search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
K2.6 patches and update.
[tomato.git] / release / src-rt / wl / nas / wpa.c
blob4093701663a0b6b6b1bcf869257a0035e003d32e
1 /*
2 * WPA, WiFi Protected Access
3 *
4 * Copyright (C) 2002, 2003 Broadcom Corporation
5 *
6 * $Id: wpa.c 278326 2011-08-18 15:10:40Z palter $
7 */
8
9 #include <typedefs.h>
10 #include <stdlib.h>
11 #include <unistd.h>
12 #include <string.h>
13 #include <time.h>
14
15 #include <bcmendian.h>
16 #include <bcmutils.h>
17 #include <wlioctl.h>
18
19 #include <proto/ethernet.h>
20 #include <proto/802.11.h>
21 #include <proto/eapol.h>
22 #include <proto/eap.h>
23 #include <bcmcrypto/aeskeywrap.h>
24 #include <bcmcrypto/rc4.h>
25 #include <bcmcrypto/sha1.h>
26 #include <bcmwpa.h>
27 #ifdef MFP
28 #include <bcmcrypto/aes.h>
29 #include <bcmcrypto/hmac_sha256.h>
30 #endif
31
32 #include <nas.h>
33 #include <wpa.h>
34
35 #ifdef __ECOS
36 #define timer_t int
37 #endif
38
39 #ifdef BCMWPA2
40 #define CHECK_WPA2(mode) ((mode) & (WPA2 | WPA2_PSK))
41 #else
42 #define CHECK_WPA2(mode) FALSE
43 #endif
44
45 #define MAX_ARRAY 1
46 #define MIN_ARRAY 0
47
48 /* mapping from WEP key length to CRYPTO_ALGO_WEPXXX */
49 #define WEP_KEY2ALGO(len) ((len) == WEP1_KEY_SIZE ? CRYPTO_ALGO_WEP1 : \
50 (len) == WEP128_KEY_SIZE ? CRYPTO_ALGO_WEP128 : \
51 CRYPTO_ALGO_OFF)
52 /* mapping from WPA_CIPHER_XXXX to CRYPTO_ALGO_XXXX */
53 #define WPA_CIPHER2ALGO(cipher) ((cipher) == WPA_CIPHER_WEP_40 ? CRYPTO_ALGO_WEP1 : \
54 (cipher) == WPA_CIPHER_WEP_104 ? CRYPTO_ALGO_WEP128 : \
55 (cipher) == WPA_CIPHER_TKIP ? CRYPTO_ALGO_TKIP : \
56 (cipher) == WPA_CIPHER_AES_CCM ? CRYPTO_ALGO_AES_CCM : \
57 CRYPTO_ALGO_OFF)
58 #define CRYPTO_ALGO2CIPHER(algo) ((algo) == CRYPTO_ALGO_WEP1 ? WPA_CIPHER_WEP_40 : \
59 (algo) == CRYPTO_ALGO_WEP128 ? WPA_CIPHER_WEP_104 : \
60 (algo) == CRYPTO_ALGO_TKIP ? WPA_CIPHER_TKIP : \
61 (algo) == CRYPTO_ALGO_AES_CCM ? WPA_CIPHER_AES_CCM : \
62 WPA_CIPHER_NONE)
63 /* mapping from WPA_CIPHER_XXXX to wsec */
64 #define WPA_CIPHER2WSEC(cipher) ((cipher) == WPA_CIPHER_WEP_40 ? WEP_ENABLED : \
65 (cipher) == WPA_CIPHER_WEP_104 ? WEP_ENABLED : \
66 (cipher) == WPA_CIPHER_TKIP ? TKIP_ENABLED : \
67 (cipher) == WPA_CIPHER_AES_CCM ? AES_ENABLED : \
68 0)
69 /* PRF() expects to write its result sloppily. */
70 #define PRF_RESULT_LEN 80
71 #include <bcmcrypto/prf.h>
72
73 static void wpa_calc_ptk(wpa_t *wpa, nas_sta_t *sta);
74 static void wpa_gen_gtk(wpa_t *wpa, nas_sta_t *sta);
75 static void wpa_plumb_gtk(wpa_t *wpa, int primary);
76 static bool wpa_encr_gtk(wpa_t *wpa, nas_sta_t *ssta, uint8 *encrypted, uint16 *encrypted_len);
77 #ifdef BCMSUPPL
78 static bool wpa_decr_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_wpa_key_header_t *body);
79 #endif /* ifdef BCMSUPPL */
80 #ifdef BCMWPA2
81 static bool wpa_insert_pmkid(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol, uint16 *data_len);
82 static bool wpa_insert_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol, uint16 *data_len);
83 static bool wpa_encr_key_data(wpa_t *wpa, nas_sta_t *sta, uint8 *buffer, uint16 *data_len);
84 #ifdef BCMSUPPL
85 static bool wpa_extract_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
86 static bool wpa_decr_key_data(wpa_t *wpa, nas_sta_t *sta, eapol_wpa_key_header_t *body);
87 #endif /* ifdef BCMSUPPL */
88 static itimer_status_t wpa_set_timeout(bcm_timer_id td, int secs, int msecs);
89 #endif /* BCMWPA2 */
90 static bool wpa_check_mic(nas_sta_t *sta, eapol_header_t *eapol);
91 static bool wpa_send_eapol(wpa_t *wpa, nas_sta_t *sta);
92 static void wpa_incr_gkc(wpa_t *wpa);
93 static int wpa_verifystart(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
94 static int wpa_ptkstart(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
95 static int wpa_ptkinitnegotiating(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
96 static int wpa_ptkinitdone(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
97 static int wpa_ptkinitdone2(wpa_t *wpa, nas_sta_t *sta);
98 static void wpa_rekeyneg(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
99 static void wpa_setkeysdone(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol);
100 static void wpa_retransmission(bcm_timer_id td, nas_sta_t *sta);
101 static void wpa_new_gtk_callback(bcm_timer_id td, wpa_t *wpa);
102 extern int nas_get_stainfo(nas_t *nas, char *macaddr, int len, char *ret_buf, int ret_buf_len);
103
104 #ifdef MFP
105 #define MFP2 1
106 static void wpa_gen_igtk(wpa_t *wpa);
107 static void wpa_initialize_ipn(wpa_t *wpa);
108 #endif
109
110 /* Definitions for interval timer periods */
111 #define RETRY_SECS 1
112 #define RETRY_MSECS 0
113 #define NSECS_PER_MSEC 1000*1000
114
115 /* local prototypes */
116 static int wpa_find_mckey_algo(wpa_t *wpa, uint8 *ie, int ie_len);
117 static int wpa_new_ptk_callback(bcm_timer_id td, wpa_t *wpa);
118
119 /* Toggle GTK index. Indices 1 - 3 are usable; spec recommends 1 and 2. */
120 #define GTK_NEXT_INDEX(wpa) ((wpa)->gtk_index == GTK_INDEX_1 ? GTK_INDEX_2 : GTK_INDEX_1)
121 /* Toggle GTK index. Indices 1 - 3 are usable; spec recommends 1 and 2. */
122 #define IGTK_NEXT_INDEX(wpa) ((wpa)->igtk.id == IGTK_INDEX_1 ? IGTK_INDEX_2 : IGTK_INDEX_1)
123
124 /* Set an iterval timer. */
125 itimer_status_t
126 wpa_set_itimer(bcm_timer_module_id module, bcm_timer_id *td,
127 bcm_timer_cb handler, int handler_param, int secs, int msecs)
128 {
129 struct itimerspec timer;
130 itimer_status_t ret = ITIMER_OK;
131
132 timer.it_interval.tv_sec = secs;
133 timer.it_interval.tv_nsec = msecs * NSECS_PER_MSEC;
134 timer.it_value.tv_sec = secs;
135 timer.it_value.tv_nsec = msecs * NSECS_PER_MSEC;
136
137 if (bcm_timer_create(module, td))
138 ret = ITIMER_CREATE_ERROR;
139 else if (bcm_timer_connect(*td, handler, handler_param))
140 ret = ITIMER_CONNECT_ERROR;
141 else if (bcm_timer_settime(*td, &timer))
142 ret = ITIMER_SET_ERROR;
143 return ret;
144 }
145
146 #ifdef BCMWPA2
147 static itimer_status_t
148 wpa_set_timeout(bcm_timer_id td, int secs, int msecs)
149 {
150 struct itimerspec timer;
151 itimer_status_t ret = ITIMER_OK;
152
153 if (msecs >= 1000) {
154 secs = msecs / 1000;
155 msecs -= (secs * 1000);
156 }
157 timer.it_interval.tv_sec = secs;
158 timer.it_interval.tv_nsec = msecs * NSECS_PER_MSEC;
159 timer.it_value.tv_sec = secs;
160 timer.it_value.tv_nsec = msecs * NSECS_PER_MSEC;
161
162 bcm_timer_change_expirytime(td, &timer);
163
164 return ret;
165
166 }
167 #endif /* BCMWPA2 */
168
169 /* remove the retransmission timer if any and do some clean up */
170 void
171 wpa_stop_retx(nas_sta_t *sta)
172 {
173 if (sta->td)
174 TIMER_DELETE(sta->td);
175 sta->retx_exceed_hndlr = NULL;
176 }
177
178 /* ARGSUSED */
179 static void
180 wpa_retransmission(bcm_timer_id td, nas_sta_t *sta)
181 {
182 nas_t *nas = sta->nas;
183 wpa_suppl_state_t save_state;
184 int reason;
185 #ifdef BCMDBG
186 char eabuf[ETHER_ADDR_STR_LEN];
187 #endif
188 #ifdef BCMWPA2
189 int retry_timer;
190 #endif
191
192 if (sta)
193 dbg(nas, "start for %s (%d)",
194 ether_etoa((uchar *)&sta->ea, eabuf), sta->retries + 1);
195 else {
196 dbg(nas, "called with NULL sta");
197 return;
198 }
199
200 if (nas->MIC_countermeasures)
201 /* This can happen very early during countermeasures
202 * when nothing should go out. Clean-up is elsewhere.
203 */
204 return;
205
206 else if (sta->suppl.state == WPA_SETKEYSDONE ||
207 ((nas->flags & NAS_FLAG_WDS) && sta->suppl.state == WPA_PTKINITDONE)) {
208 /* Check STA state for race between interval timer firing and
209 * receipt of response.
210 */
211 wpa_stop_retx(sta);
212 return;
213 }
214
215 /* error handling when retry limit is exceeded. */
216 if (++sta->retries > WPA_RETRY) {
217 /* don't toss the sta if it is part of the initiator/requestor */
218 if (sta->wds_td) {
219 /*
220 * deauth the sta after the first batch retries and
221 * give it a chance for the second batch retries.
222 */
223 if (sta->retries == WPA_RETRY + 1) {
224 dbg(nas, "deauthenticating %s",
225 ether_etoa((uchar *)&sta->ea, eabuf));
226 nas_deauthenticate(nas, &sta->ea, DOT11_RC_4WH_TIMEOUT);
227 }
228 /* done the second batch retries as well */
229 else if (sta->retries == (WPA_RETRY + 1) * 2) {
230 /*
231 * done for this time, it is up to the
232 * initiator/requestor to reschedule the
233 * next batch of retries.
234 */
235 wpa_stop_retx(sta);
236 return;
237 }
238 /* send eapol message */
239 goto xmit;
240 }
241 /* Disassoc the supplicant unless there is a handler */
242 if (sta->retx_exceed_hndlr) {
243 sta->retx_exceed_hndlr(sta);
244 wpa_stop_retx(sta);
245 return;
246 }
247 /* force timeout so that cleanup_sta() can toss the sta for WPA2 */
248 sta->pae.ssnto = 0;
249 /* deauth the sta - also removes any unicast key we have
250 * for it and deallocates its suppl struct.
251 */
252 reason = DOT11_RC_4WH_TIMEOUT;
253 if (sta->suppl.retry_state == WPA_REKEYNEGOTIATING)
254 reason = DOT11_RC_GTK_UPDATE_TIMEOUT;
255 cleanup_sta(nas, sta, reason, 0);
256 return;
257 }
258
259 xmit: /* Send eapol on to the air */
260 /* increment the replay counter */
261 wpa_incr_array(sta->suppl.replay, REPLAY_LEN);
262
263 save_state = sta->suppl.state;
264 sta->suppl.state = sta->suppl.retry_state;
265 if (wpa_send_eapol(nas->wpa, sta) == FALSE) {
266 wpa_stop_retx(sta);
267 }
268 #ifdef BCMWPA2
269 if (((sta->mode & WPA2) || (sta->mode & WPA2_PSK))) {
270 if (sta->td) {
271 if (sta->retries == 1)
272 retry_timer = sta->listen_interval_ms / 2;
273 else
274 retry_timer = sta->listen_interval_ms;
275 if (retry_timer > WPA2_DEFAULT_RETRY_MSECS) {
276 dbg(nas, "setting timeout to %d msec", retry_timer);
277 wpa_set_timeout(sta->td, 0, retry_timer);
278 }
279 }
280 }
281 #endif /* BCMWPA2 */
282 sta->suppl.state = save_state;
283
284 dbg(nas, "done");
285 }
286
287 #ifdef BCMWPA2
288 void
289 nas_wpa_calc_pmkid(wpa_t *wpa, nas_sta_t *sta)
290 {
291 /* PMKID = HMAC-SHA1-128(PMK, "PMK Name" | AA | SPA) */
292 uint8 data[128], digest[SHA1HashSize];
293 uint8 prefix[] = "PMK Name";
294 int data_len = 0;
295
296 /* create the the data portion */
297 bcopy(prefix, data, strlen((char *)prefix));
298 data_len += strlen((char *)prefix);
299 bcopy((uint8*)&wpa->nas->ea, &data[data_len], ETHER_ADDR_LEN);
300 data_len += ETHER_ADDR_LEN;
301 bcopy((uint8*)&sta->ea, &data[data_len], ETHER_ADDR_LEN);
302 data_len += ETHER_ADDR_LEN;
303
304 /* generate the pmkid */
305 hmac_sha1(data, data_len, sta->suppl.pmk, sta->suppl.pmk_len, digest);
306 bcopy(digest, sta->suppl.pmkid, WPA2_PMKID_LEN);
307
308 dbg(wpa->nas, "PMKID");
309 dump(wpa->nas, sta->suppl.pmkid, WPA2_PMKID_LEN);
310
311 dbg(wpa->nas, "done");
312 }
313 #endif /* BCMWPA2 */
314
315 static void
316 wpa_calc_ptk(wpa_t *wpa, nas_sta_t *sta)
317 {
318 unsigned char data[128], prf_buff[PRF_RESULT_LEN];
319 unsigned char prefix[] = "Pairwise key expansion";
320 int data_len = 0;
321 uint8 *p;
322
323 /* create the the data portion */
324 p = wpa_array_cmp(MIN_ARRAY, (uint8*)&wpa->nas->ea, (uint8*)&sta->ea, ETHER_ADDR_LEN);
325 bcopy(p ? (char*)p : (char*)&wpa->nas->ea, (char*)&data[data_len], ETHER_ADDR_LEN);
326 data_len += ETHER_ADDR_LEN;
327
328 p = wpa_array_cmp(MAX_ARRAY, (uint8*)&wpa->nas->ea, (uint8*)&sta->ea, ETHER_ADDR_LEN);
329 bcopy(p ? (char*)p : (char*)&wpa->nas->ea, (char*)&data[data_len], ETHER_ADDR_LEN);
330 data_len += ETHER_ADDR_LEN;
331
332 p = wpa_array_cmp(MIN_ARRAY, (uint8*)&sta->suppl.snonce,
333 (uint8*)&sta->suppl.anonce, NONCE_LEN);
334 bcopy(p ? (char*)p : (char*)&sta->suppl.snonce, (char*)&data[data_len], NONCE_LEN);
335 data_len += NONCE_LEN;
336
337 p = wpa_array_cmp(MAX_ARRAY, (uint8*)&sta->suppl.snonce,
338 (uint8*)&sta->suppl.anonce, NONCE_LEN);
339 bcopy(p ? (char*)p : (char*)&sta->suppl.snonce, (char*)&data[data_len], NONCE_LEN);
340 data_len += NONCE_LEN;
341
342 /* generate the ptk */
343 if (sta->suppl.ptk_len > TKIP_PTK_LEN) {
344 err(wpa->nas, "ptk_len = %d", sta->suppl.ptk_len);
345 nas_handle_error(wpa->nas, 1);
346 }
347
348 dbg(wpa->nas, "STA : SUPPL PMK \n");
349 dump(wpa->nas, sta->suppl.pmk, sta->suppl.pmk_len);
350 #ifdef MFP
351 if (sta->key_auth_type == KEYAUTH_SHA256) {
352 KDF(sta->suppl.pmk, sta->suppl.pmk_len, prefix, strlen((char *)prefix),
353 data, data_len, prf_buff, sta->suppl.ptk_len);
354 dbg(wpa->nas, "ptk with kdf SH256 \n");
355 }
356 else
357 #endif
358 {
359 fPRF(sta->suppl.pmk, sta->suppl.pmk_len, prefix, strlen((char *)prefix),
360 data, data_len, prf_buff, sta->suppl.ptk_len);
361 dbg(wpa->nas, "ptk with kdf SHA1 \n");
362 }
363
364 memcpy(sta->suppl.eapol_mic_key, prf_buff, sta->suppl.ptk_len);
365 dbg(wpa->nas, "done");
366 }
367
368 static void
369 wpa_gen_gtk(wpa_t *wpa, nas_sta_t *sta)
370 {
371 unsigned char data[256], prf_buff[PRF_RESULT_LEN];
372 unsigned char prefix[] = "Group key expansion";
373 int data_len = 0;
374
375 /* Select a mcast cipher */
376 dbg(wpa->nas, "wpa->nas->wsec 0x%x", wpa->nas->wsec);
377 switch (WPA_MCAST_CIPHER(wpa->nas->wsec, WEP_KEY2ALGO(wpa->gtk_len))) {
378 case WPA_CIPHER_TKIP:
379 dbg(wpa->nas, "TKIP");
380 wpa->gtk_len = TKIP_TK_LEN;
381 break;
382 case WPA_CIPHER_AES_CCM:
383 dbg(wpa->nas, "AES");
384 wpa->gtk_len = AES_TK_LEN;
385 break;
386 default:
387 dbg(wpa->nas, "not supported multicast cipher");
388 return;
389 }
390 dbg(wpa->nas, "gtk_len %d", wpa->gtk_len);
391
392 /* create the the data portion */
393 bcopy((char*)&wpa->nas->ea, (char*)&data[data_len], ETHER_ADDR_LEN);
394 data_len += ETHER_ADDR_LEN;
395 bcopy(wpa->global_key_counter, wpa->gnonce, NONCE_LEN);
396 wpa_incr_gkc(wpa);
397 bcopy((char*)&wpa->gnonce, (char*)&data[data_len], NONCE_LEN);
398 data_len += NONCE_LEN;
399
400 /* generate the GTK */
401 fPRF(wpa->gmk, sizeof(wpa->gmk), prefix, strlen((char *)prefix),
402 data, data_len, prf_buff, wpa->gtk_len);
403 memcpy(wpa->gtk, prf_buff, wpa->gtk_len);
404
405 /* The driver clears the IV when it gets a new key, so
406 * clearing RSC should be consistent with that, right?
407 */
408 memset(wpa->gtk_rsc, 0, sizeof(wpa->gtk_rsc));
409
410 dbg(wpa->nas, "done");
411 }
412
413 static void
414 wpa_plumb_gtk(wpa_t *wpa, int primary)
415 {
416 /* install the key */
417 if (nas_set_key(wpa->nas, NULL, wpa->gtk, wpa->gtk_len,
418 wpa->gtk_index, primary, 0, 0) < 0) {
419 err(wpa->nas, "invalid multicast key");
420 nas_handle_error(wpa->nas, 1);
421 }
422 wpa->nas->flags |= NAS_FLAG_GTK_PLUMBED;
423 dbg(wpa->nas, "done");
424 }
425
426 static void
427 wpa_set_gtk_timer(wpa_t *wpa)
428 {
429 itimer_status_t ts;
430
431 dbg(wpa->nas, "start, rekey timer = %d", wpa->gtk_rekey_secs);
432 if (wpa->gtk_rekey_secs) {
433 /* Set up an interval timer to invoke the rekey function. */
434 ts = wpa_set_itimer(wpa->nas->timer, &wpa->gtk_rekey_timer,
435 (bcm_timer_cb)wpa_new_gtk_callback,
436 (int)wpa, wpa->gtk_rekey_secs, 0);
437 if (ts != ITIMER_OK)
438 dbg(wpa->nas, "GTK interval timer set failed, code %d", ts);
439 }
440 dbg(wpa->nas, "done");
441 }
442
443
444 /* The timer call-back expects to pass a timer descriptor, but there's
445 * no use for it here.
446 */
447 /* ARGSUSED */
448 static void
449 wpa_new_gtk_callback(bcm_timer_id td, wpa_t *wpa)
450 {
451 int did_one = 0;
452 nas_t *nas = wpa->nas;
453 nas_sta_t *sta = nas->sta;
454 itimer_status_t ts;
455
456 dbg(nas, "start");
457
458 do {
459 /* Only a supplicant in the state of having keys
460 * already should be of interest for this purpose.
461 */
462 if ((sta->used == 0) || (sta->suppl.state != WPA_SETKEYSDONE))
463 continue;
464
465 /* Found one, so cobble a new key. */
466 if (!did_one) {
467 wpa_gen_gtk(wpa, sta);
468 wpa->gtk_index = GTK_NEXT_INDEX(wpa);
469 wpa_plumb_gtk(wpa, 0);
470 #ifdef MFP2
471 wpa_gen_igtk(wpa);
472 wpa->igtk.id = IGTK_NEXT_INDEX(wpa);
473 #endif
474 did_one = 1;
475 }
476 /* Set state wpa_send_eapol uses for the group key message. */
477 sta->suppl.retry_state = sta->suppl.state = WPA_REKEYNEGOTIATING;
478 sta->retries = 0;
479 wpa_stop_retx(sta);
480 wpa_incr_array(sta->suppl.replay, REPLAY_LEN);
481
482 if (wpa_send_eapol(wpa, sta) == FALSE) {
483 cleanup_sta(nas, sta, DOT11_RC_UNSPECIFIED, 0);
484
485 /* There is an OS on which nas has run where we got back from
486 * the send *after* the STA replied. If that happens, don't
487 * set the interval timer.
488 */
489 } else if (sta->suppl.state == WPA_REKEYNEGOTIATING) {
490 /* Set a timeout for retransmission */
491 ts = wpa_set_itimer(nas->timer, &sta->td,
492 (bcm_timer_cb)wpa_retransmission,
493 (int)sta, sta->wpa_msg_timeout_s,
494 sta->wpa_msg_timeout_ms);
495 if (ts != ITIMER_OK)
496 dbg(nas, "set of GTK update retry interval timer failed, code %d",
497 ts);
498 }
499 } while (++sta < (nas->sta + MAX_SUPPLICANTS));
500
501 /* Make it primary after it's been sent to all known supplicants. */
502 if (did_one)
503 wpa_plumb_gtk(wpa, 1);
504 else {
505 /* If a GTK was neither sent nor plumbed, maybe we
506 * should revert to the state where there isn't one.
507 */
508 }
509 dbg(nas, "done");
510 }
511
512 /* When we want a new group key at a time other than when the rekey
513 * interval timer goes off, we want to turn off the interval timer.
514 * Turning off that timer during a timer alarm callback can make a
515 * mess of what the timer module knows of its event queue, so this is
516 * a front-end for the cases when the work is not induced by the GTK
517 * rekey interval timer.
518 */
519 static void
520 wpa_new_gtk(wpa_t *wpa)
521 {
522 if (wpa->gtk_rekey_timer)
523 TIMER_DELETE(wpa->gtk_rekey_timer);
524
525 wpa_new_gtk_callback((bcm_timer_id) 0, wpa);
526 /* Begin a new rekeying interval. */
527 wpa_set_gtk_timer(wpa);
528 dbg(wpa->nas, "done");
529 }
530
531 static void
532 wpa_init_gtk(wpa_t *wpa, nas_sta_t *sta)
533 {
534 /* Cobble the key and plumb it. */
535 wpa_gen_gtk(wpa, sta);
536 wpa_plumb_gtk(wpa, 1);
537 wpa_set_gtk_timer(wpa);
538
539 dbg(wpa->nas, "done");
540 }
541
542 static bool
543 wpa_encr_gtk(wpa_t *wpa, nas_sta_t *sta, uint8 *encrypted, uint16 *encrypted_len)
544 {
545 unsigned char data[256], encrkey[32];
546 rc4_ks_t rc4key;
547 int len = wpa->gtk_len;
548
549 /* encrypt the gtk using RC4 */
550 switch (sta->suppl.desc) {
551 case WPA_KEY_DESC_V1:
552 dbg(wpa->nas, "v1");
553 /* create the iv/ptk key */
554 bcopy(&wpa->global_key_counter[KEY_COUNTER_LEN-16], encrkey, 16);
555 bcopy(sta->suppl.eapol_encr_key, &encrkey[16], 16);
556
557 /* copy the gtk into the encryption buffer */
558 bcopy(wpa->gtk, encrypted, len);
559 /* encrypt the gtk using RC4 */
560 prepare_key(encrkey, 32, &rc4key);
561 rc4(data, 256, &rc4key); /* dump 256 bytes */
562 rc4(encrypted, len, &rc4key);
563 break;
564 case WPA_KEY_DESC_V2:
565 #ifdef MFP
566 case WPA_KEY_DESC_V3:
567 #endif
568 dbg(wpa->nas, "v2");
569 /* pad gtk if needed - min. 16 bytes, 8 byte aligned */
570 if (len < 16) {
571 bzero(&wpa->gtk[len], 16 - len);
572 len = 16;
573 }
574 else if (len % AKW_BLOCK_LEN) {
575 bzero(&wpa->gtk[len], AKW_BLOCK_LEN - (len % AKW_BLOCK_LEN));
576 len += AKW_BLOCK_LEN - (len % AKW_BLOCK_LEN);
577 }
578 if (aes_wrap(sizeof(sta->suppl.eapol_encr_key), sta->suppl.eapol_encr_key,
579 len, wpa->gtk, encrypted)) {
580 dbg(wpa->nas, "encrypt failed");
581 return FALSE;
582 }
583 break;
584 default:
585 dbg(wpa->nas, "sta->suppl.desc = %d", sta->suppl.desc);
586 return FALSE;
587 }
588
589 /* tell the calling func how long the encrypted data is */
590 *encrypted_len = len;
591 return TRUE;
592 }
593
594 #ifdef BCMSUPPL
595 static bool
596 wpa_decr_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_wpa_key_header_t *body)
597 {
598 unsigned char data[256], encrkey[32];
599 rc4_ks_t rc4key;
600 ushort key_info = ntohs(body->key_info), len;
601
602 dbg(wpa->nas, "start");
603
604 wpa->gtk_len = ntohs(body->key_len);
605 len = ntohs(body->data_len);
606
607 wpa->gtk_index = (key_info & WPA_KEY_INDEX_MASK) >> WPA_KEY_INDEX_SHIFT;
608 dbg(wpa->nas, "gtk_index %d", wpa->gtk_index);
609
610 switch (sta->suppl.desc) {
611 case WPA_KEY_DESC_V1:
612 /* decrypt the gtk using RC4 */
613 dbg(wpa->nas, "v1");
614 bcopy(body->iv, encrkey, 16);
615 bcopy(sta->suppl.eapol_encr_key, &encrkey[16], 16);
616
617 /* decrypt the gtk using RC4 */
618 prepare_key(encrkey, 32, &rc4key);
619 rc4(data, 256, &rc4key); /* dump 256 bytes */
620 rc4(body->data, len, &rc4key);
621 bcopy(body->data, wpa->gtk, wpa->gtk_len);
622 break;
623 case WPA_KEY_DESC_V2:
624 #ifdef MFP
625 case WPA_KEY_DESC_V3:
626 #endif
627 /* decrypt the gtk using AES */
628 dbg(wpa->nas, "v2");
629 if (aes_unwrap(sizeof(sta->suppl.eapol_encr_key), sta->suppl.eapol_encr_key,
630 len, body->data, wpa->gtk)) {
631 dbg(wpa->nas, "unencrypt failed");
632 return FALSE;
633 }
634 break;
635 default:
636 return FALSE;
637 }
638
639 return TRUE;
640 }
641 #endif /* BCMSUPPL */
642 #ifdef MFP2
643 static int
644 wpa_insert_igtk(wpa_t *wpa, eapol_header_t *eapol, uint16 *data_len)
645 {
646 uint16 len = *data_len;
647 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
648 eapol_wpa2_encap_data_t *data_encap;
649 eapol_wpa2_key_igtk_encap_t *igtk_encap;
650
651 if (!(wpa->nas->flags & NAS_FLAG_IGTK_PLUMBED)) {
652 wpa_gen_igtk(wpa);
653 wpa->nas->flags |= NAS_FLAG_IGTK_PLUMBED;
654 }
655 data_encap = (eapol_wpa2_encap_data_t *) (body->data + len);
656 data_encap->type = DOT11_MNG_PROPR_ID;
657 data_encap->length = (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - TLV_HDR_LEN) +
658 EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN + wpa->igtk.len;
659 bcopy(WPA2_OUI, data_encap->oui, DOT11_OUI_LEN);
660 data_encap->subtype = WPA2_KEY_DATA_SUBTYPE_IGTK;
661 len += EAPOL_WPA2_ENCAP_DATA_HDR_LEN;
662 igtk_encap = (eapol_wpa2_key_igtk_encap_t *) (body->data + len);
663 igtk_encap->key_id = wpa->igtk.id;
664 *(uint32 *)igtk_encap->ipn = wpa->igtk.ipn_lo;
665 *(uint16 *)(igtk_encap->ipn + 4) = wpa->igtk.ipn_hi;
666
667 bcopy(wpa->igtk.key, igtk_encap->key, wpa->igtk.len);
668 len += wpa->igtk.len + EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN;
669
670 /* return the adjusted data len */
671 *data_len = len;
672 printf("leave igtk_len=%d\n", wpa->igtk.len);
673 return TRUE;
674 }
675 #endif /* #ifdef MFP */
676
677 #ifdef BCMWPA2
678 static bool
679 wpa_insert_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol, uint16 *data_len)
680 {
681 int len = *data_len;
682 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
683 eapol_wpa2_encap_data_t *data_encap;
684 eapol_wpa2_key_gtk_encap_t *gtk_encap;
685
686 dbg(wpa->nas, "data len before gtk %d", len);
687 /* make sure we have a GTK plumbed */
688 if (!(wpa->nas->flags & NAS_FLAG_GTK_PLUMBED))
689 wpa_init_gtk(wpa, sta);
690 else {
691 if (nas_get_group_rsc(wpa->nas, &wpa->gtk_rsc[0], wpa->gtk_index)) {
692 /* Don't use what we don't have. */
693 memset(wpa->gtk_rsc, 0, sizeof(wpa->gtk_rsc));
694 dbg(wpa->nas, "failed to find group key RSC");
695 }
696 }
697
698 /* insert GTK into eapol message */
699 /* body->key_len = htons(wpa->gtk_len); */
700 /* key_len is PTK len, gtk len is implicit in encapsulation */
701 data_encap = (eapol_wpa2_encap_data_t *) (body->data + len);
702 data_encap->type = DOT11_MNG_PROPR_ID;
703 data_encap->length = (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - TLV_HDR_LEN) +
704 EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN + wpa->gtk_len;
705 bcopy(WPA2_OUI, data_encap->oui, DOT11_OUI_LEN);
706 data_encap->subtype = WPA2_KEY_DATA_SUBTYPE_GTK;
707 len += EAPOL_WPA2_ENCAP_DATA_HDR_LEN;
708
709 gtk_encap = (eapol_wpa2_key_gtk_encap_t *) (body->data + len);
710 gtk_encap->flags = (wpa->gtk_index << WPA2_GTK_INDEX_SHIFT) & WPA2_GTK_INDEX_MASK;
711 bcopy(wpa->gtk, gtk_encap->gtk, wpa->gtk_len);
712 len += wpa->gtk_len + EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN;
713 dbg(wpa->nas, "data len including gtk %d", len);
714
715 /* copy in the gtk rsc */
716 bcopy(wpa->gtk_rsc, body->rsc, sizeof(body->rsc));
717
718 /* return the adjusted data len */
719 *data_len = len;
720
721 return (TRUE);
722 }
723
724 #ifdef BCMSUPPL
725 static bool
726 wpa_extract_gtk(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
727 {
728 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
729 eapol_wpa2_encap_data_t *data_encap;
730 eapol_wpa2_key_gtk_encap_t *gtk_encap;
731
732 int len = ntohs(body->data_len);
733 ushort key_info = ntohs(body->key_info);
734
735 /* look for a GTK */
736 data_encap = wpa_find_gtk_encap(body->data, len);
737 if (data_encap) {
738 dbg(wpa->nas, "found gtk encap");
739 gtk_encap = (eapol_wpa2_key_gtk_encap_t *)data_encap->data;
740 /* wpa->gtk_len = ntohs(body->key_len); */
741 /* key_len is PTK len, gtk len is implicit in encap len */
742 wpa->gtk_len = data_encap->length - ((EAPOL_WPA2_ENCAP_DATA_HDR_LEN - TLV_HDR_LEN) +
743 EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN);
744 dbg(wpa->nas, "gtk len %d", wpa->gtk_len);
745 wpa->gtk_index = (gtk_encap->flags & WPA2_GTK_INDEX_MASK) >> WPA2_GTK_INDEX_SHIFT;
746 dbg(wpa->nas, "gtk index %d", wpa->gtk_index);
747 bcopy(gtk_encap->gtk, wpa->gtk, wpa->gtk_len);
748 dbg(wpa->nas, "gtk:");
749 dump(wpa->nas, wpa->gtk, wpa->gtk_len);
750 if (!(key_info & WPA_KEY_ENCRYPTED_DATA)) {
751 dbg(wpa->nas, "gtk wasn't encrypted!");
752 return (FALSE);
753 }
754 } else {
755 dbg(wpa->nas, "didn't find gtk encap");
756 return (FALSE);
757 }
758
759 return (TRUE);
760 }
761 #endif /* BCMSUPPL */
762
763 static bool
764 wpa_insert_pmkid(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol, uint16 *data_len)
765 {
766 int len = *data_len;
767 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
768 eapol_wpa2_encap_data_t *data_encap;
769 uint8 *pmkid;
770
771 dbg(wpa->nas, "data len before pmkid %d", len);
772
773 /* insert PMKID into eapol message */
774 data_encap = (eapol_wpa2_encap_data_t *) (body->data + len);
775 data_encap->type = DOT11_MNG_PROPR_ID;
776 data_encap->length = (EAPOL_WPA2_ENCAP_DATA_HDR_LEN - TLV_HDR_LEN) + WPA2_PMKID_LEN;
777 bcopy(WPA2_OUI, data_encap->oui, DOT11_OUI_LEN);
778 data_encap->subtype = WPA2_KEY_DATA_SUBTYPE_PMKID;
779 len += EAPOL_WPA2_ENCAP_DATA_HDR_LEN;
780
781 pmkid = (uint8 *) (body->data + len);
782 bcopy(sta->suppl.pmkid, pmkid, WPA2_PMKID_LEN);
783 len += WPA2_PMKID_LEN;
784 dbg(wpa->nas, "data len including pmkid %d", len);
785
786 /* return the adjusted data len */
787 *data_len = len;
788
789 return (TRUE);
790 }
791
792
793 static bool
794 wpa_encr_key_data(wpa_t *wpa, nas_sta_t *sta, uint8 *buffer, uint16 *data_len)
795 {
796 unsigned char data[256], encrkey[32];
797 rc4_ks_t rc4key;
798 int len = *data_len;
799
800 dbg(wpa->nas, "before encrypt (len=%d):", len);
801 dump(wpa->nas, buffer, len);
802
803 switch (sta->suppl.desc) {
804 case WPA_KEY_DESC_V1:
805 dbg(wpa->nas, "v1");
806 /* create the iv/ptk key */
807 bcopy(&wpa->global_key_counter[KEY_COUNTER_LEN-16], encrkey, 16);
808 bcopy(sta->suppl.eapol_encr_key, &encrkey[16], 16);
809 /* encrypt the key data */
810 prepare_key(encrkey, 32, &rc4key);
811 rc4(data, 256, &rc4key); /* dump 256 bytes */
812 rc4(buffer, len, &rc4key);
813 break;
814 case WPA_KEY_DESC_V2:
815 #ifdef MFP
816 case WPA_KEY_DESC_V3:
817 #endif
818 dbg(wpa->nas, "v2");
819 /* pad if needed - min. 16 bytes, 8 byte aligned */
820 /* padding is 0xdd followed by 0's */
821 if (len < 2*AKW_BLOCK_LEN) {
822 buffer[len] = WPA2_KEY_DATA_PAD;
823 bzero(&buffer[len+1], 2*AKW_BLOCK_LEN - (len+1));
824 len = 2*AKW_BLOCK_LEN;
825 } else if (len % AKW_BLOCK_LEN) {
826 buffer[len] = WPA2_KEY_DATA_PAD;
827 bzero(&buffer[len+1], AKW_BLOCK_LEN - ((len+1) % AKW_BLOCK_LEN));
828 len += AKW_BLOCK_LEN - (len % AKW_BLOCK_LEN);
829 }
830 if (aes_wrap(sizeof(sta->suppl.eapol_encr_key), sta->suppl.eapol_encr_key,
831 len, buffer, buffer)) {
832 dbg(wpa->nas, "encrypt failed");
833 return FALSE;
834 }
835 len += 8;
836 break;
837 default:
838 dbg(wpa->nas, "unknown descriptor type sta->suppl.desc = %d", sta->suppl.desc);
839 return FALSE;
840 }
841
842 dbg(wpa->nas, "after encrypt (len=%d):", len);
843 dump(wpa->nas, buffer, len);
844
845 /* tell the calling func how long the encrypted data is */
846 *data_len = len;
847 return TRUE;
848 }
849
850 #ifdef BCMSUPPL
851 static bool
852 wpa_decr_key_data(wpa_t *wpa, nas_sta_t *sta, eapol_wpa_key_header_t *body)
853 {
854 unsigned char data[256], encrkey[32];
855 rc4_ks_t rc4key;
856 ushort len;
857
858 len = ntohs(body->data_len);
859
860 dbg(wpa->nas, "before decrypt:");
861 dump(wpa->nas, body->data, len);
862
863 switch (sta->suppl.desc) {
864 case WPA_KEY_DESC_V1:
865 dbg(wpa->nas, "v1");
866 /* create the iv/ptk key */
867 bcopy(body->iv, encrkey, 16);
868 bcopy(sta->suppl.eapol_encr_key, &encrkey[16], 16);
869 /* decrypt the key data */
870 prepare_key(encrkey, 32, &rc4key);
871 rc4(data, 256, &rc4key); /* dump 256 bytes */
872 rc4(body->data, len, &rc4key);
873 break;
874 case WPA_KEY_DESC_V2:
875 #ifdef MFP
876 case WPA_KEY_DESC_V3:
877 #endif
878 dbg(wpa->nas, "v2");
879 if (aes_unwrap(sizeof(sta->suppl.eapol_encr_key), sta->suppl.eapol_encr_key,
880 len, body->data, body->data)) {
881 dbg(wpa->nas, "unencrypt failed");
882 return FALSE;
883 }
884 break;
885 default:
886 dbg(wpa->nas, "unknown descriptor type %d", sta->suppl.desc);
887 return FALSE;
888 }
889
890 dbg(wpa->nas, "after decrypt:");
891 dump(wpa->nas, body->data, len);
892
893 return TRUE;
894 }
895 #endif /* BCMSUPPL */
896 #endif /* BCMWPA2 */
897
898 static void
899 wpa_countermeasures_cb(timer_t td, nas_t *nas)
900 {
901 nas->MIC_countermeasures = 0;
902 (void) nas_wl_tkip_countermeasures(nas, FALSE);
903 TIMER_DELETE(nas->wpa->countermeasures_timer);
904 }
905
906 void wpa_reset_countermeasures(wpa_t *wpa)
907 {
908 if (wpa && wpa->countermeasures_timer)
909 wpa_countermeasures_cb((timer_t)wpa->countermeasures_timer, wpa->nas);
910 }
911
912 void
913 wpa_mic_error(wpa_t *wpa, nas_sta_t *msta, bool from_driver)
914 {
915 time_t now, since;
916 nas_t *nas = wpa->nas;
917 nas_sta_t *sta; itimer_status_t ts;
918 #ifdef BCMDBG
919 char eabuf[ETHER_ADDR_STR_LEN];
920 #endif
921
922 now = time(NULL);
923 nas->MIC_failures++;
924 dbg(nas, "MIC error %d at time %d, STA %s, %s", nas->MIC_failures,
925 (int) now, ether_etoa((uchar *)&msta->ea, eabuf),
926 (from_driver) ? "detected by driver" : "reported by STA");
927
928 if (nas->flags & NAS_FLAG_SUPPLICANT) {
929 /* Until this gets more thought do no harm. */
930 dbg(nas, "Supplicant MIC error notices not yet handled");
931 return;
932 }
933 since = now - nas->prev_MIC_error;
934 nas->prev_MIC_error = now;
935
936 /* If within the time limit we have to toss all the STAs. */
937 if ((nas->MIC_failures != 0) && (since < WPA_TKIP_CM_DETECT)) {
938 dbg(nas, "Second MIC failure in %d seconds, taking countermeasures",
939 (int) since);
940 nas->MIC_countermeasures = 1;
941 nas_wl_tkip_countermeasures(nas, TRUE);
942 ts = wpa_set_itimer(wpa->nas->timer, &wpa->countermeasures_timer,
943 (bcm_timer_cb) wpa_countermeasures_cb,
944 (int) nas, WPA_TKIP_CM_BLOCK, 0);
945 if (ts != ITIMER_OK)
946 dbg(nas, "Setting TKIP countermeasures interval timer failed, code %d", ts);
947
948 /* Everybody out of the pool! */
949 sta = nas->sta;
950 do {
951 if (sta->used)
952 cleanup_sta(nas, sta, DOT11_RC_MIC_FAILURE, 0);
953 } while (sta++ < nas->sta + MAX_SUPPLICANTS);
954
955 /* Try getting them all with a broadcast. */
956 /* nas_deauthenticate(nas, &ether_bcast); */
957
958 /* Clobber any vestige of group keys. */
959 if (wpa->gtk_rekey_timer)
960 TIMER_DELETE(wpa->gtk_rekey_timer);
961 nas_set_key(nas, NULL, NULL, 0, wpa->gtk_index, 0, 0, 0);
962 nas_set_key(nas, NULL, NULL, 0, GTK_NEXT_INDEX(wpa), 0, 0, 0);
963 nas->flags &= ~NAS_FLAG_GTK_PLUMBED;
964 }
965 dbg(nas, "done");
966 }
967
968 static bool
969 wpa_check_mic(nas_sta_t *sta, eapol_header_t *eapol)
970 {
971 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
972 unsigned char digest[2*MIC_KEY_LEN], mic[MIC_KEY_LEN];
973 int mic_length;
974 ushort key_info = ntohs(body->key_info);
975
976 /* eapol pkt from the version field on */
977 mic_length = 4 + EAPOL_WPA_KEY_LEN + ntohs(body->data_len);
978
979 bcopy((char*)&body->mic, mic, MIC_KEY_LEN);
980 bzero((char*)&body->mic, MIC_KEY_LEN);
981
982 /* Create the MIC for the pkt */
983 switch (key_info & (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2)) {
984 case WPA_KEY_DESC_V1:
985 hmac_md5(&eapol->version, mic_length, sta->suppl.eapol_mic_key,
986 MIC_KEY_LEN, digest);
987 break;
988 case WPA_KEY_DESC_V2:
989 dbg(sta->nas, "using sha1 for V2");
990 hmac_sha1(&eapol->version, mic_length,
991 sta->suppl.eapol_mic_key, MIC_KEY_LEN, digest);
992 break;
993 #ifdef MFP
994 case WPA_KEY_DESC_V3:
995 dbg(sta->nas, "using aes cmac for V3");
996 aes_cmac_calc(&eapol->version, mic_length,
997 sta->suppl.eapol_mic_key, MIC_KEY_LEN, digest);
998 break;
999 #endif
1000 default:
1001 dbg(sta->nas, "unknown descriptor type %d", key_info);
1002 return FALSE;
1003 }
1004
1005 /* compare against the MIC contents */
1006 if (bcmp(digest, mic, MIC_KEY_LEN) == 0) {
1007 dbg(sta->nas, "match");
1008 return (TRUE);
1009 } else {
1010 dbg(sta->nas, "fail");
1011 return (FALSE);
1012 }
1013 }
1014
1015 static uint8
1016 wpa_auth2akm(wpa_t *wpa, uint32 auth)
1017 {
1018 switch (auth) {
1019 case WPA_AUTH_PSK:
1020 return RSN_AKM_PSK;
1021 case WPA_AUTH_UNSPECIFIED:
1022 return RSN_AKM_UNSPECIFIED;
1023 #ifdef BCMWPA2
1024 case WPA2_AUTH_PSK:
1025 return RSN_AKM_PSK;
1026 case WPA2_AUTH_UNSPECIFIED:
1027 return RSN_AKM_UNSPECIFIED;
1028 #endif
1029 case WPA_AUTH_DISABLED:
1030 default:
1031 return RSN_AKM_NONE;
1032 }
1033 }
1034
1035 static int
1036 wpa_build_ie(wpa_t *wpa, uint32 wsec, uint32 algo, uint32 sta_mode,
1037 uint8 *buf, uint16 *len)
1038 {
1039 wpa_suite_mcast_t *mcast = NULL;
1040 wpa_suite_ucast_t *ucast = NULL;
1041 wpa_suite_auth_key_mgmt_t *auth = NULL;
1042 uint16 count;
1043 uint16 tag_len; /* tag length */
1044 uint16 buf_len; /* buf length */
1045 int sup = wpa->nas->flags & NAS_FLAG_SUPPLICANT;
1046 int wds = wpa->nas->flags & NAS_FLAG_WDS;
1047 uint8 *cap;
1048 uint32 mode;
1049
1050 buf_len = *len;
1051 *len = 0;
1052 mode = wpa->nas->mode;
1053
1054 /* for now, only !wds and !sup */
1055 if (!wds && !sup) {
1056 uint8 *ptr = buf;
1057 uint16 bytes;
1058
1059 if (sta_mode & (WPA2 | WPA2_PSK | WPA | WPA_PSK)) {
1060 /* get wpa ie */
1061 bytes = nas_get_wpa_ie(wpa->nas, (char*)ptr, buf_len, sta_mode);
1062
1063 dbg(wpa->nas, "WPA IE");
1064 dump(wpa->nas, ptr, bytes);
1065
1066 buf_len -= bytes;
1067 ptr += bytes;
1068 }
1069
1070 /* update total wsec IE length */
1071 *len = ptr - buf;
1072 return 0;
1073 }
1074
1075 #ifdef BCMWPA2
1076 if ((mode & (WPA2 | WPA2_PSK)) && (sta_mode & (WPA2 | WPA2_PSK))) {
1077 wpa_rsn_ie_fixed_t *wpaie = (wpa_rsn_ie_fixed_t *)buf;
1078
1079 /* fixed portion */
1080 if (buf_len < WPA_RSN_IE_FIXED_LEN)
1081 return -1;
1082 buf_len -= TLV_HDR_LEN;
1083 wpaie->tag = DOT11_MNG_RSN_ID;
1084 wpaie->version.low = (uint8)WPA2_VERSION;
1085 wpaie->version.high = (uint8)(WPA2_VERSION>>8);
1086 tag_len = WPA_RSN_IE_TAG_FIXED_LEN;
1087
1088 /* multicast suite */
1089 if (tag_len + WPA_SUITE_LEN > buf_len)
1090 return -1;
1091 mcast = (wpa_suite_mcast_t *)&wpaie[1];
1092 if (wds) {
1093 bcopy(BRCM_OUI, mcast->oui, WPA_OUI_LEN);
1094 mcast->type = 0; /* no mcast cipher */
1095 }
1096 else {
1097 bcopy(WPA2_OUI, mcast->oui, WPA_OUI_LEN);
1098 if (sup) {
1099 if (WSEC_WEP_ENABLED(wsec)) {
1100 mcast->type = WPA_MCAST_CIPHER(wsec, algo);
1101 }
1102 else {
1103 /* supplicant has to follow authenticator's mcast algo */
1104 mcast->type = CRYPTO_ALGO2CIPHER(algo);
1105 }
1106 }
1107 else {
1108 mcast->type = WPA_MCAST_CIPHER(wsec, algo);
1109 }
1110 }
1111 tag_len += WPA_SUITE_LEN;
1112
1113 /* unicast suite list */
1114 if (tag_len + WPA_IE_SUITE_COUNT_LEN > buf_len)
1115 return -1;
1116 ucast = (wpa_suite_ucast_t *)&mcast[1];
1117 count = 0;
1118 tag_len += WPA_IE_SUITE_COUNT_LEN;
1119 if (WSEC_AES_ENABLED(wsec)) {
1120 if (tag_len + WPA_SUITE_LEN > buf_len)
1121 return -1;
1122 bcopy(WPA2_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1123 ucast->list[count].type = WPA_CIPHER_AES_CCM;
1124 tag_len += WPA_SUITE_LEN;
1125 count ++;
1126 if (sup || wds)
1127 goto uni2_done;
1128 }
1129 if (WSEC_TKIP_ENABLED(wsec)) {
1130 if (tag_len + WPA_SUITE_LEN > buf_len)
1131 return -1;
1132 bcopy(WPA2_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1133 ucast->list[count].type = WPA_CIPHER_TKIP;
1134 tag_len += WPA_SUITE_LEN;
1135 count ++;
1136 if (sup || wds)
1137 goto uni2_done;
1138 }
1139 if (!count) {
1140 if (tag_len + WPA_SUITE_LEN > buf_len)
1141 return -1;
1142 bcopy(WPA2_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1143 ucast->list[count].type = WPA_CIPHER_NONE;
1144 tag_len += WPA_SUITE_LEN;
1145 count ++;
1146 }
1147 uni2_done:
1148 ucast->count.low = (uint8)count;
1149 ucast->count.high = (uint8)(count>>8);
1150
1151 /* authenticated key management suite list */
1152 if (tag_len + WPA_IE_SUITE_COUNT_LEN > buf_len)
1153 return -1;
1154 auth = (wpa_suite_auth_key_mgmt_t *)&ucast->list[count];
1155 count = 0;
1156 tag_len += WPA_IE_SUITE_COUNT_LEN;
1157 if (mode & WPA2) {
1158 if (tag_len + WPA_SUITE_LEN > buf_len)
1159 return -1;
1160 bcopy(WPA2_OUI, auth->list[count].oui, WPA_OUI_LEN);
1161 auth->list[count].type = wpa_auth2akm(wpa, wpa_mode2auth(WPA2));
1162 tag_len += WPA_SUITE_LEN;
1163 count ++;
1164 if (sup || wds)
1165 goto akm2_done;
1166 }
1167 if (mode & WPA2_PSK) {
1168 if (tag_len + WPA_SUITE_LEN > buf_len)
1169 return -1;
1170 bcopy(WPA2_OUI, auth->list[count].oui, WPA_OUI_LEN);
1171 auth->list[count].type = wpa_auth2akm(wpa, wpa_mode2auth(WPA2_PSK));
1172 tag_len += WPA_SUITE_LEN;
1173 count ++;
1174 if (sup || wds)
1175 goto akm2_done;
1176 }
1177 if (!count) {
1178 if (tag_len + WPA_SUITE_LEN > buf_len)
1179 return -1;
1180 bcopy(WPA2_OUI, auth->list[count].oui, WPA_OUI_LEN);
1181 auth->list[count].type = wpa_auth2akm(wpa, WPA_AUTH_NONE);
1182 tag_len += WPA_SUITE_LEN;
1183 count ++;
1184 }
1185 akm2_done:
1186 auth->count.low = (uint8)count;
1187 auth->count.high = (uint8)(count>>8);
1188
1189 /* WPA capabilities */
1190 if (!wds) {
1191 cap = (uint8 *)&auth->list[count];
1192 cap[0] = wpa->cap[0];
1193 cap[1] = wpa->cap[1];
1194 tag_len += WPA_CAP_LEN;
1195 }
1196
1197 /* update tag length */
1198 wpaie->length = (uint8)tag_len;
1199 dbg(wpa->nas, "WPA2 IE");
1200 dump(wpa->nas, buf, tag_len + TLV_HDR_LEN);
1201 buf += tag_len + TLV_HDR_LEN;
1202
1203 /* update used buffer length */
1204 *len += TLV_HDR_LEN + tag_len;
1205
1206 /* for wds use first found AKM no mix-mode anymore */
1207 if (wds)
1208 return 0;
1209 }
1210 #endif /* BCMWPA2 */
1211 if ((mode & (WPA | WPA_PSK)) && (sta_mode & (WPA | WPA_PSK))) {
1212 wpa_ie_fixed_t *wpaie = (wpa_ie_fixed_t *)buf;
1213
1214 /* fixed portion */
1215 if (buf_len < WPA_IE_FIXED_LEN)
1216 return -1;
1217 buf_len -= TLV_HDR_LEN;
1218 wpaie->tag = DOT11_MNG_WPA_ID;
1219 bcopy(WPA_OUI"\x01", wpaie->oui, WPA_IE_OUITYPE_LEN);
1220 wpaie->version.low = (uint8)WPA_VERSION;
1221 wpaie->version.high = (uint8)(WPA_VERSION>>8);
1222 tag_len = WPA_IE_TAG_FIXED_LEN;
1223
1224 /* multicast suite */
1225 if (tag_len + WPA_SUITE_LEN > buf_len)
1226 return -1;
1227 mcast = (wpa_suite_mcast_t *)&wpaie[1];
1228 if (wds) {
1229 bcopy(BRCM_OUI, mcast->oui, WPA_OUI_LEN);
1230 mcast->type = 0; /* no mcast cipher */
1231 }
1232 else {
1233 bcopy(WPA_OUI, mcast->oui, WPA_OUI_LEN);
1234 if (sup) {
1235 if (WSEC_WEP_ENABLED(wsec)) {
1236 mcast->type = WPA_MCAST_CIPHER(wsec, algo);
1237 }
1238 else {
1239 /* supplicant has to follow authenticator's mcast algo */
1240 mcast->type = CRYPTO_ALGO2CIPHER(algo);
1241 }
1242 }
1243 else {
1244 mcast->type = WPA_MCAST_CIPHER(wsec, algo);
1245 }
1246 }
1247 tag_len += WPA_SUITE_LEN;
1248
1249 /* unicast suite list */
1250 if (tag_len + WPA_IE_SUITE_COUNT_LEN > buf_len)
1251 return -1;
1252 ucast = (wpa_suite_ucast_t *)&mcast[1];
1253 count = 0;
1254 tag_len += WPA_IE_SUITE_COUNT_LEN;
1255 if (WSEC_AES_ENABLED(wsec)) {
1256 if (tag_len + WPA_SUITE_LEN > buf_len)
1257 return -1;
1258 bcopy(WPA_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1259 ucast->list[count].type = WPA_CIPHER_AES_CCM;
1260 tag_len += WPA_SUITE_LEN;
1261 count ++;
1262 if (sup || wds)
1263 goto uni_done;
1264 }
1265 if (WSEC_TKIP_ENABLED(wsec)) {
1266 if (tag_len + WPA_SUITE_LEN > buf_len)
1267 return -1;
1268 bcopy(WPA_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1269 ucast->list[count].type = WPA_CIPHER_TKIP;
1270 tag_len += WPA_SUITE_LEN;
1271 count ++;
1272 if (sup || wds)
1273 goto uni_done;
1274 }
1275 if (!count) {
1276 if (tag_len + WPA_SUITE_LEN > buf_len)
1277 return -1;
1278 bcopy(WPA_OUI, ucast->list[count].oui, WPA_OUI_LEN);
1279 ucast->list[count].type = WPA_CIPHER_NONE;
1280 tag_len += WPA_SUITE_LEN;
1281 count ++;
1282 }
1283 uni_done:
1284 ucast->count.low = (uint8)count;
1285 ucast->count.high = (uint8)(count>>8);
1286
1287 /* authenticated key management suite list */
1288 if (tag_len + WPA_IE_SUITE_COUNT_LEN > buf_len)
1289 return -1;
1290 auth = (wpa_suite_auth_key_mgmt_t *)&ucast->list[count];
1291 count = 0;
1292 tag_len += WPA_IE_SUITE_COUNT_LEN;
1293 if (mode & WPA) {
1294 if (tag_len + WPA_SUITE_LEN > buf_len)
1295 return -1;
1296 bcopy(WPA_OUI, auth->list[count].oui, WPA_OUI_LEN);
1297 auth->list[count].type = wpa_auth2akm(wpa, wpa_mode2auth(WPA));
1298 tag_len += WPA_SUITE_LEN;
1299 count ++;
1300 if (sup || wds)
1301 goto akm_done;
1302 }
1303 if (mode & WPA_PSK) {
1304 if (tag_len + WPA_SUITE_LEN > buf_len)
1305 return -1;
1306 bcopy(WPA_OUI, auth->list[count].oui, WPA_OUI_LEN);
1307 auth->list[count].type = wpa_auth2akm(wpa, wpa_mode2auth(WPA_PSK));
1308 tag_len += WPA_SUITE_LEN;
1309 count ++;
1310 if (sup || wds)
1311 goto akm_done;
1312 }
1313 if (!count) {
1314 if (tag_len + WPA_SUITE_LEN > buf_len)
1315 return -1;
1316 bcopy(WPA_OUI, auth->list[count].oui, WPA_OUI_LEN);
1317 auth->list[count].type = wpa_auth2akm(wpa, WPA_AUTH_NONE);
1318 tag_len += WPA_SUITE_LEN;
1319 count ++;
1320 }
1321 akm_done:
1322 auth->count.low = (uint8)count;
1323 auth->count.high = (uint8)(count>>8);
1324
1325 /* WPA capabilities */
1326 if (!wds) {
1327 cap = (uint8 *)&auth->list[count];
1328 cap[0] = wpa->cap[0];
1329 cap[1] = wpa->cap[1];
1330 tag_len += WPA_CAP_LEN;
1331 }
1332
1333 /* update tag length */
1334 wpaie->length = (uint8)tag_len;
1335 dbg(wpa->nas, "WPA IE");
1336 dump(wpa->nas, buf, tag_len + TLV_HDR_LEN);
1337 buf += tag_len + TLV_HDR_LEN;
1338
1339 /* update used buffer length */
1340 *len += TLV_HDR_LEN + tag_len;
1341 }
1342
1343 return 0;
1344 }
1345
1346 static bool
1347 wpa_send_eapol(wpa_t *wpa, nas_sta_t *sta)
1348 {
1349 struct iovec frags;
1350 unsigned char mic[SHA1HashSize]; /* size of largest digest */
1351 unsigned char buffer[1024];
1352 eapol_header_t *eapol = (eapol_header_t *)buffer;
1353 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
1354 int key_index, mic_length = 0;
1355 nas_t *nas = wpa->nas;
1356 uint16 data_len = 0;
1357 #ifdef BCMDBG
1358 char eabuf[ETHER_ADDR_STR_LEN];
1359 #endif
1360
1361 dbg(nas, "message for %s", ether_etoa((uchar *)&sta->ea, eabuf));
1362
1363 bzero(buffer, 1024);
1364
1365 memcpy(&eapol->eth.ether_dhost, &sta->ea, ETHER_ADDR_LEN);
1366 memcpy(&eapol->eth.ether_shost, &nas->ea, ETHER_ADDR_LEN);
1367 eapol->eth.ether_type = htons(ETHER_TYPE_802_1X);
1368 eapol->version = sta->eapol_version;
1369 eapol->type = EAPOL_KEY;
1370 eapol->length = EAPOL_WPA_KEY_LEN;
1371
1372 frags.iov_base = (caddr_t) buffer;
1373 frags.iov_len = EAPOL_HEADER_LEN + EAPOL_WPA_KEY_LEN;
1374
1375 /* Set the key type to WPA */
1376 #ifdef BCMWPA2
1377 if ((sta->mode & (WPA2_PSK | WPA2)))
1378 body->type = EAPOL_WPA2_KEY;
1379 else
1380 #endif
1381 body->type = EAPOL_WPA_KEY;
1382 /* set the replay count */
1383 bcopy(sta->suppl.replay, body->replay, REPLAY_LEN);
1384
1385 /* Fill in the WPA key descriptor */
1386 switch (sta->suppl.state) {
1387 case WPA_PTKSTART:
1388 dbg(nas, "WPA_PTKSTART");
1389 /* Set Key length */
1390 body->key_len = htons(sta->suppl.tk_len);
1391 /* Set the Key info flags */
1392 body->key_info = htons(sta->suppl.desc | WPA_KEY_ACK | WPA_KEY_PAIRWISE);
1393 /* set the nonce */
1394 bcopy(sta->suppl.anonce, body->nonce, NONCE_LEN);
1395
1396 #ifdef BCMWPA2
1397 if ((sta->mode & (WPA2_PSK | WPA2))) {
1398 wpa_insert_pmkid(wpa, sta, eapol, &data_len);
1399 body->data_len = htons(data_len);
1400 /* add the data field length (WPA IE) */
1401 frags.iov_len += data_len;
1402 eapol->length += data_len;
1403 }
1404 #endif /* BCMWPA2 */
1405
1406 eapol->length = htons(eapol->length);
1407 break;
1408
1409 case WPA_PTKINITNEGOTIATING:
1410 dbg(nas, "WPA_PTKINITNEGOTIATING");
1411 /* Set Key length */
1412 body->key_len = htons(sta->suppl.tk_len);
1413 /* Set the Key info flags */
1414 body->key_info = htons(sta->suppl.desc | WPA_KEY_INDEX_0 | WPA_KEY_ACK |
1415 WPA_KEY_PAIRWISE | WPA_KEY_INSTALL | WPA_KEY_MIC);
1416 #ifdef BCMWPA2
1417 if ((sta->mode & (WPA2 | WPA2_PSK)))
1418 body->key_info |= htons(WPA_KEY_SECURE | WPA_KEY_ENCRYPTED_DATA);
1419 #endif
1420 if (nas->flags & NAS_FLAG_WDS)
1421 body->key_info |= htons(WPA_KEY_SECURE);
1422
1423 /* set the nonce */
1424 bcopy(sta->suppl.anonce, body->nonce, NONCE_LEN);
1425
1426 /* Copy the WPA IE sent in the beacon
1427 * since the body eapol_wpa_key_header_t is a pointer masked over the buffer
1428 * we need to retreive the actual size left
1429 */
1430 data_len = sizeof(buffer) - (sizeof(eapol_wpa_key_header_t) - sizeof(body->data));
1431
1432 if (wpa_build_ie(wpa, nas->wsec, WEP_KEY2ALGO(wpa->gtk_len),
1433 sta->mode, body->data, &data_len)) {
1434 dbg(nas, "failed to build WPA IE");
1435 return FALSE;
1436 }
1437
1438 #ifdef BCMWPA2
1439 if ((sta->mode & (WPA2 | WPA2_PSK))) {
1440 if (!wpa_insert_gtk(wpa, sta, eapol, &data_len)) {
1441 err(nas, "insertion of gtk failed");
1442 nas_handle_error(nas, 1);
1443 }
1444 #ifdef MFP2
1445 wpa_insert_igtk(wpa, eapol, &data_len);
1446 /* wpa_key->data_len = hton16(data_len); */
1447 #endif
1448 /* copy in the iv and encrypt the key data field */
1449 bcopy(&wpa->global_key_counter[KEY_COUNTER_LEN-16], body->iv, 16);
1450 if (!wpa_encr_key_data(wpa, sta, body->data, &data_len)) {
1451 err(nas, "encryption of key data failed");
1452 nas_handle_error(nas, 1);
1453 }
1454 }
1455 #endif /* BCMWPA2 */
1456 body->data_len = htons(data_len);
1457 /* add the data field length (WPA IE) */
1458 frags.iov_len += data_len;
1459 eapol->length += data_len;
1460 eapol->length = htons(eapol->length);
1461
1462 /* How much data to MIC */
1463 mic_length = 4 + EAPOL_WPA_KEY_LEN + data_len;
1464 break;
1465
1466 case WPA_REKEYNEGOTIATING:
1467 dbg(nas, "WPA_REKEYNEGOTIATING");
1468
1469 body->key_info = htons(sta->suppl.desc | WPA_KEY_SECURE |
1470 WPA_KEY_ACK | WPA_KEY_MIC);
1471
1472 #ifdef BCMWPA2
1473 if ((sta->mode & (WPA2 | WPA2_PSK))) {
1474 if (!wpa_insert_gtk(wpa, sta, eapol, &data_len)) {
1475 err(nas, "insertion of gtk failed");
1476 nas_handle_error(nas, 1);
1477 }
1478 #ifdef MFP2
1479 wpa_insert_igtk(wpa, eapol, &data_len);
1480 /* wpa_key->data_len = hton16(data_len); */
1481 #endif
1482 /* copy in the iv and encrypt the key data field */
1483 bcopy(&wpa->global_key_counter[KEY_COUNTER_LEN-16], body->iv, 16);
1484 body->key_info |= htons(WPA_KEY_SECURE | WPA_KEY_ENCRYPTED_DATA);
1485 if (!wpa_encr_key_data(wpa, sta, body->data, &data_len)) {
1486 err(nas, "encryption of key data failed");
1487 nas_handle_error(nas, 1);
1488 }
1489 } else {
1490 #endif /* BCMWPA2 */
1491 /* Set Key length */
1492 body->key_len = htons(wpa->gtk_len);
1493 /* Set the Key info flags */
1494 key_index = (wpa->gtk_index << WPA_KEY_INDEX_SHIFT) & WPA_KEY_INDEX_MASK;
1495 body->key_info |= htons(key_index);
1496
1497 /* set the nonce */
1498 bcopy(wpa->gnonce, body->nonce, NONCE_LEN);
1499
1500 /* copy in the key IV */
1501 bcopy(&wpa->global_key_counter[KEY_COUNTER_LEN-16], body->iv, 16);
1502 bcopy(wpa->gtk_rsc, body->rsc, sizeof(body->rsc));
1503
1504 /* encrypt the gtk and put it in the data field */
1505 if (!wpa_encr_gtk(wpa, sta, body->data, &data_len)) {
1506 err(nas, "encryption of GTK failed");
1507 nas_handle_error(nas, 1);
1508 }
1509 switch (sta->suppl.desc) {
1510 case WPA_KEY_DESC_V1:
1511 break;
1512 case WPA_KEY_DESC_V2:
1513 #ifdef MFP
1514 case WPA_KEY_DESC_V3:
1515 #endif
1516 data_len += 8;
1517 break;
1518 default:
1519 err(nas, "unknown descriptor type %d", sta->suppl.desc);
1520 nas_handle_error(nas, 1);
1521 }
1522 #ifdef BCMWPA2
1523 }
1524 #endif
1525 body->data_len = htons(data_len);
1526
1527 /* fix up the length */
1528 frags.iov_len += data_len;
1529 eapol->length += data_len;
1530 eapol->length = htons(eapol->length);
1531 /* How much data to MIC */
1532 mic_length = 4 + EAPOL_WPA_KEY_LEN + data_len;
1533 break;
1534
1535 #ifdef BCMSUPPL
1536 case WPA_SUP_INITIALIZE:
1537 dbg(nas, "WPA_SUP_INITIALIZE");
1538 /* Set Key length */
1539 body->key_len = htons(sta->suppl.tk_len);
1540 /* Set the Key info flags */
1541 body->key_info = htons(sta->suppl.desc | WPA_KEY_INDEX_0 |
1542 WPA_KEY_REQ | WPA_KEY_PAIRWISE);
1543 /* set the nonce */
1544 bcopy(sta->suppl.snonce, body->nonce, NONCE_LEN);
1545 eapol->length = htons(eapol->length);
1546 break;
1547
1548 case WPA_SUP_STAKEYSTARTG:
1549 case WPA_SUP_STAKEYSTARTP:
1550 dbg(nas, "WPA_SUP_STAKEYSTARTP/G");
1551 /* Set Key length */
1552 body->key_len = htons(sta->suppl.tk_len);
1553 /* Set the Key info flags */
1554 body->key_info = htons(sta->suppl.desc | WPA_KEY_INDEX_0 | WPA_KEY_MIC);
1555 switch (sta->suppl.state) {
1556 case WPA_SUP_STAKEYSTARTP:
1557 body->key_info |= htons(WPA_KEY_PAIRWISE);
1558 switch (sta->suppl.pk_state) {
1559 case EAPOL_SUP_PK_MSG1:
1560 data_len = sizeof(body->data);
1561 if (wpa_build_ie(wpa, nas->wsec, sta->algo,
1562 sta->mode, body->data, &data_len)) {
1563 dbg(nas, "failed to build WPA IE");
1564 return FALSE;
1565 }
1566 body->data_len = htons(data_len);
1567
1568 /* add the data field length (WPA IE) */
1569 frags.iov_len += data_len;
1570 eapol->length += data_len;
1571
1572 /* expect message #3 after sending message #2 */
1573 sta->suppl.pk_state = EAPOL_SUP_PK_MSG3;
1574 break;
1575 case EAPOL_SUP_PK_MSG3:
1576 /* send message #4 and we are done with pairwise */
1577 if (nas->flags & NAS_FLAG_WDS)
1578 body->key_info |= htons(WPA_KEY_SECURE);
1579 #ifdef BCMWPA2
1580 if ((sta->mode & (WPA2 | WPA2_PSK)))
1581 body->key_info |= htons(WPA_KEY_SECURE);
1582 #endif
1583 sta->suppl.pk_state = EAPOL_SUP_PK_DONE;
1584 break;
1585 default:
1586 dbg(nas, "Unexpected supplicant pk state %d", sta->suppl.pk_state);
1587 break;
1588 }
1589 break;
1590 case WPA_SUP_STAKEYSTARTG:
1591 body->key_info |= htons(WPA_KEY_SECURE);
1592 break;
1593 default:
1594 /* just to satisfy the compiler, no way to get here */
1595 break;
1596 }
1597
1598 /* set the nonce */
1599 bcopy(sta->suppl.snonce, body->nonce, NONCE_LEN);
1600
1601 eapol->length = htons(eapol->length);
1602
1603 /* How much data to MIC */
1604 mic_length = 4 + EAPOL_WPA_KEY_LEN + data_len;
1605
1606 switch (sta->suppl.desc) {
1607 case WPA_KEY_DESC_V1:
1608 case WPA_KEY_DESC_V2:
1609 #ifdef MFP
1610 case WPA_KEY_DESC_V3:
1611 #endif
1612 break;
1613 default:
1614 dbg(nas, "unknown descriptor type %d", sta->suppl.desc);
1615 if (!(nas->flags & NAS_FLAG_WDS)) {
1616 nas_disassoc(nas);
1617 nas_sleep_ms(500);
1618 nas_set_ssid(nas, nas->ssid);
1619 }
1620 return FALSE;
1621 }
1622 break;
1623 #endif /* BCMSUPPL */
1624
1625 default:
1626 /* error state; callers will bail */
1627 dbg(nas, "Unexpected supplicant state %d", sta->suppl.state);
1628 return FALSE;
1629 }
1630
1631 if (sta->retries)
1632 dbg(nas, "eapol retry");
1633
1634 if (mic_length) {
1635 /* calculate the MIC and copy it in */
1636 switch (sta->suppl.desc) {
1637 case WPA_KEY_DESC_V1:
1638 hmac_md5(&buffer[sizeof(struct ether_header)], mic_length,
1639 sta->suppl.eapol_mic_key, MIC_KEY_LEN, mic);
1640 break;
1641 case WPA_KEY_DESC_V2:
1642 hmac_sha1(&buffer[sizeof(struct ether_header)], mic_length,
1643 sta->suppl.eapol_mic_key, MIC_KEY_LEN, mic);
1644 break;
1645 #ifdef MFP
1646 case WPA_KEY_DESC_V3:
1647 dbg(nas, "using aes cmac for V3");
1648 aes_cmac_calc(&buffer[sizeof(struct ether_header)], mic_length,
1649 sta->suppl.eapol_mic_key, MIC_KEY_LEN, mic);
1650 break;
1651 #endif
1652 default:
1653 err(nas, "unknown descriptor type %d", sta->suppl.desc);
1654 nas_handle_error(nas, 1);
1655 }
1656 bcopy(mic, (char*)body->mic, MIC_KEY_LEN);
1657 }
1658
1659 /* send the pkt */
1660 nas_eapol_send_packet(nas, &frags, 1);
1661
1662 dbg(nas, "done");
1663 return (TRUE);
1664 }
1665
1666 /* only handle single mode! */
1667 int
1668 wpa_mode2auth(int mode)
1669 {
1670 switch (mode) {
1671 case WPA_PSK:
1672 return WPA_AUTH_PSK;
1673 case WPA:
1674 return WPA_AUTH_UNSPECIFIED;
1675 #ifdef BCMWPA2
1676 case WPA2_PSK:
1677 return WPA2_AUTH_PSK;
1678 case WPA2:
1679 return WPA2_AUTH_UNSPECIFIED;
1680 #endif /* BCMWPA2 */
1681 case RADIUS:
1682 default:
1683 return WPA_AUTH_DISABLED;
1684 }
1685 }
1686
1687 /* only handle single mode! */
1688 int
1689 wpa_auth2mode(int auth)
1690 {
1691 switch (auth) {
1692 case WPA_AUTH_PSK:
1693 return WPA_PSK;
1694 case WPA_AUTH_UNSPECIFIED:
1695 return WPA;
1696 #ifdef BCMWPA2
1697 case WPA2_AUTH_PSK:
1698 return WPA2_PSK;
1699 case WPA2_AUTH_UNSPECIFIED:
1700 return WPA2;
1701 #endif /* BCMWPA2 */
1702 case WPA_AUTH_DISABLED:
1703 default:
1704 return RADIUS;
1705 }
1706 }
1707
1708 static uint32
1709 wpa_akm2auth(uint32 akm)
1710 {
1711 switch (akm) {
1712 case RSN_AKM_PSK:
1713 return WPA_AUTH_PSK;
1714 case RSN_AKM_UNSPECIFIED:
1715 return WPA_AUTH_UNSPECIFIED;
1716 case RSN_AKM_NONE:
1717 default:
1718 return WPA_AUTH_NONE;
1719 }
1720 }
1721
1722 #ifdef BCMWPA2
1723 static uint32
1724 wpa2_akm2auth(uint32 akm)
1725 {
1726 #ifdef MFP
1727 /* for PMF : clear the bit which is not relevant here */
1728 akm &= ~0x4;
1729 #endif
1730
1731 switch (akm) {
1732 case RSN_AKM_PSK:
1733 return WPA2_AUTH_PSK;
1734 case RSN_AKM_UNSPECIFIED:
1735 return WPA2_AUTH_UNSPECIFIED;
1736 case RSN_AKM_NONE:
1737 default:
1738 return WPA_AUTH_NONE;
1739 }
1740 }
1741 #endif /* BCMWPA2 */
1742
1743 /* decode WPA IE to retrieve supplicant wsec, auth mode, and pmk cached */
1744 /* pmkc - 0:no pmkid in ie, -1:pmkid not found, 1:pmkid found */
1745 static int
1746 wpa_parse_ie(wpa_t *wpa, uint8 *ie, int ie_len, uint32 *wsec, uint32 *mode,
1747 uint32 *pmkc, nas_sta_t *sta)
1748 {
1749 int type, len;
1750 wpa_suite_mcast_t *mcast = NULL;
1751 wpa_suite_ucast_t *ucast = NULL;
1752 wpa_suite_auth_key_mgmt_t *mgmt = NULL;
1753 uint8 *cap = NULL;
1754 uint8 *oui;
1755 #ifdef BCMWPA2
1756 wpa_pmkid_list_t *pmkid = NULL;
1757 #endif
1758 uint16 count;
1759 uint32 m = 0;
1760 uint32 (*akm2auth)(uint32 akm) = NULL;
1761
1762
1763 /* validate ie length */
1764 if (!bcm_valid_tlv((bcm_tlv_t *)ie, ie_len)) {
1765 dbg(wpa->nas, "IE is too short");
1766 return -1;
1767 }
1768
1769 /* type specific header processing */
1770 switch ((type = *ie)) {
1771 #ifdef BCMWPA2
1772 case DOT11_MNG_RSN_ID: {
1773 wpa_rsn_ie_fixed_t *rsnie = (wpa_rsn_ie_fixed_t *)ie;
1774 if (rsnie->length < WPA_RSN_IE_TAG_FIXED_LEN) {
1775 dbg(wpa->nas, "invalid RSN IE header");
1776 return -1;
1777 }
1778 if (ltoh16_ua((uint8 *)&rsnie->version) != WPA2_VERSION) {
1779 dbg(wpa->nas, "unsupported RSN IE version");
1780 return -1;
1781 }
1782 mcast = (wpa_suite_mcast_t *)(rsnie + 1);
1783 len = ie_len - WPA_RSN_IE_FIXED_LEN;
1784 oui = (uint8*)WPA2_OUI;
1785 akm2auth = wpa2_akm2auth;
1786 break;
1787 }
1788 #endif /* BCMWPA2 */
1789 case DOT11_MNG_WPA_ID: {
1790 wpa_ie_fixed_t *wpaie = (wpa_ie_fixed_t *)ie;
1791 if (wpaie->length < WPA_IE_TAG_FIXED_LEN ||
1792 bcmp(wpaie->oui, WPA_OUI "\x01", WPA_IE_OUITYPE_LEN)) {
1793 dbg(wpa->nas, "invalid WPA IE header");
1794 return -1;
1795 }
1796 if (ltoh16_ua((uint8 *)&wpaie->version) != WPA_VERSION) {
1797 dbg(wpa->nas, "unsupported WPA IE version");
1798 return -1;
1799 }
1800 mcast = (wpa_suite_mcast_t *)(wpaie + 1);
1801 len = ie_len - WPA_IE_FIXED_LEN;
1802 oui = (uint8*)WPA_OUI;
1803 akm2auth = wpa_akm2auth;
1804 break;
1805 }
1806 default:
1807 dbg(wpa->nas, "unsupported IE type");
1808 return -1;
1809 }
1810
1811 /* init return values - no mcast cipher and no ucast cipher */
1812 if (wsec)
1813 *wsec = 0;
1814 if (mode)
1815 *mode = 0;
1816 if (pmkc)
1817 *pmkc = 0;
1818 /* Check for multicast suite */
1819 if (len >= WPA_SUITE_LEN) {
1820 if (!bcmp(mcast->oui, oui, DOT11_OUI_LEN)) {
1821 if (wsec)
1822 *wsec |= WPA_CIPHER2WSEC(mcast->type);
1823 }
1824 len -= WPA_SUITE_LEN;
1825 }
1826 /* Check for unicast suite(s) */
1827 if (len >= WPA_IE_SUITE_COUNT_LEN) {
1828 ucast = (wpa_suite_ucast_t *)&mcast[1];
1829 count = ltoh16_ua((uint8 *)&ucast->count);
1830 len -= WPA_IE_SUITE_COUNT_LEN;
1831 if (count != 1) {
1832 dbg(wpa->nas, "# of unicast cipher suites %d", count);
1833 return -1;
1834 }
1835 if (!bcmp(ucast->list[0].oui, oui, DOT11_OUI_LEN)) {
1836 if (wsec)
1837 *wsec |= WPA_CIPHER2WSEC(ucast->list[0].type);
1838 }
1839 len -= WPA_SUITE_LEN;
1840 }
1841 /* Check for auth key management suite(s) */
1842 if (len >= WPA_IE_SUITE_COUNT_LEN) {
1843 mgmt = (wpa_suite_auth_key_mgmt_t *)&ucast->list[1];
1844 count = ltoh16_ua((uint8 *)&mgmt->count);
1845 len -= WPA_IE_SUITE_COUNT_LEN;
1846 if (count != 1) {
1847 dbg(wpa->nas, "# of AKM suites %d", count);
1848 return -1;
1849 }
1850 if (!bcmp(mgmt->list[0].oui, oui, DOT11_OUI_LEN)) {
1851 #ifdef MFP
1852 uint16 keyauth_type = mgmt->list[0].type;
1853 if (keyauth_type == KEYAUTH_SHA256) {
1854 dbg(wpa->nas, "key auth using SHA256");
1855 sta->key_auth_type = KEYAUTH_SHA256;
1856 }
1857 else
1858 #endif
1859 sta->key_auth_type = KEYAUTH_SHA1;
1860
1861 m = wpa_auth2mode(akm2auth(mgmt->list[0].type));
1862 if (mode)
1863 *mode = m;
1864 }
1865 len -= WPA_SUITE_LEN;
1866 }
1867 dbg(wpa->nas, "wsec 0x%x mode 0x%x", *wsec, *mode);
1868
1869 /* Check for capabilities */
1870 if (len >= WPA_CAP_LEN) {
1871 cap = (uint8 *)&mgmt->list[1];
1872 len -= WPA_CAP_LEN;
1873 }
1874
1875 #ifdef BCMWPA2
1876 /* Check for PMKID(s) */
1877 dbg(wpa->nas, "checking for PMK id");
1878 switch (type) {
1879 case DOT11_MNG_RSN_ID: {
1880 uint16 i;
1881 if (len < WPA_IE_SUITE_COUNT_LEN || m != WPA2 || !sta) {
1882 dbg(wpa->nas, "no PMK id");
1883 break;
1884 }
1885 if (pmkc)
1886 *pmkc = -1;
1887 pmkid = (wpa_pmkid_list_t *)(cap + WPA_CAP_LEN);
1888 count = ltoh16_ua((uint8 *)&pmkid->count);
1889 for (i = 0, len -= WPA_IE_SUITE_COUNT_LEN;
1890 i < count && len >= WPA2_PMKID_LEN;
1891 i ++, len -= WPA2_PMKID_LEN) {
1892 if (bcmp(pmkid->list[i], sta->suppl.pmkid, WPA2_PMKID_LEN))
1893 continue;
1894 dbg(wpa->nas, "found cached PMK id");
1895 dump(wpa->nas, sta->suppl.pmkid, WPA2_PMKID_LEN);
1896 if (pmkc)
1897 *pmkc = 1;
1898 break;
1899 }
1900 if (pmkc)
1901 if (*pmkc != 1)
1902 dbg(wpa->nas, "NO PMK cache hit");
1903
1904 break;
1905 }
1906 default:
1907 dbg(wpa->nas, "no RSN id");
1908 break;
1909 }
1910 #endif /* BCMWPA2 */
1911
1912 return 0;
1913 }
1914
1915 #ifdef BCMSUPPL
1916 /* decode WPA IE to verify authenticator wsec and auth mode */
1917 /* return 0 if authenticator supports what we are configured for */
1918 static int
1919 wpa_check_ie(wpa_t *wpa, uint8 *ie, int ie_len, uint32 wsec, uint32 mode)
1920 {
1921 int type, len;
1922 wpa_suite_mcast_t *mcast = NULL;
1923 wpa_suite_ucast_t *ucast = NULL;
1924 wpa_suite_auth_key_mgmt_t *mgmt = NULL;
1925 uint8 *oui;
1926 uint16 count = 0, i;
1927 uint32 (*akm2auth)(uint32 akm) = NULL;
1928
1929 /* validate ie length */
1930 if (!bcm_valid_tlv((bcm_tlv_t *)ie, ie_len)) {
1931 dbg(wpa->nas, "IE is too short");
1932 return -1;
1933 }
1934
1935 /* type specific header processing */
1936 switch ((type = *ie)) {
1937 #ifdef BCMWPA2
1938 case DOT11_MNG_RSN_ID: {
1939 wpa_rsn_ie_fixed_t *rsnie = (wpa_rsn_ie_fixed_t *)ie;
1940 if (rsnie->length < WPA_RSN_IE_TAG_FIXED_LEN) {
1941 dbg(wpa->nas, "invalid RSN IE header");
1942 return -1;
1943 }
1944 if (ltoh16_ua((uint8 *)&rsnie->version) != WPA2_VERSION) {
1945 dbg(wpa->nas, "unsupported RSN IE version");
1946 return -1;
1947 }
1948 mcast = (wpa_suite_mcast_t *)&rsnie[1];
1949 len = ie_len - WPA_RSN_IE_FIXED_LEN;
1950 oui = (uint8 *)WPA2_OUI;
1951 akm2auth = wpa2_akm2auth;
1952 break;
1953 }
1954 #endif /* BCMWPA2 */
1955 case DOT11_MNG_WPA_ID: {
1956 wpa_ie_fixed_t *wpaie = (wpa_ie_fixed_t *)ie;
1957 if (wpaie->length < WPA_IE_TAG_FIXED_LEN ||
1958 bcmp(wpaie->oui, WPA_OUI "\x01", WPA_IE_OUITYPE_LEN)) {
1959 dbg(wpa->nas, "invalid WPA IE header");
1960 return -1;
1961 }
1962 if (ltoh16_ua((uint8 *)&wpaie->version) != WPA_VERSION) {
1963 dbg(wpa->nas, "unsupported WPA IE version");
1964 return -1;
1965 }
1966 mcast = (wpa_suite_mcast_t *)&wpaie[1];
1967 len = ie_len - WPA_IE_FIXED_LEN;
1968 oui = (uint8 *)WPA_OUI;
1969 akm2auth = wpa_akm2auth;
1970 break;
1971 }
1972 default:
1973 dbg(wpa->nas, "unsupported IE type");
1974 return -1;
1975 }
1976
1977 /* Check for multicast suite */
1978 if (len >= WPA_SUITE_LEN) {
1979 if (!bcmp(mcast->oui, oui, DOT11_OUI_LEN))
1980 wsec &= ~WPA_CIPHER2WSEC(mcast->type);
1981 len -= WPA_SUITE_LEN;
1982 }
1983 /* Check for unicast suite(s) */
1984 if (len >= WPA_IE_SUITE_COUNT_LEN) {
1985 ucast = (wpa_suite_ucast_t *)&mcast[1];
1986 count = ltoh16_ua((uint8 *)&ucast->count);
1987 for (i = 0, len -= WPA_IE_SUITE_COUNT_LEN;
1988 i < count && len >= WPA_SUITE_LEN;
1989 i ++, len -= WPA_SUITE_LEN) {
1990 if (!bcmp(ucast->list[i].oui, oui, DOT11_OUI_LEN))
1991 wsec &= ~WPA_CIPHER2WSEC(ucast->list[i].type);
1992 }
1993 }
1994 /* Check for auth key management suite(s) */
1995 if (len >= WPA_IE_SUITE_COUNT_LEN) {
1996 mgmt = (wpa_suite_auth_key_mgmt_t *)&ucast->list[count];
1997 count = ltoh16_ua((uint8 *)&mgmt->count);
1998 for (i = 0, len -= WPA_IE_SUITE_COUNT_LEN;
1999 i < count && len >= WPA_SUITE_LEN;
2000 i ++, len -= WPA_SUITE_LEN) {
2001 if (!bcmp(mgmt->list[i].oui, oui, DOT11_OUI_LEN))
2002 mode &= ~wpa_auth2mode(akm2auth(mgmt->list[i].type));
2003 }
2004 }
2005
2006 return wsec + mode;
2007 }
2008 #endif /* BCMSUPPL */
2009
2010 /* parse WPA IE to retrieve key algo (converted from WPA cipher) */
2011 static int
2012 wpa_find_mckey_algo(wpa_t *wpa, uint8 *ie, int ie_len)
2013 {
2014 int len;
2015 wpa_suite_mcast_t *mcast;
2016 uint8 *oui;
2017
2018 /* validate ie length */
2019 if (!bcm_valid_tlv((bcm_tlv_t *)ie, ie_len)) {
2020 dbg(wpa->nas, "IE is too short");
2021 return -1;
2022 }
2023
2024 /* type specific header processing */
2025 switch (*ie) {
2026 #ifdef BCMWPA2
2027 case DOT11_MNG_RSN_ID: {
2028 wpa_rsn_ie_fixed_t *rsnie = (wpa_rsn_ie_fixed_t *)ie;
2029 if (rsnie->length < WPA_RSN_IE_TAG_FIXED_LEN) {
2030 dbg(wpa->nas, "invalid RSN IE header");
2031 return -1;
2032 }
2033 if (ltoh16_ua((uint8 *)&rsnie->version) != WPA2_VERSION) {
2034 dbg(wpa->nas, "unsupported RSN IE version");
2035 return -1;
2036 }
2037 mcast = (wpa_suite_mcast_t *)(rsnie + 1);
2038 len = ie_len - WPA_RSN_IE_FIXED_LEN;
2039 oui = (uint8*)WPA2_OUI;
2040 break;
2041 }
2042 #endif /* BCMWPA2 */
2043 case DOT11_MNG_WPA_ID: {
2044 wpa_ie_fixed_t *wpaie = (wpa_ie_fixed_t *)ie;
2045 if (wpaie->length < WPA_IE_TAG_FIXED_LEN ||
2046 bcmp(wpaie->oui, WPA_OUI "\x01", WPA_IE_OUITYPE_LEN)) {
2047 dbg(wpa->nas, "invalid WPA IE header");
2048 return -1;
2049 }
2050 if (ltoh16_ua((uint8 *)&wpaie->version) != WPA_VERSION) {
2051 dbg(wpa->nas, "unsupported WPA IE version");
2052 return -1;
2053 }
2054 mcast = (wpa_suite_mcast_t *)(wpaie + 1);
2055 len = ie_len - WPA_IE_FIXED_LEN;
2056 oui = (uint8*)WPA_OUI;
2057 break;
2058 }
2059 default:
2060 dbg(wpa->nas, "unsupported IE type");
2061 return -1;
2062 }
2063
2064 /* Check for multicast suite */
2065 if (len >= WPA_SUITE_LEN) {
2066 if (!bcmp(mcast->oui, oui, DOT11_OUI_LEN))
2067 return WPA_CIPHER2ALGO(mcast->type);
2068 }
2069
2070 return CRYPTO_ALGO_OFF;
2071 }
2072
2073 /* setup supplicant info in sta stucture */
2074 /*
2075 * wsec - crypto bitvec, WEP_ENABLED/TKIP_ENABLED/AES_ENABLED
2076 * algo - key algo, CRYPRO_ALGO_WEPXXXX, only when WEP_ENABLED
2077 */
2078 int
2079 wpa_set_suppl(wpa_t *wpa, nas_sta_t *sta, uint32 mode, uint32 wsec, uint32 algo)
2080 {
2081 nas_t *nas = wpa->nas;
2082 /* check if we support the requested mode */
2083 if (mode != (mode & nas->mode)) {
2084 dbg(wpa->nas, "not supported mode 0x%x", mode);
2085 return 1;
2086 }
2087 /* check if we support the requested cipher */
2088 if (wsec != (wsec & nas->wsec)) {
2089 dbg(wpa->nas, "not supported wsec 0x%x", wsec);
2090 return 1;
2091 }
2092 /* update sta supplicant info */
2093 #ifdef MFP
2094 if (sta->key_auth_type == KEYAUTH_SHA256) {
2095 dbg(wpa->nas, "PMF AES");
2096 sta->suppl.ptk_len = AES_PTK_LEN;
2097 sta->suppl.tk_len = AES_TK_LEN;
2098 sta->suppl.desc = WPA_KEY_DESC_V3;
2099 }
2100 else
2101 #endif
2102 if (WSEC_AES_ENABLED(wsec)) {
2103 dbg(wpa->nas, "AES");
2104 sta->suppl.ptk_len = AES_PTK_LEN;
2105 sta->suppl.tk_len = AES_TK_LEN;
2106 sta->suppl.desc = WPA_KEY_DESC_V2;
2107 }
2108 else if (WSEC_TKIP_ENABLED(wsec)) {
2109 dbg(wpa->nas, "TKIP");
2110 sta->suppl.ptk_len = TKIP_PTK_LEN;
2111 sta->suppl.tk_len = TKIP_TK_LEN;
2112 sta->suppl.desc = WPA_KEY_DESC_V1;
2113 }
2114 else {
2115 dbg(wpa->nas, "unsupported WPA unicast ciphers");
2116 return 1;
2117 }
2118 dbg(wpa->nas, "ptk_len %d tk_len %d", sta->suppl.ptk_len, sta->suppl.tk_len);
2119 sta->mode = mode;
2120 sta->eapol_version = WPA_EAPOL_VERSION;
2121
2122 #ifdef BCMWPA2
2123 if (mode & (WPA2 | WPA2_PSK))
2124 sta->eapol_version = WPA2_EAPOL_VERSION;
2125 #endif /* BCMWPA2 */
2126
2127 sta->wsec = wsec;
2128 sta->algo = algo;
2129
2130 dbg(wpa->nas, "mode %d wsec %d algo %d", mode, wsec, algo);
2131 return 0;
2132 }
2133
2134 /* This function does what we used to do with the EAPOL key message
2135 * synthesized by the driver, except that now there's no EAPOL key
2136 * message.
2137 */
2138 int
2139 wpa_driver_assoc_msg(wpa_t *wpa, bcm_event_t *dpkt, nas_sta_t *sta)
2140 {
2141 nas_t *nas = wpa->nas;
2142 wl_event_msg_t *event = &(dpkt->event);
2143 uint8 *data = (uint8 *)(event + 1);
2144 uint16 len = ntoh32(event->datalen);
2145 uint32 mode, wsec;
2146 itimer_status_t ts;
2147 #ifdef BCMDBG
2148 char eabuf[ETHER_ADDR_STR_LEN];
2149 #endif
2150 uint32 algo, pmkc;
2151 wpa_ie_fixed_t *wpaie;
2152 uint8 *parse = data;
2153 int parse_len = len;
2154 int wpaie_len = 0;
2155
2156
2157 #ifdef BCMWPA2
2158 sta_info_t *sta_info;
2159 char sta_info_buf[300] __attribute__((aligned(4)));
2160 #endif
2161
2162 dbg(nas, "nas->wsec 0x%x nas->mode 0x%x", nas->wsec, nas->mode);
2163
2164 /* reset WPA IE length */
2165 sta->suppl.assoc_wpaie_len = 0;
2166
2167 /* search WPA IE */
2168 wpaie = bcm_find_wpaie(parse, parse_len);
2169 #ifdef BCMWPA2
2170 /* search RSN IE */
2171 if (!wpaie)
2172 wpaie = (wpa_ie_fixed_t *)bcm_parse_tlvs(data, len, DOT11_MNG_RSN_ID);
2173 #endif /* BCMWPA2 */
2174 if (wpaie)
2175 wpaie_len = wpaie->length + TLV_HDR_LEN;
2176
2177 /* non-WPA sta comes in without WPA IE */
2178 if (!wpaie_len && WSEC_WEP_ENABLED(nas->wsec)) {
2179 /* Authorize sta right away if we are configured to do WEP. */
2180 if (!(nas->mode & RADIUS)) {
2181 nas_set_key(nas, &sta->ea, nas->wpa->gtk, nas->wpa->gtk_len,
2182 nas->wpa->gtk_index, 0, 0, 0);
2183 dbg(nas, "authorize %s (WEP)", ether_etoa((uchar *)&sta->ea, eabuf));
2184 nas_authorize(nas, &sta->ea);
2185 return 0;
2186 }
2187 /* 802.1x request */
2188 else {
2189 sta->mode = RADIUS;
2190 sta->wsec = WEP_ENABLED;
2191 sta->algo = CRYPTO_ALGO_WEP128;
2192 dbg(wpa->nas, "mode %d wsec %d algo %d", sta->mode,
2193 sta->wsec, sta->algo);
2194 return 0;
2195 }
2196 }
2197
2198 /* WPA capabilities, used in IE contruction */
2199 if ((nas->flags & NAS_FLAG_SUPPLICANT) &&
2200 nas_get_wpacap(nas, wpa->cap)) {
2201 dbg(nas, "WPA capabilities retrival failed");
2202 return 1;
2203 }
2204
2205 /* If there was a stale timer descriptor, get rid of it. */
2206 wpa_stop_retx(sta);
2207 sta->retries = 0;
2208
2209 /* Check supplicant WPA IE against NAS config */
2210 if (nas->flags & NAS_FLAG_AUTHENTICATOR) {
2211 if (wpa_parse_ie(wpa, (uint8*)wpaie, wpaie_len, &wsec, &mode, &pmkc, sta)) {
2212 dbg(nas, "parse supplicant WPA IE failed");
2213 dump(nas, data, len);
2214 return 1;
2215 }
2216
2217 }
2218 #ifdef BCMSUPPL
2219 /* check authenticator WPA IE to see if it supports our config */
2220 else {
2221 if (wpa_check_ie(wpa, (uint8*)wpaie, wpaie_len, nas->wsec, nas->mode)) {
2222 dbg(nas, "check authenticator WPA IE failed");
2223 dump(nas, data, len);
2224 return 1;
2225 }
2226 wsec = nas->wsec;
2227 mode = nas->mode;
2228 }
2229 #endif /* BCMSUPPL */
2230
2231 /* find mcast key algo. only needed when WEP as mcast key */
2232 algo = wpa_find_mckey_algo(wpa, (uint8*)wpaie, wpaie_len);
2233
2234 /* update supplicant info */
2235 if (wpa_set_suppl(wpa, sta, mode, wsec, algo)) {
2236 dbg(nas, "update STA suppl struct failed");
2237 return 1;
2238 }
2239
2240 sta->wpa_msg_timeout_s = RETRY_SECS;
2241 sta->wpa_msg_timeout_ms = RETRY_MSECS;
2242
2243 #ifdef BCMWPA2
2244 if ((sta->mode & WPA2) || (sta->mode & WPA2_PSK)) {
2245 /* Query the Driver for the STA capabilities */
2246 bzero(sta_info_buf, 300);
2247 nas_get_stainfo(nas, (char *)&sta->ea, sizeof(struct ether_addr), sta_info_buf,
2248 300);
2249 sta_info = (sta_info_t *)sta_info_buf;
2250 dbg(nas, "sta_info ver: %d listen_interval_ms: %dms",
2251 sta_info->ver, sta_info->listen_interval_inms);
2252 sta->wpa_msg_timeout_s = WPA2_DEFAULT_RETRY_SECS;
2253 sta->wpa_msg_timeout_ms = WPA2_DEFAULT_RETRY_MSECS;
2254 sta->listen_interval_ms = sta_info->listen_interval_inms;
2255 }
2256 #endif /* BCMWPA2 */
2257 /* Save the WPA IE */
2258 bcopy((uint8*)wpaie, sta->suppl.assoc_wpaie, wpaie_len);
2259 sta->suppl.assoc_wpaie_len = wpaie_len;
2260
2261 if (CHECK_PSK(sta->mode)) {
2262 sta->suppl.pmk_len = wpa->pmk_len;
2263 bcopy(wpa->pmk, sta->suppl.pmk, wpa->pmk_len);
2264 }
2265
2266 #ifdef BCMSUPPL
2267 /* No need to start handshake for supplicant */
2268 if (nas->flags & NAS_FLAG_SUPPLICANT) {
2269 /* fill the snonce */
2270 bcopy(wpa->global_key_counter, sta->suppl.snonce, NONCE_LEN);
2271 wpa_incr_gkc(wpa);
2272 dbg(nas, "done");
2273 return 0;
2274 }
2275 #endif /* BCMSUPPL */
2276
2277 /* If STA wants TKIP and we're in countermeasures, toss
2278 * it. Driver will block these, but there's a race early
2279 * in the period making this check is necessary.
2280 */
2281 if (nas->MIC_countermeasures && WSEC_TKIP_ENABLED(wsec)) {
2282 cleanup_sta(nas, sta, DOT11_RC_MIC_FAILURE, 0);
2283 return 0;
2284 }
2285
2286 /* Get the anonce */
2287 bcopy(wpa->global_key_counter, sta->suppl.anonce, NONCE_LEN);
2288 wpa_incr_gkc(wpa);
2289
2290 #ifdef MFP2
2291 wpa_initialize_ipn(wpa);
2292 #endif
2293
2294 /* The driver could have a stale pairwise key which would cause the
2295 * exchange to be encrypted. Be sure it's cleared.
2296 */
2297 nas_set_key(nas, &sta->ea, NULL, 0, 0, 0, 0, 0);
2298 sta->suppl.retry_state = sta->suppl.state;
2299 sta->suppl.state = WPA_PTKSTART;
2300
2301 /* WPA mode needs RADIUS server acceptance before beginning
2302 * the 4-way handshake.
2303 */
2304 if (sta->mode & WPA) {
2305 /* send Identity Request */
2306 send_identity_req(nas, sta);
2307 return 0;
2308 }
2309 #ifdef BCMWPA2
2310 /* WPA2 supports PMK caching. */
2311 else if (sta->mode & WPA2) {
2312 dbg(nas, "checking for a PMK Cache");
2313 /* pmk found and valid, start 4-way */
2314 if (pmkc == 1 && sta->pae.ssnto)
2315 ;
2316 else {
2317 /* send Identity Request */
2318 send_identity_req(nas, sta);
2319 return 0;
2320 }
2321 }
2322 else if (sta->mode & WPA2_PSK) {
2323 /*
2324 * Calculate the PMK ID for the PSK case.
2325 * In the WPA2 case it gets done when the Radius Accept is received
2326 */
2327 nas_wpa_calc_pmkid(wpa, sta);
2328 }
2329 #endif /* BCMWPA2 */
2330
2331 /* send the initial pkt in the 4 way exchange */
2332 sta->retries = 0;
2333 if (wpa_send_eapol(wpa, sta) == FALSE)
2334 return 1;
2335
2336 wpa->ptk_rekey_secs = 0;
2337 wpa->ptk_rekey_timer = 0;
2338
2339 /* move to next state */
2340 sta->suppl.retry_state = sta->suppl.state;
2341 sta->suppl.state = WPA_PTKINITNEGOTIATING;
2342
2343 /* set a timeout for retransmission */
2344 ts = wpa_set_itimer(nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2345 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2346 if (ts != ITIMER_OK)
2347 dbg(nas, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts);
2348
2349 dbg(nas, "done");
2350 return 0;
2351 }
2352
2353 static int
2354 wpa_new_ptk_callback(bcm_timer_id td, wpa_t *wpa)
2355 {
2356 nas_t *nas = wpa->nas;
2357 nas_sta_t *sta = nas->sta;
2358 itimer_status_t ts;
2359
2360 dbg(nas, "nas->wsec %d", nas->wsec);
2361
2362 /* If there was a stale timer descriptor, get rid of it. */
2363 wpa_stop_retx(sta);
2364 sta->retries = 0;
2365
2366 /* No need to start handshake for supplicant */
2367 if (nas->flags & NAS_FLAG_SUPPLICANT) {
2368 dbg(nas, "done");
2369 return 0;
2370 }
2371
2372 /* Get the anonce */
2373 bcopy(wpa->global_key_counter, sta->suppl.anonce, NONCE_LEN);
2374 wpa_incr_gkc(wpa);
2375
2376 sta->suppl.retry_state = sta->suppl.state;
2377 sta->suppl.state = WPA_PTKSTART;
2378
2379 /* send the initial pkt in the 4 way exchange */
2380 sta->retries = 0;
2381 if (wpa_send_eapol(wpa, sta) == FALSE)
2382 return 1;
2383
2384 /* move to next state */
2385 sta->suppl.retry_state = sta->suppl.state;
2386 sta->suppl.state = WPA_PTKINITNEGOTIATING;
2387
2388 /* set a timeout for retransmission */
2389 ts = wpa_set_itimer(nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2390 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2391 if (ts != ITIMER_OK)
2392 dbg(nas, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts);
2393
2394 dbg(nas, "done");
2395 return 0;
2396 }
2397
2398 /*
2399 * WDS notes:
2400 *
2401 * 1. We need to send out EAPOL key message with WPA_KEY_REQ bit set to
2402 * the originating STA if we are supplicant so that the authenticator
2403 * on that STA can initiate the key exchange.
2404 * 2. We need to initiate key exchange with the originating STA if we are
2405 * authenticator and no key exchange is currently in progress.
2406 */
2407 int wpa_driver_disassoc_msg(wpa_t *wpa, bcm_event_t *dpkt, nas_sta_t *sta)
2408 {
2409 wl_event_msg_t *event = &(dpkt->event);
2410 uint8 *data = (uint8 *)(event + 1);
2411 uint16 len = ntoh32(event->datalen);
2412
2413 nas_t *nas = wpa->nas;
2414 uint16 reason;
2415 #ifdef BCMDBG
2416 char eabuf[ETHER_ADDR_STR_LEN];
2417 #endif
2418
2419 /* non-WDS processing */
2420 if (!(nas->flags & NAS_FLAG_WDS)) {
2421 /* free sta */
2422 return 1;
2423 }
2424
2425 /* we must check reason code and then decide what to do */
2426 if (len != 2) {
2427 dbg(nas, "reason code length error in driver disassoc message");
2428 return 1;
2429 }
2430 /* TODO:reason = *(uint16 *)(dpkt+1); */
2431 reason = *(uint16 *) data;
2432 reason = ntoh16(reason);
2433 if (reason != DOT11_RC_AUTH_INVAL) {
2434 dbg(nas, "reason code is not DOT11_RC_AUTH_INVAL");
2435 return 1;
2436 }
2437
2438 /* use existing sta or create a new one */
2439 if (!sta) {
2440 sta = lookup_sta(nas, (struct ether_addr *)&dpkt->eth.ether_shost,
2441 SEARCH_ENTER);
2442 if (!sta) {
2443 dbg(nas, "sta %s not available", ether_etoa((uchar *)&dpkt->eth.ether_shost,
2444 eabuf));
2445 return 1;
2446 }
2447 }
2448
2449 /* don't interrupt on-going negotiation */
2450 if (sta->td) {
2451 dbg(nas, "sta %s is busy", ether_etoa((uchar *)&dpkt->eth.ether_shost, eabuf));
2452 return 0;
2453 }
2454
2455
2456 #ifdef BCMSUPPL
2457 /* we are supplicant */
2458 if (nas->flags & NAS_FLAG_SUPPLICANT)
2459 wpa_request(wpa, sta);
2460 #endif
2461 /* we are authenticator and no key exchange in progress */
2462 if (nas->flags & NAS_FLAG_AUTHENTICATOR)
2463 wpa_start(wpa, sta);
2464
2465 dbg(nas, "done");
2466 return 0;
2467 }
2468
2469 /* */
2470 static int
2471 wpa_verifystart(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2472 {
2473 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2474 nas_t *nas = wpa->nas;
2475 uint32 mode;
2476
2477 /* Is this a eapol-wpa-key request pkt */
2478 if ((ntohs(body->key_info) & WPA_KEY_REQ) == 0) {
2479 dbg(nas, "This was not a request pkt");
2480 return 1;
2481 }
2482
2483 /* ensure the timer was cleared */
2484 wpa_stop_retx(sta);
2485
2486 /* check supplicant auth mode. */
2487 if (wpa_parse_ie(wpa, body->data, ntohs(body->data_len), NULL, &mode, NULL, NULL)) {
2488 dbg(nas, "parse supplicant WPA IE failed");
2489 return 1;
2490 }
2491 if ((mode & nas->mode) != mode) {
2492 dbg(nas, "unsupported mode 0x%x", mode);
2493 return 1;
2494 }
2495
2496 /* Save the WPA IE */
2497 bcopy(body->data, sta->suppl.assoc_wpaie, ntohs(body->data_len));
2498 sta->suppl.assoc_wpaie_len = ntohs(body->data_len);
2499
2500 /* Get the anonce */
2501 bcopy(wpa->global_key_counter, sta->suppl.anonce, NONCE_LEN);
2502 wpa_incr_gkc(wpa);
2503
2504 /* Move to next state */
2505 sta->suppl.retry_state = sta->suppl.state;
2506 sta->suppl.state = WPA_PTKSTART;
2507 sta->retries = 0;
2508 return 0;
2509 }
2510
2511
2512 static int
2513 wpa_ptkstart(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2514 {
2515 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2516 unsigned short key_info;
2517 itimer_status_t ts;
2518
2519 /* Is this a key request? */
2520 if (!((key_info = ntohs(body->key_info)) & WPA_KEY_REQ)) {
2521 dbg(wpa->nas, "invalid EAPOL WPA key request");
2522 return 0;
2523 }
2524 if ((key_info & WPA_KEY_ERROR) != 0) {
2525 dbg(wpa->nas, "KEY_ERROR flag set during PTKINIT");
2526 return 1;
2527 }
2528 /* ensure the timer was cleared */
2529 wpa_stop_retx(sta);
2530
2531 /* send the initial pkt in the 4 way exchange */
2532 sta->retries = 0;
2533 if (wpa_send_eapol(wpa, sta) == FALSE)
2534 return 1;
2535
2536 /* move to next state */
2537 sta->suppl.retry_state = sta->suppl.state;
2538 sta->suppl.state = WPA_PTKINITNEGOTIATING;
2539
2540 /* set a timeout for retransmission */
2541 ts = wpa_set_itimer(wpa->nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2542 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2543 if (ts != ITIMER_OK)
2544 dbg(wpa->nas, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts);
2545
2546 dbg(wpa->nas, "done");
2547 return 0;
2548 }
2549
2550 static void
2551 wpa_goto_rekeyneg(nas_sta_t *sta)
2552 {
2553 dbg(sta->nas, "Falling thru to group key negotiation");
2554
2555 wpa_ptkinitdone2(sta->nas->wpa, sta);
2556 }
2557
2558 static int
2559 wpa_ptkinitnegotiating(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2560 {
2561 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2562 ushort key_info, wpaie_len;
2563 unsigned int required_flags, prohibited_flags;
2564 itimer_status_t ts;
2565
2566 /* Check that the packet looks like the correct response */
2567 required_flags = WPA_KEY_PAIRWISE | WPA_KEY_MIC;
2568 prohibited_flags = WPA_KEY_ACK | WPA_KEY_INDEX_MASK;
2569 key_info = ntohs(body->key_info);
2570
2571 if (((key_info & required_flags) != required_flags) ||
2572 ((key_info & prohibited_flags) != 0)) {
2573 dbg(wpa->nas, "Ignoring key response with incorrect key_info 0x%04x",
2574 key_info);
2575 return 0;
2576 }
2577
2578 /* check the replay counter */
2579 if (bcmp(body->replay, sta->suppl.replay, REPLAY_LEN) != 0) {
2580 /* Ignore this message */
2581 dbg(wpa->nas, "failed replay check; ignoring");
2582 return 0;
2583 }
2584
2585 /* kill timeouts from previous state */
2586 wpa_stop_retx(sta);
2587
2588 /* Check the WPA IE */
2589 wpaie_len = ntohs(body->data_len);
2590 if (!wpaie_len || wpaie_len != sta->suppl.assoc_wpaie_len ||
2591 bcmp(body->data, sta->suppl.assoc_wpaie, wpaie_len) != 0) {
2592 dbg(wpa->nas, "WPA IE mismatch");
2593 dbg(wpa->nas, "WPA IE in 4-way handshake message #2");
2594 dump(wpa->nas, body->data, wpaie_len);
2595 dbg(wpa->nas, "WPA IE in driver assoc indication");
2596 dump(wpa->nas, sta->suppl.assoc_wpaie, wpaie_len);
2597 return 1;
2598 }
2599
2600 /* Get the snonce */
2601 bcopy(body->nonce, sta->suppl.snonce, NONCE_LEN);
2602
2603 /* generate the PTK */
2604 wpa_calc_ptk(wpa, sta);
2605
2606 /* check the MIC */
2607 if (wpa_check_mic(sta, eapol) == FALSE) {
2608 /* "Silently" discard (8.5.3.2) */
2609 dbg(wpa->nas, "MIC check failed; ignoring message");
2610 ts = wpa_set_itimer(wpa->nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2611 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2612 if (ts != ITIMER_OK)
2613 dbg(wpa->nas, "Setting PTKSTART retry interval timer failed, code %d", ts);
2614 return 0;
2615 }
2616
2617 /* increment the replay counter */
2618 wpa_incr_array(sta->suppl.replay, REPLAY_LEN);
2619
2620 /* send pkt 3 */
2621 sta->retries = 0;
2622 if (wpa_send_eapol(wpa, sta) == FALSE)
2623 return 1;
2624
2625 /* install the special handler to fall thru to group key exchange if
2626 * sending m3 of 4-way handshake exceeds max. retries, which basically
2627 * means m3 or m4 is lost
2628 */
2629 if (sta->mode & (WPA | WPA_PSK))
2630 sta->retx_exceed_hndlr = wpa_goto_rekeyneg;
2631
2632 /* set a timeout for retransmission */
2633 ts = wpa_set_itimer(wpa->nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2634 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2635 if (ts != ITIMER_OK)
2636 dbg(wpa->nas, "Setting PTKINITDONE retry interval timer failed, code %d", ts);
2637
2638 /* move to next state */
2639 sta->suppl.retry_state = sta->suppl.state;
2640 sta->suppl.state = WPA_PTKINITDONE;
2641 dbg(wpa->nas, "done");
2642 return 0;
2643 }
2644
2645 static int
2646 wpa_ptkinitdone(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2647 {
2648 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2649 nas_t *nas = wpa->nas;
2650 ushort key_info;
2651 unsigned int required_flags, prohibited_flags;
2652
2653 /* Check that the packet looks like the correct response */
2654 required_flags = WPA_KEY_PAIRWISE | WPA_KEY_MIC;
2655 #ifdef BCMWPA2
2656 if ((sta->mode & (WPA2 | WPA2_PSK)))
2657 required_flags |= WPA_KEY_SECURE;
2658 #endif
2659 if (nas->flags & NAS_FLAG_WDS)
2660 required_flags |= WPA_KEY_SECURE;
2661 prohibited_flags = WPA_KEY_ACK | WPA_KEY_INDEX_MASK;
2662 key_info = ntohs(body->key_info);
2663
2664 if (((key_info & required_flags) != required_flags) ||
2665 ((key_info & prohibited_flags) != 0)) {
2666 dbg(nas, "Ignoring key response with incorrect key_info 0x%04x",
2667 key_info);
2668 return 0;
2669 }
2670
2671 /* check the replay counter */
2672 if (bcmp(body->replay, sta->suppl.replay, REPLAY_LEN) != 0) {
2673 /* Ignore this message. */
2674 dbg(nas, "failed replay check; ignoring");
2675 return 0;
2676 }
2677
2678 /* check the MIC */
2679 if (wpa_check_mic(sta, eapol) == FALSE) {
2680 /* "silently" discard (8.5.3.4) */
2681 dbg(nas, "MIC check failed; ignoring message");
2682 return 0;
2683 }
2684
2685 /* Update key and start group key exchange if necessary */
2686 return wpa_ptkinitdone2(wpa, sta);
2687 }
2688
2689 /* plumb the pairwise key and start group key exchange */
2690 static int
2691 wpa_ptkinitdone2(wpa_t *wpa, nas_sta_t *sta)
2692 {
2693 nas_t *nas = wpa->nas;
2694 itimer_status_t ts;
2695 #ifdef BCMDBG
2696 char eabuf[ETHER_ADDR_STR_LEN];
2697 #endif
2698
2699 /* kill timeouts from previous state */
2700 wpa_stop_retx(sta);
2701
2702 /* plumb pairwise key */
2703 if (nas_set_key(nas, &sta->ea, sta->suppl.temp_encr_key,
2704 sta->suppl.tk_len, 0, 1, 0, 0) < 0) {
2705 dbg(nas, "unicast key rejected by driver, assuming too many associated STAs");
2706 cleanup_sta(nas, sta, DOT11_RC_BUSY, 0);
2707 return 0;
2708 }
2709
2710 /* not perform group key exchange if not required so */
2711 if ((nas->flags & NAS_FLAG_WDS) ||
2712 CHECK_WPA2(sta->mode)) {
2713 if (sta->wds_td)
2714 TIMER_DELETE(sta->wds_td);
2715
2716 nas_sleep_ms(500);
2717
2718 /* Authorize supplicant */
2719 dbg(nas, "authorize %s (WPA)", ether_etoa((uchar *)&sta->ea, eabuf));
2720 nas_authorize(nas, &sta->ea);
2721
2722 sta->suppl.state = sta->suppl.retry_state = WPA_SETKEYSDONE;
2723
2724 return 0;
2725 }
2726
2727 /* increment the replay counter */
2728 wpa_incr_array(sta->suppl.replay, REPLAY_LEN);
2729
2730 /* Initiate the group key exchange */
2731 sta->suppl.state = WPA_REKEYNEGOTIATING;
2732
2733 /* set the GTK if not already done */
2734 if (!(nas->flags & NAS_FLAG_GTK_PLUMBED)) {
2735 wpa_init_gtk(wpa, sta);
2736 #ifdef MFP2
2737 wpa_gen_igtk(wpa);
2738 wpa->igtk.id = IGTK_NEXT_INDEX(wpa);
2739 #endif
2740 }
2741 else {
2742
2743 if (nas_get_group_rsc(nas, &wpa->gtk_rsc[0], wpa->gtk_index)) {
2744 /* Don't use what we don't have. */
2745 memset(wpa->gtk_rsc, 0, sizeof(wpa->gtk_rsc));
2746 dbg(nas, "failed to find group key RSC");
2747 }
2748 }
2749
2750 sta->retries = 0;
2751 if (wpa_send_eapol(wpa, sta) == FALSE) {
2752 return 1;
2753 }
2754 sta->suppl.retry_state = WPA_REKEYNEGOTIATING;
2755
2756 /* set a timeout for retransmission */
2757 ts = wpa_set_itimer(nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
2758 (int) sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms);
2759 if (ts != ITIMER_OK)
2760 dbg(nas, "Setting REKEYNEGOTIATING retry interval timer failed, code %d", ts);
2761 return 0;
2762 }
2763
2764 static void
2765 wpa_rekeyneg(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2766 {
2767 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2768 ushort key_info;
2769 unsigned int required_flags, prohibited_flags;
2770 #ifdef BCMDBG
2771 char eabuf[ETHER_ADDR_STR_LEN];
2772 #endif
2773
2774 /* Check that the packet looks like the correct response.
2775 * WPA_KEY_ERROR is not really "prohibited". It's set as
2776 * though it is to simplify its special case.
2777 */
2778 required_flags = WPA_KEY_SECURE | WPA_KEY_MIC;
2779 prohibited_flags = WPA_KEY_ACK | WPA_KEY_PAIRWISE | WPA_KEY_ERROR;
2780 key_info = ntohs(body->key_info);
2781
2782 if (((key_info & required_flags) != required_flags) ||
2783 ((key_info & prohibited_flags) != 0)) {
2784 /* Pick off MIC failure reports and the like that
2785 * arrive while we're in a group key exchange.
2786 */
2787 if ((key_info & WPA_KEY_ERROR) != 0) {
2788 wpa_setkeysdone(wpa, sta, eapol);
2789 } else {
2790 dbg(wpa->nas, "Ignoring key response with incorrect key_info 0x%04x",
2791 key_info);
2792 }
2793 return;
2794 }
2795
2796 /* check the replay counter */
2797 if (bcmp(body->replay, sta->suppl.replay, REPLAY_LEN) != 0) {
2798 /* Ignore the message. */
2799 dbg(wpa->nas, "failed replay check; ignoring");
2800 return;
2801 }
2802
2803 /* check the MIC */
2804 if (wpa_check_mic(sta, eapol) == FALSE) {
2805 dbg(wpa->nas, "MIC check failed; ignoring message");
2806 return;
2807 }
2808
2809 /* kill timeouts from previous state */
2810 wpa_stop_retx(sta);
2811
2812 /* Authorize supplicant */
2813 dbg(wpa->nas, "authorize %s (WPA)", ether_etoa((uchar *)&sta->ea, eabuf));
2814 nas_authorize(wpa->nas, &sta->ea);
2815
2816 /* These states need more thought. */
2817 sta->suppl.state = sta->suppl.retry_state = WPA_SETKEYSDONE;
2818 dbg(wpa->nas, "Group key exchange with %s completed",
2819 ether_etoa((uchar *)&sta->ea, eabuf));
2820
2821 /* set PTK rekey timer */
2822 if (wpa->ptk_rekey_secs) {
2823 itimer_status_t ts = wpa_set_itimer(wpa->nas->timer, &wpa->ptk_rekey_timer,
2824 (bcm_timer_cb)wpa_new_ptk_callback,
2825 (int)wpa, wpa->ptk_rekey_secs, 0);
2826 if (ts != ITIMER_OK)
2827 dbg(wpa->nas, "PTK interval timer set failed, code %d", ts);
2828 }
2829
2830 return;
2831 }
2832
2833 static void
2834 wpa_setkeysdone(wpa_t *wpa, nas_sta_t *sta, eapol_header_t *eapol)
2835 {
2836 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2837 unsigned int required_flags, prohibited_flags, MIC_failure_flags;
2838 ushort key_info;
2839
2840 dbg(wpa->nas, "start");
2841
2842 /* Is this a proper WPA key request? */
2843 required_flags = WPA_KEY_REQ;
2844 prohibited_flags = WPA_KEY_ACK;
2845 key_info = ntohs(body->key_info);
2846 if (((key_info & required_flags) != required_flags) ||
2847 ((key_info & prohibited_flags) != 0)) {
2848
2849 if (((key_info & WPA_KEY_REQ) == 0) &&
2850 !bcmp(body->replay, sta->suppl.replay, REPLAY_LEN)) {
2851 /* Silently ignore redundant tardy reply */
2852 } else {
2853 dbg(wpa->nas, "Ignoring invalid EAPOL WPA key request, key_info 0x%04x",
2854 key_info);
2855 }
2856 return;
2857 }
2858 /* The combination of REQ, ERROR, and MIC is the STA's way
2859 * of informing the authenticator of a MIC failure.
2860 */
2861 MIC_failure_flags = WPA_KEY_ERROR | WPA_KEY_REQ | WPA_KEY_MIC;
2862 if ((key_info & MIC_failure_flags) == MIC_failure_flags) {
2863 wpa_mic_error(wpa, sta, FALSE);
2864 return;
2865 }
2866
2867 if (key_info & WPA_KEY_PAIRWISE) {
2868 /* A STA wants its pairwise key updated. */
2869 sta->suppl.state = WPA_PTKSTART;
2870 /* This will fall into the 4-way handshake on return. */
2871
2872 } else {
2873 /* It's a request to update group keys for all. */
2874 /* Some places in the spec say there should be a 4-way
2875 * handshake for the requester, too.
2876 */
2877 wpa_new_gtk(wpa);
2878 }
2879 dbg(wpa->nas, "done");
2880 return;
2881 }
2882
2883 #ifdef BCMDBG
2884 static char *sta_state[] = {
2885 /* authenticator states */
2886 /* 4 way pkt exchange state machine */
2887 "WPA_DISCONNECT",
2888 "WPA_DISCONNECTED",
2889 "WPA_INITIALIZE",
2890 "WPA_AUTHENTICATION2",
2891 "WPA_INITPMK",
2892 "WPA_INITPSK",
2893 "WPA_PTKSTART",
2894 "WPA_PTKINITNEGOTIATING",
2895 "WPA_PTKINITDONE",
2896 "WPA_UPDATEKEYS",
2897 "WPA_INTEGRITYFAILURE",
2898 "WPA_KEYUPDATE",
2899 /* group key state machine */
2900 "WPA_REKEYNEGOTIATING",
2901 "WPA_KEYERRROR",
2902 "WPA_REKEYESTABLISHED",
2903 /* Authenticator, group key */
2904 "WPA_SETKEYS",
2905 "WPA_SETKEYSDONE",
2906 #ifdef BCMSUPPL
2907 /* supplicant states */
2908 "WPA_SUP_DISCONNECTED",
2909 "WPA_SUP_INITIALIZE",
2910 "WPA_SUP_AUTHENTICATION",
2911 "WPA_SUP_STAKEYSTARTP",
2912 "WPA_SUP_STAKEYSTARTG",
2913 "WPA_SUP_KEYUPDATE"
2914 #endif /* BCMSUPPL */
2915 };
2916 static char*
2917 sta_state_name(int state)
2918 {
2919 return state < sizeof(sta_state)/sizeof(sta_state[0]) ?
2920 sta_state[state] : "unknown";
2921 }
2922 #endif /* BCMDBG */
2923
2924 #ifdef BCMSUPPL
2925 /*
2926 * Traverse a string of 1-byte tag/1-byte length/variable-length value
2927 * triples, returning a pointer to the substring whose first element
2928 * matches tag
2929 */
2930 int
2931 eapol_sup_process_key(wpa_t *wpa, eapol_header_t *eapol, nas_sta_t *sta)
2932 {
2933 eapol_wpa_key_header_t *body = (eapol_wpa_key_header_t *)eapol->body;
2934 ushort key_info = ntohs(body->key_info);
2935 ushort data_len = ntohs(body->data_len);
2936 /* uint8 TSnonce[NONCE_LEN]; */
2937 bool UpdatePTK = FALSE;
2938 #ifdef BCMWPA2
2939 bool UpdateGTK = FALSE;
2940 #endif
2941 eapol_sup_pk_state_t state = EAPOL_SUP_PK_UNKNOWN;
2942
2943 /* get replay counter from recieved frame */
2944 bcopy(body->replay, sta->suppl.replay, REPLAY_LEN);
2945
2946 dbg(wpa->nas, "start");
2947 if (key_info & WPA_KEY_MIC) {
2948 dbg(wpa->nas, "MIC");
2949 if (wpa_check_mic(sta, eapol) == FALSE) {
2950 dbg(wpa->nas, "MIC Failed");
2951 state = EAPOL_SUP_PK_MICFAILED;
2952 } else {
2953 dbg(wpa->nas, "MIC OK");
2954 state = EAPOL_SUP_PK_MICOK;
2955 }
2956 }
2957
2958 #ifdef BCMWPA2
2959 /* decrypt key data field */
2960 if ((sta->mode & (WPA2 | WPA2_PSK)) &&
2961 (key_info & WPA_KEY_ENCRYPTED_DATA))
2962 if (!wpa_decr_key_data(wpa, sta, body)) {
2963 err(wpa->nas, "decryption of key data failed");
2964 nas_handle_error(wpa->nas, 1);
2965 }
2966 #endif /* BCMWPA2 */
2967
2968
2969 if (key_info & WPA_KEY_PAIRWISE) {
2970 sta->suppl.state = WPA_SUP_STAKEYSTARTP;
2971 /* 4-way handshke message 1 - reset state to EAPOL_SUP_PK_MSG1 */
2972 if (!(key_info & WPA_KEY_MIC)) {
2973 nas_set_key(wpa->nas, &sta->ea, NULL, 0, 0, 0, 0, 0);
2974 sta->suppl.pk_state = EAPOL_SUP_PK_MSG1;
2975 }
2976 /* 4-way handshake message 3 - validate current state */
2977 else if (sta->suppl.pk_state != EAPOL_SUP_PK_MSG3)
2978 return state;
2979 }
2980 else
2981 sta->suppl.state = WPA_SUP_STAKEYSTARTG;
2982
2983 /* Per 802.11i spec, silently drop MIC failures */
2984 if (key_info & WPA_KEY_PAIRWISE) {
2985 dbg(wpa->nas, "Pairwise");
2986 /* Pairwise Key */
2987 if (state != EAPOL_SUP_PK_MICFAILED) {
2988 dbg(wpa->nas, "!Failed");
2989 /* bcopy(suppl->snonce, TSNonce, NONCE_LEN); */
2990 if (key_info & WPA_KEY_INSTALL) {
2991 #ifdef BCMWPA2
2992 if ((sta->mode & (WPA2 | WPA2_PSK))) {
2993 bcm_tlv_t *rsnie;
2994 int len = ntohs(body->data_len);
2995
2996 dbg(wpa->nas, "data_len %d", len);
2997
2998 rsnie = bcm_parse_tlvs(body->data, len, DOT11_MNG_RSN_ID);
2999 if (rsnie)
3000 dbg(wpa->nas, "found rsnie");
3001 else
3002 dbg(wpa->nas, "didn't find rsnie");
3003
3004 if (!(UpdateGTK = wpa_extract_gtk(wpa, sta, eapol))) {
3005 err(wpa->nas, "extraction of gtk from eapol message"
3006 " failed");
3007 nas_handle_error(wpa->nas, 1);
3008 }
3009
3010 } else
3011 #endif /* BCMWPA2 */
3012 /* Check message 3 WPA IE against probe response IE. */
3013 if (!data_len || data_len != sta->suppl.assoc_wpaie_len ||
3014 bcmp(body->data, sta->suppl.assoc_wpaie, data_len)) {
3015 dbg(wpa->nas, "WPA IE mismatch");
3016 dbg(wpa->nas, "WPA IE in 4-way handdshake message #3");
3017 dump(wpa->nas, body->data, data_len);
3018 dbg(wpa->nas, "WPA IE in driver assoc indication");
3019 dump(wpa->nas, sta->suppl.assoc_wpaie,
3020 sta->suppl.assoc_wpaie_len);
3021 return EAPOL_SUP_PK_ERROR;
3022 }
3023 }
3024 bcopy(body->nonce, sta->suppl.anonce, NONCE_LEN);
3025 wpa_calc_ptk(wpa, sta);
3026 }
3027
3028 if (state == EAPOL_SUP_PK_MICOK) {
3029 dbg(wpa->nas, "MICOK");
3030 if (key_info & WPA_KEY_INSTALL)
3031 UpdatePTK = TRUE;
3032 else {
3033 dbg(wpa->nas, "INSTALL flag not set in msg 3 key_info; no PTK"
3034 " installed");
3035 }
3036 }
3037 } else if (state == EAPOL_SUP_PK_MICOK) {
3038 dbg(wpa->nas, "Group, MICOK");
3039 #ifdef BCMWPA2
3040 if ((sta->mode & (WPA2 | WPA2_PSK))) {
3041 if (!(UpdateGTK = wpa_extract_gtk(wpa, sta, eapol))) {
3042 err(wpa->nas, "extraction of gtk from eapol message failed");
3043 nas_handle_error(wpa->nas, 1);
3044 }
3045 } else {
3046 #endif /* BCMWPA2 */
3047 /* Group Key */
3048 if (!wpa_decr_gtk(wpa, sta, body)) {
3049 dbg(wpa->nas, "unencrypt failed");
3050 state = EAPOL_SUP_PK_MICFAILED;
3051 } else {
3052 dbg(wpa->nas, "unencrypt ok, plumb gtk");
3053 wpa_plumb_gtk(wpa, key_info & WPA_KEY_INSTALL);
3054 /* nas_deauthenticate(wpa->nas, suppl->ea) */
3055 }
3056 #ifdef BCMWPA2
3057 }
3058 #endif
3059 } else {
3060 dbg(wpa->nas, "Group, !MICOK");
3061 state = EAPOL_SUP_PK_MICFAILED;
3062 }
3063
3064 if ((key_info & WPA_KEY_ACK) && (state != EAPOL_SUP_PK_MICFAILED)) {
3065 dbg(wpa->nas, "ACK, !Failed");
3066 /* Send EAPOL(0, 1, 0, 0, 0, K, 0, TSNonce, 0, MIC(TPTK), 0) */
3067 if (wpa_send_eapol(wpa, sta) == FALSE) {
3068 dbg(wpa->nas, "error: can't send eapol msg to AP");
3069 return EAPOL_SUP_PK_ERROR;
3070 }
3071 }
3072 if (UpdatePTK == TRUE) {
3073 dbg(wpa->nas, "UpdatePTK");
3074 nas_sleep_ms(100);
3075
3076 if (nas_set_key(wpa->nas, &sta->ea, sta->suppl.temp_encr_key, sta->suppl.tk_len, 0,
3077 1, 0, 0) < 0) {
3078 dbg(wpa->nas, "nas_set_key() failed");
3079 nas_deauthenticate(wpa->nas, &sta->ea, DOT11_RC_BUSY);
3080 }
3081 }
3082 #ifdef BCMWPA2
3083 if (UpdateGTK == TRUE) {
3084 dbg(wpa->nas, "UpdateGTK");
3085 wpa_plumb_gtk(wpa, key_info & WPA_KEY_INSTALL);
3086 }
3087 #endif
3088 if ((state == EAPOL_SUP_PK_MICOK) && (key_info & WPA_KEY_SECURE)) {
3089 #ifdef BCMDBG
3090 char eabuf[ETHER_ADDR_STR_LEN];
3091 #endif
3092
3093 /* Authorize authenticator */
3094 dbg(wpa->nas, "authorize %s (WPA)", ether_etoa((uchar *)&sta->ea, eabuf));
3095 nas_authorize(wpa->nas, &sta->ea);
3096
3097 /* We are done! no more retries */
3098 wpa_stop_retx(sta);
3099 if (sta->wds_td)
3100 TIMER_DELETE(sta->wds_td);
3101 }
3102
3103 dbg(wpa->nas, "done");
3104 return state;
3105 }
3106
3107 /* Process a WPA-EAPOL-Key packet at the supplicant */
3108 int
3109 process_sup_wpa(wpa_t *wpa, eapol_header_t *eapol, nas_sta_t *sta)
3110 {
3111 #ifdef BCMDBG
3112 nas_t *nas = wpa->nas;
3113 char eabuf[ETHER_ADDR_STR_LEN];
3114 eapol_wpa_key_header_t *wpa_key = (eapol_wpa_key_header_t *)eapol->body;
3115 uint16 key_info = ntohs(wpa_key->key_info);
3116 #endif
3117
3118 dbg(nas, "start for %s", ether_etoa((uchar *)&sta->ea, eabuf));
3119 dbg(nas, "state %s key info %04x", sta_state_name(sta->suppl.state), key_info);
3120
3121 if (sta->suppl.state == WPA_SUP_AUTHENTICATION)
3122 sta->suppl.state = WPA_SUP_STAKEYSTARTP;
3123 if (sta->suppl.retry_state == WPA_SUP_AUTHENTICATION)
3124 sta->suppl.retry_state = WPA_SUP_STAKEYSTARTP;
3125
3126 /* Proceed with the key exchange... */
3127
3128 /* !!! most of this belongs somewhere else. only STAKEYSTAT is handled here */
3129 /* New WPA state */
3130 switch (sta->suppl.state) {
3131 case WPA_SUP_DISCONNECTED:
3132 dbg(nas, "WPA_SUP_DISCONNECTED");
3133 /* StaDisconnect() */
3134 /* fall through */
3135 case WPA_SUP_INITIALIZE:
3136 dbg(nas, "WPA_SUP_INITIALIZE: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3137 /*
3138 MSK = 0
3139 802.1X:; portEnabled = FALSE
3140 Remove PTK
3141 Remove GTK(0..N)
3142 802.1X:portValid = FALSE
3143 */
3144 break;
3145 case WPA_SUP_AUTHENTICATION:
3146 dbg(nas, "WPA_SUP_AUTHENTICATION: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3147 /*
3148 SNonce = Counter++
3149 PTK=GTK(0..N) = 0
3150 CANonce = 0
3151 802.1X::portValid = FALSE
3152 802.1X::portControl = Auto
3153 802.1X::portEnabled = FALSE
3154 */
3155 break;
3156 case WPA_SUP_STAKEYSTARTP:
3157 case WPA_SUP_STAKEYSTARTG:
3158 dbg(nas, "WPA_SUP_STAKEYSTARTP/G: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3159 /* ensure the timer was cleared */
3160 wpa_stop_retx(sta);
3161 if (eapol_sup_process_key(wpa, eapol, sta) == EAPOL_SUP_PK_ERROR)
3162 return 1;
3163 break;
3164 case WPA_SUP_KEYUPDATE:
3165 dbg(nas, "WPA_SUP_KEYUPDATE: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3166 /*
3167 SNonce = Counter++
3168 Remove PTK
3169 Remove GTK(0..N)
3170 Send EAPOL()
3171 IntegrityFailed = False
3172 Updatekeys = False
3173 */
3174 break;
3175 default:
3176 dbg(nas, "error: WPA state not recognized %d for sta %s",
3177 sta->suppl.state, ether_etoa((uchar *)&sta->ea, eabuf));
3178 return 1;
3179 }
3180 dbg(nas, "done");
3181 return 0;
3182 }
3183 #endif /* BCMSUPPL */
3184
3185 /* Process a WPA-EAPOL-Key packet */
3186 int
3187 process_wpa(wpa_t *wpa, eapol_header_t *eapol, nas_sta_t *sta)
3188 {
3189 int ret = 0;
3190 nas_t *nas = wpa->nas;
3191 #ifdef BCMDBG
3192 char eabuf[ETHER_ADDR_STR_LEN];
3193 #endif
3194 eapol_wpa_key_header_t *wpa_key = (eapol_wpa_key_header_t *)eapol->body;
3195 uint16 key_info = ntohs(wpa_key->key_info);
3196
3197 dbg(nas, "start for %s", ether_etoa((uchar *)&sta->ea, eabuf));
3198 dbg(nas, "state %s key info %04x", sta_state_name(sta->suppl.state), key_info);
3199
3200 /*
3201 * Supplicant requested a 4-way handshake. May or may not honor
3202 * the request depending on our own state.
3203 */
3204 if ((nas->flags & NAS_FLAG_WDS) &&
3205 (key_info & WPA_KEY_REQ) && (key_info & WPA_KEY_PAIRWISE)) {
3206 if (sta->suppl.state == WPA_AUTHENTICATION2 ||
3207 sta->suppl.state == WPA_PTKINITNEGOTIATING ||
3208 sta->suppl.state == WPA_SETKEYSDONE ||
3209 sta->suppl.state == WPA_DISCONNECT) {
3210 /*
3211 * Start handshake if when there is no initiator in progress.
3212 */
3213 if (!sta->wds_td) {
3214 wpa_start(wpa, sta);
3215 }
3216 }
3217 return 0;
3218 }
3219
3220 /* If STA wants TKIP and we're in countermeasures, toss
3221 * it. Driver will block these, but there's a race early
3222 * in the period making this check is necessary.
3223 */
3224 if (nas->MIC_countermeasures && WSEC_TKIP_ENABLED(sta->wsec)) {
3225 cleanup_sta(nas, sta, DOT11_RC_MIC_FAILURE, 0);
3226 return 0;
3227 }
3228
3229 /* New WPA state */
3230 switch (sta->suppl.state) {
3231 case WPA_SETKEYSDONE:
3232 /* A supplicant in this state is probably here
3233 * asking to be rekeyed.
3234 */
3235 dbg(nas, "SETKEYSDONE: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3236 wpa_setkeysdone(wpa, sta, eapol);
3237 if (sta->suppl.state != WPA_PTKSTART)
3238 return 0;
3239 /* fall through */
3240 case WPA_AUTHENTICATION2:
3241 dbg(nas, "AUTHENTICATION2: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3242 if (wpa_verifystart(wpa, sta, eapol)) {
3243 return 1;
3244 }
3245 else if (!sta || ((sta->mode & WPA) &&
3246 (sta->suppl.retry_state != WPA_PTKSTART)))
3247 /* WPA-mode will be back if RADIUS auth works. */
3248 return 0;
3249 /* fall through */
3250
3251 case WPA_PTKSTART:
3252 dbg(nas, "PTKSTART: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3253 ret = wpa_ptkstart(wpa, sta, eapol);
3254 break;
3255
3256 case WPA_PTKINITNEGOTIATING:
3257 dbg(nas, "PTKINITNEGOTIATING: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3258 ret = wpa_ptkinitnegotiating(wpa, sta, eapol);
3259 break;
3260
3261 case WPA_PTKINITDONE:
3262 dbg(nas, "PTKINITDONE: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3263 ret = wpa_ptkinitdone(wpa, sta, eapol);
3264 break;
3265
3266 case WPA_REKEYNEGOTIATING:
3267 dbg(nas, "WPA_REKEYNEGOTIATING: %s", ether_etoa((uchar *)&sta->ea, eabuf));
3268 wpa_rekeyneg(wpa, sta, eapol);
3269 break;
3270
3271 default:
3272 dbg(nas, "error: WPA state not recognized");
3273 break;
3274 }
3275 dbg(nas, "done");
3276 return ret;
3277 }
3278
3279
3280 /* generate the initial global_key_counter */
3281 void
3282 initialize_global_key_counter(wpa_t *wpa)
3283 {
3284 unsigned char buff[32], prf_buff[PRF_RESULT_LEN];
3285 unsigned char prefix[] = "Init Counter";
3286
3287 nas_rand128(&buff[0]);
3288 nas_rand128(&buff[16]);
3289 /* Still not exactly right, but better. */
3290 fPRF(buff, sizeof(buff), prefix, strlen((char *)prefix),
3291 (unsigned char *) &wpa->nas->ea, ETHER_ADDR_LEN,
3292 prf_buff, KEY_COUNTER_LEN);
3293 memcpy(wpa->global_key_counter, prf_buff, KEY_COUNTER_LEN);
3294 memcpy(wpa->initial_gkc, wpa->global_key_counter, KEY_COUNTER_LEN);
3295 }
3296
3297 #ifdef MFP2
3298 /* generate the initial global_key_counter */
3299 static void
3300 wpa_initialize_ipn(wpa_t *wpa)
3301 {
3302 unsigned char buff[32], prf_buff[PRF_RESULT_LEN];
3303 unsigned char prefix[] = "Init Counter";
3304
3305 printf("%s: enter\n", __FUNCTION__);
3306 nas_rand128(&buff[0]);
3307 nas_rand128(&buff[16]);
3308 /* Still not exactly right, but better. */
3309 fPRF(buff, sizeof(buff), prefix, strlen((char *)prefix),
3310 (unsigned char *) &wpa->nas->ea, ETHER_ADDR_LEN,
3311 prf_buff, KEY_COUNTER_LEN);
3312 memcpy(&wpa->igtk.ipn_lo, prf_buff, sizeof(uint32));
3313 memcpy(&wpa->igtk.ipn_hi, prf_buff+sizeof(uint32), sizeof(uint16));
3314 printf("%s: done\n", __FUNCTION__);
3315 }
3316
3317 static void
3318 wpa_gen_igtk(wpa_t *wpa)
3319 {
3320 unsigned char data[256], prf_buff[PRF_RESULT_LEN];
3321 unsigned char prefix[] = "Group key expansion";
3322 int data_len = 0;
3323
3324 printf("%s: enter\n", __FUNCTION__);
3325 wpa->igtk.len = AES_TK_LEN;
3326
3327 /* create the the data portion */
3328 bcopy((char*)&wpa->nas->ea, (char*)&data[data_len], ETHER_ADDR_LEN);
3329 data_len += ETHER_ADDR_LEN;
3330 *(uint32 *)&data[data_len] = wpa->igtk.ipn_lo;
3331 *(uint16 *)&data[data_len+sizeof(uint32)] = wpa->igtk.ipn_hi;
3332 data_len += 6;
3333 wpa->igtk.ipn_lo++;
3334 if (wpa->igtk.ipn_lo == 0)
3335 wpa->igtk.ipn_hi++;
3336
3337 /* generate the GTK */
3338 fPRF(wpa->gmk, sizeof(wpa->gmk), prefix, strlen((char *)prefix),
3339 data, data_len, prf_buff, AES_TK_LEN);
3340 memcpy(wpa->igtk.key, prf_buff, AES_TK_LEN);
3341 printf("WPA plugin IGTK, ID %d len %d ", wpa->igtk.id, wpa->igtk.len);
3342 nas_set_key(wpa->nas, &wpa->nas->ea, wpa->igtk.key, wpa->igtk.len, wpa->igtk.id, 0,
3343 wpa->igtk.ipn_lo, wpa->igtk.ipn_hi);
3344 }
3345 #endif /* MFP */
3346
3347 static void
3348 wpa_incr_gkc(wpa_t *wpa)
3349 {
3350 wpa_incr_array(wpa->global_key_counter, KEY_COUNTER_LEN);
3351
3352 /* if key counter is now equal to the original one, reset it */
3353 if (!bcmp(wpa->global_key_counter, wpa->initial_gkc, KEY_COUNTER_LEN))
3354 initialize_global_key_counter(wpa);
3355 }
3356
3357 void
3358 initialize_gmk(wpa_t *wpa)
3359 {
3360 unsigned char *gmk = (unsigned char *)wpa->gmk;
3361
3362 nas_rand128(&gmk[0]);
3363 nas_rand128(&gmk[16]);
3364 }
3365
3366 #ifdef BCMSUPPL
3367 /* build and send EAPOL key request message */
3368 static void
3369 request_pkinit(bcm_timer_id timer, int data)
3370 {
3371 nas_sta_t *sta = (nas_sta_t *)data;
3372 nas_t *nas = sta->nas;
3373 wpa_t *wpa = nas->wpa;
3374
3375 /* If there was a stale timer descriptor, get rid of it. */
3376 wpa_stop_retx(sta);
3377
3378 /*
3379 * build expected authenticator wpaie so that we can compare
3380 * what's carried in message #3 of the 4-way handshake.
3381 * No WEP supported when doing WPA over WDS.
3382 */
3383 sta->suppl.assoc_wpaie_len = sizeof(sta->suppl.assoc_wpaie);
3384 wpa_build_ie(wpa, nas->wsec, CRYPTO_ALGO_OFF, nas->mode,
3385 sta->suppl.assoc_wpaie, &sta->suppl.assoc_wpaie_len);
3386
3387 /* we should have no key installed in the MAC by now */
3388 sta->suppl.retry_state = sta->suppl.state;
3389 sta->suppl.state = WPA_SUP_INITIALIZE;
3390
3391 /* WPA mode needs RADIUS server acceptance before beginning
3392 * the 4-way handshake.
3393 */
3394 if (nas->mode & WPA)
3395 return;
3396
3397 /* send the key request pkt to start the 4 way exchange */
3398 sta->retries = 0;
3399 if (wpa_send_eapol(wpa, sta) == FALSE)
3400 return;
3401
3402 /* move to next state */
3403 sta->suppl.retry_state = sta->suppl.state;
3404 sta->suppl.state = WPA_SUP_AUTHENTICATION;
3405
3406 /* set a timeout for retransmission */
3407 if (wpa_set_itimer(nas->timer, &sta->td, (bcm_timer_cb)wpa_retransmission,
3408 (int)sta, sta->wpa_msg_timeout_s, sta->wpa_msg_timeout_ms) != ITIMER_OK)
3409 dbg(nas, "Setting WPA_SUP_AUTHENTICATION interval timer failed");
3410 }
3411
3412 /* send EAPOL key request message */
3413 void
3414 wpa_request(wpa_t *wpa, nas_sta_t *sta)
3415 {
3416 struct itimerspec its;
3417 itimer_status_t ret = ITIMER_OK;
3418 nas_t *nas = wpa->nas;
3419
3420 /* remove previous timer if any */
3421 if (sta->wds_td)
3422 TIMER_DELETE(sta->wds_td);
3423
3424 /*
3425 * start the reqeust right away only when the
3426 * supplicant is not in key exchange process.
3427 */
3428 sta->wpa_msg_timeout_s = RETRY_SECS;
3429 sta->wpa_msg_timeout_ms = RETRY_MSECS;
3430
3431 if (sta->suppl.pk_state == EAPOL_SUP_PK_UNKNOWN ||
3432 sta->suppl.pk_state == EAPOL_SUP_PK_DONE) {
3433 /* kick off the negotiation */
3434 request_pkinit(0, (int)sta);
3435 }
3436 /* delay the next request(s) */
3437 else {
3438 dbg(nas, "delay request, handshake in progress");
3439 wpa_stop_retx(sta);
3440 }
3441
3442 /* set up retry timer */
3443 its.it_interval.tv_sec = wpa->wds_to ? : 60;
3444 its.it_interval.tv_nsec = 0 * NSECS_PER_MSEC;
3445 its.it_value.tv_sec = wpa->wds_to ? : 60;
3446 its.it_value.tv_nsec = 0 * NSECS_PER_MSEC;
3447
3448 if (bcm_timer_create(nas->timer, &sta->wds_td))
3449 ret = ITIMER_CREATE_ERROR;
3450 else if (bcm_timer_connect(sta->wds_td, request_pkinit, (int)sta))
3451 ret = ITIMER_CONNECT_ERROR;
3452 else if (bcm_timer_settime(sta->wds_td, &its))
3453 ret = ITIMER_SET_ERROR;
3454 if (ret)
3455 dbg(nas, "failed to set up pairwise key requestor timer");
3456 }
3457 #endif /* BCMSUPPL */
3458
3459 /* pretend to have received a assoc message from the driver. */
3460 static void
3461 start_pkinit(bcm_timer_id timer, int data)
3462 {
3463
3464
3465 char msg[sizeof(bcm_event_t) + 128 + 2];
3466 bcm_event_t *assoc = (bcm_event_t *)msg;
3467
3468 wl_event_msg_t *event = &(assoc->event);
3469 uint8 *databuf = (uint8 *)(event + 1);
3470
3471 nas_sta_t *sta = (nas_sta_t *)data;
3472 nas_t *nas = sta->nas;
3473 wpa_t *wpa = nas->wpa;
3474 uint16 len = sizeof(msg); /* - sizeof(bcm_event_t); */
3475
3476 /* wpa message header */
3477 bcopy(nas->ea.octet, assoc->eth.ether_dhost, ETHER_ADDR_LEN);
3478 bcopy(sta->ea.octet, assoc->eth.ether_shost, ETHER_ADDR_LEN);
3479 assoc->eth.ether_type = htons(ETHER_TYPE_BRCM);
3480
3481 /* assoc->version = BCM_MSG_VERSION; */
3482 event->event_type = hton32(WLC_E_ASSOC_IND);
3483
3484 strncpy(event->ifname, nas->interface, sizeof(event->ifname));
3485 /* append wpa ie */
3486 if (wpa_build_ie(wpa, sta->wsec, sta->algo,
3487 sta->mode, databuf, &len)) {
3488 dbg(nas, "wpa_build_ie failed");
3489 return;
3490 }
3491
3492 if (len > 128) {
3493 dbg(nas, "wpa_build_ie failed: length greater than 128 bytes");
3494 return;
3495 }
3496
3497 event->datalen = hton32(len);
3498 event->version = hton16(BCM_EVENT_MSG_VERSION);
3499 event->status = 0; /* TODO: Is value OK ??? */
3500 event->reason = 0; /* TODO: Is value OK ??? */
3501 event->auth_type = 0; /* TODO: Is value OK ??? */
3502 event->flags = 0; /* TODO: Is value OK ??? */
3503 bcopy(sta->ea.octet, event->addr.octet, ETHER_ADDR_LEN);
3504
3505 /* BCM Vendor specifc header... */
3506 assoc->bcm_hdr.subtype = htons(BCMILCP_SUBTYPE_VENDOR_LONG);
3507 assoc->bcm_hdr.version = BCMILCP_BCM_SUBTYPEHDR_VERSION;
3508 bcopy(BRCM_OUI, &assoc->bcm_hdr.oui[0], DOT11_OUI_LEN);
3509 /* vendor spec header length + pvt data length (private indication hdr + actual message
3510 * itself)
3511 */
3512 assoc->bcm_hdr.length = htons(BCMILCP_BCM_SUBTYPEHDR_MINLENGTH + BCM_MSG_LEN + len);
3513 assoc->bcm_hdr.usr_subtype = htons(BCMILCP_BCM_SUBTYPE_EVENT);
3514
3515 /* Last 2 bytes of the message should be 0x00 0x00 to signal that there are no ethertypes
3516 * which are following this
3517 */
3518 msg[sizeof(bcm_event_t) + len ] = 0x00;
3519 msg[sizeof(bcm_event_t) + len + 1 ] = 0x00;
3520
3521 dbg(nas, "start_pkinit: sending fake msg to driver_message_dispatch");
3522 driver_message_dispatch(nas, assoc);
3523
3524 }
3525
3526 void
3527 wpa_start(wpa_t *wpa, nas_sta_t *sta)
3528 {
3529 struct itimerspec its;
3530 itimer_status_t ret = ITIMER_OK;
3531 nas_t *nas = wpa->nas;
3532
3533 /* remove previous timer if any */
3534 if (sta->wds_td)
3535 TIMER_DELETE(sta->wds_td);
3536
3537 /* kick off the negotiation */
3538 start_pkinit(0, (int)sta);
3539
3540 /* set up retry timer */
3541 its.it_interval.tv_sec = wpa->wds_to ? : 60;
3542 its.it_interval.tv_nsec = 0 * NSECS_PER_MSEC;
3543 its.it_value.tv_sec = wpa->wds_to ? : 60;
3544 its.it_value.tv_nsec = 0 * NSECS_PER_MSEC;
3545
3546 if (bcm_timer_create(nas->timer, &sta->wds_td))
3547 ret = ITIMER_CREATE_ERROR;
3548 else if (bcm_timer_connect(sta->wds_td, start_pkinit, (int)sta))
3549 ret = ITIMER_CONNECT_ERROR;
3550 else if (bcm_timer_settime(sta->wds_td, &its))
3551 ret = ITIMER_SET_ERROR;
3552 if (ret)
3553 dbg(nas, "failed to set up pairwise key initiator timer");
3554 }
Tomato firmware and modifications.