2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
18 #include "utils/eloop.h"
19 #include "utils/state_machine.h"
20 #include "common/ieee802_11_defs.h"
21 #include "crypto/aes_wrap.h"
22 #include "crypto/crypto.h"
23 #include "crypto/sha1.h"
24 #include "crypto/sha256.h"
25 #include "eapol_auth/eapol_auth_sm.h"
26 #include "ap_config.h"
27 #include "ieee802_11.h"
29 #include "pmksa_cache_auth.h"
30 #include "wpa_auth_i.h"
31 #include "wpa_auth_ie.h"
33 #define STATE_MACHINE_DATA struct wpa_state_machine
34 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
35 #define STATE_MACHINE_ADDR sm->addr
38 static void wpa_send_eapol_timeout(void *eloop_ctx
, void *timeout_ctx
);
39 static int wpa_sm_step(struct wpa_state_machine
*sm
);
40 static int wpa_verify_key_mic(struct wpa_ptk
*PTK
, u8
*data
, size_t data_len
);
41 static void wpa_sm_call_step(void *eloop_ctx
, void *timeout_ctx
);
42 static void wpa_group_sm_step(struct wpa_authenticator
*wpa_auth
,
43 struct wpa_group
*group
);
44 static void wpa_request_new_ptk(struct wpa_state_machine
*sm
);
45 static int wpa_gtk_update(struct wpa_authenticator
*wpa_auth
,
46 struct wpa_group
*group
);
48 static const u32 dot11RSNAConfigGroupUpdateCount
= 4;
49 static const u32 dot11RSNAConfigPairwiseUpdateCount
= 4;
50 static const u32 eapol_key_timeout_first
= 100; /* ms */
51 static const u32 eapol_key_timeout_subseq
= 1000; /* ms */
53 /* TODO: make these configurable */
54 static const int dot11RSNAConfigPMKLifetime
= 43200;
55 static const int dot11RSNAConfigPMKReauthThreshold
= 70;
56 static const int dot11RSNAConfigSATimeout
= 60;
59 static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator
*wpa_auth
, const u8
*addr
)
62 if (wpa_auth
->cb
.mic_failure_report
)
63 wpa_auth
->cb
.mic_failure_report(wpa_auth
->cb
.ctx
, addr
);
67 static inline void wpa_auth_set_eapol(struct wpa_authenticator
*wpa_auth
,
68 const u8
*addr
, wpa_eapol_variable var
,
71 if (wpa_auth
->cb
.set_eapol
)
72 wpa_auth
->cb
.set_eapol(wpa_auth
->cb
.ctx
, addr
, var
, value
);
76 static inline int wpa_auth_get_eapol(struct wpa_authenticator
*wpa_auth
,
77 const u8
*addr
, wpa_eapol_variable var
)
79 if (wpa_auth
->cb
.get_eapol
== NULL
)
81 return wpa_auth
->cb
.get_eapol(wpa_auth
->cb
.ctx
, addr
, var
);
85 static inline const u8
* wpa_auth_get_psk(struct wpa_authenticator
*wpa_auth
,
86 const u8
*addr
, const u8
*prev_psk
)
88 if (wpa_auth
->cb
.get_psk
== NULL
)
90 return wpa_auth
->cb
.get_psk(wpa_auth
->cb
.ctx
, addr
, prev_psk
);
94 static inline int wpa_auth_get_msk(struct wpa_authenticator
*wpa_auth
,
95 const u8
*addr
, u8
*msk
, size_t *len
)
97 if (wpa_auth
->cb
.get_msk
== NULL
)
99 return wpa_auth
->cb
.get_msk(wpa_auth
->cb
.ctx
, addr
, msk
, len
);
103 static inline int wpa_auth_set_key(struct wpa_authenticator
*wpa_auth
,
105 enum wpa_alg alg
, const u8
*addr
, int idx
,
106 u8
*key
, size_t key_len
)
108 if (wpa_auth
->cb
.set_key
== NULL
)
110 return wpa_auth
->cb
.set_key(wpa_auth
->cb
.ctx
, vlan_id
, alg
, addr
, idx
,
115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator
*wpa_auth
,
116 const u8
*addr
, int idx
, u8
*seq
)
118 if (wpa_auth
->cb
.get_seqnum
== NULL
)
120 return wpa_auth
->cb
.get_seqnum(wpa_auth
->cb
.ctx
, addr
, idx
, seq
);
125 wpa_auth_send_eapol(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
126 const u8
*data
, size_t data_len
, int encrypt
)
128 if (wpa_auth
->cb
.send_eapol
== NULL
)
130 return wpa_auth
->cb
.send_eapol(wpa_auth
->cb
.ctx
, addr
, data
, data_len
,
135 int wpa_auth_for_each_sta(struct wpa_authenticator
*wpa_auth
,
136 int (*cb
)(struct wpa_state_machine
*sm
, void *ctx
),
139 if (wpa_auth
->cb
.for_each_sta
== NULL
)
141 return wpa_auth
->cb
.for_each_sta(wpa_auth
->cb
.ctx
, cb
, cb_ctx
);
145 int wpa_auth_for_each_auth(struct wpa_authenticator
*wpa_auth
,
146 int (*cb
)(struct wpa_authenticator
*a
, void *ctx
),
149 if (wpa_auth
->cb
.for_each_auth
== NULL
)
151 return wpa_auth
->cb
.for_each_auth(wpa_auth
->cb
.ctx
, cb
, cb_ctx
);
155 void wpa_auth_logger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
156 logger_level level
, const char *txt
)
158 if (wpa_auth
->cb
.logger
== NULL
)
160 wpa_auth
->cb
.logger(wpa_auth
->cb
.ctx
, addr
, level
, txt
);
164 void wpa_auth_vlogger(struct wpa_authenticator
*wpa_auth
, const u8
*addr
,
165 logger_level level
, const char *fmt
, ...)
171 if (wpa_auth
->cb
.logger
== NULL
)
174 maxlen
= os_strlen(fmt
) + 100;
175 format
= os_malloc(maxlen
);
180 vsnprintf(format
, maxlen
, fmt
, ap
);
183 wpa_auth_logger(wpa_auth
, addr
, level
, format
);
189 static void wpa_sta_disconnect(struct wpa_authenticator
*wpa_auth
,
192 if (wpa_auth
->cb
.disconnect
== NULL
)
194 wpa_auth
->cb
.disconnect(wpa_auth
->cb
.ctx
, addr
,
195 WLAN_REASON_PREV_AUTH_NOT_VALID
);
199 static int wpa_use_aes_cmac(struct wpa_state_machine
*sm
)
202 #ifdef CONFIG_IEEE80211R
203 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
))
205 #endif /* CONFIG_IEEE80211R */
206 #ifdef CONFIG_IEEE80211W
207 if (wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
))
209 #endif /* CONFIG_IEEE80211W */
214 static void wpa_rekey_gmk(void *eloop_ctx
, void *timeout_ctx
)
216 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
218 if (os_get_random(wpa_auth
->group
->GMK
, WPA_GMK_LEN
)) {
219 wpa_printf(MSG_ERROR
, "Failed to get random data for WPA "
222 wpa_auth_logger(wpa_auth
, NULL
, LOGGER_DEBUG
, "GMK rekeyd");
225 if (wpa_auth
->conf
.wpa_gmk_rekey
) {
226 eloop_register_timeout(wpa_auth
->conf
.wpa_gmk_rekey
, 0,
227 wpa_rekey_gmk
, wpa_auth
, NULL
);
232 static void wpa_rekey_gtk(void *eloop_ctx
, void *timeout_ctx
)
234 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
235 struct wpa_group
*group
;
237 wpa_auth_logger(wpa_auth
, NULL
, LOGGER_DEBUG
, "rekeying GTK");
238 for (group
= wpa_auth
->group
; group
; group
= group
->next
) {
239 group
->GTKReKey
= TRUE
;
241 group
->changed
= FALSE
;
242 wpa_group_sm_step(wpa_auth
, group
);
243 } while (group
->changed
);
246 if (wpa_auth
->conf
.wpa_group_rekey
) {
247 eloop_register_timeout(wpa_auth
->conf
.wpa_group_rekey
,
248 0, wpa_rekey_gtk
, wpa_auth
, NULL
);
253 static void wpa_rekey_ptk(void *eloop_ctx
, void *timeout_ctx
)
255 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
256 struct wpa_state_machine
*sm
= timeout_ctx
;
258 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
, "rekeying PTK");
259 wpa_request_new_ptk(sm
);
264 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine
*sm
, void *ctx
)
266 if (sm
->pmksa
== ctx
)
272 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry
*entry
,
275 struct wpa_authenticator
*wpa_auth
= ctx
;
276 wpa_auth_for_each_sta(wpa_auth
, wpa_auth_pmksa_clear_cb
, entry
);
280 static void wpa_group_set_key_len(struct wpa_group
*group
, int cipher
)
283 case WPA_CIPHER_CCMP
:
286 case WPA_CIPHER_TKIP
:
289 case WPA_CIPHER_WEP104
:
292 case WPA_CIPHER_WEP40
:
299 static struct wpa_group
* wpa_group_init(struct wpa_authenticator
*wpa_auth
,
302 struct wpa_group
*group
;
303 u8 buf
[ETH_ALEN
+ 8 + sizeof(group
)];
306 group
= os_zalloc(sizeof(struct wpa_group
));
310 group
->GTKAuthenticator
= TRUE
;
311 group
->vlan_id
= vlan_id
;
313 wpa_group_set_key_len(group
, wpa_auth
->conf
.wpa_group
);
315 /* Counter = PRF-256(Random number, "Init Counter",
316 * Local MAC Address || Time)
318 os_memcpy(buf
, wpa_auth
->addr
, ETH_ALEN
);
319 wpa_get_ntp_timestamp(buf
+ ETH_ALEN
);
320 os_memcpy(buf
+ ETH_ALEN
+ 8, &group
, sizeof(group
));
321 if (os_get_random(rkey
, sizeof(rkey
)) ||
322 os_get_random(group
->GMK
, WPA_GMK_LEN
)) {
323 wpa_printf(MSG_ERROR
, "Failed to get random data for WPA "
329 sha1_prf(rkey
, sizeof(rkey
), "Init Counter", buf
, sizeof(buf
),
330 group
->Counter
, WPA_NONCE_LEN
);
333 wpa_group_sm_step(wpa_auth
, group
);
334 group
->GInit
= FALSE
;
335 wpa_group_sm_step(wpa_auth
, group
);
342 * wpa_init - Initialize WPA authenticator
343 * @addr: Authenticator address
344 * @conf: Configuration for WPA authenticator
345 * @cb: Callback functions for WPA authenticator
346 * Returns: Pointer to WPA authenticator data or %NULL on failure
348 struct wpa_authenticator
* wpa_init(const u8
*addr
,
349 struct wpa_auth_config
*conf
,
350 struct wpa_auth_callbacks
*cb
)
352 struct wpa_authenticator
*wpa_auth
;
354 wpa_auth
= os_zalloc(sizeof(struct wpa_authenticator
));
355 if (wpa_auth
== NULL
)
357 os_memcpy(wpa_auth
->addr
, addr
, ETH_ALEN
);
358 os_memcpy(&wpa_auth
->conf
, conf
, sizeof(*conf
));
359 os_memcpy(&wpa_auth
->cb
, cb
, sizeof(*cb
));
361 if (wpa_auth_gen_wpa_ie(wpa_auth
)) {
362 wpa_printf(MSG_ERROR
, "Could not generate WPA IE.");
367 wpa_auth
->group
= wpa_group_init(wpa_auth
, 0);
368 if (wpa_auth
->group
== NULL
) {
369 os_free(wpa_auth
->wpa_ie
);
374 wpa_auth
->pmksa
= pmksa_cache_auth_init(wpa_auth_pmksa_free_cb
,
376 if (wpa_auth
->pmksa
== NULL
) {
377 wpa_printf(MSG_ERROR
, "PMKSA cache initialization failed.");
378 os_free(wpa_auth
->wpa_ie
);
383 #ifdef CONFIG_IEEE80211R
384 wpa_auth
->ft_pmk_cache
= wpa_ft_pmk_cache_init();
385 if (wpa_auth
->ft_pmk_cache
== NULL
) {
386 wpa_printf(MSG_ERROR
, "FT PMK cache initialization failed.");
387 os_free(wpa_auth
->wpa_ie
);
388 pmksa_cache_auth_deinit(wpa_auth
->pmksa
);
392 #endif /* CONFIG_IEEE80211R */
394 if (wpa_auth
->conf
.wpa_gmk_rekey
) {
395 eloop_register_timeout(wpa_auth
->conf
.wpa_gmk_rekey
, 0,
396 wpa_rekey_gmk
, wpa_auth
, NULL
);
399 if (wpa_auth
->conf
.wpa_group_rekey
) {
400 eloop_register_timeout(wpa_auth
->conf
.wpa_group_rekey
, 0,
401 wpa_rekey_gtk
, wpa_auth
, NULL
);
409 * wpa_deinit - Deinitialize WPA authenticator
410 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
412 void wpa_deinit(struct wpa_authenticator
*wpa_auth
)
414 struct wpa_group
*group
, *prev
;
416 eloop_cancel_timeout(wpa_rekey_gmk
, wpa_auth
, NULL
);
417 eloop_cancel_timeout(wpa_rekey_gtk
, wpa_auth
, NULL
);
419 #ifdef CONFIG_PEERKEY
420 while (wpa_auth
->stsl_negotiations
)
421 wpa_stsl_remove(wpa_auth
, wpa_auth
->stsl_negotiations
);
422 #endif /* CONFIG_PEERKEY */
424 pmksa_cache_auth_deinit(wpa_auth
->pmksa
);
426 #ifdef CONFIG_IEEE80211R
427 wpa_ft_pmk_cache_deinit(wpa_auth
->ft_pmk_cache
);
428 wpa_auth
->ft_pmk_cache
= NULL
;
429 #endif /* CONFIG_IEEE80211R */
431 os_free(wpa_auth
->wpa_ie
);
433 group
= wpa_auth
->group
;
445 * wpa_reconfig - Update WPA authenticator configuration
446 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
447 * @conf: Configuration for WPA authenticator
449 int wpa_reconfig(struct wpa_authenticator
*wpa_auth
,
450 struct wpa_auth_config
*conf
)
452 struct wpa_group
*group
;
453 if (wpa_auth
== NULL
)
456 os_memcpy(&wpa_auth
->conf
, conf
, sizeof(*conf
));
457 if (wpa_auth_gen_wpa_ie(wpa_auth
)) {
458 wpa_printf(MSG_ERROR
, "Could not generate WPA IE.");
463 * Reinitialize GTK to make sure it is suitable for the new
466 group
= wpa_auth
->group
;
467 wpa_group_set_key_len(group
, wpa_auth
->conf
.wpa_group
);
469 wpa_group_sm_step(wpa_auth
, group
);
470 group
->GInit
= FALSE
;
471 wpa_group_sm_step(wpa_auth
, group
);
477 struct wpa_state_machine
*
478 wpa_auth_sta_init(struct wpa_authenticator
*wpa_auth
, const u8
*addr
)
480 struct wpa_state_machine
*sm
;
482 sm
= os_zalloc(sizeof(struct wpa_state_machine
));
485 os_memcpy(sm
->addr
, addr
, ETH_ALEN
);
487 sm
->wpa_auth
= wpa_auth
;
488 sm
->group
= wpa_auth
->group
;
494 int wpa_auth_sta_associated(struct wpa_authenticator
*wpa_auth
,
495 struct wpa_state_machine
*sm
)
497 if (wpa_auth
== NULL
|| !wpa_auth
->conf
.wpa
|| sm
== NULL
)
500 #ifdef CONFIG_IEEE80211R
501 if (sm
->ft_completed
) {
502 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
503 "FT authentication already completed - do not "
504 "start 4-way handshake");
507 #endif /* CONFIG_IEEE80211R */
510 os_memset(&sm
->key_replay
, 0, sizeof(sm
->key_replay
));
511 sm
->ReAuthenticationRequest
= TRUE
;
512 return wpa_sm_step(sm
);
515 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
516 "start authentication");
520 if (wpa_sm_step(sm
) == 1)
521 return 1; /* should not really happen */
523 sm
->AuthenticationRequest
= TRUE
;
524 return wpa_sm_step(sm
);
528 void wpa_auth_sta_no_wpa(struct wpa_state_machine
*sm
)
530 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
531 * reassociates back to the same AP while the previous entry for the
532 * STA has not yet been removed. */
536 sm
->wpa_key_mgmt
= 0;
540 static void wpa_free_sta_sm(struct wpa_state_machine
*sm
)
542 #ifdef CONFIG_IEEE80211R
543 os_free(sm
->assoc_resp_ftie
);
544 #endif /* CONFIG_IEEE80211R */
545 os_free(sm
->last_rx_eapol_key
);
551 void wpa_auth_sta_deinit(struct wpa_state_machine
*sm
)
556 if (sm
->wpa_auth
->conf
.wpa_strict_rekey
&& sm
->has_GTK
) {
557 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
558 "strict rekeying - force GTK rekey since STA "
560 eloop_cancel_timeout(wpa_rekey_gtk
, sm
->wpa_auth
, NULL
);
561 eloop_register_timeout(0, 500000, wpa_rekey_gtk
, sm
->wpa_auth
,
565 eloop_cancel_timeout(wpa_send_eapol_timeout
, sm
->wpa_auth
, sm
);
566 eloop_cancel_timeout(wpa_sm_call_step
, sm
, NULL
);
567 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
568 if (sm
->in_step_loop
) {
569 /* Must not free state machine while wpa_sm_step() is running.
570 * Freeing will be completed in the end of wpa_sm_step(). */
571 wpa_printf(MSG_DEBUG
, "WPA: Registering pending STA state "
572 "machine deinit for " MACSTR
, MAC2STR(sm
->addr
));
573 sm
->pending_deinit
= 1;
579 static void wpa_request_new_ptk(struct wpa_state_machine
*sm
)
584 sm
->PTKRequest
= TRUE
;
589 static int wpa_replay_counter_valid(struct wpa_state_machine
*sm
,
590 const u8
*replay_counter
)
593 for (i
= 0; i
< RSNA_MAX_EAPOL_RETRIES
; i
++) {
594 if (!sm
->key_replay
[i
].valid
)
596 if (os_memcmp(replay_counter
, sm
->key_replay
[i
].counter
,
597 WPA_REPLAY_COUNTER_LEN
) == 0)
604 #ifdef CONFIG_IEEE80211R
605 static int ft_check_msg_2_of_4(struct wpa_authenticator
*wpa_auth
,
606 struct wpa_state_machine
*sm
,
607 struct wpa_eapol_ie_parse
*kde
)
609 struct wpa_ie_data ie
;
610 struct rsn_mdie
*mdie
;
612 if (wpa_parse_wpa_ie_rsn(kde
->rsn_ie
, kde
->rsn_ie_len
, &ie
) < 0 ||
613 ie
.num_pmkid
!= 1 || ie
.pmkid
== NULL
) {
614 wpa_printf(MSG_DEBUG
, "FT: No PMKR1Name in "
615 "FT 4-way handshake message 2/4");
619 os_memcpy(sm
->sup_pmk_r1_name
, ie
.pmkid
, PMKID_LEN
);
620 wpa_hexdump(MSG_DEBUG
, "FT: PMKR1Name from Supplicant",
621 sm
->sup_pmk_r1_name
, PMKID_LEN
);
623 if (!kde
->mdie
|| !kde
->ftie
) {
624 wpa_printf(MSG_DEBUG
, "FT: No %s in FT 4-way handshake "
625 "message 2/4", kde
->mdie
? "FTIE" : "MDIE");
629 mdie
= (struct rsn_mdie
*) (kde
->mdie
+ 2);
630 if (kde
->mdie
[1] < sizeof(struct rsn_mdie
) ||
631 os_memcmp(wpa_auth
->conf
.mobility_domain
, mdie
->mobility_domain
,
632 MOBILITY_DOMAIN_ID_LEN
) != 0) {
633 wpa_printf(MSG_DEBUG
, "FT: MDIE mismatch");
637 if (sm
->assoc_resp_ftie
&&
638 (kde
->ftie
[1] != sm
->assoc_resp_ftie
[1] ||
639 os_memcmp(kde
->ftie
, sm
->assoc_resp_ftie
,
640 2 + sm
->assoc_resp_ftie
[1]) != 0)) {
641 wpa_printf(MSG_DEBUG
, "FT: FTIE mismatch");
642 wpa_hexdump(MSG_DEBUG
, "FT: FTIE in EAPOL-Key msg 2/4",
643 kde
->ftie
, kde
->ftie_len
);
644 wpa_hexdump(MSG_DEBUG
, "FT: FTIE in (Re)AssocResp",
645 sm
->assoc_resp_ftie
, 2 + sm
->assoc_resp_ftie
[1]);
651 #endif /* CONFIG_IEEE80211R */
654 void wpa_receive(struct wpa_authenticator
*wpa_auth
,
655 struct wpa_state_machine
*sm
,
656 u8
*data
, size_t data_len
)
658 struct ieee802_1x_hdr
*hdr
;
659 struct wpa_eapol_key
*key
;
660 u16 key_info
, key_data_length
;
661 enum { PAIRWISE_2
, PAIRWISE_4
, GROUP_2
, REQUEST
,
662 SMK_M1
, SMK_M3
, SMK_ERROR
} msg
;
664 struct wpa_eapol_ie_parse kde
;
666 const u8
*eapol_key_ie
;
667 size_t eapol_key_ie_len
;
669 if (wpa_auth
== NULL
|| !wpa_auth
->conf
.wpa
|| sm
== NULL
)
672 if (data_len
< sizeof(*hdr
) + sizeof(*key
))
675 hdr
= (struct ieee802_1x_hdr
*) data
;
676 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
677 key_info
= WPA_GET_BE16(key
->key_info
);
678 key_data_length
= WPA_GET_BE16(key
->key_data_length
);
679 if (key_data_length
> data_len
- sizeof(*hdr
) - sizeof(*key
)) {
680 wpa_printf(MSG_INFO
, "WPA: Invalid EAPOL-Key frame - "
681 "key_data overflow (%d > %lu)",
683 (unsigned long) (data_len
- sizeof(*hdr
) -
688 if (sm
->wpa
== WPA_VERSION_WPA2
) {
689 if (key
->type
!= EAPOL_KEY_TYPE_RSN
) {
690 wpa_printf(MSG_DEBUG
, "Ignore EAPOL-Key with "
691 "unexpected type %d in RSN mode",
696 if (key
->type
!= EAPOL_KEY_TYPE_WPA
) {
697 wpa_printf(MSG_DEBUG
, "Ignore EAPOL-Key with "
698 "unexpected type %d in WPA mode",
704 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
707 if ((key_info
& (WPA_KEY_INFO_SMK_MESSAGE
| WPA_KEY_INFO_REQUEST
)) ==
708 (WPA_KEY_INFO_SMK_MESSAGE
| WPA_KEY_INFO_REQUEST
)) {
709 if (key_info
& WPA_KEY_INFO_ERROR
) {
711 msgtxt
= "SMK Error";
716 } else if (key_info
& WPA_KEY_INFO_SMK_MESSAGE
) {
719 } else if (key_info
& WPA_KEY_INFO_REQUEST
) {
722 } else if (!(key_info
& WPA_KEY_INFO_KEY_TYPE
)) {
724 msgtxt
= "2/2 Group";
725 } else if (key_data_length
== 0) {
727 msgtxt
= "4/4 Pairwise";
730 msgtxt
= "2/4 Pairwise";
733 /* TODO: key_info type validation for PeerKey */
734 if (msg
== REQUEST
|| msg
== PAIRWISE_2
|| msg
== PAIRWISE_4
||
736 u16 ver
= key_info
& WPA_KEY_INFO_TYPE_MASK
;
737 if (sm
->pairwise
== WPA_CIPHER_CCMP
) {
738 if (wpa_use_aes_cmac(sm
) &&
739 ver
!= WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
740 wpa_auth_logger(wpa_auth
, sm
->addr
,
742 "advertised support for "
743 "AES-128-CMAC, but did not "
748 if (!wpa_use_aes_cmac(sm
) &&
749 ver
!= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
) {
750 wpa_auth_logger(wpa_auth
, sm
->addr
,
752 "did not use HMAC-SHA1-AES "
759 if (key_info
& WPA_KEY_INFO_REQUEST
) {
760 if (sm
->req_replay_counter_used
&&
761 os_memcmp(key
->replay_counter
, sm
->req_replay_counter
,
762 WPA_REPLAY_COUNTER_LEN
) <= 0) {
763 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_WARNING
,
764 "received EAPOL-Key request with "
770 if (!(key_info
& WPA_KEY_INFO_REQUEST
) &&
771 !wpa_replay_counter_valid(sm
, key
->replay_counter
)) {
773 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
774 "received EAPOL-Key %s with unexpected "
775 "replay counter", msgtxt
);
776 for (i
= 0; i
< RSNA_MAX_EAPOL_RETRIES
; i
++) {
777 if (!sm
->key_replay
[i
].valid
)
779 wpa_hexdump(MSG_DEBUG
, "pending replay counter",
780 sm
->key_replay
[i
].counter
,
781 WPA_REPLAY_COUNTER_LEN
);
783 wpa_hexdump(MSG_DEBUG
, "received replay counter",
784 key
->replay_counter
, WPA_REPLAY_COUNTER_LEN
);
790 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKSTART
&&
791 sm
->wpa_ptk_state
!= WPA_PTK_PTKCALCNEGOTIATING
) {
792 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
793 "received EAPOL-Key msg 2/4 in "
794 "invalid state (%d) - dropped",
798 if (wpa_parse_kde_ies((u8
*) (key
+ 1), key_data_length
,
800 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
801 "received EAPOL-Key msg 2/4 with "
802 "invalid Key Data contents");
806 eapol_key_ie
= kde
.rsn_ie
;
807 eapol_key_ie_len
= kde
.rsn_ie_len
;
809 eapol_key_ie
= kde
.wpa_ie
;
810 eapol_key_ie_len
= kde
.wpa_ie_len
;
812 ft
= sm
->wpa
== WPA_VERSION_WPA2
&&
813 wpa_key_mgmt_ft(sm
->wpa_key_mgmt
);
814 if (sm
->wpa_ie
== NULL
||
815 wpa_compare_rsn_ie(ft
,
816 sm
->wpa_ie
, sm
->wpa_ie_len
,
817 eapol_key_ie
, eapol_key_ie_len
)) {
818 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
819 "WPA IE from (Re)AssocReq did not "
820 "match with msg 2/4");
822 wpa_hexdump(MSG_DEBUG
, "WPA IE in AssocReq",
823 sm
->wpa_ie
, sm
->wpa_ie_len
);
825 wpa_hexdump(MSG_DEBUG
, "WPA IE in msg 2/4",
826 eapol_key_ie
, eapol_key_ie_len
);
827 /* MLME-DEAUTHENTICATE.request */
828 wpa_sta_disconnect(wpa_auth
, sm
->addr
);
831 #ifdef CONFIG_IEEE80211R
832 if (ft
&& ft_check_msg_2_of_4(wpa_auth
, sm
, &kde
) < 0) {
833 wpa_sta_disconnect(wpa_auth
, sm
->addr
);
836 #endif /* CONFIG_IEEE80211R */
839 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKINITNEGOTIATING
||
841 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
842 "received EAPOL-Key msg 4/4 in "
843 "invalid state (%d) - dropped",
849 if (sm
->wpa_ptk_group_state
!= WPA_PTK_GROUP_REKEYNEGOTIATING
851 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
852 "received EAPOL-Key msg 2/2 in "
853 "invalid state (%d) - dropped",
854 sm
->wpa_ptk_group_state
);
858 #ifdef CONFIG_PEERKEY
862 if (!wpa_auth
->conf
.peerkey
) {
863 wpa_printf(MSG_DEBUG
, "RSN: SMK M1/M3/Error, but "
864 "PeerKey use disabled - ignoring message");
867 if (!sm
->PTK_valid
) {
868 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
869 "received EAPOL-Key msg SMK in "
870 "invalid state - dropped");
874 #else /* CONFIG_PEERKEY */
878 return; /* STSL disabled - ignore SMK messages */
879 #endif /* CONFIG_PEERKEY */
884 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
885 "received EAPOL-Key frame (%s)", msgtxt
);
887 if (key_info
& WPA_KEY_INFO_ACK
) {
888 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
889 "received invalid EAPOL-Key: Key Ack set");
893 if (!(key_info
& WPA_KEY_INFO_MIC
)) {
894 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
895 "received invalid EAPOL-Key: Key MIC not set");
899 sm
->MICVerified
= FALSE
;
901 if (wpa_verify_key_mic(&sm
->PTK
, data
, data_len
)) {
902 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
903 "received EAPOL-Key with invalid MIC");
906 sm
->MICVerified
= TRUE
;
907 eloop_cancel_timeout(wpa_send_eapol_timeout
, wpa_auth
, sm
);
910 if (key_info
& WPA_KEY_INFO_REQUEST
) {
911 if (sm
->MICVerified
) {
912 sm
->req_replay_counter_used
= 1;
913 os_memcpy(sm
->req_replay_counter
, key
->replay_counter
,
914 WPA_REPLAY_COUNTER_LEN
);
916 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
917 "received EAPOL-Key request with "
923 * TODO: should decrypt key data field if encryption was used;
924 * even though MAC address KDE is not normally encrypted,
925 * supplicant is allowed to encrypt it.
927 if (msg
== SMK_ERROR
) {
928 #ifdef CONFIG_PEERKEY
929 wpa_smk_error(wpa_auth
, sm
, key
);
930 #endif /* CONFIG_PEERKEY */
932 } else if (key_info
& WPA_KEY_INFO_ERROR
) {
933 /* Supplicant reported a Michael MIC error */
934 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
935 "received EAPOL-Key Error Request "
936 "(STA detected Michael MIC failure)");
937 wpa_auth_mic_failure_report(wpa_auth
, sm
->addr
);
938 sm
->dot11RSNAStatsTKIPRemoteMICFailures
++;
939 wpa_auth
->dot11RSNAStatsTKIPRemoteMICFailures
++;
940 /* Error report is not a request for a new key
941 * handshake, but since Authenticator may do it, let's
942 * change the keys now anyway. */
943 wpa_request_new_ptk(sm
);
944 } else if (key_info
& WPA_KEY_INFO_KEY_TYPE
) {
945 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
946 "received EAPOL-Key Request for new "
948 wpa_request_new_ptk(sm
);
949 #ifdef CONFIG_PEERKEY
950 } else if (msg
== SMK_M1
) {
951 wpa_smk_m1(wpa_auth
, sm
, key
);
952 #endif /* CONFIG_PEERKEY */
953 } else if (key_data_length
> 0 &&
954 wpa_parse_kde_ies((const u8
*) (key
+ 1),
955 key_data_length
, &kde
) == 0 &&
958 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_INFO
,
959 "received EAPOL-Key Request for GTK "
961 /* FIX: why was this triggering PTK rekeying for the
962 * STA that requested Group Key rekeying?? */
963 /* wpa_request_new_ptk(sta->wpa_sm); */
964 eloop_cancel_timeout(wpa_rekey_gtk
, wpa_auth
, NULL
);
965 wpa_rekey_gtk(wpa_auth
, NULL
);
968 /* Do not allow the same key replay counter to be reused. This
969 * does also invalidate all other pending replay counters if
970 * retransmissions were used, i.e., we will only process one of
971 * the pending replies and ignore rest if more than one is
973 sm
->key_replay
[0].valid
= FALSE
;
976 #ifdef CONFIG_PEERKEY
978 wpa_smk_m3(wpa_auth
, sm
, key
);
981 #endif /* CONFIG_PEERKEY */
983 os_free(sm
->last_rx_eapol_key
);
984 sm
->last_rx_eapol_key
= os_malloc(data_len
);
985 if (sm
->last_rx_eapol_key
== NULL
)
987 os_memcpy(sm
->last_rx_eapol_key
, data
, data_len
);
988 sm
->last_rx_eapol_key_len
= data_len
;
990 sm
->EAPOLKeyReceived
= TRUE
;
991 sm
->EAPOLKeyPairwise
= !!(key_info
& WPA_KEY_INFO_KEY_TYPE
);
992 sm
->EAPOLKeyRequest
= !!(key_info
& WPA_KEY_INFO_REQUEST
);
993 os_memcpy(sm
->SNonce
, key
->key_nonce
, WPA_NONCE_LEN
);
998 static void wpa_gmk_to_gtk(const u8
*gmk
, const u8
*addr
, const u8
*gnonce
,
999 u8
*gtk
, size_t gtk_len
)
1001 u8 data
[ETH_ALEN
+ WPA_NONCE_LEN
];
1003 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
1004 os_memcpy(data
, addr
, ETH_ALEN
);
1005 os_memcpy(data
+ ETH_ALEN
, gnonce
, WPA_NONCE_LEN
);
1007 #ifdef CONFIG_IEEE80211W
1008 sha256_prf(gmk
, WPA_GMK_LEN
, "Group key expansion",
1009 data
, sizeof(data
), gtk
, gtk_len
);
1010 #else /* CONFIG_IEEE80211W */
1011 sha1_prf(gmk
, WPA_GMK_LEN
, "Group key expansion",
1012 data
, sizeof(data
), gtk
, gtk_len
);
1013 #endif /* CONFIG_IEEE80211W */
1015 wpa_hexdump_key(MSG_DEBUG
, "GMK", gmk
, WPA_GMK_LEN
);
1016 wpa_hexdump_key(MSG_DEBUG
, "GTK", gtk
, gtk_len
);
1020 static void wpa_send_eapol_timeout(void *eloop_ctx
, void *timeout_ctx
)
1022 struct wpa_authenticator
*wpa_auth
= eloop_ctx
;
1023 struct wpa_state_machine
*sm
= timeout_ctx
;
1025 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
, "EAPOL-Key timeout");
1026 sm
->TimeoutEvt
= TRUE
;
1031 void __wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
1032 struct wpa_state_machine
*sm
, int key_info
,
1033 const u8
*key_rsc
, const u8
*nonce
,
1034 const u8
*kde
, size_t kde_len
,
1035 int keyidx
, int encr
, int force_version
)
1037 struct ieee802_1x_hdr
*hdr
;
1038 struct wpa_eapol_key
*key
;
1041 int key_data_len
, pad_len
= 0;
1043 int version
, pairwise
;
1046 len
= sizeof(struct ieee802_1x_hdr
) + sizeof(struct wpa_eapol_key
);
1049 version
= force_version
;
1050 else if (wpa_use_aes_cmac(sm
))
1051 version
= WPA_KEY_INFO_TYPE_AES_128_CMAC
;
1052 else if (sm
->pairwise
== WPA_CIPHER_CCMP
)
1053 version
= WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
;
1055 version
= WPA_KEY_INFO_TYPE_HMAC_MD5_RC4
;
1057 pairwise
= key_info
& WPA_KEY_INFO_KEY_TYPE
;
1059 wpa_printf(MSG_DEBUG
, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1060 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1063 (key_info
& WPA_KEY_INFO_SECURE
) ? 1 : 0,
1064 (key_info
& WPA_KEY_INFO_MIC
) ? 1 : 0,
1065 (key_info
& WPA_KEY_INFO_ACK
) ? 1 : 0,
1066 (key_info
& WPA_KEY_INFO_INSTALL
) ? 1 : 0,
1067 pairwise
, (unsigned long) kde_len
, keyidx
, encr
);
1069 key_data_len
= kde_len
;
1071 if ((version
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
||
1072 version
== WPA_KEY_INFO_TYPE_AES_128_CMAC
) && encr
) {
1073 pad_len
= key_data_len
% 8;
1075 pad_len
= 8 - pad_len
;
1076 key_data_len
+= pad_len
+ 8;
1079 len
+= key_data_len
;
1081 hdr
= os_zalloc(len
);
1084 hdr
->version
= wpa_auth
->conf
.eapol_version
;
1085 hdr
->type
= IEEE802_1X_TYPE_EAPOL_KEY
;
1086 hdr
->length
= host_to_be16(len
- sizeof(*hdr
));
1087 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
1089 key
->type
= sm
->wpa
== WPA_VERSION_WPA2
?
1090 EAPOL_KEY_TYPE_RSN
: EAPOL_KEY_TYPE_WPA
;
1091 key_info
|= version
;
1092 if (encr
&& sm
->wpa
== WPA_VERSION_WPA2
)
1093 key_info
|= WPA_KEY_INFO_ENCR_KEY_DATA
;
1094 if (sm
->wpa
!= WPA_VERSION_WPA2
)
1095 key_info
|= keyidx
<< WPA_KEY_INFO_KEY_INDEX_SHIFT
;
1096 WPA_PUT_BE16(key
->key_info
, key_info
);
1098 alg
= pairwise
? sm
->pairwise
: wpa_auth
->conf
.wpa_group
;
1100 case WPA_CIPHER_CCMP
:
1101 WPA_PUT_BE16(key
->key_length
, 16);
1103 case WPA_CIPHER_TKIP
:
1104 WPA_PUT_BE16(key
->key_length
, 32);
1106 case WPA_CIPHER_WEP40
:
1107 WPA_PUT_BE16(key
->key_length
, 5);
1109 case WPA_CIPHER_WEP104
:
1110 WPA_PUT_BE16(key
->key_length
, 13);
1113 if (key_info
& WPA_KEY_INFO_SMK_MESSAGE
)
1114 WPA_PUT_BE16(key
->key_length
, 0);
1116 /* FIX: STSL: what to use as key_replay_counter? */
1117 for (i
= RSNA_MAX_EAPOL_RETRIES
- 1; i
> 0; i
--) {
1118 sm
->key_replay
[i
].valid
= sm
->key_replay
[i
- 1].valid
;
1119 os_memcpy(sm
->key_replay
[i
].counter
,
1120 sm
->key_replay
[i
- 1].counter
,
1121 WPA_REPLAY_COUNTER_LEN
);
1123 inc_byte_array(sm
->key_replay
[0].counter
, WPA_REPLAY_COUNTER_LEN
);
1124 os_memcpy(key
->replay_counter
, sm
->key_replay
[0].counter
,
1125 WPA_REPLAY_COUNTER_LEN
);
1126 sm
->key_replay
[0].valid
= TRUE
;
1129 os_memcpy(key
->key_nonce
, nonce
, WPA_NONCE_LEN
);
1132 os_memcpy(key
->key_rsc
, key_rsc
, WPA_KEY_RSC_LEN
);
1135 os_memcpy(key
+ 1, kde
, kde_len
);
1136 WPA_PUT_BE16(key
->key_data_length
, kde_len
);
1137 } else if (encr
&& kde
) {
1138 buf
= os_zalloc(key_data_len
);
1144 os_memcpy(pos
, kde
, kde_len
);
1150 wpa_hexdump_key(MSG_DEBUG
, "Plaintext EAPOL-Key Key Data",
1152 if (version
== WPA_KEY_INFO_TYPE_HMAC_SHA1_AES
||
1153 version
== WPA_KEY_INFO_TYPE_AES_128_CMAC
) {
1154 if (aes_wrap(sm
->PTK
.kek
, (key_data_len
- 8) / 8, buf
,
1155 (u8
*) (key
+ 1))) {
1160 WPA_PUT_BE16(key
->key_data_length
, key_data_len
);
1163 os_memcpy(key
->key_iv
,
1164 sm
->group
->Counter
+ WPA_NONCE_LEN
- 16, 16);
1165 inc_byte_array(sm
->group
->Counter
, WPA_NONCE_LEN
);
1166 os_memcpy(ek
, key
->key_iv
, 16);
1167 os_memcpy(ek
+ 16, sm
->PTK
.kek
, 16);
1168 os_memcpy(key
+ 1, buf
, key_data_len
);
1169 rc4_skip(ek
, 32, 256, (u8
*) (key
+ 1), key_data_len
);
1170 WPA_PUT_BE16(key
->key_data_length
, key_data_len
);
1175 if (key_info
& WPA_KEY_INFO_MIC
) {
1176 if (!sm
->PTK_valid
) {
1177 wpa_auth_logger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1178 "PTK not valid when sending EAPOL-Key "
1183 wpa_eapol_key_mic(sm
->PTK
.kck
, version
, (u8
*) hdr
, len
,
1187 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_inc_EapolFramesTx
,
1189 wpa_auth_send_eapol(wpa_auth
, sm
->addr
, (u8
*) hdr
, len
,
1195 static void wpa_send_eapol(struct wpa_authenticator
*wpa_auth
,
1196 struct wpa_state_machine
*sm
, int key_info
,
1197 const u8
*key_rsc
, const u8
*nonce
,
1198 const u8
*kde
, size_t kde_len
,
1199 int keyidx
, int encr
)
1202 int pairwise
= key_info
& WPA_KEY_INFO_KEY_TYPE
;
1208 __wpa_send_eapol(wpa_auth
, sm
, key_info
, key_rsc
, nonce
, kde
, kde_len
,
1211 ctr
= pairwise
? sm
->TimeoutCtr
: sm
->GTimeoutCtr
;
1213 timeout_ms
= eapol_key_timeout_first
;
1215 timeout_ms
= eapol_key_timeout_subseq
;
1216 eloop_register_timeout(timeout_ms
/ 1000, (timeout_ms
% 1000) * 1000,
1217 wpa_send_eapol_timeout
, wpa_auth
, sm
);
1221 static int wpa_verify_key_mic(struct wpa_ptk
*PTK
, u8
*data
, size_t data_len
)
1223 struct ieee802_1x_hdr
*hdr
;
1224 struct wpa_eapol_key
*key
;
1229 if (data_len
< sizeof(*hdr
) + sizeof(*key
))
1232 hdr
= (struct ieee802_1x_hdr
*) data
;
1233 key
= (struct wpa_eapol_key
*) (hdr
+ 1);
1234 key_info
= WPA_GET_BE16(key
->key_info
);
1235 os_memcpy(mic
, key
->key_mic
, 16);
1236 os_memset(key
->key_mic
, 0, 16);
1237 if (wpa_eapol_key_mic(PTK
->kck
, key_info
& WPA_KEY_INFO_TYPE_MASK
,
1238 data
, data_len
, key
->key_mic
) ||
1239 os_memcmp(mic
, key
->key_mic
, 16) != 0)
1241 os_memcpy(key
->key_mic
, mic
, 16);
1246 void wpa_remove_ptk(struct wpa_state_machine
*sm
)
1248 sm
->PTK_valid
= FALSE
;
1249 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1250 wpa_auth_set_key(sm
->wpa_auth
, 0, WPA_ALG_NONE
, sm
->addr
, 0, (u8
*) "",
1252 sm
->pairwise_set
= FALSE
;
1253 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
1257 int wpa_auth_sm_event(struct wpa_state_machine
*sm
, wpa_event event
)
1264 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1265 "event %d notification", event
);
1273 sm
->DeauthenticationRequest
= TRUE
;
1276 case WPA_REAUTH_EAPOL
:
1279 * When using WPS, we may end up here if the STA
1280 * manages to re-associate without the previous STA
1281 * entry getting removed. Consequently, we need to make
1282 * sure that the WPA state machines gets initialized
1283 * properly at this point.
1285 wpa_printf(MSG_DEBUG
, "WPA state machine had not been "
1286 "started - initialize now");
1289 if (wpa_sm_step(sm
) == 1)
1290 return 1; /* should not really happen */
1292 sm
->AuthenticationRequest
= TRUE
;
1295 if (sm
->GUpdateStationKeys
) {
1297 * Reauthentication cancels the pending group key
1298 * update for this STA.
1300 sm
->group
->GKeyDoneStations
--;
1301 sm
->GUpdateStationKeys
= FALSE
;
1302 sm
->PtkGroupInit
= TRUE
;
1304 sm
->ReAuthenticationRequest
= TRUE
;
1307 #ifdef CONFIG_IEEE80211R
1308 wpa_printf(MSG_DEBUG
, "FT: Retry PTK configuration "
1309 "after association");
1310 wpa_ft_install_ptk(sm
);
1312 /* Using FT protocol, not WPA auth state machine */
1313 sm
->ft_completed
= 1;
1315 #else /* CONFIG_IEEE80211R */
1317 #endif /* CONFIG_IEEE80211R */
1320 #ifdef CONFIG_IEEE80211R
1321 sm
->ft_completed
= 0;
1322 #endif /* CONFIG_IEEE80211R */
1324 #ifdef CONFIG_IEEE80211W
1325 if (sm
->mgmt_frame_prot
&& event
== WPA_AUTH
)
1327 #endif /* CONFIG_IEEE80211W */
1330 sm
->PTK_valid
= FALSE
;
1331 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1333 if (event
!= WPA_REAUTH_EAPOL
)
1337 return wpa_sm_step(sm
);
1341 static enum wpa_alg
wpa_alg_enum(int alg
)
1344 case WPA_CIPHER_CCMP
:
1345 return WPA_ALG_CCMP
;
1346 case WPA_CIPHER_TKIP
:
1347 return WPA_ALG_TKIP
;
1348 case WPA_CIPHER_WEP104
:
1349 case WPA_CIPHER_WEP40
:
1352 return WPA_ALG_NONE
;
1357 SM_STATE(WPA_PTK
, INITIALIZE
)
1359 SM_ENTRY_MA(WPA_PTK
, INITIALIZE
, wpa_ptk
);
1361 /* Init flag is not cleared here, so avoid busy
1362 * loop by claiming nothing changed. */
1363 sm
->changed
= FALSE
;
1367 if (sm
->GUpdateStationKeys
)
1368 sm
->group
->GKeyDoneStations
--;
1369 sm
->GUpdateStationKeys
= FALSE
;
1370 if (sm
->wpa
== WPA_VERSION_WPA
)
1371 sm
->PInitAKeys
= FALSE
;
1372 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1373 * Local AA > Remote AA)) */) {
1376 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portEnabled
, 0);
1378 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portValid
, 0);
1380 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1381 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1382 WPA_EAPOL_authorized
, 0);
1387 SM_STATE(WPA_PTK
, DISCONNECT
)
1389 SM_ENTRY_MA(WPA_PTK
, DISCONNECT
, wpa_ptk
);
1390 sm
->Disconnect
= FALSE
;
1391 wpa_sta_disconnect(sm
->wpa_auth
, sm
->addr
);
1395 SM_STATE(WPA_PTK
, DISCONNECTED
)
1397 SM_ENTRY_MA(WPA_PTK
, DISCONNECTED
, wpa_ptk
);
1398 sm
->DeauthenticationRequest
= FALSE
;
1402 SM_STATE(WPA_PTK
, AUTHENTICATION
)
1404 SM_ENTRY_MA(WPA_PTK
, AUTHENTICATION
, wpa_ptk
);
1405 os_memset(&sm
->PTK
, 0, sizeof(sm
->PTK
));
1406 sm
->PTK_valid
= FALSE
;
1407 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portControl_Auto
,
1409 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portEnabled
, 1);
1410 sm
->AuthenticationRequest
= FALSE
;
1414 SM_STATE(WPA_PTK
, AUTHENTICATION2
)
1416 SM_ENTRY_MA(WPA_PTK
, AUTHENTICATION2
, wpa_ptk
);
1417 os_memcpy(sm
->ANonce
, sm
->group
->Counter
, WPA_NONCE_LEN
);
1418 inc_byte_array(sm
->group
->Counter
, WPA_NONCE_LEN
);
1419 sm
->ReAuthenticationRequest
= FALSE
;
1420 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1421 * logical place than INITIALIZE since AUTHENTICATION2 can be
1422 * re-entered on ReAuthenticationRequest without going through
1428 SM_STATE(WPA_PTK
, INITPMK
)
1430 u8 msk
[2 * PMK_LEN
];
1431 size_t len
= 2 * PMK_LEN
;
1433 SM_ENTRY_MA(WPA_PTK
, INITPMK
, wpa_ptk
);
1434 #ifdef CONFIG_IEEE80211R
1436 #endif /* CONFIG_IEEE80211R */
1438 wpa_printf(MSG_DEBUG
, "WPA: PMK from PMKSA cache");
1439 os_memcpy(sm
->PMK
, sm
->pmksa
->pmk
, PMK_LEN
);
1440 } else if (wpa_auth_get_msk(sm
->wpa_auth
, sm
->addr
, msk
, &len
) == 0) {
1441 wpa_printf(MSG_DEBUG
, "WPA: PMK from EAPOL state machine "
1442 "(len=%lu)", (unsigned long) len
);
1443 os_memcpy(sm
->PMK
, msk
, PMK_LEN
);
1444 #ifdef CONFIG_IEEE80211R
1445 if (len
>= 2 * PMK_LEN
) {
1446 os_memcpy(sm
->xxkey
, msk
+ PMK_LEN
, PMK_LEN
);
1447 sm
->xxkey_len
= PMK_LEN
;
1449 #endif /* CONFIG_IEEE80211R */
1451 wpa_printf(MSG_DEBUG
, "WPA: Could not get PMK");
1454 sm
->req_replay_counter_used
= 0;
1455 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1456 * will break reauthentication since EAPOL state machines may not be
1457 * get into AUTHENTICATING state that clears keyRun before WPA state
1458 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1459 * state and takes PMK from the previously used AAA Key. This will
1460 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1461 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1462 * be good workaround for this issue. */
1463 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyRun
, 0);
1467 SM_STATE(WPA_PTK
, INITPSK
)
1470 SM_ENTRY_MA(WPA_PTK
, INITPSK
, wpa_ptk
);
1471 psk
= wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, NULL
);
1473 os_memcpy(sm
->PMK
, psk
, PMK_LEN
);
1474 #ifdef CONFIG_IEEE80211R
1475 os_memcpy(sm
->xxkey
, psk
, PMK_LEN
);
1476 sm
->xxkey_len
= PMK_LEN
;
1477 #endif /* CONFIG_IEEE80211R */
1479 sm
->req_replay_counter_used
= 0;
1483 SM_STATE(WPA_PTK
, PTKSTART
)
1485 u8 buf
[2 + RSN_SELECTOR_LEN
+ PMKID_LEN
], *pmkid
= NULL
;
1486 size_t pmkid_len
= 0;
1488 SM_ENTRY_MA(WPA_PTK
, PTKSTART
, wpa_ptk
);
1489 sm
->PTKRequest
= FALSE
;
1490 sm
->TimeoutEvt
= FALSE
;
1493 if (sm
->TimeoutCtr
> (int) dot11RSNAConfigPairwiseUpdateCount
) {
1494 /* No point in sending the EAPOL-Key - we will disconnect
1495 * immediately following this. */
1499 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1500 "sending 1/4 msg of 4-Way Handshake");
1502 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1503 * one possible PSK for this STA.
1505 if (sm
->wpa
== WPA_VERSION_WPA2
&&
1506 wpa_key_mgmt_wpa_ieee8021x(sm
->wpa_key_mgmt
)) {
1508 pmkid_len
= 2 + RSN_SELECTOR_LEN
+ PMKID_LEN
;
1509 pmkid
[0] = WLAN_EID_VENDOR_SPECIFIC
;
1510 pmkid
[1] = RSN_SELECTOR_LEN
+ PMKID_LEN
;
1511 RSN_SELECTOR_PUT(&pmkid
[2], RSN_KEY_DATA_PMKID
);
1513 os_memcpy(&pmkid
[2 + RSN_SELECTOR_LEN
],
1514 sm
->pmksa
->pmkid
, PMKID_LEN
);
1517 * Calculate PMKID since no PMKSA cache entry was
1518 * available with pre-calculated PMKID.
1520 rsn_pmkid(sm
->PMK
, PMK_LEN
, sm
->wpa_auth
->addr
,
1521 sm
->addr
, &pmkid
[2 + RSN_SELECTOR_LEN
],
1522 wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
));
1525 wpa_send_eapol(sm
->wpa_auth
, sm
,
1526 WPA_KEY_INFO_ACK
| WPA_KEY_INFO_KEY_TYPE
, NULL
,
1527 sm
->ANonce
, pmkid
, pmkid_len
, 0, 0);
1531 static int wpa_derive_ptk(struct wpa_state_machine
*sm
, const u8
*pmk
,
1532 struct wpa_ptk
*ptk
)
1534 size_t ptk_len
= sm
->pairwise
== WPA_CIPHER_CCMP
? 48 : 64;
1535 #ifdef CONFIG_IEEE80211R
1536 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
))
1537 return wpa_auth_derive_ptk_ft(sm
, pmk
, ptk
, ptk_len
);
1538 #endif /* CONFIG_IEEE80211R */
1540 wpa_pmk_to_ptk(pmk
, PMK_LEN
, "Pairwise key expansion",
1541 sm
->wpa_auth
->addr
, sm
->addr
, sm
->ANonce
, sm
->SNonce
,
1542 (u8
*) ptk
, ptk_len
,
1543 wpa_key_mgmt_sha256(sm
->wpa_key_mgmt
));
1549 SM_STATE(WPA_PTK
, PTKCALCNEGOTIATING
)
1553 const u8
*pmk
= NULL
;
1555 SM_ENTRY_MA(WPA_PTK
, PTKCALCNEGOTIATING
, wpa_ptk
);
1556 sm
->EAPOLKeyReceived
= FALSE
;
1558 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1559 * WPA-PSK: iterate through possible PSKs and select the one matching
1562 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1563 pmk
= wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, pmk
);
1569 wpa_derive_ptk(sm
, pmk
, &PTK
);
1571 if (wpa_verify_key_mic(&PTK
, sm
->last_rx_eapol_key
,
1572 sm
->last_rx_eapol_key_len
) == 0) {
1577 if (!wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
))
1582 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1583 "invalid MIC in msg 2/4 of 4-Way Handshake");
1587 #ifdef CONFIG_IEEE80211R
1588 if (sm
->wpa
== WPA_VERSION_WPA2
&& wpa_key_mgmt_ft(sm
->wpa_key_mgmt
)) {
1590 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1591 * with the value we derived.
1593 if (os_memcmp(sm
->sup_pmk_r1_name
, sm
->pmk_r1_name
,
1594 WPA_PMK_NAME_LEN
) != 0) {
1595 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1596 "PMKR1Name mismatch in FT 4-way "
1598 wpa_hexdump(MSG_DEBUG
, "FT: PMKR1Name from "
1600 sm
->sup_pmk_r1_name
, WPA_PMK_NAME_LEN
);
1601 wpa_hexdump(MSG_DEBUG
, "FT: Derived PMKR1Name",
1602 sm
->pmk_r1_name
, WPA_PMK_NAME_LEN
);
1606 #endif /* CONFIG_IEEE80211R */
1608 eloop_cancel_timeout(wpa_send_eapol_timeout
, sm
->wpa_auth
, sm
);
1610 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1611 /* PSK may have changed from the previous choice, so update
1612 * state machine data based on whatever PSK was selected here.
1614 os_memcpy(sm
->PMK
, pmk
, PMK_LEN
);
1617 sm
->MICVerified
= TRUE
;
1619 os_memcpy(&sm
->PTK
, &PTK
, sizeof(PTK
));
1620 sm
->PTK_valid
= TRUE
;
1624 SM_STATE(WPA_PTK
, PTKCALCNEGOTIATING2
)
1626 SM_ENTRY_MA(WPA_PTK
, PTKCALCNEGOTIATING2
, wpa_ptk
);
1631 #ifdef CONFIG_IEEE80211W
1633 static int ieee80211w_kde_len(struct wpa_state_machine
*sm
)
1635 if (sm
->mgmt_frame_prot
) {
1636 return 2 + RSN_SELECTOR_LEN
+ sizeof(struct wpa_igtk_kde
);
1643 static u8
* ieee80211w_kde_add(struct wpa_state_machine
*sm
, u8
*pos
)
1645 struct wpa_igtk_kde igtk
;
1646 struct wpa_group
*gsm
= sm
->group
;
1648 if (!sm
->mgmt_frame_prot
)
1651 igtk
.keyid
[0] = gsm
->GN_igtk
;
1653 if (gsm
->wpa_group_state
!= WPA_GROUP_SETKEYSDONE
||
1654 wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN_igtk
, igtk
.pn
) < 0)
1655 os_memset(igtk
.pn
, 0, sizeof(igtk
.pn
));
1656 os_memcpy(igtk
.igtk
, gsm
->IGTK
[gsm
->GN_igtk
- 4], WPA_IGTK_LEN
);
1657 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_IGTK
,
1658 (const u8
*) &igtk
, sizeof(igtk
), NULL
, 0);
1663 #else /* CONFIG_IEEE80211W */
1665 static int ieee80211w_kde_len(struct wpa_state_machine
*sm
)
1671 static u8
* ieee80211w_kde_add(struct wpa_state_machine
*sm
, u8
*pos
)
1676 #endif /* CONFIG_IEEE80211W */
1679 SM_STATE(WPA_PTK
, PTKINITNEGOTIATING
)
1681 u8 rsc
[WPA_KEY_RSC_LEN
], *_rsc
, *gtk
, *kde
, *pos
;
1682 size_t gtk_len
, kde_len
;
1683 struct wpa_group
*gsm
= sm
->group
;
1685 int wpa_ie_len
, secure
, keyidx
, encr
= 0;
1687 SM_ENTRY_MA(WPA_PTK
, PTKINITNEGOTIATING
, wpa_ptk
);
1688 sm
->TimeoutEvt
= FALSE
;
1691 if (sm
->TimeoutCtr
> (int) dot11RSNAConfigPairwiseUpdateCount
) {
1692 /* No point in sending the EAPOL-Key - we will disconnect
1693 * immediately following this. */
1697 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1698 GTK[GN], IGTK, [FTIE], [TIE * 2])
1700 os_memset(rsc
, 0, WPA_KEY_RSC_LEN
);
1701 wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN
, rsc
);
1702 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
1703 wpa_ie
= sm
->wpa_auth
->wpa_ie
;
1704 wpa_ie_len
= sm
->wpa_auth
->wpa_ie_len
;
1705 if (sm
->wpa
== WPA_VERSION_WPA
&&
1706 (sm
->wpa_auth
->conf
.wpa
& WPA_PROTO_RSN
) &&
1707 wpa_ie_len
> wpa_ie
[1] + 2 && wpa_ie
[0] == WLAN_EID_RSN
) {
1708 /* WPA-only STA, remove RSN IE */
1709 wpa_ie
= wpa_ie
+ wpa_ie
[1] + 2;
1710 wpa_ie_len
= wpa_ie
[1] + 2;
1712 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
1713 "sending 3/4 msg of 4-Way Handshake");
1714 if (sm
->wpa
== WPA_VERSION_WPA2
) {
1715 /* WPA2 send GTK in the 4-way handshake */
1717 gtk
= gsm
->GTK
[gsm
->GN
- 1];
1718 gtk_len
= gsm
->GTK_len
;
1723 /* WPA does not include GTK in msg 3/4 */
1731 kde_len
= wpa_ie_len
+ ieee80211w_kde_len(sm
);
1733 kde_len
+= 2 + RSN_SELECTOR_LEN
+ 2 + gtk_len
;
1734 #ifdef CONFIG_IEEE80211R
1735 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
)) {
1736 kde_len
+= 2 + PMKID_LEN
; /* PMKR1Name into RSN IE */
1737 kde_len
+= 300; /* FTIE + 2 * TIE */
1739 #endif /* CONFIG_IEEE80211R */
1740 kde
= os_malloc(kde_len
);
1745 os_memcpy(pos
, wpa_ie
, wpa_ie_len
);
1747 #ifdef CONFIG_IEEE80211R
1748 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
)) {
1749 int res
= wpa_insert_pmkid(kde
, pos
- kde
, sm
->pmk_r1_name
);
1751 wpa_printf(MSG_ERROR
, "FT: Failed to insert "
1752 "PMKR1Name into RSN IE in EAPOL-Key data");
1758 #endif /* CONFIG_IEEE80211R */
1761 hdr
[0] = keyidx
& 0x03;
1763 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_GROUPKEY
, hdr
, 2,
1766 pos
= ieee80211w_kde_add(sm
, pos
);
1768 #ifdef CONFIG_IEEE80211R
1769 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
)) {
1771 struct wpa_auth_config
*conf
;
1773 conf
= &sm
->wpa_auth
->conf
;
1774 res
= wpa_write_ftie(conf
, conf
->r0_key_holder
,
1775 conf
->r0_key_holder_len
,
1776 NULL
, NULL
, pos
, kde
+ kde_len
- pos
,
1779 wpa_printf(MSG_ERROR
, "FT: Failed to insert FTIE "
1780 "into EAPOL-Key Key Data");
1786 /* TIE[ReassociationDeadline] (TU) */
1787 *pos
++ = WLAN_EID_TIMEOUT_INTERVAL
;
1789 *pos
++ = WLAN_TIMEOUT_REASSOC_DEADLINE
;
1790 WPA_PUT_LE32(pos
, conf
->reassociation_deadline
);
1793 /* TIE[KeyLifetime] (seconds) */
1794 *pos
++ = WLAN_EID_TIMEOUT_INTERVAL
;
1796 *pos
++ = WLAN_TIMEOUT_KEY_LIFETIME
;
1797 WPA_PUT_LE32(pos
, conf
->r0_key_lifetime
* 60);
1800 #endif /* CONFIG_IEEE80211R */
1802 wpa_send_eapol(sm
->wpa_auth
, sm
,
1803 (secure
? WPA_KEY_INFO_SECURE
: 0) | WPA_KEY_INFO_MIC
|
1804 WPA_KEY_INFO_ACK
| WPA_KEY_INFO_INSTALL
|
1805 WPA_KEY_INFO_KEY_TYPE
,
1806 _rsc
, sm
->ANonce
, kde
, pos
- kde
, keyidx
, encr
);
1811 SM_STATE(WPA_PTK
, PTKINITDONE
)
1813 SM_ENTRY_MA(WPA_PTK
, PTKINITDONE
, wpa_ptk
);
1814 sm
->EAPOLKeyReceived
= FALSE
;
1818 if (sm
->pairwise
== WPA_CIPHER_TKIP
) {
1825 if (wpa_auth_set_key(sm
->wpa_auth
, 0, alg
, sm
->addr
, 0,
1826 sm
->PTK
.tk1
, klen
)) {
1827 wpa_sta_disconnect(sm
->wpa_auth
, sm
->addr
);
1830 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1831 sm
->pairwise_set
= TRUE
;
1833 if (sm
->wpa_auth
->conf
.wpa_ptk_rekey
) {
1834 eloop_cancel_timeout(wpa_rekey_ptk
, sm
->wpa_auth
, sm
);
1835 eloop_register_timeout(sm
->wpa_auth
->conf
.
1836 wpa_ptk_rekey
, 0, wpa_rekey_ptk
,
1840 if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)) {
1841 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1842 WPA_EAPOL_authorized
, 1);
1846 if (0 /* IBSS == TRUE */) {
1848 if (sm
->keycount
== 2) {
1849 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
,
1850 WPA_EAPOL_portValid
, 1);
1853 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_portValid
,
1856 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyAvailable
, 0);
1857 wpa_auth_set_eapol(sm
->wpa_auth
, sm
->addr
, WPA_EAPOL_keyDone
, 1);
1858 if (sm
->wpa
== WPA_VERSION_WPA
)
1859 sm
->PInitAKeys
= TRUE
;
1862 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
1863 "pairwise key handshake completed (%s)",
1864 sm
->wpa
== WPA_VERSION_WPA
? "WPA" : "RSN");
1866 #ifdef CONFIG_IEEE80211R
1867 wpa_ft_push_pmk_r1(sm
->wpa_auth
, sm
->addr
);
1868 #endif /* CONFIG_IEEE80211R */
1874 struct wpa_authenticator
*wpa_auth
= sm
->wpa_auth
;
1877 SM_ENTER(WPA_PTK
, INITIALIZE
);
1878 else if (sm
->Disconnect
1879 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1880 SM_ENTER(WPA_PTK
, DISCONNECT
);
1881 else if (sm
->DeauthenticationRequest
)
1882 SM_ENTER(WPA_PTK
, DISCONNECTED
);
1883 else if (sm
->AuthenticationRequest
)
1884 SM_ENTER(WPA_PTK
, AUTHENTICATION
);
1885 else if (sm
->ReAuthenticationRequest
)
1886 SM_ENTER(WPA_PTK
, AUTHENTICATION2
);
1887 else if (sm
->PTKRequest
)
1888 SM_ENTER(WPA_PTK
, PTKSTART
);
1889 else switch (sm
->wpa_ptk_state
) {
1890 case WPA_PTK_INITIALIZE
:
1892 case WPA_PTK_DISCONNECT
:
1893 SM_ENTER(WPA_PTK
, DISCONNECTED
);
1895 case WPA_PTK_DISCONNECTED
:
1896 SM_ENTER(WPA_PTK
, INITIALIZE
);
1898 case WPA_PTK_AUTHENTICATION
:
1899 SM_ENTER(WPA_PTK
, AUTHENTICATION2
);
1901 case WPA_PTK_AUTHENTICATION2
:
1902 if (wpa_key_mgmt_wpa_ieee8021x(sm
->wpa_key_mgmt
) &&
1903 wpa_auth_get_eapol(sm
->wpa_auth
, sm
->addr
,
1904 WPA_EAPOL_keyRun
) > 0)
1905 SM_ENTER(WPA_PTK
, INITPMK
);
1906 else if (wpa_key_mgmt_wpa_psk(sm
->wpa_key_mgmt
)
1907 /* FIX: && 802.1X::keyRun */)
1908 SM_ENTER(WPA_PTK
, INITPSK
);
1910 case WPA_PTK_INITPMK
:
1911 if (wpa_auth_get_eapol(sm
->wpa_auth
, sm
->addr
,
1912 WPA_EAPOL_keyAvailable
) > 0)
1913 SM_ENTER(WPA_PTK
, PTKSTART
);
1915 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1916 SM_ENTER(WPA_PTK
, DISCONNECT
);
1919 case WPA_PTK_INITPSK
:
1920 if (wpa_auth_get_psk(sm
->wpa_auth
, sm
->addr
, NULL
))
1921 SM_ENTER(WPA_PTK
, PTKSTART
);
1923 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
1924 "no PSK configured for the STA");
1925 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1926 SM_ENTER(WPA_PTK
, DISCONNECT
);
1929 case WPA_PTK_PTKSTART
:
1930 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1931 sm
->EAPOLKeyPairwise
)
1932 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING
);
1933 else if (sm
->TimeoutCtr
>
1934 (int) dot11RSNAConfigPairwiseUpdateCount
) {
1935 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1936 SM_ENTER(WPA_PTK
, DISCONNECT
);
1937 } else if (sm
->TimeoutEvt
)
1938 SM_ENTER(WPA_PTK
, PTKSTART
);
1940 case WPA_PTK_PTKCALCNEGOTIATING
:
1941 if (sm
->MICVerified
)
1942 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING2
);
1943 else if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1944 sm
->EAPOLKeyPairwise
)
1945 SM_ENTER(WPA_PTK
, PTKCALCNEGOTIATING
);
1946 else if (sm
->TimeoutEvt
)
1947 SM_ENTER(WPA_PTK
, PTKSTART
);
1949 case WPA_PTK_PTKCALCNEGOTIATING2
:
1950 SM_ENTER(WPA_PTK
, PTKINITNEGOTIATING
);
1952 case WPA_PTK_PTKINITNEGOTIATING
:
1953 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
1954 sm
->EAPOLKeyPairwise
&& sm
->MICVerified
)
1955 SM_ENTER(WPA_PTK
, PTKINITDONE
);
1956 else if (sm
->TimeoutCtr
>
1957 (int) dot11RSNAConfigPairwiseUpdateCount
) {
1958 wpa_auth
->dot11RSNA4WayHandshakeFailures
++;
1959 SM_ENTER(WPA_PTK
, DISCONNECT
);
1960 } else if (sm
->TimeoutEvt
)
1961 SM_ENTER(WPA_PTK
, PTKINITNEGOTIATING
);
1963 case WPA_PTK_PTKINITDONE
:
1969 SM_STATE(WPA_PTK_GROUP
, IDLE
)
1971 SM_ENTRY_MA(WPA_PTK_GROUP
, IDLE
, wpa_ptk_group
);
1973 /* Init flag is not cleared here, so avoid busy
1974 * loop by claiming nothing changed. */
1975 sm
->changed
= FALSE
;
1977 sm
->GTimeoutCtr
= 0;
1981 SM_STATE(WPA_PTK_GROUP
, REKEYNEGOTIATING
)
1983 u8 rsc
[WPA_KEY_RSC_LEN
];
1984 struct wpa_group
*gsm
= sm
->group
;
1985 u8
*kde
, *pos
, hdr
[2];
1988 SM_ENTRY_MA(WPA_PTK_GROUP
, REKEYNEGOTIATING
, wpa_ptk_group
);
1991 if (sm
->GTimeoutCtr
> (int) dot11RSNAConfigGroupUpdateCount
) {
1992 /* No point in sending the EAPOL-Key - we will disconnect
1993 * immediately following this. */
1997 if (sm
->wpa
== WPA_VERSION_WPA
)
1998 sm
->PInitAKeys
= FALSE
;
1999 sm
->TimeoutEvt
= FALSE
;
2000 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2001 os_memset(rsc
, 0, WPA_KEY_RSC_LEN
);
2002 if (gsm
->wpa_group_state
== WPA_GROUP_SETKEYSDONE
)
2003 wpa_auth_get_seqnum(sm
->wpa_auth
, NULL
, gsm
->GN
, rsc
);
2004 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
2005 "sending 1/2 msg of Group Key Handshake");
2007 if (sm
->wpa
== WPA_VERSION_WPA2
) {
2008 kde_len
= 2 + RSN_SELECTOR_LEN
+ 2 + gsm
->GTK_len
+
2009 ieee80211w_kde_len(sm
);
2010 kde
= os_malloc(kde_len
);
2015 hdr
[0] = gsm
->GN
& 0x03;
2017 pos
= wpa_add_kde(pos
, RSN_KEY_DATA_GROUPKEY
, hdr
, 2,
2018 gsm
->GTK
[gsm
->GN
- 1], gsm
->GTK_len
);
2019 pos
= ieee80211w_kde_add(sm
, pos
);
2021 kde
= gsm
->GTK
[gsm
->GN
- 1];
2022 pos
= kde
+ gsm
->GTK_len
;
2025 wpa_send_eapol(sm
->wpa_auth
, sm
,
2026 WPA_KEY_INFO_SECURE
| WPA_KEY_INFO_MIC
|
2028 (!sm
->Pair
? WPA_KEY_INFO_INSTALL
: 0),
2029 rsc
, gsm
->GNonce
, kde
, pos
- kde
, gsm
->GN
, 1);
2030 if (sm
->wpa
== WPA_VERSION_WPA2
)
2035 SM_STATE(WPA_PTK_GROUP
, REKEYESTABLISHED
)
2037 SM_ENTRY_MA(WPA_PTK_GROUP
, REKEYESTABLISHED
, wpa_ptk_group
);
2038 sm
->EAPOLKeyReceived
= FALSE
;
2039 if (sm
->GUpdateStationKeys
)
2040 sm
->group
->GKeyDoneStations
--;
2041 sm
->GUpdateStationKeys
= FALSE
;
2042 sm
->GTimeoutCtr
= 0;
2043 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2044 wpa_auth_vlogger(sm
->wpa_auth
, sm
->addr
, LOGGER_INFO
,
2045 "group key handshake completed (%s)",
2046 sm
->wpa
== WPA_VERSION_WPA
? "WPA" : "RSN");
2051 SM_STATE(WPA_PTK_GROUP
, KEYERROR
)
2053 SM_ENTRY_MA(WPA_PTK_GROUP
, KEYERROR
, wpa_ptk_group
);
2054 if (sm
->GUpdateStationKeys
)
2055 sm
->group
->GKeyDoneStations
--;
2056 sm
->GUpdateStationKeys
= FALSE
;
2057 sm
->Disconnect
= TRUE
;
2061 SM_STEP(WPA_PTK_GROUP
)
2063 if (sm
->Init
|| sm
->PtkGroupInit
) {
2064 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
2065 sm
->PtkGroupInit
= FALSE
;
2066 } else switch (sm
->wpa_ptk_group_state
) {
2067 case WPA_PTK_GROUP_IDLE
:
2068 if (sm
->GUpdateStationKeys
||
2069 (sm
->wpa
== WPA_VERSION_WPA
&& sm
->PInitAKeys
))
2070 SM_ENTER(WPA_PTK_GROUP
, REKEYNEGOTIATING
);
2072 case WPA_PTK_GROUP_REKEYNEGOTIATING
:
2073 if (sm
->EAPOLKeyReceived
&& !sm
->EAPOLKeyRequest
&&
2074 !sm
->EAPOLKeyPairwise
&& sm
->MICVerified
)
2075 SM_ENTER(WPA_PTK_GROUP
, REKEYESTABLISHED
);
2076 else if (sm
->GTimeoutCtr
>
2077 (int) dot11RSNAConfigGroupUpdateCount
)
2078 SM_ENTER(WPA_PTK_GROUP
, KEYERROR
);
2079 else if (sm
->TimeoutEvt
)
2080 SM_ENTER(WPA_PTK_GROUP
, REKEYNEGOTIATING
);
2082 case WPA_PTK_GROUP_KEYERROR
:
2083 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
2085 case WPA_PTK_GROUP_REKEYESTABLISHED
:
2086 SM_ENTER(WPA_PTK_GROUP
, IDLE
);
2092 static int wpa_gtk_update(struct wpa_authenticator
*wpa_auth
,
2093 struct wpa_group
*group
)
2097 /* FIX: is this the correct way of getting GNonce? */
2098 os_memcpy(group
->GNonce
, group
->Counter
, WPA_NONCE_LEN
);
2099 inc_byte_array(group
->Counter
, WPA_NONCE_LEN
);
2100 wpa_gmk_to_gtk(group
->GMK
, wpa_auth
->addr
, group
->GNonce
,
2101 group
->GTK
[group
->GN
- 1], group
->GTK_len
);
2103 #ifdef CONFIG_IEEE80211W
2104 if (wpa_auth
->conf
.ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
2105 if (os_get_random(group
->IGTK
[group
->GN_igtk
- 4],
2106 WPA_IGTK_LEN
) < 0) {
2107 wpa_printf(MSG_INFO
, "RSN: Failed to get new random "
2111 wpa_hexdump_key(MSG_DEBUG
, "IGTK",
2112 group
->IGTK
[group
->GN_igtk
- 4], WPA_IGTK_LEN
);
2114 #endif /* CONFIG_IEEE80211W */
2120 static void wpa_group_gtk_init(struct wpa_authenticator
*wpa_auth
,
2121 struct wpa_group
*group
)
2123 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
2124 "GTK_INIT (VLAN-ID %d)", group
->vlan_id
);
2125 group
->changed
= FALSE
; /* GInit is not cleared here; avoid loop */
2126 group
->wpa_group_state
= WPA_GROUP_GTK_INIT
;
2129 os_memset(group
->GTK
, 0, sizeof(group
->GTK
));
2132 #ifdef CONFIG_IEEE80211W
2135 #endif /* CONFIG_IEEE80211W */
2136 /* GTK[GN] = CalcGTK() */
2137 wpa_gtk_update(wpa_auth
, group
);
2141 static int wpa_group_update_sta(struct wpa_state_machine
*sm
, void *ctx
)
2143 if (sm
->wpa_ptk_state
!= WPA_PTK_PTKINITDONE
) {
2144 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
2145 "Not in PTKINITDONE; skip Group Key update");
2148 if (sm
->GUpdateStationKeys
) {
2150 * This should not really happen, but just in case, make sure
2151 * we do not count the same STA twice in GKeyDoneStations.
2153 wpa_auth_logger(sm
->wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
2154 "GUpdateStationKeys already set - do not "
2155 "increment GKeyDoneStations");
2157 sm
->group
->GKeyDoneStations
++;
2158 sm
->GUpdateStationKeys
= TRUE
;
2165 static void wpa_group_setkeys(struct wpa_authenticator
*wpa_auth
,
2166 struct wpa_group
*group
)
2170 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
2171 "SETKEYS (VLAN-ID %d)", group
->vlan_id
);
2172 group
->changed
= TRUE
;
2173 group
->wpa_group_state
= WPA_GROUP_SETKEYS
;
2174 group
->GTKReKey
= FALSE
;
2176 group
->GM
= group
->GN
;
2178 #ifdef CONFIG_IEEE80211W
2179 tmp
= group
->GM_igtk
;
2180 group
->GM_igtk
= group
->GN_igtk
;
2181 group
->GN_igtk
= tmp
;
2182 #endif /* CONFIG_IEEE80211W */
2183 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2184 * counting the STAs that are marked with GUpdateStationKeys instead of
2185 * including all STAs that could be in not-yet-completed state. */
2186 wpa_gtk_update(wpa_auth
, group
);
2188 wpa_auth_for_each_sta(wpa_auth
, wpa_group_update_sta
, NULL
);
2189 wpa_printf(MSG_DEBUG
, "wpa_group_setkeys: GKeyDoneStations=%d",
2190 group
->GKeyDoneStations
);
2194 static void wpa_group_setkeysdone(struct wpa_authenticator
*wpa_auth
,
2195 struct wpa_group
*group
)
2197 wpa_printf(MSG_DEBUG
, "WPA: group state machine entering state "
2198 "SETKEYSDONE (VLAN-ID %d)", group
->vlan_id
);
2199 group
->changed
= TRUE
;
2200 group
->wpa_group_state
= WPA_GROUP_SETKEYSDONE
;
2201 wpa_auth_set_key(wpa_auth
, group
->vlan_id
,
2202 wpa_alg_enum(wpa_auth
->conf
.wpa_group
),
2203 NULL
, group
->GN
, group
->GTK
[group
->GN
- 1],
2206 #ifdef CONFIG_IEEE80211W
2207 if (wpa_auth
->conf
.ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
2208 wpa_auth_set_key(wpa_auth
, group
->vlan_id
, WPA_ALG_IGTK
,
2209 NULL
, group
->GN_igtk
,
2210 group
->IGTK
[group
->GN_igtk
- 4],
2213 #endif /* CONFIG_IEEE80211W */
2217 static void wpa_group_sm_step(struct wpa_authenticator
*wpa_auth
,
2218 struct wpa_group
*group
)
2221 wpa_group_gtk_init(wpa_auth
, group
);
2222 } else if (group
->wpa_group_state
== WPA_GROUP_GTK_INIT
&&
2223 group
->GTKAuthenticator
) {
2224 wpa_group_setkeysdone(wpa_auth
, group
);
2225 } else if (group
->wpa_group_state
== WPA_GROUP_SETKEYSDONE
&&
2227 wpa_group_setkeys(wpa_auth
, group
);
2228 } else if (group
->wpa_group_state
== WPA_GROUP_SETKEYS
) {
2229 if (group
->GKeyDoneStations
== 0)
2230 wpa_group_setkeysdone(wpa_auth
, group
);
2231 else if (group
->GTKReKey
)
2232 wpa_group_setkeys(wpa_auth
, group
);
2237 static int wpa_sm_step(struct wpa_state_machine
*sm
)
2242 if (sm
->in_step_loop
) {
2243 /* This should not happen, but if it does, make sure we do not
2244 * end up freeing the state machine too early by exiting the
2245 * recursive call. */
2246 wpa_printf(MSG_ERROR
, "WPA: wpa_sm_step() called recursively");
2250 sm
->in_step_loop
= 1;
2252 if (sm
->pending_deinit
)
2255 sm
->changed
= FALSE
;
2256 sm
->wpa_auth
->group
->changed
= FALSE
;
2258 SM_STEP_RUN(WPA_PTK
);
2259 if (sm
->pending_deinit
)
2261 SM_STEP_RUN(WPA_PTK_GROUP
);
2262 if (sm
->pending_deinit
)
2264 wpa_group_sm_step(sm
->wpa_auth
, sm
->group
);
2265 } while (sm
->changed
|| sm
->wpa_auth
->group
->changed
);
2266 sm
->in_step_loop
= 0;
2268 if (sm
->pending_deinit
) {
2269 wpa_printf(MSG_DEBUG
, "WPA: Completing pending STA state "
2270 "machine deinit for " MACSTR
, MAC2STR(sm
->addr
));
2271 wpa_free_sta_sm(sm
);
2278 static void wpa_sm_call_step(void *eloop_ctx
, void *timeout_ctx
)
2280 struct wpa_state_machine
*sm
= eloop_ctx
;
2285 void wpa_auth_sm_notify(struct wpa_state_machine
*sm
)
2289 eloop_register_timeout(0, 0, wpa_sm_call_step
, sm
, NULL
);
2293 void wpa_gtk_rekey(struct wpa_authenticator
*wpa_auth
)
2296 struct wpa_group
*group
;
2298 if (wpa_auth
== NULL
)
2301 group
= wpa_auth
->group
;
2303 for (i
= 0; i
< 2; i
++) {
2305 group
->GM
= group
->GN
;
2307 #ifdef CONFIG_IEEE80211W
2308 tmp
= group
->GM_igtk
;
2309 group
->GM_igtk
= group
->GN_igtk
;
2310 group
->GN_igtk
= tmp
;
2311 #endif /* CONFIG_IEEE80211W */
2312 wpa_gtk_update(wpa_auth
, group
);
2317 static const char * wpa_bool_txt(int bool)
2319 return bool ? "TRUE" : "FALSE";
2323 static int wpa_cipher_bits(int cipher
)
2326 case WPA_CIPHER_CCMP
:
2328 case WPA_CIPHER_TKIP
:
2330 case WPA_CIPHER_WEP104
:
2332 case WPA_CIPHER_WEP40
:
2340 #define RSN_SUITE "%02x-%02x-%02x-%d"
2341 #define RSN_SUITE_ARG(s) \
2342 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2344 int wpa_get_mib(struct wpa_authenticator
*wpa_auth
, char *buf
, size_t buflen
)
2347 char pmkid_txt
[PMKID_LEN
* 2 + 1];
2349 if (wpa_auth
== NULL
)
2352 ret
= os_snprintf(buf
+ len
, buflen
- len
,
2353 "dot11RSNAOptionImplemented=TRUE\n"
2354 #ifdef CONFIG_RSN_PREAUTH
2355 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2356 #else /* CONFIG_RSN_PREAUTH */
2357 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2358 #endif /* CONFIG_RSN_PREAUTH */
2359 "dot11RSNAEnabled=%s\n"
2360 "dot11RSNAPreauthenticationEnabled=%s\n",
2361 wpa_bool_txt(wpa_auth
->conf
.wpa
& WPA_PROTO_RSN
),
2362 wpa_bool_txt(wpa_auth
->conf
.rsn_preauth
));
2363 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2367 wpa_snprintf_hex(pmkid_txt
, sizeof(pmkid_txt
),
2368 wpa_auth
->dot11RSNAPMKIDUsed
, PMKID_LEN
);
2371 buf
+ len
, buflen
- len
,
2372 "dot11RSNAConfigVersion=%u\n"
2373 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2374 /* FIX: dot11RSNAConfigGroupCipher */
2375 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2376 /* FIX: dot11RSNAConfigGroupRekeyTime */
2377 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2378 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2379 "dot11RSNAConfigGroupUpdateCount=%u\n"
2380 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2381 "dot11RSNAConfigGroupCipherSize=%u\n"
2382 "dot11RSNAConfigPMKLifetime=%u\n"
2383 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2384 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2385 "dot11RSNAConfigSATimeout=%u\n"
2386 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE
"\n"
2387 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE
"\n"
2388 "dot11RSNAGroupCipherSelected=" RSN_SUITE
"\n"
2389 "dot11RSNAPMKIDUsed=%s\n"
2390 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE
"\n"
2391 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE
"\n"
2392 "dot11RSNAGroupCipherRequested=" RSN_SUITE
"\n"
2393 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2394 "dot11RSNA4WayHandshakeFailures=%u\n"
2395 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2397 !!wpa_auth
->conf
.wpa_strict_rekey
,
2398 dot11RSNAConfigGroupUpdateCount
,
2399 dot11RSNAConfigPairwiseUpdateCount
,
2400 wpa_cipher_bits(wpa_auth
->conf
.wpa_group
),
2401 dot11RSNAConfigPMKLifetime
,
2402 dot11RSNAConfigPMKReauthThreshold
,
2403 dot11RSNAConfigSATimeout
,
2404 RSN_SUITE_ARG(wpa_auth
->dot11RSNAAuthenticationSuiteSelected
),
2405 RSN_SUITE_ARG(wpa_auth
->dot11RSNAPairwiseCipherSelected
),
2406 RSN_SUITE_ARG(wpa_auth
->dot11RSNAGroupCipherSelected
),
2408 RSN_SUITE_ARG(wpa_auth
->dot11RSNAAuthenticationSuiteRequested
),
2409 RSN_SUITE_ARG(wpa_auth
->dot11RSNAPairwiseCipherRequested
),
2410 RSN_SUITE_ARG(wpa_auth
->dot11RSNAGroupCipherRequested
),
2411 wpa_auth
->dot11RSNATKIPCounterMeasuresInvoked
,
2412 wpa_auth
->dot11RSNA4WayHandshakeFailures
);
2413 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2417 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2418 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2421 ret
= os_snprintf(buf
+ len
, buflen
- len
, "hostapdWPAGroupState=%d\n",
2422 wpa_auth
->group
->wpa_group_state
);
2423 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2431 int wpa_get_mib_sta(struct wpa_state_machine
*sm
, char *buf
, size_t buflen
)
2439 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2441 /* dot11RSNAStatsEntry */
2443 if (sm
->wpa
== WPA_VERSION_WPA
) {
2444 if (sm
->pairwise
== WPA_CIPHER_CCMP
)
2445 pairwise
= WPA_CIPHER_SUITE_CCMP
;
2446 else if (sm
->pairwise
== WPA_CIPHER_TKIP
)
2447 pairwise
= WPA_CIPHER_SUITE_TKIP
;
2448 else if (sm
->pairwise
== WPA_CIPHER_WEP104
)
2449 pairwise
= WPA_CIPHER_SUITE_WEP104
;
2450 else if (sm
->pairwise
== WPA_CIPHER_WEP40
)
2451 pairwise
= WPA_CIPHER_SUITE_WEP40
;
2452 else if (sm
->pairwise
== WPA_CIPHER_NONE
)
2453 pairwise
= WPA_CIPHER_SUITE_NONE
;
2454 } else if (sm
->wpa
== WPA_VERSION_WPA2
) {
2455 if (sm
->pairwise
== WPA_CIPHER_CCMP
)
2456 pairwise
= RSN_CIPHER_SUITE_CCMP
;
2457 else if (sm
->pairwise
== WPA_CIPHER_TKIP
)
2458 pairwise
= RSN_CIPHER_SUITE_TKIP
;
2459 else if (sm
->pairwise
== WPA_CIPHER_WEP104
)
2460 pairwise
= RSN_CIPHER_SUITE_WEP104
;
2461 else if (sm
->pairwise
== WPA_CIPHER_WEP40
)
2462 pairwise
= RSN_CIPHER_SUITE_WEP40
;
2463 else if (sm
->pairwise
== WPA_CIPHER_NONE
)
2464 pairwise
= RSN_CIPHER_SUITE_NONE
;
2469 buf
+ len
, buflen
- len
,
2470 /* TODO: dot11RSNAStatsIndex */
2471 "dot11RSNAStatsSTAAddress=" MACSTR
"\n"
2472 "dot11RSNAStatsVersion=1\n"
2473 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE
"\n"
2474 /* TODO: dot11RSNAStatsTKIPICVErrors */
2475 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2476 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2477 /* TODO: dot11RSNAStatsCCMPReplays */
2478 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2479 /* TODO: dot11RSNAStatsTKIPReplays */,
2481 RSN_SUITE_ARG(pairwise
),
2482 sm
->dot11RSNAStatsTKIPLocalMICFailures
,
2483 sm
->dot11RSNAStatsTKIPRemoteMICFailures
);
2484 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2489 ret
= os_snprintf(buf
+ len
, buflen
- len
,
2490 "hostapdWPAPTKState=%d\n"
2491 "hostapdWPAPTKGroupState=%d\n",
2493 sm
->wpa_ptk_group_state
);
2494 if (ret
< 0 || (size_t) ret
>= buflen
- len
)
2502 void wpa_auth_countermeasures_start(struct wpa_authenticator
*wpa_auth
)
2505 wpa_auth
->dot11RSNATKIPCounterMeasuresInvoked
++;
2509 int wpa_auth_pairwise_set(struct wpa_state_machine
*sm
)
2511 return sm
&& sm
->pairwise_set
;
2515 int wpa_auth_get_pairwise(struct wpa_state_machine
*sm
)
2517 return sm
->pairwise
;
2521 int wpa_auth_sta_key_mgmt(struct wpa_state_machine
*sm
)
2525 return sm
->wpa_key_mgmt
;
2529 int wpa_auth_sta_wpa_version(struct wpa_state_machine
*sm
)
2537 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine
*sm
,
2538 struct rsn_pmksa_cache_entry
*entry
)
2540 if (sm
== NULL
|| sm
->pmksa
!= entry
)
2547 struct rsn_pmksa_cache_entry
*
2548 wpa_auth_sta_get_pmksa(struct wpa_state_machine
*sm
)
2550 return sm
? sm
->pmksa
: NULL
;
2554 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine
*sm
)
2557 sm
->dot11RSNAStatsTKIPLocalMICFailures
++;
2561 const u8
* wpa_auth_get_wpa_ie(struct wpa_authenticator
*wpa_auth
, size_t *len
)
2563 if (wpa_auth
== NULL
)
2565 *len
= wpa_auth
->wpa_ie_len
;
2566 return wpa_auth
->wpa_ie
;
2570 int wpa_auth_pmksa_add(struct wpa_state_machine
*sm
, const u8
*pmk
,
2571 int session_timeout
, struct eapol_state_machine
*eapol
)
2573 if (sm
== NULL
|| sm
->wpa
!= WPA_VERSION_WPA2
)
2576 if (pmksa_cache_auth_add(sm
->wpa_auth
->pmksa
, pmk
, PMK_LEN
,
2577 sm
->wpa_auth
->addr
, sm
->addr
, session_timeout
,
2578 eapol
, sm
->wpa_key_mgmt
))
2585 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator
*wpa_auth
,
2586 const u8
*pmk
, size_t len
, const u8
*sta_addr
,
2587 int session_timeout
,
2588 struct eapol_state_machine
*eapol
)
2590 if (wpa_auth
== NULL
)
2593 if (pmksa_cache_auth_add(wpa_auth
->pmksa
, pmk
, len
, wpa_auth
->addr
,
2594 sta_addr
, session_timeout
, eapol
,
2595 WPA_KEY_MGMT_IEEE8021X
))
2602 static struct wpa_group
*
2603 wpa_auth_add_group(struct wpa_authenticator
*wpa_auth
, int vlan_id
)
2605 struct wpa_group
*group
;
2607 if (wpa_auth
== NULL
|| wpa_auth
->group
== NULL
)
2610 wpa_printf(MSG_DEBUG
, "WPA: Add group state machine for VLAN-ID %d",
2612 group
= wpa_group_init(wpa_auth
, vlan_id
);
2616 group
->next
= wpa_auth
->group
->next
;
2617 wpa_auth
->group
->next
= group
;
2623 int wpa_auth_sta_set_vlan(struct wpa_state_machine
*sm
, int vlan_id
)
2625 struct wpa_group
*group
;
2627 if (sm
== NULL
|| sm
->wpa_auth
== NULL
)
2630 group
= sm
->wpa_auth
->group
;
2632 if (group
->vlan_id
== vlan_id
)
2634 group
= group
->next
;
2637 if (group
== NULL
) {
2638 group
= wpa_auth_add_group(sm
->wpa_auth
, vlan_id
);
2643 if (sm
->group
== group
)
2646 wpa_printf(MSG_DEBUG
, "WPA: Moving STA " MACSTR
" to use group state "
2647 "machine for VLAN ID %d", MAC2STR(sm
->addr
), vlan_id
);