search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit 'crater/master'
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / wpa.c
blobb6dd75668fe5815e54d582668984905b27d2f4a8
1 /*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "md5.h"
19 #include "sha1.h"
20 #include "rc4.h"
21 #include "aes_wrap.h"
22 #include "wpa.h"
23 #include "eloop.h"
24 #include "config.h"
25 #include "l2_packet.h"
26 #include "eapol_sm.h"
27 #include "preauth.h"
28 #include "pmksa_cache.h"
29 #include "wpa_i.h"
30
31
32 static const int WPA_SELECTOR_LEN = 4;
33 static const u8 WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 };
34 static const u16 WPA_VERSION = 1;
35 static const u8 WPA_AUTH_KEY_MGMT_NONE[] = { 0x00, 0x50, 0xf2, 0 };
36 static const u8 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 };
37 static const u8 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 };
38 static const u8 WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 };
39 static const u8 WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 };
40 static const u8 WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 };
41 #if 0
42 static const u8 WPA_CIPHER_SUITE_WRAP[] = { 0x00, 0x50, 0xf2, 3 };
43 #endif
44 static const u8 WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 };
45 static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 };
46
47 /* WPA IE version 1
48 * 00-50-f2:1 (OUI:OUI type)
49 * 0x01 0x00 (version; little endian)
50 * (all following fields are optional:)
51 * Group Suite Selector (4 octets) (default: TKIP)
52 * Pairwise Suite Count (2 octets, little endian) (default: 1)
53 * Pairwise Suite List (4 * n octets) (default: TKIP)
54 * Authenticated Key Management Suite Count (2 octets, little endian)
55 * (default: 1)
56 * Authenticated Key Management Suite List (4 * n octets)
57 * (default: unspec 802.1X)
58 * WPA Capabilities (2 octets, little endian) (default: 0)
59 */
60
61 #ifdef _MSC_VER
62 #pragma pack(push, 1)
63 #endif /* _MSC_VER */
64
65 struct wpa_ie_hdr {
66 u8 elem_id;
67 u8 len;
68 u8 oui[3];
69 u8 oui_type;
70 u8 version[2];
71 } STRUCT_PACKED;
72
73 #ifdef _MSC_VER
74 #pragma pack(pop)
75 #endif /* _MSC_VER */
76
77
78 static const int RSN_SELECTOR_LEN = 4;
79 static const u16 RSN_VERSION = 1;
80 static const u8 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 };
81 static const u8 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 };
82 static const u8 RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 };
83 static const u8 RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 };
84 static const u8 RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 };
85 #if 0
86 static const u8 RSN_CIPHER_SUITE_WRAP[] = { 0x00, 0x0f, 0xac, 3 };
87 #endif
88 static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
89 static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
90 #ifdef CONFIG_IEEE80211W
91 static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
92 #endif /* CONFIG_IEEE80211W */
93
94 /* EAPOL-Key Key Data Encapsulation
95 * GroupKey and PeerKey require encryption, otherwise, encryption is optional.
96 */
97 static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
98 #if 0
99 static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
100 #endif
101 static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
102 static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
103 #ifdef CONFIG_PEERKEY
104 static const u8 RSN_KEY_DATA_SMK[] = { 0x00, 0x0f, 0xac, 5 };
105 static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
106 static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
107 static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
108 #endif /* CONFIG_PEERKEY */
109 #ifdef CONFIG_IEEE80211W
110 /* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
111 * already taken by 802.11ma (PeerKey). Need to update the values here once
112 * IEEE 802.11w fixes these. */
113 static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
114 static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
115 #endif /* CONFIG_IEEE80211W */
116
117 #ifdef CONFIG_PEERKEY
118 enum {
119 STK_MUI_4WAY_STA_AP = 1,
120 STK_MUI_4WAY_STAT_STA = 2,
121 STK_MUI_GTK = 3,
122 STK_MUI_SMK = 4
123 };
124
125 enum {
126 STK_ERR_STA_NR = 1,
127 STK_ERR_STA_NRSN = 2,
128 STK_ERR_CPHR_NS = 3,
129 STK_ERR_NO_STSL = 4
130 };
131 #endif /* CONFIG_PEERKEY */
132
133 /* 1/4: PMKID
134 * 2/4: RSN IE
135 * 3/4: one or two RSN IEs + GTK IE (encrypted)
136 * 4/4: empty
137 * 1/2: GTK IE (encrypted)
138 * 2/2: empty
139 */
140
141 /* RSN IE version 1
142 * 0x01 0x00 (version; little endian)
143 * (all following fields are optional:)
144 * Group Suite Selector (4 octets) (default: CCMP)
145 * Pairwise Suite Count (2 octets, little endian) (default: 1)
146 * Pairwise Suite List (4 * n octets) (default: CCMP)
147 * Authenticated Key Management Suite Count (2 octets, little endian)
148 * (default: 1)
149 * Authenticated Key Management Suite List (4 * n octets)
150 * (default: unspec 802.1X)
151 * RSN Capabilities (2 octets, little endian) (default: 0)
152 * PMKID Count (2 octets) (default: 0)
153 * PMKID List (16 * n octets)
154 * Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
155 */
156
157 #ifdef _MSC_VER
158 #pragma pack(push, 1)
159 #endif /* _MSC_VER */
160
161 struct rsn_ie_hdr {
162 u8 elem_id; /* WLAN_EID_RSN */
163 u8 len;
164 u8 version[2];
165 } STRUCT_PACKED;
166
167
168 struct wpa_eapol_key {
169 u8 type;
170 /* Note: key_info, key_length, and key_data_length are unaligned */
171 u8 key_info[2];
172 u8 key_length[2];
173 u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
174 u8 key_nonce[WPA_NONCE_LEN];
175 u8 key_iv[16];
176 u8 key_rsc[8];
177 u8 key_id[8]; /* Reserved in IEEE 802.11i/RSN */
178 u8 key_mic[16];
179 u8 key_data_length[2];
180 /* followed by key_data_length bytes of key_data */
181 } STRUCT_PACKED;
182
183
184 struct rsn_error_kde {
185 u16 mui;
186 u16 error_type;
187 } STRUCT_PACKED;
188
189 #ifdef CONFIG_IEEE80211W
190 struct wpa_dhv_kde {
191 u8 dhv[WPA_DHV_LEN];
192 } STRUCT_PACKED;
193
194 struct wpa_igtk_kde {
195 u8 keyid[2];
196 u8 pn[6];
197 u8 igtk[WPA_IGTK_LEN];
198 } STRUCT_PACKED;
199 #endif /* CONFIG_IEEE80211W */
200
201 #ifdef _MSC_VER
202 #pragma pack(pop)
203 #endif /* _MSC_VER */
204
205 #define WPA_KEY_INFO_TYPE_MASK ((u16) (BIT(0) | BIT(1) | BIT(2)))
206 #define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 BIT(0)
207 #define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES BIT(1)
208 #define WPA_KEY_INFO_KEY_TYPE BIT(3) /* 1 = Pairwise, 0 = Group key */
209 /* bit4..5 is used in WPA, but is reserved in IEEE 802.11i/RSN */
210 #define WPA_KEY_INFO_KEY_INDEX_MASK (BIT(4) | BIT(5))
211 #define WPA_KEY_INFO_KEY_INDEX_SHIFT 4
212 #define WPA_KEY_INFO_INSTALL BIT(6) /* pairwise */
213 #define WPA_KEY_INFO_TXRX BIT(6) /* group */
214 #define WPA_KEY_INFO_ACK BIT(7)
215 #define WPA_KEY_INFO_MIC BIT(8)
216 #define WPA_KEY_INFO_SECURE BIT(9)
217 #define WPA_KEY_INFO_ERROR BIT(10)
218 #define WPA_KEY_INFO_REQUEST BIT(11)
219 #define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12) /* IEEE 802.11i/RSN only */
220 #define WPA_KEY_INFO_SMK_MESSAGE BIT(13)
221
222
223 #ifdef CONFIG_PEERKEY
224 static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
225 struct wpa_peerkey *peerkey);
226 #endif /* CONFIG_PEERKEY */
227
228
229 /**
230 * wpa_cipher_txt - Convert cipher suite to a text string
231 * @cipher: Cipher suite (WPA_CIPHER_* enum)
232 * Returns: Pointer to a text string of the cipher suite name
233 */
234 static const char * wpa_cipher_txt(int cipher)
235 {
236 switch (cipher) {
237 case WPA_CIPHER_NONE:
238 return "NONE";
239 case WPA_CIPHER_WEP40:
240 return "WEP-40";
241 case WPA_CIPHER_WEP104:
242 return "WEP-104";
243 case WPA_CIPHER_TKIP:
244 return "TKIP";
245 case WPA_CIPHER_CCMP:
246 return "CCMP";
247 default:
248 return "UNKNOWN";
249 }
250 }
251
252
253 /**
254 * wpa_key_mgmt_txt - Convert key management suite to a text string
255 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
256 * @proto: WPA/WPA2 version (WPA_PROTO_*)
257 * Returns: Pointer to a text string of the key management suite name
258 */
259 static const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
260 {
261 switch (key_mgmt) {
262 case WPA_KEY_MGMT_IEEE8021X:
263 return proto == WPA_PROTO_RSN ?
264 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
265 case WPA_KEY_MGMT_PSK:
266 return proto == WPA_PROTO_RSN ?
267 "WPA2-PSK" : "WPA-PSK";
268 case WPA_KEY_MGMT_NONE:
269 return "NONE";
270 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
271 return "IEEE 802.1X (no WPA)";
272 default:
273 return "UNKNOWN";
274 }
275 }
276
277
278 static int wpa_selector_to_bitfield(const u8 *s)
279 {
280 if (os_memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
281 return WPA_CIPHER_NONE;
282 if (os_memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
283 return WPA_CIPHER_WEP40;
284 if (os_memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
285 return WPA_CIPHER_TKIP;
286 if (os_memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
287 return WPA_CIPHER_CCMP;
288 if (os_memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
289 return WPA_CIPHER_WEP104;
290 return 0;
291 }
292
293
294 static int wpa_key_mgmt_to_bitfield(const u8 *s)
295 {
296 if (os_memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) ==
297 0)
298 return WPA_KEY_MGMT_IEEE8021X;
299 if (os_memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN)
300 == 0)
301 return WPA_KEY_MGMT_PSK;
302 if (os_memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
303 return WPA_KEY_MGMT_WPA_NONE;
304 return 0;
305 }
306
307
308 #ifndef CONFIG_NO_WPA2
309 static int rsn_selector_to_bitfield(const u8 *s)
310 {
311 if (os_memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
312 return WPA_CIPHER_NONE;
313 if (os_memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
314 return WPA_CIPHER_WEP40;
315 if (os_memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
316 return WPA_CIPHER_TKIP;
317 if (os_memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
318 return WPA_CIPHER_CCMP;
319 if (os_memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
320 return WPA_CIPHER_WEP104;
321 #ifdef CONFIG_IEEE80211W
322 if (os_memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
323 return WPA_CIPHER_AES_128_CMAC;
324 #endif /* CONFIG_IEEE80211W */
325 return 0;
326 }
327
328
329 static int rsn_key_mgmt_to_bitfield(const u8 *s)
330 {
331 if (os_memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) ==
332 0)
333 return WPA_KEY_MGMT_IEEE8021X;
334 if (os_memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN)
335 == 0)
336 return WPA_KEY_MGMT_PSK;
337 return 0;
338 }
339 #endif /* CONFIG_NO_WPA2 */
340
341
342 #ifdef CONFIG_PEERKEY
343 static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
344 {
345 os_memcpy(pos, ie, ie_len);
346 return pos + ie_len;
347 }
348
349
350 static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
351 size_t data_len)
352 {
353 *pos++ = GENERIC_INFO_ELEM;
354 *pos++ = RSN_SELECTOR_LEN + data_len;
355 os_memcpy(pos, kde, RSN_SELECTOR_LEN);
356 pos += RSN_SELECTOR_LEN;
357 os_memcpy(pos, data, data_len);
358 pos += data_len;
359 return pos;
360 }
361 #endif /* CONFIG_PEERKEY */
362
363
364 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
365 struct wpa_ie_data *data)
366 {
367 const struct wpa_ie_hdr *hdr;
368 const u8 *pos;
369 int left;
370 int i, count;
371
372 data->proto = WPA_PROTO_WPA;
373 data->pairwise_cipher = WPA_CIPHER_TKIP;
374 data->group_cipher = WPA_CIPHER_TKIP;
375 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
376 data->capabilities = 0;
377 data->pmkid = NULL;
378 data->num_pmkid = 0;
379 data->mgmt_group_cipher = 0;
380
381 if (wpa_ie_len == 0) {
382 /* No WPA IE - fail silently */
383 return -1;
384 }
385
386 if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
387 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
388 __func__, (unsigned long) wpa_ie_len);
389 return -1;
390 }
391
392 hdr = (const struct wpa_ie_hdr *) wpa_ie;
393
394 if (hdr->elem_id != GENERIC_INFO_ELEM ||
395 hdr->len != wpa_ie_len - 2 ||
396 os_memcmp(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
397 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
398 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
399 __func__);
400 return -1;
401 }
402
403 pos = (const u8 *) (hdr + 1);
404 left = wpa_ie_len - sizeof(*hdr);
405
406 if (left >= WPA_SELECTOR_LEN) {
407 data->group_cipher = wpa_selector_to_bitfield(pos);
408 pos += WPA_SELECTOR_LEN;
409 left -= WPA_SELECTOR_LEN;
410 } else if (left > 0) {
411 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
412 __func__, left);
413 return -1;
414 }
415
416 if (left >= 2) {
417 data->pairwise_cipher = 0;
418 count = WPA_GET_LE16(pos);
419 pos += 2;
420 left -= 2;
421 if (count == 0 || left < count * WPA_SELECTOR_LEN) {
422 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
423 "count %u left %u", __func__, count, left);
424 return -1;
425 }
426 for (i = 0; i < count; i++) {
427 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
428 pos += WPA_SELECTOR_LEN;
429 left -= WPA_SELECTOR_LEN;
430 }
431 } else if (left == 1) {
432 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
433 __func__);
434 return -1;
435 }
436
437 if (left >= 2) {
438 data->key_mgmt = 0;
439 count = WPA_GET_LE16(pos);
440 pos += 2;
441 left -= 2;
442 if (count == 0 || left < count * WPA_SELECTOR_LEN) {
443 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
444 "count %u left %u", __func__, count, left);
445 return -1;
446 }
447 for (i = 0; i < count; i++) {
448 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
449 pos += WPA_SELECTOR_LEN;
450 left -= WPA_SELECTOR_LEN;
451 }
452 } else if (left == 1) {
453 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
454 __func__);
455 return -1;
456 }
457
458 if (left >= 2) {
459 data->capabilities = WPA_GET_LE16(pos);
460 pos += 2;
461 left -= 2;
462 }
463
464 if (left > 0) {
465 wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
466 __func__, left);
467 }
468
469 return 0;
470 }
471
472
473 static int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
474 struct wpa_ie_data *data)
475 {
476 #ifndef CONFIG_NO_WPA2
477 const struct rsn_ie_hdr *hdr;
478 const u8 *pos;
479 int left;
480 int i, count;
481
482 data->proto = WPA_PROTO_RSN;
483 data->pairwise_cipher = WPA_CIPHER_CCMP;
484 data->group_cipher = WPA_CIPHER_CCMP;
485 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
486 data->capabilities = 0;
487 data->pmkid = NULL;
488 data->num_pmkid = 0;
489 #ifdef CONFIG_IEEE80211W
490 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
491 #else /* CONFIG_IEEE80211W */
492 data->mgmt_group_cipher = 0;
493 #endif /* CONFIG_IEEE80211W */
494
495
496 if (rsn_ie_len == 0) {
497 /* No RSN IE - fail silently */
498 return -1;
499 }
500
501 if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
502 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
503 __func__, (unsigned long) rsn_ie_len);
504 return -1;
505 }
506
507 hdr = (const struct rsn_ie_hdr *) rsn_ie;
508
509 if (hdr->elem_id != RSN_INFO_ELEM ||
510 hdr->len != rsn_ie_len - 2 ||
511 WPA_GET_LE16(hdr->version) != RSN_VERSION) {
512 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
513 __func__);
514 return -1;
515 }
516
517 pos = (const u8 *) (hdr + 1);
518 left = rsn_ie_len - sizeof(*hdr);
519
520 if (left >= RSN_SELECTOR_LEN) {
521 data->group_cipher = rsn_selector_to_bitfield(pos);
522 #ifdef CONFIG_IEEE80211W
523 if (data->group_cipher == WPA_CIPHER_AES_128_CMAC) {
524 wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as group "
525 "cipher", __func__);
526 return -1;
527 }
528 #endif /* CONFIG_IEEE80211W */
529 pos += RSN_SELECTOR_LEN;
530 left -= RSN_SELECTOR_LEN;
531 } else if (left > 0) {
532 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
533 __func__, left);
534 return -1;
535 }
536
537 if (left >= 2) {
538 data->pairwise_cipher = 0;
539 count = WPA_GET_LE16(pos);
540 pos += 2;
541 left -= 2;
542 if (count == 0 || left < count * RSN_SELECTOR_LEN) {
543 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
544 "count %u left %u", __func__, count, left);
545 return -1;
546 }
547 for (i = 0; i < count; i++) {
548 data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
549 pos += RSN_SELECTOR_LEN;
550 left -= RSN_SELECTOR_LEN;
551 }
552 #ifdef CONFIG_IEEE80211W
553 if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
554 wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
555 "pairwise cipher", __func__);
556 return -1;
557 }
558 #endif /* CONFIG_IEEE80211W */
559 } else if (left == 1) {
560 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
561 __func__);
562 return -1;
563 }
564
565 if (left >= 2) {
566 data->key_mgmt = 0;
567 count = WPA_GET_LE16(pos);
568 pos += 2;
569 left -= 2;
570 if (count == 0 || left < count * RSN_SELECTOR_LEN) {
571 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
572 "count %u left %u", __func__, count, left);
573 return -1;
574 }
575 for (i = 0; i < count; i++) {
576 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
577 pos += RSN_SELECTOR_LEN;
578 left -= RSN_SELECTOR_LEN;
579 }
580 } else if (left == 1) {
581 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
582 __func__);
583 return -1;
584 }
585
586 if (left >= 2) {
587 data->capabilities = WPA_GET_LE16(pos);
588 pos += 2;
589 left -= 2;
590 }
591
592 if (left >= 2) {
593 data->num_pmkid = WPA_GET_LE16(pos);
594 pos += 2;
595 left -= 2;
596 if (left < data->num_pmkid * PMKID_LEN) {
597 wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
598 "(num_pmkid=%d left=%d)",
599 __func__, data->num_pmkid, left);
600 data->num_pmkid = 0;
601 } else {
602 data->pmkid = pos;
603 pos += data->num_pmkid * PMKID_LEN;
604 left -= data->num_pmkid * PMKID_LEN;
605 }
606 }
607
608 #ifdef CONFIG_IEEE80211W
609 if (left >= 4) {
610 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
611 if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
612 wpa_printf(MSG_DEBUG, "%s: Unsupported management "
613 "group cipher 0x%x", __func__,
614 data->mgmt_group_cipher);
615 return -1;
616 }
617 pos += RSN_SELECTOR_LEN;
618 left -= RSN_SELECTOR_LEN;
619 }
620 #endif /* CONFIG_IEEE80211W */
621
622 if (left > 0) {
623 wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
624 __func__, left);
625 }
626
627 return 0;
628 #else /* CONFIG_NO_WPA2 */
629 return -1;
630 #endif /* CONFIG_NO_WPA2 */
631 }
632
633
634 /**
635 * wpa_parse_wpa_ie - Parse WPA/RSN IE
636 * @wpa_ie: Pointer to WPA or RSN IE
637 * @wpa_ie_len: Length of the WPA/RSN IE
638 * @data: Pointer to data area for parsing results
639 * Returns: 0 on success, -1 on failure
640 *
641 * Parse the contents of WPA or RSN IE and write the parsed data into data.
642 */
643 int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
644 struct wpa_ie_data *data)
645 {
646 if (wpa_ie_len >= 1 && wpa_ie[0] == RSN_INFO_ELEM)
647 return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
648 else
649 return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
650 }
651
652
653 static int wpa_gen_wpa_ie_wpa(u8 *wpa_ie, size_t wpa_ie_len,
654 int pairwise_cipher, int group_cipher,
655 int key_mgmt)
656 {
657 u8 *pos;
658 struct wpa_ie_hdr *hdr;
659
660 if (wpa_ie_len < sizeof(*hdr) + WPA_SELECTOR_LEN +
661 2 + WPA_SELECTOR_LEN + 2 + WPA_SELECTOR_LEN)
662 return -1;
663
664 hdr = (struct wpa_ie_hdr *) wpa_ie;
665 hdr->elem_id = GENERIC_INFO_ELEM;
666 os_memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
667 WPA_PUT_LE16(hdr->version, WPA_VERSION);
668 pos = (u8 *) (hdr + 1);
669
670 if (group_cipher == WPA_CIPHER_CCMP) {
671 os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
672 } else if (group_cipher == WPA_CIPHER_TKIP) {
673 os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
674 } else if (group_cipher == WPA_CIPHER_WEP104) {
675 os_memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
676 } else if (group_cipher == WPA_CIPHER_WEP40) {
677 os_memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
678 } else {
679 wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
680 group_cipher);
681 return -1;
682 }
683 pos += WPA_SELECTOR_LEN;
684
685 *pos++ = 1;
686 *pos++ = 0;
687 if (pairwise_cipher == WPA_CIPHER_CCMP) {
688 os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
689 } else if (pairwise_cipher == WPA_CIPHER_TKIP) {
690 os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
691 } else if (pairwise_cipher == WPA_CIPHER_NONE) {
692 os_memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
693 } else {
694 wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
695 pairwise_cipher);
696 return -1;
697 }
698 pos += WPA_SELECTOR_LEN;
699
700 *pos++ = 1;
701 *pos++ = 0;
702 if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
703 os_memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X,
704 WPA_SELECTOR_LEN);
705 } else if (key_mgmt == WPA_KEY_MGMT_PSK) {
706 os_memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
707 WPA_SELECTOR_LEN);
708 } else if (key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
709 os_memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
710 } else {
711 wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
712 key_mgmt);
713 return -1;
714 }
715 pos += WPA_SELECTOR_LEN;
716
717 /* WPA Capabilities; use defaults, so no need to include it */
718
719 hdr->len = (pos - wpa_ie) - 2;
720
721 WPA_ASSERT((size_t) (pos - wpa_ie) <= wpa_ie_len);
722
723 return pos - wpa_ie;
724 }
725
726
727 static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
728 int pairwise_cipher, int group_cipher,
729 int key_mgmt, int mgmt_group_cipher,
730 struct wpa_sm *sm)
731 {
732 #ifndef CONFIG_NO_WPA2
733 u8 *pos;
734 struct rsn_ie_hdr *hdr;
735 u16 capab;
736
737 if (rsn_ie_len < sizeof(*hdr) + RSN_SELECTOR_LEN +
738 2 + RSN_SELECTOR_LEN + 2 + RSN_SELECTOR_LEN + 2 +
739 (sm->cur_pmksa ? 2 + PMKID_LEN : 0))
740 return -1;
741
742 hdr = (struct rsn_ie_hdr *) rsn_ie;
743 hdr->elem_id = RSN_INFO_ELEM;
744 WPA_PUT_LE16(hdr->version, RSN_VERSION);
745 pos = (u8 *) (hdr + 1);
746
747 if (group_cipher == WPA_CIPHER_CCMP) {
748 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
749 } else if (group_cipher == WPA_CIPHER_TKIP) {
750 os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
751 } else if (group_cipher == WPA_CIPHER_WEP104) {
752 os_memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
753 } else if (group_cipher == WPA_CIPHER_WEP40) {
754 os_memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
755 } else {
756 wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
757 group_cipher);
758 return -1;
759 }
760 pos += RSN_SELECTOR_LEN;
761
762 *pos++ = 1;
763 *pos++ = 0;
764 if (pairwise_cipher == WPA_CIPHER_CCMP) {
765 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
766 } else if (pairwise_cipher == WPA_CIPHER_TKIP) {
767 os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
768 } else if (pairwise_cipher == WPA_CIPHER_NONE) {
769 os_memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
770 } else {
771 wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
772 pairwise_cipher);
773 return -1;
774 }
775 pos += RSN_SELECTOR_LEN;
776
777 *pos++ = 1;
778 *pos++ = 0;
779 if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
780 os_memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X,
781 RSN_SELECTOR_LEN);
782 } else if (key_mgmt == WPA_KEY_MGMT_PSK) {
783 os_memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
784 RSN_SELECTOR_LEN);
785 } else {
786 wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
787 key_mgmt);
788 return -1;
789 }
790 pos += RSN_SELECTOR_LEN;
791
792 /* RSN Capabilities */
793 capab = 0;
794 #ifdef CONFIG_IEEE80211W
795 if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
796 capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
797 #endif /* CONFIG_IEEE80211W */
798 WPA_PUT_LE16(pos, capab);
799 pos += 2;
800
801 if (sm->cur_pmksa) {
802 /* PMKID Count (2 octets, little endian) */
803 *pos++ = 1;
804 *pos++ = 0;
805 /* PMKID */
806 os_memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
807 pos += PMKID_LEN;
808 }
809
810 #ifdef CONFIG_IEEE80211W
811 if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
812 if (!sm->cur_pmksa) {
813 /* PMKID Count */
814 WPA_PUT_LE16(pos, 0);
815 pos += 2;
816
817 /* Management Group Cipher Suite */
818 memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC,
819 RSN_SELECTOR_LEN);
820 pos += RSN_SELECTOR_LEN;
821 }
822 }
823 #endif /* CONFIG_IEEE80211W */
824
825 hdr->len = (pos - rsn_ie) - 2;
826
827 WPA_ASSERT((size_t) (pos - rsn_ie) <= rsn_ie_len);
828
829 return pos - rsn_ie;
830 #else /* CONFIG_NO_WPA2 */
831 return -1;
832 #endif /* CONFIG_NO_WPA2 */
833 }
834
835
836 /**
837 * wpa_gen_wpa_ie - Generate WPA/RSN IE based on current security policy
838 * @sm: Pointer to WPA state machine data from wpa_sm_init()
839 * @wpa_ie: Pointer to memory area for the generated WPA/RSN IE
840 * @wpa_ie_len: Maximum length of the generated WPA/RSN IE
841 * Returns: Length of the generated WPA/RSN IE or -1 on failure
842 */
843 static int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
844 {
845 if (sm->proto == WPA_PROTO_RSN)
846 return wpa_gen_wpa_ie_rsn(wpa_ie, wpa_ie_len,
847 sm->pairwise_cipher,
848 sm->group_cipher,
849 sm->key_mgmt, sm->mgmt_group_cipher,
850 sm);
851 else
852 return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
853 sm->pairwise_cipher,
854 sm->group_cipher,
855 sm->key_mgmt);
856 }
857
858
859 /**
860 * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
861 * @pmk: Pairwise master key
862 * @pmk_len: Length of PMK
863 * @label: Label to use in derivation
864 * @addr1: AA or SA
865 * @addr2: SA or AA
866 * @nonce1: ANonce or SNonce
867 * @nonce2: SNonce or ANonce
868 * @ptk: Buffer for pairwise transient key
869 * @ptk_len: Length of PTK
870 *
871 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
872 * PTK = PRF-X(PMK, "Pairwise key expansion",
873 * Min(AA, SA) || Max(AA, SA) ||
874 * Min(ANonce, SNonce) || Max(ANonce, SNonce))
875 *
876 * STK = PRF-X(SMK, "Peer key expansion",
877 * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
878 * Min(INonce, PNonce) || Max(INonce, PNonce))
879 */
880 static void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
881 const char *label,
882 const u8 *addr1, const u8 *addr2,
883 const u8 *nonce1, const u8 *nonce2,
884 u8 *ptk, size_t ptk_len)
885 {
886 u8 data[2 * ETH_ALEN + 2 * 32];
887
888 if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
889 os_memcpy(data, addr1, ETH_ALEN);
890 os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
891 } else {
892 os_memcpy(data, addr2, ETH_ALEN);
893 os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
894 }
895
896 if (os_memcmp(nonce1, nonce2, 32) < 0) {
897 os_memcpy(data + 2 * ETH_ALEN, nonce1, 32);
898 os_memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
899 } else {
900 os_memcpy(data + 2 * ETH_ALEN, nonce2, 32);
901 os_memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
902 }
903
904 sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len);
905
906 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
907 wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
908 }
909
910
911 /**
912 * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
913 * @key: EAPOL-Key Key Confirmation Key (KCK)
914 * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
915 * @buf: Pointer to the beginning of the EAPOL header (version field)
916 * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
917 * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
918 *
919 * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
920 * to be cleared (all zeroes) when calling this function.
921 *
922 * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
923 * description of the Key MIC calculation. It includes packet data from the
924 * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
925 * happened during final editing of the standard and the correct behavior is
926 * defined in the last draft (IEEE 802.11i/D10).
927 */
928 static void wpa_eapol_key_mic(const u8 *key, int ver,
929 const u8 *buf, size_t len, u8 *mic)
930 {
931 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
932 hmac_md5(key, 16, buf, len, mic);
933 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
934 u8 hash[SHA1_MAC_LEN];
935 hmac_sha1(key, 16, buf, len, hash);
936 os_memcpy(mic, hash, MD5_MAC_LEN);
937 }
938 }
939
940
941 static void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
942 int ver, const u8 *dest, u16 proto,
943 u8 *msg, size_t msg_len, u8 *key_mic)
944 {
945 if (os_memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
946 os_memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
947 /*
948 * Association event was not yet received; try to fetch
949 * BSSID from the driver.
950 */
951 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
952 wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
953 "EAPOL-Key destination address");
954 } else {
955 dest = sm->bssid;
956 wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
957 ") as the destination for EAPOL-Key",
958 MAC2STR(dest));
959 }
960 }
961 if (key_mic) {
962 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
963 }
964 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
965 wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
966 eapol_sm_notify_tx_eapol_key(sm->eapol);
967 os_free(msg);
968 }
969
970
971 /**
972 * wpa_sm_key_request - Send EAPOL-Key Request
973 * @sm: Pointer to WPA state machine data from wpa_sm_init()
974 * @error: Indicate whether this is an Michael MIC error report
975 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
976 * Returns: Pointer to the current network structure or %NULL on failure
977 *
978 * Send an EAPOL-Key Request to the current authenticator. This function is
979 * used to request rekeying and it is usually called when a local Michael MIC
980 * failure is detected.
981 */
982 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
983 {
984 size_t rlen;
985 struct wpa_eapol_key *reply;
986 int key_info, ver;
987 u8 bssid[ETH_ALEN], *rbuf;
988
989 if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
990 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
991 else
992 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
993
994 if (wpa_sm_get_bssid(sm, bssid) < 0) {
995 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
996 "request");
997 return;
998 }
999
1000 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1001 sizeof(*reply), &rlen, (void *) &reply);
1002 if (rbuf == NULL)
1003 return;
1004
1005 reply->type = sm->proto == WPA_PROTO_RSN ?
1006 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1007 key_info = WPA_KEY_INFO_REQUEST | ver;
1008 if (sm->ptk_set)
1009 key_info |= WPA_KEY_INFO_MIC;
1010 if (error)
1011 key_info |= WPA_KEY_INFO_ERROR;
1012 if (pairwise)
1013 key_info |= WPA_KEY_INFO_KEY_TYPE;
1014 WPA_PUT_BE16(reply->key_info, key_info);
1015 WPA_PUT_BE16(reply->key_length, 0);
1016 os_memcpy(reply->replay_counter, sm->request_counter,
1017 WPA_REPLAY_COUNTER_LEN);
1018 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1019
1020 WPA_PUT_BE16(reply->key_data_length, 0);
1021
1022 wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d "
1023 "pairwise=%d ptk_set=%d len=%lu)",
1024 error, pairwise, sm->ptk_set, (unsigned long) rlen);
1025 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1026 rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
1027 reply->key_mic : NULL);
1028 }
1029
1030
1031 /**
1032 * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
1033 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1034 * @peer: MAC address of the peer STA
1035 * Returns: 0 on success, or -1 on failure
1036 *
1037 * Send an EAPOL-Key Request to the current authenticator to start STK
1038 * handshake with the peer.
1039 */
1040 int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
1041 {
1042 #ifdef CONFIG_PEERKEY
1043 size_t rlen, kde_len;
1044 struct wpa_eapol_key *req;
1045 int key_info, ver;
1046 u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
1047 u16 count;
1048 struct wpa_ssid *ssid = sm->cur_ssid;
1049 struct rsn_ie_hdr *hdr;
1050 struct wpa_peerkey *peerkey;
1051 struct wpa_ie_data ie;
1052
1053 if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set ||
1054 ssid == NULL || !ssid->peerkey)
1055 return -1;
1056
1057 if (sm->ap_rsn_ie &&
1058 wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
1059 !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
1060 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
1061 return -1;
1062 }
1063
1064 if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
1065 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1066 else
1067 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1068
1069 if (wpa_sm_get_bssid(sm, bssid) < 0) {
1070 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
1071 "SMK M1");
1072 return -1;
1073 }
1074
1075 /* TODO: find existing entry and if found, use that instead of adding
1076 * a new one */
1077 peerkey = os_malloc(sizeof(*peerkey));
1078 if (peerkey == NULL)
1079 return -1;
1080 os_memset(peerkey, 0, sizeof(*peerkey));
1081 peerkey->initiator = 1;
1082 os_memcpy(peerkey->addr, peer, ETH_ALEN);
1083
1084 /* SMK M1:
1085 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1086 * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
1087 */
1088
1089 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
1090 hdr->elem_id = RSN_INFO_ELEM;
1091 WPA_PUT_LE16(hdr->version, RSN_VERSION);
1092 pos = (u8 *) (hdr + 1);
1093 /* Group Suite can be anything for SMK RSN IE; receiver will just
1094 * ignore it. */
1095 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1096 pos += RSN_SELECTOR_LEN;
1097 count_pos = pos;
1098 pos += 2;
1099
1100 count = 0;
1101 if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) {
1102 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1103 pos += RSN_SELECTOR_LEN;
1104 count++;
1105 }
1106 if (ssid->pairwise_cipher & WPA_CIPHER_TKIP) {
1107 os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
1108 pos += RSN_SELECTOR_LEN;
1109 count++;
1110 }
1111 WPA_PUT_LE16(count_pos, count);
1112
1113 hdr->len = (pos - peerkey->rsnie_i) - 2;
1114 peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
1115 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
1116 peerkey->rsnie_i, peerkey->rsnie_i_len);
1117
1118 kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1119
1120 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1121 sizeof(*req) + kde_len, &rlen,
1122 (void *) &req);
1123 if (rbuf == NULL) {
1124 wpa_supplicant_peerkey_free(sm, peerkey);
1125 return -1;
1126 }
1127
1128 req->type = EAPOL_KEY_TYPE_RSN;
1129 key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
1130 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1131 WPA_PUT_BE16(req->key_info, key_info);
1132 WPA_PUT_BE16(req->key_length, 0);
1133 os_memcpy(req->replay_counter, sm->request_counter,
1134 WPA_REPLAY_COUNTER_LEN);
1135 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1136
1137 if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
1138 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1139 "WPA: Failed to get random data for INonce");
1140 os_free(rbuf);
1141 wpa_supplicant_peerkey_free(sm, peerkey);
1142 return -1;
1143 }
1144 os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1145 wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1146 req->key_nonce, WPA_NONCE_LEN);
1147
1148 WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
1149 pos = (u8 *) (req + 1);
1150
1151 /* Initiator RSN IE */
1152 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
1153 /* Peer MAC address KDE */
1154 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1155
1156 wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
1157 MACSTR ")", MAC2STR(peer));
1158 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1159 rbuf, rlen, req->key_mic);
1160
1161 peerkey->next = sm->peerkey;
1162 sm->peerkey = peerkey;
1163
1164 return 0;
1165
1166 #else /* CONFIG_PEERKEY */
1167
1168 return -1;
1169
1170 #endif /* CONFIG_PEERKEY */
1171 }
1172
1173
1174 struct wpa_eapol_ie_parse {
1175 const u8 *wpa_ie;
1176 size_t wpa_ie_len;
1177 const u8 *rsn_ie;
1178 size_t rsn_ie_len;
1179 const u8 *pmkid;
1180 const u8 *gtk;
1181 size_t gtk_len;
1182 const u8 *mac_addr;
1183 size_t mac_addr_len;
1184 #ifdef CONFIG_PEERKEY
1185 const u8 *smk;
1186 size_t smk_len;
1187 const u8 *nonce;
1188 size_t nonce_len;
1189 const u8 *lifetime;
1190 size_t lifetime_len;
1191 const u8 *error;
1192 size_t error_len;
1193 #endif /* CONFIG_PEERKEY */
1194 #ifdef CONFIG_IEEE80211W
1195 const u8 *dhv;
1196 size_t dhv_len;
1197 const u8 *igtk;
1198 size_t igtk_len;
1199 #endif /* CONFIG_IEEE80211W */
1200 };
1201
1202
1203 /**
1204 * wpa_supplicant_parse_generic - Parse EAPOL-Key Key Data Generic IEs
1205 * @pos: Pointer to the IE header
1206 * @end: Pointer to the end of the Key Data buffer
1207 * @ie: Pointer to parsed IE data
1208 * Returns: 0 on success, 1 if end mark is found, -1 on failure
1209 */
1210 static int wpa_supplicant_parse_generic(const u8 *pos, const u8 *end,
1211 struct wpa_eapol_ie_parse *ie)
1212 {
1213 if (pos[1] == 0)
1214 return 1;
1215
1216 if (pos[1] >= 6 &&
1217 os_memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
1218 pos[2 + WPA_SELECTOR_LEN] == 1 &&
1219 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
1220 ie->wpa_ie = pos;
1221 ie->wpa_ie_len = pos[1] + 2;
1222 return 0;
1223 }
1224
1225 if (pos + 1 + RSN_SELECTOR_LEN < end &&
1226 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1227 os_memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1228 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1229 return 0;
1230 }
1231
1232 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1233 os_memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1234 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1235 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1236 return 0;
1237 }
1238
1239 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1240 os_memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1241 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1242 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1243 return 0;
1244 }
1245
1246 #ifdef CONFIG_PEERKEY
1247 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1248 os_memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1249 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
1250 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
1251 return 0;
1252 }
1253
1254 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1255 os_memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1256 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
1257 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
1258 return 0;
1259 }
1260
1261 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1262 os_memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1263 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
1264 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
1265 return 0;
1266 }
1267
1268 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1269 os_memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1270 ie->error = pos + 2 + RSN_SELECTOR_LEN;
1271 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
1272 return 0;
1273 }
1274 #endif /* CONFIG_PEERKEY */
1275
1276 #ifdef CONFIG_IEEE80211W
1277 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1278 os_memcmp(pos + 2, RSN_KEY_DATA_DHV, RSN_SELECTOR_LEN) == 0) {
1279 ie->dhv = pos + 2 + RSN_SELECTOR_LEN;
1280 ie->dhv_len = pos[1] - RSN_SELECTOR_LEN;
1281 return 0;
1282 }
1283
1284 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1285 os_memcmp(pos + 2, RSN_KEY_DATA_IGTK, RSN_SELECTOR_LEN) == 0) {
1286 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
1287 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
1288 return 0;
1289 }
1290 #endif /* CONFIG_IEEE80211W */
1291
1292 return 0;
1293 }
1294
1295
1296 /**
1297 * wpa_supplicant_parse_ies - Parse EAPOL-Key Key Data IEs
1298 * @buf: Pointer to the Key Data buffer
1299 * @len: Key Data Length
1300 * @ie: Pointer to parsed IE data
1301 * Returns: 0 on success, -1 on failure
1302 */
1303 static int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
1304 struct wpa_eapol_ie_parse *ie)
1305 {
1306 const u8 *pos, *end;
1307 int ret = 0;
1308
1309 os_memset(ie, 0, sizeof(*ie));
1310 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
1311 if (pos[0] == 0xdd &&
1312 ((pos == buf + len - 1) || pos[1] == 0)) {
1313 /* Ignore padding */
1314 break;
1315 }
1316 if (pos + 2 + pos[1] > end) {
1317 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
1318 "underflow (ie=%d len=%d pos=%d)",
1319 pos[0], pos[1], (int) (pos - buf));
1320 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
1321 buf, len);
1322 ret = -1;
1323 break;
1324 }
1325 if (*pos == RSN_INFO_ELEM) {
1326 ie->rsn_ie = pos;
1327 ie->rsn_ie_len = pos[1] + 2;
1328 } else if (*pos == GENERIC_INFO_ELEM) {
1329 ret = wpa_supplicant_parse_generic(pos, end, ie);
1330 if (ret < 0)
1331 break;
1332 if (ret > 0) {
1333 ret = 0;
1334 break;
1335 }
1336 } else {
1337 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
1338 "Key Data IE", pos, 2 + pos[1]);
1339 }
1340 }
1341
1342 return ret;
1343 }
1344
1345
1346 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
1347 const unsigned char *src_addr,
1348 const u8 *pmkid)
1349 {
1350 int abort_cached = 0;
1351
1352 if (pmkid && !sm->cur_pmksa) {
1353 /* When using drivers that generate RSN IE, wpa_supplicant may
1354 * not have enough time to get the association information
1355 * event before receiving this 1/4 message, so try to find a
1356 * matching PMKSA cache entry here. */
1357 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
1358 if (sm->cur_pmksa) {
1359 wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from "
1360 "PMKSA cache");
1361 } else {
1362 wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found");
1363 abort_cached = 1;
1364 }
1365 }
1366
1367 if (pmkid && sm->cur_pmksa &&
1368 os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
1369 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
1370 wpa_sm_set_pmk_from_pmksa(sm);
1371 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
1372 sm->pmk, sm->pmk_len);
1373 eapol_sm_notify_cached(sm->eapol);
1374 } else if (sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X && sm->eapol) {
1375 int res, pmk_len;
1376 pmk_len = PMK_LEN;
1377 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
1378 if (res) {
1379 /*
1380 * EAP-LEAP is an exception from other EAP methods: it
1381 * uses only 16-byte PMK.
1382 */
1383 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
1384 pmk_len = 16;
1385 }
1386 if (res == 0) {
1387 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
1388 "machines", sm->pmk, pmk_len);
1389 sm->pmk_len = pmk_len;
1390 pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr,
1391 sm->own_addr, sm->cur_ssid);
1392 if (!sm->cur_pmksa && pmkid &&
1393 pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
1394 wpa_printf(MSG_DEBUG, "RSN: the new PMK "
1395 "matches with the PMKID");
1396 abort_cached = 0;
1397 }
1398 } else {
1399 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1400 "WPA: Failed to get master session key from "
1401 "EAPOL state machines");
1402 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1403 "WPA: Key handshake aborted");
1404 if (sm->cur_pmksa) {
1405 wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA "
1406 "caching attempt");
1407 sm->cur_pmksa = NULL;
1408 abort_cached = 1;
1409 } else {
1410 return -1;
1411 }
1412 }
1413 }
1414
1415 if (abort_cached && sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
1416 /* Send EAPOL-Start to trigger full EAP authentication. */
1417 u8 *buf;
1418 size_t buflen;
1419
1420 wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger "
1421 "full EAP authentication");
1422 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
1423 NULL, 0, &buflen, NULL);
1424 if (buf) {
1425 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
1426 buf, buflen);
1427 os_free(buf);
1428 }
1429
1430 return -1;
1431 }
1432
1433 return 0;
1434 }
1435
1436
1437 static int wpa_supplicant_send_2_of_4(struct wpa_sm *sm,
1438 const unsigned char *dst,
1439 const struct wpa_eapol_key *key,
1440 int ver, const u8 *nonce,
1441 const u8 *wpa_ie, size_t wpa_ie_len,
1442 struct wpa_ptk *ptk)
1443 {
1444 size_t rlen;
1445 struct wpa_eapol_key *reply;
1446 u8 *rbuf;
1447
1448 if (wpa_ie == NULL) {
1449 wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot "
1450 "generate msg 2/4");
1451 return -1;
1452 }
1453
1454 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
1455
1456 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
1457 NULL, sizeof(*reply) + wpa_ie_len,
1458 &rlen, (void *) &reply);
1459 if (rbuf == NULL)
1460 return -1;
1461
1462 reply->type = sm->proto == WPA_PROTO_RSN ?
1463 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1464 WPA_PUT_BE16(reply->key_info,
1465 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
1466 if (sm->proto == WPA_PROTO_RSN)
1467 WPA_PUT_BE16(reply->key_length, 0);
1468 else
1469 os_memcpy(reply->key_length, key->key_length, 2);
1470 os_memcpy(reply->replay_counter, key->replay_counter,
1471 WPA_REPLAY_COUNTER_LEN);
1472
1473 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
1474 os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
1475
1476 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1477
1478 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
1479 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1480 rbuf, rlen, reply->key_mic);
1481
1482 return 0;
1483 }
1484
1485
1486 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
1487 const unsigned char *src_addr,
1488 const struct wpa_eapol_key *key,
1489 u16 ver)
1490 {
1491 struct wpa_eapol_ie_parse ie;
1492 struct wpa_ptk *ptk;
1493 u8 buf[8];
1494
1495 if (wpa_sm_get_ssid(sm) == NULL) {
1496 wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
1497 "4).");
1498 return;
1499 }
1500
1501 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1502 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
1503 MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1504
1505 os_memset(&ie, 0, sizeof(ie));
1506
1507 #ifndef CONFIG_NO_WPA2
1508 if (sm->proto == WPA_PROTO_RSN) {
1509 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
1510 const u8 *_buf = (const u8 *) (key + 1);
1511 size_t len = WPA_GET_BE16(key->key_data_length);
1512 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
1513 wpa_supplicant_parse_ies(_buf, len, &ie);
1514 if (ie.pmkid) {
1515 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
1516 "Authenticator", ie.pmkid, PMKID_LEN);
1517 }
1518 }
1519 #endif /* CONFIG_NO_WPA2 */
1520
1521 if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
1522 return;
1523
1524 if (sm->renew_snonce) {
1525 if (hostapd_get_rand(sm->snonce, WPA_NONCE_LEN)) {
1526 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1527 "WPA: Failed to get random data for SNonce");
1528 return;
1529 }
1530 sm->renew_snonce = 0;
1531 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
1532 sm->snonce, WPA_NONCE_LEN);
1533 }
1534
1535 /* Calculate PTK which will be stored as a temporary PTK until it has
1536 * been verified when processing message 3/4. */
1537 ptk = &sm->tptk;
1538 wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
1539 sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
1540 (u8 *) ptk, sizeof(*ptk));
1541 /* Supplicant: swap tx/rx Mic keys */
1542 os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1543 os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
1544 os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1545 sm->tptk_set = 1;
1546
1547 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
1548 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
1549 ptk))
1550 return;
1551
1552 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
1553 }
1554
1555
1556 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
1557 {
1558 struct wpa_sm *sm = eloop_ctx;
1559 rsn_preauth_candidate_process(sm);
1560 }
1561
1562
1563 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
1564 const u8 *addr, int secure)
1565 {
1566 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Key negotiation completed with "
1567 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
1568 wpa_cipher_txt(sm->pairwise_cipher),
1569 wpa_cipher_txt(sm->group_cipher));
1570 eloop_cancel_timeout(sm->ctx->scan, sm->ctx->ctx, NULL);
1571 wpa_sm_cancel_auth_timeout(sm);
1572 wpa_sm_set_state(sm, WPA_COMPLETED);
1573
1574 if (secure) {
1575 wpa_sm_mlme_setprotection(
1576 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
1577 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1578 eapol_sm_notify_portValid(sm->eapol, TRUE);
1579 if (sm->key_mgmt == WPA_KEY_MGMT_PSK)
1580 eapol_sm_notify_eap_success(sm->eapol, TRUE);
1581 /*
1582 * Start preauthentication after a short wait to avoid a
1583 * possible race condition between the data receive and key
1584 * configuration after the 4-Way Handshake. This increases the
1585 * likelyhood of the first preauth EAPOL-Start frame getting to
1586 * the target AP.
1587 */
1588 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
1589 }
1590
1591 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
1592 wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted "
1593 "opportunistic PMKSA entry - marking it valid");
1594 sm->cur_pmksa->opportunistic = 0;
1595 }
1596 }
1597
1598
1599 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
1600 const struct wpa_eapol_key *key)
1601 {
1602 int keylen, rsclen;
1603 wpa_alg alg;
1604 const u8 *key_rsc;
1605 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1606
1607 wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.");
1608
1609 switch (sm->pairwise_cipher) {
1610 case WPA_CIPHER_CCMP:
1611 alg = WPA_ALG_CCMP;
1612 keylen = 16;
1613 rsclen = 6;
1614 break;
1615 case WPA_CIPHER_TKIP:
1616 alg = WPA_ALG_TKIP;
1617 keylen = 32;
1618 rsclen = 6;
1619 break;
1620 case WPA_CIPHER_NONE:
1621 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: "
1622 "NONE - do not use pairwise keys");
1623 return 0;
1624 default:
1625 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d",
1626 sm->pairwise_cipher);
1627 return -1;
1628 }
1629
1630 if (sm->proto == WPA_PROTO_RSN) {
1631 key_rsc = null_rsc;
1632 } else {
1633 key_rsc = key->key_rsc;
1634 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
1635 }
1636
1637 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
1638 (u8 *) sm->ptk.tk1, keylen) < 0) {
1639 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
1640 "driver.");
1641 return -1;
1642 }
1643 return 0;
1644 }
1645
1646
1647 static int wpa_supplicant_check_group_cipher(int group_cipher,
1648 int keylen, int maxkeylen,
1649 int *key_rsc_len, wpa_alg *alg)
1650 {
1651 int ret = 0;
1652
1653 switch (group_cipher) {
1654 case WPA_CIPHER_CCMP:
1655 if (keylen != 16 || maxkeylen < 16) {
1656 ret = -1;
1657 break;
1658 }
1659 *key_rsc_len = 6;
1660 *alg = WPA_ALG_CCMP;
1661 break;
1662 case WPA_CIPHER_TKIP:
1663 if (keylen != 32 || maxkeylen < 32) {
1664 ret = -1;
1665 break;
1666 }
1667 *key_rsc_len = 6;
1668 *alg = WPA_ALG_TKIP;
1669 break;
1670 case WPA_CIPHER_WEP104:
1671 if (keylen != 13 || maxkeylen < 13) {
1672 ret = -1;
1673 break;
1674 }
1675 *key_rsc_len = 0;
1676 *alg = WPA_ALG_WEP;
1677 break;
1678 case WPA_CIPHER_WEP40:
1679 if (keylen != 5 || maxkeylen < 5) {
1680 ret = -1;
1681 break;
1682 }
1683 *key_rsc_len = 0;
1684 *alg = WPA_ALG_WEP;
1685 break;
1686 default:
1687 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
1688 group_cipher);
1689 return -1;
1690 }
1691
1692 if (ret < 0 ) {
1693 wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key "
1694 "length %d (%d).",
1695 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
1696 }
1697
1698 return ret;
1699 }
1700
1701
1702 struct wpa_gtk_data {
1703 wpa_alg alg;
1704 int tx, key_rsc_len, keyidx;
1705 u8 gtk[32];
1706 int gtk_len;
1707 };
1708
1709
1710 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
1711 const struct wpa_gtk_data *gd,
1712 const u8 *key_rsc)
1713 {
1714 const u8 *_gtk = gd->gtk;
1715 u8 gtk_buf[32];
1716
1717 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
1718 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
1719 "(keyidx=%d tx=%d).", gd->keyidx, gd->tx);
1720 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
1721 if (sm->group_cipher == WPA_CIPHER_TKIP) {
1722 /* Swap Tx/Rx keys for Michael MIC */
1723 os_memcpy(gtk_buf, gd->gtk, 16);
1724 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1725 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1726 _gtk = gtk_buf;
1727 }
1728 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1729 if (wpa_sm_set_key(sm, gd->alg,
1730 (u8 *) "\xff\xff\xff\xff\xff\xff",
1731 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
1732 _gtk, gd->gtk_len) < 0) {
1733 wpa_printf(MSG_WARNING, "WPA: Failed to set "
1734 "GTK to the driver (Group only).");
1735 return -1;
1736 }
1737 } else if (wpa_sm_set_key(sm, gd->alg,
1738 (u8 *) "\xff\xff\xff\xff\xff\xff",
1739 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
1740 _gtk, gd->gtk_len) < 0) {
1741 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
1742 "the driver.");
1743 return -1;
1744 }
1745
1746 return 0;
1747 }
1748
1749
1750 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
1751 int tx)
1752 {
1753 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
1754 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
1755 * seemed to set this bit (incorrectly, since Tx is only when
1756 * doing Group Key only APs) and without this workaround, the
1757 * data connection does not work because wpa_supplicant
1758 * configured non-zero keyidx to be used for unicast. */
1759 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise "
1760 "keys are used - ignore Tx bit");
1761 return 0;
1762 }
1763 return tx;
1764 }
1765
1766
1767 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
1768 const struct wpa_eapol_key *key,
1769 const u8 *gtk, size_t gtk_len,
1770 int key_info)
1771 {
1772 #ifndef CONFIG_NO_WPA2
1773 struct wpa_gtk_data gd;
1774
1775 /*
1776 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
1777 * GTK KDE format:
1778 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
1779 * Reserved [bits 0-7]
1780 * GTK
1781 */
1782
1783 os_memset(&gd, 0, sizeof(gd));
1784 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
1785 gtk, gtk_len);
1786
1787 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
1788 return -1;
1789
1790 gd.keyidx = gtk[0] & 0x3;
1791 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1792 !!(gtk[0] & BIT(2)));
1793 gtk += 2;
1794 gtk_len -= 2;
1795
1796 os_memcpy(gd.gtk, gtk, gtk_len);
1797 gd.gtk_len = gtk_len;
1798
1799 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1800 gtk_len, gtk_len,
1801 &gd.key_rsc_len, &gd.alg) ||
1802 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) {
1803 wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK");
1804 return -1;
1805 }
1806
1807 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1808 key_info & WPA_KEY_INFO_SECURE);
1809 return 0;
1810 #else /* CONFIG_NO_WPA2 */
1811 return -1;
1812 #endif /* CONFIG_NO_WPA2 */
1813 }
1814
1815
1816 static int ieee80211w_set_keys(struct wpa_sm *sm,
1817 struct wpa_eapol_ie_parse *ie)
1818 {
1819 #ifdef CONFIG_IEEE80211W
1820 if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
1821 return 0;
1822
1823 if (ie->igtk) {
1824 const struct wpa_igtk_kde *igtk;
1825 u16 keyidx;
1826 if (ie->igtk_len != sizeof(*igtk))
1827 return -1;
1828 igtk = (const struct wpa_igtk_kde *) ie->igtk;
1829 keyidx = WPA_GET_LE16(igtk->keyid);
1830 wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
1831 "pn %02x%02x%02x%02x%02x%02x",
1832 keyidx, MAC2STR(igtk->pn));
1833 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
1834 igtk->igtk, WPA_IGTK_LEN);
1835 if (keyidx > 4095) {
1836 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
1837 keyidx);
1838 return -1;
1839 }
1840 if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
1841 (u8 *) "\xff\xff\xff\xff\xff\xff",
1842 keyidx, 0, igtk->pn, sizeof(igtk->pn),
1843 igtk->igtk, WPA_IGTK_LEN) < 0) {
1844 wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
1845 " to the driver");
1846 return -1;
1847 }
1848 }
1849
1850 if (ie->dhv) {
1851 const struct wpa_dhv_kde *dhv;
1852 if (ie->dhv_len != sizeof(*dhv))
1853 return -1;
1854 dhv = (const struct wpa_dhv_kde *) ie->dhv;
1855 wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv->dhv, WPA_DHV_LEN);
1856 if (wpa_sm_set_key(sm, WPA_ALG_DHV,
1857 (u8 *) "\xff\xff\xff\xff\xff\xff", 0, 0,
1858 NULL, 0, dhv->dhv, WPA_DHV_LEN) < 0) {
1859 wpa_printf(MSG_WARNING, "WPA: Failed to configure DHV "
1860 "to the driver");
1861 return -1;
1862 }
1863 }
1864
1865 return 0;
1866 #else /* CONFIG_IEEE80211W */
1867 return 0;
1868 #endif /* CONFIG_IEEE80211W */
1869 }
1870
1871
1872 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1873 const char *reason, const u8 *src_addr,
1874 const u8 *wpa_ie, size_t wpa_ie_len,
1875 const u8 *rsn_ie, size_t rsn_ie_len)
1876 {
1877 wpa_msg(sm->ctx->ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
1878 reason, MAC2STR(src_addr));
1879
1880 if (sm->ap_wpa_ie) {
1881 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
1882 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
1883 }
1884 if (wpa_ie) {
1885 if (!sm->ap_wpa_ie) {
1886 wpa_printf(MSG_INFO, "WPA: No WPA IE in "
1887 "Beacon/ProbeResp");
1888 }
1889 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
1890 wpa_ie, wpa_ie_len);
1891 }
1892
1893 if (sm->ap_rsn_ie) {
1894 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
1895 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
1896 }
1897 if (rsn_ie) {
1898 if (!sm->ap_rsn_ie) {
1899 wpa_printf(MSG_INFO, "WPA: No RSN IE in "
1900 "Beacon/ProbeResp");
1901 }
1902 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
1903 rsn_ie, rsn_ie_len);
1904 }
1905
1906 wpa_sm_disassociate(sm, REASON_IE_IN_4WAY_DIFFERS);
1907 wpa_sm_req_scan(sm, 0, 0);
1908 }
1909
1910
1911 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1912 const unsigned char *src_addr,
1913 struct wpa_eapol_ie_parse *ie)
1914 {
1915 struct wpa_ssid *ssid = sm->cur_ssid;
1916
1917 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1918 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. "
1919 "Trying to get from scan results");
1920 if (wpa_sm_get_beacon_ie(sm) < 0) {
1921 wpa_printf(MSG_WARNING, "WPA: Could not find AP from "
1922 "the scan results");
1923 } else {
1924 wpa_printf(MSG_DEBUG, "WPA: Found the current AP from "
1925 "updated scan results");
1926 }
1927 }
1928
1929 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1930 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1931 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1932 "with IE in Beacon/ProbeResp (no IE?)",
1933 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1934 ie->rsn_ie, ie->rsn_ie_len);
1935 return -1;
1936 }
1937
1938 if ((ie->wpa_ie && sm->ap_wpa_ie &&
1939 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1940 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1941 (ie->rsn_ie && sm->ap_rsn_ie &&
1942 (ie->rsn_ie_len != sm->ap_rsn_ie_len ||
1943 os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
1944 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1945 "with IE in Beacon/ProbeResp",
1946 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1947 ie->rsn_ie, ie->rsn_ie_len);
1948 return -1;
1949 }
1950
1951 if (sm->proto == WPA_PROTO_WPA &&
1952 ie->rsn_ie && sm->ap_rsn_ie == NULL &&
1953 ssid && (ssid->proto & WPA_PROTO_RSN)) {
1954 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1955 "detected - RSN was enabled and RSN IE "
1956 "was in msg 3/4, but not in "
1957 "Beacon/ProbeResp",
1958 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1959 ie->rsn_ie, ie->rsn_ie_len);
1960 return -1;
1961 }
1962
1963 return 0;
1964 }
1965
1966
1967 static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm,
1968 const unsigned char *dst,
1969 const struct wpa_eapol_key *key,
1970 u16 ver, u16 key_info,
1971 const u8 *kde, size_t kde_len,
1972 struct wpa_ptk *ptk)
1973 {
1974 size_t rlen;
1975 struct wpa_eapol_key *reply;
1976 u8 *rbuf;
1977
1978 if (kde)
1979 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
1980
1981 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1982 sizeof(*reply) + kde_len,
1983 &rlen, (void *) &reply);
1984 if (rbuf == NULL)
1985 return -1;
1986
1987 reply->type = sm->proto == WPA_PROTO_RSN ?
1988 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1989 key_info &= WPA_KEY_INFO_SECURE;
1990 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1991 WPA_PUT_BE16(reply->key_info, key_info);
1992 if (sm->proto == WPA_PROTO_RSN)
1993 WPA_PUT_BE16(reply->key_length, 0);
1994 else
1995 os_memcpy(reply->key_length, key->key_length, 2);
1996 os_memcpy(reply->replay_counter, key->replay_counter,
1997 WPA_REPLAY_COUNTER_LEN);
1998
1999 WPA_PUT_BE16(reply->key_data_length, kde_len);
2000 if (kde)
2001 os_memcpy(reply + 1, kde, kde_len);
2002
2003 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
2004 wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
2005 rbuf, rlen, reply->key_mic);
2006
2007 return 0;
2008 }
2009
2010
2011 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
2012 const struct wpa_eapol_key *key,
2013 u16 ver)
2014 {
2015 u16 key_info, keylen, len;
2016 const u8 *pos;
2017 struct wpa_eapol_ie_parse ie;
2018
2019 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
2020 wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
2021 MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
2022
2023 key_info = WPA_GET_BE16(key->key_info);
2024
2025 pos = (const u8 *) (key + 1);
2026 len = WPA_GET_BE16(key->key_data_length);
2027 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
2028 wpa_supplicant_parse_ies(pos, len, &ie);
2029 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2030 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
2031 return;
2032 }
2033 #ifdef CONFIG_IEEE80211W
2034 if ((ie.dhv || ie.igtk) && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2035 wpa_printf(MSG_WARNING, "WPA: DHV/IGTK KDE in unencrypted key "
2036 "data");
2037 return;
2038 }
2039
2040 if (ie.dhv && ie.dhv_len != sizeof(struct wpa_dhv_kde)) {
2041 wpa_printf(MSG_WARNING, "WPA: Invalid DHV KDE length %lu",
2042 (unsigned long) ie.dhv_len);
2043 return;
2044 }
2045
2046 if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
2047 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
2048 (unsigned long) ie.igtk_len);
2049 return;
2050 }
2051 #endif /* CONFIG_IEEE80211W */
2052
2053 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2054 return;
2055
2056 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2057 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
2058 "Handshake differs from 3 of 4-Way Handshake - drop"
2059 " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
2060 return;
2061 }
2062
2063 keylen = WPA_GET_BE16(key->key_length);
2064 switch (sm->pairwise_cipher) {
2065 case WPA_CIPHER_CCMP:
2066 if (keylen != 16) {
2067 wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
2068 "%d (src=" MACSTR ")",
2069 keylen, MAC2STR(sm->bssid));
2070 return;
2071 }
2072 break;
2073 case WPA_CIPHER_TKIP:
2074 if (keylen != 32) {
2075 wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
2076 "%d (src=" MACSTR ")",
2077 keylen, MAC2STR(sm->bssid));
2078 return;
2079 }
2080 break;
2081 }
2082
2083 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
2084 NULL, 0, &sm->ptk))
2085 return;
2086
2087 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
2088 * for the next 4-Way Handshake. If msg 3 is received again, the old
2089 * SNonce will still be used to avoid changing PTK. */
2090 sm->renew_snonce = 1;
2091
2092 if (key_info & WPA_KEY_INFO_INSTALL) {
2093 wpa_supplicant_install_ptk(sm, key);
2094 }
2095
2096 if (key_info & WPA_KEY_INFO_SECURE) {
2097 wpa_sm_mlme_setprotection(
2098 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
2099 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
2100 eapol_sm_notify_portValid(sm->eapol, TRUE);
2101 }
2102 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2103
2104 if (ie.gtk &&
2105 wpa_supplicant_pairwise_gtk(sm, key,
2106 ie.gtk, ie.gtk_len, key_info) < 0) {
2107 wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
2108 }
2109
2110 if (ieee80211w_set_keys(sm, &ie) < 0)
2111 wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
2112 }
2113
2114
2115 #ifdef CONFIG_PEERKEY
2116 static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
2117 {
2118 #if 0
2119 struct wpa_sm *sm = eloop_ctx;
2120 struct wpa_peerkey *peerkey = timeout_ctx;
2121 #endif
2122 /* TODO: time out SMK and any STK that was generated using this SMK */
2123 }
2124
2125
2126 static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
2127 struct wpa_peerkey *peerkey)
2128 {
2129 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
2130 os_free(peerkey);
2131 }
2132
2133
2134 static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
2135 const u8 *peer,
2136 u16 mui, u16 error_type, int ver)
2137 {
2138 #ifndef CONFIG_NO_WPA2
2139 size_t rlen;
2140 struct wpa_eapol_key *err;
2141 struct rsn_error_kde error;
2142 u8 *rbuf, *pos;
2143 size_t kde_len;
2144 u16 key_info;
2145
2146 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
2147 if (peer)
2148 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
2149
2150 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
2151 NULL, sizeof(*err) + kde_len, &rlen,
2152 (void *) &err);
2153 if (rbuf == NULL)
2154 return -1;
2155
2156 err->type = EAPOL_KEY_TYPE_RSN;
2157 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
2158 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
2159 WPA_KEY_INFO_REQUEST;
2160 WPA_PUT_BE16(err->key_info, key_info);
2161 WPA_PUT_BE16(err->key_length, 0);
2162 os_memcpy(err->replay_counter, sm->request_counter,
2163 WPA_REPLAY_COUNTER_LEN);
2164 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
2165
2166 WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
2167 pos = (u8 *) (err + 1);
2168
2169 if (peer) {
2170 /* Peer MAC Address KDE */
2171 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
2172 }
2173
2174 /* Error KDE */
2175 error.mui = host_to_be16(mui);
2176 error.error_type = host_to_be16(error_type);
2177 pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
2178 (u8 *) &error, sizeof(error));
2179
2180 if (peer) {
2181 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
2182 MACSTR " mui %d error_type %d)",
2183 MAC2STR(peer), mui, error_type);
2184 } else {
2185 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
2186 "(mui %d error_type %d)", mui, error_type);
2187 }
2188
2189 wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
2190 rbuf, rlen, err->key_mic);
2191
2192 return 0;
2193 #else /* CONFIG_NO_WPA2 */
2194 return -1;
2195 #endif /* CONFIG_NO_WPA2 */
2196 }
2197
2198
2199 static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
2200 const unsigned char *src_addr,
2201 const struct wpa_eapol_key *key,
2202 int ver, struct wpa_peerkey *peerkey)
2203 {
2204 size_t rlen;
2205 struct wpa_eapol_key *reply;
2206 u8 *rbuf, *pos;
2207 size_t kde_len;
2208 u16 key_info;
2209
2210 /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
2211 kde_len = peerkey->rsnie_p_len +
2212 2 + RSN_SELECTOR_LEN + ETH_ALEN +
2213 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
2214
2215 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
2216 NULL, sizeof(*reply) + kde_len, &rlen,
2217 (void *) &reply);
2218 if (rbuf == NULL)
2219 return -1;
2220
2221 reply->type = EAPOL_KEY_TYPE_RSN;
2222 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
2223 WPA_KEY_INFO_SECURE;
2224 WPA_PUT_BE16(reply->key_info, key_info);
2225 WPA_PUT_BE16(reply->key_length, 0);
2226 os_memcpy(reply->replay_counter, key->replay_counter,
2227 WPA_REPLAY_COUNTER_LEN);
2228
2229 os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
2230
2231 WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
2232 pos = (u8 *) (reply + 1);
2233
2234 /* Peer RSN IE */
2235 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
2236
2237 /* Initiator MAC Address KDE */
2238 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
2239
2240 /* Initiator Nonce */
2241 pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE,
2242 peerkey->inonce, WPA_NONCE_LEN);
2243
2244 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
2245 wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
2246 rbuf, rlen, reply->key_mic);
2247
2248 return 0;
2249 }
2250
2251
2252 static int wpa_supplicant_process_smk_m2(
2253 struct wpa_sm *sm, const unsigned char *src_addr,
2254 const struct wpa_eapol_key *key, size_t extra_len, int ver)
2255 {
2256 struct wpa_ssid *ssid = sm->cur_ssid;
2257 struct wpa_peerkey *peerkey;
2258 struct wpa_eapol_ie_parse kde;
2259 struct wpa_ie_data ie;
2260 int cipher;
2261 struct rsn_ie_hdr *hdr;
2262 u8 *pos;
2263
2264 wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
2265
2266 if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
2267 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
2268 "the current network");
2269 return -1;
2270 }
2271
2272 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
2273 0) {
2274 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
2275 return -1;
2276 }
2277
2278 if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
2279 kde.mac_addr_len < ETH_ALEN) {
2280 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
2281 "SMK M2");
2282 return -1;
2283 }
2284
2285 wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
2286 MAC2STR(kde.mac_addr));
2287
2288 if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
2289 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
2290 "M2");
2291 return -1;
2292 }
2293
2294 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
2295 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
2296 return -1;
2297 }
2298
2299 cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
2300 if (cipher & WPA_CIPHER_CCMP) {
2301 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
2302 cipher = WPA_CIPHER_CCMP;
2303 } else if (cipher & WPA_CIPHER_TKIP) {
2304 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
2305 cipher = WPA_CIPHER_TKIP;
2306 } else {
2307 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
2308 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
2309 STK_MUI_SMK, STK_ERR_CPHR_NS,
2310 ver);
2311 return -1;
2312 }
2313
2314 /* TODO: find existing entry and if found, use that instead of adding
2315 * a new one; how to handle the case where both ends initiate at the
2316 * same time? */
2317 peerkey = os_malloc(sizeof(*peerkey));
2318 if (peerkey == NULL)
2319 return -1;
2320 os_memset(peerkey, 0, sizeof(*peerkey));
2321 os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
2322 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2323 os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2324 peerkey->rsnie_i_len = kde.rsn_ie_len;
2325 peerkey->cipher = cipher;
2326
2327 if (hostapd_get_rand(peerkey->pnonce, WPA_NONCE_LEN)) {
2328 wpa_msg(sm->ctx->ctx, MSG_WARNING,
2329 "WPA: Failed to get random data for PNonce");
2330 wpa_supplicant_peerkey_free(sm, peerkey);
2331 return -1;
2332 }
2333
2334 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
2335 hdr->elem_id = RSN_INFO_ELEM;
2336 WPA_PUT_LE16(hdr->version, RSN_VERSION);
2337 pos = (u8 *) (hdr + 1);
2338 /* Group Suite can be anything for SMK RSN IE; receiver will just
2339 * ignore it. */
2340 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2341 pos += RSN_SELECTOR_LEN;
2342 /* Include only the selected cipher in pairwise cipher suite */
2343 WPA_PUT_LE16(pos, 1);
2344 pos += 2;
2345 if (cipher == WPA_CIPHER_CCMP)
2346 os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2347 else if (cipher == WPA_CIPHER_TKIP)
2348 os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
2349 pos += RSN_SELECTOR_LEN;
2350
2351 hdr->len = (pos - peerkey->rsnie_p) - 2;
2352 peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
2353 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
2354 peerkey->rsnie_p, peerkey->rsnie_p_len);
2355
2356 wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
2357
2358 peerkey->next = sm->peerkey;
2359 sm->peerkey = peerkey;
2360
2361 return 0;
2362 }
2363
2364
2365 /**
2366 * rsn_smkid - Derive SMK identifier
2367 * @smk: Station master key (32 bytes)
2368 * @pnonce: Peer Nonce
2369 * @mac_p: Peer MAC address
2370 * @inonce: Initiator Nonce
2371 * @mac_i: Initiator MAC address
2372 *
2373 * 8.5.1.4 Station to station (STK) key hierarchy
2374 * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
2375 */
2376 static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
2377 const u8 *inonce, const u8 *mac_i, u8 *smkid)
2378 {
2379 char *title = "SMK Name";
2380 const u8 *addr[5];
2381 const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
2382 ETH_ALEN };
2383 unsigned char hash[SHA1_MAC_LEN];
2384
2385 addr[0] = (u8 *) title;
2386 addr[1] = pnonce;
2387 addr[2] = mac_p;
2388 addr[3] = inonce;
2389 addr[4] = mac_i;
2390
2391 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
2392 os_memcpy(smkid, hash, PMKID_LEN);
2393 }
2394
2395
2396 static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
2397 struct wpa_peerkey *peerkey)
2398 {
2399 size_t mlen;
2400 struct wpa_eapol_key *msg;
2401 u8 *mbuf;
2402 size_t kde_len;
2403 u16 key_info, ver;
2404
2405 kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2406
2407 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2408 sizeof(*msg) + kde_len, &mlen,
2409 (void *) &msg);
2410 if (mbuf == NULL)
2411 return;
2412
2413 msg->type = EAPOL_KEY_TYPE_RSN;
2414
2415 if (peerkey->cipher == WPA_CIPHER_CCMP)
2416 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
2417 else
2418 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
2419
2420 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
2421 WPA_PUT_BE16(msg->key_info, key_info);
2422
2423 if (peerkey->cipher == WPA_CIPHER_CCMP)
2424 WPA_PUT_BE16(msg->key_length, 16);
2425 else
2426 WPA_PUT_BE16(msg->key_length, 32);
2427
2428 os_memcpy(msg->replay_counter, peerkey->replay_counter,
2429 WPA_REPLAY_COUNTER_LEN);
2430 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
2431
2432 WPA_PUT_BE16(msg->key_data_length, kde_len);
2433 wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
2434 peerkey->smkid, PMKID_LEN);
2435
2436 if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
2437 wpa_msg(sm->ctx->ctx, MSG_WARNING,
2438 "RSN: Failed to get random data for INonce (STK)");
2439 os_free(mbuf);
2440 return;
2441 }
2442 wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
2443 peerkey->inonce, WPA_NONCE_LEN);
2444 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2445
2446 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
2447 MAC2STR(peerkey->addr));
2448 wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
2449 mbuf, mlen, NULL);
2450 }
2451
2452
2453 static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
2454 struct wpa_peerkey *peerkey)
2455 {
2456 size_t mlen;
2457 struct wpa_eapol_key *msg;
2458 u8 *mbuf, *pos;
2459 size_t kde_len;
2460 u16 key_info, ver;
2461 u32 lifetime;
2462
2463 kde_len = peerkey->rsnie_i_len +
2464 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
2465
2466 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2467 sizeof(*msg) + kde_len, &mlen,
2468 (void *) &msg);
2469 if (mbuf == NULL)
2470 return;
2471
2472 msg->type = EAPOL_KEY_TYPE_RSN;
2473
2474 if (peerkey->cipher == WPA_CIPHER_CCMP)
2475 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
2476 else
2477 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
2478
2479 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
2480 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
2481 WPA_PUT_BE16(msg->key_info, key_info);
2482
2483 if (peerkey->cipher == WPA_CIPHER_CCMP)
2484 WPA_PUT_BE16(msg->key_length, 16);
2485 else
2486 WPA_PUT_BE16(msg->key_length, 32);
2487
2488 os_memcpy(msg->replay_counter, peerkey->replay_counter,
2489 WPA_REPLAY_COUNTER_LEN);
2490 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
2491
2492 WPA_PUT_BE16(msg->key_data_length, kde_len);
2493 pos = (u8 *) (msg + 1);
2494 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
2495 lifetime = host_to_be32(peerkey->lifetime);
2496 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
2497 (u8 *) &lifetime, sizeof(lifetime));
2498
2499 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2500
2501 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
2502 MAC2STR(peerkey->addr));
2503 wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
2504 ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
2505 }
2506
2507
2508 static int wpa_supplicant_process_smk_m45(
2509 struct wpa_sm *sm, const unsigned char *src_addr,
2510 const struct wpa_eapol_key *key, size_t extra_len, int ver)
2511 {
2512 struct wpa_ssid *ssid = sm->cur_ssid;
2513 struct wpa_peerkey *peerkey;
2514 struct wpa_eapol_ie_parse kde;
2515 u32 lifetime;
2516 struct os_time now;
2517 struct wpa_ie_data ie;
2518
2519 if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
2520 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
2521 "the current network");
2522 return -1;
2523 }
2524
2525 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
2526 0) {
2527 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
2528 return -1;
2529 }
2530
2531 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
2532 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
2533 kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
2534 kde.lifetime == NULL || kde.lifetime_len < 4) {
2535 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
2536 "Lifetime KDE in SMK M4/M5");
2537 return -1;
2538 }
2539
2540 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2541 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
2542 os_memcmp(peerkey->initiator ? peerkey->inonce :
2543 peerkey->pnonce,
2544 key->key_nonce, WPA_NONCE_LEN) == 0)
2545 break;
2546 }
2547 if (peerkey == NULL) {
2548 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
2549 "for SMK M4/M5: peer " MACSTR,
2550 MAC2STR(kde.mac_addr));
2551 return -1;
2552 }
2553
2554 if (peerkey->initiator) {
2555 int cipher;
2556 wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
2557 MAC2STR(kde.mac_addr));
2558 if (kde.rsn_ie == NULL || kde.rsn_ie_len > PEERKEY_MAX_IE_LEN
2559 || wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) <
2560 0) {
2561 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
2562 /* TODO: abort negotiation */
2563 return -1;
2564 }
2565
2566 if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN)
2567 != 0) {
2568 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
2569 "not match with INonce used in SMK M1");
2570 return -1;
2571 }
2572
2573 if (os_memcmp(kde.smk + PMK_LEN, peerkey->inonce,
2574 WPA_NONCE_LEN) != 0) {
2575 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
2576 "match with the one used in SMK M1");
2577 return -1;
2578 }
2579
2580 os_memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2581 peerkey->rsnie_p_len = kde.rsn_ie_len;
2582 os_memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
2583
2584 cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
2585 if (cipher & WPA_CIPHER_CCMP) {
2586 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
2587 peerkey->cipher = WPA_CIPHER_CCMP;
2588 } else if (cipher & WPA_CIPHER_TKIP) {
2589 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
2590 peerkey->cipher = WPA_CIPHER_TKIP;
2591 } else {
2592 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR
2593 " selected unacceptable cipher",
2594 MAC2STR(kde.mac_addr));
2595 wpa_supplicant_send_smk_error(
2596 sm, src_addr, kde.mac_addr,
2597 STK_MUI_SMK, STK_ERR_CPHR_NS, ver);
2598 /* TODO: abort negotiation */
2599 return -1;
2600 }
2601 } else {
2602 wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator "
2603 MACSTR ")", MAC2STR(kde.mac_addr));
2604
2605 if (os_memcmp(kde.smk + PMK_LEN, peerkey->pnonce,
2606 WPA_NONCE_LEN) != 0) {
2607 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
2608 "match with the one used in SMK M3");
2609 return -1;
2610 }
2611
2612 if (os_memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0)
2613 {
2614 wpa_printf(MSG_INFO, "RSN: INonce in SMK M5 did not "
2615 "match with the one received in SMK M2");
2616 return -1;
2617 }
2618 }
2619
2620 os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
2621 peerkey->smk_complete = 1;
2622 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
2623 lifetime = WPA_GET_BE32(kde.lifetime);
2624 wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
2625 if (lifetime > 1000000000)
2626 lifetime = 1000000000; /* avoid overflowing expiration time */
2627 peerkey->lifetime = lifetime;
2628 os_get_time(&now);
2629 peerkey->expiration = now.sec + lifetime;
2630 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
2631 sm, peerkey);
2632
2633 if (peerkey->initiator) {
2634 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
2635 peerkey->inonce, sm->own_addr, peerkey->smkid);
2636 wpa_supplicant_send_stk_1_of_4(sm, peerkey);
2637 } else {
2638 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
2639 peerkey->inonce, peerkey->addr, peerkey->smkid);
2640 }
2641 wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
2642
2643 return 0;
2644 }
2645
2646
2647 static int wpa_supplicant_process_smk_error(
2648 struct wpa_sm *sm, const unsigned char *src_addr,
2649 const struct wpa_eapol_key *key, size_t extra_len)
2650 {
2651 struct wpa_ssid *ssid = sm->cur_ssid;
2652 struct wpa_eapol_ie_parse kde;
2653 struct rsn_error_kde error;
2654 u8 peer[ETH_ALEN];
2655 u16 error_type;
2656
2657 wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
2658
2659 if (ssid == NULL || !ssid->peerkey || sm->proto != WPA_PROTO_RSN) {
2660 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
2661 "the current network");
2662 return -1;
2663 }
2664
2665 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
2666 0) {
2667 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
2668 return -1;
2669 }
2670
2671 if (kde.error == NULL || kde.error_len < sizeof(error)) {
2672 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
2673 return -1;
2674 }
2675
2676 if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
2677 os_memcpy(peer, kde.mac_addr, ETH_ALEN);
2678 os_memcpy(&error, kde.error, sizeof(error));
2679 error_type = be_to_host16(error.error_type);
2680 wpa_msg(sm->ctx->ctx, MSG_INFO,
2681 "RSN: SMK Error KDE received: MUI %d error_type %d peer "
2682 MACSTR,
2683 be_to_host16(error.mui), error_type,
2684 MAC2STR(peer));
2685
2686 if (kde.mac_addr &&
2687 (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
2688 error_type == STK_ERR_CPHR_NS)) {
2689 struct wpa_peerkey *peerkey;
2690
2691 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2692 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
2693 0)
2694 break;
2695 }
2696 if (peerkey == NULL) {
2697 wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
2698 "found for SMK Error");
2699 return -1;
2700 }
2701 /* TODO: abort SMK/STK handshake and remove all related keys */
2702 }
2703
2704 return 0;
2705 }
2706
2707
2708 static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
2709 struct wpa_peerkey *peerkey,
2710 const struct wpa_eapol_key *key,
2711 u16 ver)
2712 {
2713 struct wpa_eapol_ie_parse ie;
2714 const u8 *kde;
2715 size_t len, kde_buf_len;
2716 struct wpa_ptk *stk;
2717 u8 buf[8], *kde_buf, *pos;
2718 u32 lifetime;
2719
2720 wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
2721 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2722
2723 os_memset(&ie, 0, sizeof(ie));
2724
2725 /* RSN: msg 1/4 should contain SMKID for the selected SMK */
2726 kde = (const u8 *) (key + 1);
2727 len = WPA_GET_BE16(key->key_data_length);
2728 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
2729 if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
2730 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
2731 return;
2732 }
2733 if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2734 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
2735 ie.pmkid, PMKID_LEN);
2736 return;
2737 }
2738
2739 if (hostapd_get_rand(peerkey->pnonce, WPA_NONCE_LEN)) {
2740 wpa_msg(sm->ctx->ctx, MSG_WARNING,
2741 "RSN: Failed to get random data for PNonce");
2742 return;
2743 }
2744 wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
2745 peerkey->pnonce, WPA_NONCE_LEN);
2746
2747 /* Calculate STK which will be stored as a temporary STK until it has
2748 * been verified when processing message 3/4. */
2749 stk = &peerkey->tstk;
2750 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
2751 sm->own_addr, peerkey->addr,
2752 peerkey->pnonce, key->key_nonce,
2753 (u8 *) stk, sizeof(*stk));
2754 /* Supplicant: swap tx/rx Mic keys */
2755 os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
2756 os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
2757 os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
2758 peerkey->tstk_set = 1;
2759
2760 kde_buf_len = peerkey->rsnie_p_len +
2761 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
2762 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2763 kde_buf = os_malloc(kde_buf_len);
2764 if (kde_buf == NULL)
2765 return;
2766 pos = kde_buf;
2767 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
2768 lifetime = host_to_be32(peerkey->lifetime);
2769 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
2770 (u8 *) &lifetime, sizeof(lifetime));
2771 pos = wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
2772
2773 if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
2774 peerkey->pnonce, kde_buf, kde_buf_len,
2775 stk)) {
2776 os_free(kde_buf);
2777 return;
2778 }
2779 os_free(kde_buf);
2780
2781 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2782 }
2783
2784
2785 static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
2786 struct wpa_peerkey *peerkey,
2787 struct wpa_eapol_ie_parse *kde)
2788 {
2789 u32 lifetime;
2790 struct os_time now;
2791
2792 if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
2793 return;
2794
2795 lifetime = WPA_GET_BE32(kde->lifetime);
2796
2797 if (lifetime >= peerkey->lifetime) {
2798 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
2799 "which is larger than or equal to own value %u "
2800 "seconds - ignored", lifetime, peerkey->lifetime);
2801 return;
2802 }
2803
2804 wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
2805 "(own was %u seconds) - updated",
2806 lifetime, peerkey->lifetime);
2807 peerkey->lifetime = lifetime;
2808
2809 os_get_time(&now);
2810 peerkey->expiration = now.sec + lifetime;
2811 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
2812 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
2813 sm, peerkey);
2814 }
2815
2816
2817 static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
2818 struct wpa_peerkey *peerkey,
2819 const struct wpa_eapol_key *key,
2820 u16 ver)
2821 {
2822 struct wpa_eapol_ie_parse kde;
2823 const u8 *keydata;
2824 size_t len;
2825
2826 wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
2827 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2828
2829 os_memset(&kde, 0, sizeof(kde));
2830
2831 /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
2832 * from the peer. It may also include Lifetime KDE. */
2833 keydata = (const u8 *) (key + 1);
2834 len = WPA_GET_BE16(key->key_data_length);
2835 wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
2836 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
2837 kde.pmkid == NULL || kde.rsn_ie == NULL) {
2838 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
2839 return;
2840 }
2841
2842 if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2843 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
2844 kde.pmkid, PMKID_LEN);
2845 return;
2846 }
2847
2848 if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
2849 os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
2850 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
2851 "handshakes did not match");
2852 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
2853 peerkey->rsnie_p, peerkey->rsnie_p_len);
2854 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
2855 kde.rsn_ie, kde.rsn_ie_len);
2856 return;
2857 }
2858
2859 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
2860
2861 wpa_supplicant_send_stk_3_of_4(sm, peerkey);
2862 os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
2863 }
2864
2865
2866 static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
2867 struct wpa_peerkey *peerkey,
2868 const struct wpa_eapol_key *key,
2869 u16 ver)
2870 {
2871 struct wpa_eapol_ie_parse kde;
2872 const u8 *keydata;
2873 size_t len, key_len;
2874 const u8 *_key;
2875 u8 key_buf[32], rsc[6];
2876
2877 wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
2878 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2879
2880 os_memset(&kde, 0, sizeof(kde));
2881
2882 /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
2883 * Lifetime KDE. */
2884 keydata = (const u8 *) (key + 1);
2885 len = WPA_GET_BE16(key->key_data_length);
2886 wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
2887 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
2888 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
2889 "STK 3/4");
2890 return;
2891 }
2892
2893 if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
2894 os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
2895 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
2896 "handshakes did not match");
2897 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
2898 "handshake",
2899 peerkey->rsnie_i, peerkey->rsnie_i_len);
2900 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
2901 "handshake",
2902 kde.rsn_ie, kde.rsn_ie_len);
2903 return;
2904 }
2905
2906 if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2907 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
2908 "4-Way Handshake differs from 3 of STK 4-Way "
2909 "Handshake - drop packet (src=" MACSTR ")",
2910 MAC2STR(peerkey->addr));
2911 return;
2912 }
2913
2914 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
2915
2916 if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
2917 WPA_GET_BE16(key->key_info),
2918 NULL, 0, &peerkey->stk))
2919 return;
2920
2921 _key = (u8 *) peerkey->stk.tk1;
2922 if (peerkey->cipher == WPA_CIPHER_TKIP) {
2923 /* Swap Tx/Rx keys for Michael MIC */
2924 os_memcpy(key_buf, _key, 16);
2925 os_memcpy(key_buf + 16, _key + 24, 8);
2926 os_memcpy(key_buf + 24, _key + 16, 8);
2927 _key = key_buf;
2928 key_len = 32;
2929 } else
2930 key_len = 16;
2931
2932 os_memset(rsc, 0, 6);
2933 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
2934 rsc, sizeof(rsc), _key, key_len) < 0) {
2935 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
2936 "driver.");
2937 return;
2938 }
2939 }
2940
2941
2942 static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
2943 struct wpa_peerkey *peerkey,
2944 const struct wpa_eapol_key *key,
2945 u16 ver)
2946 {
2947 u8 rsc[6];
2948
2949 wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
2950 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2951
2952 os_memset(rsc, 0, 6);
2953 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
2954 rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
2955 peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
2956 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
2957 "driver.");
2958 return;
2959 }
2960 }
2961 #endif /* CONFIG_PEERKEY */
2962
2963
2964 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
2965 const u8 *keydata,
2966 size_t keydatalen,
2967 u16 key_info,
2968 struct wpa_gtk_data *gd)
2969 {
2970 int maxkeylen;
2971 struct wpa_eapol_ie_parse ie;
2972
2973 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
2974 wpa_supplicant_parse_ies(keydata, keydatalen, &ie);
2975 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2976 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
2977 return -1;
2978 }
2979 if (ie.gtk == NULL) {
2980 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2");
2981 return -1;
2982 }
2983 maxkeylen = gd->gtk_len = ie.gtk_len - 2;
2984
2985 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
2986 gd->gtk_len, maxkeylen,
2987 &gd->key_rsc_len, &gd->alg))
2988 return -1;
2989
2990 wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
2991 ie.gtk, ie.gtk_len);
2992 gd->keyidx = ie.gtk[0] & 0x3;
2993 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
2994 !!(ie.gtk[0] & BIT(2)));
2995 if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
2996 wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE "
2997 "(len=%lu)", (unsigned long) ie.gtk_len - 2);
2998 return -1;
2999 }
3000 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
3001
3002 if (ieee80211w_set_keys(sm, &ie) < 0)
3003 wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
3004
3005 return 0;
3006 }
3007
3008
3009 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
3010 const struct wpa_eapol_key *key,
3011 size_t keydatalen, int key_info,
3012 size_t extra_len, u16 ver,
3013 struct wpa_gtk_data *gd)
3014 {
3015 size_t maxkeylen;
3016 u8 ek[32];
3017
3018 gd->gtk_len = WPA_GET_BE16(key->key_length);
3019 maxkeylen = keydatalen;
3020 if (keydatalen > extra_len) {
3021 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:"
3022 " key_data_length=%lu > extra_len=%lu",
3023 (unsigned long) keydatalen,
3024 (unsigned long) extra_len);
3025 return -1;
3026 }
3027 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3028 if (maxkeylen < 8) {
3029 wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)",
3030 (unsigned long) maxkeylen);
3031 return -1;
3032 }
3033 maxkeylen -= 8;
3034 }
3035
3036 if (wpa_supplicant_check_group_cipher(sm->group_cipher,
3037 gd->gtk_len, maxkeylen,
3038 &gd->key_rsc_len, &gd->alg))
3039 return -1;
3040
3041 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3042 WPA_KEY_INFO_KEY_INDEX_SHIFT;
3043 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3044 os_memcpy(ek, key->key_iv, 16);
3045 os_memcpy(ek + 16, sm->ptk.kek, 16);
3046 if (keydatalen > sizeof(gd->gtk)) {
3047 wpa_printf(MSG_WARNING, "WPA: RC4 key data "
3048 "too long (%lu)",
3049 (unsigned long) keydatalen);
3050 return -1;
3051 }
3052 os_memcpy(gd->gtk, key + 1, keydatalen);
3053 rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
3054 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3055 if (keydatalen % 8) {
3056 wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP "
3057 "len %lu", (unsigned long) keydatalen);
3058 return -1;
3059 }
3060 if (maxkeylen > sizeof(gd->gtk)) {
3061 wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data "
3062 "too long (keydatalen=%lu maxkeylen=%lu)",
3063 (unsigned long) keydatalen,
3064 (unsigned long) maxkeylen);
3065 return -1;
3066 }
3067 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
3068 (const u8 *) (key + 1), gd->gtk)) {
3069 wpa_printf(MSG_WARNING, "WPA: AES unwrap "
3070 "failed - could not decrypt GTK");
3071 return -1;
3072 }
3073 }
3074 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
3075 sm, !!(key_info & WPA_KEY_INFO_TXRX));
3076 return 0;
3077 }
3078
3079
3080 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
3081 const struct wpa_eapol_key *key,
3082 int ver, u16 key_info)
3083 {
3084 size_t rlen;
3085 struct wpa_eapol_key *reply;
3086 u8 *rbuf;
3087
3088 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
3089 sizeof(*reply), &rlen, (void *) &reply);
3090 if (rbuf == NULL)
3091 return -1;
3092
3093 reply->type = sm->proto == WPA_PROTO_RSN ?
3094 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
3095 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
3096 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
3097 WPA_PUT_BE16(reply->key_info, key_info);
3098 if (sm->proto == WPA_PROTO_RSN)
3099 WPA_PUT_BE16(reply->key_length, 0);
3100 else
3101 os_memcpy(reply->key_length, key->key_length, 2);
3102 os_memcpy(reply->replay_counter, key->replay_counter,
3103 WPA_REPLAY_COUNTER_LEN);
3104
3105 WPA_PUT_BE16(reply->key_data_length, 0);
3106
3107 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
3108 wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
3109 rbuf, rlen, reply->key_mic);
3110
3111 return 0;
3112 }
3113
3114
3115 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
3116 const unsigned char *src_addr,
3117 const struct wpa_eapol_key *key,
3118 int extra_len, u16 ver)
3119 {
3120 u16 key_info, keydatalen;
3121 int rekey, ret;
3122 struct wpa_gtk_data gd;
3123
3124 os_memset(&gd, 0, sizeof(gd));
3125
3126 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
3127 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
3128 MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
3129
3130 key_info = WPA_GET_BE16(key->key_info);
3131 keydatalen = WPA_GET_BE16(key->key_data_length);
3132
3133 if (sm->proto == WPA_PROTO_RSN) {
3134 ret = wpa_supplicant_process_1_of_2_rsn(sm,
3135 (const u8 *) (key + 1),
3136 keydatalen, key_info,
3137 &gd);
3138 } else {
3139 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
3140 key_info, extra_len,
3141 ver, &gd);
3142 }
3143
3144 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3145
3146 if (ret)
3147 return;
3148
3149 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
3150 wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
3151 return;
3152
3153 if (rekey) {
3154 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
3155 "completed with " MACSTR " [GTK=%s]",
3156 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3157 wpa_sm_set_state(sm, WPA_COMPLETED);
3158 } else {
3159 wpa_supplicant_key_neg_complete(sm, sm->bssid,
3160 key_info &
3161 WPA_KEY_INFO_SECURE);
3162 }
3163 }
3164
3165
3166 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
3167 struct wpa_eapol_key *key,
3168 u16 ver,
3169 const u8 *buf, size_t len)
3170 {
3171 u8 mic[16];
3172 int ok = 0;
3173
3174 os_memcpy(mic, key->key_mic, 16);
3175 if (sm->tptk_set) {
3176 os_memset(key->key_mic, 0, 16);
3177 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
3178 key->key_mic);
3179 if (os_memcmp(mic, key->key_mic, 16) != 0) {
3180 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3181 "when using TPTK - ignoring TPTK");
3182 } else {
3183 ok = 1;
3184 sm->tptk_set = 0;
3185 sm->ptk_set = 1;
3186 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3187 }
3188 }
3189
3190 if (!ok && sm->ptk_set) {
3191 os_memset(key->key_mic, 0, 16);
3192 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
3193 key->key_mic);
3194 if (os_memcmp(mic, key->key_mic, 16) != 0) {
3195 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3196 "- dropping packet");
3197 return -1;
3198 }
3199 ok = 1;
3200 }
3201
3202 if (!ok) {
3203 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC "
3204 "- dropping packet");
3205 return -1;
3206 }
3207
3208 os_memcpy(sm->rx_replay_counter, key->replay_counter,
3209 WPA_REPLAY_COUNTER_LEN);
3210 sm->rx_replay_counter_set = 1;
3211 return 0;
3212 }
3213
3214
3215 #ifdef CONFIG_PEERKEY
3216 static int wpa_supplicant_verify_eapol_key_mic_peerkey(
3217 struct wpa_sm *sm, struct wpa_peerkey *peerkey,
3218 struct wpa_eapol_key *key, u16 ver, const u8 *buf, size_t len)
3219 {
3220 u8 mic[16];
3221 int ok = 0;
3222
3223 if (peerkey->initiator && !peerkey->stk_set) {
3224 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
3225 sm->own_addr, peerkey->addr,
3226 peerkey->inonce, key->key_nonce,
3227 (u8 *) &peerkey->stk, sizeof(peerkey->stk));
3228 peerkey->stk_set = 1;
3229 }
3230
3231 os_memcpy(mic, key->key_mic, 16);
3232 if (peerkey->tstk_set) {
3233 os_memset(key->key_mic, 0, 16);
3234 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
3235 key->key_mic);
3236 if (os_memcmp(mic, key->key_mic, 16) != 0) {
3237 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3238 "when using TSTK - ignoring TSTK");
3239 } else {
3240 ok = 1;
3241 peerkey->tstk_set = 0;
3242 peerkey->stk_set = 1;
3243 os_memcpy(&peerkey->stk, &peerkey->tstk,
3244 sizeof(peerkey->stk));
3245 }
3246 }
3247
3248 if (!ok && peerkey->stk_set) {
3249 os_memset(key->key_mic, 0, 16);
3250 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
3251 key->key_mic);
3252 if (os_memcmp(mic, key->key_mic, 16) != 0) {
3253 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3254 "- dropping packet");
3255 return -1;
3256 }
3257 ok = 1;
3258 }
3259
3260 if (!ok) {
3261 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
3262 "- dropping packet");
3263 return -1;
3264 }
3265
3266 os_memcpy(peerkey->replay_counter, key->replay_counter,
3267 WPA_REPLAY_COUNTER_LEN);
3268 peerkey->replay_counter_set = 1;
3269 return 0;
3270 }
3271 #endif /* CONFIG_PEERKEY */
3272
3273
3274 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
3275 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
3276 struct wpa_eapol_key *key, u16 ver)
3277 {
3278 u16 keydatalen = WPA_GET_BE16(key->key_data_length);
3279
3280 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
3281 (u8 *) (key + 1), keydatalen);
3282 if (!sm->ptk_set) {
3283 wpa_printf(MSG_WARNING, "WPA: PTK not available, "
3284 "cannot decrypt EAPOL-Key key data.");
3285 return -1;
3286 }
3287
3288 /* Decrypt key data here so that this operation does not need
3289 * to be implemented separately for each message type. */
3290 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3291 u8 ek[32];
3292 os_memcpy(ek, key->key_iv, 16);
3293 os_memcpy(ek + 16, sm->ptk.kek, 16);
3294 rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
3295 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3296 u8 *buf;
3297 if (keydatalen % 8) {
3298 wpa_printf(MSG_WARNING, "WPA: Unsupported "
3299 "AES-WRAP len %d", keydatalen);
3300 return -1;
3301 }
3302 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
3303 buf = os_malloc(keydatalen);
3304 if (buf == NULL) {
3305 wpa_printf(MSG_WARNING, "WPA: No memory for "
3306 "AES-UNWRAP buffer");
3307 return -1;
3308 }
3309 if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
3310 (u8 *) (key + 1), buf)) {
3311 os_free(buf);
3312 wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
3313 "could not decrypt EAPOL-Key key data");
3314 return -1;
3315 }
3316 os_memcpy(key + 1, buf, keydatalen);
3317 os_free(buf);
3318 WPA_PUT_BE16(key->key_data_length, keydatalen);
3319 }
3320 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
3321 (u8 *) (key + 1), keydatalen);
3322 return 0;
3323 }
3324
3325
3326 /**
3327 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
3328 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3329 */
3330 void wpa_sm_aborted_cached(struct wpa_sm *sm)
3331 {
3332 if (sm && sm->cur_pmksa) {
3333 wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt");
3334 sm->cur_pmksa = NULL;
3335 }
3336 }
3337
3338
3339 static void wpa_eapol_key_dump(const struct wpa_eapol_key *key)
3340 {
3341 #ifndef CONFIG_NO_STDOUT_DEBUG
3342 u16 key_info = WPA_GET_BE16(key->key_info);
3343
3344 wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type);
3345 wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
3346 "%s%s%s%s%s%s%s)",
3347 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
3348 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3349 WPA_KEY_INFO_KEY_INDEX_SHIFT,
3350 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
3351 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
3352 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
3353 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
3354 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
3355 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
3356 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
3357 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
3358 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
3359 wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u",
3360 WPA_GET_BE16(key->key_length),
3361 WPA_GET_BE16(key->key_data_length));
3362 wpa_hexdump(MSG_DEBUG, " replay_counter",
3363 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
3364 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
3365 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
3366 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
3367 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
3368 wpa_hexdump(MSG_DEBUG, " key_mic", key->key_mic, 16);
3369 #endif /* CONFIG_NO_STDOUT_DEBUG */
3370 }
3371
3372
3373 /**
3374 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
3375 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3376 * @src_addr: Source MAC address of the EAPOL packet
3377 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
3378 * @len: Length of the EAPOL frame
3379 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
3380 *
3381 * This function is called for each received EAPOL frame. Other than EAPOL-Key
3382 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
3383 * only processing WPA and WPA2 EAPOL-Key frames.
3384 *
3385 * The received EAPOL-Key packets are validated and valid packets are replied
3386 * to. In addition, key material (PTK, GTK) is configured at the end of a
3387 * successful key handshake.
3388 */
3389 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
3390 const u8 *buf, size_t len)
3391 {
3392 size_t plen, data_len, extra_len;
3393 struct ieee802_1x_hdr *hdr;
3394 struct wpa_eapol_key *key;
3395 u16 key_info, ver;
3396 u8 *tmp;
3397 int ret = -1;
3398 struct wpa_peerkey *peerkey = NULL;
3399
3400 if (len < sizeof(*hdr) + sizeof(*key)) {
3401 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
3402 "EAPOL-Key (len %lu, expecting at least %lu)",
3403 (unsigned long) len,
3404 (unsigned long) sizeof(*hdr) + sizeof(*key));
3405 return 0;
3406 }
3407
3408 tmp = os_malloc(len);
3409 if (tmp == NULL)
3410 return -1;
3411 os_memcpy(tmp, buf, len);
3412
3413 hdr = (struct ieee802_1x_hdr *) tmp;
3414 key = (struct wpa_eapol_key *) (hdr + 1);
3415 plen = be_to_host16(hdr->length);
3416 data_len = plen + sizeof(*hdr);
3417 wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu",
3418 hdr->version, hdr->type, (unsigned long) plen);
3419
3420 if (hdr->version < EAPOL_VERSION) {
3421 /* TODO: backwards compatibility */
3422 }
3423 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
3424 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, "
3425 "not a Key frame", hdr->type);
3426 ret = 0;
3427 goto out;
3428 }
3429 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
3430 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
3431 "invalid (frame size %lu)",
3432 (unsigned long) plen, (unsigned long) len);
3433 ret = 0;
3434 goto out;
3435 }
3436
3437 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
3438 {
3439 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, "
3440 "discarded", key->type);
3441 ret = 0;
3442 goto out;
3443 }
3444 wpa_eapol_key_dump(key);
3445
3446 eapol_sm_notify_lower_layer_success(sm->eapol);
3447 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
3448 if (data_len < len) {
3449 wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
3450 "802.1X data", (unsigned long) len - data_len);
3451 }
3452 key_info = WPA_GET_BE16(key->key_info);
3453 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
3454 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
3455 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3456 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
3457 "version %d.", ver);
3458 goto out;
3459 }
3460
3461 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
3462 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3463 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "
3464 "descriptor version (%d) is not 2.", ver);
3465 if (sm->group_cipher != WPA_CIPHER_CCMP &&
3466 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
3467 /* Earlier versions of IEEE 802.11i did not explicitly
3468 * require version 2 descriptor for all EAPOL-Key
3469 * packets, so allow group keys to use version 1 if
3470 * CCMP is not used for them. */
3471 wpa_printf(MSG_INFO, "WPA: Backwards compatibility: "
3472 "allow invalid version for non-CCMP group "
3473 "keys");
3474 } else
3475 goto out;
3476 }
3477
3478 #ifdef CONFIG_PEERKEY
3479 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
3480 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3481 break;
3482 }
3483
3484 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
3485 if (!peerkey->initiator && peerkey->replay_counter_set &&
3486 os_memcmp(key->replay_counter, peerkey->replay_counter,
3487 WPA_REPLAY_COUNTER_LEN) <= 0) {
3488 wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
3489 "Counter did not increase (STK) - dropping "
3490 "packet");
3491 goto out;
3492 } else if (peerkey->initiator) {
3493 u8 _tmp[WPA_REPLAY_COUNTER_LEN];
3494 os_memcpy(_tmp, key->replay_counter,
3495 WPA_REPLAY_COUNTER_LEN);
3496 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
3497 if (os_memcmp(_tmp, peerkey->replay_counter,
3498 WPA_REPLAY_COUNTER_LEN) != 0) {
3499 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
3500 "Counter did not match (STK) - "
3501 "dropping packet");
3502 goto out;
3503 }
3504 }
3505 }
3506
3507 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
3508 wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer");
3509 goto out;
3510 }
3511 #endif /* CONFIG_PEERKEY */
3512
3513 if (!peerkey && sm->rx_replay_counter_set &&
3514 os_memcmp(key->replay_counter, sm->rx_replay_counter,
3515 WPA_REPLAY_COUNTER_LEN) <= 0) {
3516 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not"
3517 " increase - dropping packet");
3518 goto out;
3519 }
3520
3521 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
3522 #ifdef CONFIG_PEERKEY
3523 && (peerkey == NULL || !peerkey->initiator)
3524 #endif /* CONFIG_PEERKEY */
3525 ) {
3526 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info");
3527 goto out;
3528 }
3529
3530 if (key_info & WPA_KEY_INFO_REQUEST) {
3531 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - "
3532 "dropped");
3533 goto out;
3534 }
3535
3536 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
3537 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
3538 goto out;
3539
3540 #ifdef CONFIG_PEERKEY
3541 if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
3542 wpa_supplicant_verify_eapol_key_mic_peerkey(
3543 sm, peerkey, key, ver, tmp, data_len))
3544 goto out;
3545 #endif /* CONFIG_PEERKEY */
3546
3547 extra_len = data_len - sizeof(*hdr) - sizeof(*key);
3548
3549 if (WPA_GET_BE16(key->key_data_length) > extra_len) {
3550 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
3551 "frame - key_data overflow (%d > %lu)",
3552 WPA_GET_BE16(key->key_data_length),
3553 (unsigned long) extra_len);
3554 goto out;
3555 }
3556 extra_len = WPA_GET_BE16(key->key_data_length);
3557
3558 if (sm->proto == WPA_PROTO_RSN &&
3559 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
3560 if (wpa_supplicant_decrypt_key_data(sm, key, ver))
3561 goto out;
3562 extra_len = WPA_GET_BE16(key->key_data_length);
3563 }
3564
3565 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
3566 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
3567 wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key "
3568 "(Pairwise) with non-zero key index");
3569 goto out;
3570 }
3571 #ifdef CONFIG_PEERKEY
3572 if (peerkey) {
3573 if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK))
3574 == (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
3575 /* 3/4 STK 4-Way Handshake */
3576 wpa_supplicant_process_stk_3_of_4(sm, peerkey,
3577 key, ver);
3578 } else if (key_info & WPA_KEY_INFO_ACK) {
3579 /* 1/4 STK 4-Way Handshake */
3580 wpa_supplicant_process_stk_1_of_4(sm, peerkey,
3581 key, ver);
3582 } else if (key_info & WPA_KEY_INFO_SECURE) {
3583 /* 4/4 STK 4-Way Handshake */
3584 wpa_supplicant_process_stk_4_of_4(sm, peerkey,
3585 key, ver);
3586 } else {
3587 /* 2/4 STK 4-Way Handshake */
3588 wpa_supplicant_process_stk_2_of_4(sm, peerkey,
3589 key, ver);
3590 }
3591 } else
3592 #endif /* CONFIG_PEERKEY */
3593 if (key_info & WPA_KEY_INFO_MIC) {
3594 /* 3/4 4-Way Handshake */
3595 wpa_supplicant_process_3_of_4(sm, key, ver);
3596 } else {
3597 /* 1/4 4-Way Handshake */
3598 wpa_supplicant_process_1_of_4(sm, src_addr, key,
3599 ver);
3600 }
3601 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
3602 #ifdef CONFIG_PEERKEY
3603 if (key_info & WPA_KEY_INFO_ERROR) {
3604 /* SMK Error */
3605 wpa_supplicant_process_smk_error(sm, src_addr, key,
3606 extra_len);
3607 } else if (key_info & WPA_KEY_INFO_ACK) {
3608 /* SMK M2 */
3609 wpa_supplicant_process_smk_m2(sm, src_addr, key,
3610 extra_len, ver);
3611 } else {
3612 /* SMK M4 or M5 */
3613 wpa_supplicant_process_smk_m45(sm, src_addr, key,
3614 extra_len, ver);
3615 }
3616 #endif /* CONFIG_PEERKEY */
3617 } else {
3618 if (key_info & WPA_KEY_INFO_MIC) {
3619 /* 1/2 Group Key Handshake */
3620 wpa_supplicant_process_1_of_2(sm, src_addr, key,
3621 extra_len, ver);
3622 } else {
3623 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) "
3624 "without Mic bit - dropped");
3625 }
3626 }
3627
3628 ret = 1;
3629
3630 out:
3631 os_free(tmp);
3632 return ret;
3633 }
3634
3635
3636 #ifdef CONFIG_CTRL_IFACE
3637 static int wpa_cipher_bits(int cipher)
3638 {
3639 switch (cipher) {
3640 case WPA_CIPHER_CCMP:
3641 return 128;
3642 case WPA_CIPHER_TKIP:
3643 return 256;
3644 case WPA_CIPHER_WEP104:
3645 return 104;
3646 case WPA_CIPHER_WEP40:
3647 return 40;
3648 default:
3649 return 0;
3650 }
3651 }
3652
3653
3654 static const u8 * wpa_key_mgmt_suite(struct wpa_sm *sm)
3655 {
3656 static const u8 *dummy = (u8 *) "\x00\x00\x00\x00";
3657 switch (sm->key_mgmt) {
3658 case WPA_KEY_MGMT_IEEE8021X:
3659 return (sm->proto == WPA_PROTO_RSN ?
3660 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
3661 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
3662 case WPA_KEY_MGMT_PSK:
3663 return (sm->proto == WPA_PROTO_RSN ?
3664 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
3665 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
3666 case WPA_KEY_MGMT_WPA_NONE:
3667 return WPA_AUTH_KEY_MGMT_NONE;
3668 default:
3669 return dummy;
3670 }
3671 }
3672
3673
3674 static const u8 * wpa_cipher_suite(struct wpa_sm *sm, int cipher)
3675 {
3676 static const u8 *dummy = (u8 *) "\x00\x00\x00\x00";
3677 switch (cipher) {
3678 case WPA_CIPHER_CCMP:
3679 return (sm->proto == WPA_PROTO_RSN ?
3680 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
3681 case WPA_CIPHER_TKIP:
3682 return (sm->proto == WPA_PROTO_RSN ?
3683 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
3684 case WPA_CIPHER_WEP104:
3685 return (sm->proto == WPA_PROTO_RSN ?
3686 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
3687 case WPA_CIPHER_WEP40:
3688 return (sm->proto == WPA_PROTO_RSN ?
3689 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
3690 case WPA_CIPHER_NONE:
3691 return (sm->proto == WPA_PROTO_RSN ?
3692 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
3693 default:
3694 return dummy;
3695 }
3696 }
3697
3698
3699 #define RSN_SUITE "%02x-%02x-%02x-%d"
3700 #define RSN_SUITE_ARG(s) (s)[0], (s)[1], (s)[2], (s)[3]
3701
3702 /**
3703 * wpa_sm_get_mib - Dump text list of MIB entries
3704 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3705 * @buf: Buffer for the list
3706 * @buflen: Length of the buffer
3707 * Returns: Number of bytes written to buffer
3708 *
3709 * This function is used fetch dot11 MIB variables.
3710 */
3711 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
3712 {
3713 char pmkid_txt[PMKID_LEN * 2 + 1];
3714 int rsna, ret;
3715 size_t len;
3716
3717 if (sm->cur_pmksa) {
3718 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3719 sm->cur_pmksa->pmkid, PMKID_LEN);
3720 } else
3721 pmkid_txt[0] = '\0';
3722
3723 if ((sm->key_mgmt == WPA_KEY_MGMT_PSK ||
3724 sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X) &&
3725 sm->proto == WPA_PROTO_RSN)
3726 rsna = 1;
3727 else
3728 rsna = 0;
3729
3730 ret = os_snprintf(buf, buflen,
3731 "dot11RSNAOptionImplemented=TRUE\n"
3732 "dot11RSNAPreauthenticationImplemented=TRUE\n"
3733 "dot11RSNAEnabled=%s\n"
3734 "dot11RSNAPreauthenticationEnabled=%s\n"
3735 "dot11RSNAConfigVersion=%d\n"
3736 "dot11RSNAConfigPairwiseKeysSupported=5\n"
3737 "dot11RSNAConfigGroupCipherSize=%d\n"
3738 "dot11RSNAConfigPMKLifetime=%d\n"
3739 "dot11RSNAConfigPMKReauthThreshold=%d\n"
3740 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
3741 "dot11RSNAConfigSATimeout=%d\n",
3742 rsna ? "TRUE" : "FALSE",
3743 rsna ? "TRUE" : "FALSE",
3744 RSN_VERSION,
3745 wpa_cipher_bits(sm->group_cipher),
3746 sm->dot11RSNAConfigPMKLifetime,
3747 sm->dot11RSNAConfigPMKReauthThreshold,
3748 sm->dot11RSNAConfigSATimeout);
3749 if (ret < 0 || (size_t) ret >= buflen)
3750 return 0;
3751 len = ret;
3752
3753 ret = os_snprintf(
3754 buf + len, buflen - len,
3755 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3756 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3757 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3758 "dot11RSNAPMKIDUsed=%s\n"
3759 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3760 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3761 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3762 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
3763 "dot11RSNA4WayHandshakeFailures=%u\n",
3764 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3765 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3766 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3767 pmkid_txt,
3768 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3769 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3770 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3771 sm->dot11RSNA4WayHandshakeFailures);
3772 if (ret >= 0 && (size_t) ret < buflen)
3773 len += ret;
3774
3775 return (int) len;
3776 }
3777 #endif /* CONFIG_CTRL_IFACE */
3778
3779
3780 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
3781 void *ctx, int replace)
3782 {
3783 struct wpa_sm *sm = ctx;
3784
3785 if (sm->cur_pmksa == entry ||
3786 (sm->pmk_len == entry->pmk_len &&
3787 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
3788 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
3789 sm->cur_pmksa = NULL;
3790
3791 if (replace) {
3792 /* A new entry is being added, so no need to
3793 * deauthenticate in this case. This happens when EAP
3794 * authentication is completed again (reauth or failed
3795 * PMKSA caching attempt). */
3796 return;
3797 }
3798
3799 os_memset(sm->pmk, 0, sizeof(sm->pmk));
3800 wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED);
3801 wpa_sm_req_scan(sm, 0, 0);
3802 }
3803 }
3804
3805
3806 /**
3807 * wpa_sm_init - Initialize WPA state machine
3808 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
3809 * Returns: Pointer to the allocated WPA state machine data
3810 *
3811 * This function is used to allocate a new WPA state machine and the returned
3812 * value is passed to all WPA state machine calls.
3813 */
3814 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
3815 {
3816 struct wpa_sm *sm;
3817
3818 sm = os_zalloc(sizeof(*sm));
3819 if (sm == NULL)
3820 return NULL;
3821 sm->renew_snonce = 1;
3822 sm->ctx = ctx;
3823
3824 sm->dot11RSNAConfigPMKLifetime = 43200;
3825 sm->dot11RSNAConfigPMKReauthThreshold = 70;
3826 sm->dot11RSNAConfigSATimeout = 60;
3827
3828 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
3829 if (sm->pmksa == NULL) {
3830 wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization "
3831 "failed");
3832 os_free(sm);
3833 return NULL;
3834 }
3835
3836 return sm;
3837 }
3838
3839
3840 /**
3841 * wpa_sm_deinit - Deinitialize WPA state machine
3842 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3843 */
3844 void wpa_sm_deinit(struct wpa_sm *sm)
3845 {
3846 if (sm == NULL)
3847 return;
3848 pmksa_cache_deinit(sm->pmksa);
3849 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
3850 os_free(sm->assoc_wpa_ie);
3851 os_free(sm->ap_wpa_ie);
3852 os_free(sm->ap_rsn_ie);
3853 os_free(sm->ctx);
3854 #ifdef CONFIG_PEERKEY
3855 {
3856 struct wpa_peerkey *prev, *peerkey = sm->peerkey;
3857 while (peerkey) {
3858 prev = peerkey;
3859 peerkey = peerkey->next;
3860 os_free(prev);
3861 }
3862 }
3863 #endif /* CONFIG_PEERKEY */
3864 os_free(sm);
3865 }
3866
3867
3868 /**
3869 * wpa_sm_notify_assoc - Notify WPA state machine about association
3870 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3871 * @bssid: The BSSID of the new association
3872 *
3873 * This function is called to let WPA state machine know that the connection
3874 * was established.
3875 */
3876 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
3877 {
3878 if (sm == NULL)
3879 return;
3880
3881 wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
3882 os_memcpy(sm->bssid, bssid, ETH_ALEN);
3883 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
3884 sm->rx_replay_counter_set = 0;
3885 sm->renew_snonce = 1;
3886 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
3887 rsn_preauth_deinit(sm);
3888 }
3889
3890
3891 /**
3892 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
3893 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3894 *
3895 * This function is called to let WPA state machine know that the connection
3896 * was lost. This will abort any existing pre-authentication session.
3897 */
3898 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
3899 {
3900 rsn_preauth_deinit(sm);
3901 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
3902 sm->dot11RSNA4WayHandshakeFailures++;
3903 }
3904
3905
3906 /**
3907 * wpa_sm_set_pmk - Set PMK
3908 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3909 * @pmk: The new PMK
3910 * @pmk_len: The length of the new PMK in bytes
3911 *
3912 * Configure the PMK for WPA state machine.
3913 */
3914 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
3915 {
3916 if (sm == NULL)
3917 return;
3918
3919 sm->pmk_len = pmk_len;
3920 os_memcpy(sm->pmk, pmk, pmk_len);
3921 }
3922
3923
3924 /**
3925 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
3926 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3927 *
3928 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
3929 * will be cleared.
3930 */
3931 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
3932 {
3933 if (sm == NULL)
3934 return;
3935
3936 if (sm->cur_pmksa) {
3937 sm->pmk_len = sm->cur_pmksa->pmk_len;
3938 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
3939 } else {
3940 sm->pmk_len = PMK_LEN;
3941 os_memset(sm->pmk, 0, PMK_LEN);
3942 }
3943 }
3944
3945
3946 /**
3947 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
3948 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3949 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
3950 */
3951 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
3952 {
3953 if (sm)
3954 sm->fast_reauth = fast_reauth;
3955 }
3956
3957
3958 /**
3959 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
3960 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3961 * @scard_ctx: Context pointer for smartcard related callback functions
3962 */
3963 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
3964 {
3965 if (sm == NULL)
3966 return;
3967 sm->scard_ctx = scard_ctx;
3968 if (sm->preauth_eapol)
3969 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
3970 }
3971
3972
3973 /**
3974 * wpa_sm_set_config - Notification of current configration change
3975 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3976 * @config: Pointer to current network configuration
3977 *
3978 * Notify WPA state machine that configuration has changed. config will be
3979 * stored as a backpointer to network configuration. This can be %NULL to clear
3980 * the stored pointed.
3981 */
3982 void wpa_sm_set_config(struct wpa_sm *sm, struct wpa_ssid *config)
3983 {
3984 if (sm) {
3985 sm->cur_ssid = config;
3986 pmksa_cache_notify_reconfig(sm->pmksa);
3987 }
3988 }
3989
3990
3991 /**
3992 * wpa_sm_set_own_addr - Set own MAC address
3993 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3994 * @addr: Own MAC address
3995 */
3996 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
3997 {
3998 if (sm)
3999 os_memcpy(sm->own_addr, addr, ETH_ALEN);
4000 }
4001
4002
4003 /**
4004 * wpa_sm_set_ifname - Set network interface name
4005 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4006 * @ifname: Interface name
4007 * @bridge_ifname: Optional bridge interface name (for pre-auth)
4008 */
4009 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
4010 const char *bridge_ifname)
4011 {
4012 if (sm) {
4013 sm->ifname = ifname;
4014 sm->bridge_ifname = bridge_ifname;
4015 }
4016 }
4017
4018
4019 /**
4020 * wpa_sm_set_eapol - Set EAPOL state machine pointer
4021 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4022 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
4023 */
4024 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
4025 {
4026 if (sm)
4027 sm->eapol = eapol;
4028 }
4029
4030
4031 /**
4032 * wpa_sm_set_param - Set WPA state machine parameters
4033 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4034 * @param: Parameter field
4035 * @value: Parameter value
4036 * Returns: 0 on success, -1 on failure
4037 */
4038 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
4039 unsigned int value)
4040 {
4041 int ret = 0;
4042
4043 if (sm == NULL)
4044 return -1;
4045
4046 switch (param) {
4047 case RSNA_PMK_LIFETIME:
4048 if (value > 0)
4049 sm->dot11RSNAConfigPMKLifetime = value;
4050 else
4051 ret = -1;
4052 break;
4053 case RSNA_PMK_REAUTH_THRESHOLD:
4054 if (value > 0 && value <= 100)
4055 sm->dot11RSNAConfigPMKReauthThreshold = value;
4056 else
4057 ret = -1;
4058 break;
4059 case RSNA_SA_TIMEOUT:
4060 if (value > 0)
4061 sm->dot11RSNAConfigSATimeout = value;
4062 else
4063 ret = -1;
4064 break;
4065 case WPA_PARAM_PROTO:
4066 sm->proto = value;
4067 break;
4068 case WPA_PARAM_PAIRWISE:
4069 sm->pairwise_cipher = value;
4070 break;
4071 case WPA_PARAM_GROUP:
4072 sm->group_cipher = value;
4073 break;
4074 case WPA_PARAM_KEY_MGMT:
4075 sm->key_mgmt = value;
4076 break;
4077 #ifdef CONFIG_IEEE80211W
4078 case WPA_PARAM_MGMT_GROUP:
4079 sm->mgmt_group_cipher = value;
4080 break;
4081 #endif /* CONFIG_IEEE80211W */
4082 default:
4083 break;
4084 }
4085
4086 return ret;
4087 }
4088
4089
4090 /**
4091 * wpa_sm_get_param - Get WPA state machine parameters
4092 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4093 * @param: Parameter field
4094 * Returns: Parameter value
4095 */
4096 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
4097 {
4098 if (sm == NULL)
4099 return 0;
4100
4101 switch (param) {
4102 case RSNA_PMK_LIFETIME:
4103 return sm->dot11RSNAConfigPMKLifetime;
4104 case RSNA_PMK_REAUTH_THRESHOLD:
4105 return sm->dot11RSNAConfigPMKReauthThreshold;
4106 case RSNA_SA_TIMEOUT:
4107 return sm->dot11RSNAConfigSATimeout;
4108 case WPA_PARAM_PROTO:
4109 return sm->proto;
4110 case WPA_PARAM_PAIRWISE:
4111 return sm->pairwise_cipher;
4112 case WPA_PARAM_GROUP:
4113 return sm->group_cipher;
4114 case WPA_PARAM_KEY_MGMT:
4115 return sm->key_mgmt;
4116 #ifdef CONFIG_IEEE80211W
4117 case WPA_PARAM_MGMT_GROUP:
4118 return sm->mgmt_group_cipher;
4119 #endif /* CONFIG_IEEE80211W */
4120 default:
4121 return 0;
4122 }
4123 }
4124
4125
4126 /**
4127 * wpa_sm_get_status - Get WPA state machine
4128 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4129 * @buf: Buffer for status information
4130 * @buflen: Maximum buffer length
4131 * @verbose: Whether to include verbose status information
4132 * Returns: Number of bytes written to buf.
4133 *
4134 * Query WPA state machine for status information. This function fills in
4135 * a text area with current status information. If the buffer (buf) is not
4136 * large enough, status information will be truncated to fit the buffer.
4137 */
4138 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
4139 int verbose)
4140 {
4141 char *pos = buf, *end = buf + buflen;
4142 int ret;
4143
4144 ret = os_snprintf(pos, end - pos,
4145 "pairwise_cipher=%s\n"
4146 "group_cipher=%s\n"
4147 "key_mgmt=%s\n",
4148 wpa_cipher_txt(sm->pairwise_cipher),
4149 wpa_cipher_txt(sm->group_cipher),
4150 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4151 if (ret < 0 || ret >= end - pos)
4152 return pos - buf;
4153 pos += ret;
4154 return pos - buf;
4155 }
4156
4157
4158 /**
4159 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
4160 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4161 * @wpa_ie: Pointer to buffer for WPA/RSN IE
4162 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
4163 * Returns: 0 on success, -1 on failure
4164 *
4165 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
4166 * Request frame. The IE will be used to override the default value generated
4167 * with wpa_sm_set_assoc_wpa_ie_default().
4168 */
4169 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
4170 size_t *wpa_ie_len)
4171 {
4172 int res;
4173
4174 if (sm == NULL)
4175 return -1;
4176
4177 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
4178 if (res < 0)
4179 return -1;
4180 *wpa_ie_len = res;
4181
4182 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
4183 wpa_ie, *wpa_ie_len);
4184
4185 if (sm->assoc_wpa_ie == NULL) {
4186 /*
4187 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
4188 * the correct version of the IE even if PMKSA caching is
4189 * aborted (which would remove PMKID from IE generation).
4190 */
4191 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
4192 if (sm->assoc_wpa_ie == NULL)
4193 return -1;
4194
4195 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
4196 sm->assoc_wpa_ie_len = *wpa_ie_len;
4197 }
4198
4199 return 0;
4200 }
4201
4202
4203 /**
4204 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
4205 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4206 * @ie: Pointer to IE data (starting from id)
4207 * @len: IE length
4208 * Returns: 0 on success, -1 on failure
4209 *
4210 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
4211 * Request frame. The IE will be used to override the default value generated
4212 * with wpa_sm_set_assoc_wpa_ie_default().
4213 */
4214 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
4215 {
4216 if (sm == NULL)
4217 return -1;
4218
4219 os_free(sm->assoc_wpa_ie);
4220 if (ie == NULL || len == 0) {
4221 wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
4222 sm->assoc_wpa_ie = NULL;
4223 sm->assoc_wpa_ie_len = 0;
4224 } else {
4225 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
4226 sm->assoc_wpa_ie = os_malloc(len);
4227 if (sm->assoc_wpa_ie == NULL)
4228 return -1;
4229
4230 os_memcpy(sm->assoc_wpa_ie, ie, len);
4231 sm->assoc_wpa_ie_len = len;
4232 }
4233
4234 return 0;
4235 }
4236
4237
4238 /**
4239 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
4240 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4241 * @ie: Pointer to IE data (starting from id)
4242 * @len: IE length
4243 * Returns: 0 on success, -1 on failure
4244 *
4245 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
4246 * frame.
4247 */
4248 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
4249 {
4250 if (sm == NULL)
4251 return -1;
4252
4253 os_free(sm->ap_wpa_ie);
4254 if (ie == NULL || len == 0) {
4255 wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE");
4256 sm->ap_wpa_ie = NULL;
4257 sm->ap_wpa_ie_len = 0;
4258 } else {
4259 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
4260 sm->ap_wpa_ie = os_malloc(len);
4261 if (sm->ap_wpa_ie == NULL)
4262 return -1;
4263
4264 os_memcpy(sm->ap_wpa_ie, ie, len);
4265 sm->ap_wpa_ie_len = len;
4266 }
4267
4268 return 0;
4269 }
4270
4271
4272 /**
4273 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
4274 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4275 * @ie: Pointer to IE data (starting from id)
4276 * @len: IE length
4277 * Returns: 0 on success, -1 on failure
4278 *
4279 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
4280 * frame.
4281 */
4282 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
4283 {
4284 if (sm == NULL)
4285 return -1;
4286
4287 os_free(sm->ap_rsn_ie);
4288 if (ie == NULL || len == 0) {
4289 wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE");
4290 sm->ap_rsn_ie = NULL;
4291 sm->ap_rsn_ie_len = 0;
4292 } else {
4293 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
4294 sm->ap_rsn_ie = os_malloc(len);
4295 if (sm->ap_rsn_ie == NULL)
4296 return -1;
4297
4298 os_memcpy(sm->ap_rsn_ie, ie, len);
4299 sm->ap_rsn_ie_len = len;
4300 }
4301
4302 return 0;
4303 }
4304
4305
4306 /**
4307 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
4308 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4309 * @data: Pointer to data area for parsing results
4310 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
4311 *
4312 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
4313 * parsed data into data.
4314 */
4315 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
4316 {
4317 if (sm == NULL || sm->assoc_wpa_ie == NULL) {
4318 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from "
4319 "association info");
4320 return -1;
4321 }
4322 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
4323 return -2;
4324 return 0;
4325 }
DragonFly BSD