search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libm: Import fdim{,f,l} functions from FreeBSD.
[dragonfly.git] / contrib / hostapd-0.5.8 / wpa.c
blob1f66a3e5644acf5790d182d1ca9b63e1f7331e39
1 /*
2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #ifndef CONFIG_NATIVE_WINDOWS
18
19 #include "hostapd.h"
20 #include "eapol_sm.h"
21 #include "wpa.h"
22 #include "wme.h"
23 #include "sha1.h"
24 #include "md5.h"
25 #include "rc4.h"
26 #include "aes_wrap.h"
27 #include "crypto.h"
28 #include "eloop.h"
29 #include "ieee802_11.h"
30 #include "pmksa_cache.h"
31 #include "state_machine.h"
32
33 #define STATE_MACHINE_DATA struct wpa_state_machine
34 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
35 #define STATE_MACHINE_ADDR sm->addr
36
37
38 #define RSN_NUM_REPLAY_COUNTERS_1 0
39 #define RSN_NUM_REPLAY_COUNTERS_2 1
40 #define RSN_NUM_REPLAY_COUNTERS_4 2
41 #define RSN_NUM_REPLAY_COUNTERS_16 3
42
43
44 struct wpa_group;
45
46 struct wpa_stsl_negotiation {
47 struct wpa_stsl_negotiation *next;
48 u8 initiator[ETH_ALEN];
49 u8 peer[ETH_ALEN];
50 };
51
52
53 struct wpa_state_machine {
54 struct wpa_authenticator *wpa_auth;
55 struct wpa_group *group;
56
57 u8 addr[ETH_ALEN];
58
59 enum {
60 WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
61 WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
62 WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
63 WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
64 WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
65 } wpa_ptk_state;
66
67 enum {
68 WPA_PTK_GROUP_IDLE = 0,
69 WPA_PTK_GROUP_REKEYNEGOTIATING,
70 WPA_PTK_GROUP_REKEYESTABLISHED,
71 WPA_PTK_GROUP_KEYERROR
72 } wpa_ptk_group_state;
73
74 Boolean Init;
75 Boolean DeauthenticationRequest;
76 Boolean AuthenticationRequest;
77 Boolean ReAuthenticationRequest;
78 Boolean Disconnect;
79 int TimeoutCtr;
80 int GTimeoutCtr;
81 Boolean TimeoutEvt;
82 Boolean EAPOLKeyReceived;
83 Boolean EAPOLKeyPairwise;
84 Boolean EAPOLKeyRequest;
85 Boolean MICVerified;
86 Boolean GUpdateStationKeys;
87 u8 ANonce[WPA_NONCE_LEN];
88 u8 SNonce[WPA_NONCE_LEN];
89 u8 PMK[WPA_PMK_LEN];
90 struct wpa_ptk PTK;
91 Boolean PTK_valid;
92 Boolean pairwise_set;
93 int keycount;
94 Boolean Pair;
95 u8 key_replay_counter[WPA_REPLAY_COUNTER_LEN];
96 Boolean key_replay_counter_valid;
97 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
98 Boolean PTKRequest; /* not in IEEE 802.11i state machine */
99 Boolean has_GTK;
100
101 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
102 size_t last_rx_eapol_key_len;
103
104 unsigned int changed:1;
105 unsigned int in_step_loop:1;
106 unsigned int pending_deinit:1;
107 unsigned int started:1;
108 unsigned int sta_counted:1;
109 unsigned int mgmt_frame_prot:1;
110
111 u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
112 int req_replay_counter_used;
113
114 u8 *wpa_ie;
115 size_t wpa_ie_len;
116
117 enum {
118 WPA_VERSION_NO_WPA = 0 /* WPA not used */,
119 WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
120 WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
121 } wpa;
122 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
123 int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
124 struct rsn_pmksa_cache_entry *pmksa;
125
126 u32 dot11RSNAStatsTKIPLocalMICFailures;
127 u32 dot11RSNAStatsTKIPRemoteMICFailures;
128 };
129
130
131 /* per group key state machine data */
132 struct wpa_group {
133 struct wpa_group *next;
134 int vlan_id;
135
136 Boolean GInit;
137 int GNoStations;
138 int GKeyDoneStations;
139 Boolean GTKReKey;
140 int GTK_len;
141 int GN, GM;
142 Boolean GTKAuthenticator;
143 u8 Counter[WPA_NONCE_LEN];
144
145 enum {
146 WPA_GROUP_GTK_INIT = 0,
147 WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
148 } wpa_group_state;
149
150 u8 GMK[WPA_GMK_LEN];
151 u8 GTK[2][WPA_GTK_MAX_LEN];
152 u8 GNonce[WPA_NONCE_LEN];
153 Boolean changed;
154 #ifdef CONFIG_IEEE80211W
155 u8 DGTK[WPA_DGTK_LEN];
156 u8 IGTK[2][WPA_IGTK_LEN];
157 #endif /* CONFIG_IEEE80211W */
158 };
159
160
161 /* per authenticator data */
162 struct wpa_authenticator {
163 struct wpa_group *group;
164
165 unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
166 u8 dot11RSNAAuthenticationSuiteSelected[4];
167 u8 dot11RSNAPairwiseCipherSelected[4];
168 u8 dot11RSNAGroupCipherSelected[4];
169 u8 dot11RSNAPMKIDUsed[PMKID_LEN];
170 u8 dot11RSNAAuthenticationSuiteRequested[4]; /* FIX: update */
171 u8 dot11RSNAPairwiseCipherRequested[4]; /* FIX: update */
172 u8 dot11RSNAGroupCipherRequested[4]; /* FIX: update */
173 unsigned int dot11RSNATKIPCounterMeasuresInvoked;
174 unsigned int dot11RSNA4WayHandshakeFailures;
175
176 struct wpa_stsl_negotiation *stsl_negotiations;
177
178 struct wpa_auth_config conf;
179 struct wpa_auth_callbacks cb;
180
181 u8 *wpa_ie;
182 size_t wpa_ie_len;
183
184 u8 addr[ETH_ALEN];
185
186 struct rsn_pmksa_cache *pmksa;
187 };
188
189
190 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
191 static void wpa_sm_step(struct wpa_state_machine *sm);
192 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
193 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
194 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
195 struct wpa_group *group);
196 static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
197 struct wpa_stsl_negotiation *neg);
198 static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
199 struct wpa_state_machine *sm, int key_info,
200 const u8 *key_rsc, const u8 *nonce,
201 const u8 *kde, size_t kde_len,
202 int keyidx, int encr, int force_version);
203
204 /* Default timeouts are 100 ms, but this seems to be a bit too fast for most
205 * WPA Supplicants, so use a bit longer timeout. */
206 static const u32 dot11RSNAConfigGroupUpdateTimeOut = 1000; /* ms */
207 static const u32 dot11RSNAConfigGroupUpdateCount = 3;
208 static const u32 dot11RSNAConfigPairwiseUpdateTimeOut = 1000; /* ms */
209 static const u32 dot11RSNAConfigPairwiseUpdateCount = 3;
210
211 /* TODO: make these configurable */
212 static const int dot11RSNAConfigPMKLifetime = 43200;
213 static const int dot11RSNAConfigPMKReauthThreshold = 70;
214 static const int dot11RSNAConfigSATimeout = 60;
215
216
217 static const int WPA_SELECTOR_LEN = 4;
218 static const u8 WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 };
219 static const u16 WPA_VERSION = 1;
220 static const u8 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 };
221 static const u8 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 };
222 static const u8 WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 };
223 static const u8 WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 };
224 static const u8 WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 };
225 static const u8 WPA_CIPHER_SUITE_WRAP[] = { 0x00, 0x50, 0xf2, 3 };
226 static const u8 WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 };
227 static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 };
228 #ifdef CONFIG_IEEE80211W
229 static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
230 #endif /* CONFIG_IEEE80211W */
231
232 static const int RSN_SELECTOR_LEN = 4;
233 static const u16 RSN_VERSION = 1;
234 static const u8 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 };
235 static const u8 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 };
236 static const u8 RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 };
237 static const u8 RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 };
238 static const u8 RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 };
239 static const u8 RSN_CIPHER_SUITE_WRAP[] = { 0x00, 0x0f, 0xac, 3 };
240 static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
241 static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
242
243 /* EAPOL-Key Key Data Encapsulation
244 * GroupKey and PeerKey require encryption, otherwise, encryption is optional.
245 */
246 static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
247 #if 0
248 static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
249 #endif
250 static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
251 static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
252 #ifdef CONFIG_PEERKEY
253 static const u8 RSN_KEY_DATA_SMK[] = { 0x00, 0x0f, 0xac, 5 };
254 static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
255 static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
256 static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
257 #endif /* CONFIG_PEERKEY */
258 #ifdef CONFIG_IEEE80211W
259 /* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
260 * already taken by 802.11ma (PeerKey). Need to update the values here once
261 * IEEE 802.11w fixes these. */
262 static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
263 static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
264 #endif /* CONFIG_IEEE80211W */
265
266 #ifdef CONFIG_PEERKEY
267 enum {
268 STK_MUI_4WAY_STA_AP = 1,
269 STK_MUI_4WAY_STAT_STA = 2,
270 STK_MUI_GTK = 3,
271 STK_MUI_SMK = 4
272 };
273
274 enum {
275 STK_ERR_STA_NR = 1,
276 STK_ERR_STA_NRSN = 2,
277 STK_ERR_CPHR_NS = 3,
278 STK_ERR_NO_STSL = 4
279 };
280 #endif /* CONFIG_PEERKEY */
281
282 #define GENERIC_INFO_ELEM 0xdd
283 #define RSN_INFO_ELEM 0x30
284
285 #ifdef _MSC_VER
286 #pragma pack(push, 1)
287 #endif /* _MSC_VER */
288
289 /* WPA IE version 1
290 * 00-50-f2:1 (OUI:OUI type)
291 * 0x01 0x00 (version; little endian)
292 * (all following fields are optional:)
293 * Group Suite Selector (4 octets) (default: TKIP)
294 * Pairwise Suite Count (2 octets, little endian) (default: 1)
295 * Pairwise Suite List (4 * n octets) (default: TKIP)
296 * Authenticated Key Management Suite Count (2 octets, little endian)
297 * (default: 1)
298 * Authenticated Key Management Suite List (4 * n octets)
299 * (default: unspec 802.1X)
300 * WPA Capabilities (2 octets, little endian) (default: 0)
301 */
302
303 struct wpa_ie_hdr {
304 u8 elem_id;
305 u8 len;
306 u8 oui[3];
307 u8 oui_type;
308 u16 version;
309 } STRUCT_PACKED;
310
311
312 /* RSN IE version 1
313 * 0x01 0x00 (version; little endian)
314 * (all following fields are optional:)
315 * Group Suite Selector (4 octets) (default: CCMP)
316 * Pairwise Suite Count (2 octets, little endian) (default: 1)
317 * Pairwise Suite List (4 * n octets) (default: CCMP)
318 * Authenticated Key Management Suite Count (2 octets, little endian)
319 * (default: 1)
320 * Authenticated Key Management Suite List (4 * n octets)
321 * (default: unspec 802.1X)
322 * RSN Capabilities (2 octets, little endian) (default: 0)
323 * PMKID Count (2 octets) (default: 0)
324 * PMKID List (16 * n octets)
325 * Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
326 */
327
328 struct rsn_ie_hdr {
329 u8 elem_id; /* WLAN_EID_RSN */
330 u8 len;
331 u16 version;
332 } STRUCT_PACKED;
333
334
335 struct rsn_error_kde {
336 u16 mui;
337 u16 error_type;
338 } STRUCT_PACKED;
339
340
341 #ifdef CONFIG_IEEE80211W
342 struct wpa_dhv_kde {
343 u8 dhv[WPA_DHV_LEN];
344 } STRUCT_PACKED;
345
346 struct wpa_igtk_kde {
347 u8 keyid[2];
348 u8 pn[6];
349 u8 igtk[WPA_IGTK_LEN];
350 } STRUCT_PACKED;
351 #endif /* CONFIG_IEEE80211W */
352
353 #ifdef _MSC_VER
354 #pragma pack(pop)
355 #endif /* _MSC_VER */
356
357
358 static inline void wpa_auth_mic_failure_report(
359 struct wpa_authenticator *wpa_auth, const u8 *addr)
360 {
361 if (wpa_auth->cb.mic_failure_report)
362 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
363 }
364
365
366 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
367 const u8 *addr, wpa_eapol_variable var,
368 int value)
369 {
370 if (wpa_auth->cb.set_eapol)
371 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
372 }
373
374
375 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
376 const u8 *addr, wpa_eapol_variable var)
377 {
378 if (wpa_auth->cb.get_eapol == NULL)
379 return -1;
380 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
381 }
382
383
384 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
385 const u8 *addr, const u8 *prev_psk)
386 {
387 if (wpa_auth->cb.get_psk == NULL)
388 return NULL;
389 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
390 }
391
392
393 static inline int wpa_auth_get_pmk(struct wpa_authenticator *wpa_auth,
394 const u8 *addr, u8 *pmk, size_t *len)
395 {
396 if (wpa_auth->cb.get_pmk == NULL)
397 return -1;
398 return wpa_auth->cb.get_pmk(wpa_auth->cb.ctx, addr, pmk, len);
399 }
400
401
402 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
403 int vlan_id,
404 const char *alg, const u8 *addr, int idx,
405 u8 *key, size_t key_len)
406 {
407 if (wpa_auth->cb.set_key == NULL)
408 return -1;
409 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
410 key, key_len);
411 }
412
413
414 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
415 const u8 *addr, int idx, u8 *seq)
416 {
417 if (wpa_auth->cb.get_seqnum == NULL)
418 return -1;
419 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
420 }
421
422
423 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
424 const u8 *addr, int idx, u8 *seq)
425 {
426 if (wpa_auth->cb.get_seqnum_igtk == NULL)
427 return -1;
428 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
429 }
430
431
432 static inline int
433 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
434 const u8 *data, size_t data_len, int encrypt)
435 {
436 if (wpa_auth->cb.send_eapol == NULL)
437 return -1;
438 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
439 encrypt);
440 }
441
442
443 static inline int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
444 int (*cb)(struct wpa_state_machine *sm,
445 void *ctx),
446 void *cb_ctx)
447 {
448 if (wpa_auth->cb.for_each_sta == NULL)
449 return 0;
450 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
451 }
452
453
454 static void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
455 logger_level level, const char *txt)
456 {
457 if (wpa_auth->cb.logger == NULL)
458 return;
459 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
460 }
461
462
463 static void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth,
464 const u8 *addr, logger_level level,
465 const char *fmt, ...)
466 {
467 char *format;
468 int maxlen;
469 va_list ap;
470
471 if (wpa_auth->cb.logger == NULL)
472 return;
473
474 maxlen = strlen(fmt) + 100;
475 format = malloc(maxlen);
476 if (!format)
477 return;
478
479 va_start(ap, fmt);
480 vsnprintf(format, maxlen, fmt, ap);
481 va_end(ap);
482
483 wpa_auth_logger(wpa_auth, addr, level, format);
484
485 free(format);
486 }
487
488
489 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
490 {
491 struct wpa_ie_hdr *hdr;
492 int num_suites;
493 u8 *pos, *count;
494
495 hdr = (struct wpa_ie_hdr *) buf;
496 hdr->elem_id = WLAN_EID_GENERIC;
497 memcpy(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
498 hdr->version = host_to_le16(WPA_VERSION);
499 pos = (u8 *) (hdr + 1);
500
501 if (conf->wpa_group == WPA_CIPHER_CCMP) {
502 memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
503 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
504 memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
505 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
506 memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
507 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
508 memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
509 } else {
510 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
511 conf->wpa_group);
512 return -1;
513 }
514 pos += WPA_SELECTOR_LEN;
515
516 num_suites = 0;
517 count = pos;
518 pos += 2;
519
520 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
521 memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
522 pos += WPA_SELECTOR_LEN;
523 num_suites++;
524 }
525 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
526 memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
527 pos += WPA_SELECTOR_LEN;
528 num_suites++;
529 }
530 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
531 memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
532 pos += WPA_SELECTOR_LEN;
533 num_suites++;
534 }
535
536 if (num_suites == 0) {
537 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
538 conf->wpa_pairwise);
539 return -1;
540 }
541 *count++ = num_suites & 0xff;
542 *count = (num_suites >> 8) & 0xff;
543
544 num_suites = 0;
545 count = pos;
546 pos += 2;
547
548 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
549 memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN);
550 pos += WPA_SELECTOR_LEN;
551 num_suites++;
552 }
553 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
554 memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
555 WPA_SELECTOR_LEN);
556 pos += WPA_SELECTOR_LEN;
557 num_suites++;
558 }
559
560 if (num_suites == 0) {
561 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
562 conf->wpa_key_mgmt);
563 return -1;
564 }
565 *count++ = num_suites & 0xff;
566 *count = (num_suites >> 8) & 0xff;
567
568 /* WPA Capabilities; use defaults, so no need to include it */
569
570 hdr->len = (pos - buf) - 2;
571
572 return pos - buf;
573 }
574
575
576 static int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
577 {
578 struct rsn_ie_hdr *hdr;
579 int num_suites;
580 u8 *pos, *count;
581 u16 capab;
582
583 hdr = (struct rsn_ie_hdr *) buf;
584 hdr->elem_id = WLAN_EID_RSN;
585 pos = (u8 *) &hdr->version;
586 *pos++ = RSN_VERSION & 0xff;
587 *pos++ = RSN_VERSION >> 8;
588 pos = (u8 *) (hdr + 1);
589
590 if (conf->wpa_group == WPA_CIPHER_CCMP) {
591 memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
592 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
593 memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
594 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
595 memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
596 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
597 memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
598 } else {
599 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
600 conf->wpa_group);
601 return -1;
602 }
603 pos += RSN_SELECTOR_LEN;
604
605 num_suites = 0;
606 count = pos;
607 pos += 2;
608
609 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
610 memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
611 pos += RSN_SELECTOR_LEN;
612 num_suites++;
613 }
614 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
615 memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
616 pos += RSN_SELECTOR_LEN;
617 num_suites++;
618 }
619 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
620 memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
621 pos += RSN_SELECTOR_LEN;
622 num_suites++;
623 }
624
625 if (num_suites == 0) {
626 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
627 conf->wpa_pairwise);
628 return -1;
629 }
630 *count++ = num_suites & 0xff;
631 *count = (num_suites >> 8) & 0xff;
632
633 num_suites = 0;
634 count = pos;
635 pos += 2;
636
637 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
638 memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN);
639 pos += RSN_SELECTOR_LEN;
640 num_suites++;
641 }
642 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
643 memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
644 RSN_SELECTOR_LEN);
645 pos += RSN_SELECTOR_LEN;
646 num_suites++;
647 }
648
649 if (num_suites == 0) {
650 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
651 conf->wpa_key_mgmt);
652 return -1;
653 }
654 *count++ = num_suites & 0xff;
655 *count = (num_suites >> 8) & 0xff;
656
657 /* RSN Capabilities */
658 capab = 0;
659 if (conf->rsn_preauth)
660 capab |= WPA_CAPABILITY_PREAUTH;
661 if (conf->peerkey)
662 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
663 if (conf->wme_enabled) {
664 /* 4 PTKSA replay counters when using WME */
665 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
666 }
667 #ifdef CONFIG_IEEE80211W
668 if (conf->ieee80211w != WPA_NO_IEEE80211W)
669 capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
670 #endif /* CONFIG_IEEE80211W */
671 *pos++ = capab & 0xff;
672 *pos++ = capab >> 8;
673
674 #ifdef CONFIG_IEEE80211W
675 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
676 if (pos + 2 + 4 > buf + len)
677 return -1;
678 /* PMKID Count */
679 WPA_PUT_LE16(pos, 0);
680 pos += 2;
681
682 /* Management Group Cipher Suite */
683 memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN);
684 pos += RSN_SELECTOR_LEN;
685 }
686 #endif /* CONFIG_IEEE80211W */
687
688 hdr->len = (pos - buf) - 2;
689
690 return pos - buf;
691 }
692
693
694 static int wpa_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
695 {
696 u8 *pos, buf[100];
697 int res;
698
699 pos = buf;
700
701 if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) {
702 res = wpa_write_rsn_ie(&wpa_auth->conf,
703 pos, buf + sizeof(buf) - pos);
704 if (res < 0)
705 return res;
706 pos += res;
707 }
708 if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA) {
709 res = wpa_write_wpa_ie(&wpa_auth->conf,
710 pos, buf + sizeof(buf) - pos);
711 if (res < 0)
712 return res;
713 pos += res;
714 }
715
716 free(wpa_auth->wpa_ie);
717 wpa_auth->wpa_ie = malloc(pos - buf);
718 if (wpa_auth->wpa_ie == NULL)
719 return -1;
720 memcpy(wpa_auth->wpa_ie, buf, pos - buf);
721 wpa_auth->wpa_ie_len = pos - buf;
722
723 return 0;
724 }
725
726
727 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
728 const u8 *addr)
729 {
730 if (wpa_auth->cb.disconnect == NULL)
731 return;
732 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
733 WLAN_REASON_PREV_AUTH_NOT_VALID);
734 }
735
736
737 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
738 {
739 struct wpa_authenticator *wpa_auth = eloop_ctx;
740
741 if (hostapd_get_rand(wpa_auth->group->GMK, WPA_GMK_LEN)) {
742 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
743 "initialization.");
744 } else {
745 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
746 }
747
748 if (wpa_auth->conf.wpa_gmk_rekey) {
749 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
750 wpa_rekey_gmk, wpa_auth, NULL);
751 }
752 }
753
754
755 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
756 {
757 struct wpa_authenticator *wpa_auth = eloop_ctx;
758 struct wpa_group *group;
759
760 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
761 for (group = wpa_auth->group; group; group = group->next) {
762 group->GTKReKey = TRUE;
763 do {
764 group->changed = FALSE;
765 wpa_group_sm_step(wpa_auth, group);
766 } while (group->changed);
767 }
768
769 if (wpa_auth->conf.wpa_group_rekey) {
770 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
771 0, wpa_rekey_gtk, wpa_auth, NULL);
772 }
773 }
774
775
776 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
777 {
778 if (sm->pmksa == ctx)
779 sm->pmksa = NULL;
780 return 0;
781 }
782
783
784 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
785 void *ctx)
786 {
787 struct wpa_authenticator *wpa_auth = ctx;
788 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
789 }
790
791
792 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
793 int vlan_id)
794 {
795 struct wpa_group *group;
796 u8 buf[ETH_ALEN + 8 + sizeof(group)];
797 u8 rkey[32];
798
799 group = wpa_zalloc(sizeof(struct wpa_group));
800 if (group == NULL)
801 return NULL;
802
803 group->GTKAuthenticator = TRUE;
804 group->vlan_id = vlan_id;
805
806 switch (wpa_auth->conf.wpa_group) {
807 case WPA_CIPHER_CCMP:
808 group->GTK_len = 16;
809 break;
810 case WPA_CIPHER_TKIP:
811 group->GTK_len = 32;
812 break;
813 case WPA_CIPHER_WEP104:
814 group->GTK_len = 13;
815 break;
816 case WPA_CIPHER_WEP40:
817 group->GTK_len = 5;
818 break;
819 }
820
821 /* Counter = PRF-256(Random number, "Init Counter",
822 * Local MAC Address || Time)
823 */
824 memcpy(buf, wpa_auth->addr, ETH_ALEN);
825 wpa_get_ntp_timestamp(buf + ETH_ALEN);
826 memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
827 if (hostapd_get_rand(rkey, sizeof(rkey)) ||
828 hostapd_get_rand(group->GMK, WPA_GMK_LEN)) {
829 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
830 "initialization.");
831 free(group);
832 return NULL;
833 }
834
835 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
836 group->Counter, WPA_NONCE_LEN);
837
838 group->GInit = TRUE;
839 wpa_group_sm_step(wpa_auth, group);
840 group->GInit = FALSE;
841 wpa_group_sm_step(wpa_auth, group);
842
843 return group;
844 }
845
846
847 /**
848 * wpa_init - Initialize WPA authenticator
849 * @addr: Authenticator address
850 * @conf: Configuration for WPA authenticator
851 * Returns: Pointer to WPA authenticator data or %NULL on failure
852 */
853 struct wpa_authenticator * wpa_init(const u8 *addr,
854 struct wpa_auth_config *conf,
855 struct wpa_auth_callbacks *cb)
856 {
857 struct wpa_authenticator *wpa_auth;
858
859 wpa_auth = wpa_zalloc(sizeof(struct wpa_authenticator));
860 if (wpa_auth == NULL)
861 return NULL;
862 memcpy(wpa_auth->addr, addr, ETH_ALEN);
863 memcpy(&wpa_auth->conf, conf, sizeof(*conf));
864 memcpy(&wpa_auth->cb, cb, sizeof(*cb));
865
866 if (wpa_gen_wpa_ie(wpa_auth)) {
867 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
868 free(wpa_auth);
869 return NULL;
870 }
871
872 wpa_auth->group = wpa_group_init(wpa_auth, 0);
873 if (wpa_auth->group == NULL) {
874 free(wpa_auth->wpa_ie);
875 free(wpa_auth);
876 return NULL;
877 }
878
879 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
880 if (wpa_auth->pmksa == NULL) {
881 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
882 free(wpa_auth->wpa_ie);
883 free(wpa_auth);
884 return NULL;
885 }
886
887 if (wpa_auth->conf.wpa_gmk_rekey) {
888 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
889 wpa_rekey_gmk, wpa_auth, NULL);
890 }
891
892 if (wpa_auth->conf.wpa_group_rekey) {
893 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
894 wpa_rekey_gtk, wpa_auth, NULL);
895 }
896
897 return wpa_auth;
898 }
899
900
901 /**
902 * wpa_deinit - Deinitialize WPA authenticator
903 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
904 */
905 void wpa_deinit(struct wpa_authenticator *wpa_auth)
906 {
907 struct wpa_group *group, *prev;
908
909 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
910 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
911
912 while (wpa_auth->stsl_negotiations)
913 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
914
915 pmksa_cache_deinit(wpa_auth->pmksa);
916
917 free(wpa_auth->wpa_ie);
918
919 group = wpa_auth->group;
920 while (group) {
921 prev = group;
922 group = group->next;
923 free(prev);
924 }
925
926 free(wpa_auth);
927 }
928
929
930 /**
931 * wpa_reconfig - Update WPA authenticator configuration
932 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
933 * @conf: Configuration for WPA authenticator
934 */
935 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
936 struct wpa_auth_config *conf)
937 {
938 if (wpa_auth == NULL)
939 return 0;
940
941 memcpy(&wpa_auth->conf, conf, sizeof(*conf));
942 /*
943 * TODO:
944 * Disassociate stations if configuration changed
945 * Update WPA/RSN IE
946 */
947 return 0;
948 }
949
950
951 static int wpa_selector_to_bitfield(u8 *s)
952 {
953 if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
954 return WPA_CIPHER_NONE;
955 if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
956 return WPA_CIPHER_WEP40;
957 if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
958 return WPA_CIPHER_TKIP;
959 if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
960 return WPA_CIPHER_CCMP;
961 if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
962 return WPA_CIPHER_WEP104;
963 return 0;
964 }
965
966
967 static int wpa_key_mgmt_to_bitfield(u8 *s)
968 {
969 if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0)
970 return WPA_KEY_MGMT_IEEE8021X;
971 if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) ==
972 0)
973 return WPA_KEY_MGMT_PSK;
974 return 0;
975 }
976
977
978 static int rsn_selector_to_bitfield(u8 *s)
979 {
980 if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
981 return WPA_CIPHER_NONE;
982 if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
983 return WPA_CIPHER_WEP40;
984 if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
985 return WPA_CIPHER_TKIP;
986 if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
987 return WPA_CIPHER_CCMP;
988 if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
989 return WPA_CIPHER_WEP104;
990 #ifdef CONFIG_IEEE80211W
991 if (memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
992 return WPA_CIPHER_AES_128_CMAC;
993 #endif /* CONFIG_IEEE80211W */
994 return 0;
995 }
996
997
998 static int rsn_key_mgmt_to_bitfield(u8 *s)
999 {
1000 if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0)
1001 return WPA_KEY_MGMT_IEEE8021X;
1002 if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) ==
1003 0)
1004 return WPA_KEY_MGMT_PSK;
1005 return 0;
1006 }
1007
1008
1009 static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
1010 size_t data_len, const u8 *data2, size_t data2_len)
1011 {
1012 *pos++ = GENERIC_INFO_ELEM;
1013 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
1014 memcpy(pos, kde, RSN_SELECTOR_LEN);
1015 pos += RSN_SELECTOR_LEN;
1016 memcpy(pos, data, data_len);
1017 pos += data_len;
1018 if (data2) {
1019 memcpy(pos, data2, data2_len);
1020 pos += data2_len;
1021 }
1022 return pos;
1023 }
1024
1025
1026 struct wpa_ie_data {
1027 int pairwise_cipher;
1028 int group_cipher;
1029 int key_mgmt;
1030 int capabilities;
1031 size_t num_pmkid;
1032 u8 *pmkid;
1033 int mgmt_group_cipher;
1034 };
1035
1036
1037 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
1038 struct wpa_ie_data *data)
1039 {
1040 struct wpa_ie_hdr *hdr;
1041 u8 *pos;
1042 int left;
1043 int i, count;
1044
1045 memset(data, 0, sizeof(*data));
1046 data->pairwise_cipher = WPA_CIPHER_TKIP;
1047 data->group_cipher = WPA_CIPHER_TKIP;
1048 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1049 data->mgmt_group_cipher = 0;
1050
1051 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
1052 return -1;
1053
1054 hdr = (struct wpa_ie_hdr *) wpa_ie;
1055
1056 if (hdr->elem_id != WLAN_EID_GENERIC ||
1057 hdr->len != wpa_ie_len - 2 ||
1058 memcmp(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
1059 le_to_host16(hdr->version) != WPA_VERSION) {
1060 return -2;
1061 }
1062
1063 pos = (u8 *) (hdr + 1);
1064 left = wpa_ie_len - sizeof(*hdr);
1065
1066 if (left >= WPA_SELECTOR_LEN) {
1067 data->group_cipher = wpa_selector_to_bitfield(pos);
1068 pos += WPA_SELECTOR_LEN;
1069 left -= WPA_SELECTOR_LEN;
1070 } else if (left > 0)
1071 return -3;
1072
1073 if (left >= 2) {
1074 data->pairwise_cipher = 0;
1075 count = pos[0] | (pos[1] << 8);
1076 pos += 2;
1077 left -= 2;
1078 if (count == 0 || left < count * WPA_SELECTOR_LEN)
1079 return -4;
1080 for (i = 0; i < count; i++) {
1081 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
1082 pos += WPA_SELECTOR_LEN;
1083 left -= WPA_SELECTOR_LEN;
1084 }
1085 } else if (left == 1)
1086 return -5;
1087
1088 if (left >= 2) {
1089 data->key_mgmt = 0;
1090 count = pos[0] | (pos[1] << 8);
1091 pos += 2;
1092 left -= 2;
1093 if (count == 0 || left < count * WPA_SELECTOR_LEN)
1094 return -6;
1095 for (i = 0; i < count; i++) {
1096 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
1097 pos += WPA_SELECTOR_LEN;
1098 left -= WPA_SELECTOR_LEN;
1099 }
1100 } else if (left == 1)
1101 return -7;
1102
1103 if (left >= 2) {
1104 data->capabilities = pos[0] | (pos[1] << 8);
1105 pos += 2;
1106 left -= 2;
1107 }
1108
1109 if (left > 0) {
1110 return -8;
1111 }
1112
1113 return 0;
1114 }
1115
1116
1117 static int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
1118 struct wpa_ie_data *data)
1119 {
1120 struct rsn_ie_hdr *hdr;
1121 u8 *pos;
1122 int left;
1123 int i, count;
1124
1125 memset(data, 0, sizeof(*data));
1126 data->pairwise_cipher = WPA_CIPHER_CCMP;
1127 data->group_cipher = WPA_CIPHER_CCMP;
1128 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1129 #ifdef CONFIG_IEEE80211W
1130 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1131 #else /* CONFIG_IEEE80211W */
1132 data->mgmt_group_cipher = 0;
1133 #endif /* CONFIG_IEEE80211W */
1134
1135 if (rsn_ie_len < sizeof(struct rsn_ie_hdr))
1136 return -1;
1137
1138 hdr = (struct rsn_ie_hdr *) rsn_ie;
1139
1140 if (hdr->elem_id != WLAN_EID_RSN ||
1141 hdr->len != rsn_ie_len - 2 ||
1142 le_to_host16(hdr->version) != RSN_VERSION) {
1143 return -2;
1144 }
1145
1146 pos = (u8 *) (hdr + 1);
1147 left = rsn_ie_len - sizeof(*hdr);
1148
1149 if (left >= RSN_SELECTOR_LEN) {
1150 data->group_cipher = rsn_selector_to_bitfield(pos);
1151 pos += RSN_SELECTOR_LEN;
1152 left -= RSN_SELECTOR_LEN;
1153 } else if (left > 0)
1154 return -3;
1155
1156 if (left >= 2) {
1157 data->pairwise_cipher = 0;
1158 count = pos[0] | (pos[1] << 8);
1159 pos += 2;
1160 left -= 2;
1161 if (count == 0 || left < count * RSN_SELECTOR_LEN)
1162 return -4;
1163 for (i = 0; i < count; i++) {
1164 data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
1165 pos += RSN_SELECTOR_LEN;
1166 left -= RSN_SELECTOR_LEN;
1167 }
1168 } else if (left == 1)
1169 return -5;
1170
1171 if (left >= 2) {
1172 data->key_mgmt = 0;
1173 count = pos[0] | (pos[1] << 8);
1174 pos += 2;
1175 left -= 2;
1176 if (count == 0 || left < count * RSN_SELECTOR_LEN)
1177 return -6;
1178 for (i = 0; i < count; i++) {
1179 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
1180 pos += RSN_SELECTOR_LEN;
1181 left -= RSN_SELECTOR_LEN;
1182 }
1183 } else if (left == 1)
1184 return -7;
1185
1186 if (left >= 2) {
1187 data->capabilities = pos[0] | (pos[1] << 8);
1188 pos += 2;
1189 left -= 2;
1190 }
1191
1192 if (left >= 2) {
1193 data->num_pmkid = pos[0] | (pos[1] << 8);
1194 pos += 2;
1195 left -= 2;
1196 if (left < (int) data->num_pmkid * PMKID_LEN) {
1197 wpa_printf(MSG_DEBUG, "RSN: too short RSN IE for "
1198 "PMKIDs (num=%lu, left=%d)",
1199 (unsigned long) data->num_pmkid, left);
1200 return -9;
1201 }
1202 data->pmkid = pos;
1203 pos += data->num_pmkid * PMKID_LEN;
1204 left -= data->num_pmkid * PMKID_LEN;
1205 }
1206
1207 #ifdef CONFIG_IEEE80211W
1208 if (left >= 4) {
1209 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
1210 if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
1211 wpa_printf(MSG_DEBUG, "RSN: Unsupported management "
1212 "group cipher 0x%x",
1213 data->mgmt_group_cipher);
1214 return -10;
1215 }
1216 pos += RSN_SELECTOR_LEN;
1217 left -= RSN_SELECTOR_LEN;
1218 }
1219 #endif /* CONFIG_IEEE80211W */
1220
1221 if (left > 0) {
1222 return -8;
1223 }
1224
1225 return 0;
1226 }
1227
1228
1229 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
1230 struct wpa_state_machine *sm,
1231 const u8 *wpa_ie, size_t wpa_ie_len)
1232 {
1233 struct wpa_ie_data data;
1234 int ciphers, key_mgmt, res, version;
1235 const u8 *selector;
1236 size_t i;
1237
1238 if (wpa_auth == NULL || sm == NULL)
1239 return WPA_NOT_ENABLED;
1240
1241 if (wpa_ie == NULL || wpa_ie_len < 1)
1242 return WPA_INVALID_IE;
1243
1244 if (wpa_ie[0] == WLAN_EID_RSN)
1245 version = HOSTAPD_WPA_VERSION_WPA2;
1246 else
1247 version = HOSTAPD_WPA_VERSION_WPA;
1248
1249 if (version == HOSTAPD_WPA_VERSION_WPA2) {
1250 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
1251
1252 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
1253 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1254 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
1255 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
1256 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
1257 memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected,
1258 selector, RSN_SELECTOR_LEN);
1259
1260 selector = RSN_CIPHER_SUITE_CCMP;
1261 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
1262 selector = RSN_CIPHER_SUITE_CCMP;
1263 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
1264 selector = RSN_CIPHER_SUITE_TKIP;
1265 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
1266 selector = RSN_CIPHER_SUITE_WEP104;
1267 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
1268 selector = RSN_CIPHER_SUITE_WEP40;
1269 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
1270 selector = RSN_CIPHER_SUITE_NONE;
1271 memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected,
1272 selector, RSN_SELECTOR_LEN);
1273
1274 selector = RSN_CIPHER_SUITE_CCMP;
1275 if (data.group_cipher & WPA_CIPHER_CCMP)
1276 selector = RSN_CIPHER_SUITE_CCMP;
1277 else if (data.group_cipher & WPA_CIPHER_TKIP)
1278 selector = RSN_CIPHER_SUITE_TKIP;
1279 else if (data.group_cipher & WPA_CIPHER_WEP104)
1280 selector = RSN_CIPHER_SUITE_WEP104;
1281 else if (data.group_cipher & WPA_CIPHER_WEP40)
1282 selector = RSN_CIPHER_SUITE_WEP40;
1283 else if (data.group_cipher & WPA_CIPHER_NONE)
1284 selector = RSN_CIPHER_SUITE_NONE;
1285 memcpy(wpa_auth->dot11RSNAGroupCipherSelected,
1286 selector, RSN_SELECTOR_LEN);
1287 } else {
1288 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
1289
1290 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
1291 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1292 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
1293 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
1294 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
1295 memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected,
1296 selector, WPA_SELECTOR_LEN);
1297
1298 selector = WPA_CIPHER_SUITE_TKIP;
1299 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
1300 selector = WPA_CIPHER_SUITE_CCMP;
1301 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
1302 selector = WPA_CIPHER_SUITE_TKIP;
1303 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
1304 selector = WPA_CIPHER_SUITE_WEP104;
1305 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
1306 selector = WPA_CIPHER_SUITE_WEP40;
1307 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
1308 selector = WPA_CIPHER_SUITE_NONE;
1309 memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected,
1310 selector, WPA_SELECTOR_LEN);
1311
1312 selector = WPA_CIPHER_SUITE_TKIP;
1313 if (data.group_cipher & WPA_CIPHER_CCMP)
1314 selector = WPA_CIPHER_SUITE_CCMP;
1315 else if (data.group_cipher & WPA_CIPHER_TKIP)
1316 selector = WPA_CIPHER_SUITE_TKIP;
1317 else if (data.group_cipher & WPA_CIPHER_WEP104)
1318 selector = WPA_CIPHER_SUITE_WEP104;
1319 else if (data.group_cipher & WPA_CIPHER_WEP40)
1320 selector = WPA_CIPHER_SUITE_WEP40;
1321 else if (data.group_cipher & WPA_CIPHER_NONE)
1322 selector = WPA_CIPHER_SUITE_NONE;
1323 memcpy(wpa_auth->dot11RSNAGroupCipherSelected,
1324 selector, WPA_SELECTOR_LEN);
1325 }
1326 if (res) {
1327 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
1328 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
1329 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
1330 return WPA_INVALID_IE;
1331 }
1332
1333 if (data.group_cipher != wpa_auth->conf.wpa_group) {
1334 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
1335 MACSTR, data.group_cipher, MAC2STR(sm->addr));
1336 return WPA_INVALID_GROUP;
1337 }
1338
1339 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
1340 if (!key_mgmt) {
1341 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
1342 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
1343 return WPA_INVALID_AKMP;
1344 }
1345 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1346 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1347 else
1348 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
1349
1350 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
1351 if (!ciphers) {
1352 wpa_printf(MSG_DEBUG, "Invalid WPA pairwise cipher (0x%x) "
1353 "from " MACSTR,
1354 data.pairwise_cipher, MAC2STR(sm->addr));
1355 return WPA_INVALID_PAIRWISE;
1356 }
1357
1358 #ifdef CONFIG_IEEE80211W
1359 if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
1360 if (!(data.capabilities &
1361 WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) {
1362 wpa_printf(MSG_DEBUG, "Management frame protection "
1363 "required, but client did not enable it");
1364 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1365 }
1366
1367 if (ciphers & WPA_CIPHER_TKIP) {
1368 wpa_printf(MSG_DEBUG, "Management frame protection "
1369 "cannot use TKIP");
1370 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1371 }
1372
1373 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
1374 wpa_printf(MSG_DEBUG, "Unsupported management group "
1375 "cipher %d", data.mgmt_group_cipher);
1376 return WPA_INVALID_MGMT_GROUP_CIPHER;
1377 }
1378 }
1379
1380 if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
1381 !(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1382 sm->mgmt_frame_prot = 0;
1383 else
1384 sm->mgmt_frame_prot = 1;
1385 #endif /* CONFIG_IEEE80211W */
1386
1387 if (ciphers & WPA_CIPHER_CCMP)
1388 sm->pairwise = WPA_CIPHER_CCMP;
1389 else
1390 sm->pairwise = WPA_CIPHER_TKIP;
1391
1392 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
1393 if (wpa_ie[0] == WLAN_EID_RSN)
1394 sm->wpa = WPA_VERSION_WPA2;
1395 else
1396 sm->wpa = WPA_VERSION_WPA;
1397
1398 for (i = 0; i < data.num_pmkid; i++) {
1399 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
1400 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
1401 sm->pmksa = pmksa_cache_get(wpa_auth->pmksa, sm->addr,
1402 &data.pmkid[i * PMKID_LEN]);
1403 if (sm->pmksa) {
1404 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1405 "PMKID found from PMKSA cache "
1406 "eap_type=%d vlan_id=%d",
1407 sm->pmksa->eap_type_authsrv,
1408 sm->pmksa->vlan_id);
1409 memcpy(wpa_auth->dot11RSNAPMKIDUsed,
1410 sm->pmksa->pmkid, PMKID_LEN);
1411 break;
1412 }
1413 }
1414
1415 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
1416 free(sm->wpa_ie);
1417 sm->wpa_ie = malloc(wpa_ie_len);
1418 if (sm->wpa_ie == NULL)
1419 return WPA_ALLOC_FAIL;
1420 }
1421 memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
1422 sm->wpa_ie_len = wpa_ie_len;
1423
1424 return WPA_IE_OK;
1425 }
1426
1427
1428 struct wpa_eapol_ie_parse {
1429 const u8 *wpa_ie;
1430 size_t wpa_ie_len;
1431 const u8 *rsn_ie;
1432 size_t rsn_ie_len;
1433 const u8 *pmkid;
1434 const u8 *gtk;
1435 size_t gtk_len;
1436 const u8 *mac_addr;
1437 size_t mac_addr_len;
1438 #ifdef CONFIG_PEERKEY
1439 const u8 *smk;
1440 size_t smk_len;
1441 const u8 *nonce;
1442 size_t nonce_len;
1443 const u8 *lifetime;
1444 size_t lifetime_len;
1445 const u8 *error;
1446 size_t error_len;
1447 #endif /* CONFIG_PEERKEY */
1448 };
1449
1450
1451 /**
1452 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
1453 * @pos: Pointer to the IE header
1454 * @end: Pointer to the end of the Key Data buffer
1455 * @ie: Pointer to parsed IE data
1456 * Returns: 0 on success, 1 if end mark is found, -1 on failure
1457 */
1458 static int wpa_parse_generic(const u8 *pos, const u8 *end,
1459 struct wpa_eapol_ie_parse *ie)
1460 {
1461 if (pos[1] == 0)
1462 return 1;
1463
1464 if (pos[1] >= 6 &&
1465 memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
1466 pos[2 + WPA_SELECTOR_LEN] == 1 &&
1467 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
1468 ie->wpa_ie = pos;
1469 ie->wpa_ie_len = pos[1] + 2;
1470 return 0;
1471 }
1472
1473 if (pos + 1 + RSN_SELECTOR_LEN < end &&
1474 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1475 memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1476 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1477 return 0;
1478 }
1479
1480 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1481 memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1482 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1483 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1484 return 0;
1485 }
1486
1487 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1488 memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1489 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1490 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1491 return 0;
1492 }
1493
1494 #ifdef CONFIG_PEERKEY
1495 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1496 memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1497 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
1498 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
1499 return 0;
1500 }
1501
1502 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1503 memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1504 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
1505 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
1506 return 0;
1507 }
1508
1509 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1510 memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1511 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
1512 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
1513 return 0;
1514 }
1515
1516 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1517 memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1518 ie->error = pos + 2 + RSN_SELECTOR_LEN;
1519 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
1520 return 0;
1521 }
1522 #endif /* CONFIG_PEERKEY */
1523
1524 return 0;
1525 }
1526
1527
1528 /**
1529 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
1530 * @buf: Pointer to the Key Data buffer
1531 * @len: Key Data Length
1532 * @ie: Pointer to parsed IE data
1533 * Returns: 0 on success, -1 on failure
1534 */
1535 static int wpa_parse_kde_ies(const u8 *buf, size_t len,
1536 struct wpa_eapol_ie_parse *ie)
1537 {
1538 const u8 *pos, *end;
1539 int ret = 0;
1540
1541 memset(ie, 0, sizeof(*ie));
1542 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
1543 if (pos[0] == 0xdd &&
1544 ((pos == buf + len - 1) || pos[1] == 0)) {
1545 /* Ignore padding */
1546 break;
1547 }
1548 if (pos + 2 + pos[1] > end) {
1549 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
1550 "underflow (ie=%d len=%d)", pos[0], pos[1]);
1551 ret = -1;
1552 break;
1553 }
1554 if (*pos == RSN_INFO_ELEM) {
1555 ie->rsn_ie = pos;
1556 ie->rsn_ie_len = pos[1] + 2;
1557 } else if (*pos == GENERIC_INFO_ELEM) {
1558 ret = wpa_parse_generic(pos, end, ie);
1559 if (ret < 0)
1560 break;
1561 if (ret > 0) {
1562 ret = 0;
1563 break;
1564 }
1565 } else {
1566 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
1567 "Key Data IE", pos, 2 + pos[1]);
1568 }
1569 }
1570
1571 return ret;
1572 }
1573
1574
1575 struct wpa_state_machine *
1576 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
1577 {
1578 struct wpa_state_machine *sm;
1579
1580 sm = wpa_zalloc(sizeof(struct wpa_state_machine));
1581 if (sm == NULL)
1582 return NULL;
1583 memcpy(sm->addr, addr, ETH_ALEN);
1584
1585 sm->wpa_auth = wpa_auth;
1586 sm->group = wpa_auth->group;
1587
1588 return sm;
1589 }
1590
1591
1592 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
1593 struct wpa_state_machine *sm)
1594 {
1595 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
1596 return;
1597
1598 if (sm->started) {
1599 memset(sm->key_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
1600 sm->ReAuthenticationRequest = TRUE;
1601 wpa_sm_step(sm);
1602 return;
1603 }
1604
1605 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1606 "start authentication");
1607 sm->started = 1;
1608
1609 sm->Init = TRUE;
1610 wpa_sm_step(sm);
1611 sm->Init = FALSE;
1612 sm->AuthenticationRequest = TRUE;
1613 wpa_sm_step(sm);
1614 }
1615
1616
1617 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
1618 {
1619 free(sm->last_rx_eapol_key);
1620 free(sm->wpa_ie);
1621 free(sm);
1622 }
1623
1624
1625 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
1626 {
1627 if (sm == NULL)
1628 return;
1629
1630 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
1631 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1632 "strict rekeying - force GTK rekey since STA "
1633 "is leaving");
1634 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
1635 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
1636 NULL);
1637 }
1638
1639 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1640 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
1641 if (sm->in_step_loop) {
1642 /* Must not free state machine while wpa_sm_step() is running.
1643 * Freeing will be completed in the end of wpa_sm_step(). */
1644 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
1645 "machine deinit for " MACSTR, MAC2STR(sm->addr));
1646 sm->pending_deinit = 1;
1647 } else
1648 wpa_free_sta_sm(sm);
1649 }
1650
1651
1652 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
1653 {
1654 if (sm == NULL)
1655 return;
1656
1657 sm->PTKRequest = TRUE;
1658 sm->PTK_valid = 0;
1659 }
1660
1661
1662 #ifdef CONFIG_PEERKEY
1663 static void wpa_stsl_step(void *eloop_ctx, void *timeout_ctx)
1664 {
1665 #if 0
1666 struct wpa_authenticator *wpa_auth = eloop_ctx;
1667 struct wpa_stsl_negotiation *neg = timeout_ctx;
1668 #endif
1669
1670 /* TODO: ? */
1671 }
1672
1673
1674 struct wpa_stsl_search {
1675 const u8 *addr;
1676 struct wpa_state_machine *sm;
1677 };
1678
1679
1680 static int wpa_stsl_select_sta(struct wpa_state_machine *sm, void *ctx)
1681 {
1682 struct wpa_stsl_search *search = ctx;
1683 if (memcmp(search->addr, sm->addr, ETH_ALEN) == 0) {
1684 search->sm = sm;
1685 return 1;
1686 }
1687 return 0;
1688 }
1689
1690
1691 static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth,
1692 struct wpa_state_machine *sm, const u8 *peer,
1693 u16 mui, u16 error_type)
1694 {
1695 u8 kde[2 + RSN_SELECTOR_LEN + ETH_ALEN +
1696 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde)];
1697 size_t kde_len;
1698 u8 *pos;
1699 struct rsn_error_kde error;
1700
1701 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1702 "Sending SMK Error");
1703
1704 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde);
1705 pos = kde;
1706
1707 if (peer) {
1708 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN,
1709 NULL, 0);
1710 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1711 }
1712
1713 error.mui = host_to_be16(mui);
1714 error.error_type = host_to_be16(error_type);
1715 pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
1716 (u8 *) &error, sizeof(error), NULL, 0);
1717
1718 __wpa_send_eapol(wpa_auth, sm,
1719 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1720 WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_ERROR,
1721 NULL, NULL, kde, kde_len, 0, 0, 0);
1722 }
1723
1724
1725 static void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
1726 struct wpa_state_machine *sm,
1727 struct wpa_eapol_key *key)
1728 {
1729 struct wpa_eapol_ie_parse kde;
1730 struct wpa_stsl_search search;
1731 u8 *buf, *pos;
1732 size_t buf_len;
1733
1734 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1735 ntohs(key->key_data_length), &kde) < 0) {
1736 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1");
1737 return;
1738 }
1739
1740 if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
1741 kde.mac_addr_len < ETH_ALEN) {
1742 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
1743 "SMK M1");
1744 return;
1745 }
1746
1747 /* Initiator = sm->addr; Peer = kde.mac_addr */
1748
1749 search.addr = kde.mac_addr;
1750 search.sm = NULL;
1751 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1752 0 || search.sm == NULL) {
1753 wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
1754 " aborted - STA not associated anymore",
1755 MAC2STR(kde.mac_addr));
1756 wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
1757 STK_ERR_STA_NR);
1758 /* FIX: wpa_stsl_remove(wpa_auth, neg); */
1759 return;
1760 }
1761
1762 buf_len = kde.rsn_ie_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1763 buf = malloc(buf_len);
1764 if (buf == NULL)
1765 return;
1766 /* Initiator RSN IE */
1767 memcpy(buf, kde.rsn_ie, kde.rsn_ie_len);
1768 pos = buf + kde.rsn_ie_len;
1769 /* Initiator MAC Address */
1770 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->addr, ETH_ALEN,
1771 NULL, 0);
1772
1773 /* SMK M2:
1774 * EAPOL-Key(S=1, M=1, A=1, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1775 * MIC=MIC, DataKDs=(RSNIE_I, MAC_I KDE)
1776 */
1777
1778 wpa_auth_logger(wpa_auth, search.sm->addr, LOGGER_DEBUG,
1779 "Sending SMK M2");
1780
1781 __wpa_send_eapol(wpa_auth, search.sm,
1782 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1783 WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE,
1784 NULL, key->key_nonce, buf, buf_len, 0, 0, 0);
1785
1786 free(buf);
1787
1788 }
1789
1790
1791 static void wpa_send_smk_m4(struct wpa_authenticator *wpa_auth,
1792 struct wpa_state_machine *sm,
1793 struct wpa_eapol_key *key,
1794 struct wpa_eapol_ie_parse *kde,
1795 const u8 *smk)
1796 {
1797 u8 *buf, *pos;
1798 size_t buf_len;
1799 u32 lifetime;
1800
1801 /* SMK M4:
1802 * EAPOL-Key(S=1, M=1, A=0, I=1, K=0, SM=1, KeyRSC=0, Nonce=PNonce,
1803 * MIC=MIC, DataKDs=(MAC_I KDE, INonce KDE, SMK KDE,
1804 * Lifetime KDE)
1805 */
1806
1807 buf_len = 2 + RSN_SELECTOR_LEN + ETH_ALEN +
1808 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
1809 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN +
1810 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
1811 pos = buf = malloc(buf_len);
1812 if (buf == NULL)
1813 return;
1814
1815 /* Initiator MAC Address */
1816 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, kde->mac_addr, ETH_ALEN,
1817 NULL, 0);
1818
1819 /* Initiator Nonce */
1820 pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, kde->nonce, WPA_NONCE_LEN,
1821 NULL, 0);
1822
1823 /* SMK with PNonce */
1824 pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN,
1825 key->key_nonce, WPA_NONCE_LEN);
1826
1827 /* Lifetime */
1828 lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
1829 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
1830 (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
1831
1832 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1833 "Sending SMK M4");
1834
1835 __wpa_send_eapol(wpa_auth, sm,
1836 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1837 WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SMK_MESSAGE,
1838 NULL, key->key_nonce, buf, buf_len, 0, 1, 0);
1839
1840 free(buf);
1841 }
1842
1843
1844 static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth,
1845 struct wpa_state_machine *sm,
1846 struct wpa_eapol_key *key,
1847 struct wpa_eapol_ie_parse *kde,
1848 const u8 *smk, const u8 *peer)
1849 {
1850 u8 *buf, *pos;
1851 size_t buf_len;
1852 u32 lifetime;
1853
1854 /* SMK M5:
1855 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1856 * MIC=MIC, DataKDs=(RSNIE_P, MAC_P KDE, PNonce, SMK KDE,
1857 * Lifetime KDE))
1858 */
1859
1860 buf_len = kde->rsn_ie_len +
1861 2 + RSN_SELECTOR_LEN + ETH_ALEN +
1862 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
1863 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN +
1864 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
1865 pos = buf = malloc(buf_len);
1866 if (buf == NULL)
1867 return;
1868
1869 /* Peer RSN IE */
1870 memcpy(buf, kde->rsn_ie, kde->rsn_ie_len);
1871 pos = buf + kde->rsn_ie_len;
1872
1873 /* Peer MAC Address */
1874 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, NULL, 0);
1875
1876 /* PNonce */
1877 pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, key->key_nonce,
1878 WPA_NONCE_LEN, NULL, 0);
1879
1880 /* SMK and INonce */
1881 pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN,
1882 kde->nonce, WPA_NONCE_LEN);
1883
1884 /* Lifetime */
1885 lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
1886 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
1887 (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
1888
1889 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1890 "Sending SMK M5");
1891
1892 __wpa_send_eapol(wpa_auth, sm,
1893 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1894 WPA_KEY_INFO_SMK_MESSAGE,
1895 NULL, kde->nonce, buf, buf_len, 0, 1, 0);
1896
1897 free(buf);
1898 }
1899
1900
1901 static void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
1902 struct wpa_state_machine *sm,
1903 struct wpa_eapol_key *key)
1904 {
1905 struct wpa_eapol_ie_parse kde;
1906 struct wpa_stsl_search search;
1907 u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos;
1908
1909 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1910 ntohs(key->key_data_length), &kde) < 0) {
1911 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3");
1912 return;
1913 }
1914
1915 if (kde.rsn_ie == NULL ||
1916 kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
1917 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN) {
1918 wpa_printf(MSG_INFO, "RSN: No RSN IE, MAC address KDE, or "
1919 "Nonce KDE in SMK M3");
1920 return;
1921 }
1922
1923 /* Peer = sm->addr; Initiator = kde.mac_addr;
1924 * Peer Nonce = key->key_nonce; Initiator Nonce = kde.nonce */
1925
1926 search.addr = kde.mac_addr;
1927 search.sm = NULL;
1928 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1929 0 || search.sm == NULL) {
1930 wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
1931 " aborted - STA not associated anymore",
1932 MAC2STR(kde.mac_addr));
1933 wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
1934 STK_ERR_STA_NR);
1935 /* FIX: wpa_stsl_remove(wpa_auth, neg); */
1936 return;
1937 }
1938
1939 if (hostapd_get_rand(smk, WPA_PMK_LEN)) {
1940 wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
1941 return;
1942 }
1943
1944 /* SMK = PRF-256(Random number, "SMK Derivation",
1945 * AA || Time || INonce || PNonce)
1946 */
1947 memcpy(buf, wpa_auth->addr, ETH_ALEN);
1948 pos = buf + ETH_ALEN;
1949 wpa_get_ntp_timestamp(pos);
1950 pos += 8;
1951 memcpy(pos, kde.nonce, WPA_NONCE_LEN);
1952 pos += WPA_NONCE_LEN;
1953 memcpy(pos, key->key_nonce, WPA_NONCE_LEN);
1954 sha1_prf(smk, WPA_PMK_LEN, "SMK Derivation", buf, sizeof(buf),
1955 smk, WPA_PMK_LEN);
1956
1957 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", smk, WPA_PMK_LEN);
1958
1959 wpa_send_smk_m4(wpa_auth, sm, key, &kde, smk);
1960 wpa_send_smk_m5(wpa_auth, search.sm, key, &kde, smk, sm->addr);
1961
1962 /* Authenticator does not need SMK anymore and it is required to forget
1963 * it. */
1964 memset(smk, 0, sizeof(*smk));
1965 }
1966
1967
1968 static void wpa_smk_error(struct wpa_authenticator *wpa_auth,
1969 struct wpa_state_machine *sm,
1970 struct wpa_eapol_key *key)
1971 {
1972 struct wpa_eapol_ie_parse kde;
1973 struct wpa_stsl_search search;
1974 struct rsn_error_kde error;
1975 u16 mui, error_type;
1976
1977 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1978 ntohs(key->key_data_length), &kde) < 0) {
1979 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
1980 return;
1981 }
1982
1983 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
1984 kde.error == NULL || kde.error_len < sizeof(error)) {
1985 wpa_printf(MSG_INFO, "RSN: No MAC address or Error KDE in "
1986 "SMK Error");
1987 return;
1988 }
1989
1990 search.addr = kde.mac_addr;
1991 search.sm = NULL;
1992 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1993 0 || search.sm == NULL) {
1994 wpa_printf(MSG_DEBUG, "RSN: Peer STA " MACSTR " not "
1995 "associated for SMK Error message from " MACSTR,
1996 MAC2STR(kde.mac_addr), MAC2STR(sm->addr));
1997 return;
1998 }
1999
2000 memcpy(&error, kde.error, sizeof(error));
2001 mui = be_to_host16(error.mui);
2002 error_type = be_to_host16(error.error_type);
2003 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2004 "STA reported SMK Error: Peer " MACSTR
2005 " MUI %d Error Type %d",
2006 MAC2STR(kde.mac_addr), mui, error_type);
2007
2008 wpa_smk_send_error(wpa_auth, search.sm, sm->addr, mui, error_type);
2009 }
2010 #endif /* CONFIG_PEERKEY */
2011
2012
2013 static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
2014 struct wpa_stsl_negotiation *neg)
2015 {
2016 #ifdef CONFIG_PEERKEY
2017 struct wpa_stsl_negotiation *pos, *prev;
2018
2019 if (wpa_auth == NULL)
2020 return -1;
2021 pos = wpa_auth->stsl_negotiations;
2022 prev = NULL;
2023 while (pos) {
2024 if (pos == neg) {
2025 if (prev)
2026 prev->next = pos->next;
2027 else
2028 wpa_auth->stsl_negotiations = pos->next;
2029
2030 eloop_cancel_timeout(wpa_stsl_step, wpa_auth, pos);
2031 free(pos);
2032 return 0;
2033 }
2034 prev = pos;
2035 pos = pos->next;
2036 }
2037 #endif /* CONFIG_PEERKEY */
2038
2039 return -1;
2040 }
2041
2042
2043 void wpa_receive(struct wpa_authenticator *wpa_auth,
2044 struct wpa_state_machine *sm,
2045 u8 *data, size_t data_len)
2046 {
2047 struct ieee802_1x_hdr *hdr;
2048 struct wpa_eapol_key *key;
2049 u16 key_info, key_data_length;
2050 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
2051 SMK_M1, SMK_M3, SMK_ERROR } msg;
2052 char *msgtxt;
2053 struct wpa_eapol_ie_parse kde;
2054
2055 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
2056 return;
2057
2058 if (data_len < sizeof(*hdr) + sizeof(*key))
2059 return;
2060
2061 hdr = (struct ieee802_1x_hdr *) data;
2062 key = (struct wpa_eapol_key *) (hdr + 1);
2063 key_info = ntohs(key->key_info);
2064 key_data_length = ntohs(key->key_data_length);
2065 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
2066 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
2067 "key_data overflow (%d > %lu)",
2068 key_data_length,
2069 (unsigned long) (data_len - sizeof(*hdr) -
2070 sizeof(*key)));
2071 return;
2072 }
2073
2074 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
2075 * are set */
2076
2077 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
2078 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
2079 if (key_info & WPA_KEY_INFO_ERROR) {
2080 msg = SMK_ERROR;
2081 msgtxt = "SMK Error";
2082 } else {
2083 msg = SMK_M1;
2084 msgtxt = "SMK M1";
2085 }
2086 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2087 msg = SMK_M3;
2088 msgtxt = "SMK M3";
2089 } else if (key_info & WPA_KEY_INFO_REQUEST) {
2090 msg = REQUEST;
2091 msgtxt = "Request";
2092 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
2093 msg = GROUP_2;
2094 msgtxt = "2/2 Group";
2095 } else if (key_data_length == 0) {
2096 msg = PAIRWISE_4;
2097 msgtxt = "4/4 Pairwise";
2098 } else {
2099 msg = PAIRWISE_2;
2100 msgtxt = "2/4 Pairwise";
2101 }
2102
2103 if (key_info & WPA_KEY_INFO_REQUEST) {
2104 if (sm->req_replay_counter_used &&
2105 memcmp(key->replay_counter, sm->req_replay_counter,
2106 WPA_REPLAY_COUNTER_LEN) <= 0) {
2107 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
2108 "received EAPOL-Key request with "
2109 "replayed counter");
2110 return;
2111 }
2112 }
2113
2114 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
2115 (!sm->key_replay_counter_valid ||
2116 memcmp(key->replay_counter, sm->key_replay_counter,
2117 WPA_REPLAY_COUNTER_LEN) != 0)) {
2118 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2119 "received EAPOL-Key %s with unexpected "
2120 "replay counter", msgtxt);
2121 wpa_hexdump(MSG_DEBUG, "expected replay counter",
2122 sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
2123 wpa_hexdump(MSG_DEBUG, "received replay counter",
2124 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
2125 return;
2126 }
2127
2128 switch (msg) {
2129 case PAIRWISE_2:
2130 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
2131 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
2132 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2133 "received EAPOL-Key msg 2/4 in "
2134 "invalid state (%d) - dropped",
2135 sm->wpa_ptk_state);
2136 return;
2137 }
2138 if (sm->wpa_ie == NULL ||
2139 sm->wpa_ie_len != key_data_length ||
2140 memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
2141 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2142 "WPA IE from (Re)AssocReq did not "
2143 "match with msg 2/4");
2144 if (sm->wpa_ie) {
2145 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2146 sm->wpa_ie, sm->wpa_ie_len);
2147 }
2148 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2149 (u8 *) (key + 1), key_data_length);
2150 /* MLME-DEAUTHENTICATE.request */
2151 wpa_sta_disconnect(wpa_auth, sm->addr);
2152 return;
2153 }
2154 break;
2155 case PAIRWISE_4:
2156 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
2157 !sm->PTK_valid) {
2158 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2159 "received EAPOL-Key msg 4/4 in "
2160 "invalid state (%d) - dropped",
2161 sm->wpa_ptk_state);
2162 return;
2163 }
2164 break;
2165 case GROUP_2:
2166 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
2167 || !sm->PTK_valid) {
2168 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2169 "received EAPOL-Key msg 2/2 in "
2170 "invalid state (%d) - dropped",
2171 sm->wpa_ptk_group_state);
2172 return;
2173 }
2174 break;
2175 #ifdef CONFIG_PEERKEY
2176 case SMK_M1:
2177 case SMK_M3:
2178 case SMK_ERROR:
2179 if (!wpa_auth->conf.peerkey) {
2180 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
2181 "PeerKey use disabled - ignoring message");
2182 return;
2183 }
2184 if (!sm->PTK_valid) {
2185 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2186 "received EAPOL-Key msg SMK in "
2187 "invalid state - dropped");
2188 return;
2189 }
2190 break;
2191 #else /* CONFIG_PEERKEY */
2192 case SMK_M1:
2193 case SMK_M3:
2194 case SMK_ERROR:
2195 return; /* STSL disabled - ignore SMK messages */
2196 #endif /* CONFIG_PEERKEY */
2197 case REQUEST:
2198 break;
2199 }
2200
2201 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
2202 "received EAPOL-Key frame (%s)", msgtxt);
2203
2204 if (key_info & WPA_KEY_INFO_ACK) {
2205 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2206 "received invalid EAPOL-Key: Key Ack set");
2207 return;
2208 }
2209
2210 if (!(key_info & WPA_KEY_INFO_MIC)) {
2211 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2212 "received invalid EAPOL-Key: Key MIC not set");
2213 return;
2214 }
2215
2216 sm->MICVerified = FALSE;
2217 if (sm->PTK_valid) {
2218 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
2219 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2220 "received EAPOL-Key with invalid MIC");
2221 return;
2222 }
2223 sm->MICVerified = TRUE;
2224 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
2225 }
2226
2227 if (key_info & WPA_KEY_INFO_REQUEST) {
2228 if (sm->MICVerified) {
2229 sm->req_replay_counter_used = 1;
2230 memcpy(sm->req_replay_counter, key->replay_counter,
2231 WPA_REPLAY_COUNTER_LEN);
2232 } else {
2233 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2234 "received EAPOL-Key request with "
2235 "invalid MIC");
2236 return;
2237 }
2238
2239 /*
2240 * TODO: should decrypt key data field if encryption was used;
2241 * even though MAC address KDE is not normally encrypted,
2242 * supplicant is allowed to encrypt it.
2243 */
2244 if (msg == SMK_ERROR) {
2245 #ifdef CONFIG_PEERKEY
2246 wpa_smk_error(wpa_auth, sm, key);
2247 #endif /* CONFIG_PEERKEY */
2248 return;
2249 } else if (key_info & WPA_KEY_INFO_ERROR) {
2250 /* Supplicant reported a Michael MIC error */
2251 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2252 "received EAPOL-Key Error Request "
2253 "(STA detected Michael MIC failure)");
2254 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
2255 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
2256 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
2257 /* Error report is not a request for a new key
2258 * handshake, but since Authenticator may do it, let's
2259 * change the keys now anyway. */
2260 wpa_request_new_ptk(sm);
2261 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
2262 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2263 "received EAPOL-Key Request for new "
2264 "4-Way Handshake");
2265 wpa_request_new_ptk(sm);
2266 #ifdef CONFIG_PEERKEY
2267 } else if (msg == SMK_M1) {
2268 wpa_smk_m1(wpa_auth, sm, key);
2269 #endif /* CONFIG_PEERKEY */
2270 } else if (key_data_length > 0 &&
2271 wpa_parse_kde_ies((const u8 *) (key + 1),
2272 key_data_length, &kde) == 0 &&
2273 kde.mac_addr) {
2274 } else {
2275 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2276 "received EAPOL-Key Request for GTK "
2277 "rekeying");
2278 /* FIX: why was this triggering PTK rekeying for the
2279 * STA that requested Group Key rekeying?? */
2280 /* wpa_request_new_ptk(sta->wpa_sm); */
2281 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
2282 wpa_rekey_gtk(wpa_auth, NULL);
2283 }
2284 } else {
2285 /* Do not allow the same key replay counter to be reused. */
2286 sm->key_replay_counter_valid = FALSE;
2287 }
2288
2289 #ifdef CONFIG_PEERKEY
2290 if (msg == SMK_M3) {
2291 wpa_smk_m3(wpa_auth, sm, key);
2292 return;
2293 }
2294 #endif /* CONFIG_PEERKEY */
2295
2296 free(sm->last_rx_eapol_key);
2297 sm->last_rx_eapol_key = malloc(data_len);
2298 if (sm->last_rx_eapol_key == NULL)
2299 return;
2300 memcpy(sm->last_rx_eapol_key, data, data_len);
2301 sm->last_rx_eapol_key_len = data_len;
2302
2303 sm->EAPOLKeyReceived = TRUE;
2304 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
2305 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
2306 memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
2307 wpa_sm_step(sm);
2308 }
2309
2310
2311 static void wpa_pmk_to_ptk(const u8 *pmk, const u8 *addr1, const u8 *addr2,
2312 const u8 *nonce1, const u8 *nonce2,
2313 u8 *ptk, size_t ptk_len)
2314 {
2315 u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
2316
2317 /* PTK = PRF-X(PMK, "Pairwise key expansion",
2318 * Min(AA, SA) || Max(AA, SA) ||
2319 * Min(ANonce, SNonce) || Max(ANonce, SNonce)) */
2320
2321 if (memcmp(addr1, addr2, ETH_ALEN) < 0) {
2322 memcpy(data, addr1, ETH_ALEN);
2323 memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
2324 } else {
2325 memcpy(data, addr2, ETH_ALEN);
2326 memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
2327 }
2328
2329 if (memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
2330 memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
2331 memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
2332 WPA_NONCE_LEN);
2333 } else {
2334 memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
2335 memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
2336 WPA_NONCE_LEN);
2337 }
2338
2339 sha1_prf(pmk, WPA_PMK_LEN, "Pairwise key expansion",
2340 data, sizeof(data), ptk, ptk_len);
2341
2342 wpa_hexdump_key(MSG_DEBUG, "PMK", pmk, WPA_PMK_LEN);
2343 wpa_hexdump_key(MSG_DEBUG, "PTK", ptk, ptk_len);
2344 }
2345
2346
2347 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
2348 u8 *gtk, size_t gtk_len)
2349 {
2350 u8 data[ETH_ALEN + WPA_NONCE_LEN];
2351
2352 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
2353 memcpy(data, addr, ETH_ALEN);
2354 memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
2355
2356 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
2357 data, sizeof(data), gtk, gtk_len);
2358
2359 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
2360 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
2361 }
2362
2363
2364 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
2365 {
2366 struct wpa_authenticator *wpa_auth = eloop_ctx;
2367 struct wpa_state_machine *sm = timeout_ctx;
2368
2369 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
2370 sm->TimeoutEvt = TRUE;
2371 wpa_sm_step(sm);
2372 }
2373
2374
2375 static int wpa_calc_eapol_key_mic(int ver, u8 *key, u8 *data, size_t len,
2376 u8 *mic)
2377 {
2378 u8 hash[SHA1_MAC_LEN];
2379
2380 switch (ver) {
2381 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
2382 hmac_md5(key, 16, data, len, mic);
2383 break;
2384 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
2385 hmac_sha1(key, 16, data, len, hash);
2386 memcpy(mic, hash, MD5_MAC_LEN);
2387 break;
2388 default:
2389 return -1;
2390 }
2391 return 0;
2392 }
2393
2394
2395 static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
2396 struct wpa_state_machine *sm, int key_info,
2397 const u8 *key_rsc, const u8 *nonce,
2398 const u8 *kde, size_t kde_len,
2399 int keyidx, int encr, int force_version)
2400 {
2401 struct ieee802_1x_hdr *hdr;
2402 struct wpa_eapol_key *key;
2403 size_t len;
2404 int alg;
2405 int key_data_len, pad_len = 0;
2406 u8 *buf, *pos;
2407 int version, pairwise;
2408
2409 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
2410
2411 if (force_version)
2412 version = force_version;
2413 else if (sm->pairwise == WPA_CIPHER_CCMP)
2414 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
2415 else
2416 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
2417
2418 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
2419
2420 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(secure=%d mic=%d ack=%d "
2421 "install=%d pairwise=%d kde_len=%lu keyidx=%d encr=%d)",
2422 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
2423 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
2424 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
2425 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
2426 pairwise, (unsigned long) kde_len, keyidx, encr);
2427
2428 key_data_len = kde_len;
2429
2430 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && encr) {
2431 pad_len = key_data_len % 8;
2432 if (pad_len)
2433 pad_len = 8 - pad_len;
2434 key_data_len += pad_len + 8;
2435 }
2436
2437 len += key_data_len;
2438
2439 hdr = wpa_zalloc(len);
2440 if (hdr == NULL)
2441 return;
2442 hdr->version = wpa_auth->conf.eapol_version;
2443 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
2444 hdr->length = htons(len - sizeof(*hdr));
2445 key = (struct wpa_eapol_key *) (hdr + 1);
2446
2447 key->type = sm->wpa == WPA_VERSION_WPA2 ?
2448 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
2449 key_info |= version;
2450 if (encr && sm->wpa == WPA_VERSION_WPA2)
2451 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2452 if (sm->wpa != WPA_VERSION_WPA2)
2453 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
2454 key->key_info = htons(key_info);
2455
2456 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
2457 switch (alg) {
2458 case WPA_CIPHER_CCMP:
2459 key->key_length = htons(16);
2460 break;
2461 case WPA_CIPHER_TKIP:
2462 key->key_length = htons(32);
2463 break;
2464 case WPA_CIPHER_WEP40:
2465 key->key_length = htons(5);
2466 break;
2467 case WPA_CIPHER_WEP104:
2468 key->key_length = htons(13);
2469 break;
2470 }
2471 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
2472 key->key_length = htons(0);
2473
2474 /* FIX: STSL: what to use as key_replay_counter? */
2475 inc_byte_array(sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
2476 memcpy(key->replay_counter, sm->key_replay_counter,
2477 WPA_REPLAY_COUNTER_LEN);
2478 sm->key_replay_counter_valid = TRUE;
2479
2480 if (nonce)
2481 memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
2482
2483 if (key_rsc)
2484 memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
2485
2486 if (kde && !encr) {
2487 memcpy(key + 1, kde, kde_len);
2488 key->key_data_length = htons(kde_len);
2489 } else if (encr && kde) {
2490 buf = wpa_zalloc(key_data_len);
2491 if (buf == NULL) {
2492 free(hdr);
2493 return;
2494 }
2495 pos = buf;
2496 memcpy(pos, kde, kde_len);
2497 pos += kde_len;
2498
2499 if (pad_len)
2500 *pos++ = 0xdd;
2501
2502 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
2503 buf, key_data_len);
2504 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
2505 aes_wrap(sm->PTK.encr_key, (key_data_len - 8) / 8, buf,
2506 (u8 *) (key + 1));
2507 key->key_data_length = htons(key_data_len);
2508 } else {
2509 u8 ek[32];
2510 memcpy(key->key_iv,
2511 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
2512 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2513 memcpy(ek, key->key_iv, 16);
2514 memcpy(ek + 16, sm->PTK.encr_key, 16);
2515 memcpy(key + 1, buf, key_data_len);
2516 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
2517 key->key_data_length = htons(key_data_len);
2518 }
2519 free(buf);
2520 }
2521
2522 if (key_info & WPA_KEY_INFO_MIC) {
2523 if (!sm->PTK_valid) {
2524 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2525 "PTK not valid when sending EAPOL-Key "
2526 "frame");
2527 free(hdr);
2528 return;
2529 }
2530 wpa_calc_eapol_key_mic(version,
2531 sm->PTK.mic_key, (u8 *) hdr, len,
2532 key->key_mic);
2533 }
2534
2535 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
2536 1);
2537 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
2538 sm->pairwise_set);
2539 free(hdr);
2540 }
2541
2542
2543 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
2544 struct wpa_state_machine *sm, int key_info,
2545 const u8 *key_rsc, const u8 *nonce,
2546 const u8 *kde, size_t kde_len,
2547 int keyidx, int encr)
2548 {
2549 int timeout_ms;
2550 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
2551
2552 if (sm == NULL)
2553 return;
2554
2555 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
2556 keyidx, encr, 0);
2557
2558 timeout_ms = pairwise ? dot11RSNAConfigPairwiseUpdateTimeOut :
2559 dot11RSNAConfigGroupUpdateTimeOut;
2560 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
2561 wpa_send_eapol_timeout, wpa_auth, sm);
2562 }
2563
2564
2565 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
2566 {
2567 struct ieee802_1x_hdr *hdr;
2568 struct wpa_eapol_key *key;
2569 u16 key_info;
2570 int ret = 0;
2571 u8 mic[16];
2572
2573 if (data_len < sizeof(*hdr) + sizeof(*key))
2574 return -1;
2575
2576 hdr = (struct ieee802_1x_hdr *) data;
2577 key = (struct wpa_eapol_key *) (hdr + 1);
2578 key_info = ntohs(key->key_info);
2579 memcpy(mic, key->key_mic, 16);
2580 memset(key->key_mic, 0, 16);
2581 if (wpa_calc_eapol_key_mic(key_info & WPA_KEY_INFO_TYPE_MASK,
2582 PTK->mic_key, data, data_len, key->key_mic)
2583 || memcmp(mic, key->key_mic, 16) != 0)
2584 ret = -1;
2585 memcpy(key->key_mic, mic, 16);
2586 return ret;
2587 }
2588
2589
2590 void wpa_remove_ptk(struct wpa_state_machine *sm)
2591 {
2592 sm->PTK_valid = FALSE;
2593 memset(&sm->PTK, 0, sizeof(sm->PTK));
2594 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
2595 sm->pairwise_set = FALSE;
2596 }
2597
2598
2599 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
2600 {
2601 if (sm == NULL)
2602 return;
2603
2604 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2605 "event %d notification", event);
2606
2607 switch (event) {
2608 case WPA_AUTH:
2609 case WPA_ASSOC:
2610 break;
2611 case WPA_DEAUTH:
2612 case WPA_DISASSOC:
2613 sm->DeauthenticationRequest = TRUE;
2614 break;
2615 case WPA_REAUTH:
2616 case WPA_REAUTH_EAPOL:
2617 sm->ReAuthenticationRequest = TRUE;
2618 break;
2619 }
2620
2621 sm->PTK_valid = FALSE;
2622 memset(&sm->PTK, 0, sizeof(sm->PTK));
2623
2624 if (event != WPA_REAUTH_EAPOL)
2625 wpa_remove_ptk(sm);
2626
2627 wpa_sm_step(sm);
2628 }
2629
2630
2631 static const char * wpa_alg_txt(int alg)
2632 {
2633 switch (alg) {
2634 case WPA_CIPHER_CCMP:
2635 return "CCMP";
2636 case WPA_CIPHER_TKIP:
2637 return "TKIP";
2638 case WPA_CIPHER_WEP104:
2639 case WPA_CIPHER_WEP40:
2640 return "WEP";
2641 default:
2642 return "";
2643 }
2644 }
2645
2646
2647 SM_STATE(WPA_PTK, INITIALIZE)
2648 {
2649 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
2650 if (sm->Init) {
2651 /* Init flag is not cleared here, so avoid busy
2652 * loop by claiming nothing changed. */
2653 sm->changed = FALSE;
2654 }
2655
2656 sm->keycount = 0;
2657 if (sm->GUpdateStationKeys)
2658 sm->group->GKeyDoneStations--;
2659 sm->GUpdateStationKeys = FALSE;
2660 if (sm->wpa == WPA_VERSION_WPA)
2661 sm->PInitAKeys = FALSE;
2662 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
2663 * Local AA > Remote AA)) */) {
2664 sm->Pair = TRUE;
2665 }
2666 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
2667 wpa_remove_ptk(sm);
2668 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
2669 sm->TimeoutCtr = 0;
2670 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2671 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2672 WPA_EAPOL_authorized, 0);
2673 }
2674 }
2675
2676
2677 SM_STATE(WPA_PTK, DISCONNECT)
2678 {
2679 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
2680 sm->Disconnect = FALSE;
2681 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2682 }
2683
2684
2685 SM_STATE(WPA_PTK, DISCONNECTED)
2686 {
2687 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
2688 if (sm->sta_counted) {
2689 sm->group->GNoStations--;
2690 sm->sta_counted = 0;
2691 } else {
2692 wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
2693 "decrease GNoStations (STA " MACSTR ")",
2694 MAC2STR(sm->addr));
2695 }
2696 sm->DeauthenticationRequest = FALSE;
2697 }
2698
2699
2700 SM_STATE(WPA_PTK, AUTHENTICATION)
2701 {
2702 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
2703 if (!sm->sta_counted) {
2704 sm->group->GNoStations++;
2705 sm->sta_counted = 1;
2706 } else {
2707 wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
2708 "increase GNoStations (STA " MACSTR ")",
2709 MAC2STR(sm->addr));
2710 }
2711 memset(&sm->PTK, 0, sizeof(sm->PTK));
2712 sm->PTK_valid = FALSE;
2713 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
2714 1);
2715 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
2716 sm->AuthenticationRequest = FALSE;
2717 }
2718
2719
2720 SM_STATE(WPA_PTK, AUTHENTICATION2)
2721 {
2722 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
2723 memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
2724 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2725 sm->ReAuthenticationRequest = FALSE;
2726 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
2727 * logical place than INITIALIZE since AUTHENTICATION2 can be
2728 * re-entered on ReAuthenticationRequest without going through
2729 * INITIALIZE. */
2730 sm->TimeoutCtr = 0;
2731 }
2732
2733
2734 SM_STATE(WPA_PTK, INITPMK)
2735 {
2736 size_t len = WPA_PMK_LEN;
2737
2738 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
2739 if (sm->pmksa) {
2740 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
2741 memcpy(sm->PMK, sm->pmksa->pmk, WPA_PMK_LEN);
2742 } else if (wpa_auth_get_pmk(sm->wpa_auth, sm->addr, sm->PMK, &len) ==
2743 0) {
2744 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
2745 "(len=%lu)", (unsigned long) len);
2746 } else {
2747 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
2748 }
2749
2750 sm->req_replay_counter_used = 0;
2751 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
2752 * will break reauthentication since EAPOL state machines may not be
2753 * get into AUTHENTICATING state that clears keyRun before WPA state
2754 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
2755 * state and takes PMK from the previously used AAA Key. This will
2756 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2757 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
2758 * be good workaround for this issue. */
2759 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2760 }
2761
2762
2763 SM_STATE(WPA_PTK, INITPSK)
2764 {
2765 const u8 *psk;
2766 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
2767 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
2768 if (psk)
2769 memcpy(sm->PMK, psk, WPA_PMK_LEN);
2770 sm->req_replay_counter_used = 0;
2771 }
2772
2773
2774 SM_STATE(WPA_PTK, PTKSTART)
2775 {
2776 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
2777 size_t pmkid_len = 0;
2778
2779 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
2780 sm->PTKRequest = FALSE;
2781 sm->TimeoutEvt = FALSE;
2782 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2783 "sending 1/4 msg of 4-Way Handshake");
2784 /*
2785 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
2786 * one possible PSK for this STA.
2787 */
2788 if (sm->wpa == WPA_VERSION_WPA2 &&
2789 sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) {
2790 pmkid = buf;
2791 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2792 pmkid[0] = WLAN_EID_GENERIC;
2793 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
2794 memcpy(&pmkid[2], RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN);
2795 if (sm->pmksa)
2796 memcpy(&pmkid[2 + RSN_SELECTOR_LEN], sm->pmksa->pmkid,
2797 PMKID_LEN);
2798 else {
2799 /*
2800 * Calculate PMKID since no PMKSA cache entry was
2801 * available with pre-calculated PMKID.
2802 */
2803 rsn_pmkid(sm->PMK, WPA_PMK_LEN, sm->wpa_auth->addr,
2804 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN]);
2805 }
2806 }
2807 wpa_send_eapol(sm->wpa_auth, sm,
2808 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2809 sm->ANonce, pmkid, pmkid_len, 0, 0);
2810 sm->TimeoutCtr++;
2811 }
2812
2813
2814 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2815 {
2816 struct wpa_ptk PTK;
2817 int ok = 0;
2818 const u8 *pmk = NULL;
2819
2820 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2821 sm->EAPOLKeyReceived = FALSE;
2822
2823 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2824 * WPA-PSK: iterate through possible PSKs and select the one matching
2825 * the packet */
2826 for (;;) {
2827 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2828 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
2829 if (pmk == NULL)
2830 break;
2831 } else
2832 pmk = sm->PMK;
2833
2834 wpa_pmk_to_ptk(pmk, sm->wpa_auth->addr, sm->addr,
2835 sm->ANonce, sm->SNonce,
2836 (u8 *) &PTK, sizeof(PTK));
2837
2838 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
2839 sm->last_rx_eapol_key_len) == 0) {
2840 ok = 1;
2841 break;
2842 }
2843
2844 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK)
2845 break;
2846 }
2847
2848 if (!ok) {
2849 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2850 "invalid MIC in msg 2/4 of 4-Way Handshake");
2851 return;
2852 }
2853
2854 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2855
2856 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2857 /* PSK may have changed from the previous choice, so update
2858 * state machine data based on whatever PSK was selected here.
2859 */
2860 memcpy(sm->PMK, pmk, WPA_PMK_LEN);
2861 }
2862
2863 sm->MICVerified = TRUE;
2864
2865 memcpy(&sm->PTK, &PTK, sizeof(PTK));
2866 sm->PTK_valid = TRUE;
2867 }
2868
2869
2870 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2871 {
2872 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2873 sm->TimeoutCtr = 0;
2874 }
2875
2876
2877 #ifdef CONFIG_IEEE80211W
2878
2879 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2880 {
2881 if (sm->mgmt_frame_prot) {
2882 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_dhv_kde) +
2883 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
2884 }
2885
2886 return 0;
2887 }
2888
2889
2890 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2891 {
2892 struct wpa_dhv_kde dhv;
2893 struct wpa_igtk_kde igtk;
2894 struct wpa_group *gsm = sm->group;
2895 u8 mac[32];
2896 const u8 *addr[3];
2897 size_t len[3];
2898
2899 if (!sm->mgmt_frame_prot)
2900 return pos;
2901
2902 addr[0] = sm->wpa_auth->addr;
2903 len[0] = ETH_ALEN;
2904 addr[1] = sm->addr;
2905 len[1] = ETH_ALEN;
2906 addr[2] = gsm->DGTK;
2907 len[2] = WPA_DGTK_LEN;
2908 sha256_vector(3, addr, len, mac);
2909 memcpy(dhv.dhv, mac, WPA_DHV_LEN);
2910 wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv.dhv, WPA_DHV_LEN);
2911 pos = wpa_add_kde(pos, RSN_KEY_DATA_DHV,
2912 (const u8 *) &dhv, sizeof(dhv), NULL, 0);
2913
2914 igtk.keyid[0] = gsm->GN;
2915 igtk.keyid[1] = 0;
2916 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN, igtk.pn) < 0)
2917 memset(igtk.pn, 0, sizeof(igtk.pn));
2918 memcpy(igtk.igtk, gsm->IGTK[gsm->GN - 1], WPA_IGTK_LEN);
2919 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
2920 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
2921
2922 return pos;
2923 }
2924
2925 #else /* CONFIG_IEEE80211W */
2926
2927 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2928 {
2929 return 0;
2930 }
2931
2932
2933 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2934 {
2935 return pos;
2936 }
2937
2938 #endif /* CONFIG_IEEE80211W */
2939
2940
2941 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2942 {
2943 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
2944 size_t gtk_len, kde_len;
2945 struct wpa_group *gsm = sm->group;
2946 u8 *wpa_ie;
2947 int wpa_ie_len, secure, keyidx, encr = 0;
2948
2949 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2950 sm->TimeoutEvt = FALSE;
2951 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
2952 */
2953 memset(rsc, 0, WPA_KEY_RSC_LEN);
2954 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2955 wpa_ie = sm->wpa_auth->wpa_ie;
2956 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2957 if (sm->wpa == WPA_VERSION_WPA &&
2958 (sm->wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) &&
2959 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2960 /* WPA-only STA, remove RSN IE */
2961 wpa_ie = wpa_ie + wpa_ie[1] + 2;
2962 wpa_ie_len = wpa_ie[1] + 2;
2963 }
2964 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2965 "sending 3/4 msg of 4-Way Handshake");
2966 if (sm->wpa == WPA_VERSION_WPA2) {
2967 /* WPA2 send GTK in the 4-way handshake */
2968 secure = 1;
2969 gtk = gsm->GTK[gsm->GN - 1];
2970 gtk_len = gsm->GTK_len;
2971 keyidx = gsm->GN;
2972 _rsc = rsc;
2973 encr = 1;
2974 } else {
2975 /* WPA does not include GTK in msg 3/4 */
2976 secure = 0;
2977 gtk = NULL;
2978 gtk_len = 0;
2979 keyidx = 0;
2980 _rsc = NULL;
2981 }
2982
2983 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2984 if (gtk)
2985 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
2986 kde = malloc(kde_len);
2987 if (kde == NULL)
2988 return;
2989
2990 pos = kde;
2991 memcpy(pos, wpa_ie, wpa_ie_len);
2992 pos += wpa_ie_len;
2993 if (gtk) {
2994 u8 hdr[2];
2995 hdr[0] = keyidx & 0x03;
2996 hdr[1] = 0;
2997 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2998 gtk, gtk_len);
2999 }
3000 pos = ieee80211w_kde_add(sm, pos);
3001
3002 wpa_send_eapol(sm->wpa_auth, sm,
3003 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
3004 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
3005 WPA_KEY_INFO_KEY_TYPE,
3006 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
3007 free(kde);
3008 sm->TimeoutCtr++;
3009 }
3010
3011
3012 SM_STATE(WPA_PTK, PTKINITDONE)
3013 {
3014 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
3015 sm->EAPOLKeyReceived = FALSE;
3016 if (sm->Pair) {
3017 char *alg;
3018 int klen;
3019 if (sm->pairwise == WPA_CIPHER_TKIP) {
3020 alg = "TKIP";
3021 klen = 32;
3022 } else {
3023 alg = "CCMP";
3024 klen = 16;
3025 }
3026 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3027 sm->PTK.tk1, klen)) {
3028 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
3029 return;
3030 }
3031 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
3032 sm->pairwise_set = TRUE;
3033
3034 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
3035 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3036 WPA_EAPOL_authorized, 1);
3037 }
3038 }
3039
3040 if (0 /* IBSS == TRUE */) {
3041 sm->keycount++;
3042 if (sm->keycount == 2) {
3043 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3044 WPA_EAPOL_portValid, 1);
3045 }
3046 } else {
3047 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3048 1);
3049 }
3050 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3051 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3052 if (sm->wpa == WPA_VERSION_WPA)
3053 sm->PInitAKeys = TRUE;
3054 else
3055 sm->has_GTK = TRUE;
3056 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3057 "pairwise key handshake completed (%s)",
3058 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3059 }
3060
3061
3062 SM_STEP(WPA_PTK)
3063 {
3064 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3065
3066 if (sm->Init)
3067 SM_ENTER(WPA_PTK, INITIALIZE);
3068 else if (sm->Disconnect
3069 /* || FIX: dot11RSNAConfigSALifetime timeout */)
3070 SM_ENTER(WPA_PTK, DISCONNECT);
3071 else if (sm->DeauthenticationRequest)
3072 SM_ENTER(WPA_PTK, DISCONNECTED);
3073 else if (sm->AuthenticationRequest)
3074 SM_ENTER(WPA_PTK, AUTHENTICATION);
3075 else if (sm->ReAuthenticationRequest)
3076 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3077 else if (sm->PTKRequest)
3078 SM_ENTER(WPA_PTK, PTKSTART);
3079 else switch (sm->wpa_ptk_state) {
3080 case WPA_PTK_INITIALIZE:
3081 break;
3082 case WPA_PTK_DISCONNECT:
3083 SM_ENTER(WPA_PTK, DISCONNECTED);
3084 break;
3085 case WPA_PTK_DISCONNECTED:
3086 SM_ENTER(WPA_PTK, INITIALIZE);
3087 break;
3088 case WPA_PTK_AUTHENTICATION:
3089 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3090 break;
3091 case WPA_PTK_AUTHENTICATION2:
3092 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_IEEE8021X) &&
3093 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3094 WPA_EAPOL_keyRun) > 0)
3095 SM_ENTER(WPA_PTK, INITPMK);
3096 else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK)
3097 /* FIX: && 802.1X::keyRun */)
3098 SM_ENTER(WPA_PTK, INITPSK);
3099 break;
3100 case WPA_PTK_INITPMK:
3101 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3102 WPA_EAPOL_keyAvailable) > 0)
3103 SM_ENTER(WPA_PTK, PTKSTART);
3104 else {
3105 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3106 SM_ENTER(WPA_PTK, DISCONNECT);
3107 }
3108 break;
3109 case WPA_PTK_INITPSK:
3110 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
3111 SM_ENTER(WPA_PTK, PTKSTART);
3112 else {
3113 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3114 "no PSK configured for the STA");
3115 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3116 SM_ENTER(WPA_PTK, DISCONNECT);
3117 }
3118 break;
3119 case WPA_PTK_PTKSTART:
3120 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3121 sm->EAPOLKeyPairwise)
3122 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3123 else if (sm->TimeoutCtr >
3124 (int) dot11RSNAConfigPairwiseUpdateCount) {
3125 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3126 SM_ENTER(WPA_PTK, DISCONNECT);
3127 } else if (sm->TimeoutEvt)
3128 SM_ENTER(WPA_PTK, PTKSTART);
3129 break;
3130 case WPA_PTK_PTKCALCNEGOTIATING:
3131 if (sm->MICVerified)
3132 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
3133 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3134 sm->EAPOLKeyPairwise)
3135 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3136 else if (sm->TimeoutEvt)
3137 SM_ENTER(WPA_PTK, PTKSTART);
3138 break;
3139 case WPA_PTK_PTKCALCNEGOTIATING2:
3140 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3141 break;
3142 case WPA_PTK_PTKINITNEGOTIATING:
3143 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3144 sm->EAPOLKeyPairwise && sm->MICVerified)
3145 SM_ENTER(WPA_PTK, PTKINITDONE);
3146 else if (sm->TimeoutCtr >
3147 (int) dot11RSNAConfigPairwiseUpdateCount) {
3148 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3149 SM_ENTER(WPA_PTK, DISCONNECT);
3150 } else if (sm->TimeoutEvt)
3151 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3152 break;
3153 case WPA_PTK_PTKINITDONE:
3154 break;
3155 }
3156 }
3157
3158
3159 SM_STATE(WPA_PTK_GROUP, IDLE)
3160 {
3161 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
3162 if (sm->Init) {
3163 /* Init flag is not cleared here, so avoid busy
3164 * loop by claiming nothing changed. */
3165 sm->changed = FALSE;
3166 }
3167 sm->GTimeoutCtr = 0;
3168 }
3169
3170
3171 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
3172 {
3173 u8 rsc[WPA_KEY_RSC_LEN];
3174 struct wpa_group *gsm = sm->group;
3175 u8 *kde, *pos, hdr[2];
3176 size_t kde_len;
3177
3178 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
3179 if (sm->wpa == WPA_VERSION_WPA)
3180 sm->PInitAKeys = FALSE;
3181 sm->TimeoutEvt = FALSE;
3182 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
3183 memset(rsc, 0, WPA_KEY_RSC_LEN);
3184 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
3185 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3186 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3187 "sending 1/2 msg of Group Key Handshake");
3188
3189 if (sm->wpa == WPA_VERSION_WPA2) {
3190 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
3191 ieee80211w_kde_len(sm);
3192 kde = malloc(kde_len);
3193 if (kde == NULL)
3194 return;
3195
3196 pos = kde;
3197 hdr[0] = gsm->GN & 0x03;
3198 hdr[1] = 0;
3199 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3200 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
3201 pos = ieee80211w_kde_add(sm, pos);
3202 } else {
3203 kde = gsm->GTK[gsm->GN - 1];
3204 pos = kde + gsm->GTK_len;
3205 }
3206
3207 wpa_send_eapol(sm->wpa_auth, sm,
3208 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
3209 WPA_KEY_INFO_ACK |
3210 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
3211 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
3212 if (sm->wpa == WPA_VERSION_WPA2)
3213 free(kde);
3214 sm->GTimeoutCtr++;
3215 }
3216
3217
3218 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
3219 {
3220 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
3221 sm->EAPOLKeyReceived = FALSE;
3222 sm->GUpdateStationKeys = FALSE;
3223 sm->group->GKeyDoneStations--;
3224 sm->GTimeoutCtr = 0;
3225 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
3226 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3227 "group key handshake completed (%s)",
3228 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3229 sm->has_GTK = TRUE;
3230 }
3231
3232
3233 SM_STATE(WPA_PTK_GROUP, KEYERROR)
3234 {
3235 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
3236 sm->group->GKeyDoneStations--;
3237 sm->GUpdateStationKeys = FALSE;
3238 sm->Disconnect = TRUE;
3239 }
3240
3241
3242 SM_STEP(WPA_PTK_GROUP)
3243 {
3244 if (sm->Init)
3245 SM_ENTER(WPA_PTK_GROUP, IDLE);
3246 else switch (sm->wpa_ptk_group_state) {
3247 case WPA_PTK_GROUP_IDLE:
3248 if (sm->GUpdateStationKeys ||
3249 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
3250 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3251 break;
3252 case WPA_PTK_GROUP_REKEYNEGOTIATING:
3253 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3254 !sm->EAPOLKeyPairwise && sm->MICVerified)
3255 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
3256 else if (sm->GTimeoutCtr >
3257 (int) dot11RSNAConfigGroupUpdateCount)
3258 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
3259 else if (sm->TimeoutEvt)
3260 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3261 break;
3262 case WPA_PTK_GROUP_KEYERROR:
3263 SM_ENTER(WPA_PTK_GROUP, IDLE);
3264 break;
3265 case WPA_PTK_GROUP_REKEYESTABLISHED:
3266 SM_ENTER(WPA_PTK_GROUP, IDLE);
3267 break;
3268 }
3269 }
3270
3271
3272 static void wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3273 struct wpa_group *group)
3274 {
3275 /* FIX: is this the correct way of getting GNonce? */
3276 memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3277 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3278 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
3279 group->GTK[group->GN - 1], group->GTK_len);
3280
3281 #ifdef CONFIG_IEEE80211W
3282 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
3283 hostapd_get_rand(group->DGTK, WPA_DGTK_LEN);
3284 wpa_hexdump_key(MSG_DEBUG, "DGTK", group->DGTK, WPA_DGTK_LEN);
3285 hostapd_get_rand(group->IGTK[group->GN - 1], WPA_IGTK_LEN);
3286 wpa_hexdump_key(MSG_DEBUG, "IGTK",
3287 group->IGTK[group->GN - 1], WPA_IGTK_LEN);
3288 }
3289 #endif /* CONFIG_IEEE80211W */
3290 }
3291
3292
3293 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3294 struct wpa_group *group)
3295 {
3296 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3297 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
3298 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
3299 group->wpa_group_state = WPA_GROUP_GTK_INIT;
3300
3301 /* GTK[0..N] = 0 */
3302 memset(group->GTK, 0, sizeof(group->GTK));
3303 group->GN = 1;
3304 group->GM = 2;
3305 /* GTK[GN] = CalcGTK() */
3306 wpa_gtk_update(wpa_auth, group);
3307 }
3308
3309
3310 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
3311 {
3312 sm->GUpdateStationKeys = TRUE;
3313 wpa_sm_step(sm);
3314 return 0;
3315 }
3316
3317
3318 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3319 struct wpa_group *group)
3320 {
3321 int tmp;
3322
3323 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3324 "SETKEYS (VLAN-ID %d)", group->vlan_id);
3325 group->changed = TRUE;
3326 group->wpa_group_state = WPA_GROUP_SETKEYS;
3327 group->GTKReKey = FALSE;
3328 tmp = group->GM;
3329 group->GM = group->GN;
3330 group->GN = tmp;
3331 group->GKeyDoneStations = group->GNoStations;
3332 wpa_gtk_update(wpa_auth, group);
3333
3334 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
3335 }
3336
3337
3338 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3339 struct wpa_group *group)
3340 {
3341 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3342 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3343 group->changed = TRUE;
3344 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3345 wpa_auth_set_key(wpa_auth, group->vlan_id,
3346 wpa_alg_txt(wpa_auth->conf.wpa_group),
3347 NULL, group->GN, group->GTK[group->GN - 1],
3348 group->GTK_len);
3349
3350 #ifdef CONFIG_IEEE80211W
3351 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
3352 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
3353 NULL, group->GN, group->IGTK[group->GN - 1],
3354 WPA_IGTK_LEN);
3355 wpa_auth_set_key(wpa_auth, group->vlan_id, "DGTK",
3356 NULL, 0, group->DGTK, WPA_DGTK_LEN);
3357 }
3358 #endif /* CONFIG_IEEE80211W */
3359 }
3360
3361
3362 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3363 struct wpa_group *group)
3364 {
3365 if (group->GInit) {
3366 wpa_group_gtk_init(wpa_auth, group);
3367 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3368 group->GTKAuthenticator) {
3369 wpa_group_setkeysdone(wpa_auth, group);
3370 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3371 group->GTKReKey) {
3372 wpa_group_setkeys(wpa_auth, group);
3373 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3374 if (group->GKeyDoneStations == 0)
3375 wpa_group_setkeysdone(wpa_auth, group);
3376 else if (group->GTKReKey)
3377 wpa_group_setkeys(wpa_auth, group);
3378 }
3379 }
3380
3381
3382 static void wpa_sm_step(struct wpa_state_machine *sm)
3383 {
3384 if (sm == NULL)
3385 return;
3386
3387 if (sm->in_step_loop) {
3388 /* This should not happen, but if it does, make sure we do not
3389 * end up freeing the state machine too early by exiting the
3390 * recursive call. */
3391 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
3392 return;
3393 }
3394
3395 sm->in_step_loop = 1;
3396 do {
3397 if (sm->pending_deinit)
3398 break;
3399
3400 sm->changed = FALSE;
3401 sm->wpa_auth->group->changed = FALSE;
3402
3403 SM_STEP_RUN(WPA_PTK);
3404 if (sm->pending_deinit)
3405 break;
3406 SM_STEP_RUN(WPA_PTK_GROUP);
3407 if (sm->pending_deinit)
3408 break;
3409 wpa_group_sm_step(sm->wpa_auth, sm->group);
3410 } while (sm->changed || sm->wpa_auth->group->changed);
3411 sm->in_step_loop = 0;
3412
3413 if (sm->pending_deinit) {
3414 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3415 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3416 wpa_free_sta_sm(sm);
3417 }
3418 }
3419
3420
3421 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3422 {
3423 struct wpa_state_machine *sm = eloop_ctx;
3424 wpa_sm_step(sm);
3425 }
3426
3427
3428 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3429 {
3430 if (sm == NULL)
3431 return;
3432 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3433 }
3434
3435
3436 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3437 {
3438 int tmp, i;
3439 struct wpa_group *group;
3440
3441 if (wpa_auth == NULL)
3442 return;
3443
3444 group = wpa_auth->group;
3445
3446 for (i = 0; i < 2; i++) {
3447 tmp = group->GM;
3448 group->GM = group->GN;
3449 group->GN = tmp;
3450 wpa_gtk_update(wpa_auth, group);
3451 }
3452 }
3453
3454
3455 static const char * wpa_bool_txt(int bool)
3456 {
3457 return bool ? "TRUE" : "FALSE";
3458 }
3459
3460
3461 static int wpa_cipher_bits(int cipher)
3462 {
3463 switch (cipher) {
3464 case WPA_CIPHER_CCMP:
3465 return 128;
3466 case WPA_CIPHER_TKIP:
3467 return 256;
3468 case WPA_CIPHER_WEP104:
3469 return 104;
3470 case WPA_CIPHER_WEP40:
3471 return 40;
3472 default:
3473 return 0;
3474 }
3475 }
3476
3477
3478 #define RSN_SUITE "%02x-%02x-%02x-%d"
3479 #define RSN_SUITE_ARG(s) (s)[0], (s)[1], (s)[2], (s)[3]
3480
3481 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
3482 {
3483 int len = 0, ret;
3484 char pmkid_txt[PMKID_LEN * 2 + 1];
3485
3486 if (wpa_auth == NULL)
3487 return len;
3488
3489 ret = snprintf(buf + len, buflen - len,
3490 "dot11RSNAOptionImplemented=TRUE\n"
3491 #ifdef CONFIG_RSN_PREAUTH
3492 "dot11RSNAPreauthenticationImplemented=TRUE\n"
3493 #else /* CONFIG_RSN_PREAUTH */
3494 "dot11RSNAPreauthenticationImplemented=FALSE\n"
3495 #endif /* CONFIG_RSN_PREAUTH */
3496 "dot11RSNAEnabled=%s\n"
3497 "dot11RSNAPreauthenticationEnabled=%s\n",
3498 wpa_bool_txt(wpa_auth->conf.wpa &
3499 HOSTAPD_WPA_VERSION_WPA2),
3500 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
3501 if (ret < 0 || (size_t) ret >= buflen - len)
3502 return len;
3503 len += ret;
3504
3505 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3506 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3507
3508 ret = snprintf(buf + len, buflen - len,
3509 "dot11RSNAConfigVersion=%u\n"
3510 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
3511 /* FIX: dot11RSNAConfigGroupCipher */
3512 /* FIX: dot11RSNAConfigGroupRekeyMethod */
3513 /* FIX: dot11RSNAConfigGroupRekeyTime */
3514 /* FIX: dot11RSNAConfigGroupRekeyPackets */
3515 "dot11RSNAConfigGroupRekeyStrict=%u\n"
3516 "dot11RSNAConfigGroupUpdateCount=%u\n"
3517 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
3518 "dot11RSNAConfigGroupCipherSize=%u\n"
3519 "dot11RSNAConfigPMKLifetime=%u\n"
3520 "dot11RSNAConfigPMKReauthThreshold=%u\n"
3521 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3522 "dot11RSNAConfigSATimeout=%u\n"
3523 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3524 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3525 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3526 "dot11RSNAPMKIDUsed=%s\n"
3527 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3528 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3529 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3530 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3531 "dot11RSNA4WayHandshakeFailures=%u\n"
3532 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3533 RSN_VERSION,
3534 !!wpa_auth->conf.wpa_strict_rekey,
3535 dot11RSNAConfigGroupUpdateCount,
3536 dot11RSNAConfigPairwiseUpdateCount,
3537 wpa_cipher_bits(wpa_auth->conf.wpa_group),
3538 dot11RSNAConfigPMKLifetime,
3539 dot11RSNAConfigPMKReauthThreshold,
3540 dot11RSNAConfigSATimeout,
3541 RSN_SUITE_ARG(wpa_auth->
3542 dot11RSNAAuthenticationSuiteSelected),
3543 RSN_SUITE_ARG(wpa_auth->
3544 dot11RSNAPairwiseCipherSelected),
3545 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3546 pmkid_txt,
3547 RSN_SUITE_ARG(wpa_auth->
3548 dot11RSNAAuthenticationSuiteRequested),
3549 RSN_SUITE_ARG(wpa_auth->
3550 dot11RSNAPairwiseCipherRequested),
3551 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3552 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3553 wpa_auth->dot11RSNA4WayHandshakeFailures);
3554 if (ret < 0 || (size_t) ret >= buflen - len)
3555 return len;
3556 len += ret;
3557
3558 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3559 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3560
3561 /* Private MIB */
3562 ret = snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3563 wpa_auth->group->wpa_group_state);
3564 if (ret < 0 || (size_t) ret >= buflen - len)
3565 return len;
3566 len += ret;
3567
3568 return len;
3569 }
3570
3571
3572 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3573 {
3574 int len = 0, ret;
3575 u8 not_used[4] = { 0, 0, 0, 0 };
3576 const u8 *pairwise = not_used;
3577
3578 if (sm == NULL)
3579 return 0;
3580
3581 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3582
3583 /* dot11RSNAStatsEntry */
3584
3585 if (sm->wpa == WPA_VERSION_WPA) {
3586 if (sm->pairwise == WPA_CIPHER_CCMP)
3587 pairwise = WPA_CIPHER_SUITE_CCMP;
3588 else if (sm->pairwise == WPA_CIPHER_TKIP)
3589 pairwise = WPA_CIPHER_SUITE_TKIP;
3590 else if (sm->pairwise == WPA_CIPHER_WEP104)
3591 pairwise = WPA_CIPHER_SUITE_WEP104;
3592 else if (sm->pairwise == WPA_CIPHER_WEP40)
3593 pairwise = WPA_CIPHER_SUITE_WEP40;
3594 else if (sm->pairwise == WPA_CIPHER_NONE)
3595 pairwise = WPA_CIPHER_SUITE_NONE;
3596 } else if (sm->wpa == WPA_VERSION_WPA2) {
3597 if (sm->pairwise == WPA_CIPHER_CCMP)
3598 pairwise = RSN_CIPHER_SUITE_CCMP;
3599 else if (sm->pairwise == WPA_CIPHER_TKIP)
3600 pairwise = RSN_CIPHER_SUITE_TKIP;
3601 else if (sm->pairwise == WPA_CIPHER_WEP104)
3602 pairwise = RSN_CIPHER_SUITE_WEP104;
3603 else if (sm->pairwise == WPA_CIPHER_WEP40)
3604 pairwise = RSN_CIPHER_SUITE_WEP40;
3605 else if (sm->pairwise == WPA_CIPHER_NONE)
3606 pairwise = RSN_CIPHER_SUITE_NONE;
3607 } else
3608 return 0;
3609
3610 ret = snprintf(buf + len, buflen - len,
3611 /* TODO: dot11RSNAStatsIndex */
3612 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3613 "dot11RSNAStatsVersion=1\n"
3614 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3615 /* TODO: dot11RSNAStatsTKIPICVErrors */
3616 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
3617 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
3618 /* TODO: dot11RSNAStatsCCMPReplays */
3619 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3620 /* TODO: dot11RSNAStatsTKIPReplays */,
3621 MAC2STR(sm->addr),
3622 RSN_SUITE_ARG(pairwise),
3623 sm->dot11RSNAStatsTKIPLocalMICFailures,
3624 sm->dot11RSNAStatsTKIPRemoteMICFailures);
3625 if (ret < 0 || (size_t) ret >= buflen - len)
3626 return len;
3627 len += ret;
3628
3629 /* Private MIB */
3630 ret = snprintf(buf + len, buflen - len,
3631 "hostapdWPAPTKState=%d\n"
3632 "hostapdWPAPTKGroupState=%d\n",
3633 sm->wpa_ptk_state,
3634 sm->wpa_ptk_group_state);
3635 if (ret < 0 || (size_t) ret >= buflen - len)
3636 return len;
3637 len += ret;
3638
3639 return len;
3640 }
3641
3642
3643 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3644 {
3645 if (wpa_auth)
3646 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3647 }
3648
3649
3650 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3651 {
3652 return sm && sm->pairwise_set;
3653 }
3654
3655
3656 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3657 {
3658 if (sm == NULL)
3659 return -1;
3660 return sm->wpa_key_mgmt;
3661 }
3662
3663
3664 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3665 {
3666 if (sm == NULL)
3667 return 0;
3668 return sm->wpa;
3669 }
3670
3671
3672 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3673 struct rsn_pmksa_cache_entry *entry)
3674 {
3675 if (sm == NULL || sm->pmksa != entry)
3676 return -1;
3677 sm->pmksa = NULL;
3678 return 0;
3679 }
3680
3681
3682 struct rsn_pmksa_cache_entry *
3683 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3684 {
3685 return sm ? sm->pmksa : NULL;
3686 }
3687
3688
3689 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3690 {
3691 if (sm)
3692 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3693 }
3694
3695
3696 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3697 {
3698 if (wpa_auth == NULL)
3699 return NULL;
3700 *len = wpa_auth->wpa_ie_len;
3701 return wpa_auth->wpa_ie;
3702 }
3703
3704
3705 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3706 int session_timeout, struct eapol_state_machine *eapol)
3707 {
3708 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
3709 return -1;
3710
3711 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, WPA_PMK_LEN,
3712 sm->wpa_auth->addr, sm->addr, session_timeout,
3713 eapol))
3714 return 0;
3715
3716 return -1;
3717 }
3718
3719
3720 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3721 const u8 *pmk, size_t len, const u8 *sta_addr,
3722 int session_timeout,
3723 struct eapol_state_machine *eapol)
3724 {
3725 if (wpa_auth == NULL)
3726 return -1;
3727
3728 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
3729 sta_addr, session_timeout, eapol))
3730 return 0;
3731
3732 return -1;
3733 }
3734
3735
3736 static struct wpa_group *
3737 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3738 {
3739 struct wpa_group *group;
3740
3741 if (wpa_auth == NULL || wpa_auth->group == NULL)
3742 return NULL;
3743
3744 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3745 vlan_id);
3746 group = wpa_group_init(wpa_auth, vlan_id);
3747 if (group == NULL)
3748 return NULL;
3749
3750 group->next = wpa_auth->group->next;
3751 wpa_auth->group->next = group;
3752
3753 return group;
3754 }
3755
3756
3757 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3758 {
3759 struct wpa_group *group;
3760
3761 if (sm == NULL || sm->wpa_auth == NULL)
3762 return 0;
3763
3764 group = sm->wpa_auth->group;
3765 while (group) {
3766 if (group->vlan_id == vlan_id)
3767 break;
3768 group = group->next;
3769 }
3770
3771 if (group == NULL) {
3772 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3773 if (group == NULL)
3774 return -1;
3775 }
3776
3777 if (sm->group == group)
3778 return 0;
3779
3780 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3781 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3782
3783 if (sm->group && sm->group != group && sm->sta_counted) {
3784 sm->group->GNoStations--;
3785 sm->sta_counted = 0;
3786 wpa_printf(MSG_DEBUG, "WLA: Decreased GNoStations for the "
3787 "previously used group state machine");
3788 }
3789
3790 sm->group = group;
3791 return 0;
3792 }
3793
3794 #endif /* CONFIG_NATIVE_WINDOWS */
DragonFly BSD