_DEBUG, "FILS: Too long GTK in GTK KDE (len=%lu)", 3741 (unsigned long) kde.gtk_len - 2); 3742 goto fail; 3743 } 3744 os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2); 3745 3746 wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver"); 3747 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) { 3748 wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK"); 3749 goto fail; 3750 } 3751 3752 if (ieee80211w_set_keys(sm, &kde) < 0) { 3753 wpa_printf(MSG_DEBUG, "FILS: Failed to set IGTK"); 3754 goto fail; 3755 } 3756 3757 alg = wpa_cipher_to_alg(sm->pairwise_cipher); 3758 keylen = wpa_cipher_key_len(sm->pairwise_cipher); 3759 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); 3760 wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver", 3761 sm->ptk.tk, keylen); 3762 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen, 3763 sm->ptk.tk, keylen) < 0) { 3764 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 3765 "FILS: Failed to set PTK to the driver (alg=%d keylen=%d bssid=" 3766 MACSTR ")", 3767 alg, keylen, MAC2STR(sm->bssid)); 3768 goto fail; 3769 } 3770 3771 /* TODO: TK could be cleared after auth frame exchange now that driver 3772 * takes care of association frame encryption/decryption. */ 3773 /* TK is not needed anymore in supplicant */ 3774 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 3775 3776 /* FILS HLP Container */ 3777 fils_process_hlp_container(sm, ie_start, end - ie_start); 3778 3779 /* TODO: FILS IP Address Assignment */ 3780 3781 wpa_printf(MSG_DEBUG, "FILS: Auth+Assoc completed successfully"); 3782 sm->fils_completed = 1; 3783 3784 return 0; 3785 fail: 3786 return -1; 3787 } 3788 3789 #endif /* CONFIG_FILS */ 3790 3791 3792 int wpa_fils_is_completed(struct wpa_sm *sm) 3793 { 3794 #ifdef CONFIG_FILS 3795 return sm && sm->fils_completed; 3796 #else /* CONFIG_FILS */ 3797 return 0; 3798 #endif /* CONFIG_FILS */ 3799 } 3800