wpa_auth.c
Go to the documentation of this file.
00001 /*
00002  * hostapd - IEEE 802.11i-2004 / WPA Authenticator
00003  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "utils/includes.h"
00016 
00017 #include "utils/common.h"
00018 #include "utils/eloop.h"
00019 #include "utils/state_machine.h"
00020 #include "common/ieee802_11_defs.h"
00021 #include "crypto/aes_wrap.h"
00022 #include "crypto/crypto.h"
00023 #include "crypto/sha1.h"
00024 #include "crypto/sha256.h"
00025 #include "eapol_auth/eapol_auth_sm.h"
00026 #include "ap_config.h"
00027 #include "ieee802_11.h"
00028 #include "wpa_auth.h"
00029 #include "pmksa_cache_auth.h"
00030 #include "wpa_auth_i.h"
00031 #include "wpa_auth_ie.h"
00032 
00033 #define STATE_MACHINE_DATA struct wpa_state_machine
00034 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
00035 #define STATE_MACHINE_ADDR sm->addr
00036 
00037 
00038 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
00039 static int wpa_sm_step(struct wpa_state_machine *sm);
00040 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
00041 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
00042 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
00043                               struct wpa_group *group);
00044 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
00045 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
00046                           struct wpa_group *group);
00047 
00048 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
00049 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
00050 static const u32 eapol_key_timeout_first = 100; /* ms */
00051 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
00052 
00053 /* TODO: make these configurable */
00054 static const int dot11RSNAConfigPMKLifetime = 43200;
00055 static const int dot11RSNAConfigPMKReauthThreshold = 70;
00056 static const int dot11RSNAConfigSATimeout = 60;
00057 
00058 
00059 static inline void wpa_auth_mic_failure_report(
00060         struct wpa_authenticator *wpa_auth, const u8 *addr)
00061 {
00062         if (wpa_auth->cb.mic_failure_report)
00063                 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
00064 }
00065 
00066 
00067 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
00068                                       const u8 *addr, wpa_eapol_variable var,
00069                                       int value)
00070 {
00071         if (wpa_auth->cb.set_eapol)
00072                 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
00073 }
00074 
00075 
00076 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
00077                                      const u8 *addr, wpa_eapol_variable var)
00078 {
00079         if (wpa_auth->cb.get_eapol == NULL)
00080                 return -1;
00081         return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
00082 }
00083 
00084 
00085 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
00086                                           const u8 *addr, const u8 *prev_psk)
00087 {
00088         if (wpa_auth->cb.get_psk == NULL)
00089                 return NULL;
00090         return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
00091 }
00092 
00093 
00094 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
00095                                    const u8 *addr, u8 *msk, size_t *len)
00096 {
00097         if (wpa_auth->cb.get_msk == NULL)
00098                 return -1;
00099         return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
00100 }
00101 
00102 
00103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
00104                                    int vlan_id,
00105                                    enum wpa_alg alg, const u8 *addr, int idx,
00106                                    u8 *key, size_t key_len)
00107 {
00108         if (wpa_auth->cb.set_key == NULL)
00109                 return -1;
00110         return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
00111                                     key, key_len);
00112 }
00113 
00114 
00115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
00116                                       const u8 *addr, int idx, u8 *seq)
00117 {
00118         if (wpa_auth->cb.get_seqnum == NULL)
00119                 return -1;
00120         return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
00121 }
00122 
00123 
00124 static inline int
00125 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
00126                     const u8 *data, size_t data_len, int encrypt)
00127 {
00128         if (wpa_auth->cb.send_eapol == NULL)
00129                 return -1;
00130         return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
00131                                        encrypt);
00132 }
00133 
00134 
00135 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
00136                           int (*cb)(struct wpa_state_machine *sm, void *ctx),
00137                           void *cb_ctx)
00138 {
00139         if (wpa_auth->cb.for_each_sta == NULL)
00140                 return 0;
00141         return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
00142 }
00143 
00144 
00145 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
00146                            int (*cb)(struct wpa_authenticator *a, void *ctx),
00147                            void *cb_ctx)
00148 {
00149         if (wpa_auth->cb.for_each_auth == NULL)
00150                 return 0;
00151         return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
00152 }
00153 
00154 
00155 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
00156                      logger_level level, const char *txt)
00157 {
00158         if (wpa_auth->cb.logger == NULL)
00159                 return;
00160         wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
00161 }
00162 
00163 
00164 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
00165                       logger_level level, const char *fmt, ...)
00166 {
00167         char *format;
00168         int maxlen;
00169         va_list ap;
00170 
00171         if (wpa_auth->cb.logger == NULL)
00172                 return;
00173 
00174         maxlen = os_strlen(fmt) + 100;
00175         format = os_malloc(maxlen);
00176         if (!format)
00177                 return;
00178 
00179         va_start(ap, fmt);
00180         vsnprintf(format, maxlen, fmt, ap);
00181         va_end(ap);
00182 
00183         wpa_auth_logger(wpa_auth, addr, level, format);
00184 
00185         os_free(format);
00186 }
00187 
00188 
00189 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
00190                                const u8 *addr)
00191 {
00192         if (wpa_auth->cb.disconnect == NULL)
00193                 return;
00194         wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
00195                                 WLAN_REASON_PREV_AUTH_NOT_VALID);
00196 }
00197 
00198 
00199 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
00200 {
00201         int ret = 0;
00202 #ifdef CONFIG_IEEE80211R
00203         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
00204                 ret = 1;
00205 #endif /* CONFIG_IEEE80211R */
00206 #ifdef CONFIG_IEEE80211W
00207         if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
00208                 ret = 1;
00209 #endif /* CONFIG_IEEE80211W */
00210         return ret;
00211 }
00212 
00213 
00214 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
00215 {
00216         struct wpa_authenticator *wpa_auth = eloop_ctx;
00217 
00218         if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
00219                 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
00220                            "initialization.");
00221         } else {
00222                 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
00223         }
00224 
00225         if (wpa_auth->conf.wpa_gmk_rekey) {
00226                 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
00227                                        wpa_rekey_gmk, wpa_auth, NULL);
00228         }
00229 }
00230 
00231 
00232 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
00233 {
00234         struct wpa_authenticator *wpa_auth = eloop_ctx;
00235         struct wpa_group *group;
00236 
00237         wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
00238         for (group = wpa_auth->group; group; group = group->next) {
00239                 group->GTKReKey = TRUE;
00240                 do {
00241                         group->changed = FALSE;
00242                         wpa_group_sm_step(wpa_auth, group);
00243                 } while (group->changed);
00244         }
00245 
00246         if (wpa_auth->conf.wpa_group_rekey) {
00247                 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
00248                                        0, wpa_rekey_gtk, wpa_auth, NULL);
00249         }
00250 }
00251 
00252 
00253 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
00254 {
00255         struct wpa_authenticator *wpa_auth = eloop_ctx;
00256         struct wpa_state_machine *sm = timeout_ctx;
00257 
00258         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
00259         wpa_request_new_ptk(sm);
00260         wpa_sm_step(sm);
00261 }
00262 
00263 
00264 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
00265 {
00266         if (sm->pmksa == ctx)
00267                 sm->pmksa = NULL;
00268         return 0;
00269 }
00270 
00271 
00272 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
00273                                    void *ctx)
00274 {
00275         struct wpa_authenticator *wpa_auth = ctx;
00276         wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
00277 }
00278 
00279 
00280 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
00281 {
00282         switch (cipher) {
00283         case WPA_CIPHER_CCMP:
00284                 group->GTK_len = 16;
00285                 break;
00286         case WPA_CIPHER_TKIP:
00287                 group->GTK_len = 32;
00288                 break;
00289         case WPA_CIPHER_WEP104:
00290                 group->GTK_len = 13;
00291                 break;
00292         case WPA_CIPHER_WEP40:
00293                 group->GTK_len = 5;
00294                 break;
00295         }
00296 }
00297 
00298 
00299 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
00300                                          int vlan_id)
00301 {
00302         struct wpa_group *group;
00303         u8 buf[ETH_ALEN + 8 + sizeof(group)];
00304         u8 rkey[32];
00305 
00306         group = os_zalloc(sizeof(struct wpa_group));
00307         if (group == NULL)
00308                 return NULL;
00309 
00310         group->GTKAuthenticator = TRUE;
00311         group->vlan_id = vlan_id;
00312 
00313         wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
00314 
00315         /* Counter = PRF-256(Random number, "Init Counter",
00316          *                   Local MAC Address || Time)
00317          */
00318         os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
00319         wpa_get_ntp_timestamp(buf + ETH_ALEN);
00320         os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
00321         if (os_get_random(rkey, sizeof(rkey)) ||
00322             os_get_random(group->GMK, WPA_GMK_LEN)) {
00323                 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
00324                            "initialization.");
00325                 os_free(group);
00326                 return NULL;
00327         }
00328 
00329         sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
00330                  group->Counter, WPA_NONCE_LEN);
00331 
00332         group->GInit = TRUE;
00333         wpa_group_sm_step(wpa_auth, group);
00334         group->GInit = FALSE;
00335         wpa_group_sm_step(wpa_auth, group);
00336 
00337         return group;
00338 }
00339 
00340 
00348 struct wpa_authenticator * wpa_init(const u8 *addr,
00349                                     struct wpa_auth_config *conf,
00350                                     struct wpa_auth_callbacks *cb)
00351 {
00352         struct wpa_authenticator *wpa_auth;
00353 
00354         wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
00355         if (wpa_auth == NULL)
00356                 return NULL;
00357         os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
00358         os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
00359         os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
00360 
00361         if (wpa_auth_gen_wpa_ie(wpa_auth)) {
00362                 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
00363                 os_free(wpa_auth);
00364                 return NULL;
00365         }
00366 
00367         wpa_auth->group = wpa_group_init(wpa_auth, 0);
00368         if (wpa_auth->group == NULL) {
00369                 os_free(wpa_auth->wpa_ie);
00370                 os_free(wpa_auth);
00371                 return NULL;
00372         }
00373 
00374         wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
00375                                                 wpa_auth);
00376         if (wpa_auth->pmksa == NULL) {
00377                 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
00378                 os_free(wpa_auth->wpa_ie);
00379                 os_free(wpa_auth);
00380                 return NULL;
00381         }
00382 
00383 #ifdef CONFIG_IEEE80211R
00384         wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
00385         if (wpa_auth->ft_pmk_cache == NULL) {
00386                 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
00387                 os_free(wpa_auth->wpa_ie);
00388                 pmksa_cache_auth_deinit(wpa_auth->pmksa);
00389                 os_free(wpa_auth);
00390                 return NULL;
00391         }
00392 #endif /* CONFIG_IEEE80211R */
00393 
00394         if (wpa_auth->conf.wpa_gmk_rekey) {
00395                 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
00396                                        wpa_rekey_gmk, wpa_auth, NULL);
00397         }
00398 
00399         if (wpa_auth->conf.wpa_group_rekey) {
00400                 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
00401                                        wpa_rekey_gtk, wpa_auth, NULL);
00402         }
00403 
00404         return wpa_auth;
00405 }
00406 
00407 
00412 void wpa_deinit(struct wpa_authenticator *wpa_auth)
00413 {
00414         struct wpa_group *group, *prev;
00415 
00416         eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
00417         eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
00418 
00419 #ifdef CONFIG_PEERKEY
00420         while (wpa_auth->stsl_negotiations)
00421                 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
00422 #endif /* CONFIG_PEERKEY */
00423 
00424         pmksa_cache_auth_deinit(wpa_auth->pmksa);
00425 
00426 #ifdef CONFIG_IEEE80211R
00427         wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
00428         wpa_auth->ft_pmk_cache = NULL;
00429 #endif /* CONFIG_IEEE80211R */
00430 
00431         os_free(wpa_auth->wpa_ie);
00432 
00433         group = wpa_auth->group;
00434         while (group) {
00435                 prev = group;
00436                 group = group->next;
00437                 os_free(prev);
00438         }
00439 
00440         os_free(wpa_auth);
00441 }
00442 
00443 
00449 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
00450                  struct wpa_auth_config *conf)
00451 {
00452         struct wpa_group *group;
00453         if (wpa_auth == NULL)
00454                 return 0;
00455 
00456         os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
00457         if (wpa_auth_gen_wpa_ie(wpa_auth)) {
00458                 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
00459                 return -1;
00460         }
00461 
00462         /*
00463          * Reinitialize GTK to make sure it is suitable for the new
00464          * configuration.
00465          */
00466         group = wpa_auth->group;
00467         wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
00468         group->GInit = TRUE;
00469         wpa_group_sm_step(wpa_auth, group);
00470         group->GInit = FALSE;
00471         wpa_group_sm_step(wpa_auth, group);
00472 
00473         return 0;
00474 }
00475 
00476 
00477 struct wpa_state_machine *
00478 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
00479 {
00480         struct wpa_state_machine *sm;
00481 
00482         sm = os_zalloc(sizeof(struct wpa_state_machine));
00483         if (sm == NULL)
00484                 return NULL;
00485         os_memcpy(sm->addr, addr, ETH_ALEN);
00486 
00487         sm->wpa_auth = wpa_auth;
00488         sm->group = wpa_auth->group;
00489 
00490         return sm;
00491 }
00492 
00493 
00494 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
00495                             struct wpa_state_machine *sm)
00496 {
00497         if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
00498                 return -1;
00499 
00500 #ifdef CONFIG_IEEE80211R
00501         if (sm->ft_completed) {
00502                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
00503                                 "FT authentication already completed - do not "
00504                                 "start 4-way handshake");
00505                 return 0;
00506         }
00507 #endif /* CONFIG_IEEE80211R */
00508 
00509         if (sm->started) {
00510                 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
00511                 sm->ReAuthenticationRequest = TRUE;
00512                 return wpa_sm_step(sm);
00513         }
00514 
00515         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
00516                         "start authentication");
00517         sm->started = 1;
00518 
00519         sm->Init = TRUE;
00520         if (wpa_sm_step(sm) == 1)
00521                 return 1; /* should not really happen */
00522         sm->Init = FALSE;
00523         sm->AuthenticationRequest = TRUE;
00524         return wpa_sm_step(sm);
00525 }
00526 
00527 
00528 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
00529 {
00530         /* WPA/RSN was not used - clear WPA state. This is needed if the STA
00531          * reassociates back to the same AP while the previous entry for the
00532          * STA has not yet been removed. */
00533         if (sm == NULL)
00534                 return;
00535 
00536         sm->wpa_key_mgmt = 0;
00537 }
00538 
00539 
00540 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
00541 {
00542 #ifdef CONFIG_IEEE80211R
00543         os_free(sm->assoc_resp_ftie);
00544 #endif /* CONFIG_IEEE80211R */
00545         os_free(sm->last_rx_eapol_key);
00546         os_free(sm->wpa_ie);
00547         os_free(sm);
00548 }
00549 
00550 
00551 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
00552 {
00553         if (sm == NULL)
00554                 return;
00555 
00556         if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
00557                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
00558                                 "strict rekeying - force GTK rekey since STA "
00559                                 "is leaving");
00560                 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
00561                 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
00562                                        NULL);
00563         }
00564 
00565         eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
00566         eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
00567         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
00568         if (sm->in_step_loop) {
00569                 /* Must not free state machine while wpa_sm_step() is running.
00570                  * Freeing will be completed in the end of wpa_sm_step(). */
00571                 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
00572                            "machine deinit for " MACSTR, MAC2STR(sm->addr));
00573                 sm->pending_deinit = 1;
00574         } else
00575                 wpa_free_sta_sm(sm);
00576 }
00577 
00578 
00579 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
00580 {
00581         if (sm == NULL)
00582                 return;
00583 
00584         sm->PTKRequest = TRUE;
00585         sm->PTK_valid = 0;
00586 }
00587 
00588 
00589 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
00590                                     const u8 *replay_counter)
00591 {
00592         int i;
00593         for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
00594                 if (!sm->key_replay[i].valid)
00595                         break;
00596                 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
00597                               WPA_REPLAY_COUNTER_LEN) == 0)
00598                         return 1;
00599         }
00600         return 0;
00601 }
00602 
00603 
00604 #ifdef CONFIG_IEEE80211R
00605 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
00606                                struct wpa_state_machine *sm,
00607                                struct wpa_eapol_ie_parse *kde)
00608 {
00609         struct wpa_ie_data ie;
00610         struct rsn_mdie *mdie;
00611 
00612         if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
00613             ie.num_pmkid != 1 || ie.pmkid == NULL) {
00614                 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
00615                            "FT 4-way handshake message 2/4");
00616                 return -1;
00617         }
00618 
00619         os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
00620         wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
00621                     sm->sup_pmk_r1_name, PMKID_LEN);
00622 
00623         if (!kde->mdie || !kde->ftie) {
00624                 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
00625                            "message 2/4", kde->mdie ? "FTIE" : "MDIE");
00626                 return -1;
00627         }
00628 
00629         mdie = (struct rsn_mdie *) (kde->mdie + 2);
00630         if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
00631             os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
00632                       MOBILITY_DOMAIN_ID_LEN) != 0) {
00633                 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
00634                 return -1;
00635         }
00636 
00637         if (sm->assoc_resp_ftie &&
00638             (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
00639              os_memcmp(kde->ftie, sm->assoc_resp_ftie,
00640                        2 + sm->assoc_resp_ftie[1]) != 0)) {
00641                 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
00642                 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
00643                             kde->ftie, kde->ftie_len);
00644                 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
00645                             sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
00646                 return -1;
00647         }
00648 
00649         return 0;
00650 }
00651 #endif /* CONFIG_IEEE80211R */
00652 
00653 
00654 void wpa_receive(struct wpa_authenticator *wpa_auth,
00655                  struct wpa_state_machine *sm,
00656                  u8 *data, size_t data_len)
00657 {
00658         struct ieee802_1x_hdr *hdr;
00659         struct wpa_eapol_key *key;
00660         u16 key_info, key_data_length;
00661         enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
00662                SMK_M1, SMK_M3, SMK_ERROR } msg;
00663         char *msgtxt;
00664         struct wpa_eapol_ie_parse kde;
00665         int ft;
00666         const u8 *eapol_key_ie;
00667         size_t eapol_key_ie_len;
00668 
00669         if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
00670                 return;
00671 
00672         if (data_len < sizeof(*hdr) + sizeof(*key))
00673                 return;
00674 
00675         hdr = (struct ieee802_1x_hdr *) data;
00676         key = (struct wpa_eapol_key *) (hdr + 1);
00677         key_info = WPA_GET_BE16(key->key_info);
00678         key_data_length = WPA_GET_BE16(key->key_data_length);
00679         if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
00680                 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
00681                            "key_data overflow (%d > %lu)",
00682                            key_data_length,
00683                            (unsigned long) (data_len - sizeof(*hdr) -
00684                                             sizeof(*key)));
00685                 return;
00686         }
00687 
00688         if (sm->wpa == WPA_VERSION_WPA2) {
00689                 if (key->type != EAPOL_KEY_TYPE_RSN) {
00690                         wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
00691                                    "unexpected type %d in RSN mode",
00692                                    key->type);
00693                         return;
00694                 }
00695         } else {
00696                 if (key->type != EAPOL_KEY_TYPE_WPA) {
00697                         wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
00698                                    "unexpected type %d in WPA mode",
00699                                    key->type);
00700                         return;
00701                 }
00702         }
00703 
00704         /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
00705          * are set */
00706 
00707         if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
00708             (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
00709                 if (key_info & WPA_KEY_INFO_ERROR) {
00710                         msg = SMK_ERROR;
00711                         msgtxt = "SMK Error";
00712                 } else {
00713                         msg = SMK_M1;
00714                         msgtxt = "SMK M1";
00715                 }
00716         } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
00717                 msg = SMK_M3;
00718                 msgtxt = "SMK M3";
00719         } else if (key_info & WPA_KEY_INFO_REQUEST) {
00720                 msg = REQUEST;
00721                 msgtxt = "Request";
00722         } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
00723                 msg = GROUP_2;
00724                 msgtxt = "2/2 Group";
00725         } else if (key_data_length == 0) {
00726                 msg = PAIRWISE_4;
00727                 msgtxt = "4/4 Pairwise";
00728         } else {
00729                 msg = PAIRWISE_2;
00730                 msgtxt = "2/4 Pairwise";
00731         }
00732 
00733         /* TODO: key_info type validation for PeerKey */
00734         if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
00735             msg == GROUP_2) {
00736                 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
00737                 if (sm->pairwise == WPA_CIPHER_CCMP) {
00738                         if (wpa_use_aes_cmac(sm) &&
00739                             ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
00740                                 wpa_auth_logger(wpa_auth, sm->addr,
00741                                                 LOGGER_WARNING,
00742                                                 "advertised support for "
00743                                                 "AES-128-CMAC, but did not "
00744                                                 "use it");
00745                                 return;
00746                         }
00747 
00748                         if (!wpa_use_aes_cmac(sm) &&
00749                             ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
00750                                 wpa_auth_logger(wpa_auth, sm->addr,
00751                                                 LOGGER_WARNING,
00752                                                 "did not use HMAC-SHA1-AES "
00753                                                 "with CCMP");
00754                                 return;
00755                         }
00756                 }
00757         }
00758 
00759         if (key_info & WPA_KEY_INFO_REQUEST) {
00760                 if (sm->req_replay_counter_used &&
00761                     os_memcmp(key->replay_counter, sm->req_replay_counter,
00762                               WPA_REPLAY_COUNTER_LEN) <= 0) {
00763                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
00764                                         "received EAPOL-Key request with "
00765                                         "replayed counter");
00766                         return;
00767                 }
00768         }
00769 
00770         if (!(key_info & WPA_KEY_INFO_REQUEST) &&
00771             !wpa_replay_counter_valid(sm, key->replay_counter)) {
00772                 int i;
00773                 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00774                                  "received EAPOL-Key %s with unexpected "
00775                                  "replay counter", msgtxt);
00776                 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
00777                         if (!sm->key_replay[i].valid)
00778                                 break;
00779                         wpa_hexdump(MSG_DEBUG, "pending replay counter",
00780                                     sm->key_replay[i].counter,
00781                                     WPA_REPLAY_COUNTER_LEN);
00782                 }
00783                 wpa_hexdump(MSG_DEBUG, "received replay counter",
00784                             key->replay_counter, WPA_REPLAY_COUNTER_LEN);
00785                 return;
00786         }
00787 
00788         switch (msg) {
00789         case PAIRWISE_2:
00790                 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
00791                     sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
00792                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00793                                          "received EAPOL-Key msg 2/4 in "
00794                                          "invalid state (%d) - dropped",
00795                                          sm->wpa_ptk_state);
00796                         return;
00797                 }
00798                 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
00799                                       &kde) < 0) {
00800                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00801                                          "received EAPOL-Key msg 2/4 with "
00802                                          "invalid Key Data contents");
00803                         return;
00804                 }
00805                 if (kde.rsn_ie) {
00806                         eapol_key_ie = kde.rsn_ie;
00807                         eapol_key_ie_len = kde.rsn_ie_len;
00808                 } else {
00809                         eapol_key_ie = kde.wpa_ie;
00810                         eapol_key_ie_len = kde.wpa_ie_len;
00811                 }
00812                 ft = sm->wpa == WPA_VERSION_WPA2 &&
00813                         wpa_key_mgmt_ft(sm->wpa_key_mgmt);
00814                 if (sm->wpa_ie == NULL ||
00815                     wpa_compare_rsn_ie(ft,
00816                                        sm->wpa_ie, sm->wpa_ie_len,
00817                                        eapol_key_ie, eapol_key_ie_len)) {
00818                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00819                                         "WPA IE from (Re)AssocReq did not "
00820                                         "match with msg 2/4");
00821                         if (sm->wpa_ie) {
00822                                 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
00823                                             sm->wpa_ie, sm->wpa_ie_len);
00824                         }
00825                         wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
00826                                     eapol_key_ie, eapol_key_ie_len);
00827                         /* MLME-DEAUTHENTICATE.request */
00828                         wpa_sta_disconnect(wpa_auth, sm->addr);
00829                         return;
00830                 }
00831 #ifdef CONFIG_IEEE80211R
00832                 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
00833                         wpa_sta_disconnect(wpa_auth, sm->addr);
00834                         return;
00835                 }
00836 #endif /* CONFIG_IEEE80211R */
00837                 break;
00838         case PAIRWISE_4:
00839                 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
00840                     !sm->PTK_valid) {
00841                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00842                                          "received EAPOL-Key msg 4/4 in "
00843                                          "invalid state (%d) - dropped",
00844                                          sm->wpa_ptk_state);
00845                         return;
00846                 }
00847                 break;
00848         case GROUP_2:
00849                 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
00850                     || !sm->PTK_valid) {
00851                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00852                                          "received EAPOL-Key msg 2/2 in "
00853                                          "invalid state (%d) - dropped",
00854                                          sm->wpa_ptk_group_state);
00855                         return;
00856                 }
00857                 break;
00858 #ifdef CONFIG_PEERKEY
00859         case SMK_M1:
00860         case SMK_M3:
00861         case SMK_ERROR:
00862                 if (!wpa_auth->conf.peerkey) {
00863                         wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
00864                                    "PeerKey use disabled - ignoring message");
00865                         return;
00866                 }
00867                 if (!sm->PTK_valid) {
00868                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00869                                         "received EAPOL-Key msg SMK in "
00870                                         "invalid state - dropped");
00871                         return;
00872                 }
00873                 break;
00874 #else /* CONFIG_PEERKEY */
00875         case SMK_M1:
00876         case SMK_M3:
00877         case SMK_ERROR:
00878                 return; /* STSL disabled - ignore SMK messages */
00879 #endif /* CONFIG_PEERKEY */
00880         case REQUEST:
00881                 break;
00882         }
00883 
00884         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00885                          "received EAPOL-Key frame (%s)", msgtxt);
00886 
00887         if (key_info & WPA_KEY_INFO_ACK) {
00888                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00889                                 "received invalid EAPOL-Key: Key Ack set");
00890                 return;
00891         }
00892 
00893         if (!(key_info & WPA_KEY_INFO_MIC)) {
00894                 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00895                                 "received invalid EAPOL-Key: Key MIC not set");
00896                 return;
00897         }
00898 
00899         sm->MICVerified = FALSE;
00900         if (sm->PTK_valid) {
00901                 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
00902                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00903                                         "received EAPOL-Key with invalid MIC");
00904                         return;
00905                 }
00906                 sm->MICVerified = TRUE;
00907                 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
00908         }
00909 
00910         if (key_info & WPA_KEY_INFO_REQUEST) {
00911                 if (sm->MICVerified) {
00912                         sm->req_replay_counter_used = 1;
00913                         os_memcpy(sm->req_replay_counter, key->replay_counter,
00914                                   WPA_REPLAY_COUNTER_LEN);
00915                 } else {
00916                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00917                                         "received EAPOL-Key request with "
00918                                         "invalid MIC");
00919                         return;
00920                 }
00921 
00922                 /*
00923                  * TODO: should decrypt key data field if encryption was used;
00924                  * even though MAC address KDE is not normally encrypted,
00925                  * supplicant is allowed to encrypt it.
00926                  */
00927                 if (msg == SMK_ERROR) {
00928 #ifdef CONFIG_PEERKEY
00929                         wpa_smk_error(wpa_auth, sm, key);
00930 #endif /* CONFIG_PEERKEY */
00931                         return;
00932                 } else if (key_info & WPA_KEY_INFO_ERROR) {
00933                         /* Supplicant reported a Michael MIC error */
00934                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00935                                         "received EAPOL-Key Error Request "
00936                                         "(STA detected Michael MIC failure)");
00937                         wpa_auth_mic_failure_report(wpa_auth, sm->addr);
00938                         sm->dot11RSNAStatsTKIPRemoteMICFailures++;
00939                         wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
00940                         /* Error report is not a request for a new key
00941                          * handshake, but since Authenticator may do it, let's
00942                          * change the keys now anyway. */
00943                         wpa_request_new_ptk(sm);
00944                 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
00945                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00946                                         "received EAPOL-Key Request for new "
00947                                         "4-Way Handshake");
00948                         wpa_request_new_ptk(sm);
00949 #ifdef CONFIG_PEERKEY
00950                 } else if (msg == SMK_M1) {
00951                         wpa_smk_m1(wpa_auth, sm, key);
00952 #endif /* CONFIG_PEERKEY */
00953                 } else if (key_data_length > 0 &&
00954                            wpa_parse_kde_ies((const u8 *) (key + 1),
00955                                              key_data_length, &kde) == 0 &&
00956                            kde.mac_addr) {
00957                 } else {
00958                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00959                                         "received EAPOL-Key Request for GTK "
00960                                         "rekeying");
00961                         /* FIX: why was this triggering PTK rekeying for the
00962                          * STA that requested Group Key rekeying?? */
00963                         /* wpa_request_new_ptk(sta->wpa_sm); */
00964                         eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
00965                         wpa_rekey_gtk(wpa_auth, NULL);
00966                 }
00967         } else {
00968                 /* Do not allow the same key replay counter to be reused. This
00969                  * does also invalidate all other pending replay counters if
00970                  * retransmissions were used, i.e., we will only process one of
00971                  * the pending replies and ignore rest if more than one is
00972                  * received. */
00973                 sm->key_replay[0].valid = FALSE;
00974         }
00975 
00976 #ifdef CONFIG_PEERKEY
00977         if (msg == SMK_M3) {
00978                 wpa_smk_m3(wpa_auth, sm, key);
00979                 return;
00980         }
00981 #endif /* CONFIG_PEERKEY */
00982 
00983         os_free(sm->last_rx_eapol_key);
00984         sm->last_rx_eapol_key = os_malloc(data_len);
00985         if (sm->last_rx_eapol_key == NULL)
00986                 return;
00987         os_memcpy(sm->last_rx_eapol_key, data, data_len);
00988         sm->last_rx_eapol_key_len = data_len;
00989 
00990         sm->EAPOLKeyReceived = TRUE;
00991         sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
00992         sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
00993         os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
00994         wpa_sm_step(sm);
00995 }
00996 
00997 
00998 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
00999                            u8 *gtk, size_t gtk_len)
01000 {
01001         u8 data[ETH_ALEN + WPA_NONCE_LEN];
01002 
01003         /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
01004         os_memcpy(data, addr, ETH_ALEN);
01005         os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
01006 
01007 #ifdef CONFIG_IEEE80211W
01008         sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
01009                    data, sizeof(data), gtk, gtk_len);
01010 #else /* CONFIG_IEEE80211W */
01011         sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
01012                  data, sizeof(data), gtk, gtk_len);
01013 #endif /* CONFIG_IEEE80211W */
01014 
01015         wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
01016         wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
01017 }
01018 
01019 
01020 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
01021 {
01022         struct wpa_authenticator *wpa_auth = eloop_ctx;
01023         struct wpa_state_machine *sm = timeout_ctx;
01024 
01025         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
01026         sm->TimeoutEvt = TRUE;
01027         wpa_sm_step(sm);
01028 }
01029 
01030 
01031 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
01032                       struct wpa_state_machine *sm, int key_info,
01033                       const u8 *key_rsc, const u8 *nonce,
01034                       const u8 *kde, size_t kde_len,
01035                       int keyidx, int encr, int force_version)
01036 {
01037         struct ieee802_1x_hdr *hdr;
01038         struct wpa_eapol_key *key;
01039         size_t len;
01040         int alg;
01041         int key_data_len, pad_len = 0;
01042         u8 *buf, *pos;
01043         int version, pairwise;
01044         int i;
01045 
01046         len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
01047 
01048         if (force_version)
01049                 version = force_version;
01050         else if (wpa_use_aes_cmac(sm))
01051                 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
01052         else if (sm->pairwise == WPA_CIPHER_CCMP)
01053                 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
01054         else
01055                 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
01056 
01057         pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
01058 
01059         wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
01060                    "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
01061                    "encr=%d)",
01062                    version,
01063                    (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
01064                    (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
01065                    (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
01066                    (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
01067                    pairwise, (unsigned long) kde_len, keyidx, encr);
01068 
01069         key_data_len = kde_len;
01070 
01071         if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
01072              version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
01073                 pad_len = key_data_len % 8;
01074                 if (pad_len)
01075                         pad_len = 8 - pad_len;
01076                 key_data_len += pad_len + 8;
01077         }
01078 
01079         len += key_data_len;
01080 
01081         hdr = os_zalloc(len);
01082         if (hdr == NULL)
01083                 return;
01084         hdr->version = wpa_auth->conf.eapol_version;
01085         hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
01086         hdr->length = host_to_be16(len  - sizeof(*hdr));
01087         key = (struct wpa_eapol_key *) (hdr + 1);
01088 
01089         key->type = sm->wpa == WPA_VERSION_WPA2 ?
01090                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
01091         key_info |= version;
01092         if (encr && sm->wpa == WPA_VERSION_WPA2)
01093                 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
01094         if (sm->wpa != WPA_VERSION_WPA2)
01095                 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
01096         WPA_PUT_BE16(key->key_info, key_info);
01097 
01098         alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
01099         switch (alg) {
01100         case WPA_CIPHER_CCMP:
01101                 WPA_PUT_BE16(key->key_length, 16);
01102                 break;
01103         case WPA_CIPHER_TKIP:
01104                 WPA_PUT_BE16(key->key_length, 32);
01105                 break;
01106         case WPA_CIPHER_WEP40:
01107                 WPA_PUT_BE16(key->key_length, 5);
01108                 break;
01109         case WPA_CIPHER_WEP104:
01110                 WPA_PUT_BE16(key->key_length, 13);
01111                 break;
01112         }
01113         if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
01114                 WPA_PUT_BE16(key->key_length, 0);
01115 
01116         /* FIX: STSL: what to use as key_replay_counter? */
01117         for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
01118                 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
01119                 os_memcpy(sm->key_replay[i].counter,
01120                           sm->key_replay[i - 1].counter,
01121                           WPA_REPLAY_COUNTER_LEN);
01122         }
01123         inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
01124         os_memcpy(key->replay_counter, sm->key_replay[0].counter,
01125                   WPA_REPLAY_COUNTER_LEN);
01126         sm->key_replay[0].valid = TRUE;
01127 
01128         if (nonce)
01129                 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
01130 
01131         if (key_rsc)
01132                 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
01133 
01134         if (kde && !encr) {
01135                 os_memcpy(key + 1, kde, kde_len);
01136                 WPA_PUT_BE16(key->key_data_length, kde_len);
01137         } else if (encr && kde) {
01138                 buf = os_zalloc(key_data_len);
01139                 if (buf == NULL) {
01140                         os_free(hdr);
01141                         return;
01142                 }
01143                 pos = buf;
01144                 os_memcpy(pos, kde, kde_len);
01145                 pos += kde_len;
01146 
01147                 if (pad_len)
01148                         *pos++ = 0xdd;
01149 
01150                 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
01151                                 buf, key_data_len);
01152                 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
01153                     version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
01154                         if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
01155                                      (u8 *) (key + 1))) {
01156                                 os_free(hdr);
01157                                 os_free(buf);
01158                                 return;
01159                         }
01160                         WPA_PUT_BE16(key->key_data_length, key_data_len);
01161                 } else {
01162                         u8 ek[32];
01163                         os_memcpy(key->key_iv,
01164                                   sm->group->Counter + WPA_NONCE_LEN - 16, 16);
01165                         inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
01166                         os_memcpy(ek, key->key_iv, 16);
01167                         os_memcpy(ek + 16, sm->PTK.kek, 16);
01168                         os_memcpy(key + 1, buf, key_data_len);
01169                         rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
01170                         WPA_PUT_BE16(key->key_data_length, key_data_len);
01171                 }
01172                 os_free(buf);
01173         }
01174 
01175         if (key_info & WPA_KEY_INFO_MIC) {
01176                 if (!sm->PTK_valid) {
01177                         wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
01178                                         "PTK not valid when sending EAPOL-Key "
01179                                         "frame");
01180                         os_free(hdr);
01181                         return;
01182                 }
01183                 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
01184                                   key->key_mic);
01185         }
01186 
01187         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
01188                            1);
01189         wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
01190                             sm->pairwise_set);
01191         os_free(hdr);
01192 }
01193 
01194 
01195 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
01196                            struct wpa_state_machine *sm, int key_info,
01197                            const u8 *key_rsc, const u8 *nonce,
01198                            const u8 *kde, size_t kde_len,
01199                            int keyidx, int encr)
01200 {
01201         int timeout_ms;
01202         int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
01203         int ctr;
01204 
01205         if (sm == NULL)
01206                 return;
01207 
01208         __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
01209                          keyidx, encr, 0);
01210 
01211         ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
01212         if (ctr == 1)
01213                 timeout_ms = eapol_key_timeout_first;
01214         else
01215                 timeout_ms = eapol_key_timeout_subseq;
01216         eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
01217                                wpa_send_eapol_timeout, wpa_auth, sm);
01218 }
01219 
01220 
01221 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
01222 {
01223         struct ieee802_1x_hdr *hdr;
01224         struct wpa_eapol_key *key;
01225         u16 key_info;
01226         int ret = 0;
01227         u8 mic[16];
01228 
01229         if (data_len < sizeof(*hdr) + sizeof(*key))
01230                 return -1;
01231 
01232         hdr = (struct ieee802_1x_hdr *) data;
01233         key = (struct wpa_eapol_key *) (hdr + 1);
01234         key_info = WPA_GET_BE16(key->key_info);
01235         os_memcpy(mic, key->key_mic, 16);
01236         os_memset(key->key_mic, 0, 16);
01237         if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
01238                               data, data_len, key->key_mic) ||
01239             os_memcmp(mic, key->key_mic, 16) != 0)
01240                 ret = -1;
01241         os_memcpy(key->key_mic, mic, 16);
01242         return ret;
01243 }
01244 
01245 
01246 void wpa_remove_ptk(struct wpa_state_machine *sm)
01247 {
01248         sm->PTK_valid = FALSE;
01249         os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01250         wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
01251                          0);
01252         sm->pairwise_set = FALSE;
01253         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
01254 }
01255 
01256 
01257 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
01258 {
01259         int remove_ptk = 1;
01260 
01261         if (sm == NULL)
01262                 return -1;
01263 
01264         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01265                          "event %d notification", event);
01266 
01267         switch (event) {
01268         case WPA_AUTH:
01269         case WPA_ASSOC:
01270                 break;
01271         case WPA_DEAUTH:
01272         case WPA_DISASSOC:
01273                 sm->DeauthenticationRequest = TRUE;
01274                 break;
01275         case WPA_REAUTH:
01276         case WPA_REAUTH_EAPOL:
01277                 if (sm->GUpdateStationKeys) {
01278                         /*
01279                          * Reauthentication cancels the pending group key
01280                          * update for this STA.
01281                          */
01282                         sm->group->GKeyDoneStations--;
01283                         sm->GUpdateStationKeys = FALSE;
01284                         sm->PtkGroupInit = TRUE;
01285                 }
01286                 sm->ReAuthenticationRequest = TRUE;
01287                 break;
01288         case WPA_ASSOC_FT:
01289 #ifdef CONFIG_IEEE80211R
01290                 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
01291                            "after association");
01292                 wpa_ft_install_ptk(sm);
01293 
01294                 /* Using FT protocol, not WPA auth state machine */
01295                 sm->ft_completed = 1;
01296                 return 0;
01297 #else /* CONFIG_IEEE80211R */
01298                 break;
01299 #endif /* CONFIG_IEEE80211R */
01300         }
01301 
01302 #ifdef CONFIG_IEEE80211R
01303         sm->ft_completed = 0;
01304 #endif /* CONFIG_IEEE80211R */
01305 
01306 #ifdef CONFIG_IEEE80211W
01307         if (sm->mgmt_frame_prot && event == WPA_AUTH)
01308                 remove_ptk = 0;
01309 #endif /* CONFIG_IEEE80211W */
01310 
01311         if (remove_ptk) {
01312                 sm->PTK_valid = FALSE;
01313                 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01314 
01315                 if (event != WPA_REAUTH_EAPOL)
01316                         wpa_remove_ptk(sm);
01317         }
01318 
01319         return wpa_sm_step(sm);
01320 }
01321 
01322 
01323 static enum wpa_alg wpa_alg_enum(int alg)
01324 {
01325         switch (alg) {
01326         case WPA_CIPHER_CCMP:
01327                 return WPA_ALG_CCMP;
01328         case WPA_CIPHER_TKIP:
01329                 return WPA_ALG_TKIP;
01330         case WPA_CIPHER_WEP104:
01331         case WPA_CIPHER_WEP40:
01332                 return WPA_ALG_WEP;
01333         default:
01334                 return WPA_ALG_NONE;
01335         }
01336 }
01337 
01338 
01339 SM_STATE(WPA_PTK, INITIALIZE)
01340 {
01341         SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
01342         if (sm->Init) {
01343                 /* Init flag is not cleared here, so avoid busy
01344                  * loop by claiming nothing changed. */
01345                 sm->changed = FALSE;
01346         }
01347 
01348         sm->keycount = 0;
01349         if (sm->GUpdateStationKeys)
01350                 sm->group->GKeyDoneStations--;
01351         sm->GUpdateStationKeys = FALSE;
01352         if (sm->wpa == WPA_VERSION_WPA)
01353                 sm->PInitAKeys = FALSE;
01354         if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
01355                * Local AA > Remote AA)) */) {
01356                 sm->Pair = TRUE;
01357         }
01358         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
01359         wpa_remove_ptk(sm);
01360         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
01361         sm->TimeoutCtr = 0;
01362         if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01363                 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01364                                    WPA_EAPOL_authorized, 0);
01365         }
01366 }
01367 
01368 
01369 SM_STATE(WPA_PTK, DISCONNECT)
01370 {
01371         SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
01372         sm->Disconnect = FALSE;
01373         wpa_sta_disconnect(sm->wpa_auth, sm->addr);
01374 }
01375 
01376 
01377 SM_STATE(WPA_PTK, DISCONNECTED)
01378 {
01379         SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
01380         sm->DeauthenticationRequest = FALSE;
01381 }
01382 
01383 
01384 SM_STATE(WPA_PTK, AUTHENTICATION)
01385 {
01386         SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
01387         os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01388         sm->PTK_valid = FALSE;
01389         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
01390                            1);
01391         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
01392         sm->AuthenticationRequest = FALSE;
01393 }
01394 
01395 
01396 SM_STATE(WPA_PTK, AUTHENTICATION2)
01397 {
01398         SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
01399         os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
01400         inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
01401         sm->ReAuthenticationRequest = FALSE;
01402         /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
01403          * logical place than INITIALIZE since AUTHENTICATION2 can be
01404          * re-entered on ReAuthenticationRequest without going through
01405          * INITIALIZE. */
01406         sm->TimeoutCtr = 0;
01407 }
01408 
01409 
01410 SM_STATE(WPA_PTK, INITPMK)
01411 {
01412         u8 msk[2 * PMK_LEN];
01413         size_t len = 2 * PMK_LEN;
01414 
01415         SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
01416 #ifdef CONFIG_IEEE80211R
01417         sm->xxkey_len = 0;
01418 #endif /* CONFIG_IEEE80211R */
01419         if (sm->pmksa) {
01420                 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
01421                 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
01422         } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
01423                 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
01424                            "(len=%lu)", (unsigned long) len);
01425                 os_memcpy(sm->PMK, msk, PMK_LEN);
01426 #ifdef CONFIG_IEEE80211R
01427                 if (len >= 2 * PMK_LEN) {
01428                         os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
01429                         sm->xxkey_len = PMK_LEN;
01430                 }
01431 #endif /* CONFIG_IEEE80211R */
01432         } else {
01433                 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
01434         }
01435 
01436         sm->req_replay_counter_used = 0;
01437         /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
01438          * will break reauthentication since EAPOL state machines may not be
01439          * get into AUTHENTICATING state that clears keyRun before WPA state
01440          * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
01441          * state and takes PMK from the previously used AAA Key. This will
01442          * eventually fail in 4-Way Handshake because Supplicant uses PMK
01443          * derived from the new AAA Key. Setting keyRun = FALSE here seems to
01444          * be good workaround for this issue. */
01445         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
01446 }
01447 
01448 
01449 SM_STATE(WPA_PTK, INITPSK)
01450 {
01451         const u8 *psk;
01452         SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
01453         psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
01454         if (psk) {
01455                 os_memcpy(sm->PMK, psk, PMK_LEN);
01456 #ifdef CONFIG_IEEE80211R
01457                 os_memcpy(sm->xxkey, psk, PMK_LEN);
01458                 sm->xxkey_len = PMK_LEN;
01459 #endif /* CONFIG_IEEE80211R */
01460         }
01461         sm->req_replay_counter_used = 0;
01462 }
01463 
01464 
01465 SM_STATE(WPA_PTK, PTKSTART)
01466 {
01467         u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
01468         size_t pmkid_len = 0;
01469 
01470         SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
01471         sm->PTKRequest = FALSE;
01472         sm->TimeoutEvt = FALSE;
01473 
01474         sm->TimeoutCtr++;
01475         if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
01476                 /* No point in sending the EAPOL-Key - we will disconnect
01477                  * immediately following this. */
01478                 return;
01479         }
01480 
01481         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01482                         "sending 1/4 msg of 4-Way Handshake");
01483         /*
01484          * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
01485          * one possible PSK for this STA.
01486          */
01487         if (sm->wpa == WPA_VERSION_WPA2 &&
01488             wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
01489                 pmkid = buf;
01490                 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
01491                 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
01492                 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
01493                 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
01494                 if (sm->pmksa)
01495                         os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
01496                                   sm->pmksa->pmkid, PMKID_LEN);
01497                 else {
01498                         /*
01499                          * Calculate PMKID since no PMKSA cache entry was
01500                          * available with pre-calculated PMKID.
01501                          */
01502                         rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
01503                                   sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
01504                                   wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
01505                 }
01506         }
01507         wpa_send_eapol(sm->wpa_auth, sm,
01508                        WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
01509                        sm->ANonce, pmkid, pmkid_len, 0, 0);
01510 }
01511 
01512 
01513 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
01514                           struct wpa_ptk *ptk)
01515 {
01516         size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
01517 #ifdef CONFIG_IEEE80211R
01518         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
01519                 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
01520 #endif /* CONFIG_IEEE80211R */
01521 
01522         wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
01523                        sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
01524                        (u8 *) ptk, ptk_len,
01525                        wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
01526 
01527         return 0;
01528 }
01529 
01530 
01531 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
01532 {
01533         struct wpa_ptk PTK;
01534         int ok = 0;
01535         const u8 *pmk = NULL;
01536 
01537         SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
01538         sm->EAPOLKeyReceived = FALSE;
01539 
01540         /* WPA with IEEE 802.1X: use the derived PMK from EAP
01541          * WPA-PSK: iterate through possible PSKs and select the one matching
01542          * the packet */
01543         for (;;) {
01544                 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01545                         pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
01546                         if (pmk == NULL)
01547                                 break;
01548                 } else
01549                         pmk = sm->PMK;
01550 
01551                 wpa_derive_ptk(sm, pmk, &PTK);
01552 
01553                 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
01554                                        sm->last_rx_eapol_key_len) == 0) {
01555                         ok = 1;
01556                         break;
01557                 }
01558 
01559                 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
01560                         break;
01561         }
01562 
01563         if (!ok) {
01564                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01565                                 "invalid MIC in msg 2/4 of 4-Way Handshake");
01566                 return;
01567         }
01568 
01569 #ifdef CONFIG_IEEE80211R
01570         if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
01571                 /*
01572                  * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
01573                  * with the value we derived.
01574                  */
01575                 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
01576                               WPA_PMK_NAME_LEN) != 0) {
01577                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01578                                         "PMKR1Name mismatch in FT 4-way "
01579                                         "handshake");
01580                         wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
01581                                     "Supplicant",
01582                                     sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
01583                         wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
01584                                     sm->pmk_r1_name, WPA_PMK_NAME_LEN);
01585                         return;
01586                 }
01587         }
01588 #endif /* CONFIG_IEEE80211R */
01589 
01590         eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
01591 
01592         if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01593                 /* PSK may have changed from the previous choice, so update
01594                  * state machine data based on whatever PSK was selected here.
01595                  */
01596                 os_memcpy(sm->PMK, pmk, PMK_LEN);
01597         }
01598 
01599         sm->MICVerified = TRUE;
01600 
01601         os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
01602         sm->PTK_valid = TRUE;
01603 }
01604 
01605 
01606 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
01607 {
01608         SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
01609         sm->TimeoutCtr = 0;
01610 }
01611 
01612 
01613 #ifdef CONFIG_IEEE80211W
01614 
01615 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
01616 {
01617         if (sm->mgmt_frame_prot) {
01618                 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
01619         }
01620 
01621         return 0;
01622 }
01623 
01624 
01625 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
01626 {
01627         struct wpa_igtk_kde igtk;
01628         struct wpa_group *gsm = sm->group;
01629 
01630         if (!sm->mgmt_frame_prot)
01631                 return pos;
01632 
01633         igtk.keyid[0] = gsm->GN_igtk;
01634         igtk.keyid[1] = 0;
01635         if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
01636             wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
01637                 os_memset(igtk.pn, 0, sizeof(igtk.pn));
01638         os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
01639         pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
01640                           (const u8 *) &igtk, sizeof(igtk), NULL, 0);
01641 
01642         return pos;
01643 }
01644 
01645 #else /* CONFIG_IEEE80211W */
01646 
01647 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
01648 {
01649         return 0;
01650 }
01651 
01652 
01653 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
01654 {
01655         return pos;
01656 }
01657 
01658 #endif /* CONFIG_IEEE80211W */
01659 
01660 
01661 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
01662 {
01663         u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
01664         size_t gtk_len, kde_len;
01665         struct wpa_group *gsm = sm->group;
01666         u8 *wpa_ie;
01667         int wpa_ie_len, secure, keyidx, encr = 0;
01668 
01669         SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
01670         sm->TimeoutEvt = FALSE;
01671 
01672         sm->TimeoutCtr++;
01673         if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
01674                 /* No point in sending the EAPOL-Key - we will disconnect
01675                  * immediately following this. */
01676                 return;
01677         }
01678 
01679         /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
01680            GTK[GN], IGTK, [FTIE], [TIE * 2])
01681          */
01682         os_memset(rsc, 0, WPA_KEY_RSC_LEN);
01683         wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
01684         /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
01685         wpa_ie = sm->wpa_auth->wpa_ie;
01686         wpa_ie_len = sm->wpa_auth->wpa_ie_len;
01687         if (sm->wpa == WPA_VERSION_WPA &&
01688             (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
01689             wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
01690                 /* WPA-only STA, remove RSN IE */
01691                 wpa_ie = wpa_ie + wpa_ie[1] + 2;
01692                 wpa_ie_len = wpa_ie[1] + 2;
01693         }
01694         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01695                         "sending 3/4 msg of 4-Way Handshake");
01696         if (sm->wpa == WPA_VERSION_WPA2) {
01697                 /* WPA2 send GTK in the 4-way handshake */
01698                 secure = 1;
01699                 gtk = gsm->GTK[gsm->GN - 1];
01700                 gtk_len = gsm->GTK_len;
01701                 keyidx = gsm->GN;
01702                 _rsc = rsc;
01703                 encr = 1;
01704         } else {
01705                 /* WPA does not include GTK in msg 3/4 */
01706                 secure = 0;
01707                 gtk = NULL;
01708                 gtk_len = 0;
01709                 keyidx = 0;
01710                 _rsc = NULL;
01711         }
01712 
01713         kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
01714         if (gtk)
01715                 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
01716 #ifdef CONFIG_IEEE80211R
01717         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
01718                 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
01719                 kde_len += 300; /* FTIE + 2 * TIE */
01720         }
01721 #endif /* CONFIG_IEEE80211R */
01722         kde = os_malloc(kde_len);
01723         if (kde == NULL)
01724                 return;
01725 
01726         pos = kde;
01727         os_memcpy(pos, wpa_ie, wpa_ie_len);
01728         pos += wpa_ie_len;
01729 #ifdef CONFIG_IEEE80211R
01730         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
01731                 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
01732                 if (res < 0) {
01733                         wpa_printf(MSG_ERROR, "FT: Failed to insert "
01734                                    "PMKR1Name into RSN IE in EAPOL-Key data");
01735                         os_free(kde);
01736                         return;
01737                 }
01738                 pos += res;
01739         }
01740 #endif /* CONFIG_IEEE80211R */
01741         if (gtk) {
01742                 u8 hdr[2];
01743                 hdr[0] = keyidx & 0x03;
01744                 hdr[1] = 0;
01745                 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
01746                                   gtk, gtk_len);
01747         }
01748         pos = ieee80211w_kde_add(sm, pos);
01749 
01750 #ifdef CONFIG_IEEE80211R
01751         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
01752                 int res;
01753                 struct wpa_auth_config *conf;
01754 
01755                 conf = &sm->wpa_auth->conf;
01756                 res = wpa_write_ftie(conf, conf->r0_key_holder,
01757                                      conf->r0_key_holder_len,
01758                                      NULL, NULL, pos, kde + kde_len - pos,
01759                                      NULL, 0);
01760                 if (res < 0) {
01761                         wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
01762                                    "into EAPOL-Key Key Data");
01763                         os_free(kde);
01764                         return;
01765                 }
01766                 pos += res;
01767 
01768                 /* TIE[ReassociationDeadline] (TU) */
01769                 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
01770                 *pos++ = 5;
01771                 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
01772                 WPA_PUT_LE32(pos, conf->reassociation_deadline);
01773                 pos += 4;
01774 
01775                 /* TIE[KeyLifetime] (seconds) */
01776                 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
01777                 *pos++ = 5;
01778                 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
01779                 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
01780                 pos += 4;
01781         }
01782 #endif /* CONFIG_IEEE80211R */
01783 
01784         wpa_send_eapol(sm->wpa_auth, sm,
01785                        (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
01786                        WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
01787                        WPA_KEY_INFO_KEY_TYPE,
01788                        _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
01789         os_free(kde);
01790 }
01791 
01792 
01793 SM_STATE(WPA_PTK, PTKINITDONE)
01794 {
01795         SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
01796         sm->EAPOLKeyReceived = FALSE;
01797         if (sm->Pair) {
01798                 enum wpa_alg alg;
01799                 int klen;
01800                 if (sm->pairwise == WPA_CIPHER_TKIP) {
01801                         alg = WPA_ALG_TKIP;
01802                         klen = 32;
01803                 } else {
01804                         alg = WPA_ALG_CCMP;
01805                         klen = 16;
01806                 }
01807                 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
01808                                      sm->PTK.tk1, klen)) {
01809                         wpa_sta_disconnect(sm->wpa_auth, sm->addr);
01810                         return;
01811                 }
01812                 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
01813                 sm->pairwise_set = TRUE;
01814 
01815                 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
01816                         eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
01817                         eloop_register_timeout(sm->wpa_auth->conf.
01818                                                wpa_ptk_rekey, 0, wpa_rekey_ptk,
01819                                                sm->wpa_auth, sm);
01820                 }
01821 
01822                 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01823                         wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01824                                            WPA_EAPOL_authorized, 1);
01825                 }
01826         }
01827 
01828         if (0 /* IBSS == TRUE */) {
01829                 sm->keycount++;
01830                 if (sm->keycount == 2) {
01831                         wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01832                                            WPA_EAPOL_portValid, 1);
01833                 }
01834         } else {
01835                 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
01836                                    1);
01837         }
01838         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
01839         wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
01840         if (sm->wpa == WPA_VERSION_WPA)
01841                 sm->PInitAKeys = TRUE;
01842         else
01843                 sm->has_GTK = TRUE;
01844         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
01845                          "pairwise key handshake completed (%s)",
01846                          sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
01847 
01848 #ifdef CONFIG_IEEE80211R
01849         wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
01850 #endif /* CONFIG_IEEE80211R */
01851 }
01852 
01853 
01854 SM_STEP(WPA_PTK)
01855 {
01856         struct wpa_authenticator *wpa_auth = sm->wpa_auth;
01857 
01858         if (sm->Init)
01859                 SM_ENTER(WPA_PTK, INITIALIZE);
01860         else if (sm->Disconnect
01861                  /* || FIX: dot11RSNAConfigSALifetime timeout */)
01862                 SM_ENTER(WPA_PTK, DISCONNECT);
01863         else if (sm->DeauthenticationRequest)
01864                 SM_ENTER(WPA_PTK, DISCONNECTED);
01865         else if (sm->AuthenticationRequest)
01866                 SM_ENTER(WPA_PTK, AUTHENTICATION);
01867         else if (sm->ReAuthenticationRequest)
01868                 SM_ENTER(WPA_PTK, AUTHENTICATION2);
01869         else if (sm->PTKRequest)
01870                 SM_ENTER(WPA_PTK, PTKSTART);
01871         else switch (sm->wpa_ptk_state) {
01872         case WPA_PTK_INITIALIZE:
01873                 break;
01874         case WPA_PTK_DISCONNECT:
01875                 SM_ENTER(WPA_PTK, DISCONNECTED);
01876                 break;
01877         case WPA_PTK_DISCONNECTED:
01878                 SM_ENTER(WPA_PTK, INITIALIZE);
01879                 break;
01880         case WPA_PTK_AUTHENTICATION:
01881                 SM_ENTER(WPA_PTK, AUTHENTICATION2);
01882                 break;
01883         case WPA_PTK_AUTHENTICATION2:
01884                 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
01885                     wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
01886                                        WPA_EAPOL_keyRun) > 0)
01887                         SM_ENTER(WPA_PTK, INITPMK);
01888                 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
01889                          /* FIX: && 802.1X::keyRun */)
01890                         SM_ENTER(WPA_PTK, INITPSK);
01891                 break;
01892         case WPA_PTK_INITPMK:
01893                 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
01894                                        WPA_EAPOL_keyAvailable) > 0)
01895                         SM_ENTER(WPA_PTK, PTKSTART);
01896                 else {
01897                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
01898                         SM_ENTER(WPA_PTK, DISCONNECT);
01899                 }
01900                 break;
01901         case WPA_PTK_INITPSK:
01902                 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
01903                         SM_ENTER(WPA_PTK, PTKSTART);
01904                 else {
01905                         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
01906                                         "no PSK configured for the STA");
01907                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
01908                         SM_ENTER(WPA_PTK, DISCONNECT);
01909                 }
01910                 break;
01911         case WPA_PTK_PTKSTART:
01912                 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01913                     sm->EAPOLKeyPairwise)
01914                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
01915                 else if (sm->TimeoutCtr >
01916                          (int) dot11RSNAConfigPairwiseUpdateCount) {
01917                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
01918                         SM_ENTER(WPA_PTK, DISCONNECT);
01919                 } else if (sm->TimeoutEvt)
01920                         SM_ENTER(WPA_PTK, PTKSTART);
01921                 break;
01922         case WPA_PTK_PTKCALCNEGOTIATING:
01923                 if (sm->MICVerified)
01924                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
01925                 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01926                          sm->EAPOLKeyPairwise)
01927                         SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
01928                 else if (sm->TimeoutEvt)
01929                         SM_ENTER(WPA_PTK, PTKSTART);
01930                 break;
01931         case WPA_PTK_PTKCALCNEGOTIATING2:
01932                 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
01933                 break;
01934         case WPA_PTK_PTKINITNEGOTIATING:
01935                 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01936                     sm->EAPOLKeyPairwise && sm->MICVerified)
01937                         SM_ENTER(WPA_PTK, PTKINITDONE);
01938                 else if (sm->TimeoutCtr >
01939                          (int) dot11RSNAConfigPairwiseUpdateCount) {
01940                         wpa_auth->dot11RSNA4WayHandshakeFailures++;
01941                         SM_ENTER(WPA_PTK, DISCONNECT);
01942                 } else if (sm->TimeoutEvt)
01943                         SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
01944                 break;
01945         case WPA_PTK_PTKINITDONE:
01946                 break;
01947         }
01948 }
01949 
01950 
01951 SM_STATE(WPA_PTK_GROUP, IDLE)
01952 {
01953         SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
01954         if (sm->Init) {
01955                 /* Init flag is not cleared here, so avoid busy
01956                  * loop by claiming nothing changed. */
01957                 sm->changed = FALSE;
01958         }
01959         sm->GTimeoutCtr = 0;
01960 }
01961 
01962 
01963 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
01964 {
01965         u8 rsc[WPA_KEY_RSC_LEN];
01966         struct wpa_group *gsm = sm->group;
01967         u8 *kde, *pos, hdr[2];
01968         size_t kde_len;
01969 
01970         SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
01971 
01972         sm->GTimeoutCtr++;
01973         if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
01974                 /* No point in sending the EAPOL-Key - we will disconnect
01975                  * immediately following this. */
01976                 return;
01977         }
01978 
01979         if (sm->wpa == WPA_VERSION_WPA)
01980                 sm->PInitAKeys = FALSE;
01981         sm->TimeoutEvt = FALSE;
01982         /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
01983         os_memset(rsc, 0, WPA_KEY_RSC_LEN);
01984         if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
01985                 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
01986         wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01987                         "sending 1/2 msg of Group Key Handshake");
01988 
01989         if (sm->wpa == WPA_VERSION_WPA2) {
01990                 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
01991                         ieee80211w_kde_len(sm);
01992                 kde = os_malloc(kde_len);
01993                 if (kde == NULL)
01994                         return;
01995 
01996                 pos = kde;
01997                 hdr[0] = gsm->GN & 0x03;
01998                 hdr[1] = 0;
01999                 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
02000                                   gsm->GTK[gsm->GN - 1], gsm->GTK_len);
02001                 pos = ieee80211w_kde_add(sm, pos);
02002         } else {
02003                 kde = gsm->GTK[gsm->GN - 1];
02004                 pos = kde + gsm->GTK_len;
02005         }
02006 
02007         wpa_send_eapol(sm->wpa_auth, sm,
02008                        WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
02009                        WPA_KEY_INFO_ACK |
02010                        (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
02011                        rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
02012         if (sm->wpa == WPA_VERSION_WPA2)
02013                 os_free(kde);
02014 }
02015 
02016 
02017 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
02018 {
02019         SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
02020         sm->EAPOLKeyReceived = FALSE;
02021         if (sm->GUpdateStationKeys)
02022                 sm->group->GKeyDoneStations--;
02023         sm->GUpdateStationKeys = FALSE;
02024         sm->GTimeoutCtr = 0;
02025         /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
02026         wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
02027                          "group key handshake completed (%s)",
02028                          sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
02029         sm->has_GTK = TRUE;
02030 }
02031 
02032 
02033 SM_STATE(WPA_PTK_GROUP, KEYERROR)
02034 {
02035         SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
02036         if (sm->GUpdateStationKeys)
02037                 sm->group->GKeyDoneStations--;
02038         sm->GUpdateStationKeys = FALSE;
02039         sm->Disconnect = TRUE;
02040 }
02041 
02042 
02043 SM_STEP(WPA_PTK_GROUP)
02044 {
02045         if (sm->Init || sm->PtkGroupInit) {
02046                 SM_ENTER(WPA_PTK_GROUP, IDLE);
02047                 sm->PtkGroupInit = FALSE;
02048         } else switch (sm->wpa_ptk_group_state) {
02049         case WPA_PTK_GROUP_IDLE:
02050                 if (sm->GUpdateStationKeys ||
02051                     (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
02052                         SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
02053                 break;
02054         case WPA_PTK_GROUP_REKEYNEGOTIATING:
02055                 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
02056                     !sm->EAPOLKeyPairwise && sm->MICVerified)
02057                         SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
02058                 else if (sm->GTimeoutCtr >
02059                          (int) dot11RSNAConfigGroupUpdateCount)
02060                         SM_ENTER(WPA_PTK_GROUP, KEYERROR);
02061                 else if (sm->TimeoutEvt)
02062                         SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
02063                 break;
02064         case WPA_PTK_GROUP_KEYERROR:
02065                 SM_ENTER(WPA_PTK_GROUP, IDLE);
02066                 break;
02067         case WPA_PTK_GROUP_REKEYESTABLISHED:
02068                 SM_ENTER(WPA_PTK_GROUP, IDLE);
02069                 break;
02070         }
02071 }
02072 
02073 
02074 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
02075                           struct wpa_group *group)
02076 {
02077         int ret = 0;
02078 
02079         /* FIX: is this the correct way of getting GNonce? */
02080         os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
02081         inc_byte_array(group->Counter, WPA_NONCE_LEN);
02082         wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
02083                        group->GTK[group->GN - 1], group->GTK_len);
02084 
02085 #ifdef CONFIG_IEEE80211W
02086         if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
02087                 if (os_get_random(group->IGTK[group->GN_igtk - 4],
02088                                   WPA_IGTK_LEN) < 0) {
02089                         wpa_printf(MSG_INFO, "RSN: Failed to get new random "
02090                                    "IGTK");
02091                         ret = -1;
02092                 }
02093                 wpa_hexdump_key(MSG_DEBUG, "IGTK",
02094                                 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
02095         }
02096 #endif /* CONFIG_IEEE80211W */
02097 
02098         return ret;
02099 }
02100 
02101 
02102 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
02103                                struct wpa_group *group)
02104 {
02105         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
02106                    "GTK_INIT (VLAN-ID %d)", group->vlan_id);
02107         group->changed = FALSE; /* GInit is not cleared here; avoid loop */
02108         group->wpa_group_state = WPA_GROUP_GTK_INIT;
02109 
02110         /* GTK[0..N] = 0 */
02111         os_memset(group->GTK, 0, sizeof(group->GTK));
02112         group->GN = 1;
02113         group->GM = 2;
02114 #ifdef CONFIG_IEEE80211W
02115         group->GN_igtk = 4;
02116         group->GM_igtk = 5;
02117 #endif /* CONFIG_IEEE80211W */
02118         /* GTK[GN] = CalcGTK() */
02119         wpa_gtk_update(wpa_auth, group);
02120 }
02121 
02122 
02123 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
02124 {
02125         if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
02126                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
02127                                 "Not in PTKINITDONE; skip Group Key update");
02128                 return 0;
02129         }
02130         if (sm->GUpdateStationKeys) {
02131                 /*
02132                  * This should not really happen, but just in case, make sure
02133                  * we do not count the same STA twice in GKeyDoneStations.
02134                  */
02135                 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
02136                                 "GUpdateStationKeys already set - do not "
02137                                 "increment GKeyDoneStations");
02138         } else {
02139                 sm->group->GKeyDoneStations++;
02140                 sm->GUpdateStationKeys = TRUE;
02141         }
02142         wpa_sm_step(sm);
02143         return 0;
02144 }
02145 
02146 
02147 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
02148                               struct wpa_group *group)
02149 {
02150         int tmp;
02151 
02152         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
02153                    "SETKEYS (VLAN-ID %d)", group->vlan_id);
02154         group->changed = TRUE;
02155         group->wpa_group_state = WPA_GROUP_SETKEYS;
02156         group->GTKReKey = FALSE;
02157         tmp = group->GM;
02158         group->GM = group->GN;
02159         group->GN = tmp;
02160 #ifdef CONFIG_IEEE80211W
02161         tmp = group->GM_igtk;
02162         group->GM_igtk = group->GN_igtk;
02163         group->GN_igtk = tmp;
02164 #endif /* CONFIG_IEEE80211W */
02165         /* "GKeyDoneStations = GNoStations" is done in more robust way by
02166          * counting the STAs that are marked with GUpdateStationKeys instead of
02167          * including all STAs that could be in not-yet-completed state. */
02168         wpa_gtk_update(wpa_auth, group);
02169 
02170         wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
02171         wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
02172                    group->GKeyDoneStations);
02173 }
02174 
02175 
02176 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
02177                                   struct wpa_group *group)
02178 {
02179         wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
02180                    "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
02181         group->changed = TRUE;
02182         group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
02183         wpa_auth_set_key(wpa_auth, group->vlan_id,
02184                          wpa_alg_enum(wpa_auth->conf.wpa_group),
02185                          NULL, group->GN, group->GTK[group->GN - 1],
02186                          group->GTK_len);
02187 
02188 #ifdef CONFIG_IEEE80211W
02189         if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
02190                 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
02191                                  NULL, group->GN_igtk,
02192                                  group->IGTK[group->GN_igtk - 4],
02193                                  WPA_IGTK_LEN);
02194         }
02195 #endif /* CONFIG_IEEE80211W */
02196 }
02197 
02198 
02199 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
02200                               struct wpa_group *group)
02201 {
02202         if (group->GInit) {
02203                 wpa_group_gtk_init(wpa_auth, group);
02204         } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
02205                    group->GTKAuthenticator) {
02206                 wpa_group_setkeysdone(wpa_auth, group);
02207         } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
02208                    group->GTKReKey) {
02209                 wpa_group_setkeys(wpa_auth, group);
02210         } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
02211                 if (group->GKeyDoneStations == 0)
02212                         wpa_group_setkeysdone(wpa_auth, group);
02213                 else if (group->GTKReKey)
02214                         wpa_group_setkeys(wpa_auth, group);
02215         }
02216 }
02217 
02218 
02219 static int wpa_sm_step(struct wpa_state_machine *sm)
02220 {
02221         if (sm == NULL)
02222                 return 0;
02223 
02224         if (sm->in_step_loop) {
02225                 /* This should not happen, but if it does, make sure we do not
02226                  * end up freeing the state machine too early by exiting the
02227                  * recursive call. */
02228                 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
02229                 return 0;
02230         }
02231 
02232         sm->in_step_loop = 1;
02233         do {
02234                 if (sm->pending_deinit)
02235                         break;
02236 
02237                 sm->changed = FALSE;
02238                 sm->wpa_auth->group->changed = FALSE;
02239 
02240                 SM_STEP_RUN(WPA_PTK);
02241                 if (sm->pending_deinit)
02242                         break;
02243                 SM_STEP_RUN(WPA_PTK_GROUP);
02244                 if (sm->pending_deinit)
02245                         break;
02246                 wpa_group_sm_step(sm->wpa_auth, sm->group);
02247         } while (sm->changed || sm->wpa_auth->group->changed);
02248         sm->in_step_loop = 0;
02249 
02250         if (sm->pending_deinit) {
02251                 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
02252                            "machine deinit for " MACSTR, MAC2STR(sm->addr));
02253                 wpa_free_sta_sm(sm);
02254                 return 1;
02255         }
02256         return 0;
02257 }
02258 
02259 
02260 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
02261 {
02262         struct wpa_state_machine *sm = eloop_ctx;
02263         wpa_sm_step(sm);
02264 }
02265 
02266 
02267 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
02268 {
02269         if (sm == NULL)
02270                 return;
02271         eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
02272 }
02273 
02274 
02275 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
02276 {
02277         int tmp, i;
02278         struct wpa_group *group;
02279 
02280         if (wpa_auth == NULL)
02281                 return;
02282 
02283         group = wpa_auth->group;
02284 
02285         for (i = 0; i < 2; i++) {
02286                 tmp = group->GM;
02287                 group->GM = group->GN;
02288                 group->GN = tmp;
02289 #ifdef CONFIG_IEEE80211W
02290                 tmp = group->GM_igtk;
02291                 group->GM_igtk = group->GN_igtk;
02292                 group->GN_igtk = tmp;
02293 #endif /* CONFIG_IEEE80211W */
02294                 wpa_gtk_update(wpa_auth, group);
02295         }
02296 }
02297 
02298 
02299 static const char * wpa_bool_txt(int bool)
02300 {
02301         return bool ? "TRUE" : "FALSE";
02302 }
02303 
02304 
02305 static int wpa_cipher_bits(int cipher)
02306 {
02307         switch (cipher) {
02308         case WPA_CIPHER_CCMP:
02309                 return 128;
02310         case WPA_CIPHER_TKIP:
02311                 return 256;
02312         case WPA_CIPHER_WEP104:
02313                 return 104;
02314         case WPA_CIPHER_WEP40:
02315                 return 40;
02316         default:
02317                 return 0;
02318         }
02319 }
02320 
02321 
02322 #define RSN_SUITE "%02x-%02x-%02x-%d"
02323 #define RSN_SUITE_ARG(s) \
02324 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
02325 
02326 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
02327 {
02328         int len = 0, ret;
02329         char pmkid_txt[PMKID_LEN * 2 + 1];
02330 
02331         if (wpa_auth == NULL)
02332                 return len;
02333 
02334         ret = os_snprintf(buf + len, buflen - len,
02335                           "dot11RSNAOptionImplemented=TRUE\n"
02336 #ifdef CONFIG_RSN_PREAUTH
02337                           "dot11RSNAPreauthenticationImplemented=TRUE\n"
02338 #else /* CONFIG_RSN_PREAUTH */
02339                           "dot11RSNAPreauthenticationImplemented=FALSE\n"
02340 #endif /* CONFIG_RSN_PREAUTH */
02341                           "dot11RSNAEnabled=%s\n"
02342                           "dot11RSNAPreauthenticationEnabled=%s\n",
02343                           wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
02344                           wpa_bool_txt(wpa_auth->conf.rsn_preauth));
02345         if (ret < 0 || (size_t) ret >= buflen - len)
02346                 return len;
02347         len += ret;
02348 
02349         wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
02350                          wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
02351 
02352         ret = os_snprintf(
02353                 buf + len, buflen - len,
02354                 "dot11RSNAConfigVersion=%u\n"
02355                 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
02356                 /* FIX: dot11RSNAConfigGroupCipher */
02357                 /* FIX: dot11RSNAConfigGroupRekeyMethod */
02358                 /* FIX: dot11RSNAConfigGroupRekeyTime */
02359                 /* FIX: dot11RSNAConfigGroupRekeyPackets */
02360                 "dot11RSNAConfigGroupRekeyStrict=%u\n"
02361                 "dot11RSNAConfigGroupUpdateCount=%u\n"
02362                 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
02363                 "dot11RSNAConfigGroupCipherSize=%u\n"
02364                 "dot11RSNAConfigPMKLifetime=%u\n"
02365                 "dot11RSNAConfigPMKReauthThreshold=%u\n"
02366                 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
02367                 "dot11RSNAConfigSATimeout=%u\n"
02368                 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
02369                 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
02370                 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
02371                 "dot11RSNAPMKIDUsed=%s\n"
02372                 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
02373                 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
02374                 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
02375                 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
02376                 "dot11RSNA4WayHandshakeFailures=%u\n"
02377                 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
02378                 RSN_VERSION,
02379                 !!wpa_auth->conf.wpa_strict_rekey,
02380                 dot11RSNAConfigGroupUpdateCount,
02381                 dot11RSNAConfigPairwiseUpdateCount,
02382                 wpa_cipher_bits(wpa_auth->conf.wpa_group),
02383                 dot11RSNAConfigPMKLifetime,
02384                 dot11RSNAConfigPMKReauthThreshold,
02385                 dot11RSNAConfigSATimeout,
02386                 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
02387                 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
02388                 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
02389                 pmkid_txt,
02390                 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
02391                 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
02392                 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
02393                 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
02394                 wpa_auth->dot11RSNA4WayHandshakeFailures);
02395         if (ret < 0 || (size_t) ret >= buflen - len)
02396                 return len;
02397         len += ret;
02398 
02399         /* TODO: dot11RSNAConfigPairwiseCiphersTable */
02400         /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
02401 
02402         /* Private MIB */
02403         ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
02404                           wpa_auth->group->wpa_group_state);
02405         if (ret < 0 || (size_t) ret >= buflen - len)
02406                 return len;
02407         len += ret;
02408 
02409         return len;
02410 }
02411 
02412 
02413 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
02414 {
02415         int len = 0, ret;
02416         u32 pairwise = 0;
02417 
02418         if (sm == NULL)
02419                 return 0;
02420 
02421         /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
02422 
02423         /* dot11RSNAStatsEntry */
02424 
02425         if (sm->wpa == WPA_VERSION_WPA) {
02426                 if (sm->pairwise == WPA_CIPHER_CCMP)
02427                         pairwise = WPA_CIPHER_SUITE_CCMP;
02428                 else if (sm->pairwise == WPA_CIPHER_TKIP)
02429                         pairwise = WPA_CIPHER_SUITE_TKIP;
02430                 else if (sm->pairwise == WPA_CIPHER_WEP104)
02431                         pairwise = WPA_CIPHER_SUITE_WEP104;
02432                 else if (sm->pairwise == WPA_CIPHER_WEP40)
02433                         pairwise = WPA_CIPHER_SUITE_WEP40;
02434                 else if (sm->pairwise == WPA_CIPHER_NONE)
02435                         pairwise = WPA_CIPHER_SUITE_NONE;
02436         } else if (sm->wpa == WPA_VERSION_WPA2) {
02437                 if (sm->pairwise == WPA_CIPHER_CCMP)
02438                         pairwise = RSN_CIPHER_SUITE_CCMP;
02439                 else if (sm->pairwise == WPA_CIPHER_TKIP)
02440                         pairwise = RSN_CIPHER_SUITE_TKIP;
02441                 else if (sm->pairwise == WPA_CIPHER_WEP104)
02442                         pairwise = RSN_CIPHER_SUITE_WEP104;
02443                 else if (sm->pairwise == WPA_CIPHER_WEP40)
02444                         pairwise = RSN_CIPHER_SUITE_WEP40;
02445                 else if (sm->pairwise == WPA_CIPHER_NONE)
02446                         pairwise = RSN_CIPHER_SUITE_NONE;
02447         } else
02448                 return 0;
02449 
02450         ret = os_snprintf(
02451                 buf + len, buflen - len,
02452                 /* TODO: dot11RSNAStatsIndex */
02453                 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
02454                 "dot11RSNAStatsVersion=1\n"
02455                 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
02456                 /* TODO: dot11RSNAStatsTKIPICVErrors */
02457                 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
02458                 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
02459                 /* TODO: dot11RSNAStatsCCMPReplays */
02460                 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
02461                 /* TODO: dot11RSNAStatsTKIPReplays */,
02462                 MAC2STR(sm->addr),
02463                 RSN_SUITE_ARG(pairwise),
02464                 sm->dot11RSNAStatsTKIPLocalMICFailures,
02465                 sm->dot11RSNAStatsTKIPRemoteMICFailures);
02466         if (ret < 0 || (size_t) ret >= buflen - len)
02467                 return len;
02468         len += ret;
02469 
02470         /* Private MIB */
02471         ret = os_snprintf(buf + len, buflen - len,
02472                           "hostapdWPAPTKState=%d\n"
02473                           "hostapdWPAPTKGroupState=%d\n",
02474                           sm->wpa_ptk_state,
02475                           sm->wpa_ptk_group_state);
02476         if (ret < 0 || (size_t) ret >= buflen - len)
02477                 return len;
02478         len += ret;
02479 
02480         return len;
02481 }
02482 
02483 
02484 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
02485 {
02486         if (wpa_auth)
02487                 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
02488 }
02489 
02490 
02491 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
02492 {
02493         return sm && sm->pairwise_set;
02494 }
02495 
02496 
02497 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
02498 {
02499         return sm->pairwise;
02500 }
02501 
02502 
02503 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
02504 {
02505         if (sm == NULL)
02506                 return -1;
02507         return sm->wpa_key_mgmt;
02508 }
02509 
02510 
02511 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
02512 {
02513         if (sm == NULL)
02514                 return 0;
02515         return sm->wpa;
02516 }
02517 
02518 
02519 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
02520                              struct rsn_pmksa_cache_entry *entry)
02521 {
02522         if (sm == NULL || sm->pmksa != entry)
02523                 return -1;
02524         sm->pmksa = NULL;
02525         return 0;
02526 }
02527 
02528 
02529 struct rsn_pmksa_cache_entry *
02530 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
02531 {
02532         return sm ? sm->pmksa : NULL;
02533 }
02534 
02535 
02536 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
02537 {
02538         if (sm)
02539                 sm->dot11RSNAStatsTKIPLocalMICFailures++;
02540 }
02541 
02542 
02543 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
02544 {
02545         if (wpa_auth == NULL)
02546                 return NULL;
02547         *len = wpa_auth->wpa_ie_len;
02548         return wpa_auth->wpa_ie;
02549 }
02550 
02551 
02552 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
02553                        int session_timeout, struct eapol_state_machine *eapol)
02554 {
02555         if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
02556                 return -1;
02557 
02558         if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
02559                                  sm->wpa_auth->addr, sm->addr, session_timeout,
02560                                  eapol, sm->wpa_key_mgmt))
02561                 return 0;
02562 
02563         return -1;
02564 }
02565 
02566 
02567 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
02568                                const u8 *pmk, size_t len, const u8 *sta_addr,
02569                                int session_timeout,
02570                                struct eapol_state_machine *eapol)
02571 {
02572         if (wpa_auth == NULL)
02573                 return -1;
02574 
02575         if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
02576                                  sta_addr, session_timeout, eapol,
02577                                  WPA_KEY_MGMT_IEEE8021X))
02578                 return 0;
02579 
02580         return -1;
02581 }
02582 
02583 
02584 static struct wpa_group *
02585 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
02586 {
02587         struct wpa_group *group;
02588 
02589         if (wpa_auth == NULL || wpa_auth->group == NULL)
02590                 return NULL;
02591 
02592         wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
02593                    vlan_id);
02594         group = wpa_group_init(wpa_auth, vlan_id);
02595         if (group == NULL)
02596                 return NULL;
02597 
02598         group->next = wpa_auth->group->next;
02599         wpa_auth->group->next = group;
02600 
02601         return group;
02602 }
02603 
02604 
02605 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
02606 {
02607         struct wpa_group *group;
02608 
02609         if (sm == NULL || sm->wpa_auth == NULL)
02610                 return 0;
02611 
02612         group = sm->wpa_auth->group;
02613         while (group) {
02614                 if (group->vlan_id == vlan_id)
02615                         break;
02616                 group = group->next;
02617         }
02618 
02619         if (group == NULL) {
02620                 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
02621                 if (group == NULL)
02622                         return -1;
02623         }
02624 
02625         if (sm->group == group)
02626                 return 0;
02627 
02628         wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
02629                    "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
02630 
02631         sm->group = group;
02632         return 0;
02633 }


wpa_supplicant
Author(s): Package maintained by Blaise Gassend
autogenerated on Thu Jan 2 2014 11:26:39