1 /*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "crypto/rc4.h"
19 #include "crypto/aes_wrap.h"
20 #include "wpa.h"
21 #include "eloop.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "preauth.h"
24 #include "pmksa_cache.h"
25 #include "wpa_i.h"
26 #include "wpa_ie.h"
27 #include "peerkey.h"
28 #include "ieee802_11_defs.h"
29
30
31 /**
32 * wpa_cipher_txt - Convert cipher suite to a text string
33 * @cipher: Cipher suite (WPA_CIPHER_* enum)
34 * Returns: Pointer to a text string of the cipher suite name
35 */
wpa_cipher_txt(int cipher)36 static const char * wpa_cipher_txt(int cipher)
37 {
38 switch (cipher) {
39 case WPA_CIPHER_NONE:
40 return "NONE";
41 case WPA_CIPHER_WEP40:
42 return "WEP-40";
43 case WPA_CIPHER_WEP104:
44 return "WEP-104";
45 case WPA_CIPHER_TKIP:
46 return "TKIP";
47 case WPA_CIPHER_CCMP:
48 return "CCMP";
49 default:
50 return "UNKNOWN";
51 }
52 }
53
54
55 /**
56 * wpa_key_mgmt_txt - Convert key management suite to a text string
57 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
58 * @proto: WPA/WPA2 version (WPA_PROTO_*)
59 * Returns: Pointer to a text string of the key management suite name
60 */
wpa_key_mgmt_txt(int key_mgmt,int proto)61 static const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
62 {
63 switch (key_mgmt) {
64 case WPA_KEY_MGMT_IEEE8021X:
65 return proto == WPA_PROTO_RSN ?
66 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
67 case WPA_KEY_MGMT_PSK:
68 return proto == WPA_PROTO_RSN ?
69 "WPA2-PSK" : "WPA-PSK";
70 case WPA_KEY_MGMT_NONE:
71 return "NONE";
72 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
73 return "IEEE 802.1X (no WPA)";
74 #ifdef CONFIG_IEEE80211R
75 case WPA_KEY_MGMT_FT_IEEE8021X:
76 return "FT-EAP";
77 case WPA_KEY_MGMT_FT_PSK:
78 return "FT-PSK";
79 #endif /* CONFIG_IEEE80211R */
80 #ifdef CONFIG_IEEE80211W
81 case WPA_KEY_MGMT_IEEE8021X_SHA256:
82 return "WPA2-EAP-SHA256";
83 case WPA_KEY_MGMT_PSK_SHA256:
84 return "WPA2-PSK-SHA256";
85 #endif /* CONFIG_IEEE80211W */
86 default:
87 return "UNKNOWN";
88 }
89 }
90
91
92 /**
93 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
94 * @sm: Pointer to WPA state machine data from wpa_sm_init()
95 * @kck: Key Confirmation Key (KCK, part of PTK)
96 * @ver: Version field from Key Info
97 * @dest: Destination address for the frame
98 * @proto: Ethertype (usually ETH_P_EAPOL)
99 * @msg: EAPOL-Key message
100 * @msg_len: Length of message
101 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
102 */
wpa_eapol_key_send(struct wpa_sm * sm,const u8 * kck,int ver,const u8 * dest,u16 proto,u8 * msg,size_t msg_len,u8 * key_mic)103 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
104 int ver, const u8 *dest, u16 proto,
105 u8 *msg, size_t msg_len, u8 *key_mic)
106 {
107 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
108 /*
109 * Association event was not yet received; try to fetch
110 * BSSID from the driver.
111 */
112 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
113 wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
114 "EAPOL-Key destination address");
115 } else {
116 dest = sm->bssid;
117 wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
118 ") as the destination for EAPOL-Key",
119 MAC2STR(dest));
120 }
121 }
122 if (key_mic)
123 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
124 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
125 wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
126 eapol_sm_notify_tx_eapol_key(sm->eapol);
127 os_free(msg);
128 }
129
130
131 /**
132 * wpa_sm_key_request - Send EAPOL-Key Request
133 * @sm: Pointer to WPA state machine data from wpa_sm_init()
134 * @error: Indicate whether this is an Michael MIC error report
135 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
136 *
137 * Send an EAPOL-Key Request to the current authenticator. This function is
138 * used to request rekeying and it is usually called when a local Michael MIC
139 * failure is detected.
140 */
wpa_sm_key_request(struct wpa_sm * sm,int error,int pairwise)141 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
142 {
143 size_t rlen;
144 struct wpa_eapol_key *reply;
145 int key_info, ver;
146 u8 bssid[ETH_ALEN], *rbuf;
147
148 if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt))
149 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
150 else if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
151 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
152 else
153 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
154
155 if (wpa_sm_get_bssid(sm, bssid) < 0) {
156 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
157 "request");
158 return;
159 }
160
161 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
162 sizeof(*reply), &rlen, (void *) &reply);
163 if (rbuf == NULL)
164 return;
165
166 reply->type = sm->proto == WPA_PROTO_RSN ?
167 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
168 key_info = WPA_KEY_INFO_REQUEST | ver;
169 if (sm->ptk_set)
170 key_info |= WPA_KEY_INFO_MIC;
171 if (error)
172 key_info |= WPA_KEY_INFO_ERROR;
173 if (pairwise)
174 key_info |= WPA_KEY_INFO_KEY_TYPE;
175 WPA_PUT_BE16(reply->key_info, key_info);
176 WPA_PUT_BE16(reply->key_length, 0);
177 os_memcpy(reply->replay_counter, sm->request_counter,
178 WPA_REPLAY_COUNTER_LEN);
179 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
180
181 WPA_PUT_BE16(reply->key_data_length, 0);
182
183 wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d "
184 "pairwise=%d ptk_set=%d len=%lu)",
185 error, pairwise, sm->ptk_set, (unsigned long) rlen);
186 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
187 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
188 reply->key_mic : NULL);
189 }
190
191
wpa_supplicant_get_pmk(struct wpa_sm * sm,const unsigned char * src_addr,const u8 * pmkid)192 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
193 const unsigned char *src_addr,
194 const u8 *pmkid)
195 {
196 int abort_cached = 0;
197
198 if (pmkid && !sm->cur_pmksa) {
199 /* When using drivers that generate RSN IE, wpa_supplicant may
200 * not have enough time to get the association information
201 * event before receiving this 1/4 message, so try to find a
202 * matching PMKSA cache entry here. */
203 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
204 if (sm->cur_pmksa) {
205 wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from "
206 "PMKSA cache");
207 } else {
208 wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found");
209 abort_cached = 1;
210 }
211 }
212
213 if (pmkid && sm->cur_pmksa &&
214 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
215 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
216 wpa_sm_set_pmk_from_pmksa(sm);
217 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
218 sm->pmk, sm->pmk_len);
219 eapol_sm_notify_cached(sm->eapol);
220 #ifdef CONFIG_IEEE80211R
221 sm->xxkey_len = 0;
222 #endif /* CONFIG_IEEE80211R */
223 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
224 int res, pmk_len;
225 pmk_len = PMK_LEN;
226 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
227 if (res) {
228 /*
229 * EAP-LEAP is an exception from other EAP methods: it
230 * uses only 16-byte PMK.
231 */
232 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
233 pmk_len = 16;
234 } else {
235 #ifdef CONFIG_IEEE80211R
236 u8 buf[2 * PMK_LEN];
237 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
238 {
239 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
240 sm->xxkey_len = PMK_LEN;
241 os_memset(buf, 0, sizeof(buf));
242 }
243 #endif /* CONFIG_IEEE80211R */
244 }
245 if (res == 0) {
246 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
247 "machines", sm->pmk, pmk_len);
248 sm->pmk_len = pmk_len;
249 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr,
250 sm->own_addr, sm->network_ctx,
251 sm->key_mgmt);
252 if (!sm->cur_pmksa && pmkid &&
253 pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
254 wpa_printf(MSG_DEBUG, "RSN: the new PMK "
255 "matches with the PMKID");
256 abort_cached = 0;
257 }
258 } else {
259 wpa_msg(sm->ctx->ctx, MSG_WARNING,
260 "WPA: Failed to get master session key from "
261 "EAPOL state machines");
262 wpa_msg(sm->ctx->ctx, MSG_WARNING,
263 "WPA: Key handshake aborted");
264 if (sm->cur_pmksa) {
265 wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA "
266 "caching attempt");
267 sm->cur_pmksa = NULL;
268 abort_cached = 1;
269 } else if (!abort_cached) {
270 return -1;
271 }
272 }
273 }
274
275 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
276 /* Send EAPOL-Start to trigger full EAP authentication. */
277 u8 *buf;
278 size_t buflen;
279
280 wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger "
281 "full EAP authentication");
282 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
283 NULL, 0, &buflen, NULL);
284 if (buf) {
285 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
286 buf, buflen);
287 os_free(buf);
288 return -2;
289 }
290
291 return -1;
292 }
293
294 return 0;
295 }
296
297
298 /**
299 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
300 * @sm: Pointer to WPA state machine data from wpa_sm_init()
301 * @dst: Destination address for the frame
302 * @key: Pointer to the EAPOL-Key frame header
303 * @ver: Version bits from EAPOL-Key Key Info
304 * @nonce: Nonce value for the EAPOL-Key frame
305 * @wpa_ie: WPA/RSN IE
306 * @wpa_ie_len: Length of the WPA/RSN IE
307 * @ptk: PTK to use for keyed hash and encryption
308 * Returns: 0 on success, -1 on failure
309 */
wpa_supplicant_send_2_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,int ver,const u8 * nonce,const u8 * wpa_ie,size_t wpa_ie_len,struct wpa_ptk * ptk)310 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
311 const struct wpa_eapol_key *key,
312 int ver, const u8 *nonce,
313 const u8 *wpa_ie, size_t wpa_ie_len,
314 struct wpa_ptk *ptk)
315 {
316 size_t rlen;
317 struct wpa_eapol_key *reply;
318 u8 *rbuf;
319
320 if (wpa_ie == NULL) {
321 wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot "
322 "generate msg 2/4");
323 return -1;
324 }
325
326 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
327
328 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
329 NULL, sizeof(*reply) + wpa_ie_len,
330 &rlen, (void *) &reply);
331 if (rbuf == NULL)
332 return -1;
333
334 reply->type = sm->proto == WPA_PROTO_RSN ?
335 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
336 WPA_PUT_BE16(reply->key_info,
337 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
338 if (sm->proto == WPA_PROTO_RSN)
339 WPA_PUT_BE16(reply->key_length, 0);
340 else
341 os_memcpy(reply->key_length, key->key_length, 2);
342 os_memcpy(reply->replay_counter, key->replay_counter,
343 WPA_REPLAY_COUNTER_LEN);
344
345 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
346 os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
347
348 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
349
350 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
351 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
352 rbuf, rlen, reply->key_mic);
353
354 return 0;
355 }
356
357
wpa_derive_ptk(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,struct wpa_ptk * ptk)358 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
359 const struct wpa_eapol_key *key,
360 struct wpa_ptk *ptk)
361 {
362 size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
363 #ifdef CONFIG_IEEE80211R
364 if (wpa_key_mgmt_ft(sm->key_mgmt))
365 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
366 #endif /* CONFIG_IEEE80211R */
367
368 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
369 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
370 (u8 *) ptk, ptk_len,
371 wpa_key_mgmt_sha256(sm->key_mgmt));
372 return 0;
373 }
374
375
wpa_supplicant_process_1_of_4(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver)376 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
377 const unsigned char *src_addr,
378 const struct wpa_eapol_key *key,
379 u16 ver)
380 {
381 struct wpa_eapol_ie_parse ie;
382 struct wpa_ptk *ptk;
383 u8 buf[8];
384 int res;
385
386 if (wpa_sm_get_network_ctx(sm) == NULL) {
387 wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
388 "4).");
389 return;
390 }
391
392 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
393 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
394 MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
395
396 os_memset(&ie, 0, sizeof(ie));
397
398 #ifndef CONFIG_NO_WPA2
399 if (sm->proto == WPA_PROTO_RSN) {
400 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
401 const u8 *_buf = (const u8 *) (key + 1);
402 size_t len = WPA_GET_BE16(key->key_data_length);
403 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
404 wpa_supplicant_parse_ies(_buf, len, &ie);
405 if (ie.pmkid) {
406 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
407 "Authenticator", ie.pmkid, PMKID_LEN);
408 }
409 }
410 #endif /* CONFIG_NO_WPA2 */
411
412 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
413 if (res == -2) {
414 wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
415 "requesting full EAP authentication");
416 return;
417 }
418 if (res)
419 goto failed;
420
421 if (sm->renew_snonce) {
422 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
423 wpa_msg(sm->ctx->ctx, MSG_WARNING,
424 "WPA: Failed to get random data for SNonce");
425 goto failed;
426 }
427 sm->renew_snonce = 0;
428 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
429 sm->snonce, WPA_NONCE_LEN);
430 }
431
432 /* Calculate PTK which will be stored as a temporary PTK until it has
433 * been verified when processing message 3/4. */
434 ptk = &sm->tptk;
435 wpa_derive_ptk(sm, src_addr, key, ptk);
436 /* Supplicant: swap tx/rx Mic keys */
437 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
438 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
439 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
440 sm->tptk_set = 1;
441
442 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
443 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
444 ptk))
445 goto failed;
446
447 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
448 return;
449
450 failed:
451 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
452 }
453
454
wpa_sm_start_preauth(void * eloop_ctx,void * timeout_ctx)455 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
456 {
457 struct wpa_sm *sm = eloop_ctx;
458 rsn_preauth_candidate_process(sm);
459 }
460
461
wpa_supplicant_key_neg_complete(struct wpa_sm * sm,const u8 * addr,int secure)462 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
463 const u8 *addr, int secure)
464 {
465 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Key negotiation completed with "
466 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
467 wpa_cipher_txt(sm->pairwise_cipher),
468 wpa_cipher_txt(sm->group_cipher));
469 wpa_sm_cancel_auth_timeout(sm);
470 wpa_sm_set_state(sm, WPA_COMPLETED);
471
472 if (secure) {
473 wpa_sm_mlme_setprotection(
474 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
475 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
476 eapol_sm_notify_portValid(sm->eapol, TRUE);
477 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
478 eapol_sm_notify_eap_success(sm->eapol, TRUE);
479 /*
480 * Start preauthentication after a short wait to avoid a
481 * possible race condition between the data receive and key
482 * configuration after the 4-Way Handshake. This increases the
483 * likelyhood of the first preauth EAPOL-Start frame getting to
484 * the target AP.
485 */
486 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
487 }
488
489 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
490 wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted "
491 "opportunistic PMKSA entry - marking it valid");
492 sm->cur_pmksa->opportunistic = 0;
493 }
494
495 #ifdef CONFIG_IEEE80211R
496 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
497 /* Prepare for the next transition */
498 wpa_ft_prepare_auth_request(sm);
499 }
500 #endif /* CONFIG_IEEE80211R */
501 }
502
503
wpa_sm_rekey_ptk(void * eloop_ctx,void * timeout_ctx)504 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
505 {
506 struct wpa_sm *sm = eloop_ctx;
507 wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying");
508 wpa_sm_key_request(sm, 0, 1);
509 }
510
511
wpa_supplicant_install_ptk(struct wpa_sm * sm,const struct wpa_eapol_key * key)512 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
513 const struct wpa_eapol_key *key)
514 {
515 int keylen, rsclen;
516 wpa_alg alg;
517 const u8 *key_rsc;
518 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
519
520 wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.");
521
522 switch (sm->pairwise_cipher) {
523 case WPA_CIPHER_CCMP:
524 alg = WPA_ALG_CCMP;
525 keylen = 16;
526 rsclen = 6;
527 break;
528 case WPA_CIPHER_TKIP:
529 alg = WPA_ALG_TKIP;
530 keylen = 32;
531 rsclen = 6;
532 break;
533 case WPA_CIPHER_NONE:
534 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: "
535 "NONE - do not use pairwise keys");
536 return 0;
537 default:
538 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d",
539 sm->pairwise_cipher);
540 return -1;
541 }
542
543 if (sm->proto == WPA_PROTO_RSN) {
544 key_rsc = null_rsc;
545 } else {
546 key_rsc = key->key_rsc;
547 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
548 }
549
550 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
551 (u8 *) sm->ptk.tk1, keylen) < 0) {
552 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
553 "driver (alg=%d keylen=%d bssid=" MACSTR ")",
554 alg, keylen, MAC2STR(sm->bssid));
555 return -1;
556 }
557
558 if (sm->wpa_ptk_rekey) {
559 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
560 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
561 sm, NULL);
562 }
563
564 return 0;
565 }
566
567
wpa_supplicant_check_group_cipher(int group_cipher,int keylen,int maxkeylen,int * key_rsc_len,wpa_alg * alg)568 static int wpa_supplicant_check_group_cipher(int group_cipher,
569 int keylen, int maxkeylen,
570 int *key_rsc_len, wpa_alg *alg)
571 {
572 int ret = 0;
573
574 switch (group_cipher) {
575 case WPA_CIPHER_CCMP:
576 if (keylen != 16 || maxkeylen < 16) {
577 ret = -1;
578 break;
579 }
580 *key_rsc_len = 6;
581 *alg = WPA_ALG_CCMP;
582 break;
583 case WPA_CIPHER_TKIP:
584 if (keylen != 32 || maxkeylen < 32) {
585 ret = -1;
586 break;
587 }
588 *key_rsc_len = 6;
589 *alg = WPA_ALG_TKIP;
590 break;
591 case WPA_CIPHER_WEP104:
592 if (keylen != 13 || maxkeylen < 13) {
593 ret = -1;
594 break;
595 }
596 *key_rsc_len = 0;
597 *alg = WPA_ALG_WEP;
598 break;
599 case WPA_CIPHER_WEP40:
600 if (keylen != 5 || maxkeylen < 5) {
601 ret = -1;
602 break;
603 }
604 *key_rsc_len = 0;
605 *alg = WPA_ALG_WEP;
606 break;
607 default:
608 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
609 group_cipher);
610 return -1;
611 }
612
613 if (ret < 0 ) {
614 wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key "
615 "length %d (%d).",
616 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
617 }
618
619 return ret;
620 }
621
622
623 struct wpa_gtk_data {
624 wpa_alg alg;
625 int tx, key_rsc_len, keyidx;
626 u8 gtk[32];
627 int gtk_len;
628 };
629
630
wpa_supplicant_install_gtk(struct wpa_sm * sm,const struct wpa_gtk_data * gd,const u8 * key_rsc)631 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
632 const struct wpa_gtk_data *gd,
633 const u8 *key_rsc)
634 {
635 const u8 *_gtk = gd->gtk;
636 u8 gtk_buf[32];
637
638 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
639 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
640 "(keyidx=%d tx=%d len=%d).", gd->keyidx, gd->tx,
641 gd->gtk_len);
642 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
643 if (sm->group_cipher == WPA_CIPHER_TKIP) {
644 /* Swap Tx/Rx keys for Michael MIC */
645 os_memcpy(gtk_buf, gd->gtk, 16);
646 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
647 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
648 _gtk = gtk_buf;
649 }
650 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
651 if (wpa_sm_set_key(sm, gd->alg,
652 (u8 *) "\xff\xff\xff\xff\xff\xff",
653 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
654 _gtk, gd->gtk_len) < 0) {
655 wpa_printf(MSG_WARNING, "WPA: Failed to set "
656 "GTK to the driver (Group only).");
657 return -1;
658 }
659 } else if (wpa_sm_set_key(sm, gd->alg,
660 (u8 *) "\xff\xff\xff\xff\xff\xff",
661 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
662 _gtk, gd->gtk_len) < 0) {
663 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
664 "the driver (alg=%d keylen=%d keyidx=%d)",
665 gd->alg, gd->gtk_len, gd->keyidx);
666 return -1;
667 }
668
669 return 0;
670 }
671
672
wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm * sm,int tx)673 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
674 int tx)
675 {
676 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
677 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
678 * seemed to set this bit (incorrectly, since Tx is only when
679 * doing Group Key only APs) and without this workaround, the
680 * data connection does not work because wpa_supplicant
681 * configured non-zero keyidx to be used for unicast. */
682 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise "
683 "keys are used - ignore Tx bit");
684 return 0;
685 }
686 return tx;
687 }
688
689
wpa_supplicant_pairwise_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,const u8 * gtk,size_t gtk_len,int key_info)690 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
691 const struct wpa_eapol_key *key,
692 const u8 *gtk, size_t gtk_len,
693 int key_info)
694 {
695 #ifndef CONFIG_NO_WPA2
696 struct wpa_gtk_data gd;
697
698 /*
699 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
700 * GTK KDE format:
701 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
702 * Reserved [bits 0-7]
703 * GTK
704 */
705
706 os_memset(&gd, 0, sizeof(gd));
707 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
708 gtk, gtk_len);
709
710 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
711 return -1;
712
713 gd.keyidx = gtk[0] & 0x3;
714 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
715 !!(gtk[0] & BIT(2)));
716 gtk += 2;
717 gtk_len -= 2;
718
719 os_memcpy(gd.gtk, gtk, gtk_len);
720 gd.gtk_len = gtk_len;
721
722 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
723 gtk_len, gtk_len,
724 &gd.key_rsc_len, &gd.alg) ||
725 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) {
726 wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK");
727 return -1;
728 }
729
730 wpa_supplicant_key_neg_complete(sm, sm->bssid,
731 key_info & WPA_KEY_INFO_SECURE);
732 return 0;
733 #else /* CONFIG_NO_WPA2 */
734 return -1;
735 #endif /* CONFIG_NO_WPA2 */
736 }
737
738
ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)739 static int ieee80211w_set_keys(struct wpa_sm *sm,
740 struct wpa_eapol_ie_parse *ie)
741 {
742 #ifdef CONFIG_IEEE80211W
743 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
744 return 0;
745
746 if (ie->igtk) {
747 const struct wpa_igtk_kde *igtk;
748 u16 keyidx;
749 if (ie->igtk_len != sizeof(*igtk))
750 return -1;
751 igtk = (const struct wpa_igtk_kde *) ie->igtk;
752 keyidx = WPA_GET_LE16(igtk->keyid);
753 wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
754 "pn %02x%02x%02x%02x%02x%02x",
755 keyidx, MAC2STR(igtk->pn));
756 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
757 igtk->igtk, WPA_IGTK_LEN);
758 if (keyidx > 4095) {
759 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
760 keyidx);
761 return -1;
762 }
763 if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
764 (u8 *) "\xff\xff\xff\xff\xff\xff",
765 keyidx, 0, igtk->pn, sizeof(igtk->pn),
766 igtk->igtk, WPA_IGTK_LEN) < 0) {
767 wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
768 " to the driver");
769 return -1;
770 }
771 }
772
773 return 0;
774 #else /* CONFIG_IEEE80211W */
775 return 0;
776 #endif /* CONFIG_IEEE80211W */
777 }
778
779
wpa_report_ie_mismatch(struct wpa_sm * sm,const char * reason,const u8 * src_addr,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsn_ie,size_t rsn_ie_len)780 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
781 const char *reason, const u8 *src_addr,
782 const u8 *wpa_ie, size_t wpa_ie_len,
783 const u8 *rsn_ie, size_t rsn_ie_len)
784 {
785 wpa_msg(sm->ctx->ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
786 reason, MAC2STR(src_addr));
787
788 if (sm->ap_wpa_ie) {
789 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
790 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
791 }
792 if (wpa_ie) {
793 if (!sm->ap_wpa_ie) {
794 wpa_printf(MSG_INFO, "WPA: No WPA IE in "
795 "Beacon/ProbeResp");
796 }
797 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
798 wpa_ie, wpa_ie_len);
799 }
800
801 if (sm->ap_rsn_ie) {
802 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
803 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
804 }
805 if (rsn_ie) {
806 if (!sm->ap_rsn_ie) {
807 wpa_printf(MSG_INFO, "WPA: No RSN IE in "
808 "Beacon/ProbeResp");
809 }
810 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
811 rsn_ie, rsn_ie_len);
812 }
813
814 wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
815 }
816
817
wpa_supplicant_validate_ie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)818 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
819 const unsigned char *src_addr,
820 struct wpa_eapol_ie_parse *ie)
821 {
822 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
823 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. "
824 "Trying to get from scan results");
825 if (wpa_sm_get_beacon_ie(sm) < 0) {
826 wpa_printf(MSG_WARNING, "WPA: Could not find AP from "
827 "the scan results");
828 } else {
829 wpa_printf(MSG_DEBUG, "WPA: Found the current AP from "
830 "updated scan results");
831 }
832 }
833
834 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
835 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
836 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
837 "with IE in Beacon/ProbeResp (no IE?)",
838 src_addr, ie->wpa_ie, ie->wpa_ie_len,
839 ie->rsn_ie, ie->rsn_ie_len);
840 return -1;
841 }
842
843 if ((ie->wpa_ie && sm->ap_wpa_ie &&
844 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
845 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
846 (ie->rsn_ie && sm->ap_rsn_ie &&
847 (ie->rsn_ie_len != sm->ap_rsn_ie_len ||
848 os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
849 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
850 "with IE in Beacon/ProbeResp",
851 src_addr, ie->wpa_ie, ie->wpa_ie_len,
852 ie->rsn_ie, ie->rsn_ie_len);
853 return -1;
854 }
855
856 if (sm->proto == WPA_PROTO_WPA &&
857 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
858 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
859 "detected - RSN was enabled and RSN IE "
860 "was in msg 3/4, but not in "
861 "Beacon/ProbeResp",
862 src_addr, ie->wpa_ie, ie->wpa_ie_len,
863 ie->rsn_ie, ie->rsn_ie_len);
864 return -1;
865 }
866
867 #ifdef CONFIG_IEEE80211R
868 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
869 struct rsn_mdie *mdie;
870 /* TODO: verify that full MDIE matches with the one from scan
871 * results, not only mobility domain */
872 mdie = (struct rsn_mdie *) (ie->mdie + 2);
873 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
874 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
875 MOBILITY_DOMAIN_ID_LEN) != 0) {
876 wpa_printf(MSG_DEBUG, "FT: MDIE in msg 3/4 did not "
877 "match with the current mobility domain");
878 return -1;
879 }
880 }
881 #endif /* CONFIG_IEEE80211R */
882
883 return 0;
884 }
885
886
887 /**
888 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
889 * @sm: Pointer to WPA state machine data from wpa_sm_init()
890 * @dst: Destination address for the frame
891 * @key: Pointer to the EAPOL-Key frame header
892 * @ver: Version bits from EAPOL-Key Key Info
893 * @key_info: Key Info
894 * @kde: KDEs to include the EAPOL-Key frame
895 * @kde_len: Length of KDEs
896 * @ptk: PTK to use for keyed hash and encryption
897 * Returns: 0 on success, -1 on failure
898 */
wpa_supplicant_send_4_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,u16 ver,u16 key_info,const u8 * kde,size_t kde_len,struct wpa_ptk * ptk)899 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
900 const struct wpa_eapol_key *key,
901 u16 ver, u16 key_info,
902 const u8 *kde, size_t kde_len,
903 struct wpa_ptk *ptk)
904 {
905 size_t rlen;
906 struct wpa_eapol_key *reply;
907 u8 *rbuf;
908
909 if (kde)
910 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
911
912 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
913 sizeof(*reply) + kde_len,
914 &rlen, (void *) &reply);
915 if (rbuf == NULL)
916 return -1;
917
918 reply->type = sm->proto == WPA_PROTO_RSN ?
919 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
920 key_info &= WPA_KEY_INFO_SECURE;
921 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
922 WPA_PUT_BE16(reply->key_info, key_info);
923 if (sm->proto == WPA_PROTO_RSN)
924 WPA_PUT_BE16(reply->key_length, 0);
925 else
926 os_memcpy(reply->key_length, key->key_length, 2);
927 os_memcpy(reply->replay_counter, key->replay_counter,
928 WPA_REPLAY_COUNTER_LEN);
929
930 WPA_PUT_BE16(reply->key_data_length, kde_len);
931 if (kde)
932 os_memcpy(reply + 1, kde, kde_len);
933
934 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
935 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
936 rbuf, rlen, reply->key_mic);
937
938 return 0;
939 }
940
941
wpa_supplicant_process_3_of_4(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver)942 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
943 const struct wpa_eapol_key *key,
944 u16 ver)
945 {
946 u16 key_info, keylen, len;
947 const u8 *pos;
948 struct wpa_eapol_ie_parse ie;
949
950 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
951 wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
952 MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
953
954 key_info = WPA_GET_BE16(key->key_info);
955
956 pos = (const u8 *) (key + 1);
957 len = WPA_GET_BE16(key->key_data_length);
958 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
959 wpa_supplicant_parse_ies(pos, len, &ie);
960 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
961 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
962 goto failed;
963 }
964 #ifdef CONFIG_IEEE80211W
965 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
966 wpa_printf(MSG_WARNING, "WPA: IGTK KDE in unencrypted key "
967 "data");
968 goto failed;
969 }
970
971 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
972 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
973 (unsigned long) ie.igtk_len);
974 goto failed;
975 }
976 #endif /* CONFIG_IEEE80211W */
977
978 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
979 goto failed;
980
981 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
982 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
983 "Handshake differs from 3 of 4-Way Handshake - drop"
984 " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
985 goto failed;
986 }
987
988 keylen = WPA_GET_BE16(key->key_length);
989 switch (sm->pairwise_cipher) {
990 case WPA_CIPHER_CCMP:
991 if (keylen != 16) {
992 wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
993 "%d (src=" MACSTR ")",
994 keylen, MAC2STR(sm->bssid));
995 goto failed;
996 }
997 break;
998 case WPA_CIPHER_TKIP:
999 if (keylen != 32) {
1000 wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
1001 "%d (src=" MACSTR ")",
1002 keylen, MAC2STR(sm->bssid));
1003 goto failed;
1004 }
1005 break;
1006 }
1007
1008 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1009 NULL, 0, &sm->ptk)) {
1010 goto failed;
1011 }
1012
1013 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1014 * for the next 4-Way Handshake. If msg 3 is received again, the old
1015 * SNonce will still be used to avoid changing PTK. */
1016 sm->renew_snonce = 1;
1017
1018 if (key_info & WPA_KEY_INFO_INSTALL) {
1019 if (wpa_supplicant_install_ptk(sm, key))
1020 goto failed;
1021 }
1022
1023 if (key_info & WPA_KEY_INFO_SECURE) {
1024 wpa_sm_mlme_setprotection(
1025 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1026 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1027 eapol_sm_notify_portValid(sm->eapol, TRUE);
1028 }
1029 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1030
1031 if (ie.gtk &&
1032 wpa_supplicant_pairwise_gtk(sm, key,
1033 ie.gtk, ie.gtk_len, key_info) < 0) {
1034 wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
1035 goto failed;
1036 }
1037
1038 if (ieee80211w_set_keys(sm, &ie) < 0) {
1039 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK");
1040 goto failed;
1041 }
1042
1043 return;
1044
1045 failed:
1046 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1047 }
1048
1049
wpa_supplicant_process_1_of_2_rsn(struct wpa_sm * sm,const u8 * keydata,size_t keydatalen,u16 key_info,struct wpa_gtk_data * gd)1050 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1051 const u8 *keydata,
1052 size_t keydatalen,
1053 u16 key_info,
1054 struct wpa_gtk_data *gd)
1055 {
1056 int maxkeylen;
1057 struct wpa_eapol_ie_parse ie;
1058
1059 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1060 wpa_supplicant_parse_ies(keydata, keydatalen, &ie);
1061 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1062 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
1063 return -1;
1064 }
1065 if (ie.gtk == NULL) {
1066 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2");
1067 return -1;
1068 }
1069 maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1070
1071 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1072 gd->gtk_len, maxkeylen,
1073 &gd->key_rsc_len, &gd->alg))
1074 return -1;
1075
1076 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
1077 ie.gtk, ie.gtk_len);
1078 gd->keyidx = ie.gtk[0] & 0x3;
1079 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1080 !!(ie.gtk[0] & BIT(2)));
1081 if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1082 wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE "
1083 "(len=%lu)", (unsigned long) ie.gtk_len - 2);
1084 return -1;
1085 }
1086 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1087
1088 if (ieee80211w_set_keys(sm, &ie) < 0)
1089 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK");
1090
1091 return 0;
1092 }
1093
1094
wpa_supplicant_process_1_of_2_wpa(struct wpa_sm * sm,const struct wpa_eapol_key * key,size_t keydatalen,int key_info,size_t extra_len,u16 ver,struct wpa_gtk_data * gd)1095 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1096 const struct wpa_eapol_key *key,
1097 size_t keydatalen, int key_info,
1098 size_t extra_len, u16 ver,
1099 struct wpa_gtk_data *gd)
1100 {
1101 size_t maxkeylen;
1102 u8 ek[32];
1103
1104 gd->gtk_len = WPA_GET_BE16(key->key_length);
1105 maxkeylen = keydatalen;
1106 if (keydatalen > extra_len) {
1107 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:"
1108 " key_data_length=%lu > extra_len=%lu",
1109 (unsigned long) keydatalen,
1110 (unsigned long) extra_len);
1111 return -1;
1112 }
1113 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1114 if (maxkeylen < 8) {
1115 wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)",
1116 (unsigned long) maxkeylen);
1117 return -1;
1118 }
1119 maxkeylen -= 8;
1120 }
1121
1122 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1123 gd->gtk_len, maxkeylen,
1124 &gd->key_rsc_len, &gd->alg))
1125 return -1;
1126
1127 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1128 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1129 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1130 os_memcpy(ek, key->key_iv, 16);
1131 os_memcpy(ek + 16, sm->ptk.kek, 16);
1132 if (keydatalen > sizeof(gd->gtk)) {
1133 wpa_printf(MSG_WARNING, "WPA: RC4 key data "
1134 "too long (%lu)",
1135 (unsigned long) keydatalen);
1136 return -1;
1137 }
1138 os_memcpy(gd->gtk, key + 1, keydatalen);
1139 rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
1140 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1141 if (keydatalen % 8) {
1142 wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP "
1143 "len %lu", (unsigned long) keydatalen);
1144 return -1;
1145 }
1146 if (maxkeylen > sizeof(gd->gtk)) {
1147 wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data "
1148 "too long (keydatalen=%lu maxkeylen=%lu)",
1149 (unsigned long) keydatalen,
1150 (unsigned long) maxkeylen);
1151 return -1;
1152 }
1153 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
1154 (const u8 *) (key + 1), gd->gtk)) {
1155 wpa_printf(MSG_WARNING, "WPA: AES unwrap "
1156 "failed - could not decrypt GTK");
1157 return -1;
1158 }
1159 } else {
1160 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d",
1161 ver);
1162 return -1;
1163 }
1164 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1165 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1166 return 0;
1167 }
1168
1169
wpa_supplicant_send_2_of_2(struct wpa_sm * sm,const struct wpa_eapol_key * key,int ver,u16 key_info)1170 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1171 const struct wpa_eapol_key *key,
1172 int ver, u16 key_info)
1173 {
1174 size_t rlen;
1175 struct wpa_eapol_key *reply;
1176 u8 *rbuf;
1177
1178 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1179 sizeof(*reply), &rlen, (void *) &reply);
1180 if (rbuf == NULL)
1181 return -1;
1182
1183 reply->type = sm->proto == WPA_PROTO_RSN ?
1184 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1185 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1186 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1187 WPA_PUT_BE16(reply->key_info, key_info);
1188 if (sm->proto == WPA_PROTO_RSN)
1189 WPA_PUT_BE16(reply->key_length, 0);
1190 else
1191 os_memcpy(reply->key_length, key->key_length, 2);
1192 os_memcpy(reply->replay_counter, key->replay_counter,
1193 WPA_REPLAY_COUNTER_LEN);
1194
1195 WPA_PUT_BE16(reply->key_data_length, 0);
1196
1197 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1198 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
1199 rbuf, rlen, reply->key_mic);
1200
1201 return 0;
1202 }
1203
1204
wpa_supplicant_process_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,int extra_len,u16 ver)1205 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1206 const unsigned char *src_addr,
1207 const struct wpa_eapol_key *key,
1208 int extra_len, u16 ver)
1209 {
1210 u16 key_info, keydatalen;
1211 int rekey, ret;
1212 struct wpa_gtk_data gd;
1213
1214 os_memset(&gd, 0, sizeof(gd));
1215
1216 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1217 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
1218 MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1219
1220 key_info = WPA_GET_BE16(key->key_info);
1221 keydatalen = WPA_GET_BE16(key->key_data_length);
1222
1223 if (sm->proto == WPA_PROTO_RSN) {
1224 ret = wpa_supplicant_process_1_of_2_rsn(sm,
1225 (const u8 *) (key + 1),
1226 keydatalen, key_info,
1227 &gd);
1228 } else {
1229 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
1230 key_info, extra_len,
1231 ver, &gd);
1232 }
1233
1234 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1235
1236 if (ret)
1237 goto failed;
1238
1239 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1240 wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1241 goto failed;
1242
1243 if (rekey) {
1244 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
1245 "completed with " MACSTR " [GTK=%s]",
1246 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1247 wpa_sm_cancel_auth_timeout(sm);
1248 wpa_sm_set_state(sm, WPA_COMPLETED);
1249 } else {
1250 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1251 key_info &
1252 WPA_KEY_INFO_SECURE);
1253 }
1254 return;
1255
1256 failed:
1257 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1258 }
1259
1260
wpa_supplicant_verify_eapol_key_mic(struct wpa_sm * sm,struct wpa_eapol_key * key,u16 ver,const u8 * buf,size_t len)1261 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1262 struct wpa_eapol_key *key,
1263 u16 ver,
1264 const u8 *buf, size_t len)
1265 {
1266 u8 mic[16];
1267 int ok = 0;
1268
1269 os_memcpy(mic, key->key_mic, 16);
1270 if (sm->tptk_set) {
1271 os_memset(key->key_mic, 0, 16);
1272 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
1273 key->key_mic);
1274 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1275 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
1276 "when using TPTK - ignoring TPTK");
1277 } else {
1278 ok = 1;
1279 sm->tptk_set = 0;
1280 sm->ptk_set = 1;
1281 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1282 }
1283 }
1284
1285 if (!ok && sm->ptk_set) {
1286 os_memset(key->key_mic, 0, 16);
1287 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
1288 key->key_mic);
1289 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1290 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
1291 "- dropping packet");
1292 return -1;
1293 }
1294 ok = 1;
1295 }
1296
1297 if (!ok) {
1298 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC "
1299 "- dropping packet");
1300 return -1;
1301 }
1302
1303 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1304 WPA_REPLAY_COUNTER_LEN);
1305 sm->rx_replay_counter_set = 1;
1306 return 0;
1307 }
1308
1309
1310 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
wpa_supplicant_decrypt_key_data(struct wpa_sm * sm,struct wpa_eapol_key * key,u16 ver)1311 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1312 struct wpa_eapol_key *key, u16 ver)
1313 {
1314 u16 keydatalen = WPA_GET_BE16(key->key_data_length);
1315
1316 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1317 (u8 *) (key + 1), keydatalen);
1318 if (!sm->ptk_set) {
1319 wpa_printf(MSG_WARNING, "WPA: PTK not available, "
1320 "cannot decrypt EAPOL-Key key data.");
1321 return -1;
1322 }
1323
1324 /* Decrypt key data here so that this operation does not need
1325 * to be implemented separately for each message type. */
1326 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1327 u8 ek[32];
1328 os_memcpy(ek, key->key_iv, 16);
1329 os_memcpy(ek + 16, sm->ptk.kek, 16);
1330 rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
1331 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1332 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1333 u8 *buf;
1334 if (keydatalen % 8) {
1335 wpa_printf(MSG_WARNING, "WPA: Unsupported "
1336 "AES-WRAP len %d", keydatalen);
1337 return -1;
1338 }
1339 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
1340 buf = os_malloc(keydatalen);
1341 if (buf == NULL) {
1342 wpa_printf(MSG_WARNING, "WPA: No memory for "
1343 "AES-UNWRAP buffer");
1344 return -1;
1345 }
1346 if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
1347 (u8 *) (key + 1), buf)) {
1348 os_free(buf);
1349 wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
1350 "could not decrypt EAPOL-Key key data");
1351 return -1;
1352 }
1353 os_memcpy(key + 1, buf, keydatalen);
1354 os_free(buf);
1355 WPA_PUT_BE16(key->key_data_length, keydatalen);
1356 } else {
1357 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d",
1358 ver);
1359 return -1;
1360 }
1361 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1362 (u8 *) (key + 1), keydatalen);
1363 return 0;
1364 }
1365
1366
1367 /**
1368 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1369 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1370 */
wpa_sm_aborted_cached(struct wpa_sm * sm)1371 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1372 {
1373 if (sm && sm->cur_pmksa) {
1374 wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt");
1375 sm->cur_pmksa = NULL;
1376 }
1377 }
1378
1379
wpa_eapol_key_dump(const struct wpa_eapol_key * key)1380 static void wpa_eapol_key_dump(const struct wpa_eapol_key *key)
1381 {
1382 #ifndef CONFIG_NO_STDOUT_DEBUG
1383 u16 key_info = WPA_GET_BE16(key->key_info);
1384
1385 wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1386 wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
1387 "%s%s%s%s%s%s%s)",
1388 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1389 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1390 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1391 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1392 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1393 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1394 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1395 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1396 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1397 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1398 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1399 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1400 wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u",
1401 WPA_GET_BE16(key->key_length),
1402 WPA_GET_BE16(key->key_data_length));
1403 wpa_hexdump(MSG_DEBUG, " replay_counter",
1404 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1405 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
1406 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
1407 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
1408 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
1409 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16);
1410 #endif /* CONFIG_NO_STDOUT_DEBUG */
1411 }
1412
1413
1414 /**
1415 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1416 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1417 * @src_addr: Source MAC address of the EAPOL packet
1418 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1419 * @len: Length of the EAPOL frame
1420 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1421 *
1422 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1423 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1424 * only processing WPA and WPA2 EAPOL-Key frames.
1425 *
1426 * The received EAPOL-Key packets are validated and valid packets are replied
1427 * to. In addition, key material (PTK, GTK) is configured at the end of a
1428 * successful key handshake.
1429 */
wpa_sm_rx_eapol(struct wpa_sm * sm,const u8 * src_addr,const u8 * buf,size_t len)1430 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1431 const u8 *buf, size_t len)
1432 {
1433 size_t plen, data_len, extra_len;
1434 struct ieee802_1x_hdr *hdr;
1435 struct wpa_eapol_key *key;
1436 u16 key_info, ver;
1437 u8 *tmp;
1438 int ret = -1;
1439 struct wpa_peerkey *peerkey = NULL;
1440
1441 #ifdef CONFIG_IEEE80211R
1442 sm->ft_completed = 0;
1443 #endif /* CONFIG_IEEE80211R */
1444
1445 if (len < sizeof(*hdr) + sizeof(*key)) {
1446 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
1447 "EAPOL-Key (len %lu, expecting at least %lu)",
1448 (unsigned long) len,
1449 (unsigned long) sizeof(*hdr) + sizeof(*key));
1450 return 0;
1451 }
1452
1453 tmp = os_malloc(len);
1454 if (tmp == NULL)
1455 return -1;
1456 os_memcpy(tmp, buf, len);
1457
1458 hdr = (struct ieee802_1x_hdr *) tmp;
1459 key = (struct wpa_eapol_key *) (hdr + 1);
1460 plen = be_to_host16(hdr->length);
1461 data_len = plen + sizeof(*hdr);
1462 wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu",
1463 hdr->version, hdr->type, (unsigned long) plen);
1464
1465 if (hdr->version < EAPOL_VERSION) {
1466 /* TODO: backwards compatibility */
1467 }
1468 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1469 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, "
1470 "not a Key frame", hdr->type);
1471 ret = 0;
1472 goto out;
1473 }
1474 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
1475 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
1476 "invalid (frame size %lu)",
1477 (unsigned long) plen, (unsigned long) len);
1478 ret = 0;
1479 goto out;
1480 }
1481
1482 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1483 {
1484 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, "
1485 "discarded", key->type);
1486 ret = 0;
1487 goto out;
1488 }
1489 wpa_eapol_key_dump(key);
1490
1491 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1492 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
1493 if (data_len < len) {
1494 wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
1495 "802.1X data", (unsigned long) len - data_len);
1496 }
1497 key_info = WPA_GET_BE16(key->key_info);
1498 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1499 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1500 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1501 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1502 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1503 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1504 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
1505 "version %d.", ver);
1506 goto out;
1507 }
1508
1509 #ifdef CONFIG_IEEE80211R
1510 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1511 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1512 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1513 wpa_printf(MSG_INFO, "FT: AP did not use "
1514 "AES-128-CMAC.");
1515 goto out;
1516 }
1517 } else
1518 #endif /* CONFIG_IEEE80211R */
1519 #ifdef CONFIG_IEEE80211W
1520 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1521 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1522 wpa_printf(MSG_INFO, "WPA: AP did not use the "
1523 "negotiated AES-128-CMAC.");
1524 goto out;
1525 }
1526 } else
1527 #endif /* CONFIG_IEEE80211W */
1528 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1529 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1530 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "
1531 "descriptor version (%d) is not 2.", ver);
1532 if (sm->group_cipher != WPA_CIPHER_CCMP &&
1533 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1534 /* Earlier versions of IEEE 802.11i did not explicitly
1535 * require version 2 descriptor for all EAPOL-Key
1536 * packets, so allow group keys to use version 1 if
1537 * CCMP is not used for them. */
1538 wpa_printf(MSG_INFO, "WPA: Backwards compatibility: "
1539 "allow invalid version for non-CCMP group "
1540 "keys");
1541 } else
1542 goto out;
1543 }
1544
1545 #ifdef CONFIG_PEERKEY
1546 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1547 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1548 break;
1549 }
1550
1551 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1552 if (!peerkey->initiator && peerkey->replay_counter_set &&
1553 os_memcmp(key->replay_counter, peerkey->replay_counter,
1554 WPA_REPLAY_COUNTER_LEN) <= 0) {
1555 wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
1556 "Counter did not increase (STK) - dropping "
1557 "packet");
1558 goto out;
1559 } else if (peerkey->initiator) {
1560 u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1561 os_memcpy(_tmp, key->replay_counter,
1562 WPA_REPLAY_COUNTER_LEN);
1563 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1564 if (os_memcmp(_tmp, peerkey->replay_counter,
1565 WPA_REPLAY_COUNTER_LEN) != 0) {
1566 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
1567 "Counter did not match (STK) - "
1568 "dropping packet");
1569 goto out;
1570 }
1571 }
1572 }
1573
1574 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1575 wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer");
1576 goto out;
1577 }
1578 #endif /* CONFIG_PEERKEY */
1579
1580 if (!peerkey && sm->rx_replay_counter_set &&
1581 os_memcmp(key->replay_counter, sm->rx_replay_counter,
1582 WPA_REPLAY_COUNTER_LEN) <= 0) {
1583 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not"
1584 " increase - dropping packet");
1585 goto out;
1586 }
1587
1588 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1589 #ifdef CONFIG_PEERKEY
1590 && (peerkey == NULL || !peerkey->initiator)
1591 #endif /* CONFIG_PEERKEY */
1592 ) {
1593 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info");
1594 goto out;
1595 }
1596
1597 if (key_info & WPA_KEY_INFO_REQUEST) {
1598 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - "
1599 "dropped");
1600 goto out;
1601 }
1602
1603 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1604 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
1605 goto out;
1606
1607 #ifdef CONFIG_PEERKEY
1608 if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1609 peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
1610 goto out;
1611 #endif /* CONFIG_PEERKEY */
1612
1613 extra_len = data_len - sizeof(*hdr) - sizeof(*key);
1614
1615 if (WPA_GET_BE16(key->key_data_length) > extra_len) {
1616 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1617 "frame - key_data overflow (%d > %lu)",
1618 WPA_GET_BE16(key->key_data_length),
1619 (unsigned long) extra_len);
1620 goto out;
1621 }
1622 extra_len = WPA_GET_BE16(key->key_data_length);
1623
1624 if (sm->proto == WPA_PROTO_RSN &&
1625 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1626 if (wpa_supplicant_decrypt_key_data(sm, key, ver))
1627 goto out;
1628 extra_len = WPA_GET_BE16(key->key_data_length);
1629 }
1630
1631 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1632 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1633 wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key "
1634 "(Pairwise) with non-zero key index");
1635 goto out;
1636 }
1637 if (peerkey) {
1638 /* PeerKey 4-Way Handshake */
1639 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
1640 } else if (key_info & WPA_KEY_INFO_MIC) {
1641 /* 3/4 4-Way Handshake */
1642 wpa_supplicant_process_3_of_4(sm, key, ver);
1643 } else {
1644 /* 1/4 4-Way Handshake */
1645 wpa_supplicant_process_1_of_4(sm, src_addr, key,
1646 ver);
1647 }
1648 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1649 /* PeerKey SMK Handshake */
1650 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info,
1651 ver);
1652 } else {
1653 if (key_info & WPA_KEY_INFO_MIC) {
1654 /* 1/2 Group Key Handshake */
1655 wpa_supplicant_process_1_of_2(sm, src_addr, key,
1656 extra_len, ver);
1657 } else {
1658 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) "
1659 "without Mic bit - dropped");
1660 }
1661 }
1662
1663 ret = 1;
1664
1665 out:
1666 os_free(tmp);
1667 return ret;
1668 }
1669
1670
1671 #ifdef CONFIG_CTRL_IFACE
wpa_cipher_bits(int cipher)1672 static int wpa_cipher_bits(int cipher)
1673 {
1674 switch (cipher) {
1675 case WPA_CIPHER_CCMP:
1676 return 128;
1677 case WPA_CIPHER_TKIP:
1678 return 256;
1679 case WPA_CIPHER_WEP104:
1680 return 104;
1681 case WPA_CIPHER_WEP40:
1682 return 40;
1683 default:
1684 return 0;
1685 }
1686 }
1687
1688
wpa_key_mgmt_suite(struct wpa_sm * sm)1689 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
1690 {
1691 switch (sm->key_mgmt) {
1692 case WPA_KEY_MGMT_IEEE8021X:
1693 return (sm->proto == WPA_PROTO_RSN ?
1694 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
1695 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
1696 case WPA_KEY_MGMT_PSK:
1697 return (sm->proto == WPA_PROTO_RSN ?
1698 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
1699 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
1700 #ifdef CONFIG_IEEE80211R
1701 case WPA_KEY_MGMT_FT_IEEE8021X:
1702 return RSN_AUTH_KEY_MGMT_FT_802_1X;
1703 case WPA_KEY_MGMT_FT_PSK:
1704 return RSN_AUTH_KEY_MGMT_FT_PSK;
1705 #endif /* CONFIG_IEEE80211R */
1706 #ifdef CONFIG_IEEE80211W
1707 case WPA_KEY_MGMT_IEEE8021X_SHA256:
1708 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
1709 case WPA_KEY_MGMT_PSK_SHA256:
1710 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
1711 #endif /* CONFIG_IEEE80211W */
1712 case WPA_KEY_MGMT_WPA_NONE:
1713 return WPA_AUTH_KEY_MGMT_NONE;
1714 default:
1715 return 0;
1716 }
1717 }
1718
1719
wpa_cipher_suite(struct wpa_sm * sm,int cipher)1720 static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher)
1721 {
1722 switch (cipher) {
1723 case WPA_CIPHER_CCMP:
1724 return (sm->proto == WPA_PROTO_RSN ?
1725 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
1726 case WPA_CIPHER_TKIP:
1727 return (sm->proto == WPA_PROTO_RSN ?
1728 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
1729 case WPA_CIPHER_WEP104:
1730 return (sm->proto == WPA_PROTO_RSN ?
1731 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
1732 case WPA_CIPHER_WEP40:
1733 return (sm->proto == WPA_PROTO_RSN ?
1734 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
1735 case WPA_CIPHER_NONE:
1736 return (sm->proto == WPA_PROTO_RSN ?
1737 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
1738 default:
1739 return 0;
1740 }
1741 }
1742
1743
1744 #define RSN_SUITE "%02x-%02x-%02x-%d"
1745 #define RSN_SUITE_ARG(s) \
1746 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
1747
1748 /**
1749 * wpa_sm_get_mib - Dump text list of MIB entries
1750 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1751 * @buf: Buffer for the list
1752 * @buflen: Length of the buffer
1753 * Returns: Number of bytes written to buffer
1754 *
1755 * This function is used fetch dot11 MIB variables.
1756 */
wpa_sm_get_mib(struct wpa_sm * sm,char * buf,size_t buflen)1757 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
1758 {
1759 char pmkid_txt[PMKID_LEN * 2 + 1];
1760 int rsna, ret;
1761 size_t len;
1762
1763 if (sm->cur_pmksa) {
1764 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
1765 sm->cur_pmksa->pmkid, PMKID_LEN);
1766 } else
1767 pmkid_txt[0] = '\0';
1768
1769 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1770 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1771 sm->proto == WPA_PROTO_RSN)
1772 rsna = 1;
1773 else
1774 rsna = 0;
1775
1776 ret = os_snprintf(buf, buflen,
1777 "dot11RSNAOptionImplemented=TRUE\n"
1778 "dot11RSNAPreauthenticationImplemented=TRUE\n"
1779 "dot11RSNAEnabled=%s\n"
1780 "dot11RSNAPreauthenticationEnabled=%s\n"
1781 "dot11RSNAConfigVersion=%d\n"
1782 "dot11RSNAConfigPairwiseKeysSupported=5\n"
1783 "dot11RSNAConfigGroupCipherSize=%d\n"
1784 "dot11RSNAConfigPMKLifetime=%d\n"
1785 "dot11RSNAConfigPMKReauthThreshold=%d\n"
1786 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
1787 "dot11RSNAConfigSATimeout=%d\n",
1788 rsna ? "TRUE" : "FALSE",
1789 rsna ? "TRUE" : "FALSE",
1790 RSN_VERSION,
1791 wpa_cipher_bits(sm->group_cipher),
1792 sm->dot11RSNAConfigPMKLifetime,
1793 sm->dot11RSNAConfigPMKReauthThreshold,
1794 sm->dot11RSNAConfigSATimeout);
1795 if (ret < 0 || (size_t) ret >= buflen)
1796 return 0;
1797 len = ret;
1798
1799 ret = os_snprintf(
1800 buf + len, buflen - len,
1801 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
1802 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
1803 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
1804 "dot11RSNAPMKIDUsed=%s\n"
1805 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
1806 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
1807 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
1808 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
1809 "dot11RSNA4WayHandshakeFailures=%u\n",
1810 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1811 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
1812 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
1813 pmkid_txt,
1814 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1815 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
1816 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
1817 sm->dot11RSNA4WayHandshakeFailures);
1818 if (ret >= 0 && (size_t) ret < buflen)
1819 len += ret;
1820
1821 return (int) len;
1822 }
1823 #endif /* CONFIG_CTRL_IFACE */
1824
1825
wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry * entry,void * ctx,int replace)1826 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
1827 void *ctx, int replace)
1828 {
1829 struct wpa_sm *sm = ctx;
1830
1831 if (sm->cur_pmksa == entry ||
1832 (sm->pmk_len == entry->pmk_len &&
1833 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
1834 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
1835 sm->cur_pmksa = NULL;
1836
1837 if (replace) {
1838 /* A new entry is being added, so no need to
1839 * deauthenticate in this case. This happens when EAP
1840 * authentication is completed again (reauth or failed
1841 * PMKSA caching attempt). */
1842 return;
1843 }
1844
1845 os_memset(sm->pmk, 0, sizeof(sm->pmk));
1846 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1847 }
1848 }
1849
1850
1851 /**
1852 * wpa_sm_init - Initialize WPA state machine
1853 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
1854 * Returns: Pointer to the allocated WPA state machine data
1855 *
1856 * This function is used to allocate a new WPA state machine and the returned
1857 * value is passed to all WPA state machine calls.
1858 */
wpa_sm_init(struct wpa_sm_ctx * ctx)1859 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
1860 {
1861 struct wpa_sm *sm;
1862
1863 sm = os_zalloc(sizeof(*sm));
1864 if (sm == NULL)
1865 return NULL;
1866 sm->renew_snonce = 1;
1867 sm->ctx = ctx;
1868
1869 sm->dot11RSNAConfigPMKLifetime = 43200;
1870 sm->dot11RSNAConfigPMKReauthThreshold = 70;
1871 sm->dot11RSNAConfigSATimeout = 60;
1872
1873 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
1874 if (sm->pmksa == NULL) {
1875 wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization "
1876 "failed");
1877 os_free(sm);
1878 return NULL;
1879 }
1880
1881 return sm;
1882 }
1883
1884
1885 /**
1886 * wpa_sm_deinit - Deinitialize WPA state machine
1887 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1888 */
wpa_sm_deinit(struct wpa_sm * sm)1889 void wpa_sm_deinit(struct wpa_sm *sm)
1890 {
1891 if (sm == NULL)
1892 return;
1893 pmksa_cache_deinit(sm->pmksa);
1894 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
1895 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
1896 os_free(sm->assoc_wpa_ie);
1897 os_free(sm->ap_wpa_ie);
1898 os_free(sm->ap_rsn_ie);
1899 os_free(sm->ctx);
1900 peerkey_deinit(sm);
1901 os_free(sm);
1902 }
1903
1904
1905 /**
1906 * wpa_sm_notify_assoc - Notify WPA state machine about association
1907 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1908 * @bssid: The BSSID of the new association
1909 *
1910 * This function is called to let WPA state machine know that the connection
1911 * was established.
1912 */
wpa_sm_notify_assoc(struct wpa_sm * sm,const u8 * bssid)1913 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
1914 {
1915 int clear_ptk = 1;
1916
1917 if (sm == NULL)
1918 return;
1919
1920 wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
1921 os_memcpy(sm->bssid, bssid, ETH_ALEN);
1922 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
1923 sm->rx_replay_counter_set = 0;
1924 sm->renew_snonce = 1;
1925 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
1926 rsn_preauth_deinit(sm);
1927
1928 #ifdef CONFIG_IEEE80211R
1929 if (wpa_ft_is_completed(sm)) {
1930 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
1931
1932 /* Prepare for the next transition */
1933 wpa_ft_prepare_auth_request(sm);
1934
1935 clear_ptk = 0;
1936 }
1937 #endif /* CONFIG_IEEE80211R */
1938
1939 if (clear_ptk) {
1940 /*
1941 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
1942 * this is not part of a Fast BSS Transition.
1943 */
1944 wpa_printf(MSG_DEBUG, "WPA: Clear old PTK");
1945 sm->ptk_set = 0;
1946 sm->tptk_set = 0;
1947 }
1948 }
1949
1950
1951 /**
1952 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
1953 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1954 *
1955 * This function is called to let WPA state machine know that the connection
1956 * was lost. This will abort any existing pre-authentication session.
1957 */
wpa_sm_notify_disassoc(struct wpa_sm * sm)1958 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
1959 {
1960 rsn_preauth_deinit(sm);
1961 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
1962 sm->dot11RSNA4WayHandshakeFailures++;
1963 }
1964
1965
1966 /**
1967 * wpa_sm_set_pmk - Set PMK
1968 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1969 * @pmk: The new PMK
1970 * @pmk_len: The length of the new PMK in bytes
1971 *
1972 * Configure the PMK for WPA state machine.
1973 */
wpa_sm_set_pmk(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len)1974 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
1975 {
1976 if (sm == NULL)
1977 return;
1978
1979 sm->pmk_len = pmk_len;
1980 os_memcpy(sm->pmk, pmk, pmk_len);
1981
1982 #ifdef CONFIG_IEEE80211R
1983 /* Set XXKey to be PSK for FT key derivation */
1984 sm->xxkey_len = pmk_len;
1985 os_memcpy(sm->xxkey, pmk, pmk_len);
1986 #endif /* CONFIG_IEEE80211R */
1987 }
1988
1989
1990 /**
1991 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
1992 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1993 *
1994 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
1995 * will be cleared.
1996 */
wpa_sm_set_pmk_from_pmksa(struct wpa_sm * sm)1997 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
1998 {
1999 if (sm == NULL)
2000 return;
2001
2002 if (sm->cur_pmksa) {
2003 sm->pmk_len = sm->cur_pmksa->pmk_len;
2004 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2005 } else {
2006 sm->pmk_len = PMK_LEN;
2007 os_memset(sm->pmk, 0, PMK_LEN);
2008 }
2009 }
2010
2011
2012 /**
2013 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2014 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2015 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2016 */
wpa_sm_set_fast_reauth(struct wpa_sm * sm,int fast_reauth)2017 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2018 {
2019 if (sm)
2020 sm->fast_reauth = fast_reauth;
2021 }
2022
2023
2024 /**
2025 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2026 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2027 * @scard_ctx: Context pointer for smartcard related callback functions
2028 */
wpa_sm_set_scard_ctx(struct wpa_sm * sm,void * scard_ctx)2029 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2030 {
2031 if (sm == NULL)
2032 return;
2033 sm->scard_ctx = scard_ctx;
2034 if (sm->preauth_eapol)
2035 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2036 }
2037
2038
2039 /**
2040 * wpa_sm_set_config - Notification of current configration change
2041 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2042 * @config: Pointer to current network configuration
2043 *
2044 * Notify WPA state machine that configuration has changed. config will be
2045 * stored as a backpointer to network configuration. This can be %NULL to clear
2046 * the stored pointed.
2047 */
wpa_sm_set_config(struct wpa_sm * sm,struct rsn_supp_config * config)2048 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2049 {
2050 if (!sm)
2051 return;
2052
2053 if (config) {
2054 sm->network_ctx = config->network_ctx;
2055 sm->peerkey_enabled = config->peerkey_enabled;
2056 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2057 sm->proactive_key_caching = config->proactive_key_caching;
2058 sm->eap_workaround = config->eap_workaround;
2059 sm->eap_conf_ctx = config->eap_conf_ctx;
2060 if (config->ssid) {
2061 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2062 sm->ssid_len = config->ssid_len;
2063 } else
2064 sm->ssid_len = 0;
2065 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2066 } else {
2067 sm->network_ctx = NULL;
2068 sm->peerkey_enabled = 0;
2069 sm->allowed_pairwise_cipher = 0;
2070 sm->proactive_key_caching = 0;
2071 sm->eap_workaround = 0;
2072 sm->eap_conf_ctx = NULL;
2073 sm->ssid_len = 0;
2074 sm->wpa_ptk_rekey = 0;
2075 }
2076 if (config == NULL || config->network_ctx != sm->network_ctx)
2077 pmksa_cache_notify_reconfig(sm->pmksa);
2078 }
2079
2080
2081 /**
2082 * wpa_sm_set_own_addr - Set own MAC address
2083 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2084 * @addr: Own MAC address
2085 */
wpa_sm_set_own_addr(struct wpa_sm * sm,const u8 * addr)2086 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2087 {
2088 if (sm)
2089 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2090 }
2091
2092
2093 /**
2094 * wpa_sm_set_ifname - Set network interface name
2095 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2096 * @ifname: Interface name
2097 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2098 */
wpa_sm_set_ifname(struct wpa_sm * sm,const char * ifname,const char * bridge_ifname)2099 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2100 const char *bridge_ifname)
2101 {
2102 if (sm) {
2103 sm->ifname = ifname;
2104 sm->bridge_ifname = bridge_ifname;
2105 }
2106 }
2107
2108
2109 /**
2110 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2111 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2112 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2113 */
wpa_sm_set_eapol(struct wpa_sm * sm,struct eapol_sm * eapol)2114 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2115 {
2116 if (sm)
2117 sm->eapol = eapol;
2118 }
2119
2120
2121 /**
2122 * wpa_sm_set_param - Set WPA state machine parameters
2123 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2124 * @param: Parameter field
2125 * @value: Parameter value
2126 * Returns: 0 on success, -1 on failure
2127 */
wpa_sm_set_param(struct wpa_sm * sm,enum wpa_sm_conf_params param,unsigned int value)2128 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2129 unsigned int value)
2130 {
2131 int ret = 0;
2132
2133 if (sm == NULL)
2134 return -1;
2135
2136 switch (param) {
2137 case RSNA_PMK_LIFETIME:
2138 if (value > 0)
2139 sm->dot11RSNAConfigPMKLifetime = value;
2140 else
2141 ret = -1;
2142 break;
2143 case RSNA_PMK_REAUTH_THRESHOLD:
2144 if (value > 0 && value <= 100)
2145 sm->dot11RSNAConfigPMKReauthThreshold = value;
2146 else
2147 ret = -1;
2148 break;
2149 case RSNA_SA_TIMEOUT:
2150 if (value > 0)
2151 sm->dot11RSNAConfigSATimeout = value;
2152 else
2153 ret = -1;
2154 break;
2155 case WPA_PARAM_PROTO:
2156 sm->proto = value;
2157 break;
2158 case WPA_PARAM_PAIRWISE:
2159 sm->pairwise_cipher = value;
2160 break;
2161 case WPA_PARAM_GROUP:
2162 sm->group_cipher = value;
2163 break;
2164 case WPA_PARAM_KEY_MGMT:
2165 sm->key_mgmt = value;
2166 break;
2167 #ifdef CONFIG_IEEE80211W
2168 case WPA_PARAM_MGMT_GROUP:
2169 sm->mgmt_group_cipher = value;
2170 break;
2171 #endif /* CONFIG_IEEE80211W */
2172 case WPA_PARAM_RSN_ENABLED:
2173 sm->rsn_enabled = value;
2174 break;
2175 default:
2176 break;
2177 }
2178
2179 return ret;
2180 }
2181
2182
2183 /**
2184 * wpa_sm_get_param - Get WPA state machine parameters
2185 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2186 * @param: Parameter field
2187 * Returns: Parameter value
2188 */
wpa_sm_get_param(struct wpa_sm * sm,enum wpa_sm_conf_params param)2189 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
2190 {
2191 if (sm == NULL)
2192 return 0;
2193
2194 switch (param) {
2195 case RSNA_PMK_LIFETIME:
2196 return sm->dot11RSNAConfigPMKLifetime;
2197 case RSNA_PMK_REAUTH_THRESHOLD:
2198 return sm->dot11RSNAConfigPMKReauthThreshold;
2199 case RSNA_SA_TIMEOUT:
2200 return sm->dot11RSNAConfigSATimeout;
2201 case WPA_PARAM_PROTO:
2202 return sm->proto;
2203 case WPA_PARAM_PAIRWISE:
2204 return sm->pairwise_cipher;
2205 case WPA_PARAM_GROUP:
2206 return sm->group_cipher;
2207 case WPA_PARAM_KEY_MGMT:
2208 return sm->key_mgmt;
2209 #ifdef CONFIG_IEEE80211W
2210 case WPA_PARAM_MGMT_GROUP:
2211 return sm->mgmt_group_cipher;
2212 #endif /* CONFIG_IEEE80211W */
2213 case WPA_PARAM_RSN_ENABLED:
2214 return sm->rsn_enabled;
2215 default:
2216 return 0;
2217 }
2218 }
2219
2220
2221 /**
2222 * wpa_sm_get_status - Get WPA state machine
2223 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2224 * @buf: Buffer for status information
2225 * @buflen: Maximum buffer length
2226 * @verbose: Whether to include verbose status information
2227 * Returns: Number of bytes written to buf.
2228 *
2229 * Query WPA state machine for status information. This function fills in
2230 * a text area with current status information. If the buffer (buf) is not
2231 * large enough, status information will be truncated to fit the buffer.
2232 */
wpa_sm_get_status(struct wpa_sm * sm,char * buf,size_t buflen,int verbose)2233 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2234 int verbose)
2235 {
2236 char *pos = buf, *end = buf + buflen;
2237 int ret;
2238
2239 ret = os_snprintf(pos, end - pos,
2240 "pairwise_cipher=%s\n"
2241 "group_cipher=%s\n"
2242 "key_mgmt=%s\n",
2243 wpa_cipher_txt(sm->pairwise_cipher),
2244 wpa_cipher_txt(sm->group_cipher),
2245 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2246 if (ret < 0 || ret >= end - pos)
2247 return pos - buf;
2248 pos += ret;
2249 return pos - buf;
2250 }
2251
2252
2253 /**
2254 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2255 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2256 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2257 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2258 * Returns: 0 on success, -1 on failure
2259 */
wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm * sm,u8 * wpa_ie,size_t * wpa_ie_len)2260 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2261 size_t *wpa_ie_len)
2262 {
2263 int res;
2264
2265 if (sm == NULL)
2266 return -1;
2267
2268 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2269 if (res < 0)
2270 return -1;
2271 *wpa_ie_len = res;
2272
2273 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2274 wpa_ie, *wpa_ie_len);
2275
2276 if (sm->assoc_wpa_ie == NULL) {
2277 /*
2278 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2279 * the correct version of the IE even if PMKSA caching is
2280 * aborted (which would remove PMKID from IE generation).
2281 */
2282 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2283 if (sm->assoc_wpa_ie == NULL)
2284 return -1;
2285
2286 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2287 sm->assoc_wpa_ie_len = *wpa_ie_len;
2288 }
2289
2290 return 0;
2291 }
2292
2293
2294 /**
2295 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2296 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2297 * @ie: Pointer to IE data (starting from id)
2298 * @len: IE length
2299 * Returns: 0 on success, -1 on failure
2300 *
2301 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2302 * Request frame. The IE will be used to override the default value generated
2303 * with wpa_sm_set_assoc_wpa_ie_default().
2304 */
wpa_sm_set_assoc_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2305 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2306 {
2307 if (sm == NULL)
2308 return -1;
2309
2310 os_free(sm->assoc_wpa_ie);
2311 if (ie == NULL || len == 0) {
2312 wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
2313 sm->assoc_wpa_ie = NULL;
2314 sm->assoc_wpa_ie_len = 0;
2315 } else {
2316 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2317 sm->assoc_wpa_ie = os_malloc(len);
2318 if (sm->assoc_wpa_ie == NULL)
2319 return -1;
2320
2321 os_memcpy(sm->assoc_wpa_ie, ie, len);
2322 sm->assoc_wpa_ie_len = len;
2323 }
2324
2325 return 0;
2326 }
2327
2328
2329 /**
2330 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2331 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2332 * @ie: Pointer to IE data (starting from id)
2333 * @len: IE length
2334 * Returns: 0 on success, -1 on failure
2335 *
2336 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2337 * frame.
2338 */
wpa_sm_set_ap_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2339 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2340 {
2341 if (sm == NULL)
2342 return -1;
2343
2344 os_free(sm->ap_wpa_ie);
2345 if (ie == NULL || len == 0) {
2346 wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE");
2347 sm->ap_wpa_ie = NULL;
2348 sm->ap_wpa_ie_len = 0;
2349 } else {
2350 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2351 sm->ap_wpa_ie = os_malloc(len);
2352 if (sm->ap_wpa_ie == NULL)
2353 return -1;
2354
2355 os_memcpy(sm->ap_wpa_ie, ie, len);
2356 sm->ap_wpa_ie_len = len;
2357 }
2358
2359 return 0;
2360 }
2361
2362
2363 /**
2364 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2365 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2366 * @ie: Pointer to IE data (starting from id)
2367 * @len: IE length
2368 * Returns: 0 on success, -1 on failure
2369 *
2370 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2371 * frame.
2372 */
wpa_sm_set_ap_rsn_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2373 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2374 {
2375 if (sm == NULL)
2376 return -1;
2377
2378 os_free(sm->ap_rsn_ie);
2379 if (ie == NULL || len == 0) {
2380 wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE");
2381 sm->ap_rsn_ie = NULL;
2382 sm->ap_rsn_ie_len = 0;
2383 } else {
2384 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2385 sm->ap_rsn_ie = os_malloc(len);
2386 if (sm->ap_rsn_ie == NULL)
2387 return -1;
2388
2389 os_memcpy(sm->ap_rsn_ie, ie, len);
2390 sm->ap_rsn_ie_len = len;
2391 }
2392
2393 return 0;
2394 }
2395
2396
2397 /**
2398 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2399 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2400 * @data: Pointer to data area for parsing results
2401 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2402 *
2403 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2404 * parsed data into data.
2405 */
wpa_sm_parse_own_wpa_ie(struct wpa_sm * sm,struct wpa_ie_data * data)2406 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2407 {
2408 if (sm == NULL || sm->assoc_wpa_ie == NULL) {
2409 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from "
2410 "association info");
2411 return -1;
2412 }
2413 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2414 return -2;
2415 return 0;
2416 }
2417