2 * WPA, WiFi Protected Access
4 * Copyright (C) 2002, 2003 Broadcom Corporation
6 * $Id: wpa.c 278326 2011-08-18 15:10:40Z palter $
15 #include <bcmendian.h>
19 #include <proto/ethernet.h>
20 #include <proto/802.11.h>
21 #include <proto/eapol.h>
22 #include <proto/eap.h>
23 #include <bcmcrypto/aeskeywrap.h>
24 #include <bcmcrypto/rc4.h>
25 #include <bcmcrypto/sha1.h>
28 #include <bcmcrypto/aes.h>
29 #include <bcmcrypto/hmac_sha256.h>
40 #define CHECK_WPA2(mode) ((mode) & (WPA2 | WPA2_PSK))
42 #define CHECK_WPA2(mode) FALSE
48 /* mapping from WEP key length to CRYPTO_ALGO_WEPXXX */
49 #define WEP_KEY2ALGO(len) ((len) == WEP1_KEY_SIZE ? CRYPTO_ALGO_WEP1 : \
50 (len) == WEP128_KEY_SIZE ? CRYPTO_ALGO_WEP128 : \
52 /* mapping from WPA_CIPHER_XXXX to CRYPTO_ALGO_XXXX */
53 #define WPA_CIPHER2ALGO(cipher) ((cipher) == WPA_CIPHER_WEP_40 ? CRYPTO_ALGO_WEP1 : \
54 (cipher) == WPA_CIPHER_WEP_104 ? CRYPTO_ALGO_WEP128 : \
55 (cipher) == WPA_CIPHER_TKIP ? CRYPTO_ALGO_TKIP : \
56 (cipher) == WPA_CIPHER_AES_CCM ? CRYPTO_ALGO_AES_CCM : \
58 #define CRYPTO_ALGO2CIPHER(algo) ((algo) == CRYPTO_ALGO_WEP1 ? WPA_CIPHER_WEP_40 : \
59 (algo) == CRYPTO_ALGO_WEP128 ? WPA_CIPHER_WEP_104 : \
60 (algo) == CRYPTO_ALGO_TKIP ? WPA_CIPHER_TKIP : \
61 (algo) == CRYPTO_ALGO_AES_CCM ? WPA_CIPHER_AES_CCM : \
63 /* mapping from WPA_CIPHER_XXXX to wsec */
64 #define WPA_CIPHER2WSEC(cipher) ((cipher) == WPA_CIPHER_WEP_40 ? WEP_ENABLED : \
65 (cipher) == WPA_CIPHER_WEP_104 ? WEP_ENABLED : \
66 (cipher) == WPA_CIPHER_TKIP ? TKIP_ENABLED : \
67 (cipher) == WPA_CIPHER_AES_CCM ? AES_ENABLED : \
69 /* PRF() expects to write its result sloppily. */
70 #define PRF_RESULT_LEN 80
71 #include <bcmcrypto/prf.h>
73 static void wpa_calc_ptk(wpa_t
*wpa
, nas_sta_t
*sta
);
74 static void wpa_gen_gtk(wpa_t
*wpa
, nas_sta_t
*sta
);
75 static void wpa_plumb_gtk(wpa_t
*wpa
, int primary
);
76 static bool wpa_encr_gtk(wpa_t
*wpa
, nas_sta_t
*ssta
, uint8
*encrypted
, uint16
*encrypted_len
);
78 static bool wpa_decr_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_wpa_key_header_t
*body
);
79 #endif /* ifdef BCMSUPPL */
81 static bool wpa_insert_pmkid(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
, uint16
*data_len
);
82 static bool wpa_insert_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
, uint16
*data_len
);
83 static bool wpa_encr_key_data(wpa_t
*wpa
, nas_sta_t
*sta
, uint8
*buffer
, uint16
*data_len
);
85 static bool wpa_extract_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
86 static bool wpa_decr_key_data(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_wpa_key_header_t
*body
);
87 #endif /* ifdef BCMSUPPL */
88 static itimer_status_t
wpa_set_timeout(bcm_timer_id td
, int secs
, int msecs
);
90 static bool wpa_check_mic(nas_sta_t
*sta
, eapol_header_t
*eapol
);
91 static bool wpa_send_eapol(wpa_t
*wpa
, nas_sta_t
*sta
);
92 static void wpa_incr_gkc(wpa_t
*wpa
);
93 static int wpa_verifystart(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
94 static int wpa_ptkstart(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
95 static int wpa_ptkinitnegotiating(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
96 static int wpa_ptkinitdone(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
97 static int wpa_ptkinitdone2(wpa_t
*wpa
, nas_sta_t
*sta
);
98 static void wpa_rekeyneg(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
99 static void wpa_setkeysdone(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
);
100 static void wpa_retransmission(bcm_timer_id td
, nas_sta_t
*sta
);
101 static void wpa_new_gtk_callback(bcm_timer_id td
, wpa_t
*wpa
);
102 extern int nas_get_stainfo(nas_t
*nas
, char *macaddr
, int len
, char *ret_buf
, int ret_buf_len
);
106 static void wpa_gen_igtk(wpa_t
*wpa
);
107 static void wpa_initialize_ipn(wpa_t
*wpa
);
110 /* Definitions for interval timer periods */
112 #define RETRY_MSECS 0
113 #define NSECS_PER_MSEC 1000*1000
115 /* local prototypes */
116 static int wpa_find_mckey_algo(wpa_t
*wpa
, uint8
*ie
, int ie_len
);
117 static int wpa_new_ptk_callback(bcm_timer_id td
, wpa_t
*wpa
);
119 /* Toggle GTK index. Indices 1 - 3 are usable; spec recommends 1 and 2. */
120 #define GTK_NEXT_INDEX(wpa) ((wpa)->gtk_index == GTK_INDEX_1 ? GTK_INDEX_2 : GTK_INDEX_1)
121 /* Toggle GTK index. Indices 1 - 3 are usable; spec recommends 1 and 2. */
122 #define IGTK_NEXT_INDEX(wpa) ((wpa)->igtk.id == IGTK_INDEX_1 ? IGTK_INDEX_2 : IGTK_INDEX_1)
124 /* Set an iterval timer. */
126 wpa_set_itimer(bcm_timer_module_id module
, bcm_timer_id
*td
,
127 bcm_timer_cb handler
, int handler_param
, int secs
, int msecs
)
129 struct itimerspec timer
;
130 itimer_status_t ret
= ITIMER_OK
;
132 timer
.it_interval
.tv_sec
= secs
;
133 timer
.it_interval
.tv_nsec
= msecs
* NSECS_PER_MSEC
;
134 timer
.it_value
.tv_sec
= secs
;
135 timer
.it_value
.tv_nsec
= msecs
* NSECS_PER_MSEC
;
137 if (bcm_timer_create(module
, td
))
138 ret
= ITIMER_CREATE_ERROR
;
139 else if (bcm_timer_connect(*td
, handler
, handler_param
))
140 ret
= ITIMER_CONNECT_ERROR
;
141 else if (bcm_timer_settime(*td
, &timer
))
142 ret
= ITIMER_SET_ERROR
;
147 static itimer_status_t
148 wpa_set_timeout(bcm_timer_id td
, int secs
, int msecs
)
150 struct itimerspec timer
;
151 itimer_status_t ret
= ITIMER_OK
;
155 msecs
-= (secs
* 1000);
157 timer
.it_interval
.tv_sec
= secs
;
158 timer
.it_interval
.tv_nsec
= msecs
* NSECS_PER_MSEC
;
159 timer
.it_value
.tv_sec
= secs
;
160 timer
.it_value
.tv_nsec
= msecs
* NSECS_PER_MSEC
;
162 bcm_timer_change_expirytime(td
, &timer
);
169 /* remove the retransmission timer if any and do some clean up */
171 wpa_stop_retx(nas_sta_t
*sta
)
174 TIMER_DELETE(sta
->td
);
175 sta
->retx_exceed_hndlr
= NULL
;
180 wpa_retransmission(bcm_timer_id td
, nas_sta_t
*sta
)
182 nas_t
*nas
= sta
->nas
;
183 wpa_suppl_state_t save_state
;
186 char eabuf
[ETHER_ADDR_STR_LEN
];
193 dbg(nas
, "start for %s (%d)",
194 ether_etoa((uchar
*)&sta
->ea
, eabuf
), sta
->retries
+ 1);
196 dbg(nas
, "called with NULL sta");
200 if (nas
->MIC_countermeasures
)
201 /* This can happen very early during countermeasures
202 * when nothing should go out. Clean-up is elsewhere.
206 else if (sta
->suppl
.state
== WPA_SETKEYSDONE
||
207 ((nas
->flags
& NAS_FLAG_WDS
) && sta
->suppl
.state
== WPA_PTKINITDONE
)) {
208 /* Check STA state for race between interval timer firing and
209 * receipt of response.
215 /* error handling when retry limit is exceeded. */
216 if (++sta
->retries
> WPA_RETRY
) {
217 /* don't toss the sta if it is part of the initiator/requestor */
220 * deauth the sta after the first batch retries and
221 * give it a chance for the second batch retries.
223 if (sta
->retries
== WPA_RETRY
+ 1) {
224 dbg(nas
, "deauthenticating %s",
225 ether_etoa((uchar
*)&sta
->ea
, eabuf
));
226 nas_deauthenticate(nas
, &sta
->ea
, DOT11_RC_4WH_TIMEOUT
);
228 /* done the second batch retries as well */
229 else if (sta
->retries
== (WPA_RETRY
+ 1) * 2) {
231 * done for this time, it is up to the
232 * initiator/requestor to reschedule the
233 * next batch of retries.
238 /* send eapol message */
241 /* Disassoc the supplicant unless there is a handler */
242 if (sta
->retx_exceed_hndlr
) {
243 sta
->retx_exceed_hndlr(sta
);
247 /* force timeout so that cleanup_sta() can toss the sta for WPA2 */
249 /* deauth the sta - also removes any unicast key we have
250 * for it and deallocates its suppl struct.
252 reason
= DOT11_RC_4WH_TIMEOUT
;
253 if (sta
->suppl
.retry_state
== WPA_REKEYNEGOTIATING
)
254 reason
= DOT11_RC_GTK_UPDATE_TIMEOUT
;
255 cleanup_sta(nas
, sta
, reason
, 0);
259 xmit
: /* Send eapol on to the air */
260 /* increment the replay counter */
261 wpa_incr_array(sta
->suppl
.replay
, REPLAY_LEN
);
263 save_state
= sta
->suppl
.state
;
264 sta
->suppl
.state
= sta
->suppl
.retry_state
;
265 if (wpa_send_eapol(nas
->wpa
, sta
) == FALSE
) {
269 if (((sta
->mode
& WPA2
) || (sta
->mode
& WPA2_PSK
))) {
271 if (sta
->retries
== 1)
272 retry_timer
= sta
->listen_interval_ms
/ 2;
274 retry_timer
= sta
->listen_interval_ms
;
275 if (retry_timer
> WPA2_DEFAULT_RETRY_MSECS
) {
276 dbg(nas
, "setting timeout to %d msec", retry_timer
);
277 wpa_set_timeout(sta
->td
, 0, retry_timer
);
282 sta
->suppl
.state
= save_state
;
289 nas_wpa_calc_pmkid(wpa_t
*wpa
, nas_sta_t
*sta
)
291 /* PMKID = HMAC-SHA1-128(PMK, "PMK Name" | AA | SPA) */
292 uint8 data
[128], digest
[SHA1HashSize
];
293 uint8 prefix
[] = "PMK Name";
296 /* create the the data portion */
297 bcopy(prefix
, data
, strlen((char *)prefix
));
298 data_len
+= strlen((char *)prefix
);
299 bcopy((uint8
*)&wpa
->nas
->ea
, &data
[data_len
], ETHER_ADDR_LEN
);
300 data_len
+= ETHER_ADDR_LEN
;
301 bcopy((uint8
*)&sta
->ea
, &data
[data_len
], ETHER_ADDR_LEN
);
302 data_len
+= ETHER_ADDR_LEN
;
304 /* generate the pmkid */
305 hmac_sha1(data
, data_len
, sta
->suppl
.pmk
, sta
->suppl
.pmk_len
, digest
);
306 bcopy(digest
, sta
->suppl
.pmkid
, WPA2_PMKID_LEN
);
308 dbg(wpa
->nas
, "PMKID");
309 dump(wpa
->nas
, sta
->suppl
.pmkid
, WPA2_PMKID_LEN
);
311 dbg(wpa
->nas
, "done");
316 wpa_calc_ptk(wpa_t
*wpa
, nas_sta_t
*sta
)
318 unsigned char data
[128], prf_buff
[PRF_RESULT_LEN
];
319 unsigned char prefix
[] = "Pairwise key expansion";
323 /* create the the data portion */
324 p
= wpa_array_cmp(MIN_ARRAY
, (uint8
*)&wpa
->nas
->ea
, (uint8
*)&sta
->ea
, ETHER_ADDR_LEN
);
325 bcopy(p
? (char*)p
: (char*)&wpa
->nas
->ea
, (char*)&data
[data_len
], ETHER_ADDR_LEN
);
326 data_len
+= ETHER_ADDR_LEN
;
328 p
= wpa_array_cmp(MAX_ARRAY
, (uint8
*)&wpa
->nas
->ea
, (uint8
*)&sta
->ea
, ETHER_ADDR_LEN
);
329 bcopy(p
? (char*)p
: (char*)&wpa
->nas
->ea
, (char*)&data
[data_len
], ETHER_ADDR_LEN
);
330 data_len
+= ETHER_ADDR_LEN
;
332 p
= wpa_array_cmp(MIN_ARRAY
, (uint8
*)&sta
->suppl
.snonce
,
333 (uint8
*)&sta
->suppl
.anonce
, NONCE_LEN
);
334 bcopy(p
? (char*)p
: (char*)&sta
->suppl
.snonce
, (char*)&data
[data_len
], NONCE_LEN
);
335 data_len
+= NONCE_LEN
;
337 p
= wpa_array_cmp(MAX_ARRAY
, (uint8
*)&sta
->suppl
.snonce
,
338 (uint8
*)&sta
->suppl
.anonce
, NONCE_LEN
);
339 bcopy(p
? (char*)p
: (char*)&sta
->suppl
.snonce
, (char*)&data
[data_len
], NONCE_LEN
);
340 data_len
+= NONCE_LEN
;
342 /* generate the ptk */
343 if (sta
->suppl
.ptk_len
> TKIP_PTK_LEN
) {
344 err(wpa
->nas
, "ptk_len = %d", sta
->suppl
.ptk_len
);
345 nas_handle_error(wpa
->nas
, 1);
348 dbg(wpa
->nas
, "STA : SUPPL PMK \n");
349 dump(wpa
->nas
, sta
->suppl
.pmk
, sta
->suppl
.pmk_len
);
351 if (sta
->key_auth_type
== KEYAUTH_SHA256
) {
352 KDF(sta
->suppl
.pmk
, sta
->suppl
.pmk_len
, prefix
, strlen((char *)prefix
),
353 data
, data_len
, prf_buff
, sta
->suppl
.ptk_len
);
354 dbg(wpa
->nas
, "ptk with kdf SH256 \n");
359 fPRF(sta
->suppl
.pmk
, sta
->suppl
.pmk_len
, prefix
, strlen((char *)prefix
),
360 data
, data_len
, prf_buff
, sta
->suppl
.ptk_len
);
361 dbg(wpa
->nas
, "ptk with kdf SHA1 \n");
364 memcpy(sta
->suppl
.eapol_mic_key
, prf_buff
, sta
->suppl
.ptk_len
);
365 dbg(wpa
->nas
, "done");
369 wpa_gen_gtk(wpa_t
*wpa
, nas_sta_t
*sta
)
371 unsigned char data
[256], prf_buff
[PRF_RESULT_LEN
];
372 unsigned char prefix
[] = "Group key expansion";
375 /* Select a mcast cipher */
376 dbg(wpa
->nas
, "wpa->nas->wsec 0x%x", wpa
->nas
->wsec
);
377 switch (WPA_MCAST_CIPHER(wpa
->nas
->wsec
, WEP_KEY2ALGO(wpa
->gtk_len
))) {
378 case WPA_CIPHER_TKIP
:
379 dbg(wpa
->nas
, "TKIP");
380 wpa
->gtk_len
= TKIP_TK_LEN
;
382 case WPA_CIPHER_AES_CCM
:
383 dbg(wpa
->nas
, "AES");
384 wpa
->gtk_len
= AES_TK_LEN
;
387 dbg(wpa
->nas
, "not supported multicast cipher");
390 dbg(wpa
->nas
, "gtk_len %d", wpa
->gtk_len
);
392 /* create the the data portion */
393 bcopy((char*)&wpa
->nas
->ea
, (char*)&data
[data_len
], ETHER_ADDR_LEN
);
394 data_len
+= ETHER_ADDR_LEN
;
395 bcopy(wpa
->global_key_counter
, wpa
->gnonce
, NONCE_LEN
);
397 bcopy((char*)&wpa
->gnonce
, (char*)&data
[data_len
], NONCE_LEN
);
398 data_len
+= NONCE_LEN
;
400 /* generate the GTK */
401 fPRF(wpa
->gmk
, sizeof(wpa
->gmk
), prefix
, strlen((char *)prefix
),
402 data
, data_len
, prf_buff
, wpa
->gtk_len
);
403 memcpy(wpa
->gtk
, prf_buff
, wpa
->gtk_len
);
405 /* The driver clears the IV when it gets a new key, so
406 * clearing RSC should be consistent with that, right?
408 memset(wpa
->gtk_rsc
, 0, sizeof(wpa
->gtk_rsc
));
410 dbg(wpa
->nas
, "done");
414 wpa_plumb_gtk(wpa_t
*wpa
, int primary
)
416 /* install the key */
417 if (nas_set_key(wpa
->nas
, NULL
, wpa
->gtk
, wpa
->gtk_len
,
418 wpa
->gtk_index
, primary
, 0, 0) < 0) {
419 err(wpa
->nas
, "invalid multicast key");
420 nas_handle_error(wpa
->nas
, 1);
422 wpa
->nas
->flags
|= NAS_FLAG_GTK_PLUMBED
;
423 dbg(wpa
->nas
, "done");
427 wpa_set_gtk_timer(wpa_t
*wpa
)
431 dbg(wpa
->nas
, "start, rekey timer = %d", wpa
->gtk_rekey_secs
);
432 if (wpa
->gtk_rekey_secs
) {
433 /* Set up an interval timer to invoke the rekey function. */
434 ts
= wpa_set_itimer(wpa
->nas
->timer
, &wpa
->gtk_rekey_timer
,
435 (bcm_timer_cb
)wpa_new_gtk_callback
,
436 (int)wpa
, wpa
->gtk_rekey_secs
, 0);
438 dbg(wpa
->nas
, "GTK interval timer set failed, code %d", ts
);
440 dbg(wpa
->nas
, "done");
444 /* The timer call-back expects to pass a timer descriptor, but there's
445 * no use for it here.
449 wpa_new_gtk_callback(bcm_timer_id td
, wpa_t
*wpa
)
452 nas_t
*nas
= wpa
->nas
;
453 nas_sta_t
*sta
= nas
->sta
;
459 /* Only a supplicant in the state of having keys
460 * already should be of interest for this purpose.
462 if ((sta
->used
== 0) || (sta
->suppl
.state
!= WPA_SETKEYSDONE
))
465 /* Found one, so cobble a new key. */
467 wpa_gen_gtk(wpa
, sta
);
468 wpa
->gtk_index
= GTK_NEXT_INDEX(wpa
);
469 wpa_plumb_gtk(wpa
, 0);
472 wpa
->igtk
.id
= IGTK_NEXT_INDEX(wpa
);
476 /* Set state wpa_send_eapol uses for the group key message. */
477 sta
->suppl
.retry_state
= sta
->suppl
.state
= WPA_REKEYNEGOTIATING
;
480 wpa_incr_array(sta
->suppl
.replay
, REPLAY_LEN
);
482 if (wpa_send_eapol(wpa
, sta
) == FALSE
) {
483 cleanup_sta(nas
, sta
, DOT11_RC_UNSPECIFIED
, 0);
485 /* There is an OS on which nas has run where we got back from
486 * the send *after* the STA replied. If that happens, don't
487 * set the interval timer.
489 } else if (sta
->suppl
.state
== WPA_REKEYNEGOTIATING
) {
490 /* Set a timeout for retransmission */
491 ts
= wpa_set_itimer(nas
->timer
, &sta
->td
,
492 (bcm_timer_cb
)wpa_retransmission
,
493 (int)sta
, sta
->wpa_msg_timeout_s
,
494 sta
->wpa_msg_timeout_ms
);
496 dbg(nas
, "set of GTK update retry interval timer failed, code %d",
499 } while (++sta
< (nas
->sta
+ MAX_SUPPLICANTS
));
501 /* Make it primary after it's been sent to all known supplicants. */
503 wpa_plumb_gtk(wpa
, 1);
505 /* If a GTK was neither sent nor plumbed, maybe we
506 * should revert to the state where there isn't one.
512 /* When we want a new group key at a time other than when the rekey
513 * interval timer goes off, we want to turn off the interval timer.
514 * Turning off that timer during a timer alarm callback can make a
515 * mess of what the timer module knows of its event queue, so this is
516 * a front-end for the cases when the work is not induced by the GTK
517 * rekey interval timer.
520 wpa_new_gtk(wpa_t
*wpa
)
522 if (wpa
->gtk_rekey_timer
)
523 TIMER_DELETE(wpa
->gtk_rekey_timer
);
525 wpa_new_gtk_callback((bcm_timer_id
) 0, wpa
);
526 /* Begin a new rekeying interval. */
527 wpa_set_gtk_timer(wpa
);
528 dbg(wpa
->nas
, "done");
532 wpa_init_gtk(wpa_t
*wpa
, nas_sta_t
*sta
)
534 /* Cobble the key and plumb it. */
535 wpa_gen_gtk(wpa
, sta
);
536 wpa_plumb_gtk(wpa
, 1);
537 wpa_set_gtk_timer(wpa
);
539 dbg(wpa
->nas
, "done");
543 wpa_encr_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, uint8
*encrypted
, uint16
*encrypted_len
)
545 unsigned char data
[256], encrkey
[32];
547 int len
= wpa
->gtk_len
;
549 /* encrypt the gtk using RC4 */
550 switch (sta
->suppl
.desc
) {
551 case WPA_KEY_DESC_V1
:
553 /* create the iv/ptk key */
554 bcopy(&wpa
->global_key_counter
[KEY_COUNTER_LEN
-16], encrkey
, 16);
555 bcopy(sta
->suppl
.eapol_encr_key
, &encrkey
[16], 16);
557 /* copy the gtk into the encryption buffer */
558 bcopy(wpa
->gtk
, encrypted
, len
);
559 /* encrypt the gtk using RC4 */
560 prepare_key(encrkey
, 32, &rc4key
);
561 rc4(data
, 256, &rc4key
); /* dump 256 bytes */
562 rc4(encrypted
, len
, &rc4key
);
564 case WPA_KEY_DESC_V2
:
566 case WPA_KEY_DESC_V3
:
569 /* pad gtk if needed - min. 16 bytes, 8 byte aligned */
571 bzero(&wpa
->gtk
[len
], 16 - len
);
574 else if (len
% AKW_BLOCK_LEN
) {
575 bzero(&wpa
->gtk
[len
], AKW_BLOCK_LEN
- (len
% AKW_BLOCK_LEN
));
576 len
+= AKW_BLOCK_LEN
- (len
% AKW_BLOCK_LEN
);
578 if (aes_wrap(sizeof(sta
->suppl
.eapol_encr_key
), sta
->suppl
.eapol_encr_key
,
579 len
, wpa
->gtk
, encrypted
)) {
580 dbg(wpa
->nas
, "encrypt failed");
585 dbg(wpa
->nas
, "sta->suppl.desc = %d", sta
->suppl
.desc
);
589 /* tell the calling func how long the encrypted data is */
590 *encrypted_len
= len
;
596 wpa_decr_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_wpa_key_header_t
*body
)
598 unsigned char data
[256], encrkey
[32];
600 ushort key_info
= ntohs(body
->key_info
), len
;
602 dbg(wpa
->nas
, "start");
604 wpa
->gtk_len
= ntohs(body
->key_len
);
605 len
= ntohs(body
->data_len
);
607 wpa
->gtk_index
= (key_info
& WPA_KEY_INDEX_MASK
) >> WPA_KEY_INDEX_SHIFT
;
608 dbg(wpa
->nas
, "gtk_index %d", wpa
->gtk_index
);
610 switch (sta
->suppl
.desc
) {
611 case WPA_KEY_DESC_V1
:
612 /* decrypt the gtk using RC4 */
614 bcopy(body
->iv
, encrkey
, 16);
615 bcopy(sta
->suppl
.eapol_encr_key
, &encrkey
[16], 16);
617 /* decrypt the gtk using RC4 */
618 prepare_key(encrkey
, 32, &rc4key
);
619 rc4(data
, 256, &rc4key
); /* dump 256 bytes */
620 rc4(body
->data
, len
, &rc4key
);
621 bcopy(body
->data
, wpa
->gtk
, wpa
->gtk_len
);
623 case WPA_KEY_DESC_V2
:
625 case WPA_KEY_DESC_V3
:
627 /* decrypt the gtk using AES */
629 if (aes_unwrap(sizeof(sta
->suppl
.eapol_encr_key
), sta
->suppl
.eapol_encr_key
,
630 len
, body
->data
, wpa
->gtk
)) {
631 dbg(wpa
->nas
, "unencrypt failed");
641 #endif /* BCMSUPPL */
644 wpa_insert_igtk(wpa_t
*wpa
, eapol_header_t
*eapol
, uint16
*data_len
)
646 uint16 len
= *data_len
;
647 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
648 eapol_wpa2_encap_data_t
*data_encap
;
649 eapol_wpa2_key_igtk_encap_t
*igtk_encap
;
651 if (!(wpa
->nas
->flags
& NAS_FLAG_IGTK_PLUMBED
)) {
653 wpa
->nas
->flags
|= NAS_FLAG_IGTK_PLUMBED
;
655 data_encap
= (eapol_wpa2_encap_data_t
*) (body
->data
+ len
);
656 data_encap
->type
= DOT11_MNG_PROPR_ID
;
657 data_encap
->length
= (EAPOL_WPA2_ENCAP_DATA_HDR_LEN
- TLV_HDR_LEN
) +
658 EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN
+ wpa
->igtk
.len
;
659 bcopy(WPA2_OUI
, data_encap
->oui
, DOT11_OUI_LEN
);
660 data_encap
->subtype
= WPA2_KEY_DATA_SUBTYPE_IGTK
;
661 len
+= EAPOL_WPA2_ENCAP_DATA_HDR_LEN
;
662 igtk_encap
= (eapol_wpa2_key_igtk_encap_t
*) (body
->data
+ len
);
663 igtk_encap
->key_id
= wpa
->igtk
.id
;
664 *(uint32
*)igtk_encap
->ipn
= wpa
->igtk
.ipn_lo
;
665 *(uint16
*)(igtk_encap
->ipn
+ 4) = wpa
->igtk
.ipn_hi
;
667 bcopy(wpa
->igtk
.key
, igtk_encap
->key
, wpa
->igtk
.len
);
668 len
+= wpa
->igtk
.len
+ EAPOL_WPA2_KEY_IGTK_ENCAP_HDR_LEN
;
670 /* return the adjusted data len */
672 printf("leave igtk_len=%d\n", wpa
->igtk
.len
);
675 #endif /* #ifdef MFP */
679 wpa_insert_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
, uint16
*data_len
)
682 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
683 eapol_wpa2_encap_data_t
*data_encap
;
684 eapol_wpa2_key_gtk_encap_t
*gtk_encap
;
686 dbg(wpa
->nas
, "data len before gtk %d", len
);
687 /* make sure we have a GTK plumbed */
688 if (!(wpa
->nas
->flags
& NAS_FLAG_GTK_PLUMBED
))
689 wpa_init_gtk(wpa
, sta
);
691 if (nas_get_group_rsc(wpa
->nas
, &wpa
->gtk_rsc
[0], wpa
->gtk_index
)) {
692 /* Don't use what we don't have. */
693 memset(wpa
->gtk_rsc
, 0, sizeof(wpa
->gtk_rsc
));
694 dbg(wpa
->nas
, "failed to find group key RSC");
698 /* insert GTK into eapol message */
699 /* body->key_len = htons(wpa->gtk_len); */
700 /* key_len is PTK len, gtk len is implicit in encapsulation */
701 data_encap
= (eapol_wpa2_encap_data_t
*) (body
->data
+ len
);
702 data_encap
->type
= DOT11_MNG_PROPR_ID
;
703 data_encap
->length
= (EAPOL_WPA2_ENCAP_DATA_HDR_LEN
- TLV_HDR_LEN
) +
704 EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN
+ wpa
->gtk_len
;
705 bcopy(WPA2_OUI
, data_encap
->oui
, DOT11_OUI_LEN
);
706 data_encap
->subtype
= WPA2_KEY_DATA_SUBTYPE_GTK
;
707 len
+= EAPOL_WPA2_ENCAP_DATA_HDR_LEN
;
709 gtk_encap
= (eapol_wpa2_key_gtk_encap_t
*) (body
->data
+ len
);
710 gtk_encap
->flags
= (wpa
->gtk_index
<< WPA2_GTK_INDEX_SHIFT
) & WPA2_GTK_INDEX_MASK
;
711 bcopy(wpa
->gtk
, gtk_encap
->gtk
, wpa
->gtk_len
);
712 len
+= wpa
->gtk_len
+ EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN
;
713 dbg(wpa
->nas
, "data len including gtk %d", len
);
715 /* copy in the gtk rsc */
716 bcopy(wpa
->gtk_rsc
, body
->rsc
, sizeof(body
->rsc
));
718 /* return the adjusted data len */
726 wpa_extract_gtk(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
728 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
729 eapol_wpa2_encap_data_t
*data_encap
;
730 eapol_wpa2_key_gtk_encap_t
*gtk_encap
;
732 int len
= ntohs(body
->data_len
);
733 ushort key_info
= ntohs(body
->key_info
);
736 data_encap
= wpa_find_gtk_encap(body
->data
, len
);
738 dbg(wpa
->nas
, "found gtk encap");
739 gtk_encap
= (eapol_wpa2_key_gtk_encap_t
*)data_encap
->data
;
740 /* wpa->gtk_len = ntohs(body->key_len); */
741 /* key_len is PTK len, gtk len is implicit in encap len */
742 wpa
->gtk_len
= data_encap
->length
- ((EAPOL_WPA2_ENCAP_DATA_HDR_LEN
- TLV_HDR_LEN
) +
743 EAPOL_WPA2_KEY_GTK_ENCAP_HDR_LEN
);
744 dbg(wpa
->nas
, "gtk len %d", wpa
->gtk_len
);
745 wpa
->gtk_index
= (gtk_encap
->flags
& WPA2_GTK_INDEX_MASK
) >> WPA2_GTK_INDEX_SHIFT
;
746 dbg(wpa
->nas
, "gtk index %d", wpa
->gtk_index
);
747 bcopy(gtk_encap
->gtk
, wpa
->gtk
, wpa
->gtk_len
);
748 dbg(wpa
->nas
, "gtk:");
749 dump(wpa
->nas
, wpa
->gtk
, wpa
->gtk_len
);
750 if (!(key_info
& WPA_KEY_ENCRYPTED_DATA
)) {
751 dbg(wpa
->nas
, "gtk wasn't encrypted!");
755 dbg(wpa
->nas
, "didn't find gtk encap");
761 #endif /* BCMSUPPL */
764 wpa_insert_pmkid(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
, uint16
*data_len
)
767 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
768 eapol_wpa2_encap_data_t
*data_encap
;
771 dbg(wpa
->nas
, "data len before pmkid %d", len
);
773 /* insert PMKID into eapol message */
774 data_encap
= (eapol_wpa2_encap_data_t
*) (body
->data
+ len
);
775 data_encap
->type
= DOT11_MNG_PROPR_ID
;
776 data_encap
->length
= (EAPOL_WPA2_ENCAP_DATA_HDR_LEN
- TLV_HDR_LEN
) + WPA2_PMKID_LEN
;
777 bcopy(WPA2_OUI
, data_encap
->oui
, DOT11_OUI_LEN
);
778 data_encap
->subtype
= WPA2_KEY_DATA_SUBTYPE_PMKID
;
779 len
+= EAPOL_WPA2_ENCAP_DATA_HDR_LEN
;
781 pmkid
= (uint8
*) (body
->data
+ len
);
782 bcopy(sta
->suppl
.pmkid
, pmkid
, WPA2_PMKID_LEN
);
783 len
+= WPA2_PMKID_LEN
;
784 dbg(wpa
->nas
, "data len including pmkid %d", len
);
786 /* return the adjusted data len */
794 wpa_encr_key_data(wpa_t
*wpa
, nas_sta_t
*sta
, uint8
*buffer
, uint16
*data_len
)
796 unsigned char data
[256], encrkey
[32];
800 dbg(wpa
->nas
, "before encrypt (len=%d):", len
);
801 dump(wpa
->nas
, buffer
, len
);
803 switch (sta
->suppl
.desc
) {
804 case WPA_KEY_DESC_V1
:
806 /* create the iv/ptk key */
807 bcopy(&wpa
->global_key_counter
[KEY_COUNTER_LEN
-16], encrkey
, 16);
808 bcopy(sta
->suppl
.eapol_encr_key
, &encrkey
[16], 16);
809 /* encrypt the key data */
810 prepare_key(encrkey
, 32, &rc4key
);
811 rc4(data
, 256, &rc4key
); /* dump 256 bytes */
812 rc4(buffer
, len
, &rc4key
);
814 case WPA_KEY_DESC_V2
:
816 case WPA_KEY_DESC_V3
:
819 /* pad if needed - min. 16 bytes, 8 byte aligned */
820 /* padding is 0xdd followed by 0's */
821 if (len
< 2*AKW_BLOCK_LEN
) {
822 buffer
[len
] = WPA2_KEY_DATA_PAD
;
823 bzero(&buffer
[len
+1], 2*AKW_BLOCK_LEN
- (len
+1));
824 len
= 2*AKW_BLOCK_LEN
;
825 } else if (len
% AKW_BLOCK_LEN
) {
826 buffer
[len
] = WPA2_KEY_DATA_PAD
;
827 bzero(&buffer
[len
+1], AKW_BLOCK_LEN
- ((len
+1) % AKW_BLOCK_LEN
));
828 len
+= AKW_BLOCK_LEN
- (len
% AKW_BLOCK_LEN
);
830 if (aes_wrap(sizeof(sta
->suppl
.eapol_encr_key
), sta
->suppl
.eapol_encr_key
,
831 len
, buffer
, buffer
)) {
832 dbg(wpa
->nas
, "encrypt failed");
838 dbg(wpa
->nas
, "unknown descriptor type sta->suppl.desc = %d", sta
->suppl
.desc
);
842 dbg(wpa
->nas
, "after encrypt (len=%d):", len
);
843 dump(wpa
->nas
, buffer
, len
);
845 /* tell the calling func how long the encrypted data is */
852 wpa_decr_key_data(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_wpa_key_header_t
*body
)
854 unsigned char data
[256], encrkey
[32];
858 len
= ntohs(body
->data_len
);
860 dbg(wpa
->nas
, "before decrypt:");
861 dump(wpa
->nas
, body
->data
, len
);
863 switch (sta
->suppl
.desc
) {
864 case WPA_KEY_DESC_V1
:
866 /* create the iv/ptk key */
867 bcopy(body
->iv
, encrkey
, 16);
868 bcopy(sta
->suppl
.eapol_encr_key
, &encrkey
[16], 16);
869 /* decrypt the key data */
870 prepare_key(encrkey
, 32, &rc4key
);
871 rc4(data
, 256, &rc4key
); /* dump 256 bytes */
872 rc4(body
->data
, len
, &rc4key
);
874 case WPA_KEY_DESC_V2
:
876 case WPA_KEY_DESC_V3
:
879 if (aes_unwrap(sizeof(sta
->suppl
.eapol_encr_key
), sta
->suppl
.eapol_encr_key
,
880 len
, body
->data
, body
->data
)) {
881 dbg(wpa
->nas
, "unencrypt failed");
886 dbg(wpa
->nas
, "unknown descriptor type %d", sta
->suppl
.desc
);
890 dbg(wpa
->nas
, "after decrypt:");
891 dump(wpa
->nas
, body
->data
, len
);
895 #endif /* BCMSUPPL */
899 wpa_countermeasures_cb(timer_t td
, nas_t
*nas
)
901 nas
->MIC_countermeasures
= 0;
902 (void) nas_wl_tkip_countermeasures(nas
, FALSE
);
903 TIMER_DELETE(nas
->wpa
->countermeasures_timer
);
906 void wpa_reset_countermeasures(wpa_t
*wpa
)
908 if (wpa
&& wpa
->countermeasures_timer
)
909 wpa_countermeasures_cb((timer_t
)wpa
->countermeasures_timer
, wpa
->nas
);
913 wpa_mic_error(wpa_t
*wpa
, nas_sta_t
*msta
, bool from_driver
)
916 nas_t
*nas
= wpa
->nas
;
917 nas_sta_t
*sta
; itimer_status_t ts
;
919 char eabuf
[ETHER_ADDR_STR_LEN
];
924 dbg(nas
, "MIC error %d at time %d, STA %s, %s", nas
->MIC_failures
,
925 (int) now
, ether_etoa((uchar
*)&msta
->ea
, eabuf
),
926 (from_driver
) ? "detected by driver" : "reported by STA");
928 if (nas
->flags
& NAS_FLAG_SUPPLICANT
) {
929 /* Until this gets more thought do no harm. */
930 dbg(nas
, "Supplicant MIC error notices not yet handled");
933 since
= now
- nas
->prev_MIC_error
;
934 nas
->prev_MIC_error
= now
;
936 /* If within the time limit we have to toss all the STAs. */
937 if ((nas
->MIC_failures
!= 0) && (since
< WPA_TKIP_CM_DETECT
)) {
938 dbg(nas
, "Second MIC failure in %d seconds, taking countermeasures",
940 nas
->MIC_countermeasures
= 1;
941 nas_wl_tkip_countermeasures(nas
, TRUE
);
942 ts
= wpa_set_itimer(wpa
->nas
->timer
, &wpa
->countermeasures_timer
,
943 (bcm_timer_cb
) wpa_countermeasures_cb
,
944 (int) nas
, WPA_TKIP_CM_BLOCK
, 0);
946 dbg(nas
, "Setting TKIP countermeasures interval timer failed, code %d", ts
);
948 /* Everybody out of the pool! */
952 cleanup_sta(nas
, sta
, DOT11_RC_MIC_FAILURE
, 0);
953 } while (sta
++ < nas
->sta
+ MAX_SUPPLICANTS
);
955 /* Try getting them all with a broadcast. */
956 /* nas_deauthenticate(nas, ðer_bcast); */
958 /* Clobber any vestige of group keys. */
959 if (wpa
->gtk_rekey_timer
)
960 TIMER_DELETE(wpa
->gtk_rekey_timer
);
961 nas_set_key(nas
, NULL
, NULL
, 0, wpa
->gtk_index
, 0, 0, 0);
962 nas_set_key(nas
, NULL
, NULL
, 0, GTK_NEXT_INDEX(wpa
), 0, 0, 0);
963 nas
->flags
&= ~NAS_FLAG_GTK_PLUMBED
;
969 wpa_check_mic(nas_sta_t
*sta
, eapol_header_t
*eapol
)
971 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
972 unsigned char digest
[2*MIC_KEY_LEN
], mic
[MIC_KEY_LEN
];
974 ushort key_info
= ntohs(body
->key_info
);
976 /* eapol pkt from the version field on */
977 mic_length
= 4 + EAPOL_WPA_KEY_LEN
+ ntohs(body
->data_len
);
979 bcopy((char*)&body
->mic
, mic
, MIC_KEY_LEN
);
980 bzero((char*)&body
->mic
, MIC_KEY_LEN
);
982 /* Create the MIC for the pkt */
983 switch (key_info
& (WPA_KEY_DESC_V1
| WPA_KEY_DESC_V2
)) {
984 case WPA_KEY_DESC_V1
:
985 hmac_md5(&eapol
->version
, mic_length
, sta
->suppl
.eapol_mic_key
,
986 MIC_KEY_LEN
, digest
);
988 case WPA_KEY_DESC_V2
:
989 dbg(sta
->nas
, "using sha1 for V2");
990 hmac_sha1(&eapol
->version
, mic_length
,
991 sta
->suppl
.eapol_mic_key
, MIC_KEY_LEN
, digest
);
994 case WPA_KEY_DESC_V3
:
995 dbg(sta
->nas
, "using aes cmac for V3");
996 aes_cmac_calc(&eapol
->version
, mic_length
,
997 sta
->suppl
.eapol_mic_key
, MIC_KEY_LEN
, digest
);
1001 dbg(sta
->nas
, "unknown descriptor type %d", key_info
);
1005 /* compare against the MIC contents */
1006 if (bcmp(digest
, mic
, MIC_KEY_LEN
) == 0) {
1007 dbg(sta
->nas
, "match");
1010 dbg(sta
->nas
, "fail");
1016 wpa_auth2akm(wpa_t
*wpa
, uint32 auth
)
1021 case WPA_AUTH_UNSPECIFIED
:
1022 return RSN_AKM_UNSPECIFIED
;
1026 case WPA2_AUTH_UNSPECIFIED
:
1027 return RSN_AKM_UNSPECIFIED
;
1029 case WPA_AUTH_DISABLED
:
1031 return RSN_AKM_NONE
;
1036 wpa_build_ie(wpa_t
*wpa
, uint32 wsec
, uint32 algo
, uint32 sta_mode
,
1037 uint8
*buf
, uint16
*len
)
1039 wpa_suite_mcast_t
*mcast
= NULL
;
1040 wpa_suite_ucast_t
*ucast
= NULL
;
1041 wpa_suite_auth_key_mgmt_t
*auth
= NULL
;
1043 uint16 tag_len
; /* tag length */
1044 uint16 buf_len
; /* buf length */
1045 int sup
= wpa
->nas
->flags
& NAS_FLAG_SUPPLICANT
;
1046 int wds
= wpa
->nas
->flags
& NAS_FLAG_WDS
;
1052 mode
= wpa
->nas
->mode
;
1054 /* for now, only !wds and !sup */
1059 if (sta_mode
& (WPA2
| WPA2_PSK
| WPA
| WPA_PSK
)) {
1061 bytes
= nas_get_wpa_ie(wpa
->nas
, (char*)ptr
, buf_len
, sta_mode
);
1063 dbg(wpa
->nas
, "WPA IE");
1064 dump(wpa
->nas
, ptr
, bytes
);
1070 /* update total wsec IE length */
1076 if ((mode
& (WPA2
| WPA2_PSK
)) && (sta_mode
& (WPA2
| WPA2_PSK
))) {
1077 wpa_rsn_ie_fixed_t
*wpaie
= (wpa_rsn_ie_fixed_t
*)buf
;
1080 if (buf_len
< WPA_RSN_IE_FIXED_LEN
)
1082 buf_len
-= TLV_HDR_LEN
;
1083 wpaie
->tag
= DOT11_MNG_RSN_ID
;
1084 wpaie
->version
.low
= (uint8
)WPA2_VERSION
;
1085 wpaie
->version
.high
= (uint8
)(WPA2_VERSION
>>8);
1086 tag_len
= WPA_RSN_IE_TAG_FIXED_LEN
;
1088 /* multicast suite */
1089 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1091 mcast
= (wpa_suite_mcast_t
*)&wpaie
[1];
1093 bcopy(BRCM_OUI
, mcast
->oui
, WPA_OUI_LEN
);
1094 mcast
->type
= 0; /* no mcast cipher */
1097 bcopy(WPA2_OUI
, mcast
->oui
, WPA_OUI_LEN
);
1099 if (WSEC_WEP_ENABLED(wsec
)) {
1100 mcast
->type
= WPA_MCAST_CIPHER(wsec
, algo
);
1103 /* supplicant has to follow authenticator's mcast algo */
1104 mcast
->type
= CRYPTO_ALGO2CIPHER(algo
);
1108 mcast
->type
= WPA_MCAST_CIPHER(wsec
, algo
);
1111 tag_len
+= WPA_SUITE_LEN
;
1113 /* unicast suite list */
1114 if (tag_len
+ WPA_IE_SUITE_COUNT_LEN
> buf_len
)
1116 ucast
= (wpa_suite_ucast_t
*)&mcast
[1];
1118 tag_len
+= WPA_IE_SUITE_COUNT_LEN
;
1119 if (WSEC_AES_ENABLED(wsec
)) {
1120 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1122 bcopy(WPA2_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1123 ucast
->list
[count
].type
= WPA_CIPHER_AES_CCM
;
1124 tag_len
+= WPA_SUITE_LEN
;
1129 if (WSEC_TKIP_ENABLED(wsec
)) {
1130 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1132 bcopy(WPA2_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1133 ucast
->list
[count
].type
= WPA_CIPHER_TKIP
;
1134 tag_len
+= WPA_SUITE_LEN
;
1140 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1142 bcopy(WPA2_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1143 ucast
->list
[count
].type
= WPA_CIPHER_NONE
;
1144 tag_len
+= WPA_SUITE_LEN
;
1148 ucast
->count
.low
= (uint8
)count
;
1149 ucast
->count
.high
= (uint8
)(count
>>8);
1151 /* authenticated key management suite list */
1152 if (tag_len
+ WPA_IE_SUITE_COUNT_LEN
> buf_len
)
1154 auth
= (wpa_suite_auth_key_mgmt_t
*)&ucast
->list
[count
];
1156 tag_len
+= WPA_IE_SUITE_COUNT_LEN
;
1158 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1160 bcopy(WPA2_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1161 auth
->list
[count
].type
= wpa_auth2akm(wpa
, wpa_mode2auth(WPA2
));
1162 tag_len
+= WPA_SUITE_LEN
;
1167 if (mode
& WPA2_PSK
) {
1168 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1170 bcopy(WPA2_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1171 auth
->list
[count
].type
= wpa_auth2akm(wpa
, wpa_mode2auth(WPA2_PSK
));
1172 tag_len
+= WPA_SUITE_LEN
;
1178 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1180 bcopy(WPA2_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1181 auth
->list
[count
].type
= wpa_auth2akm(wpa
, WPA_AUTH_NONE
);
1182 tag_len
+= WPA_SUITE_LEN
;
1186 auth
->count
.low
= (uint8
)count
;
1187 auth
->count
.high
= (uint8
)(count
>>8);
1189 /* WPA capabilities */
1191 cap
= (uint8
*)&auth
->list
[count
];
1192 cap
[0] = wpa
->cap
[0];
1193 cap
[1] = wpa
->cap
[1];
1194 tag_len
+= WPA_CAP_LEN
;
1197 /* update tag length */
1198 wpaie
->length
= (uint8
)tag_len
;
1199 dbg(wpa
->nas
, "WPA2 IE");
1200 dump(wpa
->nas
, buf
, tag_len
+ TLV_HDR_LEN
);
1201 buf
+= tag_len
+ TLV_HDR_LEN
;
1203 /* update used buffer length */
1204 *len
+= TLV_HDR_LEN
+ tag_len
;
1206 /* for wds use first found AKM no mix-mode anymore */
1210 #endif /* BCMWPA2 */
1211 if ((mode
& (WPA
| WPA_PSK
)) && (sta_mode
& (WPA
| WPA_PSK
))) {
1212 wpa_ie_fixed_t
*wpaie
= (wpa_ie_fixed_t
*)buf
;
1215 if (buf_len
< WPA_IE_FIXED_LEN
)
1217 buf_len
-= TLV_HDR_LEN
;
1218 wpaie
->tag
= DOT11_MNG_WPA_ID
;
1219 bcopy(WPA_OUI
"\x01", wpaie
->oui
, WPA_IE_OUITYPE_LEN
);
1220 wpaie
->version
.low
= (uint8
)WPA_VERSION
;
1221 wpaie
->version
.high
= (uint8
)(WPA_VERSION
>>8);
1222 tag_len
= WPA_IE_TAG_FIXED_LEN
;
1224 /* multicast suite */
1225 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1227 mcast
= (wpa_suite_mcast_t
*)&wpaie
[1];
1229 bcopy(BRCM_OUI
, mcast
->oui
, WPA_OUI_LEN
);
1230 mcast
->type
= 0; /* no mcast cipher */
1233 bcopy(WPA_OUI
, mcast
->oui
, WPA_OUI_LEN
);
1235 if (WSEC_WEP_ENABLED(wsec
)) {
1236 mcast
->type
= WPA_MCAST_CIPHER(wsec
, algo
);
1239 /* supplicant has to follow authenticator's mcast algo */
1240 mcast
->type
= CRYPTO_ALGO2CIPHER(algo
);
1244 mcast
->type
= WPA_MCAST_CIPHER(wsec
, algo
);
1247 tag_len
+= WPA_SUITE_LEN
;
1249 /* unicast suite list */
1250 if (tag_len
+ WPA_IE_SUITE_COUNT_LEN
> buf_len
)
1252 ucast
= (wpa_suite_ucast_t
*)&mcast
[1];
1254 tag_len
+= WPA_IE_SUITE_COUNT_LEN
;
1255 if (WSEC_AES_ENABLED(wsec
)) {
1256 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1258 bcopy(WPA_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1259 ucast
->list
[count
].type
= WPA_CIPHER_AES_CCM
;
1260 tag_len
+= WPA_SUITE_LEN
;
1265 if (WSEC_TKIP_ENABLED(wsec
)) {
1266 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1268 bcopy(WPA_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1269 ucast
->list
[count
].type
= WPA_CIPHER_TKIP
;
1270 tag_len
+= WPA_SUITE_LEN
;
1276 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1278 bcopy(WPA_OUI
, ucast
->list
[count
].oui
, WPA_OUI_LEN
);
1279 ucast
->list
[count
].type
= WPA_CIPHER_NONE
;
1280 tag_len
+= WPA_SUITE_LEN
;
1284 ucast
->count
.low
= (uint8
)count
;
1285 ucast
->count
.high
= (uint8
)(count
>>8);
1287 /* authenticated key management suite list */
1288 if (tag_len
+ WPA_IE_SUITE_COUNT_LEN
> buf_len
)
1290 auth
= (wpa_suite_auth_key_mgmt_t
*)&ucast
->list
[count
];
1292 tag_len
+= WPA_IE_SUITE_COUNT_LEN
;
1294 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1296 bcopy(WPA_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1297 auth
->list
[count
].type
= wpa_auth2akm(wpa
, wpa_mode2auth(WPA
));
1298 tag_len
+= WPA_SUITE_LEN
;
1303 if (mode
& WPA_PSK
) {
1304 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1306 bcopy(WPA_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1307 auth
->list
[count
].type
= wpa_auth2akm(wpa
, wpa_mode2auth(WPA_PSK
));
1308 tag_len
+= WPA_SUITE_LEN
;
1314 if (tag_len
+ WPA_SUITE_LEN
> buf_len
)
1316 bcopy(WPA_OUI
, auth
->list
[count
].oui
, WPA_OUI_LEN
);
1317 auth
->list
[count
].type
= wpa_auth2akm(wpa
, WPA_AUTH_NONE
);
1318 tag_len
+= WPA_SUITE_LEN
;
1322 auth
->count
.low
= (uint8
)count
;
1323 auth
->count
.high
= (uint8
)(count
>>8);
1325 /* WPA capabilities */
1327 cap
= (uint8
*)&auth
->list
[count
];
1328 cap
[0] = wpa
->cap
[0];
1329 cap
[1] = wpa
->cap
[1];
1330 tag_len
+= WPA_CAP_LEN
;
1333 /* update tag length */
1334 wpaie
->length
= (uint8
)tag_len
;
1335 dbg(wpa
->nas
, "WPA IE");
1336 dump(wpa
->nas
, buf
, tag_len
+ TLV_HDR_LEN
);
1337 buf
+= tag_len
+ TLV_HDR_LEN
;
1339 /* update used buffer length */
1340 *len
+= TLV_HDR_LEN
+ tag_len
;
1347 wpa_send_eapol(wpa_t
*wpa
, nas_sta_t
*sta
)
1350 unsigned char mic
[SHA1HashSize
]; /* size of largest digest */
1351 unsigned char buffer
[1024];
1352 eapol_header_t
*eapol
= (eapol_header_t
*)buffer
;
1353 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
1354 int key_index
, mic_length
= 0;
1355 nas_t
*nas
= wpa
->nas
;
1356 uint16 data_len
= 0;
1358 char eabuf
[ETHER_ADDR_STR_LEN
];
1361 dbg(nas
, "message for %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
1363 bzero(buffer
, 1024);
1365 memcpy(&eapol
->eth
.ether_dhost
, &sta
->ea
, ETHER_ADDR_LEN
);
1366 memcpy(&eapol
->eth
.ether_shost
, &nas
->ea
, ETHER_ADDR_LEN
);
1367 eapol
->eth
.ether_type
= htons(ETHER_TYPE_802_1X
);
1368 eapol
->version
= sta
->eapol_version
;
1369 eapol
->type
= EAPOL_KEY
;
1370 eapol
->length
= EAPOL_WPA_KEY_LEN
;
1372 frags
.iov_base
= (caddr_t
) buffer
;
1373 frags
.iov_len
= EAPOL_HEADER_LEN
+ EAPOL_WPA_KEY_LEN
;
1375 /* Set the key type to WPA */
1377 if ((sta
->mode
& (WPA2_PSK
| WPA2
)))
1378 body
->type
= EAPOL_WPA2_KEY
;
1381 body
->type
= EAPOL_WPA_KEY
;
1382 /* set the replay count */
1383 bcopy(sta
->suppl
.replay
, body
->replay
, REPLAY_LEN
);
1385 /* Fill in the WPA key descriptor */
1386 switch (sta
->suppl
.state
) {
1388 dbg(nas
, "WPA_PTKSTART");
1389 /* Set Key length */
1390 body
->key_len
= htons(sta
->suppl
.tk_len
);
1391 /* Set the Key info flags */
1392 body
->key_info
= htons(sta
->suppl
.desc
| WPA_KEY_ACK
| WPA_KEY_PAIRWISE
);
1394 bcopy(sta
->suppl
.anonce
, body
->nonce
, NONCE_LEN
);
1397 if ((sta
->mode
& (WPA2_PSK
| WPA2
))) {
1398 wpa_insert_pmkid(wpa
, sta
, eapol
, &data_len
);
1399 body
->data_len
= htons(data_len
);
1400 /* add the data field length (WPA IE) */
1401 frags
.iov_len
+= data_len
;
1402 eapol
->length
+= data_len
;
1404 #endif /* BCMWPA2 */
1406 eapol
->length
= htons(eapol
->length
);
1409 case WPA_PTKINITNEGOTIATING
:
1410 dbg(nas
, "WPA_PTKINITNEGOTIATING");
1411 /* Set Key length */
1412 body
->key_len
= htons(sta
->suppl
.tk_len
);
1413 /* Set the Key info flags */
1414 body
->key_info
= htons(sta
->suppl
.desc
| WPA_KEY_INDEX_0
| WPA_KEY_ACK
|
1415 WPA_KEY_PAIRWISE
| WPA_KEY_INSTALL
| WPA_KEY_MIC
);
1417 if ((sta
->mode
& (WPA2
| WPA2_PSK
)))
1418 body
->key_info
|= htons(WPA_KEY_SECURE
| WPA_KEY_ENCRYPTED_DATA
);
1420 if (nas
->flags
& NAS_FLAG_WDS
)
1421 body
->key_info
|= htons(WPA_KEY_SECURE
);
1424 bcopy(sta
->suppl
.anonce
, body
->nonce
, NONCE_LEN
);
1426 /* Copy the WPA IE sent in the beacon
1427 * since the body eapol_wpa_key_header_t is a pointer masked over the buffer
1428 * we need to retreive the actual size left
1430 data_len
= sizeof(buffer
) - (sizeof(eapol_wpa_key_header_t
) - sizeof(body
->data
));
1432 if (wpa_build_ie(wpa
, nas
->wsec
, WEP_KEY2ALGO(wpa
->gtk_len
),
1433 sta
->mode
, body
->data
, &data_len
)) {
1434 dbg(nas
, "failed to build WPA IE");
1439 if ((sta
->mode
& (WPA2
| WPA2_PSK
))) {
1440 if (!wpa_insert_gtk(wpa
, sta
, eapol
, &data_len
)) {
1441 err(nas
, "insertion of gtk failed");
1442 nas_handle_error(nas
, 1);
1445 wpa_insert_igtk(wpa
, eapol
, &data_len
);
1446 /* wpa_key->data_len = hton16(data_len); */
1448 /* copy in the iv and encrypt the key data field */
1449 bcopy(&wpa
->global_key_counter
[KEY_COUNTER_LEN
-16], body
->iv
, 16);
1450 if (!wpa_encr_key_data(wpa
, sta
, body
->data
, &data_len
)) {
1451 err(nas
, "encryption of key data failed");
1452 nas_handle_error(nas
, 1);
1455 #endif /* BCMWPA2 */
1456 body
->data_len
= htons(data_len
);
1457 /* add the data field length (WPA IE) */
1458 frags
.iov_len
+= data_len
;
1459 eapol
->length
+= data_len
;
1460 eapol
->length
= htons(eapol
->length
);
1462 /* How much data to MIC */
1463 mic_length
= 4 + EAPOL_WPA_KEY_LEN
+ data_len
;
1466 case WPA_REKEYNEGOTIATING
:
1467 dbg(nas
, "WPA_REKEYNEGOTIATING");
1469 body
->key_info
= htons(sta
->suppl
.desc
| WPA_KEY_SECURE
|
1470 WPA_KEY_ACK
| WPA_KEY_MIC
);
1473 if ((sta
->mode
& (WPA2
| WPA2_PSK
))) {
1474 if (!wpa_insert_gtk(wpa
, sta
, eapol
, &data_len
)) {
1475 err(nas
, "insertion of gtk failed");
1476 nas_handle_error(nas
, 1);
1479 wpa_insert_igtk(wpa
, eapol
, &data_len
);
1480 /* wpa_key->data_len = hton16(data_len); */
1482 /* copy in the iv and encrypt the key data field */
1483 bcopy(&wpa
->global_key_counter
[KEY_COUNTER_LEN
-16], body
->iv
, 16);
1484 body
->key_info
|= htons(WPA_KEY_SECURE
| WPA_KEY_ENCRYPTED_DATA
);
1485 if (!wpa_encr_key_data(wpa
, sta
, body
->data
, &data_len
)) {
1486 err(nas
, "encryption of key data failed");
1487 nas_handle_error(nas
, 1);
1490 #endif /* BCMWPA2 */
1491 /* Set Key length */
1492 body
->key_len
= htons(wpa
->gtk_len
);
1493 /* Set the Key info flags */
1494 key_index
= (wpa
->gtk_index
<< WPA_KEY_INDEX_SHIFT
) & WPA_KEY_INDEX_MASK
;
1495 body
->key_info
|= htons(key_index
);
1498 bcopy(wpa
->gnonce
, body
->nonce
, NONCE_LEN
);
1500 /* copy in the key IV */
1501 bcopy(&wpa
->global_key_counter
[KEY_COUNTER_LEN
-16], body
->iv
, 16);
1502 bcopy(wpa
->gtk_rsc
, body
->rsc
, sizeof(body
->rsc
));
1504 /* encrypt the gtk and put it in the data field */
1505 if (!wpa_encr_gtk(wpa
, sta
, body
->data
, &data_len
)) {
1506 err(nas
, "encryption of GTK failed");
1507 nas_handle_error(nas
, 1);
1509 switch (sta
->suppl
.desc
) {
1510 case WPA_KEY_DESC_V1
:
1512 case WPA_KEY_DESC_V2
:
1514 case WPA_KEY_DESC_V3
:
1519 err(nas
, "unknown descriptor type %d", sta
->suppl
.desc
);
1520 nas_handle_error(nas
, 1);
1525 body
->data_len
= htons(data_len
);
1527 /* fix up the length */
1528 frags
.iov_len
+= data_len
;
1529 eapol
->length
+= data_len
;
1530 eapol
->length
= htons(eapol
->length
);
1531 /* How much data to MIC */
1532 mic_length
= 4 + EAPOL_WPA_KEY_LEN
+ data_len
;
1536 case WPA_SUP_INITIALIZE
:
1537 dbg(nas
, "WPA_SUP_INITIALIZE");
1538 /* Set Key length */
1539 body
->key_len
= htons(sta
->suppl
.tk_len
);
1540 /* Set the Key info flags */
1541 body
->key_info
= htons(sta
->suppl
.desc
| WPA_KEY_INDEX_0
|
1542 WPA_KEY_REQ
| WPA_KEY_PAIRWISE
);
1544 bcopy(sta
->suppl
.snonce
, body
->nonce
, NONCE_LEN
);
1545 eapol
->length
= htons(eapol
->length
);
1548 case WPA_SUP_STAKEYSTARTG
:
1549 case WPA_SUP_STAKEYSTARTP
:
1550 dbg(nas
, "WPA_SUP_STAKEYSTARTP/G");
1551 /* Set Key length */
1552 body
->key_len
= htons(sta
->suppl
.tk_len
);
1553 /* Set the Key info flags */
1554 body
->key_info
= htons(sta
->suppl
.desc
| WPA_KEY_INDEX_0
| WPA_KEY_MIC
);
1555 switch (sta
->suppl
.state
) {
1556 case WPA_SUP_STAKEYSTARTP
:
1557 body
->key_info
|= htons(WPA_KEY_PAIRWISE
);
1558 switch (sta
->suppl
.pk_state
) {
1559 case EAPOL_SUP_PK_MSG1
:
1560 data_len
= sizeof(body
->data
);
1561 if (wpa_build_ie(wpa
, nas
->wsec
, sta
->algo
,
1562 sta
->mode
, body
->data
, &data_len
)) {
1563 dbg(nas
, "failed to build WPA IE");
1566 body
->data_len
= htons(data_len
);
1568 /* add the data field length (WPA IE) */
1569 frags
.iov_len
+= data_len
;
1570 eapol
->length
+= data_len
;
1572 /* expect message #3 after sending message #2 */
1573 sta
->suppl
.pk_state
= EAPOL_SUP_PK_MSG3
;
1575 case EAPOL_SUP_PK_MSG3
:
1576 /* send message #4 and we are done with pairwise */
1577 if (nas
->flags
& NAS_FLAG_WDS
)
1578 body
->key_info
|= htons(WPA_KEY_SECURE
);
1580 if ((sta
->mode
& (WPA2
| WPA2_PSK
)))
1581 body
->key_info
|= htons(WPA_KEY_SECURE
);
1583 sta
->suppl
.pk_state
= EAPOL_SUP_PK_DONE
;
1586 dbg(nas
, "Unexpected supplicant pk state %d", sta
->suppl
.pk_state
);
1590 case WPA_SUP_STAKEYSTARTG
:
1591 body
->key_info
|= htons(WPA_KEY_SECURE
);
1594 /* just to satisfy the compiler, no way to get here */
1599 bcopy(sta
->suppl
.snonce
, body
->nonce
, NONCE_LEN
);
1601 eapol
->length
= htons(eapol
->length
);
1603 /* How much data to MIC */
1604 mic_length
= 4 + EAPOL_WPA_KEY_LEN
+ data_len
;
1606 switch (sta
->suppl
.desc
) {
1607 case WPA_KEY_DESC_V1
:
1608 case WPA_KEY_DESC_V2
:
1610 case WPA_KEY_DESC_V3
:
1614 dbg(nas
, "unknown descriptor type %d", sta
->suppl
.desc
);
1615 if (!(nas
->flags
& NAS_FLAG_WDS
)) {
1618 nas_set_ssid(nas
, nas
->ssid
);
1623 #endif /* BCMSUPPL */
1626 /* error state; callers will bail */
1627 dbg(nas
, "Unexpected supplicant state %d", sta
->suppl
.state
);
1632 dbg(nas
, "eapol retry");
1635 /* calculate the MIC and copy it in */
1636 switch (sta
->suppl
.desc
) {
1637 case WPA_KEY_DESC_V1
:
1638 hmac_md5(&buffer
[sizeof(struct ether_header
)], mic_length
,
1639 sta
->suppl
.eapol_mic_key
, MIC_KEY_LEN
, mic
);
1641 case WPA_KEY_DESC_V2
:
1642 hmac_sha1(&buffer
[sizeof(struct ether_header
)], mic_length
,
1643 sta
->suppl
.eapol_mic_key
, MIC_KEY_LEN
, mic
);
1646 case WPA_KEY_DESC_V3
:
1647 dbg(nas
, "using aes cmac for V3");
1648 aes_cmac_calc(&buffer
[sizeof(struct ether_header
)], mic_length
,
1649 sta
->suppl
.eapol_mic_key
, MIC_KEY_LEN
, mic
);
1653 err(nas
, "unknown descriptor type %d", sta
->suppl
.desc
);
1654 nas_handle_error(nas
, 1);
1656 bcopy(mic
, (char*)body
->mic
, MIC_KEY_LEN
);
1660 nas_eapol_send_packet(nas
, &frags
, 1);
1666 /* only handle single mode! */
1668 wpa_mode2auth(int mode
)
1672 return WPA_AUTH_PSK
;
1674 return WPA_AUTH_UNSPECIFIED
;
1677 return WPA2_AUTH_PSK
;
1679 return WPA2_AUTH_UNSPECIFIED
;
1680 #endif /* BCMWPA2 */
1683 return WPA_AUTH_DISABLED
;
1687 /* only handle single mode! */
1689 wpa_auth2mode(int auth
)
1694 case WPA_AUTH_UNSPECIFIED
:
1699 case WPA2_AUTH_UNSPECIFIED
:
1701 #endif /* BCMWPA2 */
1702 case WPA_AUTH_DISABLED
:
1709 wpa_akm2auth(uint32 akm
)
1713 return WPA_AUTH_PSK
;
1714 case RSN_AKM_UNSPECIFIED
:
1715 return WPA_AUTH_UNSPECIFIED
;
1718 return WPA_AUTH_NONE
;
1724 wpa2_akm2auth(uint32 akm
)
1727 /* for PMF : clear the bit which is not relevant here */
1733 return WPA2_AUTH_PSK
;
1734 case RSN_AKM_UNSPECIFIED
:
1735 return WPA2_AUTH_UNSPECIFIED
;
1738 return WPA_AUTH_NONE
;
1741 #endif /* BCMWPA2 */
1743 /* decode WPA IE to retrieve supplicant wsec, auth mode, and pmk cached */
1744 /* pmkc - 0:no pmkid in ie, -1:pmkid not found, 1:pmkid found */
1746 wpa_parse_ie(wpa_t
*wpa
, uint8
*ie
, int ie_len
, uint32
*wsec
, uint32
*mode
,
1747 uint32
*pmkc
, nas_sta_t
*sta
)
1750 wpa_suite_mcast_t
*mcast
= NULL
;
1751 wpa_suite_ucast_t
*ucast
= NULL
;
1752 wpa_suite_auth_key_mgmt_t
*mgmt
= NULL
;
1756 wpa_pmkid_list_t
*pmkid
= NULL
;
1760 uint32 (*akm2auth
)(uint32 akm
) = NULL
;
1763 /* validate ie length */
1764 if (!bcm_valid_tlv((bcm_tlv_t
*)ie
, ie_len
)) {
1765 dbg(wpa
->nas
, "IE is too short");
1769 /* type specific header processing */
1770 switch ((type
= *ie
)) {
1772 case DOT11_MNG_RSN_ID
: {
1773 wpa_rsn_ie_fixed_t
*rsnie
= (wpa_rsn_ie_fixed_t
*)ie
;
1774 if (rsnie
->length
< WPA_RSN_IE_TAG_FIXED_LEN
) {
1775 dbg(wpa
->nas
, "invalid RSN IE header");
1778 if (ltoh16_ua((uint8
*)&rsnie
->version
) != WPA2_VERSION
) {
1779 dbg(wpa
->nas
, "unsupported RSN IE version");
1782 mcast
= (wpa_suite_mcast_t
*)(rsnie
+ 1);
1783 len
= ie_len
- WPA_RSN_IE_FIXED_LEN
;
1784 oui
= (uint8
*)WPA2_OUI
;
1785 akm2auth
= wpa2_akm2auth
;
1788 #endif /* BCMWPA2 */
1789 case DOT11_MNG_WPA_ID
: {
1790 wpa_ie_fixed_t
*wpaie
= (wpa_ie_fixed_t
*)ie
;
1791 if (wpaie
->length
< WPA_IE_TAG_FIXED_LEN
||
1792 bcmp(wpaie
->oui
, WPA_OUI
"\x01", WPA_IE_OUITYPE_LEN
)) {
1793 dbg(wpa
->nas
, "invalid WPA IE header");
1796 if (ltoh16_ua((uint8
*)&wpaie
->version
) != WPA_VERSION
) {
1797 dbg(wpa
->nas
, "unsupported WPA IE version");
1800 mcast
= (wpa_suite_mcast_t
*)(wpaie
+ 1);
1801 len
= ie_len
- WPA_IE_FIXED_LEN
;
1802 oui
= (uint8
*)WPA_OUI
;
1803 akm2auth
= wpa_akm2auth
;
1807 dbg(wpa
->nas
, "unsupported IE type");
1811 /* init return values - no mcast cipher and no ucast cipher */
1818 /* Check for multicast suite */
1819 if (len
>= WPA_SUITE_LEN
) {
1820 if (!bcmp(mcast
->oui
, oui
, DOT11_OUI_LEN
)) {
1822 *wsec
|= WPA_CIPHER2WSEC(mcast
->type
);
1824 len
-= WPA_SUITE_LEN
;
1826 /* Check for unicast suite(s) */
1827 if (len
>= WPA_IE_SUITE_COUNT_LEN
) {
1828 ucast
= (wpa_suite_ucast_t
*)&mcast
[1];
1829 count
= ltoh16_ua((uint8
*)&ucast
->count
);
1830 len
-= WPA_IE_SUITE_COUNT_LEN
;
1832 dbg(wpa
->nas
, "# of unicast cipher suites %d", count
);
1835 if (!bcmp(ucast
->list
[0].oui
, oui
, DOT11_OUI_LEN
)) {
1837 *wsec
|= WPA_CIPHER2WSEC(ucast
->list
[0].type
);
1839 len
-= WPA_SUITE_LEN
;
1841 /* Check for auth key management suite(s) */
1842 if (len
>= WPA_IE_SUITE_COUNT_LEN
) {
1843 mgmt
= (wpa_suite_auth_key_mgmt_t
*)&ucast
->list
[1];
1844 count
= ltoh16_ua((uint8
*)&mgmt
->count
);
1845 len
-= WPA_IE_SUITE_COUNT_LEN
;
1847 dbg(wpa
->nas
, "# of AKM suites %d", count
);
1850 if (!bcmp(mgmt
->list
[0].oui
, oui
, DOT11_OUI_LEN
)) {
1852 uint16 keyauth_type
= mgmt
->list
[0].type
;
1853 if (keyauth_type
== KEYAUTH_SHA256
) {
1854 dbg(wpa
->nas
, "key auth using SHA256");
1855 sta
->key_auth_type
= KEYAUTH_SHA256
;
1859 sta
->key_auth_type
= KEYAUTH_SHA1
;
1861 m
= wpa_auth2mode(akm2auth(mgmt
->list
[0].type
));
1865 len
-= WPA_SUITE_LEN
;
1867 dbg(wpa
->nas
, "wsec 0x%x mode 0x%x", *wsec
, *mode
);
1869 /* Check for capabilities */
1870 if (len
>= WPA_CAP_LEN
) {
1871 cap
= (uint8
*)&mgmt
->list
[1];
1876 /* Check for PMKID(s) */
1877 dbg(wpa
->nas
, "checking for PMK id");
1879 case DOT11_MNG_RSN_ID
: {
1881 if (len
< WPA_IE_SUITE_COUNT_LEN
|| m
!= WPA2
|| !sta
) {
1882 dbg(wpa
->nas
, "no PMK id");
1887 pmkid
= (wpa_pmkid_list_t
*)(cap
+ WPA_CAP_LEN
);
1888 count
= ltoh16_ua((uint8
*)&pmkid
->count
);
1889 for (i
= 0, len
-= WPA_IE_SUITE_COUNT_LEN
;
1890 i
< count
&& len
>= WPA2_PMKID_LEN
;
1891 i
++, len
-= WPA2_PMKID_LEN
) {
1892 if (bcmp(pmkid
->list
[i
], sta
->suppl
.pmkid
, WPA2_PMKID_LEN
))
1894 dbg(wpa
->nas
, "found cached PMK id");
1895 dump(wpa
->nas
, sta
->suppl
.pmkid
, WPA2_PMKID_LEN
);
1902 dbg(wpa
->nas
, "NO PMK cache hit");
1907 dbg(wpa
->nas
, "no RSN id");
1910 #endif /* BCMWPA2 */
1916 /* decode WPA IE to verify authenticator wsec and auth mode */
1917 /* return 0 if authenticator supports what we are configured for */
1919 wpa_check_ie(wpa_t
*wpa
, uint8
*ie
, int ie_len
, uint32 wsec
, uint32 mode
)
1922 wpa_suite_mcast_t
*mcast
= NULL
;
1923 wpa_suite_ucast_t
*ucast
= NULL
;
1924 wpa_suite_auth_key_mgmt_t
*mgmt
= NULL
;
1926 uint16 count
= 0, i
;
1927 uint32 (*akm2auth
)(uint32 akm
) = NULL
;
1929 /* validate ie length */
1930 if (!bcm_valid_tlv((bcm_tlv_t
*)ie
, ie_len
)) {
1931 dbg(wpa
->nas
, "IE is too short");
1935 /* type specific header processing */
1936 switch ((type
= *ie
)) {
1938 case DOT11_MNG_RSN_ID
: {
1939 wpa_rsn_ie_fixed_t
*rsnie
= (wpa_rsn_ie_fixed_t
*)ie
;
1940 if (rsnie
->length
< WPA_RSN_IE_TAG_FIXED_LEN
) {
1941 dbg(wpa
->nas
, "invalid RSN IE header");
1944 if (ltoh16_ua((uint8
*)&rsnie
->version
) != WPA2_VERSION
) {
1945 dbg(wpa
->nas
, "unsupported RSN IE version");
1948 mcast
= (wpa_suite_mcast_t
*)&rsnie
[1];
1949 len
= ie_len
- WPA_RSN_IE_FIXED_LEN
;
1950 oui
= (uint8
*)WPA2_OUI
;
1951 akm2auth
= wpa2_akm2auth
;
1954 #endif /* BCMWPA2 */
1955 case DOT11_MNG_WPA_ID
: {
1956 wpa_ie_fixed_t
*wpaie
= (wpa_ie_fixed_t
*)ie
;
1957 if (wpaie
->length
< WPA_IE_TAG_FIXED_LEN
||
1958 bcmp(wpaie
->oui
, WPA_OUI
"\x01", WPA_IE_OUITYPE_LEN
)) {
1959 dbg(wpa
->nas
, "invalid WPA IE header");
1962 if (ltoh16_ua((uint8
*)&wpaie
->version
) != WPA_VERSION
) {
1963 dbg(wpa
->nas
, "unsupported WPA IE version");
1966 mcast
= (wpa_suite_mcast_t
*)&wpaie
[1];
1967 len
= ie_len
- WPA_IE_FIXED_LEN
;
1968 oui
= (uint8
*)WPA_OUI
;
1969 akm2auth
= wpa_akm2auth
;
1973 dbg(wpa
->nas
, "unsupported IE type");
1977 /* Check for multicast suite */
1978 if (len
>= WPA_SUITE_LEN
) {
1979 if (!bcmp(mcast
->oui
, oui
, DOT11_OUI_LEN
))
1980 wsec
&= ~WPA_CIPHER2WSEC(mcast
->type
);
1981 len
-= WPA_SUITE_LEN
;
1983 /* Check for unicast suite(s) */
1984 if (len
>= WPA_IE_SUITE_COUNT_LEN
) {
1985 ucast
= (wpa_suite_ucast_t
*)&mcast
[1];
1986 count
= ltoh16_ua((uint8
*)&ucast
->count
);
1987 for (i
= 0, len
-= WPA_IE_SUITE_COUNT_LEN
;
1988 i
< count
&& len
>= WPA_SUITE_LEN
;
1989 i
++, len
-= WPA_SUITE_LEN
) {
1990 if (!bcmp(ucast
->list
[i
].oui
, oui
, DOT11_OUI_LEN
))
1991 wsec
&= ~WPA_CIPHER2WSEC(ucast
->list
[i
].type
);
1994 /* Check for auth key management suite(s) */
1995 if (len
>= WPA_IE_SUITE_COUNT_LEN
) {
1996 mgmt
= (wpa_suite_auth_key_mgmt_t
*)&ucast
->list
[count
];
1997 count
= ltoh16_ua((uint8
*)&mgmt
->count
);
1998 for (i
= 0, len
-= WPA_IE_SUITE_COUNT_LEN
;
1999 i
< count
&& len
>= WPA_SUITE_LEN
;
2000 i
++, len
-= WPA_SUITE_LEN
) {
2001 if (!bcmp(mgmt
->list
[i
].oui
, oui
, DOT11_OUI_LEN
))
2002 mode
&= ~wpa_auth2mode(akm2auth(mgmt
->list
[i
].type
));
2008 #endif /* BCMSUPPL */
2010 /* parse WPA IE to retrieve key algo (converted from WPA cipher) */
2012 wpa_find_mckey_algo(wpa_t
*wpa
, uint8
*ie
, int ie_len
)
2015 wpa_suite_mcast_t
*mcast
;
2018 /* validate ie length */
2019 if (!bcm_valid_tlv((bcm_tlv_t
*)ie
, ie_len
)) {
2020 dbg(wpa
->nas
, "IE is too short");
2024 /* type specific header processing */
2027 case DOT11_MNG_RSN_ID
: {
2028 wpa_rsn_ie_fixed_t
*rsnie
= (wpa_rsn_ie_fixed_t
*)ie
;
2029 if (rsnie
->length
< WPA_RSN_IE_TAG_FIXED_LEN
) {
2030 dbg(wpa
->nas
, "invalid RSN IE header");
2033 if (ltoh16_ua((uint8
*)&rsnie
->version
) != WPA2_VERSION
) {
2034 dbg(wpa
->nas
, "unsupported RSN IE version");
2037 mcast
= (wpa_suite_mcast_t
*)(rsnie
+ 1);
2038 len
= ie_len
- WPA_RSN_IE_FIXED_LEN
;
2039 oui
= (uint8
*)WPA2_OUI
;
2042 #endif /* BCMWPA2 */
2043 case DOT11_MNG_WPA_ID
: {
2044 wpa_ie_fixed_t
*wpaie
= (wpa_ie_fixed_t
*)ie
;
2045 if (wpaie
->length
< WPA_IE_TAG_FIXED_LEN
||
2046 bcmp(wpaie
->oui
, WPA_OUI
"\x01", WPA_IE_OUITYPE_LEN
)) {
2047 dbg(wpa
->nas
, "invalid WPA IE header");
2050 if (ltoh16_ua((uint8
*)&wpaie
->version
) != WPA_VERSION
) {
2051 dbg(wpa
->nas
, "unsupported WPA IE version");
2054 mcast
= (wpa_suite_mcast_t
*)(wpaie
+ 1);
2055 len
= ie_len
- WPA_IE_FIXED_LEN
;
2056 oui
= (uint8
*)WPA_OUI
;
2060 dbg(wpa
->nas
, "unsupported IE type");
2064 /* Check for multicast suite */
2065 if (len
>= WPA_SUITE_LEN
) {
2066 if (!bcmp(mcast
->oui
, oui
, DOT11_OUI_LEN
))
2067 return WPA_CIPHER2ALGO(mcast
->type
);
2070 return CRYPTO_ALGO_OFF
;
2073 /* setup supplicant info in sta stucture */
2075 * wsec - crypto bitvec, WEP_ENABLED/TKIP_ENABLED/AES_ENABLED
2076 * algo - key algo, CRYPRO_ALGO_WEPXXXX, only when WEP_ENABLED
2079 wpa_set_suppl(wpa_t
*wpa
, nas_sta_t
*sta
, uint32 mode
, uint32 wsec
, uint32 algo
)
2081 nas_t
*nas
= wpa
->nas
;
2082 /* check if we support the requested mode */
2083 if (mode
!= (mode
& nas
->mode
)) {
2084 dbg(wpa
->nas
, "not supported mode 0x%x", mode
);
2087 /* check if we support the requested cipher */
2088 if (wsec
!= (wsec
& nas
->wsec
)) {
2089 dbg(wpa
->nas
, "not supported wsec 0x%x", wsec
);
2092 /* update sta supplicant info */
2094 if (sta
->key_auth_type
== KEYAUTH_SHA256
) {
2095 dbg(wpa
->nas
, "PMF AES");
2096 sta
->suppl
.ptk_len
= AES_PTK_LEN
;
2097 sta
->suppl
.tk_len
= AES_TK_LEN
;
2098 sta
->suppl
.desc
= WPA_KEY_DESC_V3
;
2102 if (WSEC_AES_ENABLED(wsec
)) {
2103 dbg(wpa
->nas
, "AES");
2104 sta
->suppl
.ptk_len
= AES_PTK_LEN
;
2105 sta
->suppl
.tk_len
= AES_TK_LEN
;
2106 sta
->suppl
.desc
= WPA_KEY_DESC_V2
;
2108 else if (WSEC_TKIP_ENABLED(wsec
)) {
2109 dbg(wpa
->nas
, "TKIP");
2110 sta
->suppl
.ptk_len
= TKIP_PTK_LEN
;
2111 sta
->suppl
.tk_len
= TKIP_TK_LEN
;
2112 sta
->suppl
.desc
= WPA_KEY_DESC_V1
;
2115 dbg(wpa
->nas
, "unsupported WPA unicast ciphers");
2118 dbg(wpa
->nas
, "ptk_len %d tk_len %d", sta
->suppl
.ptk_len
, sta
->suppl
.tk_len
);
2120 sta
->eapol_version
= WPA_EAPOL_VERSION
;
2123 if (mode
& (WPA2
| WPA2_PSK
))
2124 sta
->eapol_version
= WPA2_EAPOL_VERSION
;
2125 #endif /* BCMWPA2 */
2130 dbg(wpa
->nas
, "mode %d wsec %d algo %d", mode
, wsec
, algo
);
2134 /* This function does what we used to do with the EAPOL key message
2135 * synthesized by the driver, except that now there's no EAPOL key
2139 wpa_driver_assoc_msg(wpa_t
*wpa
, bcm_event_t
*dpkt
, nas_sta_t
*sta
)
2141 nas_t
*nas
= wpa
->nas
;
2142 wl_event_msg_t
*event
= &(dpkt
->event
);
2143 uint8
*data
= (uint8
*)(event
+ 1);
2144 uint16 len
= ntoh32(event
->datalen
);
2148 char eabuf
[ETHER_ADDR_STR_LEN
];
2151 wpa_ie_fixed_t
*wpaie
;
2152 uint8
*parse
= data
;
2153 int parse_len
= len
;
2158 sta_info_t
*sta_info
;
2159 char sta_info_buf
[300] __attribute__((aligned(4)));
2162 dbg(nas
, "nas->wsec 0x%x nas->mode 0x%x", nas
->wsec
, nas
->mode
);
2164 /* reset WPA IE length */
2165 sta
->suppl
.assoc_wpaie_len
= 0;
2168 wpaie
= bcm_find_wpaie(parse
, parse_len
);
2172 wpaie
= (wpa_ie_fixed_t
*)bcm_parse_tlvs(data
, len
, DOT11_MNG_RSN_ID
);
2173 #endif /* BCMWPA2 */
2175 wpaie_len
= wpaie
->length
+ TLV_HDR_LEN
;
2177 /* non-WPA sta comes in without WPA IE */
2178 if (!wpaie_len
&& WSEC_WEP_ENABLED(nas
->wsec
)) {
2179 /* Authorize sta right away if we are configured to do WEP. */
2180 if (!(nas
->mode
& RADIUS
)) {
2181 nas_set_key(nas
, &sta
->ea
, nas
->wpa
->gtk
, nas
->wpa
->gtk_len
,
2182 nas
->wpa
->gtk_index
, 0, 0, 0);
2183 dbg(nas
, "authorize %s (WEP)", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
2184 nas_authorize(nas
, &sta
->ea
);
2187 /* 802.1x request */
2190 sta
->wsec
= WEP_ENABLED
;
2191 sta
->algo
= CRYPTO_ALGO_WEP128
;
2192 dbg(wpa
->nas
, "mode %d wsec %d algo %d", sta
->mode
,
2193 sta
->wsec
, sta
->algo
);
2198 /* WPA capabilities, used in IE contruction */
2199 if ((nas
->flags
& NAS_FLAG_SUPPLICANT
) &&
2200 nas_get_wpacap(nas
, wpa
->cap
)) {
2201 dbg(nas
, "WPA capabilities retrival failed");
2205 /* If there was a stale timer descriptor, get rid of it. */
2209 /* Check supplicant WPA IE against NAS config */
2210 if (nas
->flags
& NAS_FLAG_AUTHENTICATOR
) {
2211 if (wpa_parse_ie(wpa
, (uint8
*)wpaie
, wpaie_len
, &wsec
, &mode
, &pmkc
, sta
)) {
2212 dbg(nas
, "parse supplicant WPA IE failed");
2213 dump(nas
, data
, len
);
2219 /* check authenticator WPA IE to see if it supports our config */
2221 if (wpa_check_ie(wpa
, (uint8
*)wpaie
, wpaie_len
, nas
->wsec
, nas
->mode
)) {
2222 dbg(nas
, "check authenticator WPA IE failed");
2223 dump(nas
, data
, len
);
2229 #endif /* BCMSUPPL */
2231 /* find mcast key algo. only needed when WEP as mcast key */
2232 algo
= wpa_find_mckey_algo(wpa
, (uint8
*)wpaie
, wpaie_len
);
2234 /* update supplicant info */
2235 if (wpa_set_suppl(wpa
, sta
, mode
, wsec
, algo
)) {
2236 dbg(nas
, "update STA suppl struct failed");
2240 sta
->wpa_msg_timeout_s
= RETRY_SECS
;
2241 sta
->wpa_msg_timeout_ms
= RETRY_MSECS
;
2244 if ((sta
->mode
& WPA2
) || (sta
->mode
& WPA2_PSK
)) {
2245 /* Query the Driver for the STA capabilities */
2246 bzero(sta_info_buf
, 300);
2247 nas_get_stainfo(nas
, (char *)&sta
->ea
, sizeof(struct ether_addr
), sta_info_buf
,
2249 sta_info
= (sta_info_t
*)sta_info_buf
;
2250 dbg(nas
, "sta_info ver: %d listen_interval_ms: %dms",
2251 sta_info
->ver
, sta_info
->listen_interval_inms
);
2252 sta
->wpa_msg_timeout_s
= WPA2_DEFAULT_RETRY_SECS
;
2253 sta
->wpa_msg_timeout_ms
= WPA2_DEFAULT_RETRY_MSECS
;
2254 sta
->listen_interval_ms
= sta_info
->listen_interval_inms
;
2256 #endif /* BCMWPA2 */
2257 /* Save the WPA IE */
2258 bcopy((uint8
*)wpaie
, sta
->suppl
.assoc_wpaie
, wpaie_len
);
2259 sta
->suppl
.assoc_wpaie_len
= wpaie_len
;
2261 if (CHECK_PSK(sta
->mode
)) {
2262 sta
->suppl
.pmk_len
= wpa
->pmk_len
;
2263 bcopy(wpa
->pmk
, sta
->suppl
.pmk
, wpa
->pmk_len
);
2267 /* No need to start handshake for supplicant */
2268 if (nas
->flags
& NAS_FLAG_SUPPLICANT
) {
2269 /* fill the snonce */
2270 bcopy(wpa
->global_key_counter
, sta
->suppl
.snonce
, NONCE_LEN
);
2275 #endif /* BCMSUPPL */
2277 /* If STA wants TKIP and we're in countermeasures, toss
2278 * it. Driver will block these, but there's a race early
2279 * in the period making this check is necessary.
2281 if (nas
->MIC_countermeasures
&& WSEC_TKIP_ENABLED(wsec
)) {
2282 cleanup_sta(nas
, sta
, DOT11_RC_MIC_FAILURE
, 0);
2286 /* Get the anonce */
2287 bcopy(wpa
->global_key_counter
, sta
->suppl
.anonce
, NONCE_LEN
);
2291 wpa_initialize_ipn(wpa
);
2294 /* The driver could have a stale pairwise key which would cause the
2295 * exchange to be encrypted. Be sure it's cleared.
2297 nas_set_key(nas
, &sta
->ea
, NULL
, 0, 0, 0, 0, 0);
2298 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2299 sta
->suppl
.state
= WPA_PTKSTART
;
2301 /* WPA mode needs RADIUS server acceptance before beginning
2302 * the 4-way handshake.
2304 if (sta
->mode
& WPA
) {
2305 /* send Identity Request */
2306 send_identity_req(nas
, sta
);
2310 /* WPA2 supports PMK caching. */
2311 else if (sta
->mode
& WPA2
) {
2312 dbg(nas
, "checking for a PMK Cache");
2313 /* pmk found and valid, start 4-way */
2314 if (pmkc
== 1 && sta
->pae
.ssnto
)
2317 /* send Identity Request */
2318 send_identity_req(nas
, sta
);
2322 else if (sta
->mode
& WPA2_PSK
) {
2324 * Calculate the PMK ID for the PSK case.
2325 * In the WPA2 case it gets done when the Radius Accept is received
2327 nas_wpa_calc_pmkid(wpa
, sta
);
2329 #endif /* BCMWPA2 */
2331 /* send the initial pkt in the 4 way exchange */
2333 if (wpa_send_eapol(wpa
, sta
) == FALSE
)
2336 wpa
->ptk_rekey_secs
= 0;
2337 wpa
->ptk_rekey_timer
= 0;
2339 /* move to next state */
2340 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2341 sta
->suppl
.state
= WPA_PTKINITNEGOTIATING
;
2343 /* set a timeout for retransmission */
2344 ts
= wpa_set_itimer(nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2345 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2346 if (ts
!= ITIMER_OK
)
2347 dbg(nas
, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts
);
2354 wpa_new_ptk_callback(bcm_timer_id td
, wpa_t
*wpa
)
2356 nas_t
*nas
= wpa
->nas
;
2357 nas_sta_t
*sta
= nas
->sta
;
2360 dbg(nas
, "nas->wsec %d", nas
->wsec
);
2362 /* If there was a stale timer descriptor, get rid of it. */
2366 /* No need to start handshake for supplicant */
2367 if (nas
->flags
& NAS_FLAG_SUPPLICANT
) {
2372 /* Get the anonce */
2373 bcopy(wpa
->global_key_counter
, sta
->suppl
.anonce
, NONCE_LEN
);
2376 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2377 sta
->suppl
.state
= WPA_PTKSTART
;
2379 /* send the initial pkt in the 4 way exchange */
2381 if (wpa_send_eapol(wpa
, sta
) == FALSE
)
2384 /* move to next state */
2385 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2386 sta
->suppl
.state
= WPA_PTKINITNEGOTIATING
;
2388 /* set a timeout for retransmission */
2389 ts
= wpa_set_itimer(nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2390 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2391 if (ts
!= ITIMER_OK
)
2392 dbg(nas
, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts
);
2401 * 1. We need to send out EAPOL key message with WPA_KEY_REQ bit set to
2402 * the originating STA if we are supplicant so that the authenticator
2403 * on that STA can initiate the key exchange.
2404 * 2. We need to initiate key exchange with the originating STA if we are
2405 * authenticator and no key exchange is currently in progress.
2407 int wpa_driver_disassoc_msg(wpa_t
*wpa
, bcm_event_t
*dpkt
, nas_sta_t
*sta
)
2409 wl_event_msg_t
*event
= &(dpkt
->event
);
2410 uint8
*data
= (uint8
*)(event
+ 1);
2411 uint16 len
= ntoh32(event
->datalen
);
2413 nas_t
*nas
= wpa
->nas
;
2416 char eabuf
[ETHER_ADDR_STR_LEN
];
2419 /* non-WDS processing */
2420 if (!(nas
->flags
& NAS_FLAG_WDS
)) {
2425 /* we must check reason code and then decide what to do */
2427 dbg(nas
, "reason code length error in driver disassoc message");
2430 /* TODO:reason = *(uint16 *)(dpkt+1); */
2431 reason
= *(uint16
*) data
;
2432 reason
= ntoh16(reason
);
2433 if (reason
!= DOT11_RC_AUTH_INVAL
) {
2434 dbg(nas
, "reason code is not DOT11_RC_AUTH_INVAL");
2438 /* use existing sta or create a new one */
2440 sta
= lookup_sta(nas
, (struct ether_addr
*)&dpkt
->eth
.ether_shost
,
2443 dbg(nas
, "sta %s not available", ether_etoa((uchar
*)&dpkt
->eth
.ether_shost
,
2449 /* don't interrupt on-going negotiation */
2451 dbg(nas
, "sta %s is busy", ether_etoa((uchar
*)&dpkt
->eth
.ether_shost
, eabuf
));
2457 /* we are supplicant */
2458 if (nas
->flags
& NAS_FLAG_SUPPLICANT
)
2459 wpa_request(wpa
, sta
);
2461 /* we are authenticator and no key exchange in progress */
2462 if (nas
->flags
& NAS_FLAG_AUTHENTICATOR
)
2463 wpa_start(wpa
, sta
);
2471 wpa_verifystart(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2473 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2474 nas_t
*nas
= wpa
->nas
;
2477 /* Is this a eapol-wpa-key request pkt */
2478 if ((ntohs(body
->key_info
) & WPA_KEY_REQ
) == 0) {
2479 dbg(nas
, "This was not a request pkt");
2483 /* ensure the timer was cleared */
2486 /* check supplicant auth mode. */
2487 if (wpa_parse_ie(wpa
, body
->data
, ntohs(body
->data_len
), NULL
, &mode
, NULL
, NULL
)) {
2488 dbg(nas
, "parse supplicant WPA IE failed");
2491 if ((mode
& nas
->mode
) != mode
) {
2492 dbg(nas
, "unsupported mode 0x%x", mode
);
2496 /* Save the WPA IE */
2497 bcopy(body
->data
, sta
->suppl
.assoc_wpaie
, ntohs(body
->data_len
));
2498 sta
->suppl
.assoc_wpaie_len
= ntohs(body
->data_len
);
2500 /* Get the anonce */
2501 bcopy(wpa
->global_key_counter
, sta
->suppl
.anonce
, NONCE_LEN
);
2504 /* Move to next state */
2505 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2506 sta
->suppl
.state
= WPA_PTKSTART
;
2513 wpa_ptkstart(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2515 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2516 unsigned short key_info
;
2519 /* Is this a key request? */
2520 if (!((key_info
= ntohs(body
->key_info
)) & WPA_KEY_REQ
)) {
2521 dbg(wpa
->nas
, "invalid EAPOL WPA key request");
2524 if ((key_info
& WPA_KEY_ERROR
) != 0) {
2525 dbg(wpa
->nas
, "KEY_ERROR flag set during PTKINIT");
2528 /* ensure the timer was cleared */
2531 /* send the initial pkt in the 4 way exchange */
2533 if (wpa_send_eapol(wpa
, sta
) == FALSE
)
2536 /* move to next state */
2537 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2538 sta
->suppl
.state
= WPA_PTKINITNEGOTIATING
;
2540 /* set a timeout for retransmission */
2541 ts
= wpa_set_itimer(wpa
->nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2542 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2543 if (ts
!= ITIMER_OK
)
2544 dbg(wpa
->nas
, "Setting PTKINITNEGOTIATING interval timer failed, code %d", ts
);
2546 dbg(wpa
->nas
, "done");
2551 wpa_goto_rekeyneg(nas_sta_t
*sta
)
2553 dbg(sta
->nas
, "Falling thru to group key negotiation");
2555 wpa_ptkinitdone2(sta
->nas
->wpa
, sta
);
2559 wpa_ptkinitnegotiating(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2561 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2562 ushort key_info
, wpaie_len
;
2563 unsigned int required_flags
, prohibited_flags
;
2566 /* Check that the packet looks like the correct response */
2567 required_flags
= WPA_KEY_PAIRWISE
| WPA_KEY_MIC
;
2568 prohibited_flags
= WPA_KEY_ACK
| WPA_KEY_INDEX_MASK
;
2569 key_info
= ntohs(body
->key_info
);
2571 if (((key_info
& required_flags
) != required_flags
) ||
2572 ((key_info
& prohibited_flags
) != 0)) {
2573 dbg(wpa
->nas
, "Ignoring key response with incorrect key_info 0x%04x",
2578 /* check the replay counter */
2579 if (bcmp(body
->replay
, sta
->suppl
.replay
, REPLAY_LEN
) != 0) {
2580 /* Ignore this message */
2581 dbg(wpa
->nas
, "failed replay check; ignoring");
2585 /* kill timeouts from previous state */
2588 /* Check the WPA IE */
2589 wpaie_len
= ntohs(body
->data_len
);
2590 if (!wpaie_len
|| wpaie_len
!= sta
->suppl
.assoc_wpaie_len
||
2591 bcmp(body
->data
, sta
->suppl
.assoc_wpaie
, wpaie_len
) != 0) {
2592 dbg(wpa
->nas
, "WPA IE mismatch");
2593 dbg(wpa
->nas
, "WPA IE in 4-way handshake message #2");
2594 dump(wpa
->nas
, body
->data
, wpaie_len
);
2595 dbg(wpa
->nas
, "WPA IE in driver assoc indication");
2596 dump(wpa
->nas
, sta
->suppl
.assoc_wpaie
, wpaie_len
);
2600 /* Get the snonce */
2601 bcopy(body
->nonce
, sta
->suppl
.snonce
, NONCE_LEN
);
2603 /* generate the PTK */
2604 wpa_calc_ptk(wpa
, sta
);
2607 if (wpa_check_mic(sta
, eapol
) == FALSE
) {
2608 /* "Silently" discard (8.5.3.2) */
2609 dbg(wpa
->nas
, "MIC check failed; ignoring message");
2610 ts
= wpa_set_itimer(wpa
->nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2611 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2612 if (ts
!= ITIMER_OK
)
2613 dbg(wpa
->nas
, "Setting PTKSTART retry interval timer failed, code %d", ts
);
2617 /* increment the replay counter */
2618 wpa_incr_array(sta
->suppl
.replay
, REPLAY_LEN
);
2622 if (wpa_send_eapol(wpa
, sta
) == FALSE
)
2625 /* install the special handler to fall thru to group key exchange if
2626 * sending m3 of 4-way handshake exceeds max. retries, which basically
2627 * means m3 or m4 is lost
2629 if (sta
->mode
& (WPA
| WPA_PSK
))
2630 sta
->retx_exceed_hndlr
= wpa_goto_rekeyneg
;
2632 /* set a timeout for retransmission */
2633 ts
= wpa_set_itimer(wpa
->nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2634 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2635 if (ts
!= ITIMER_OK
)
2636 dbg(wpa
->nas
, "Setting PTKINITDONE retry interval timer failed, code %d", ts
);
2638 /* move to next state */
2639 sta
->suppl
.retry_state
= sta
->suppl
.state
;
2640 sta
->suppl
.state
= WPA_PTKINITDONE
;
2641 dbg(wpa
->nas
, "done");
2646 wpa_ptkinitdone(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2648 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2649 nas_t
*nas
= wpa
->nas
;
2651 unsigned int required_flags
, prohibited_flags
;
2653 /* Check that the packet looks like the correct response */
2654 required_flags
= WPA_KEY_PAIRWISE
| WPA_KEY_MIC
;
2656 if ((sta
->mode
& (WPA2
| WPA2_PSK
)))
2657 required_flags
|= WPA_KEY_SECURE
;
2659 if (nas
->flags
& NAS_FLAG_WDS
)
2660 required_flags
|= WPA_KEY_SECURE
;
2661 prohibited_flags
= WPA_KEY_ACK
| WPA_KEY_INDEX_MASK
;
2662 key_info
= ntohs(body
->key_info
);
2664 if (((key_info
& required_flags
) != required_flags
) ||
2665 ((key_info
& prohibited_flags
) != 0)) {
2666 dbg(nas
, "Ignoring key response with incorrect key_info 0x%04x",
2671 /* check the replay counter */
2672 if (bcmp(body
->replay
, sta
->suppl
.replay
, REPLAY_LEN
) != 0) {
2673 /* Ignore this message. */
2674 dbg(nas
, "failed replay check; ignoring");
2679 if (wpa_check_mic(sta
, eapol
) == FALSE
) {
2680 /* "silently" discard (8.5.3.4) */
2681 dbg(nas
, "MIC check failed; ignoring message");
2685 /* Update key and start group key exchange if necessary */
2686 return wpa_ptkinitdone2(wpa
, sta
);
2689 /* plumb the pairwise key and start group key exchange */
2691 wpa_ptkinitdone2(wpa_t
*wpa
, nas_sta_t
*sta
)
2693 nas_t
*nas
= wpa
->nas
;
2696 char eabuf
[ETHER_ADDR_STR_LEN
];
2699 /* kill timeouts from previous state */
2702 /* plumb pairwise key */
2703 if (nas_set_key(nas
, &sta
->ea
, sta
->suppl
.temp_encr_key
,
2704 sta
->suppl
.tk_len
, 0, 1, 0, 0) < 0) {
2705 dbg(nas
, "unicast key rejected by driver, assuming too many associated STAs");
2706 cleanup_sta(nas
, sta
, DOT11_RC_BUSY
, 0);
2710 /* not perform group key exchange if not required so */
2711 if ((nas
->flags
& NAS_FLAG_WDS
) ||
2712 CHECK_WPA2(sta
->mode
)) {
2714 TIMER_DELETE(sta
->wds_td
);
2718 /* Authorize supplicant */
2719 dbg(nas
, "authorize %s (WPA)", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
2720 nas_authorize(nas
, &sta
->ea
);
2722 sta
->suppl
.state
= sta
->suppl
.retry_state
= WPA_SETKEYSDONE
;
2727 /* increment the replay counter */
2728 wpa_incr_array(sta
->suppl
.replay
, REPLAY_LEN
);
2730 /* Initiate the group key exchange */
2731 sta
->suppl
.state
= WPA_REKEYNEGOTIATING
;
2733 /* set the GTK if not already done */
2734 if (!(nas
->flags
& NAS_FLAG_GTK_PLUMBED
)) {
2735 wpa_init_gtk(wpa
, sta
);
2738 wpa
->igtk
.id
= IGTK_NEXT_INDEX(wpa
);
2743 if (nas_get_group_rsc(nas
, &wpa
->gtk_rsc
[0], wpa
->gtk_index
)) {
2744 /* Don't use what we don't have. */
2745 memset(wpa
->gtk_rsc
, 0, sizeof(wpa
->gtk_rsc
));
2746 dbg(nas
, "failed to find group key RSC");
2751 if (wpa_send_eapol(wpa
, sta
) == FALSE
) {
2754 sta
->suppl
.retry_state
= WPA_REKEYNEGOTIATING
;
2756 /* set a timeout for retransmission */
2757 ts
= wpa_set_itimer(nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
2758 (int) sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
);
2759 if (ts
!= ITIMER_OK
)
2760 dbg(nas
, "Setting REKEYNEGOTIATING retry interval timer failed, code %d", ts
);
2765 wpa_rekeyneg(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2767 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2769 unsigned int required_flags
, prohibited_flags
;
2771 char eabuf
[ETHER_ADDR_STR_LEN
];
2774 /* Check that the packet looks like the correct response.
2775 * WPA_KEY_ERROR is not really "prohibited". It's set as
2776 * though it is to simplify its special case.
2778 required_flags
= WPA_KEY_SECURE
| WPA_KEY_MIC
;
2779 prohibited_flags
= WPA_KEY_ACK
| WPA_KEY_PAIRWISE
| WPA_KEY_ERROR
;
2780 key_info
= ntohs(body
->key_info
);
2782 if (((key_info
& required_flags
) != required_flags
) ||
2783 ((key_info
& prohibited_flags
) != 0)) {
2784 /* Pick off MIC failure reports and the like that
2785 * arrive while we're in a group key exchange.
2787 if ((key_info
& WPA_KEY_ERROR
) != 0) {
2788 wpa_setkeysdone(wpa
, sta
, eapol
);
2790 dbg(wpa
->nas
, "Ignoring key response with incorrect key_info 0x%04x",
2796 /* check the replay counter */
2797 if (bcmp(body
->replay
, sta
->suppl
.replay
, REPLAY_LEN
) != 0) {
2798 /* Ignore the message. */
2799 dbg(wpa
->nas
, "failed replay check; ignoring");
2804 if (wpa_check_mic(sta
, eapol
) == FALSE
) {
2805 dbg(wpa
->nas
, "MIC check failed; ignoring message");
2809 /* kill timeouts from previous state */
2812 /* Authorize supplicant */
2813 dbg(wpa
->nas
, "authorize %s (WPA)", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
2814 nas_authorize(wpa
->nas
, &sta
->ea
);
2816 /* These states need more thought. */
2817 sta
->suppl
.state
= sta
->suppl
.retry_state
= WPA_SETKEYSDONE
;
2818 dbg(wpa
->nas
, "Group key exchange with %s completed",
2819 ether_etoa((uchar
*)&sta
->ea
, eabuf
));
2821 /* set PTK rekey timer */
2822 if (wpa
->ptk_rekey_secs
) {
2823 itimer_status_t ts
= wpa_set_itimer(wpa
->nas
->timer
, &wpa
->ptk_rekey_timer
,
2824 (bcm_timer_cb
)wpa_new_ptk_callback
,
2825 (int)wpa
, wpa
->ptk_rekey_secs
, 0);
2826 if (ts
!= ITIMER_OK
)
2827 dbg(wpa
->nas
, "PTK interval timer set failed, code %d", ts
);
2834 wpa_setkeysdone(wpa_t
*wpa
, nas_sta_t
*sta
, eapol_header_t
*eapol
)
2836 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2837 unsigned int required_flags
, prohibited_flags
, MIC_failure_flags
;
2840 dbg(wpa
->nas
, "start");
2842 /* Is this a proper WPA key request? */
2843 required_flags
= WPA_KEY_REQ
;
2844 prohibited_flags
= WPA_KEY_ACK
;
2845 key_info
= ntohs(body
->key_info
);
2846 if (((key_info
& required_flags
) != required_flags
) ||
2847 ((key_info
& prohibited_flags
) != 0)) {
2849 if (((key_info
& WPA_KEY_REQ
) == 0) &&
2850 !bcmp(body
->replay
, sta
->suppl
.replay
, REPLAY_LEN
)) {
2851 /* Silently ignore redundant tardy reply */
2853 dbg(wpa
->nas
, "Ignoring invalid EAPOL WPA key request, key_info 0x%04x",
2858 /* The combination of REQ, ERROR, and MIC is the STA's way
2859 * of informing the authenticator of a MIC failure.
2861 MIC_failure_flags
= WPA_KEY_ERROR
| WPA_KEY_REQ
| WPA_KEY_MIC
;
2862 if ((key_info
& MIC_failure_flags
) == MIC_failure_flags
) {
2863 wpa_mic_error(wpa
, sta
, FALSE
);
2867 if (key_info
& WPA_KEY_PAIRWISE
) {
2868 /* A STA wants its pairwise key updated. */
2869 sta
->suppl
.state
= WPA_PTKSTART
;
2870 /* This will fall into the 4-way handshake on return. */
2873 /* It's a request to update group keys for all. */
2874 /* Some places in the spec say there should be a 4-way
2875 * handshake for the requester, too.
2879 dbg(wpa
->nas
, "done");
2884 static char *sta_state
[] = {
2885 /* authenticator states */
2886 /* 4 way pkt exchange state machine */
2890 "WPA_AUTHENTICATION2",
2894 "WPA_PTKINITNEGOTIATING",
2897 "WPA_INTEGRITYFAILURE",
2899 /* group key state machine */
2900 "WPA_REKEYNEGOTIATING",
2902 "WPA_REKEYESTABLISHED",
2903 /* Authenticator, group key */
2907 /* supplicant states */
2908 "WPA_SUP_DISCONNECTED",
2909 "WPA_SUP_INITIALIZE",
2910 "WPA_SUP_AUTHENTICATION",
2911 "WPA_SUP_STAKEYSTARTP",
2912 "WPA_SUP_STAKEYSTARTG",
2914 #endif /* BCMSUPPL */
2917 sta_state_name(int state
)
2919 return state
< sizeof(sta_state
)/sizeof(sta_state
[0]) ?
2920 sta_state
[state
] : "unknown";
2926 * Traverse a string of 1-byte tag/1-byte length/variable-length value
2927 * triples, returning a pointer to the substring whose first element
2931 eapol_sup_process_key(wpa_t
*wpa
, eapol_header_t
*eapol
, nas_sta_t
*sta
)
2933 eapol_wpa_key_header_t
*body
= (eapol_wpa_key_header_t
*)eapol
->body
;
2934 ushort key_info
= ntohs(body
->key_info
);
2935 ushort data_len
= ntohs(body
->data_len
);
2936 /* uint8 TSnonce[NONCE_LEN]; */
2937 bool UpdatePTK
= FALSE
;
2939 bool UpdateGTK
= FALSE
;
2941 eapol_sup_pk_state_t state
= EAPOL_SUP_PK_UNKNOWN
;
2943 /* get replay counter from recieved frame */
2944 bcopy(body
->replay
, sta
->suppl
.replay
, REPLAY_LEN
);
2946 dbg(wpa
->nas
, "start");
2947 if (key_info
& WPA_KEY_MIC
) {
2948 dbg(wpa
->nas
, "MIC");
2949 if (wpa_check_mic(sta
, eapol
) == FALSE
) {
2950 dbg(wpa
->nas
, "MIC Failed");
2951 state
= EAPOL_SUP_PK_MICFAILED
;
2953 dbg(wpa
->nas
, "MIC OK");
2954 state
= EAPOL_SUP_PK_MICOK
;
2959 /* decrypt key data field */
2960 if ((sta
->mode
& (WPA2
| WPA2_PSK
)) &&
2961 (key_info
& WPA_KEY_ENCRYPTED_DATA
))
2962 if (!wpa_decr_key_data(wpa
, sta
, body
)) {
2963 err(wpa
->nas
, "decryption of key data failed");
2964 nas_handle_error(wpa
->nas
, 1);
2966 #endif /* BCMWPA2 */
2969 if (key_info
& WPA_KEY_PAIRWISE
) {
2970 sta
->suppl
.state
= WPA_SUP_STAKEYSTARTP
;
2971 /* 4-way handshke message 1 - reset state to EAPOL_SUP_PK_MSG1 */
2972 if (!(key_info
& WPA_KEY_MIC
)) {
2973 nas_set_key(wpa
->nas
, &sta
->ea
, NULL
, 0, 0, 0, 0, 0);
2974 sta
->suppl
.pk_state
= EAPOL_SUP_PK_MSG1
;
2976 /* 4-way handshake message 3 - validate current state */
2977 else if (sta
->suppl
.pk_state
!= EAPOL_SUP_PK_MSG3
)
2981 sta
->suppl
.state
= WPA_SUP_STAKEYSTARTG
;
2983 /* Per 802.11i spec, silently drop MIC failures */
2984 if (key_info
& WPA_KEY_PAIRWISE
) {
2985 dbg(wpa
->nas
, "Pairwise");
2987 if (state
!= EAPOL_SUP_PK_MICFAILED
) {
2988 dbg(wpa
->nas
, "!Failed");
2989 /* bcopy(suppl->snonce, TSNonce, NONCE_LEN); */
2990 if (key_info
& WPA_KEY_INSTALL
) {
2992 if ((sta
->mode
& (WPA2
| WPA2_PSK
))) {
2994 int len
= ntohs(body
->data_len
);
2996 dbg(wpa
->nas
, "data_len %d", len
);
2998 rsnie
= bcm_parse_tlvs(body
->data
, len
, DOT11_MNG_RSN_ID
);
3000 dbg(wpa
->nas
, "found rsnie");
3002 dbg(wpa
->nas
, "didn't find rsnie");
3004 if (!(UpdateGTK
= wpa_extract_gtk(wpa
, sta
, eapol
))) {
3005 err(wpa
->nas
, "extraction of gtk from eapol message"
3007 nas_handle_error(wpa
->nas
, 1);
3011 #endif /* BCMWPA2 */
3012 /* Check message 3 WPA IE against probe response IE. */
3013 if (!data_len
|| data_len
!= sta
->suppl
.assoc_wpaie_len
||
3014 bcmp(body
->data
, sta
->suppl
.assoc_wpaie
, data_len
)) {
3015 dbg(wpa
->nas
, "WPA IE mismatch");
3016 dbg(wpa
->nas
, "WPA IE in 4-way handdshake message #3");
3017 dump(wpa
->nas
, body
->data
, data_len
);
3018 dbg(wpa
->nas
, "WPA IE in driver assoc indication");
3019 dump(wpa
->nas
, sta
->suppl
.assoc_wpaie
,
3020 sta
->suppl
.assoc_wpaie_len
);
3021 return EAPOL_SUP_PK_ERROR
;
3024 bcopy(body
->nonce
, sta
->suppl
.anonce
, NONCE_LEN
);
3025 wpa_calc_ptk(wpa
, sta
);
3028 if (state
== EAPOL_SUP_PK_MICOK
) {
3029 dbg(wpa
->nas
, "MICOK");
3030 if (key_info
& WPA_KEY_INSTALL
)
3033 dbg(wpa
->nas
, "INSTALL flag not set in msg 3 key_info; no PTK"
3037 } else if (state
== EAPOL_SUP_PK_MICOK
) {
3038 dbg(wpa
->nas
, "Group, MICOK");
3040 if ((sta
->mode
& (WPA2
| WPA2_PSK
))) {
3041 if (!(UpdateGTK
= wpa_extract_gtk(wpa
, sta
, eapol
))) {
3042 err(wpa
->nas
, "extraction of gtk from eapol message failed");
3043 nas_handle_error(wpa
->nas
, 1);
3046 #endif /* BCMWPA2 */
3048 if (!wpa_decr_gtk(wpa
, sta
, body
)) {
3049 dbg(wpa
->nas
, "unencrypt failed");
3050 state
= EAPOL_SUP_PK_MICFAILED
;
3052 dbg(wpa
->nas
, "unencrypt ok, plumb gtk");
3053 wpa_plumb_gtk(wpa
, key_info
& WPA_KEY_INSTALL
);
3054 /* nas_deauthenticate(wpa->nas, suppl->ea) */
3060 dbg(wpa
->nas
, "Group, !MICOK");
3061 state
= EAPOL_SUP_PK_MICFAILED
;
3064 if ((key_info
& WPA_KEY_ACK
) && (state
!= EAPOL_SUP_PK_MICFAILED
)) {
3065 dbg(wpa
->nas
, "ACK, !Failed");
3066 /* Send EAPOL(0, 1, 0, 0, 0, K, 0, TSNonce, 0, MIC(TPTK), 0) */
3067 if (wpa_send_eapol(wpa
, sta
) == FALSE
) {
3068 dbg(wpa
->nas
, "error: can't send eapol msg to AP");
3069 return EAPOL_SUP_PK_ERROR
;
3072 if (UpdatePTK
== TRUE
) {
3073 dbg(wpa
->nas
, "UpdatePTK");
3076 if (nas_set_key(wpa
->nas
, &sta
->ea
, sta
->suppl
.temp_encr_key
, sta
->suppl
.tk_len
, 0,
3078 dbg(wpa
->nas
, "nas_set_key() failed");
3079 nas_deauthenticate(wpa
->nas
, &sta
->ea
, DOT11_RC_BUSY
);
3083 if (UpdateGTK
== TRUE
) {
3084 dbg(wpa
->nas
, "UpdateGTK");
3085 wpa_plumb_gtk(wpa
, key_info
& WPA_KEY_INSTALL
);
3088 if ((state
== EAPOL_SUP_PK_MICOK
) && (key_info
& WPA_KEY_SECURE
)) {
3090 char eabuf
[ETHER_ADDR_STR_LEN
];
3093 /* Authorize authenticator */
3094 dbg(wpa
->nas
, "authorize %s (WPA)", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3095 nas_authorize(wpa
->nas
, &sta
->ea
);
3097 /* We are done! no more retries */
3100 TIMER_DELETE(sta
->wds_td
);
3103 dbg(wpa
->nas
, "done");
3107 /* Process a WPA-EAPOL-Key packet at the supplicant */
3109 process_sup_wpa(wpa_t
*wpa
, eapol_header_t
*eapol
, nas_sta_t
*sta
)
3112 nas_t
*nas
= wpa
->nas
;
3113 char eabuf
[ETHER_ADDR_STR_LEN
];
3114 eapol_wpa_key_header_t
*wpa_key
= (eapol_wpa_key_header_t
*)eapol
->body
;
3115 uint16 key_info
= ntohs(wpa_key
->key_info
);
3118 dbg(nas
, "start for %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3119 dbg(nas
, "state %s key info %04x", sta_state_name(sta
->suppl
.state
), key_info
);
3121 if (sta
->suppl
.state
== WPA_SUP_AUTHENTICATION
)
3122 sta
->suppl
.state
= WPA_SUP_STAKEYSTARTP
;
3123 if (sta
->suppl
.retry_state
== WPA_SUP_AUTHENTICATION
)
3124 sta
->suppl
.retry_state
= WPA_SUP_STAKEYSTARTP
;
3126 /* Proceed with the key exchange... */
3128 /* !!! most of this belongs somewhere else. only STAKEYSTAT is handled here */
3130 switch (sta
->suppl
.state
) {
3131 case WPA_SUP_DISCONNECTED
:
3132 dbg(nas
, "WPA_SUP_DISCONNECTED");
3133 /* StaDisconnect() */
3135 case WPA_SUP_INITIALIZE
:
3136 dbg(nas
, "WPA_SUP_INITIALIZE: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3139 802.1X:; portEnabled = FALSE
3142 802.1X:portValid = FALSE
3145 case WPA_SUP_AUTHENTICATION
:
3146 dbg(nas
, "WPA_SUP_AUTHENTICATION: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3151 802.1X::portValid = FALSE
3152 802.1X::portControl = Auto
3153 802.1X::portEnabled = FALSE
3156 case WPA_SUP_STAKEYSTARTP
:
3157 case WPA_SUP_STAKEYSTARTG
:
3158 dbg(nas
, "WPA_SUP_STAKEYSTARTP/G: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3159 /* ensure the timer was cleared */
3161 if (eapol_sup_process_key(wpa
, eapol
, sta
) == EAPOL_SUP_PK_ERROR
)
3164 case WPA_SUP_KEYUPDATE
:
3165 dbg(nas
, "WPA_SUP_KEYUPDATE: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3171 IntegrityFailed = False
3176 dbg(nas
, "error: WPA state not recognized %d for sta %s",
3177 sta
->suppl
.state
, ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3183 #endif /* BCMSUPPL */
3185 /* Process a WPA-EAPOL-Key packet */
3187 process_wpa(wpa_t
*wpa
, eapol_header_t
*eapol
, nas_sta_t
*sta
)
3190 nas_t
*nas
= wpa
->nas
;
3192 char eabuf
[ETHER_ADDR_STR_LEN
];
3194 eapol_wpa_key_header_t
*wpa_key
= (eapol_wpa_key_header_t
*)eapol
->body
;
3195 uint16 key_info
= ntohs(wpa_key
->key_info
);
3197 dbg(nas
, "start for %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3198 dbg(nas
, "state %s key info %04x", sta_state_name(sta
->suppl
.state
), key_info
);
3201 * Supplicant requested a 4-way handshake. May or may not honor
3202 * the request depending on our own state.
3204 if ((nas
->flags
& NAS_FLAG_WDS
) &&
3205 (key_info
& WPA_KEY_REQ
) && (key_info
& WPA_KEY_PAIRWISE
)) {
3206 if (sta
->suppl
.state
== WPA_AUTHENTICATION2
||
3207 sta
->suppl
.state
== WPA_PTKINITNEGOTIATING
||
3208 sta
->suppl
.state
== WPA_SETKEYSDONE
||
3209 sta
->suppl
.state
== WPA_DISCONNECT
) {
3211 * Start handshake if when there is no initiator in progress.
3214 wpa_start(wpa
, sta
);
3220 /* If STA wants TKIP and we're in countermeasures, toss
3221 * it. Driver will block these, but there's a race early
3222 * in the period making this check is necessary.
3224 if (nas
->MIC_countermeasures
&& WSEC_TKIP_ENABLED(sta
->wsec
)) {
3225 cleanup_sta(nas
, sta
, DOT11_RC_MIC_FAILURE
, 0);
3230 switch (sta
->suppl
.state
) {
3231 case WPA_SETKEYSDONE
:
3232 /* A supplicant in this state is probably here
3233 * asking to be rekeyed.
3235 dbg(nas
, "SETKEYSDONE: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3236 wpa_setkeysdone(wpa
, sta
, eapol
);
3237 if (sta
->suppl
.state
!= WPA_PTKSTART
)
3240 case WPA_AUTHENTICATION2
:
3241 dbg(nas
, "AUTHENTICATION2: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3242 if (wpa_verifystart(wpa
, sta
, eapol
)) {
3245 else if (!sta
|| ((sta
->mode
& WPA
) &&
3246 (sta
->suppl
.retry_state
!= WPA_PTKSTART
)))
3247 /* WPA-mode will be back if RADIUS auth works. */
3252 dbg(nas
, "PTKSTART: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3253 ret
= wpa_ptkstart(wpa
, sta
, eapol
);
3256 case WPA_PTKINITNEGOTIATING
:
3257 dbg(nas
, "PTKINITNEGOTIATING: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3258 ret
= wpa_ptkinitnegotiating(wpa
, sta
, eapol
);
3261 case WPA_PTKINITDONE
:
3262 dbg(nas
, "PTKINITDONE: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3263 ret
= wpa_ptkinitdone(wpa
, sta
, eapol
);
3266 case WPA_REKEYNEGOTIATING
:
3267 dbg(nas
, "WPA_REKEYNEGOTIATING: %s", ether_etoa((uchar
*)&sta
->ea
, eabuf
));
3268 wpa_rekeyneg(wpa
, sta
, eapol
);
3272 dbg(nas
, "error: WPA state not recognized");
3280 /* generate the initial global_key_counter */
3282 initialize_global_key_counter(wpa_t
*wpa
)
3284 unsigned char buff
[32], prf_buff
[PRF_RESULT_LEN
];
3285 unsigned char prefix
[] = "Init Counter";
3287 nas_rand128(&buff
[0]);
3288 nas_rand128(&buff
[16]);
3289 /* Still not exactly right, but better. */
3290 fPRF(buff
, sizeof(buff
), prefix
, strlen((char *)prefix
),
3291 (unsigned char *) &wpa
->nas
->ea
, ETHER_ADDR_LEN
,
3292 prf_buff
, KEY_COUNTER_LEN
);
3293 memcpy(wpa
->global_key_counter
, prf_buff
, KEY_COUNTER_LEN
);
3294 memcpy(wpa
->initial_gkc
, wpa
->global_key_counter
, KEY_COUNTER_LEN
);
3298 /* generate the initial global_key_counter */
3300 wpa_initialize_ipn(wpa_t
*wpa
)
3302 unsigned char buff
[32], prf_buff
[PRF_RESULT_LEN
];
3303 unsigned char prefix
[] = "Init Counter";
3305 printf("%s: enter\n", __FUNCTION__
);
3306 nas_rand128(&buff
[0]);
3307 nas_rand128(&buff
[16]);
3308 /* Still not exactly right, but better. */
3309 fPRF(buff
, sizeof(buff
), prefix
, strlen((char *)prefix
),
3310 (unsigned char *) &wpa
->nas
->ea
, ETHER_ADDR_LEN
,
3311 prf_buff
, KEY_COUNTER_LEN
);
3312 memcpy(&wpa
->igtk
.ipn_lo
, prf_buff
, sizeof(uint32
));
3313 memcpy(&wpa
->igtk
.ipn_hi
, prf_buff
+sizeof(uint32
), sizeof(uint16
));
3314 printf("%s: done\n", __FUNCTION__
);
3318 wpa_gen_igtk(wpa_t
*wpa
)
3320 unsigned char data
[256], prf_buff
[PRF_RESULT_LEN
];
3321 unsigned char prefix
[] = "Group key expansion";
3324 printf("%s: enter\n", __FUNCTION__
);
3325 wpa
->igtk
.len
= AES_TK_LEN
;
3327 /* create the the data portion */
3328 bcopy((char*)&wpa
->nas
->ea
, (char*)&data
[data_len
], ETHER_ADDR_LEN
);
3329 data_len
+= ETHER_ADDR_LEN
;
3330 *(uint32
*)&data
[data_len
] = wpa
->igtk
.ipn_lo
;
3331 *(uint16
*)&data
[data_len
+sizeof(uint32
)] = wpa
->igtk
.ipn_hi
;
3334 if (wpa
->igtk
.ipn_lo
== 0)
3337 /* generate the GTK */
3338 fPRF(wpa
->gmk
, sizeof(wpa
->gmk
), prefix
, strlen((char *)prefix
),
3339 data
, data_len
, prf_buff
, AES_TK_LEN
);
3340 memcpy(wpa
->igtk
.key
, prf_buff
, AES_TK_LEN
);
3341 printf("WPA plugin IGTK, ID %d len %d ", wpa
->igtk
.id
, wpa
->igtk
.len
);
3342 nas_set_key(wpa
->nas
, &wpa
->nas
->ea
, wpa
->igtk
.key
, wpa
->igtk
.len
, wpa
->igtk
.id
, 0,
3343 wpa
->igtk
.ipn_lo
, wpa
->igtk
.ipn_hi
);
3348 wpa_incr_gkc(wpa_t
*wpa
)
3350 wpa_incr_array(wpa
->global_key_counter
, KEY_COUNTER_LEN
);
3352 /* if key counter is now equal to the original one, reset it */
3353 if (!bcmp(wpa
->global_key_counter
, wpa
->initial_gkc
, KEY_COUNTER_LEN
))
3354 initialize_global_key_counter(wpa
);
3358 initialize_gmk(wpa_t
*wpa
)
3360 unsigned char *gmk
= (unsigned char *)wpa
->gmk
;
3362 nas_rand128(&gmk
[0]);
3363 nas_rand128(&gmk
[16]);
3367 /* build and send EAPOL key request message */
3369 request_pkinit(bcm_timer_id timer
, int data
)
3371 nas_sta_t
*sta
= (nas_sta_t
*)data
;
3372 nas_t
*nas
= sta
->nas
;
3373 wpa_t
*wpa
= nas
->wpa
;
3375 /* If there was a stale timer descriptor, get rid of it. */
3379 * build expected authenticator wpaie so that we can compare
3380 * what's carried in message #3 of the 4-way handshake.
3381 * No WEP supported when doing WPA over WDS.
3383 sta
->suppl
.assoc_wpaie_len
= sizeof(sta
->suppl
.assoc_wpaie
);
3384 wpa_build_ie(wpa
, nas
->wsec
, CRYPTO_ALGO_OFF
, nas
->mode
,
3385 sta
->suppl
.assoc_wpaie
, &sta
->suppl
.assoc_wpaie_len
);
3387 /* we should have no key installed in the MAC by now */
3388 sta
->suppl
.retry_state
= sta
->suppl
.state
;
3389 sta
->suppl
.state
= WPA_SUP_INITIALIZE
;
3391 /* WPA mode needs RADIUS server acceptance before beginning
3392 * the 4-way handshake.
3394 if (nas
->mode
& WPA
)
3397 /* send the key request pkt to start the 4 way exchange */
3399 if (wpa_send_eapol(wpa
, sta
) == FALSE
)
3402 /* move to next state */
3403 sta
->suppl
.retry_state
= sta
->suppl
.state
;
3404 sta
->suppl
.state
= WPA_SUP_AUTHENTICATION
;
3406 /* set a timeout for retransmission */
3407 if (wpa_set_itimer(nas
->timer
, &sta
->td
, (bcm_timer_cb
)wpa_retransmission
,
3408 (int)sta
, sta
->wpa_msg_timeout_s
, sta
->wpa_msg_timeout_ms
) != ITIMER_OK
)
3409 dbg(nas
, "Setting WPA_SUP_AUTHENTICATION interval timer failed");
3412 /* send EAPOL key request message */
3414 wpa_request(wpa_t
*wpa
, nas_sta_t
*sta
)
3416 struct itimerspec its
;
3417 itimer_status_t ret
= ITIMER_OK
;
3418 nas_t
*nas
= wpa
->nas
;
3420 /* remove previous timer if any */
3422 TIMER_DELETE(sta
->wds_td
);
3425 * start the reqeust right away only when the
3426 * supplicant is not in key exchange process.
3428 sta
->wpa_msg_timeout_s
= RETRY_SECS
;
3429 sta
->wpa_msg_timeout_ms
= RETRY_MSECS
;
3431 if (sta
->suppl
.pk_state
== EAPOL_SUP_PK_UNKNOWN
||
3432 sta
->suppl
.pk_state
== EAPOL_SUP_PK_DONE
) {
3433 /* kick off the negotiation */
3434 request_pkinit(0, (int)sta
);
3436 /* delay the next request(s) */
3438 dbg(nas
, "delay request, handshake in progress");
3442 /* set up retry timer */
3443 its
.it_interval
.tv_sec
= wpa
->wds_to
? : 60;
3444 its
.it_interval
.tv_nsec
= 0 * NSECS_PER_MSEC
;
3445 its
.it_value
.tv_sec
= wpa
->wds_to
? : 60;
3446 its
.it_value
.tv_nsec
= 0 * NSECS_PER_MSEC
;
3448 if (bcm_timer_create(nas
->timer
, &sta
->wds_td
))
3449 ret
= ITIMER_CREATE_ERROR
;
3450 else if (bcm_timer_connect(sta
->wds_td
, request_pkinit
, (int)sta
))
3451 ret
= ITIMER_CONNECT_ERROR
;
3452 else if (bcm_timer_settime(sta
->wds_td
, &its
))
3453 ret
= ITIMER_SET_ERROR
;
3455 dbg(nas
, "failed to set up pairwise key requestor timer");
3457 #endif /* BCMSUPPL */
3459 /* pretend to have received a assoc message from the driver. */
3461 start_pkinit(bcm_timer_id timer
, int data
)
3465 char msg
[sizeof(bcm_event_t
) + 128 + 2];
3466 bcm_event_t
*assoc
= (bcm_event_t
*)msg
;
3468 wl_event_msg_t
*event
= &(assoc
->event
);
3469 uint8
*databuf
= (uint8
*)(event
+ 1);
3471 nas_sta_t
*sta
= (nas_sta_t
*)data
;
3472 nas_t
*nas
= sta
->nas
;
3473 wpa_t
*wpa
= nas
->wpa
;
3474 uint16 len
= sizeof(msg
); /* - sizeof(bcm_event_t); */
3476 /* wpa message header */
3477 bcopy(nas
->ea
.octet
, assoc
->eth
.ether_dhost
, ETHER_ADDR_LEN
);
3478 bcopy(sta
->ea
.octet
, assoc
->eth
.ether_shost
, ETHER_ADDR_LEN
);
3479 assoc
->eth
.ether_type
= htons(ETHER_TYPE_BRCM
);
3481 /* assoc->version = BCM_MSG_VERSION; */
3482 event
->event_type
= hton32(WLC_E_ASSOC_IND
);
3484 strncpy(event
->ifname
, nas
->interface
, sizeof(event
->ifname
));
3486 if (wpa_build_ie(wpa
, sta
->wsec
, sta
->algo
,
3487 sta
->mode
, databuf
, &len
)) {
3488 dbg(nas
, "wpa_build_ie failed");
3493 dbg(nas
, "wpa_build_ie failed: length greater than 128 bytes");
3497 event
->datalen
= hton32(len
);
3498 event
->version
= hton16(BCM_EVENT_MSG_VERSION
);
3499 event
->status
= 0; /* TODO: Is value OK ??? */
3500 event
->reason
= 0; /* TODO: Is value OK ??? */
3501 event
->auth_type
= 0; /* TODO: Is value OK ??? */
3502 event
->flags
= 0; /* TODO: Is value OK ??? */
3503 bcopy(sta
->ea
.octet
, event
->addr
.octet
, ETHER_ADDR_LEN
);
3505 /* BCM Vendor specifc header... */
3506 assoc
->bcm_hdr
.subtype
= htons(BCMILCP_SUBTYPE_VENDOR_LONG
);
3507 assoc
->bcm_hdr
.version
= BCMILCP_BCM_SUBTYPEHDR_VERSION
;
3508 bcopy(BRCM_OUI
, &assoc
->bcm_hdr
.oui
[0], DOT11_OUI_LEN
);
3509 /* vendor spec header length + pvt data length (private indication hdr + actual message
3512 assoc
->bcm_hdr
.length
= htons(BCMILCP_BCM_SUBTYPEHDR_MINLENGTH
+ BCM_MSG_LEN
+ len
);
3513 assoc
->bcm_hdr
.usr_subtype
= htons(BCMILCP_BCM_SUBTYPE_EVENT
);
3515 /* Last 2 bytes of the message should be 0x00 0x00 to signal that there are no ethertypes
3516 * which are following this
3518 msg
[sizeof(bcm_event_t
) + len
] = 0x00;
3519 msg
[sizeof(bcm_event_t
) + len
+ 1 ] = 0x00;
3521 dbg(nas
, "start_pkinit: sending fake msg to driver_message_dispatch");
3522 driver_message_dispatch(nas
, assoc
);
3527 wpa_start(wpa_t
*wpa
, nas_sta_t
*sta
)
3529 struct itimerspec its
;
3530 itimer_status_t ret
= ITIMER_OK
;
3531 nas_t
*nas
= wpa
->nas
;
3533 /* remove previous timer if any */
3535 TIMER_DELETE(sta
->wds_td
);
3537 /* kick off the negotiation */
3538 start_pkinit(0, (int)sta
);
3540 /* set up retry timer */
3541 its
.it_interval
.tv_sec
= wpa
->wds_to
? : 60;
3542 its
.it_interval
.tv_nsec
= 0 * NSECS_PER_MSEC
;
3543 its
.it_value
.tv_sec
= wpa
->wds_to
? : 60;
3544 its
.it_value
.tv_nsec
= 0 * NSECS_PER_MSEC
;
3546 if (bcm_timer_create(nas
->timer
, &sta
->wds_td
))
3547 ret
= ITIMER_CREATE_ERROR
;
3548 else if (bcm_timer_connect(sta
->wds_td
, start_pkinit
, (int)sta
))
3549 ret
= ITIMER_CONNECT_ERROR
;
3550 else if (bcm_timer_settime(sta
->wds_td
, &its
))
3551 ret
= ITIMER_SET_ERROR
;
3553 dbg(nas
, "failed to set up pairwise key initiator timer");