1 | #include <machine/rtems-bsd-user-space.h> |
---|
2 | |
---|
3 | /* |
---|
4 | * IEEE 802.11 RSN / WPA Authenticator |
---|
5 | * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> |
---|
6 | * |
---|
7 | * This software may be distributed under the terms of the BSD license. |
---|
8 | * See README for more details. |
---|
9 | */ |
---|
10 | |
---|
11 | #include "utils/includes.h" |
---|
12 | |
---|
13 | #include "utils/common.h" |
---|
14 | #include "utils/eloop.h" |
---|
15 | #include "utils/state_machine.h" |
---|
16 | #include "utils/bitfield.h" |
---|
17 | #include "common/ieee802_11_defs.h" |
---|
18 | #include "crypto/aes_wrap.h" |
---|
19 | #include "crypto/crypto.h" |
---|
20 | #include "crypto/sha1.h" |
---|
21 | #include "crypto/sha256.h" |
---|
22 | #include "crypto/random.h" |
---|
23 | #include "eapol_auth/eapol_auth_sm.h" |
---|
24 | #include "ap_config.h" |
---|
25 | #include "ieee802_11.h" |
---|
26 | #include "wpa_auth.h" |
---|
27 | #include "pmksa_cache_auth.h" |
---|
28 | #include "wpa_auth_i.h" |
---|
29 | #include "wpa_auth_ie.h" |
---|
30 | |
---|
31 | #define STATE_MACHINE_DATA struct wpa_state_machine |
---|
32 | #define STATE_MACHINE_DEBUG_PREFIX "WPA" |
---|
33 | #define STATE_MACHINE_ADDR sm->addr |
---|
34 | |
---|
35 | |
---|
36 | static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); |
---|
37 | static int wpa_sm_step(struct wpa_state_machine *sm); |
---|
38 | static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, |
---|
39 | size_t data_len); |
---|
40 | static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); |
---|
41 | static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, |
---|
42 | struct wpa_group *group); |
---|
43 | static void wpa_request_new_ptk(struct wpa_state_machine *sm); |
---|
44 | static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, |
---|
45 | struct wpa_group *group); |
---|
46 | static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, |
---|
47 | struct wpa_group *group); |
---|
48 | static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, |
---|
49 | const u8 *pmk, struct wpa_ptk *ptk); |
---|
50 | static void wpa_group_free(struct wpa_authenticator *wpa_auth, |
---|
51 | struct wpa_group *group); |
---|
52 | static void wpa_group_get(struct wpa_authenticator *wpa_auth, |
---|
53 | struct wpa_group *group); |
---|
54 | static void wpa_group_put(struct wpa_authenticator *wpa_auth, |
---|
55 | struct wpa_group *group); |
---|
56 | |
---|
57 | static const u32 dot11RSNAConfigGroupUpdateCount = 4; |
---|
58 | static const u32 dot11RSNAConfigPairwiseUpdateCount = 4; |
---|
59 | static const u32 eapol_key_timeout_first = 100; /* ms */ |
---|
60 | static const u32 eapol_key_timeout_subseq = 1000; /* ms */ |
---|
61 | static const u32 eapol_key_timeout_first_group = 500; /* ms */ |
---|
62 | |
---|
63 | /* TODO: make these configurable */ |
---|
64 | static const int dot11RSNAConfigPMKLifetime = 43200; |
---|
65 | static const int dot11RSNAConfigPMKReauthThreshold = 70; |
---|
66 | static const int dot11RSNAConfigSATimeout = 60; |
---|
67 | |
---|
68 | |
---|
69 | static inline int wpa_auth_mic_failure_report( |
---|
70 | struct wpa_authenticator *wpa_auth, const u8 *addr) |
---|
71 | { |
---|
72 | if (wpa_auth->cb.mic_failure_report) |
---|
73 | return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); |
---|
74 | return 0; |
---|
75 | } |
---|
76 | |
---|
77 | |
---|
78 | static inline void wpa_auth_psk_failure_report( |
---|
79 | struct wpa_authenticator *wpa_auth, const u8 *addr) |
---|
80 | { |
---|
81 | if (wpa_auth->cb.psk_failure_report) |
---|
82 | wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr); |
---|
83 | } |
---|
84 | |
---|
85 | |
---|
86 | static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, |
---|
87 | const u8 *addr, wpa_eapol_variable var, |
---|
88 | int value) |
---|
89 | { |
---|
90 | if (wpa_auth->cb.set_eapol) |
---|
91 | wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); |
---|
92 | } |
---|
93 | |
---|
94 | |
---|
95 | static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, |
---|
96 | const u8 *addr, wpa_eapol_variable var) |
---|
97 | { |
---|
98 | if (wpa_auth->cb.get_eapol == NULL) |
---|
99 | return -1; |
---|
100 | return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); |
---|
101 | } |
---|
102 | |
---|
103 | |
---|
104 | static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, |
---|
105 | const u8 *addr, |
---|
106 | const u8 *p2p_dev_addr, |
---|
107 | const u8 *prev_psk) |
---|
108 | { |
---|
109 | if (wpa_auth->cb.get_psk == NULL) |
---|
110 | return NULL; |
---|
111 | return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr, |
---|
112 | prev_psk); |
---|
113 | } |
---|
114 | |
---|
115 | |
---|
116 | static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth, |
---|
117 | const u8 *addr, u8 *msk, size_t *len) |
---|
118 | { |
---|
119 | if (wpa_auth->cb.get_msk == NULL) |
---|
120 | return -1; |
---|
121 | return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len); |
---|
122 | } |
---|
123 | |
---|
124 | |
---|
125 | static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, |
---|
126 | int vlan_id, |
---|
127 | enum wpa_alg alg, const u8 *addr, int idx, |
---|
128 | u8 *key, size_t key_len) |
---|
129 | { |
---|
130 | if (wpa_auth->cb.set_key == NULL) |
---|
131 | return -1; |
---|
132 | return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, |
---|
133 | key, key_len); |
---|
134 | } |
---|
135 | |
---|
136 | |
---|
137 | static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, |
---|
138 | const u8 *addr, int idx, u8 *seq) |
---|
139 | { |
---|
140 | if (wpa_auth->cb.get_seqnum == NULL) |
---|
141 | return -1; |
---|
142 | return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); |
---|
143 | } |
---|
144 | |
---|
145 | |
---|
146 | static inline int |
---|
147 | wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, |
---|
148 | const u8 *data, size_t data_len, int encrypt) |
---|
149 | { |
---|
150 | if (wpa_auth->cb.send_eapol == NULL) |
---|
151 | return -1; |
---|
152 | return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, |
---|
153 | encrypt); |
---|
154 | } |
---|
155 | |
---|
156 | |
---|
157 | #ifdef CONFIG_MESH |
---|
158 | static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth, |
---|
159 | const u8 *addr) |
---|
160 | { |
---|
161 | if (wpa_auth->cb.start_ampe == NULL) |
---|
162 | return -1; |
---|
163 | return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr); |
---|
164 | } |
---|
165 | #endif /* CONFIG_MESH */ |
---|
166 | |
---|
167 | |
---|
168 | int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, |
---|
169 | int (*cb)(struct wpa_state_machine *sm, void *ctx), |
---|
170 | void *cb_ctx) |
---|
171 | { |
---|
172 | if (wpa_auth->cb.for_each_sta == NULL) |
---|
173 | return 0; |
---|
174 | return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); |
---|
175 | } |
---|
176 | |
---|
177 | |
---|
178 | int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, |
---|
179 | int (*cb)(struct wpa_authenticator *a, void *ctx), |
---|
180 | void *cb_ctx) |
---|
181 | { |
---|
182 | if (wpa_auth->cb.for_each_auth == NULL) |
---|
183 | return 0; |
---|
184 | return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx); |
---|
185 | } |
---|
186 | |
---|
187 | |
---|
188 | void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, |
---|
189 | logger_level level, const char *txt) |
---|
190 | { |
---|
191 | if (wpa_auth->cb.logger == NULL) |
---|
192 | return; |
---|
193 | wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); |
---|
194 | } |
---|
195 | |
---|
196 | |
---|
197 | void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr, |
---|
198 | logger_level level, const char *fmt, ...) |
---|
199 | { |
---|
200 | char *format; |
---|
201 | int maxlen; |
---|
202 | va_list ap; |
---|
203 | |
---|
204 | if (wpa_auth->cb.logger == NULL) |
---|
205 | return; |
---|
206 | |
---|
207 | maxlen = os_strlen(fmt) + 100; |
---|
208 | format = os_malloc(maxlen); |
---|
209 | if (!format) |
---|
210 | return; |
---|
211 | |
---|
212 | va_start(ap, fmt); |
---|
213 | vsnprintf(format, maxlen, fmt, ap); |
---|
214 | va_end(ap); |
---|
215 | |
---|
216 | wpa_auth_logger(wpa_auth, addr, level, format); |
---|
217 | |
---|
218 | os_free(format); |
---|
219 | } |
---|
220 | |
---|
221 | |
---|
222 | static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, |
---|
223 | const u8 *addr) |
---|
224 | { |
---|
225 | if (wpa_auth->cb.disconnect == NULL) |
---|
226 | return; |
---|
227 | wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr)); |
---|
228 | wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, |
---|
229 | WLAN_REASON_PREV_AUTH_NOT_VALID); |
---|
230 | } |
---|
231 | |
---|
232 | |
---|
233 | static int wpa_use_aes_cmac(struct wpa_state_machine *sm) |
---|
234 | { |
---|
235 | int ret = 0; |
---|
236 | #ifdef CONFIG_IEEE80211R |
---|
237 | if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) |
---|
238 | ret = 1; |
---|
239 | #endif /* CONFIG_IEEE80211R */ |
---|
240 | #ifdef CONFIG_IEEE80211W |
---|
241 | if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) |
---|
242 | ret = 1; |
---|
243 | #endif /* CONFIG_IEEE80211W */ |
---|
244 | if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) |
---|
245 | ret = 1; |
---|
246 | return ret; |
---|
247 | } |
---|
248 | |
---|
249 | |
---|
250 | static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) |
---|
251 | { |
---|
252 | struct wpa_authenticator *wpa_auth = eloop_ctx; |
---|
253 | |
---|
254 | if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { |
---|
255 | wpa_printf(MSG_ERROR, "Failed to get random data for WPA " |
---|
256 | "initialization."); |
---|
257 | } else { |
---|
258 | wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); |
---|
259 | wpa_hexdump_key(MSG_DEBUG, "GMK", |
---|
260 | wpa_auth->group->GMK, WPA_GMK_LEN); |
---|
261 | } |
---|
262 | |
---|
263 | if (wpa_auth->conf.wpa_gmk_rekey) { |
---|
264 | eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, |
---|
265 | wpa_rekey_gmk, wpa_auth, NULL); |
---|
266 | } |
---|
267 | } |
---|
268 | |
---|
269 | |
---|
270 | static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) |
---|
271 | { |
---|
272 | struct wpa_authenticator *wpa_auth = eloop_ctx; |
---|
273 | struct wpa_group *group, *next; |
---|
274 | |
---|
275 | wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); |
---|
276 | group = wpa_auth->group; |
---|
277 | while (group) { |
---|
278 | wpa_group_get(wpa_auth, group); |
---|
279 | |
---|
280 | group->GTKReKey = TRUE; |
---|
281 | do { |
---|
282 | group->changed = FALSE; |
---|
283 | wpa_group_sm_step(wpa_auth, group); |
---|
284 | } while (group->changed); |
---|
285 | |
---|
286 | next = group->next; |
---|
287 | wpa_group_put(wpa_auth, group); |
---|
288 | group = next; |
---|
289 | } |
---|
290 | |
---|
291 | if (wpa_auth->conf.wpa_group_rekey) { |
---|
292 | eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, |
---|
293 | 0, wpa_rekey_gtk, wpa_auth, NULL); |
---|
294 | } |
---|
295 | } |
---|
296 | |
---|
297 | |
---|
298 | static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx) |
---|
299 | { |
---|
300 | struct wpa_authenticator *wpa_auth = eloop_ctx; |
---|
301 | struct wpa_state_machine *sm = timeout_ctx; |
---|
302 | |
---|
303 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK"); |
---|
304 | wpa_request_new_ptk(sm); |
---|
305 | wpa_sm_step(sm); |
---|
306 | } |
---|
307 | |
---|
308 | |
---|
309 | static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) |
---|
310 | { |
---|
311 | if (sm->pmksa == ctx) |
---|
312 | sm->pmksa = NULL; |
---|
313 | return 0; |
---|
314 | } |
---|
315 | |
---|
316 | |
---|
317 | static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, |
---|
318 | void *ctx) |
---|
319 | { |
---|
320 | struct wpa_authenticator *wpa_auth = ctx; |
---|
321 | wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); |
---|
322 | } |
---|
323 | |
---|
324 | |
---|
325 | static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth, |
---|
326 | struct wpa_group *group) |
---|
327 | { |
---|
328 | u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)]; |
---|
329 | u8 rkey[32]; |
---|
330 | unsigned long ptr; |
---|
331 | |
---|
332 | if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0) |
---|
333 | return -1; |
---|
334 | wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); |
---|
335 | |
---|
336 | /* |
---|
337 | * Counter = PRF-256(Random number, "Init Counter", |
---|
338 | * Local MAC Address || Time) |
---|
339 | */ |
---|
340 | os_memcpy(buf, wpa_auth->addr, ETH_ALEN); |
---|
341 | wpa_get_ntp_timestamp(buf + ETH_ALEN); |
---|
342 | ptr = (unsigned long) group; |
---|
343 | os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr)); |
---|
344 | if (random_get_bytes(rkey, sizeof(rkey)) < 0) |
---|
345 | return -1; |
---|
346 | |
---|
347 | if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), |
---|
348 | group->Counter, WPA_NONCE_LEN) < 0) |
---|
349 | return -1; |
---|
350 | wpa_hexdump_key(MSG_DEBUG, "Key Counter", |
---|
351 | group->Counter, WPA_NONCE_LEN); |
---|
352 | |
---|
353 | return 0; |
---|
354 | } |
---|
355 | |
---|
356 | |
---|
357 | static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, |
---|
358 | int vlan_id, int delay_init) |
---|
359 | { |
---|
360 | struct wpa_group *group; |
---|
361 | |
---|
362 | group = os_zalloc(sizeof(struct wpa_group)); |
---|
363 | if (group == NULL) |
---|
364 | return NULL; |
---|
365 | |
---|
366 | group->GTKAuthenticator = TRUE; |
---|
367 | group->vlan_id = vlan_id; |
---|
368 | group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); |
---|
369 | |
---|
370 | if (random_pool_ready() != 1) { |
---|
371 | wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " |
---|
372 | "for secure operations - update keys later when " |
---|
373 | "the first station connects"); |
---|
374 | } |
---|
375 | |
---|
376 | /* |
---|
377 | * Set initial GMK/Counter value here. The actual values that will be |
---|
378 | * used in negotiations will be set once the first station tries to |
---|
379 | * connect. This allows more time for collecting additional randomness |
---|
380 | * on embedded devices. |
---|
381 | */ |
---|
382 | if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) { |
---|
383 | wpa_printf(MSG_ERROR, "Failed to get random data for WPA " |
---|
384 | "initialization."); |
---|
385 | os_free(group); |
---|
386 | return NULL; |
---|
387 | } |
---|
388 | |
---|
389 | group->GInit = TRUE; |
---|
390 | if (delay_init) { |
---|
391 | wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start " |
---|
392 | "until Beacon frames have been configured"); |
---|
393 | /* Initialization is completed in wpa_init_keys(). */ |
---|
394 | } else { |
---|
395 | wpa_group_sm_step(wpa_auth, group); |
---|
396 | group->GInit = FALSE; |
---|
397 | wpa_group_sm_step(wpa_auth, group); |
---|
398 | } |
---|
399 | |
---|
400 | return group; |
---|
401 | } |
---|
402 | |
---|
403 | |
---|
404 | /** |
---|
405 | * wpa_init - Initialize WPA authenticator |
---|
406 | * @addr: Authenticator address |
---|
407 | * @conf: Configuration for WPA authenticator |
---|
408 | * @cb: Callback functions for WPA authenticator |
---|
409 | * Returns: Pointer to WPA authenticator data or %NULL on failure |
---|
410 | */ |
---|
411 | struct wpa_authenticator * wpa_init(const u8 *addr, |
---|
412 | struct wpa_auth_config *conf, |
---|
413 | struct wpa_auth_callbacks *cb) |
---|
414 | { |
---|
415 | struct wpa_authenticator *wpa_auth; |
---|
416 | |
---|
417 | wpa_auth = os_zalloc(sizeof(struct wpa_authenticator)); |
---|
418 | if (wpa_auth == NULL) |
---|
419 | return NULL; |
---|
420 | os_memcpy(wpa_auth->addr, addr, ETH_ALEN); |
---|
421 | os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); |
---|
422 | os_memcpy(&wpa_auth->cb, cb, sizeof(*cb)); |
---|
423 | |
---|
424 | if (wpa_auth_gen_wpa_ie(wpa_auth)) { |
---|
425 | wpa_printf(MSG_ERROR, "Could not generate WPA IE."); |
---|
426 | os_free(wpa_auth); |
---|
427 | return NULL; |
---|
428 | } |
---|
429 | |
---|
430 | wpa_auth->group = wpa_group_init(wpa_auth, 0, 1); |
---|
431 | if (wpa_auth->group == NULL) { |
---|
432 | os_free(wpa_auth->wpa_ie); |
---|
433 | os_free(wpa_auth); |
---|
434 | return NULL; |
---|
435 | } |
---|
436 | |
---|
437 | wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb, |
---|
438 | wpa_auth); |
---|
439 | if (wpa_auth->pmksa == NULL) { |
---|
440 | wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); |
---|
441 | os_free(wpa_auth->group); |
---|
442 | os_free(wpa_auth->wpa_ie); |
---|
443 | os_free(wpa_auth); |
---|
444 | return NULL; |
---|
445 | } |
---|
446 | |
---|
447 | #ifdef CONFIG_IEEE80211R |
---|
448 | wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); |
---|
449 | if (wpa_auth->ft_pmk_cache == NULL) { |
---|
450 | wpa_printf(MSG_ERROR, "FT PMK cache initialization failed."); |
---|
451 | os_free(wpa_auth->group); |
---|
452 | os_free(wpa_auth->wpa_ie); |
---|
453 | pmksa_cache_auth_deinit(wpa_auth->pmksa); |
---|
454 | os_free(wpa_auth); |
---|
455 | return NULL; |
---|
456 | } |
---|
457 | #endif /* CONFIG_IEEE80211R */ |
---|
458 | |
---|
459 | if (wpa_auth->conf.wpa_gmk_rekey) { |
---|
460 | eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, |
---|
461 | wpa_rekey_gmk, wpa_auth, NULL); |
---|
462 | } |
---|
463 | |
---|
464 | if (wpa_auth->conf.wpa_group_rekey) { |
---|
465 | eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, |
---|
466 | wpa_rekey_gtk, wpa_auth, NULL); |
---|
467 | } |
---|
468 | |
---|
469 | #ifdef CONFIG_P2P |
---|
470 | if (WPA_GET_BE32(conf->ip_addr_start)) { |
---|
471 | int count = WPA_GET_BE32(conf->ip_addr_end) - |
---|
472 | WPA_GET_BE32(conf->ip_addr_start) + 1; |
---|
473 | if (count > 1000) |
---|
474 | count = 1000; |
---|
475 | if (count > 0) |
---|
476 | wpa_auth->ip_pool = bitfield_alloc(count); |
---|
477 | } |
---|
478 | #endif /* CONFIG_P2P */ |
---|
479 | |
---|
480 | return wpa_auth; |
---|
481 | } |
---|
482 | |
---|
483 | |
---|
484 | int wpa_init_keys(struct wpa_authenticator *wpa_auth) |
---|
485 | { |
---|
486 | struct wpa_group *group = wpa_auth->group; |
---|
487 | |
---|
488 | wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial " |
---|
489 | "keys"); |
---|
490 | wpa_group_sm_step(wpa_auth, group); |
---|
491 | group->GInit = FALSE; |
---|
492 | wpa_group_sm_step(wpa_auth, group); |
---|
493 | if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) |
---|
494 | return -1; |
---|
495 | return 0; |
---|
496 | } |
---|
497 | |
---|
498 | |
---|
499 | /** |
---|
500 | * wpa_deinit - Deinitialize WPA authenticator |
---|
501 | * @wpa_auth: Pointer to WPA authenticator data from wpa_init() |
---|
502 | */ |
---|
503 | void wpa_deinit(struct wpa_authenticator *wpa_auth) |
---|
504 | { |
---|
505 | struct wpa_group *group, *prev; |
---|
506 | |
---|
507 | eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); |
---|
508 | eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); |
---|
509 | |
---|
510 | #ifdef CONFIG_PEERKEY |
---|
511 | while (wpa_auth->stsl_negotiations) |
---|
512 | wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); |
---|
513 | #endif /* CONFIG_PEERKEY */ |
---|
514 | |
---|
515 | pmksa_cache_auth_deinit(wpa_auth->pmksa); |
---|
516 | |
---|
517 | #ifdef CONFIG_IEEE80211R |
---|
518 | wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache); |
---|
519 | wpa_auth->ft_pmk_cache = NULL; |
---|
520 | #endif /* CONFIG_IEEE80211R */ |
---|
521 | |
---|
522 | #ifdef CONFIG_P2P |
---|
523 | bitfield_free(wpa_auth->ip_pool); |
---|
524 | #endif /* CONFIG_P2P */ |
---|
525 | |
---|
526 | |
---|
527 | os_free(wpa_auth->wpa_ie); |
---|
528 | |
---|
529 | group = wpa_auth->group; |
---|
530 | while (group) { |
---|
531 | prev = group; |
---|
532 | group = group->next; |
---|
533 | os_free(prev); |
---|
534 | } |
---|
535 | |
---|
536 | os_free(wpa_auth); |
---|
537 | } |
---|
538 | |
---|
539 | |
---|
540 | /** |
---|
541 | * wpa_reconfig - Update WPA authenticator configuration |
---|
542 | * @wpa_auth: Pointer to WPA authenticator data from wpa_init() |
---|
543 | * @conf: Configuration for WPA authenticator |
---|
544 | */ |
---|
545 | int wpa_reconfig(struct wpa_authenticator *wpa_auth, |
---|
546 | struct wpa_auth_config *conf) |
---|
547 | { |
---|
548 | struct wpa_group *group; |
---|
549 | if (wpa_auth == NULL) |
---|
550 | return 0; |
---|
551 | |
---|
552 | os_memcpy(&wpa_auth->conf, conf, sizeof(*conf)); |
---|
553 | if (wpa_auth_gen_wpa_ie(wpa_auth)) { |
---|
554 | wpa_printf(MSG_ERROR, "Could not generate WPA IE."); |
---|
555 | return -1; |
---|
556 | } |
---|
557 | |
---|
558 | /* |
---|
559 | * Reinitialize GTK to make sure it is suitable for the new |
---|
560 | * configuration. |
---|
561 | */ |
---|
562 | group = wpa_auth->group; |
---|
563 | group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); |
---|
564 | group->GInit = TRUE; |
---|
565 | wpa_group_sm_step(wpa_auth, group); |
---|
566 | group->GInit = FALSE; |
---|
567 | wpa_group_sm_step(wpa_auth, group); |
---|
568 | |
---|
569 | return 0; |
---|
570 | } |
---|
571 | |
---|
572 | |
---|
573 | struct wpa_state_machine * |
---|
574 | wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, |
---|
575 | const u8 *p2p_dev_addr) |
---|
576 | { |
---|
577 | struct wpa_state_machine *sm; |
---|
578 | |
---|
579 | if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) |
---|
580 | return NULL; |
---|
581 | |
---|
582 | sm = os_zalloc(sizeof(struct wpa_state_machine)); |
---|
583 | if (sm == NULL) |
---|
584 | return NULL; |
---|
585 | os_memcpy(sm->addr, addr, ETH_ALEN); |
---|
586 | if (p2p_dev_addr) |
---|
587 | os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN); |
---|
588 | |
---|
589 | sm->wpa_auth = wpa_auth; |
---|
590 | sm->group = wpa_auth->group; |
---|
591 | wpa_group_get(sm->wpa_auth, sm->group); |
---|
592 | |
---|
593 | return sm; |
---|
594 | } |
---|
595 | |
---|
596 | |
---|
597 | int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, |
---|
598 | struct wpa_state_machine *sm) |
---|
599 | { |
---|
600 | if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) |
---|
601 | return -1; |
---|
602 | |
---|
603 | #ifdef CONFIG_IEEE80211R |
---|
604 | if (sm->ft_completed) { |
---|
605 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
606 | "FT authentication already completed - do not " |
---|
607 | "start 4-way handshake"); |
---|
608 | /* Go to PTKINITDONE state to allow GTK rekeying */ |
---|
609 | sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; |
---|
610 | return 0; |
---|
611 | } |
---|
612 | #endif /* CONFIG_IEEE80211R */ |
---|
613 | |
---|
614 | if (sm->started) { |
---|
615 | os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); |
---|
616 | sm->ReAuthenticationRequest = TRUE; |
---|
617 | return wpa_sm_step(sm); |
---|
618 | } |
---|
619 | |
---|
620 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
621 | "start authentication"); |
---|
622 | sm->started = 1; |
---|
623 | |
---|
624 | sm->Init = TRUE; |
---|
625 | if (wpa_sm_step(sm) == 1) |
---|
626 | return 1; /* should not really happen */ |
---|
627 | sm->Init = FALSE; |
---|
628 | sm->AuthenticationRequest = TRUE; |
---|
629 | return wpa_sm_step(sm); |
---|
630 | } |
---|
631 | |
---|
632 | |
---|
633 | void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) |
---|
634 | { |
---|
635 | /* WPA/RSN was not used - clear WPA state. This is needed if the STA |
---|
636 | * reassociates back to the same AP while the previous entry for the |
---|
637 | * STA has not yet been removed. */ |
---|
638 | if (sm == NULL) |
---|
639 | return; |
---|
640 | |
---|
641 | sm->wpa_key_mgmt = 0; |
---|
642 | } |
---|
643 | |
---|
644 | |
---|
645 | static void wpa_free_sta_sm(struct wpa_state_machine *sm) |
---|
646 | { |
---|
647 | #ifdef CONFIG_P2P |
---|
648 | if (WPA_GET_BE32(sm->ip_addr)) { |
---|
649 | u32 start; |
---|
650 | wpa_printf(MSG_DEBUG, "P2P: Free assigned IP " |
---|
651 | "address %u.%u.%u.%u from " MACSTR, |
---|
652 | sm->ip_addr[0], sm->ip_addr[1], |
---|
653 | sm->ip_addr[2], sm->ip_addr[3], |
---|
654 | MAC2STR(sm->addr)); |
---|
655 | start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start); |
---|
656 | bitfield_clear(sm->wpa_auth->ip_pool, |
---|
657 | WPA_GET_BE32(sm->ip_addr) - start); |
---|
658 | } |
---|
659 | #endif /* CONFIG_P2P */ |
---|
660 | if (sm->GUpdateStationKeys) { |
---|
661 | sm->group->GKeyDoneStations--; |
---|
662 | sm->GUpdateStationKeys = FALSE; |
---|
663 | } |
---|
664 | #ifdef CONFIG_IEEE80211R |
---|
665 | os_free(sm->assoc_resp_ftie); |
---|
666 | wpabuf_free(sm->ft_pending_req_ies); |
---|
667 | #endif /* CONFIG_IEEE80211R */ |
---|
668 | os_free(sm->last_rx_eapol_key); |
---|
669 | os_free(sm->wpa_ie); |
---|
670 | wpa_group_put(sm->wpa_auth, sm->group); |
---|
671 | os_free(sm); |
---|
672 | } |
---|
673 | |
---|
674 | |
---|
675 | void wpa_auth_sta_deinit(struct wpa_state_machine *sm) |
---|
676 | { |
---|
677 | if (sm == NULL) |
---|
678 | return; |
---|
679 | |
---|
680 | if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { |
---|
681 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
682 | "strict rekeying - force GTK rekey since STA " |
---|
683 | "is leaving"); |
---|
684 | eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); |
---|
685 | eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, |
---|
686 | NULL); |
---|
687 | } |
---|
688 | |
---|
689 | eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); |
---|
690 | sm->pending_1_of_4_timeout = 0; |
---|
691 | eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); |
---|
692 | eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); |
---|
693 | if (sm->in_step_loop) { |
---|
694 | /* Must not free state machine while wpa_sm_step() is running. |
---|
695 | * Freeing will be completed in the end of wpa_sm_step(). */ |
---|
696 | wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " |
---|
697 | "machine deinit for " MACSTR, MAC2STR(sm->addr)); |
---|
698 | sm->pending_deinit = 1; |
---|
699 | } else |
---|
700 | wpa_free_sta_sm(sm); |
---|
701 | } |
---|
702 | |
---|
703 | |
---|
704 | static void wpa_request_new_ptk(struct wpa_state_machine *sm) |
---|
705 | { |
---|
706 | if (sm == NULL) |
---|
707 | return; |
---|
708 | |
---|
709 | sm->PTKRequest = TRUE; |
---|
710 | sm->PTK_valid = 0; |
---|
711 | } |
---|
712 | |
---|
713 | |
---|
714 | static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr, |
---|
715 | const u8 *replay_counter) |
---|
716 | { |
---|
717 | int i; |
---|
718 | for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { |
---|
719 | if (!ctr[i].valid) |
---|
720 | break; |
---|
721 | if (os_memcmp(replay_counter, ctr[i].counter, |
---|
722 | WPA_REPLAY_COUNTER_LEN) == 0) |
---|
723 | return 1; |
---|
724 | } |
---|
725 | return 0; |
---|
726 | } |
---|
727 | |
---|
728 | |
---|
729 | static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr, |
---|
730 | const u8 *replay_counter) |
---|
731 | { |
---|
732 | int i; |
---|
733 | for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { |
---|
734 | if (ctr[i].valid && |
---|
735 | (replay_counter == NULL || |
---|
736 | os_memcmp(replay_counter, ctr[i].counter, |
---|
737 | WPA_REPLAY_COUNTER_LEN) == 0)) |
---|
738 | ctr[i].valid = FALSE; |
---|
739 | } |
---|
740 | } |
---|
741 | |
---|
742 | |
---|
743 | #ifdef CONFIG_IEEE80211R |
---|
744 | static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth, |
---|
745 | struct wpa_state_machine *sm, |
---|
746 | struct wpa_eapol_ie_parse *kde) |
---|
747 | { |
---|
748 | struct wpa_ie_data ie; |
---|
749 | struct rsn_mdie *mdie; |
---|
750 | |
---|
751 | if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || |
---|
752 | ie.num_pmkid != 1 || ie.pmkid == NULL) { |
---|
753 | wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " |
---|
754 | "FT 4-way handshake message 2/4"); |
---|
755 | return -1; |
---|
756 | } |
---|
757 | |
---|
758 | os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); |
---|
759 | wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant", |
---|
760 | sm->sup_pmk_r1_name, PMKID_LEN); |
---|
761 | |
---|
762 | if (!kde->mdie || !kde->ftie) { |
---|
763 | wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " |
---|
764 | "message 2/4", kde->mdie ? "FTIE" : "MDIE"); |
---|
765 | return -1; |
---|
766 | } |
---|
767 | |
---|
768 | mdie = (struct rsn_mdie *) (kde->mdie + 2); |
---|
769 | if (kde->mdie[1] < sizeof(struct rsn_mdie) || |
---|
770 | os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain, |
---|
771 | MOBILITY_DOMAIN_ID_LEN) != 0) { |
---|
772 | wpa_printf(MSG_DEBUG, "FT: MDIE mismatch"); |
---|
773 | return -1; |
---|
774 | } |
---|
775 | |
---|
776 | if (sm->assoc_resp_ftie && |
---|
777 | (kde->ftie[1] != sm->assoc_resp_ftie[1] || |
---|
778 | os_memcmp(kde->ftie, sm->assoc_resp_ftie, |
---|
779 | 2 + sm->assoc_resp_ftie[1]) != 0)) { |
---|
780 | wpa_printf(MSG_DEBUG, "FT: FTIE mismatch"); |
---|
781 | wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4", |
---|
782 | kde->ftie, kde->ftie_len); |
---|
783 | wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp", |
---|
784 | sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); |
---|
785 | return -1; |
---|
786 | } |
---|
787 | |
---|
788 | return 0; |
---|
789 | } |
---|
790 | #endif /* CONFIG_IEEE80211R */ |
---|
791 | |
---|
792 | |
---|
793 | static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth, |
---|
794 | struct wpa_state_machine *sm, int group) |
---|
795 | { |
---|
796 | /* Supplicant reported a Michael MIC error */ |
---|
797 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
798 | "received EAPOL-Key Error Request " |
---|
799 | "(STA detected Michael MIC failure (group=%d))", |
---|
800 | group); |
---|
801 | |
---|
802 | if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) { |
---|
803 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
804 | "ignore Michael MIC failure report since " |
---|
805 | "group cipher is not TKIP"); |
---|
806 | } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) { |
---|
807 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
808 | "ignore Michael MIC failure report since " |
---|
809 | "pairwise cipher is not TKIP"); |
---|
810 | } else { |
---|
811 | if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0) |
---|
812 | return 1; /* STA entry was removed */ |
---|
813 | sm->dot11RSNAStatsTKIPRemoteMICFailures++; |
---|
814 | wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; |
---|
815 | } |
---|
816 | |
---|
817 | /* |
---|
818 | * Error report is not a request for a new key handshake, but since |
---|
819 | * Authenticator may do it, let's change the keys now anyway. |
---|
820 | */ |
---|
821 | wpa_request_new_ptk(sm); |
---|
822 | return 0; |
---|
823 | } |
---|
824 | |
---|
825 | |
---|
826 | static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, |
---|
827 | size_t data_len) |
---|
828 | { |
---|
829 | struct wpa_ptk PTK; |
---|
830 | int ok = 0; |
---|
831 | const u8 *pmk = NULL; |
---|
832 | |
---|
833 | for (;;) { |
---|
834 | if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { |
---|
835 | pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, |
---|
836 | sm->p2p_dev_addr, pmk); |
---|
837 | if (pmk == NULL) |
---|
838 | break; |
---|
839 | } else |
---|
840 | pmk = sm->PMK; |
---|
841 | |
---|
842 | wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK); |
---|
843 | |
---|
844 | if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len) |
---|
845 | == 0) { |
---|
846 | ok = 1; |
---|
847 | break; |
---|
848 | } |
---|
849 | |
---|
850 | if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) |
---|
851 | break; |
---|
852 | } |
---|
853 | |
---|
854 | if (!ok) { |
---|
855 | wpa_printf(MSG_DEBUG, |
---|
856 | "WPA: Earlier SNonce did not result in matching MIC"); |
---|
857 | return -1; |
---|
858 | } |
---|
859 | |
---|
860 | wpa_printf(MSG_DEBUG, |
---|
861 | "WPA: Earlier SNonce resulted in matching MIC"); |
---|
862 | sm->alt_snonce_valid = 0; |
---|
863 | os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN); |
---|
864 | os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); |
---|
865 | sm->PTK_valid = TRUE; |
---|
866 | |
---|
867 | return 0; |
---|
868 | } |
---|
869 | |
---|
870 | |
---|
871 | void wpa_receive(struct wpa_authenticator *wpa_auth, |
---|
872 | struct wpa_state_machine *sm, |
---|
873 | u8 *data, size_t data_len) |
---|
874 | { |
---|
875 | struct ieee802_1x_hdr *hdr; |
---|
876 | struct wpa_eapol_key *key; |
---|
877 | struct wpa_eapol_key_192 *key192; |
---|
878 | u16 key_info, key_data_length; |
---|
879 | enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, |
---|
880 | SMK_M1, SMK_M3, SMK_ERROR } msg; |
---|
881 | char *msgtxt; |
---|
882 | struct wpa_eapol_ie_parse kde; |
---|
883 | int ft; |
---|
884 | const u8 *eapol_key_ie, *key_data; |
---|
885 | size_t eapol_key_ie_len, keyhdrlen, mic_len; |
---|
886 | |
---|
887 | if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) |
---|
888 | return; |
---|
889 | |
---|
890 | mic_len = wpa_mic_len(sm->wpa_key_mgmt); |
---|
891 | keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); |
---|
892 | |
---|
893 | if (data_len < sizeof(*hdr) + keyhdrlen) |
---|
894 | return; |
---|
895 | |
---|
896 | hdr = (struct ieee802_1x_hdr *) data; |
---|
897 | key = (struct wpa_eapol_key *) (hdr + 1); |
---|
898 | key192 = (struct wpa_eapol_key_192 *) (hdr + 1); |
---|
899 | key_info = WPA_GET_BE16(key->key_info); |
---|
900 | if (mic_len == 24) { |
---|
901 | key_data = (const u8 *) (key192 + 1); |
---|
902 | key_data_length = WPA_GET_BE16(key192->key_data_length); |
---|
903 | } else { |
---|
904 | key_data = (const u8 *) (key + 1); |
---|
905 | key_data_length = WPA_GET_BE16(key->key_data_length); |
---|
906 | } |
---|
907 | wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR |
---|
908 | " key_info=0x%x type=%u key_data_length=%u", |
---|
909 | MAC2STR(sm->addr), key_info, key->type, key_data_length); |
---|
910 | if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) { |
---|
911 | wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " |
---|
912 | "key_data overflow (%d > %lu)", |
---|
913 | key_data_length, |
---|
914 | (unsigned long) (data_len - sizeof(*hdr) - |
---|
915 | keyhdrlen)); |
---|
916 | return; |
---|
917 | } |
---|
918 | |
---|
919 | if (sm->wpa == WPA_VERSION_WPA2) { |
---|
920 | if (key->type == EAPOL_KEY_TYPE_WPA) { |
---|
921 | /* |
---|
922 | * Some deployed station implementations seem to send |
---|
923 | * msg 4/4 with incorrect type value in WPA2 mode. |
---|
924 | */ |
---|
925 | wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " |
---|
926 | "with unexpected WPA type in RSN mode"); |
---|
927 | } else if (key->type != EAPOL_KEY_TYPE_RSN) { |
---|
928 | wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " |
---|
929 | "unexpected type %d in RSN mode", |
---|
930 | key->type); |
---|
931 | return; |
---|
932 | } |
---|
933 | } else { |
---|
934 | if (key->type != EAPOL_KEY_TYPE_WPA) { |
---|
935 | wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " |
---|
936 | "unexpected type %d in WPA mode", |
---|
937 | key->type); |
---|
938 | return; |
---|
939 | } |
---|
940 | } |
---|
941 | |
---|
942 | wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce, |
---|
943 | WPA_NONCE_LEN); |
---|
944 | wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter", |
---|
945 | key->replay_counter, WPA_REPLAY_COUNTER_LEN); |
---|
946 | |
---|
947 | /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys |
---|
948 | * are set */ |
---|
949 | |
---|
950 | if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == |
---|
951 | (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { |
---|
952 | if (key_info & WPA_KEY_INFO_ERROR) { |
---|
953 | msg = SMK_ERROR; |
---|
954 | msgtxt = "SMK Error"; |
---|
955 | } else { |
---|
956 | msg = SMK_M1; |
---|
957 | msgtxt = "SMK M1"; |
---|
958 | } |
---|
959 | } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { |
---|
960 | msg = SMK_M3; |
---|
961 | msgtxt = "SMK M3"; |
---|
962 | } else if (key_info & WPA_KEY_INFO_REQUEST) { |
---|
963 | msg = REQUEST; |
---|
964 | msgtxt = "Request"; |
---|
965 | } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { |
---|
966 | msg = GROUP_2; |
---|
967 | msgtxt = "2/2 Group"; |
---|
968 | } else if (key_data_length == 0) { |
---|
969 | msg = PAIRWISE_4; |
---|
970 | msgtxt = "4/4 Pairwise"; |
---|
971 | } else { |
---|
972 | msg = PAIRWISE_2; |
---|
973 | msgtxt = "2/4 Pairwise"; |
---|
974 | } |
---|
975 | |
---|
976 | /* TODO: key_info type validation for PeerKey */ |
---|
977 | if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || |
---|
978 | msg == GROUP_2) { |
---|
979 | u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; |
---|
980 | if (sm->pairwise == WPA_CIPHER_CCMP || |
---|
981 | sm->pairwise == WPA_CIPHER_GCMP) { |
---|
982 | if (wpa_use_aes_cmac(sm) && |
---|
983 | sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN && |
---|
984 | !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && |
---|
985 | ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { |
---|
986 | wpa_auth_logger(wpa_auth, sm->addr, |
---|
987 | LOGGER_WARNING, |
---|
988 | "advertised support for " |
---|
989 | "AES-128-CMAC, but did not " |
---|
990 | "use it"); |
---|
991 | return; |
---|
992 | } |
---|
993 | |
---|
994 | if (!wpa_use_aes_cmac(sm) && |
---|
995 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { |
---|
996 | wpa_auth_logger(wpa_auth, sm->addr, |
---|
997 | LOGGER_WARNING, |
---|
998 | "did not use HMAC-SHA1-AES " |
---|
999 | "with CCMP/GCMP"); |
---|
1000 | return; |
---|
1001 | } |
---|
1002 | } |
---|
1003 | |
---|
1004 | if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && |
---|
1005 | ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { |
---|
1006 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, |
---|
1007 | "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases"); |
---|
1008 | return; |
---|
1009 | } |
---|
1010 | } |
---|
1011 | |
---|
1012 | if (key_info & WPA_KEY_INFO_REQUEST) { |
---|
1013 | if (sm->req_replay_counter_used && |
---|
1014 | os_memcmp(key->replay_counter, sm->req_replay_counter, |
---|
1015 | WPA_REPLAY_COUNTER_LEN) <= 0) { |
---|
1016 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, |
---|
1017 | "received EAPOL-Key request with " |
---|
1018 | "replayed counter"); |
---|
1019 | return; |
---|
1020 | } |
---|
1021 | } |
---|
1022 | |
---|
1023 | if (!(key_info & WPA_KEY_INFO_REQUEST) && |
---|
1024 | !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) { |
---|
1025 | int i; |
---|
1026 | |
---|
1027 | if (msg == PAIRWISE_2 && |
---|
1028 | wpa_replay_counter_valid(sm->prev_key_replay, |
---|
1029 | key->replay_counter) && |
---|
1030 | sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && |
---|
1031 | os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) |
---|
1032 | { |
---|
1033 | /* |
---|
1034 | * Some supplicant implementations (e.g., Windows XP |
---|
1035 | * WZC) update SNonce for each EAPOL-Key 2/4. This |
---|
1036 | * breaks the workaround on accepting any of the |
---|
1037 | * pending requests, so allow the SNonce to be updated |
---|
1038 | * even if we have already sent out EAPOL-Key 3/4. |
---|
1039 | */ |
---|
1040 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1041 | "Process SNonce update from STA " |
---|
1042 | "based on retransmitted EAPOL-Key " |
---|
1043 | "1/4"); |
---|
1044 | sm->update_snonce = 1; |
---|
1045 | os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN); |
---|
1046 | sm->alt_snonce_valid = TRUE; |
---|
1047 | os_memcpy(sm->alt_replay_counter, |
---|
1048 | sm->key_replay[0].counter, |
---|
1049 | WPA_REPLAY_COUNTER_LEN); |
---|
1050 | goto continue_processing; |
---|
1051 | } |
---|
1052 | |
---|
1053 | if (msg == PAIRWISE_4 && sm->alt_snonce_valid && |
---|
1054 | sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && |
---|
1055 | os_memcmp(key->replay_counter, sm->alt_replay_counter, |
---|
1056 | WPA_REPLAY_COUNTER_LEN) == 0) { |
---|
1057 | /* |
---|
1058 | * Supplicant may still be using the old SNonce since |
---|
1059 | * there was two EAPOL-Key 2/4 messages and they had |
---|
1060 | * different SNonce values. |
---|
1061 | */ |
---|
1062 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1063 | "Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4"); |
---|
1064 | goto continue_processing; |
---|
1065 | } |
---|
1066 | |
---|
1067 | if (msg == PAIRWISE_2 && |
---|
1068 | wpa_replay_counter_valid(sm->prev_key_replay, |
---|
1069 | key->replay_counter) && |
---|
1070 | sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) { |
---|
1071 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1072 | "ignore retransmitted EAPOL-Key %s - " |
---|
1073 | "SNonce did not change", msgtxt); |
---|
1074 | } else { |
---|
1075 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1076 | "received EAPOL-Key %s with " |
---|
1077 | "unexpected replay counter", msgtxt); |
---|
1078 | } |
---|
1079 | for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { |
---|
1080 | if (!sm->key_replay[i].valid) |
---|
1081 | break; |
---|
1082 | wpa_hexdump(MSG_DEBUG, "pending replay counter", |
---|
1083 | sm->key_replay[i].counter, |
---|
1084 | WPA_REPLAY_COUNTER_LEN); |
---|
1085 | } |
---|
1086 | wpa_hexdump(MSG_DEBUG, "received replay counter", |
---|
1087 | key->replay_counter, WPA_REPLAY_COUNTER_LEN); |
---|
1088 | return; |
---|
1089 | } |
---|
1090 | |
---|
1091 | continue_processing: |
---|
1092 | switch (msg) { |
---|
1093 | case PAIRWISE_2: |
---|
1094 | if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && |
---|
1095 | sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING && |
---|
1096 | (!sm->update_snonce || |
---|
1097 | sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) { |
---|
1098 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1099 | "received EAPOL-Key msg 2/4 in " |
---|
1100 | "invalid state (%d) - dropped", |
---|
1101 | sm->wpa_ptk_state); |
---|
1102 | return; |
---|
1103 | } |
---|
1104 | random_add_randomness(key->key_nonce, WPA_NONCE_LEN); |
---|
1105 | if (sm->group->reject_4way_hs_for_entropy) { |
---|
1106 | /* |
---|
1107 | * The system did not have enough entropy to generate |
---|
1108 | * strong random numbers. Reject the first 4-way |
---|
1109 | * handshake(s) and collect some entropy based on the |
---|
1110 | * information from it. Once enough entropy is |
---|
1111 | * available, the next atempt will trigger GMK/Key |
---|
1112 | * Counter update and the station will be allowed to |
---|
1113 | * continue. |
---|
1114 | */ |
---|
1115 | wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to " |
---|
1116 | "collect more entropy for random number " |
---|
1117 | "generation"); |
---|
1118 | random_mark_pool_ready(); |
---|
1119 | wpa_sta_disconnect(wpa_auth, sm->addr); |
---|
1120 | return; |
---|
1121 | } |
---|
1122 | if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) { |
---|
1123 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1124 | "received EAPOL-Key msg 2/4 with " |
---|
1125 | "invalid Key Data contents"); |
---|
1126 | return; |
---|
1127 | } |
---|
1128 | if (kde.rsn_ie) { |
---|
1129 | eapol_key_ie = kde.rsn_ie; |
---|
1130 | eapol_key_ie_len = kde.rsn_ie_len; |
---|
1131 | } else if (kde.osen) { |
---|
1132 | eapol_key_ie = kde.osen; |
---|
1133 | eapol_key_ie_len = kde.osen_len; |
---|
1134 | } else { |
---|
1135 | eapol_key_ie = kde.wpa_ie; |
---|
1136 | eapol_key_ie_len = kde.wpa_ie_len; |
---|
1137 | } |
---|
1138 | ft = sm->wpa == WPA_VERSION_WPA2 && |
---|
1139 | wpa_key_mgmt_ft(sm->wpa_key_mgmt); |
---|
1140 | if (sm->wpa_ie == NULL || |
---|
1141 | wpa_compare_rsn_ie(ft, |
---|
1142 | sm->wpa_ie, sm->wpa_ie_len, |
---|
1143 | eapol_key_ie, eapol_key_ie_len)) { |
---|
1144 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1145 | "WPA IE from (Re)AssocReq did not " |
---|
1146 | "match with msg 2/4"); |
---|
1147 | if (sm->wpa_ie) { |
---|
1148 | wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", |
---|
1149 | sm->wpa_ie, sm->wpa_ie_len); |
---|
1150 | } |
---|
1151 | wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", |
---|
1152 | eapol_key_ie, eapol_key_ie_len); |
---|
1153 | /* MLME-DEAUTHENTICATE.request */ |
---|
1154 | wpa_sta_disconnect(wpa_auth, sm->addr); |
---|
1155 | return; |
---|
1156 | } |
---|
1157 | #ifdef CONFIG_IEEE80211R |
---|
1158 | if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { |
---|
1159 | wpa_sta_disconnect(wpa_auth, sm->addr); |
---|
1160 | return; |
---|
1161 | } |
---|
1162 | #endif /* CONFIG_IEEE80211R */ |
---|
1163 | #ifdef CONFIG_P2P |
---|
1164 | if (kde.ip_addr_req && kde.ip_addr_req[0] && |
---|
1165 | wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) { |
---|
1166 | int idx; |
---|
1167 | wpa_printf(MSG_DEBUG, "P2P: IP address requested in " |
---|
1168 | "EAPOL-Key exchange"); |
---|
1169 | idx = bitfield_get_first_zero(wpa_auth->ip_pool); |
---|
1170 | if (idx >= 0) { |
---|
1171 | u32 start = WPA_GET_BE32(wpa_auth->conf. |
---|
1172 | ip_addr_start); |
---|
1173 | bitfield_set(wpa_auth->ip_pool, idx); |
---|
1174 | WPA_PUT_BE32(sm->ip_addr, start + idx); |
---|
1175 | wpa_printf(MSG_DEBUG, "P2P: Assigned IP " |
---|
1176 | "address %u.%u.%u.%u to " MACSTR, |
---|
1177 | sm->ip_addr[0], sm->ip_addr[1], |
---|
1178 | sm->ip_addr[2], sm->ip_addr[3], |
---|
1179 | MAC2STR(sm->addr)); |
---|
1180 | } |
---|
1181 | } |
---|
1182 | #endif /* CONFIG_P2P */ |
---|
1183 | break; |
---|
1184 | case PAIRWISE_4: |
---|
1185 | if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || |
---|
1186 | !sm->PTK_valid) { |
---|
1187 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1188 | "received EAPOL-Key msg 4/4 in " |
---|
1189 | "invalid state (%d) - dropped", |
---|
1190 | sm->wpa_ptk_state); |
---|
1191 | return; |
---|
1192 | } |
---|
1193 | break; |
---|
1194 | case GROUP_2: |
---|
1195 | if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING |
---|
1196 | || !sm->PTK_valid) { |
---|
1197 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1198 | "received EAPOL-Key msg 2/2 in " |
---|
1199 | "invalid state (%d) - dropped", |
---|
1200 | sm->wpa_ptk_group_state); |
---|
1201 | return; |
---|
1202 | } |
---|
1203 | break; |
---|
1204 | #ifdef CONFIG_PEERKEY |
---|
1205 | case SMK_M1: |
---|
1206 | case SMK_M3: |
---|
1207 | case SMK_ERROR: |
---|
1208 | if (!wpa_auth->conf.peerkey) { |
---|
1209 | wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " |
---|
1210 | "PeerKey use disabled - ignoring message"); |
---|
1211 | return; |
---|
1212 | } |
---|
1213 | if (!sm->PTK_valid) { |
---|
1214 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1215 | "received EAPOL-Key msg SMK in " |
---|
1216 | "invalid state - dropped"); |
---|
1217 | return; |
---|
1218 | } |
---|
1219 | break; |
---|
1220 | #else /* CONFIG_PEERKEY */ |
---|
1221 | case SMK_M1: |
---|
1222 | case SMK_M3: |
---|
1223 | case SMK_ERROR: |
---|
1224 | return; /* STSL disabled - ignore SMK messages */ |
---|
1225 | #endif /* CONFIG_PEERKEY */ |
---|
1226 | case REQUEST: |
---|
1227 | break; |
---|
1228 | } |
---|
1229 | |
---|
1230 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1231 | "received EAPOL-Key frame (%s)", msgtxt); |
---|
1232 | |
---|
1233 | if (key_info & WPA_KEY_INFO_ACK) { |
---|
1234 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1235 | "received invalid EAPOL-Key: Key Ack set"); |
---|
1236 | return; |
---|
1237 | } |
---|
1238 | |
---|
1239 | if (!(key_info & WPA_KEY_INFO_MIC)) { |
---|
1240 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1241 | "received invalid EAPOL-Key: Key MIC not set"); |
---|
1242 | return; |
---|
1243 | } |
---|
1244 | |
---|
1245 | sm->MICVerified = FALSE; |
---|
1246 | if (sm->PTK_valid && !sm->update_snonce) { |
---|
1247 | if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data, |
---|
1248 | data_len) && |
---|
1249 | (msg != PAIRWISE_4 || !sm->alt_snonce_valid || |
---|
1250 | wpa_try_alt_snonce(sm, data, data_len))) { |
---|
1251 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1252 | "received EAPOL-Key with invalid MIC"); |
---|
1253 | return; |
---|
1254 | } |
---|
1255 | sm->MICVerified = TRUE; |
---|
1256 | eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); |
---|
1257 | sm->pending_1_of_4_timeout = 0; |
---|
1258 | } |
---|
1259 | |
---|
1260 | if (key_info & WPA_KEY_INFO_REQUEST) { |
---|
1261 | if (sm->MICVerified) { |
---|
1262 | sm->req_replay_counter_used = 1; |
---|
1263 | os_memcpy(sm->req_replay_counter, key->replay_counter, |
---|
1264 | WPA_REPLAY_COUNTER_LEN); |
---|
1265 | } else { |
---|
1266 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1267 | "received EAPOL-Key request with " |
---|
1268 | "invalid MIC"); |
---|
1269 | return; |
---|
1270 | } |
---|
1271 | |
---|
1272 | /* |
---|
1273 | * TODO: should decrypt key data field if encryption was used; |
---|
1274 | * even though MAC address KDE is not normally encrypted, |
---|
1275 | * supplicant is allowed to encrypt it. |
---|
1276 | */ |
---|
1277 | if (msg == SMK_ERROR) { |
---|
1278 | #ifdef CONFIG_PEERKEY |
---|
1279 | wpa_smk_error(wpa_auth, sm, key_data, key_data_length); |
---|
1280 | #endif /* CONFIG_PEERKEY */ |
---|
1281 | return; |
---|
1282 | } else if (key_info & WPA_KEY_INFO_ERROR) { |
---|
1283 | if (wpa_receive_error_report( |
---|
1284 | wpa_auth, sm, |
---|
1285 | !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0) |
---|
1286 | return; /* STA entry was removed */ |
---|
1287 | } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { |
---|
1288 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1289 | "received EAPOL-Key Request for new " |
---|
1290 | "4-Way Handshake"); |
---|
1291 | wpa_request_new_ptk(sm); |
---|
1292 | #ifdef CONFIG_PEERKEY |
---|
1293 | } else if (msg == SMK_M1) { |
---|
1294 | wpa_smk_m1(wpa_auth, sm, key, key_data, |
---|
1295 | key_data_length); |
---|
1296 | #endif /* CONFIG_PEERKEY */ |
---|
1297 | } else if (key_data_length > 0 && |
---|
1298 | wpa_parse_kde_ies(key_data, key_data_length, |
---|
1299 | &kde) == 0 && |
---|
1300 | kde.mac_addr) { |
---|
1301 | } else { |
---|
1302 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1303 | "received EAPOL-Key Request for GTK " |
---|
1304 | "rekeying"); |
---|
1305 | eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); |
---|
1306 | wpa_rekey_gtk(wpa_auth, NULL); |
---|
1307 | } |
---|
1308 | } else { |
---|
1309 | /* Do not allow the same key replay counter to be reused. */ |
---|
1310 | wpa_replay_counter_mark_invalid(sm->key_replay, |
---|
1311 | key->replay_counter); |
---|
1312 | |
---|
1313 | if (msg == PAIRWISE_2) { |
---|
1314 | /* |
---|
1315 | * Maintain a copy of the pending EAPOL-Key frames in |
---|
1316 | * case the EAPOL-Key frame was retransmitted. This is |
---|
1317 | * needed to allow EAPOL-Key msg 2/4 reply to another |
---|
1318 | * pending msg 1/4 to update the SNonce to work around |
---|
1319 | * unexpected supplicant behavior. |
---|
1320 | */ |
---|
1321 | os_memcpy(sm->prev_key_replay, sm->key_replay, |
---|
1322 | sizeof(sm->key_replay)); |
---|
1323 | } else { |
---|
1324 | os_memset(sm->prev_key_replay, 0, |
---|
1325 | sizeof(sm->prev_key_replay)); |
---|
1326 | } |
---|
1327 | |
---|
1328 | /* |
---|
1329 | * Make sure old valid counters are not accepted anymore and |
---|
1330 | * do not get copied again. |
---|
1331 | */ |
---|
1332 | wpa_replay_counter_mark_invalid(sm->key_replay, NULL); |
---|
1333 | } |
---|
1334 | |
---|
1335 | #ifdef CONFIG_PEERKEY |
---|
1336 | if (msg == SMK_M3) { |
---|
1337 | wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length); |
---|
1338 | return; |
---|
1339 | } |
---|
1340 | #endif /* CONFIG_PEERKEY */ |
---|
1341 | |
---|
1342 | os_free(sm->last_rx_eapol_key); |
---|
1343 | sm->last_rx_eapol_key = os_malloc(data_len); |
---|
1344 | if (sm->last_rx_eapol_key == NULL) |
---|
1345 | return; |
---|
1346 | os_memcpy(sm->last_rx_eapol_key, data, data_len); |
---|
1347 | sm->last_rx_eapol_key_len = data_len; |
---|
1348 | |
---|
1349 | sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE); |
---|
1350 | sm->EAPOLKeyReceived = TRUE; |
---|
1351 | sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); |
---|
1352 | sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); |
---|
1353 | os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); |
---|
1354 | wpa_sm_step(sm); |
---|
1355 | } |
---|
1356 | |
---|
1357 | |
---|
1358 | static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, |
---|
1359 | const u8 *gnonce, u8 *gtk, size_t gtk_len) |
---|
1360 | { |
---|
1361 | u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16]; |
---|
1362 | u8 *pos; |
---|
1363 | int ret = 0; |
---|
1364 | |
---|
1365 | /* GTK = PRF-X(GMK, "Group key expansion", |
---|
1366 | * AA || GNonce || Time || random data) |
---|
1367 | * The example described in the IEEE 802.11 standard uses only AA and |
---|
1368 | * GNonce as inputs here. Add some more entropy since this derivation |
---|
1369 | * is done only at the Authenticator and as such, does not need to be |
---|
1370 | * exactly same. |
---|
1371 | */ |
---|
1372 | os_memcpy(data, addr, ETH_ALEN); |
---|
1373 | os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); |
---|
1374 | pos = data + ETH_ALEN + WPA_NONCE_LEN; |
---|
1375 | wpa_get_ntp_timestamp(pos); |
---|
1376 | pos += 8; |
---|
1377 | if (random_get_bytes(pos, 16) < 0) |
---|
1378 | ret = -1; |
---|
1379 | |
---|
1380 | #ifdef CONFIG_IEEE80211W |
---|
1381 | sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len); |
---|
1382 | #else /* CONFIG_IEEE80211W */ |
---|
1383 | if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) |
---|
1384 | < 0) |
---|
1385 | ret = -1; |
---|
1386 | #endif /* CONFIG_IEEE80211W */ |
---|
1387 | |
---|
1388 | return ret; |
---|
1389 | } |
---|
1390 | |
---|
1391 | |
---|
1392 | static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) |
---|
1393 | { |
---|
1394 | struct wpa_authenticator *wpa_auth = eloop_ctx; |
---|
1395 | struct wpa_state_machine *sm = timeout_ctx; |
---|
1396 | |
---|
1397 | sm->pending_1_of_4_timeout = 0; |
---|
1398 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); |
---|
1399 | sm->TimeoutEvt = TRUE; |
---|
1400 | wpa_sm_step(sm); |
---|
1401 | } |
---|
1402 | |
---|
1403 | |
---|
1404 | void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, |
---|
1405 | struct wpa_state_machine *sm, int key_info, |
---|
1406 | const u8 *key_rsc, const u8 *nonce, |
---|
1407 | const u8 *kde, size_t kde_len, |
---|
1408 | int keyidx, int encr, int force_version) |
---|
1409 | { |
---|
1410 | struct ieee802_1x_hdr *hdr; |
---|
1411 | struct wpa_eapol_key *key; |
---|
1412 | struct wpa_eapol_key_192 *key192; |
---|
1413 | size_t len, mic_len, keyhdrlen; |
---|
1414 | int alg; |
---|
1415 | int key_data_len, pad_len = 0; |
---|
1416 | u8 *buf, *pos; |
---|
1417 | int version, pairwise; |
---|
1418 | int i; |
---|
1419 | u8 *key_data; |
---|
1420 | |
---|
1421 | mic_len = wpa_mic_len(sm->wpa_key_mgmt); |
---|
1422 | keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); |
---|
1423 | |
---|
1424 | len = sizeof(struct ieee802_1x_hdr) + keyhdrlen; |
---|
1425 | |
---|
1426 | if (force_version) |
---|
1427 | version = force_version; |
---|
1428 | else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || |
---|
1429 | wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) |
---|
1430 | version = WPA_KEY_INFO_TYPE_AKM_DEFINED; |
---|
1431 | else if (wpa_use_aes_cmac(sm)) |
---|
1432 | version = WPA_KEY_INFO_TYPE_AES_128_CMAC; |
---|
1433 | else if (sm->pairwise != WPA_CIPHER_TKIP) |
---|
1434 | version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; |
---|
1435 | else |
---|
1436 | version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; |
---|
1437 | |
---|
1438 | pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); |
---|
1439 | |
---|
1440 | wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " |
---|
1441 | "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " |
---|
1442 | "encr=%d)", |
---|
1443 | version, |
---|
1444 | (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, |
---|
1445 | (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, |
---|
1446 | (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, |
---|
1447 | (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, |
---|
1448 | pairwise, (unsigned long) kde_len, keyidx, encr); |
---|
1449 | |
---|
1450 | key_data_len = kde_len; |
---|
1451 | |
---|
1452 | if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || |
---|
1453 | sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || |
---|
1454 | wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || |
---|
1455 | version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) { |
---|
1456 | pad_len = key_data_len % 8; |
---|
1457 | if (pad_len) |
---|
1458 | pad_len = 8 - pad_len; |
---|
1459 | key_data_len += pad_len + 8; |
---|
1460 | } |
---|
1461 | |
---|
1462 | len += key_data_len; |
---|
1463 | |
---|
1464 | hdr = os_zalloc(len); |
---|
1465 | if (hdr == NULL) |
---|
1466 | return; |
---|
1467 | hdr->version = wpa_auth->conf.eapol_version; |
---|
1468 | hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; |
---|
1469 | hdr->length = host_to_be16(len - sizeof(*hdr)); |
---|
1470 | key = (struct wpa_eapol_key *) (hdr + 1); |
---|
1471 | key192 = (struct wpa_eapol_key_192 *) (hdr + 1); |
---|
1472 | key_data = ((u8 *) (hdr + 1)) + keyhdrlen; |
---|
1473 | |
---|
1474 | key->type = sm->wpa == WPA_VERSION_WPA2 ? |
---|
1475 | EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; |
---|
1476 | key_info |= version; |
---|
1477 | if (encr && sm->wpa == WPA_VERSION_WPA2) |
---|
1478 | key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; |
---|
1479 | if (sm->wpa != WPA_VERSION_WPA2) |
---|
1480 | key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; |
---|
1481 | WPA_PUT_BE16(key->key_info, key_info); |
---|
1482 | |
---|
1483 | alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; |
---|
1484 | WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg)); |
---|
1485 | if (key_info & WPA_KEY_INFO_SMK_MESSAGE) |
---|
1486 | WPA_PUT_BE16(key->key_length, 0); |
---|
1487 | |
---|
1488 | /* FIX: STSL: what to use as key_replay_counter? */ |
---|
1489 | for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { |
---|
1490 | sm->key_replay[i].valid = sm->key_replay[i - 1].valid; |
---|
1491 | os_memcpy(sm->key_replay[i].counter, |
---|
1492 | sm->key_replay[i - 1].counter, |
---|
1493 | WPA_REPLAY_COUNTER_LEN); |
---|
1494 | } |
---|
1495 | inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); |
---|
1496 | os_memcpy(key->replay_counter, sm->key_replay[0].counter, |
---|
1497 | WPA_REPLAY_COUNTER_LEN); |
---|
1498 | wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", |
---|
1499 | key->replay_counter, WPA_REPLAY_COUNTER_LEN); |
---|
1500 | sm->key_replay[0].valid = TRUE; |
---|
1501 | |
---|
1502 | if (nonce) |
---|
1503 | os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); |
---|
1504 | |
---|
1505 | if (key_rsc) |
---|
1506 | os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); |
---|
1507 | |
---|
1508 | if (kde && !encr) { |
---|
1509 | os_memcpy(key_data, kde, kde_len); |
---|
1510 | if (mic_len == 24) |
---|
1511 | WPA_PUT_BE16(key192->key_data_length, kde_len); |
---|
1512 | else |
---|
1513 | WPA_PUT_BE16(key->key_data_length, kde_len); |
---|
1514 | } else if (encr && kde) { |
---|
1515 | buf = os_zalloc(key_data_len); |
---|
1516 | if (buf == NULL) { |
---|
1517 | os_free(hdr); |
---|
1518 | return; |
---|
1519 | } |
---|
1520 | pos = buf; |
---|
1521 | os_memcpy(pos, kde, kde_len); |
---|
1522 | pos += kde_len; |
---|
1523 | |
---|
1524 | if (pad_len) |
---|
1525 | *pos++ = 0xdd; |
---|
1526 | |
---|
1527 | wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", |
---|
1528 | buf, key_data_len); |
---|
1529 | if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || |
---|
1530 | sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN || |
---|
1531 | wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) || |
---|
1532 | version == WPA_KEY_INFO_TYPE_AES_128_CMAC) { |
---|
1533 | if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, |
---|
1534 | (key_data_len - 8) / 8, buf, key_data)) { |
---|
1535 | os_free(hdr); |
---|
1536 | os_free(buf); |
---|
1537 | return; |
---|
1538 | } |
---|
1539 | if (mic_len == 24) |
---|
1540 | WPA_PUT_BE16(key192->key_data_length, |
---|
1541 | key_data_len); |
---|
1542 | else |
---|
1543 | WPA_PUT_BE16(key->key_data_length, |
---|
1544 | key_data_len); |
---|
1545 | #ifndef CONFIG_NO_RC4 |
---|
1546 | } else if (sm->PTK.kek_len == 16) { |
---|
1547 | u8 ek[32]; |
---|
1548 | os_memcpy(key->key_iv, |
---|
1549 | sm->group->Counter + WPA_NONCE_LEN - 16, 16); |
---|
1550 | inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); |
---|
1551 | os_memcpy(ek, key->key_iv, 16); |
---|
1552 | os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len); |
---|
1553 | os_memcpy(key_data, buf, key_data_len); |
---|
1554 | rc4_skip(ek, 32, 256, key_data, key_data_len); |
---|
1555 | if (mic_len == 24) |
---|
1556 | WPA_PUT_BE16(key192->key_data_length, |
---|
1557 | key_data_len); |
---|
1558 | else |
---|
1559 | WPA_PUT_BE16(key->key_data_length, |
---|
1560 | key_data_len); |
---|
1561 | #endif /* CONFIG_NO_RC4 */ |
---|
1562 | } else { |
---|
1563 | os_free(hdr); |
---|
1564 | os_free(buf); |
---|
1565 | return; |
---|
1566 | } |
---|
1567 | os_free(buf); |
---|
1568 | } |
---|
1569 | |
---|
1570 | if (key_info & WPA_KEY_INFO_MIC) { |
---|
1571 | u8 *key_mic; |
---|
1572 | |
---|
1573 | if (!sm->PTK_valid) { |
---|
1574 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1575 | "PTK not valid when sending EAPOL-Key " |
---|
1576 | "frame"); |
---|
1577 | os_free(hdr); |
---|
1578 | return; |
---|
1579 | } |
---|
1580 | |
---|
1581 | key_mic = key192->key_mic; /* same offset for key and key192 */ |
---|
1582 | wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len, |
---|
1583 | sm->wpa_key_mgmt, version, |
---|
1584 | (u8 *) hdr, len, key_mic); |
---|
1585 | #ifdef CONFIG_TESTING_OPTIONS |
---|
1586 | if (!pairwise && |
---|
1587 | wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 && |
---|
1588 | drand48() < |
---|
1589 | wpa_auth->conf.corrupt_gtk_rekey_mic_probability) { |
---|
1590 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, |
---|
1591 | "Corrupting group EAPOL-Key Key MIC"); |
---|
1592 | key_mic[0]++; |
---|
1593 | } |
---|
1594 | #endif /* CONFIG_TESTING_OPTIONS */ |
---|
1595 | } |
---|
1596 | |
---|
1597 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, |
---|
1598 | 1); |
---|
1599 | wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, |
---|
1600 | sm->pairwise_set); |
---|
1601 | os_free(hdr); |
---|
1602 | } |
---|
1603 | |
---|
1604 | |
---|
1605 | static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, |
---|
1606 | struct wpa_state_machine *sm, int key_info, |
---|
1607 | const u8 *key_rsc, const u8 *nonce, |
---|
1608 | const u8 *kde, size_t kde_len, |
---|
1609 | int keyidx, int encr) |
---|
1610 | { |
---|
1611 | int timeout_ms; |
---|
1612 | int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; |
---|
1613 | int ctr; |
---|
1614 | |
---|
1615 | if (sm == NULL) |
---|
1616 | return; |
---|
1617 | |
---|
1618 | __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, |
---|
1619 | keyidx, encr, 0); |
---|
1620 | |
---|
1621 | ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; |
---|
1622 | if (ctr == 1 && wpa_auth->conf.tx_status) |
---|
1623 | timeout_ms = pairwise ? eapol_key_timeout_first : |
---|
1624 | eapol_key_timeout_first_group; |
---|
1625 | else |
---|
1626 | timeout_ms = eapol_key_timeout_subseq; |
---|
1627 | if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC)) |
---|
1628 | sm->pending_1_of_4_timeout = 1; |
---|
1629 | wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry " |
---|
1630 | "counter %d)", timeout_ms, ctr); |
---|
1631 | eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, |
---|
1632 | wpa_send_eapol_timeout, wpa_auth, sm); |
---|
1633 | } |
---|
1634 | |
---|
1635 | |
---|
1636 | static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, |
---|
1637 | size_t data_len) |
---|
1638 | { |
---|
1639 | struct ieee802_1x_hdr *hdr; |
---|
1640 | struct wpa_eapol_key *key; |
---|
1641 | struct wpa_eapol_key_192 *key192; |
---|
1642 | u16 key_info; |
---|
1643 | int ret = 0; |
---|
1644 | u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; |
---|
1645 | size_t mic_len = wpa_mic_len(akmp); |
---|
1646 | |
---|
1647 | if (data_len < sizeof(*hdr) + sizeof(*key)) |
---|
1648 | return -1; |
---|
1649 | |
---|
1650 | hdr = (struct ieee802_1x_hdr *) data; |
---|
1651 | key = (struct wpa_eapol_key *) (hdr + 1); |
---|
1652 | key192 = (struct wpa_eapol_key_192 *) (hdr + 1); |
---|
1653 | key_info = WPA_GET_BE16(key->key_info); |
---|
1654 | os_memcpy(mic, key192->key_mic, mic_len); |
---|
1655 | os_memset(key192->key_mic, 0, mic_len); |
---|
1656 | if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp, |
---|
1657 | key_info & WPA_KEY_INFO_TYPE_MASK, |
---|
1658 | data, data_len, key192->key_mic) || |
---|
1659 | os_memcmp_const(mic, key192->key_mic, mic_len) != 0) |
---|
1660 | ret = -1; |
---|
1661 | os_memcpy(key192->key_mic, mic, mic_len); |
---|
1662 | return ret; |
---|
1663 | } |
---|
1664 | |
---|
1665 | |
---|
1666 | void wpa_remove_ptk(struct wpa_state_machine *sm) |
---|
1667 | { |
---|
1668 | sm->PTK_valid = FALSE; |
---|
1669 | os_memset(&sm->PTK, 0, sizeof(sm->PTK)); |
---|
1670 | wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0); |
---|
1671 | sm->pairwise_set = FALSE; |
---|
1672 | eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); |
---|
1673 | } |
---|
1674 | |
---|
1675 | |
---|
1676 | int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) |
---|
1677 | { |
---|
1678 | int remove_ptk = 1; |
---|
1679 | |
---|
1680 | if (sm == NULL) |
---|
1681 | return -1; |
---|
1682 | |
---|
1683 | wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1684 | "event %d notification", event); |
---|
1685 | |
---|
1686 | switch (event) { |
---|
1687 | case WPA_AUTH: |
---|
1688 | #ifdef CONFIG_MESH |
---|
1689 | /* PTKs are derived through AMPE */ |
---|
1690 | if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) { |
---|
1691 | /* not mesh */ |
---|
1692 | break; |
---|
1693 | } |
---|
1694 | return 0; |
---|
1695 | #endif /* CONFIG_MESH */ |
---|
1696 | case WPA_ASSOC: |
---|
1697 | break; |
---|
1698 | case WPA_DEAUTH: |
---|
1699 | case WPA_DISASSOC: |
---|
1700 | sm->DeauthenticationRequest = TRUE; |
---|
1701 | break; |
---|
1702 | case WPA_REAUTH: |
---|
1703 | case WPA_REAUTH_EAPOL: |
---|
1704 | if (!sm->started) { |
---|
1705 | /* |
---|
1706 | * When using WPS, we may end up here if the STA |
---|
1707 | * manages to re-associate without the previous STA |
---|
1708 | * entry getting removed. Consequently, we need to make |
---|
1709 | * sure that the WPA state machines gets initialized |
---|
1710 | * properly at this point. |
---|
1711 | */ |
---|
1712 | wpa_printf(MSG_DEBUG, "WPA state machine had not been " |
---|
1713 | "started - initialize now"); |
---|
1714 | sm->started = 1; |
---|
1715 | sm->Init = TRUE; |
---|
1716 | if (wpa_sm_step(sm) == 1) |
---|
1717 | return 1; /* should not really happen */ |
---|
1718 | sm->Init = FALSE; |
---|
1719 | sm->AuthenticationRequest = TRUE; |
---|
1720 | break; |
---|
1721 | } |
---|
1722 | if (sm->GUpdateStationKeys) { |
---|
1723 | /* |
---|
1724 | * Reauthentication cancels the pending group key |
---|
1725 | * update for this STA. |
---|
1726 | */ |
---|
1727 | sm->group->GKeyDoneStations--; |
---|
1728 | sm->GUpdateStationKeys = FALSE; |
---|
1729 | sm->PtkGroupInit = TRUE; |
---|
1730 | } |
---|
1731 | sm->ReAuthenticationRequest = TRUE; |
---|
1732 | break; |
---|
1733 | case WPA_ASSOC_FT: |
---|
1734 | #ifdef CONFIG_IEEE80211R |
---|
1735 | wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " |
---|
1736 | "after association"); |
---|
1737 | wpa_ft_install_ptk(sm); |
---|
1738 | |
---|
1739 | /* Using FT protocol, not WPA auth state machine */ |
---|
1740 | sm->ft_completed = 1; |
---|
1741 | return 0; |
---|
1742 | #else /* CONFIG_IEEE80211R */ |
---|
1743 | break; |
---|
1744 | #endif /* CONFIG_IEEE80211R */ |
---|
1745 | } |
---|
1746 | |
---|
1747 | #ifdef CONFIG_IEEE80211R |
---|
1748 | sm->ft_completed = 0; |
---|
1749 | #endif /* CONFIG_IEEE80211R */ |
---|
1750 | |
---|
1751 | #ifdef CONFIG_IEEE80211W |
---|
1752 | if (sm->mgmt_frame_prot && event == WPA_AUTH) |
---|
1753 | remove_ptk = 0; |
---|
1754 | #endif /* CONFIG_IEEE80211W */ |
---|
1755 | |
---|
1756 | if (remove_ptk) { |
---|
1757 | sm->PTK_valid = FALSE; |
---|
1758 | os_memset(&sm->PTK, 0, sizeof(sm->PTK)); |
---|
1759 | |
---|
1760 | if (event != WPA_REAUTH_EAPOL) |
---|
1761 | wpa_remove_ptk(sm); |
---|
1762 | } |
---|
1763 | |
---|
1764 | if (sm->in_step_loop) { |
---|
1765 | /* |
---|
1766 | * wpa_sm_step() is already running - avoid recursive call to |
---|
1767 | * it by making the existing loop process the new update. |
---|
1768 | */ |
---|
1769 | sm->changed = TRUE; |
---|
1770 | return 0; |
---|
1771 | } |
---|
1772 | return wpa_sm_step(sm); |
---|
1773 | } |
---|
1774 | |
---|
1775 | |
---|
1776 | SM_STATE(WPA_PTK, INITIALIZE) |
---|
1777 | { |
---|
1778 | SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); |
---|
1779 | if (sm->Init) { |
---|
1780 | /* Init flag is not cleared here, so avoid busy |
---|
1781 | * loop by claiming nothing changed. */ |
---|
1782 | sm->changed = FALSE; |
---|
1783 | } |
---|
1784 | |
---|
1785 | sm->keycount = 0; |
---|
1786 | if (sm->GUpdateStationKeys) |
---|
1787 | sm->group->GKeyDoneStations--; |
---|
1788 | sm->GUpdateStationKeys = FALSE; |
---|
1789 | if (sm->wpa == WPA_VERSION_WPA) |
---|
1790 | sm->PInitAKeys = FALSE; |
---|
1791 | if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and |
---|
1792 | * Local AA > Remote AA)) */) { |
---|
1793 | sm->Pair = TRUE; |
---|
1794 | } |
---|
1795 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); |
---|
1796 | wpa_remove_ptk(sm); |
---|
1797 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); |
---|
1798 | sm->TimeoutCtr = 0; |
---|
1799 | if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { |
---|
1800 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, |
---|
1801 | WPA_EAPOL_authorized, 0); |
---|
1802 | } |
---|
1803 | } |
---|
1804 | |
---|
1805 | |
---|
1806 | SM_STATE(WPA_PTK, DISCONNECT) |
---|
1807 | { |
---|
1808 | SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); |
---|
1809 | sm->Disconnect = FALSE; |
---|
1810 | wpa_sta_disconnect(sm->wpa_auth, sm->addr); |
---|
1811 | } |
---|
1812 | |
---|
1813 | |
---|
1814 | SM_STATE(WPA_PTK, DISCONNECTED) |
---|
1815 | { |
---|
1816 | SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); |
---|
1817 | sm->DeauthenticationRequest = FALSE; |
---|
1818 | } |
---|
1819 | |
---|
1820 | |
---|
1821 | SM_STATE(WPA_PTK, AUTHENTICATION) |
---|
1822 | { |
---|
1823 | SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); |
---|
1824 | os_memset(&sm->PTK, 0, sizeof(sm->PTK)); |
---|
1825 | sm->PTK_valid = FALSE; |
---|
1826 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, |
---|
1827 | 1); |
---|
1828 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); |
---|
1829 | sm->AuthenticationRequest = FALSE; |
---|
1830 | } |
---|
1831 | |
---|
1832 | |
---|
1833 | static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth, |
---|
1834 | struct wpa_group *group) |
---|
1835 | { |
---|
1836 | if (group->first_sta_seen) |
---|
1837 | return; |
---|
1838 | /* |
---|
1839 | * System has run bit further than at the time hostapd was started |
---|
1840 | * potentially very early during boot up. This provides better chances |
---|
1841 | * of collecting more randomness on embedded systems. Re-initialize the |
---|
1842 | * GMK and Counter here to improve their strength if there was not |
---|
1843 | * enough entropy available immediately after system startup. |
---|
1844 | */ |
---|
1845 | wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first " |
---|
1846 | "station"); |
---|
1847 | if (random_pool_ready() != 1) { |
---|
1848 | wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " |
---|
1849 | "to proceed - reject first 4-way handshake"); |
---|
1850 | group->reject_4way_hs_for_entropy = TRUE; |
---|
1851 | } else { |
---|
1852 | group->first_sta_seen = TRUE; |
---|
1853 | group->reject_4way_hs_for_entropy = FALSE; |
---|
1854 | } |
---|
1855 | |
---|
1856 | if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 || |
---|
1857 | wpa_gtk_update(wpa_auth, group) < 0 || |
---|
1858 | wpa_group_config_group_keys(wpa_auth, group) < 0) { |
---|
1859 | wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed"); |
---|
1860 | group->first_sta_seen = FALSE; |
---|
1861 | group->reject_4way_hs_for_entropy = TRUE; |
---|
1862 | } |
---|
1863 | } |
---|
1864 | |
---|
1865 | |
---|
1866 | SM_STATE(WPA_PTK, AUTHENTICATION2) |
---|
1867 | { |
---|
1868 | SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); |
---|
1869 | |
---|
1870 | wpa_group_ensure_init(sm->wpa_auth, sm->group); |
---|
1871 | sm->ReAuthenticationRequest = FALSE; |
---|
1872 | |
---|
1873 | /* |
---|
1874 | * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat |
---|
1875 | * ambiguous. The Authenticator state machine uses a counter that is |
---|
1876 | * incremented by one for each 4-way handshake. However, the security |
---|
1877 | * analysis of 4-way handshake points out that unpredictable nonces |
---|
1878 | * help in preventing precomputation attacks. Instead of the state |
---|
1879 | * machine definition, use an unpredictable nonce value here to provide |
---|
1880 | * stronger protection against potential precomputation attacks. |
---|
1881 | */ |
---|
1882 | if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { |
---|
1883 | wpa_printf(MSG_ERROR, "WPA: Failed to get random data for " |
---|
1884 | "ANonce."); |
---|
1885 | sm->Disconnect = TRUE; |
---|
1886 | return; |
---|
1887 | } |
---|
1888 | wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, |
---|
1889 | WPA_NONCE_LEN); |
---|
1890 | /* IEEE 802.11i does not clear TimeoutCtr here, but this is more |
---|
1891 | * logical place than INITIALIZE since AUTHENTICATION2 can be |
---|
1892 | * re-entered on ReAuthenticationRequest without going through |
---|
1893 | * INITIALIZE. */ |
---|
1894 | sm->TimeoutCtr = 0; |
---|
1895 | } |
---|
1896 | |
---|
1897 | |
---|
1898 | SM_STATE(WPA_PTK, INITPMK) |
---|
1899 | { |
---|
1900 | u8 msk[2 * PMK_LEN]; |
---|
1901 | size_t len = 2 * PMK_LEN; |
---|
1902 | |
---|
1903 | SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); |
---|
1904 | #ifdef CONFIG_IEEE80211R |
---|
1905 | sm->xxkey_len = 0; |
---|
1906 | #endif /* CONFIG_IEEE80211R */ |
---|
1907 | if (sm->pmksa) { |
---|
1908 | wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); |
---|
1909 | os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN); |
---|
1910 | } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { |
---|
1911 | wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " |
---|
1912 | "(len=%lu)", (unsigned long) len); |
---|
1913 | os_memcpy(sm->PMK, msk, PMK_LEN); |
---|
1914 | #ifdef CONFIG_IEEE80211R |
---|
1915 | if (len >= 2 * PMK_LEN) { |
---|
1916 | os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); |
---|
1917 | sm->xxkey_len = PMK_LEN; |
---|
1918 | } |
---|
1919 | #endif /* CONFIG_IEEE80211R */ |
---|
1920 | } else { |
---|
1921 | wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p", |
---|
1922 | sm->wpa_auth->cb.get_msk); |
---|
1923 | sm->Disconnect = TRUE; |
---|
1924 | return; |
---|
1925 | } |
---|
1926 | os_memset(msk, 0, sizeof(msk)); |
---|
1927 | |
---|
1928 | sm->req_replay_counter_used = 0; |
---|
1929 | /* IEEE 802.11i does not set keyRun to FALSE, but not doing this |
---|
1930 | * will break reauthentication since EAPOL state machines may not be |
---|
1931 | * get into AUTHENTICATING state that clears keyRun before WPA state |
---|
1932 | * machine enters AUTHENTICATION2 state and goes immediately to INITPMK |
---|
1933 | * state and takes PMK from the previously used AAA Key. This will |
---|
1934 | * eventually fail in 4-Way Handshake because Supplicant uses PMK |
---|
1935 | * derived from the new AAA Key. Setting keyRun = FALSE here seems to |
---|
1936 | * be good workaround for this issue. */ |
---|
1937 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); |
---|
1938 | } |
---|
1939 | |
---|
1940 | |
---|
1941 | SM_STATE(WPA_PTK, INITPSK) |
---|
1942 | { |
---|
1943 | const u8 *psk; |
---|
1944 | SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); |
---|
1945 | psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL); |
---|
1946 | if (psk) { |
---|
1947 | os_memcpy(sm->PMK, psk, PMK_LEN); |
---|
1948 | #ifdef CONFIG_IEEE80211R |
---|
1949 | os_memcpy(sm->xxkey, psk, PMK_LEN); |
---|
1950 | sm->xxkey_len = PMK_LEN; |
---|
1951 | #endif /* CONFIG_IEEE80211R */ |
---|
1952 | } |
---|
1953 | sm->req_replay_counter_used = 0; |
---|
1954 | } |
---|
1955 | |
---|
1956 | |
---|
1957 | SM_STATE(WPA_PTK, PTKSTART) |
---|
1958 | { |
---|
1959 | u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; |
---|
1960 | size_t pmkid_len = 0; |
---|
1961 | |
---|
1962 | SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); |
---|
1963 | sm->PTKRequest = FALSE; |
---|
1964 | sm->TimeoutEvt = FALSE; |
---|
1965 | sm->alt_snonce_valid = FALSE; |
---|
1966 | |
---|
1967 | sm->TimeoutCtr++; |
---|
1968 | if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { |
---|
1969 | /* No point in sending the EAPOL-Key - we will disconnect |
---|
1970 | * immediately following this. */ |
---|
1971 | return; |
---|
1972 | } |
---|
1973 | |
---|
1974 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
1975 | "sending 1/4 msg of 4-Way Handshake"); |
---|
1976 | /* |
---|
1977 | * TODO: Could add PMKID even with WPA2-PSK, but only if there is only |
---|
1978 | * one possible PSK for this STA. |
---|
1979 | */ |
---|
1980 | if (sm->wpa == WPA_VERSION_WPA2 && |
---|
1981 | wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && |
---|
1982 | sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) { |
---|
1983 | pmkid = buf; |
---|
1984 | pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; |
---|
1985 | pmkid[0] = WLAN_EID_VENDOR_SPECIFIC; |
---|
1986 | pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; |
---|
1987 | RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID); |
---|
1988 | if (sm->pmksa) { |
---|
1989 | os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN], |
---|
1990 | sm->pmksa->pmkid, PMKID_LEN); |
---|
1991 | } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) { |
---|
1992 | /* No KCK available to derive PMKID */ |
---|
1993 | pmkid = NULL; |
---|
1994 | } else { |
---|
1995 | /* |
---|
1996 | * Calculate PMKID since no PMKSA cache entry was |
---|
1997 | * available with pre-calculated PMKID. |
---|
1998 | */ |
---|
1999 | rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr, |
---|
2000 | sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], |
---|
2001 | wpa_key_mgmt_sha256(sm->wpa_key_mgmt)); |
---|
2002 | } |
---|
2003 | } |
---|
2004 | wpa_send_eapol(sm->wpa_auth, sm, |
---|
2005 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, |
---|
2006 | sm->ANonce, pmkid, pmkid_len, 0, 0); |
---|
2007 | } |
---|
2008 | |
---|
2009 | |
---|
2010 | static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, |
---|
2011 | const u8 *pmk, struct wpa_ptk *ptk) |
---|
2012 | { |
---|
2013 | #ifdef CONFIG_IEEE80211R |
---|
2014 | if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) |
---|
2015 | return wpa_auth_derive_ptk_ft(sm, pmk, ptk); |
---|
2016 | #endif /* CONFIG_IEEE80211R */ |
---|
2017 | |
---|
2018 | return wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion", |
---|
2019 | sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce, |
---|
2020 | ptk, sm->wpa_key_mgmt, sm->pairwise); |
---|
2021 | } |
---|
2022 | |
---|
2023 | |
---|
2024 | SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) |
---|
2025 | { |
---|
2026 | struct wpa_ptk PTK; |
---|
2027 | int ok = 0, psk_found = 0; |
---|
2028 | const u8 *pmk = NULL; |
---|
2029 | |
---|
2030 | SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); |
---|
2031 | sm->EAPOLKeyReceived = FALSE; |
---|
2032 | sm->update_snonce = FALSE; |
---|
2033 | |
---|
2034 | /* WPA with IEEE 802.1X: use the derived PMK from EAP |
---|
2035 | * WPA-PSK: iterate through possible PSKs and select the one matching |
---|
2036 | * the packet */ |
---|
2037 | for (;;) { |
---|
2038 | if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { |
---|
2039 | pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, |
---|
2040 | sm->p2p_dev_addr, pmk); |
---|
2041 | if (pmk == NULL) |
---|
2042 | break; |
---|
2043 | psk_found = 1; |
---|
2044 | } else |
---|
2045 | pmk = sm->PMK; |
---|
2046 | |
---|
2047 | wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK); |
---|
2048 | |
---|
2049 | if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, |
---|
2050 | sm->last_rx_eapol_key, |
---|
2051 | sm->last_rx_eapol_key_len) == 0) { |
---|
2052 | ok = 1; |
---|
2053 | break; |
---|
2054 | } |
---|
2055 | |
---|
2056 | if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) |
---|
2057 | break; |
---|
2058 | } |
---|
2059 | |
---|
2060 | if (!ok) { |
---|
2061 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2062 | "invalid MIC in msg 2/4 of 4-Way Handshake"); |
---|
2063 | if (psk_found) |
---|
2064 | wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr); |
---|
2065 | return; |
---|
2066 | } |
---|
2067 | |
---|
2068 | #ifdef CONFIG_IEEE80211R |
---|
2069 | if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { |
---|
2070 | /* |
---|
2071 | * Verify that PMKR1Name from EAPOL-Key message 2/4 matches |
---|
2072 | * with the value we derived. |
---|
2073 | */ |
---|
2074 | if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name, |
---|
2075 | WPA_PMK_NAME_LEN) != 0) { |
---|
2076 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2077 | "PMKR1Name mismatch in FT 4-way " |
---|
2078 | "handshake"); |
---|
2079 | wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " |
---|
2080 | "Supplicant", |
---|
2081 | sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); |
---|
2082 | wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", |
---|
2083 | sm->pmk_r1_name, WPA_PMK_NAME_LEN); |
---|
2084 | return; |
---|
2085 | } |
---|
2086 | } |
---|
2087 | #endif /* CONFIG_IEEE80211R */ |
---|
2088 | |
---|
2089 | sm->pending_1_of_4_timeout = 0; |
---|
2090 | eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); |
---|
2091 | |
---|
2092 | if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { |
---|
2093 | /* PSK may have changed from the previous choice, so update |
---|
2094 | * state machine data based on whatever PSK was selected here. |
---|
2095 | */ |
---|
2096 | os_memcpy(sm->PMK, pmk, PMK_LEN); |
---|
2097 | } |
---|
2098 | |
---|
2099 | sm->MICVerified = TRUE; |
---|
2100 | |
---|
2101 | os_memcpy(&sm->PTK, &PTK, sizeof(PTK)); |
---|
2102 | sm->PTK_valid = TRUE; |
---|
2103 | } |
---|
2104 | |
---|
2105 | |
---|
2106 | SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) |
---|
2107 | { |
---|
2108 | SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); |
---|
2109 | sm->TimeoutCtr = 0; |
---|
2110 | } |
---|
2111 | |
---|
2112 | |
---|
2113 | #ifdef CONFIG_IEEE80211W |
---|
2114 | |
---|
2115 | static int ieee80211w_kde_len(struct wpa_state_machine *sm) |
---|
2116 | { |
---|
2117 | if (sm->mgmt_frame_prot) { |
---|
2118 | size_t len; |
---|
2119 | len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); |
---|
2120 | return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len; |
---|
2121 | } |
---|
2122 | |
---|
2123 | return 0; |
---|
2124 | } |
---|
2125 | |
---|
2126 | |
---|
2127 | static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) |
---|
2128 | { |
---|
2129 | struct wpa_igtk_kde igtk; |
---|
2130 | struct wpa_group *gsm = sm->group; |
---|
2131 | u8 rsc[WPA_KEY_RSC_LEN]; |
---|
2132 | size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); |
---|
2133 | |
---|
2134 | if (!sm->mgmt_frame_prot) |
---|
2135 | return pos; |
---|
2136 | |
---|
2137 | igtk.keyid[0] = gsm->GN_igtk; |
---|
2138 | igtk.keyid[1] = 0; |
---|
2139 | if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE || |
---|
2140 | wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0) |
---|
2141 | os_memset(igtk.pn, 0, sizeof(igtk.pn)); |
---|
2142 | else |
---|
2143 | os_memcpy(igtk.pn, rsc, sizeof(igtk.pn)); |
---|
2144 | os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len); |
---|
2145 | if (sm->wpa_auth->conf.disable_gtk) { |
---|
2146 | /* |
---|
2147 | * Provide unique random IGTK to each STA to prevent use of |
---|
2148 | * IGTK in the BSS. |
---|
2149 | */ |
---|
2150 | if (random_get_bytes(igtk.igtk, len) < 0) |
---|
2151 | return pos; |
---|
2152 | } |
---|
2153 | pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, |
---|
2154 | (const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len, |
---|
2155 | NULL, 0); |
---|
2156 | |
---|
2157 | return pos; |
---|
2158 | } |
---|
2159 | |
---|
2160 | #else /* CONFIG_IEEE80211W */ |
---|
2161 | |
---|
2162 | static int ieee80211w_kde_len(struct wpa_state_machine *sm) |
---|
2163 | { |
---|
2164 | return 0; |
---|
2165 | } |
---|
2166 | |
---|
2167 | |
---|
2168 | static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) |
---|
2169 | { |
---|
2170 | return pos; |
---|
2171 | } |
---|
2172 | |
---|
2173 | #endif /* CONFIG_IEEE80211W */ |
---|
2174 | |
---|
2175 | |
---|
2176 | SM_STATE(WPA_PTK, PTKINITNEGOTIATING) |
---|
2177 | { |
---|
2178 | u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32]; |
---|
2179 | size_t gtk_len, kde_len; |
---|
2180 | struct wpa_group *gsm = sm->group; |
---|
2181 | u8 *wpa_ie; |
---|
2182 | int wpa_ie_len, secure, keyidx, encr = 0; |
---|
2183 | |
---|
2184 | SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); |
---|
2185 | sm->TimeoutEvt = FALSE; |
---|
2186 | |
---|
2187 | sm->TimeoutCtr++; |
---|
2188 | if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { |
---|
2189 | /* No point in sending the EAPOL-Key - we will disconnect |
---|
2190 | * immediately following this. */ |
---|
2191 | return; |
---|
2192 | } |
---|
2193 | |
---|
2194 | /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE], |
---|
2195 | GTK[GN], IGTK, [FTIE], [TIE * 2]) |
---|
2196 | */ |
---|
2197 | os_memset(rsc, 0, WPA_KEY_RSC_LEN); |
---|
2198 | wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); |
---|
2199 | /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */ |
---|
2200 | wpa_ie = sm->wpa_auth->wpa_ie; |
---|
2201 | wpa_ie_len = sm->wpa_auth->wpa_ie_len; |
---|
2202 | if (sm->wpa == WPA_VERSION_WPA && |
---|
2203 | (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && |
---|
2204 | wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { |
---|
2205 | /* WPA-only STA, remove RSN IE and possible MDIE */ |
---|
2206 | wpa_ie = wpa_ie + wpa_ie[1] + 2; |
---|
2207 | if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN) |
---|
2208 | wpa_ie = wpa_ie + wpa_ie[1] + 2; |
---|
2209 | wpa_ie_len = wpa_ie[1] + 2; |
---|
2210 | } |
---|
2211 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2212 | "sending 3/4 msg of 4-Way Handshake"); |
---|
2213 | if (sm->wpa == WPA_VERSION_WPA2) { |
---|
2214 | /* WPA2 send GTK in the 4-way handshake */ |
---|
2215 | secure = 1; |
---|
2216 | gtk = gsm->GTK[gsm->GN - 1]; |
---|
2217 | gtk_len = gsm->GTK_len; |
---|
2218 | if (sm->wpa_auth->conf.disable_gtk) { |
---|
2219 | /* |
---|
2220 | * Provide unique random GTK to each STA to prevent use |
---|
2221 | * of GTK in the BSS. |
---|
2222 | */ |
---|
2223 | if (random_get_bytes(dummy_gtk, gtk_len) < 0) |
---|
2224 | return; |
---|
2225 | gtk = dummy_gtk; |
---|
2226 | } |
---|
2227 | keyidx = gsm->GN; |
---|
2228 | _rsc = rsc; |
---|
2229 | encr = 1; |
---|
2230 | } else { |
---|
2231 | /* WPA does not include GTK in msg 3/4 */ |
---|
2232 | secure = 0; |
---|
2233 | gtk = NULL; |
---|
2234 | gtk_len = 0; |
---|
2235 | keyidx = 0; |
---|
2236 | _rsc = NULL; |
---|
2237 | if (sm->rx_eapol_key_secure) { |
---|
2238 | /* |
---|
2239 | * It looks like Windows 7 supplicant tries to use |
---|
2240 | * Secure bit in msg 2/4 after having reported Michael |
---|
2241 | * MIC failure and it then rejects the 4-way handshake |
---|
2242 | * if msg 3/4 does not set Secure bit. Work around this |
---|
2243 | * by setting the Secure bit here even in the case of |
---|
2244 | * WPA if the supplicant used it first. |
---|
2245 | */ |
---|
2246 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2247 | "STA used Secure bit in WPA msg 2/4 - " |
---|
2248 | "set Secure for 3/4 as workaround"); |
---|
2249 | secure = 1; |
---|
2250 | } |
---|
2251 | } |
---|
2252 | |
---|
2253 | kde_len = wpa_ie_len + ieee80211w_kde_len(sm); |
---|
2254 | if (gtk) |
---|
2255 | kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; |
---|
2256 | #ifdef CONFIG_IEEE80211R |
---|
2257 | if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { |
---|
2258 | kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */ |
---|
2259 | kde_len += 300; /* FTIE + 2 * TIE */ |
---|
2260 | } |
---|
2261 | #endif /* CONFIG_IEEE80211R */ |
---|
2262 | #ifdef CONFIG_P2P |
---|
2263 | if (WPA_GET_BE32(sm->ip_addr) > 0) |
---|
2264 | kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4; |
---|
2265 | #endif /* CONFIG_P2P */ |
---|
2266 | kde = os_malloc(kde_len); |
---|
2267 | if (kde == NULL) |
---|
2268 | return; |
---|
2269 | |
---|
2270 | pos = kde; |
---|
2271 | os_memcpy(pos, wpa_ie, wpa_ie_len); |
---|
2272 | pos += wpa_ie_len; |
---|
2273 | #ifdef CONFIG_IEEE80211R |
---|
2274 | if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { |
---|
2275 | int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); |
---|
2276 | if (res < 0) { |
---|
2277 | wpa_printf(MSG_ERROR, "FT: Failed to insert " |
---|
2278 | "PMKR1Name into RSN IE in EAPOL-Key data"); |
---|
2279 | os_free(kde); |
---|
2280 | return; |
---|
2281 | } |
---|
2282 | pos += res; |
---|
2283 | } |
---|
2284 | #endif /* CONFIG_IEEE80211R */ |
---|
2285 | if (gtk) { |
---|
2286 | u8 hdr[2]; |
---|
2287 | hdr[0] = keyidx & 0x03; |
---|
2288 | hdr[1] = 0; |
---|
2289 | pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, |
---|
2290 | gtk, gtk_len); |
---|
2291 | } |
---|
2292 | pos = ieee80211w_kde_add(sm, pos); |
---|
2293 | |
---|
2294 | #ifdef CONFIG_IEEE80211R |
---|
2295 | if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { |
---|
2296 | int res; |
---|
2297 | struct wpa_auth_config *conf; |
---|
2298 | |
---|
2299 | conf = &sm->wpa_auth->conf; |
---|
2300 | res = wpa_write_ftie(conf, conf->r0_key_holder, |
---|
2301 | conf->r0_key_holder_len, |
---|
2302 | NULL, NULL, pos, kde + kde_len - pos, |
---|
2303 | NULL, 0); |
---|
2304 | if (res < 0) { |
---|
2305 | wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " |
---|
2306 | "into EAPOL-Key Key Data"); |
---|
2307 | os_free(kde); |
---|
2308 | return; |
---|
2309 | } |
---|
2310 | pos += res; |
---|
2311 | |
---|
2312 | /* TIE[ReassociationDeadline] (TU) */ |
---|
2313 | *pos++ = WLAN_EID_TIMEOUT_INTERVAL; |
---|
2314 | *pos++ = 5; |
---|
2315 | *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE; |
---|
2316 | WPA_PUT_LE32(pos, conf->reassociation_deadline); |
---|
2317 | pos += 4; |
---|
2318 | |
---|
2319 | /* TIE[KeyLifetime] (seconds) */ |
---|
2320 | *pos++ = WLAN_EID_TIMEOUT_INTERVAL; |
---|
2321 | *pos++ = 5; |
---|
2322 | *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; |
---|
2323 | WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); |
---|
2324 | pos += 4; |
---|
2325 | } |
---|
2326 | #endif /* CONFIG_IEEE80211R */ |
---|
2327 | #ifdef CONFIG_P2P |
---|
2328 | if (WPA_GET_BE32(sm->ip_addr) > 0) { |
---|
2329 | u8 addr[3 * 4]; |
---|
2330 | os_memcpy(addr, sm->ip_addr, 4); |
---|
2331 | os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4); |
---|
2332 | os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4); |
---|
2333 | pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC, |
---|
2334 | addr, sizeof(addr), NULL, 0); |
---|
2335 | } |
---|
2336 | #endif /* CONFIG_P2P */ |
---|
2337 | |
---|
2338 | wpa_send_eapol(sm->wpa_auth, sm, |
---|
2339 | (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | |
---|
2340 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | |
---|
2341 | WPA_KEY_INFO_KEY_TYPE, |
---|
2342 | _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); |
---|
2343 | os_free(kde); |
---|
2344 | } |
---|
2345 | |
---|
2346 | |
---|
2347 | SM_STATE(WPA_PTK, PTKINITDONE) |
---|
2348 | { |
---|
2349 | SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); |
---|
2350 | sm->EAPOLKeyReceived = FALSE; |
---|
2351 | if (sm->Pair) { |
---|
2352 | enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise); |
---|
2353 | int klen = wpa_cipher_key_len(sm->pairwise); |
---|
2354 | if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, |
---|
2355 | sm->PTK.tk, klen)) { |
---|
2356 | wpa_sta_disconnect(sm->wpa_auth, sm->addr); |
---|
2357 | return; |
---|
2358 | } |
---|
2359 | /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ |
---|
2360 | sm->pairwise_set = TRUE; |
---|
2361 | |
---|
2362 | if (sm->wpa_auth->conf.wpa_ptk_rekey) { |
---|
2363 | eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); |
---|
2364 | eloop_register_timeout(sm->wpa_auth->conf. |
---|
2365 | wpa_ptk_rekey, 0, wpa_rekey_ptk, |
---|
2366 | sm->wpa_auth, sm); |
---|
2367 | } |
---|
2368 | |
---|
2369 | if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { |
---|
2370 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, |
---|
2371 | WPA_EAPOL_authorized, 1); |
---|
2372 | } |
---|
2373 | } |
---|
2374 | |
---|
2375 | if (0 /* IBSS == TRUE */) { |
---|
2376 | sm->keycount++; |
---|
2377 | if (sm->keycount == 2) { |
---|
2378 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, |
---|
2379 | WPA_EAPOL_portValid, 1); |
---|
2380 | } |
---|
2381 | } else { |
---|
2382 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, |
---|
2383 | 1); |
---|
2384 | } |
---|
2385 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); |
---|
2386 | wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); |
---|
2387 | if (sm->wpa == WPA_VERSION_WPA) |
---|
2388 | sm->PInitAKeys = TRUE; |
---|
2389 | else |
---|
2390 | sm->has_GTK = TRUE; |
---|
2391 | wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, |
---|
2392 | "pairwise key handshake completed (%s)", |
---|
2393 | sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); |
---|
2394 | |
---|
2395 | #ifdef CONFIG_IEEE80211R |
---|
2396 | wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); |
---|
2397 | #endif /* CONFIG_IEEE80211R */ |
---|
2398 | } |
---|
2399 | |
---|
2400 | |
---|
2401 | SM_STEP(WPA_PTK) |
---|
2402 | { |
---|
2403 | struct wpa_authenticator *wpa_auth = sm->wpa_auth; |
---|
2404 | |
---|
2405 | if (sm->Init) |
---|
2406 | SM_ENTER(WPA_PTK, INITIALIZE); |
---|
2407 | else if (sm->Disconnect |
---|
2408 | /* || FIX: dot11RSNAConfigSALifetime timeout */) { |
---|
2409 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2410 | "WPA_PTK: sm->Disconnect"); |
---|
2411 | SM_ENTER(WPA_PTK, DISCONNECT); |
---|
2412 | } |
---|
2413 | else if (sm->DeauthenticationRequest) |
---|
2414 | SM_ENTER(WPA_PTK, DISCONNECTED); |
---|
2415 | else if (sm->AuthenticationRequest) |
---|
2416 | SM_ENTER(WPA_PTK, AUTHENTICATION); |
---|
2417 | else if (sm->ReAuthenticationRequest) |
---|
2418 | SM_ENTER(WPA_PTK, AUTHENTICATION2); |
---|
2419 | else if (sm->PTKRequest) |
---|
2420 | SM_ENTER(WPA_PTK, PTKSTART); |
---|
2421 | else switch (sm->wpa_ptk_state) { |
---|
2422 | case WPA_PTK_INITIALIZE: |
---|
2423 | break; |
---|
2424 | case WPA_PTK_DISCONNECT: |
---|
2425 | SM_ENTER(WPA_PTK, DISCONNECTED); |
---|
2426 | break; |
---|
2427 | case WPA_PTK_DISCONNECTED: |
---|
2428 | SM_ENTER(WPA_PTK, INITIALIZE); |
---|
2429 | break; |
---|
2430 | case WPA_PTK_AUTHENTICATION: |
---|
2431 | SM_ENTER(WPA_PTK, AUTHENTICATION2); |
---|
2432 | break; |
---|
2433 | case WPA_PTK_AUTHENTICATION2: |
---|
2434 | if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && |
---|
2435 | wpa_auth_get_eapol(sm->wpa_auth, sm->addr, |
---|
2436 | WPA_EAPOL_keyRun) > 0) |
---|
2437 | SM_ENTER(WPA_PTK, INITPMK); |
---|
2438 | else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) |
---|
2439 | /* FIX: && 802.1X::keyRun */) |
---|
2440 | SM_ENTER(WPA_PTK, INITPSK); |
---|
2441 | break; |
---|
2442 | case WPA_PTK_INITPMK: |
---|
2443 | if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, |
---|
2444 | WPA_EAPOL_keyAvailable) > 0) |
---|
2445 | SM_ENTER(WPA_PTK, PTKSTART); |
---|
2446 | else { |
---|
2447 | wpa_auth->dot11RSNA4WayHandshakeFailures++; |
---|
2448 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, |
---|
2449 | "INITPMK - keyAvailable = false"); |
---|
2450 | SM_ENTER(WPA_PTK, DISCONNECT); |
---|
2451 | } |
---|
2452 | break; |
---|
2453 | case WPA_PTK_INITPSK: |
---|
2454 | if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, |
---|
2455 | NULL)) |
---|
2456 | SM_ENTER(WPA_PTK, PTKSTART); |
---|
2457 | else { |
---|
2458 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, |
---|
2459 | "no PSK configured for the STA"); |
---|
2460 | wpa_auth->dot11RSNA4WayHandshakeFailures++; |
---|
2461 | SM_ENTER(WPA_PTK, DISCONNECT); |
---|
2462 | } |
---|
2463 | break; |
---|
2464 | case WPA_PTK_PTKSTART: |
---|
2465 | if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && |
---|
2466 | sm->EAPOLKeyPairwise) |
---|
2467 | SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); |
---|
2468 | else if (sm->TimeoutCtr > |
---|
2469 | (int) dot11RSNAConfigPairwiseUpdateCount) { |
---|
2470 | wpa_auth->dot11RSNA4WayHandshakeFailures++; |
---|
2471 | wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2472 | "PTKSTART: Retry limit %d reached", |
---|
2473 | dot11RSNAConfigPairwiseUpdateCount); |
---|
2474 | SM_ENTER(WPA_PTK, DISCONNECT); |
---|
2475 | } else if (sm->TimeoutEvt) |
---|
2476 | SM_ENTER(WPA_PTK, PTKSTART); |
---|
2477 | break; |
---|
2478 | case WPA_PTK_PTKCALCNEGOTIATING: |
---|
2479 | if (sm->MICVerified) |
---|
2480 | SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); |
---|
2481 | else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && |
---|
2482 | sm->EAPOLKeyPairwise) |
---|
2483 | SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); |
---|
2484 | else if (sm->TimeoutEvt) |
---|
2485 | SM_ENTER(WPA_PTK, PTKSTART); |
---|
2486 | break; |
---|
2487 | case WPA_PTK_PTKCALCNEGOTIATING2: |
---|
2488 | SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); |
---|
2489 | break; |
---|
2490 | case WPA_PTK_PTKINITNEGOTIATING: |
---|
2491 | if (sm->update_snonce) |
---|
2492 | SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); |
---|
2493 | else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && |
---|
2494 | sm->EAPOLKeyPairwise && sm->MICVerified) |
---|
2495 | SM_ENTER(WPA_PTK, PTKINITDONE); |
---|
2496 | else if (sm->TimeoutCtr > |
---|
2497 | (int) dot11RSNAConfigPairwiseUpdateCount) { |
---|
2498 | wpa_auth->dot11RSNA4WayHandshakeFailures++; |
---|
2499 | wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2500 | "PTKINITNEGOTIATING: Retry limit %d " |
---|
2501 | "reached", |
---|
2502 | dot11RSNAConfigPairwiseUpdateCount); |
---|
2503 | SM_ENTER(WPA_PTK, DISCONNECT); |
---|
2504 | } else if (sm->TimeoutEvt) |
---|
2505 | SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); |
---|
2506 | break; |
---|
2507 | case WPA_PTK_PTKINITDONE: |
---|
2508 | break; |
---|
2509 | } |
---|
2510 | } |
---|
2511 | |
---|
2512 | |
---|
2513 | SM_STATE(WPA_PTK_GROUP, IDLE) |
---|
2514 | { |
---|
2515 | SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); |
---|
2516 | if (sm->Init) { |
---|
2517 | /* Init flag is not cleared here, so avoid busy |
---|
2518 | * loop by claiming nothing changed. */ |
---|
2519 | sm->changed = FALSE; |
---|
2520 | } |
---|
2521 | sm->GTimeoutCtr = 0; |
---|
2522 | } |
---|
2523 | |
---|
2524 | |
---|
2525 | SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) |
---|
2526 | { |
---|
2527 | u8 rsc[WPA_KEY_RSC_LEN]; |
---|
2528 | struct wpa_group *gsm = sm->group; |
---|
2529 | const u8 *kde; |
---|
2530 | u8 *kde_buf = NULL, *pos, hdr[2]; |
---|
2531 | size_t kde_len; |
---|
2532 | u8 *gtk, dummy_gtk[32]; |
---|
2533 | |
---|
2534 | SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); |
---|
2535 | |
---|
2536 | sm->GTimeoutCtr++; |
---|
2537 | if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { |
---|
2538 | /* No point in sending the EAPOL-Key - we will disconnect |
---|
2539 | * immediately following this. */ |
---|
2540 | return; |
---|
2541 | } |
---|
2542 | |
---|
2543 | if (sm->wpa == WPA_VERSION_WPA) |
---|
2544 | sm->PInitAKeys = FALSE; |
---|
2545 | sm->TimeoutEvt = FALSE; |
---|
2546 | /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ |
---|
2547 | os_memset(rsc, 0, WPA_KEY_RSC_LEN); |
---|
2548 | if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) |
---|
2549 | wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); |
---|
2550 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2551 | "sending 1/2 msg of Group Key Handshake"); |
---|
2552 | |
---|
2553 | gtk = gsm->GTK[gsm->GN - 1]; |
---|
2554 | if (sm->wpa_auth->conf.disable_gtk) { |
---|
2555 | /* |
---|
2556 | * Provide unique random GTK to each STA to prevent use |
---|
2557 | * of GTK in the BSS. |
---|
2558 | */ |
---|
2559 | if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0) |
---|
2560 | return; |
---|
2561 | gtk = dummy_gtk; |
---|
2562 | } |
---|
2563 | if (sm->wpa == WPA_VERSION_WPA2) { |
---|
2564 | kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + |
---|
2565 | ieee80211w_kde_len(sm); |
---|
2566 | kde_buf = os_malloc(kde_len); |
---|
2567 | if (kde_buf == NULL) |
---|
2568 | return; |
---|
2569 | |
---|
2570 | kde = pos = kde_buf; |
---|
2571 | hdr[0] = gsm->GN & 0x03; |
---|
2572 | hdr[1] = 0; |
---|
2573 | pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, |
---|
2574 | gtk, gsm->GTK_len); |
---|
2575 | pos = ieee80211w_kde_add(sm, pos); |
---|
2576 | kde_len = pos - kde; |
---|
2577 | } else { |
---|
2578 | kde = gtk; |
---|
2579 | kde_len = gsm->GTK_len; |
---|
2580 | } |
---|
2581 | |
---|
2582 | wpa_send_eapol(sm->wpa_auth, sm, |
---|
2583 | WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | |
---|
2584 | WPA_KEY_INFO_ACK | |
---|
2585 | (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), |
---|
2586 | rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1); |
---|
2587 | |
---|
2588 | os_free(kde_buf); |
---|
2589 | } |
---|
2590 | |
---|
2591 | |
---|
2592 | SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) |
---|
2593 | { |
---|
2594 | SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); |
---|
2595 | sm->EAPOLKeyReceived = FALSE; |
---|
2596 | if (sm->GUpdateStationKeys) |
---|
2597 | sm->group->GKeyDoneStations--; |
---|
2598 | sm->GUpdateStationKeys = FALSE; |
---|
2599 | sm->GTimeoutCtr = 0; |
---|
2600 | /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ |
---|
2601 | wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, |
---|
2602 | "group key handshake completed (%s)", |
---|
2603 | sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); |
---|
2604 | sm->has_GTK = TRUE; |
---|
2605 | } |
---|
2606 | |
---|
2607 | |
---|
2608 | SM_STATE(WPA_PTK_GROUP, KEYERROR) |
---|
2609 | { |
---|
2610 | SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); |
---|
2611 | if (sm->GUpdateStationKeys) |
---|
2612 | sm->group->GKeyDoneStations--; |
---|
2613 | sm->GUpdateStationKeys = FALSE; |
---|
2614 | sm->Disconnect = TRUE; |
---|
2615 | } |
---|
2616 | |
---|
2617 | |
---|
2618 | SM_STEP(WPA_PTK_GROUP) |
---|
2619 | { |
---|
2620 | if (sm->Init || sm->PtkGroupInit) { |
---|
2621 | SM_ENTER(WPA_PTK_GROUP, IDLE); |
---|
2622 | sm->PtkGroupInit = FALSE; |
---|
2623 | } else switch (sm->wpa_ptk_group_state) { |
---|
2624 | case WPA_PTK_GROUP_IDLE: |
---|
2625 | if (sm->GUpdateStationKeys || |
---|
2626 | (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) |
---|
2627 | SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); |
---|
2628 | break; |
---|
2629 | case WPA_PTK_GROUP_REKEYNEGOTIATING: |
---|
2630 | if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && |
---|
2631 | !sm->EAPOLKeyPairwise && sm->MICVerified) |
---|
2632 | SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); |
---|
2633 | else if (sm->GTimeoutCtr > |
---|
2634 | (int) dot11RSNAConfigGroupUpdateCount) |
---|
2635 | SM_ENTER(WPA_PTK_GROUP, KEYERROR); |
---|
2636 | else if (sm->TimeoutEvt) |
---|
2637 | SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); |
---|
2638 | break; |
---|
2639 | case WPA_PTK_GROUP_KEYERROR: |
---|
2640 | SM_ENTER(WPA_PTK_GROUP, IDLE); |
---|
2641 | break; |
---|
2642 | case WPA_PTK_GROUP_REKEYESTABLISHED: |
---|
2643 | SM_ENTER(WPA_PTK_GROUP, IDLE); |
---|
2644 | break; |
---|
2645 | } |
---|
2646 | } |
---|
2647 | |
---|
2648 | |
---|
2649 | static int wpa_gtk_update(struct wpa_authenticator *wpa_auth, |
---|
2650 | struct wpa_group *group) |
---|
2651 | { |
---|
2652 | int ret = 0; |
---|
2653 | |
---|
2654 | os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); |
---|
2655 | inc_byte_array(group->Counter, WPA_NONCE_LEN); |
---|
2656 | if (wpa_gmk_to_gtk(group->GMK, "Group key expansion", |
---|
2657 | wpa_auth->addr, group->GNonce, |
---|
2658 | group->GTK[group->GN - 1], group->GTK_len) < 0) |
---|
2659 | ret = -1; |
---|
2660 | wpa_hexdump_key(MSG_DEBUG, "GTK", |
---|
2661 | group->GTK[group->GN - 1], group->GTK_len); |
---|
2662 | |
---|
2663 | #ifdef CONFIG_IEEE80211W |
---|
2664 | if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { |
---|
2665 | size_t len; |
---|
2666 | len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); |
---|
2667 | os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); |
---|
2668 | inc_byte_array(group->Counter, WPA_NONCE_LEN); |
---|
2669 | if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion", |
---|
2670 | wpa_auth->addr, group->GNonce, |
---|
2671 | group->IGTK[group->GN_igtk - 4], len) < 0) |
---|
2672 | ret = -1; |
---|
2673 | wpa_hexdump_key(MSG_DEBUG, "IGTK", |
---|
2674 | group->IGTK[group->GN_igtk - 4], len); |
---|
2675 | } |
---|
2676 | #endif /* CONFIG_IEEE80211W */ |
---|
2677 | |
---|
2678 | return ret; |
---|
2679 | } |
---|
2680 | |
---|
2681 | |
---|
2682 | static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, |
---|
2683 | struct wpa_group *group) |
---|
2684 | { |
---|
2685 | wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " |
---|
2686 | "GTK_INIT (VLAN-ID %d)", group->vlan_id); |
---|
2687 | group->changed = FALSE; /* GInit is not cleared here; avoid loop */ |
---|
2688 | group->wpa_group_state = WPA_GROUP_GTK_INIT; |
---|
2689 | |
---|
2690 | /* GTK[0..N] = 0 */ |
---|
2691 | os_memset(group->GTK, 0, sizeof(group->GTK)); |
---|
2692 | group->GN = 1; |
---|
2693 | group->GM = 2; |
---|
2694 | #ifdef CONFIG_IEEE80211W |
---|
2695 | group->GN_igtk = 4; |
---|
2696 | group->GM_igtk = 5; |
---|
2697 | #endif /* CONFIG_IEEE80211W */ |
---|
2698 | /* GTK[GN] = CalcGTK() */ |
---|
2699 | wpa_gtk_update(wpa_auth, group); |
---|
2700 | } |
---|
2701 | |
---|
2702 | |
---|
2703 | static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) |
---|
2704 | { |
---|
2705 | if (ctx != NULL && ctx != sm->group) |
---|
2706 | return 0; |
---|
2707 | |
---|
2708 | if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { |
---|
2709 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2710 | "Not in PTKINITDONE; skip Group Key update"); |
---|
2711 | sm->GUpdateStationKeys = FALSE; |
---|
2712 | return 0; |
---|
2713 | } |
---|
2714 | if (sm->GUpdateStationKeys) { |
---|
2715 | /* |
---|
2716 | * This should not really happen, so add a debug log entry. |
---|
2717 | * Since we clear the GKeyDoneStations before the loop, the |
---|
2718 | * station needs to be counted here anyway. |
---|
2719 | */ |
---|
2720 | wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, |
---|
2721 | "GUpdateStationKeys was already set when " |
---|
2722 | "marking station for GTK rekeying"); |
---|
2723 | } |
---|
2724 | |
---|
2725 | /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */ |
---|
2726 | if (sm->is_wnmsleep) |
---|
2727 | return 0; |
---|
2728 | |
---|
2729 | sm->group->GKeyDoneStations++; |
---|
2730 | sm->GUpdateStationKeys = TRUE; |
---|
2731 | |
---|
2732 | wpa_sm_step(sm); |
---|
2733 | return 0; |
---|
2734 | } |
---|
2735 | |
---|
2736 | |
---|
2737 | #ifdef CONFIG_WNM |
---|
2738 | /* update GTK when exiting WNM-Sleep Mode */ |
---|
2739 | void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm) |
---|
2740 | { |
---|
2741 | if (sm == NULL || sm->is_wnmsleep) |
---|
2742 | return; |
---|
2743 | |
---|
2744 | wpa_group_update_sta(sm, NULL); |
---|
2745 | } |
---|
2746 | |
---|
2747 | |
---|
2748 | void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag) |
---|
2749 | { |
---|
2750 | if (sm) |
---|
2751 | sm->is_wnmsleep = !!flag; |
---|
2752 | } |
---|
2753 | |
---|
2754 | |
---|
2755 | int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos) |
---|
2756 | { |
---|
2757 | struct wpa_group *gsm = sm->group; |
---|
2758 | u8 *start = pos; |
---|
2759 | |
---|
2760 | /* |
---|
2761 | * GTK subelement: |
---|
2762 | * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] | |
---|
2763 | * Key[5..32] |
---|
2764 | */ |
---|
2765 | *pos++ = WNM_SLEEP_SUBELEM_GTK; |
---|
2766 | *pos++ = 11 + gsm->GTK_len; |
---|
2767 | /* Key ID in B0-B1 of Key Info */ |
---|
2768 | WPA_PUT_LE16(pos, gsm->GN & 0x03); |
---|
2769 | pos += 2; |
---|
2770 | *pos++ = gsm->GTK_len; |
---|
2771 | if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0) |
---|
2772 | return 0; |
---|
2773 | pos += 8; |
---|
2774 | os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len); |
---|
2775 | pos += gsm->GTK_len; |
---|
2776 | |
---|
2777 | wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit", |
---|
2778 | gsm->GN); |
---|
2779 | wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit", |
---|
2780 | gsm->GTK[gsm->GN - 1], gsm->GTK_len); |
---|
2781 | |
---|
2782 | return pos - start; |
---|
2783 | } |
---|
2784 | |
---|
2785 | |
---|
2786 | #ifdef CONFIG_IEEE80211W |
---|
2787 | int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos) |
---|
2788 | { |
---|
2789 | struct wpa_group *gsm = sm->group; |
---|
2790 | u8 *start = pos; |
---|
2791 | size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher); |
---|
2792 | |
---|
2793 | /* |
---|
2794 | * IGTK subelement: |
---|
2795 | * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16] |
---|
2796 | */ |
---|
2797 | *pos++ = WNM_SLEEP_SUBELEM_IGTK; |
---|
2798 | *pos++ = 2 + 6 + len; |
---|
2799 | WPA_PUT_LE16(pos, gsm->GN_igtk); |
---|
2800 | pos += 2; |
---|
2801 | if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0) |
---|
2802 | return 0; |
---|
2803 | pos += 6; |
---|
2804 | |
---|
2805 | os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len); |
---|
2806 | pos += len; |
---|
2807 | |
---|
2808 | wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit", |
---|
2809 | gsm->GN_igtk); |
---|
2810 | wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit", |
---|
2811 | gsm->IGTK[gsm->GN_igtk - 4], len); |
---|
2812 | |
---|
2813 | return pos - start; |
---|
2814 | } |
---|
2815 | #endif /* CONFIG_IEEE80211W */ |
---|
2816 | #endif /* CONFIG_WNM */ |
---|
2817 | |
---|
2818 | |
---|
2819 | static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, |
---|
2820 | struct wpa_group *group) |
---|
2821 | { |
---|
2822 | int tmp; |
---|
2823 | |
---|
2824 | wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " |
---|
2825 | "SETKEYS (VLAN-ID %d)", group->vlan_id); |
---|
2826 | group->changed = TRUE; |
---|
2827 | group->wpa_group_state = WPA_GROUP_SETKEYS; |
---|
2828 | group->GTKReKey = FALSE; |
---|
2829 | tmp = group->GM; |
---|
2830 | group->GM = group->GN; |
---|
2831 | group->GN = tmp; |
---|
2832 | #ifdef CONFIG_IEEE80211W |
---|
2833 | tmp = group->GM_igtk; |
---|
2834 | group->GM_igtk = group->GN_igtk; |
---|
2835 | group->GN_igtk = tmp; |
---|
2836 | #endif /* CONFIG_IEEE80211W */ |
---|
2837 | /* "GKeyDoneStations = GNoStations" is done in more robust way by |
---|
2838 | * counting the STAs that are marked with GUpdateStationKeys instead of |
---|
2839 | * including all STAs that could be in not-yet-completed state. */ |
---|
2840 | wpa_gtk_update(wpa_auth, group); |
---|
2841 | |
---|
2842 | if (group->GKeyDoneStations) { |
---|
2843 | wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected " |
---|
2844 | "GKeyDoneStations=%d when starting new GTK rekey", |
---|
2845 | group->GKeyDoneStations); |
---|
2846 | group->GKeyDoneStations = 0; |
---|
2847 | } |
---|
2848 | wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group); |
---|
2849 | wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d", |
---|
2850 | group->GKeyDoneStations); |
---|
2851 | } |
---|
2852 | |
---|
2853 | |
---|
2854 | static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, |
---|
2855 | struct wpa_group *group) |
---|
2856 | { |
---|
2857 | int ret = 0; |
---|
2858 | |
---|
2859 | if (wpa_auth_set_key(wpa_auth, group->vlan_id, |
---|
2860 | wpa_cipher_to_alg(wpa_auth->conf.wpa_group), |
---|
2861 | broadcast_ether_addr, group->GN, |
---|
2862 | group->GTK[group->GN - 1], group->GTK_len) < 0) |
---|
2863 | ret = -1; |
---|
2864 | |
---|
2865 | #ifdef CONFIG_IEEE80211W |
---|
2866 | if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) { |
---|
2867 | enum wpa_alg alg; |
---|
2868 | size_t len; |
---|
2869 | |
---|
2870 | alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher); |
---|
2871 | len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); |
---|
2872 | |
---|
2873 | if (ret == 0 && |
---|
2874 | wpa_auth_set_key(wpa_auth, group->vlan_id, alg, |
---|
2875 | broadcast_ether_addr, group->GN_igtk, |
---|
2876 | group->IGTK[group->GN_igtk - 4], len) < 0) |
---|
2877 | ret = -1; |
---|
2878 | } |
---|
2879 | #endif /* CONFIG_IEEE80211W */ |
---|
2880 | |
---|
2881 | return ret; |
---|
2882 | } |
---|
2883 | |
---|
2884 | |
---|
2885 | static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx) |
---|
2886 | { |
---|
2887 | if (sm->group == ctx) { |
---|
2888 | wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR |
---|
2889 | " for discconnection due to fatal failure", |
---|
2890 | MAC2STR(sm->addr)); |
---|
2891 | sm->Disconnect = TRUE; |
---|
2892 | } |
---|
2893 | |
---|
2894 | return 0; |
---|
2895 | } |
---|
2896 | |
---|
2897 | |
---|
2898 | static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth, |
---|
2899 | struct wpa_group *group) |
---|
2900 | { |
---|
2901 | wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE"); |
---|
2902 | group->changed = TRUE; |
---|
2903 | group->wpa_group_state = WPA_GROUP_FATAL_FAILURE; |
---|
2904 | wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group); |
---|
2905 | } |
---|
2906 | |
---|
2907 | |
---|
2908 | static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, |
---|
2909 | struct wpa_group *group) |
---|
2910 | { |
---|
2911 | wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " |
---|
2912 | "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); |
---|
2913 | group->changed = TRUE; |
---|
2914 | group->wpa_group_state = WPA_GROUP_SETKEYSDONE; |
---|
2915 | |
---|
2916 | if (wpa_group_config_group_keys(wpa_auth, group) < 0) { |
---|
2917 | wpa_group_fatal_failure(wpa_auth, group); |
---|
2918 | return -1; |
---|
2919 | } |
---|
2920 | |
---|
2921 | return 0; |
---|
2922 | } |
---|
2923 | |
---|
2924 | |
---|
2925 | static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, |
---|
2926 | struct wpa_group *group) |
---|
2927 | { |
---|
2928 | if (group->GInit) { |
---|
2929 | wpa_group_gtk_init(wpa_auth, group); |
---|
2930 | } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) { |
---|
2931 | /* Do not allow group operations */ |
---|
2932 | } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && |
---|
2933 | group->GTKAuthenticator) { |
---|
2934 | wpa_group_setkeysdone(wpa_auth, group); |
---|
2935 | } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && |
---|
2936 | group->GTKReKey) { |
---|
2937 | wpa_group_setkeys(wpa_auth, group); |
---|
2938 | } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { |
---|
2939 | if (group->GKeyDoneStations == 0) |
---|
2940 | wpa_group_setkeysdone(wpa_auth, group); |
---|
2941 | else if (group->GTKReKey) |
---|
2942 | wpa_group_setkeys(wpa_auth, group); |
---|
2943 | } |
---|
2944 | } |
---|
2945 | |
---|
2946 | |
---|
2947 | static int wpa_sm_step(struct wpa_state_machine *sm) |
---|
2948 | { |
---|
2949 | if (sm == NULL) |
---|
2950 | return 0; |
---|
2951 | |
---|
2952 | if (sm->in_step_loop) { |
---|
2953 | /* This should not happen, but if it does, make sure we do not |
---|
2954 | * end up freeing the state machine too early by exiting the |
---|
2955 | * recursive call. */ |
---|
2956 | wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); |
---|
2957 | return 0; |
---|
2958 | } |
---|
2959 | |
---|
2960 | sm->in_step_loop = 1; |
---|
2961 | do { |
---|
2962 | if (sm->pending_deinit) |
---|
2963 | break; |
---|
2964 | |
---|
2965 | sm->changed = FALSE; |
---|
2966 | sm->wpa_auth->group->changed = FALSE; |
---|
2967 | |
---|
2968 | SM_STEP_RUN(WPA_PTK); |
---|
2969 | if (sm->pending_deinit) |
---|
2970 | break; |
---|
2971 | SM_STEP_RUN(WPA_PTK_GROUP); |
---|
2972 | if (sm->pending_deinit) |
---|
2973 | break; |
---|
2974 | wpa_group_sm_step(sm->wpa_auth, sm->group); |
---|
2975 | } while (sm->changed || sm->wpa_auth->group->changed); |
---|
2976 | sm->in_step_loop = 0; |
---|
2977 | |
---|
2978 | if (sm->pending_deinit) { |
---|
2979 | wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " |
---|
2980 | "machine deinit for " MACSTR, MAC2STR(sm->addr)); |
---|
2981 | wpa_free_sta_sm(sm); |
---|
2982 | return 1; |
---|
2983 | } |
---|
2984 | return 0; |
---|
2985 | } |
---|
2986 | |
---|
2987 | |
---|
2988 | static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) |
---|
2989 | { |
---|
2990 | struct wpa_state_machine *sm = eloop_ctx; |
---|
2991 | wpa_sm_step(sm); |
---|
2992 | } |
---|
2993 | |
---|
2994 | |
---|
2995 | void wpa_auth_sm_notify(struct wpa_state_machine *sm) |
---|
2996 | { |
---|
2997 | if (sm == NULL) |
---|
2998 | return; |
---|
2999 | eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); |
---|
3000 | } |
---|
3001 | |
---|
3002 | |
---|
3003 | void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) |
---|
3004 | { |
---|
3005 | int tmp, i; |
---|
3006 | struct wpa_group *group; |
---|
3007 | |
---|
3008 | if (wpa_auth == NULL) |
---|
3009 | return; |
---|
3010 | |
---|
3011 | group = wpa_auth->group; |
---|
3012 | |
---|
3013 | for (i = 0; i < 2; i++) { |
---|
3014 | tmp = group->GM; |
---|
3015 | group->GM = group->GN; |
---|
3016 | group->GN = tmp; |
---|
3017 | #ifdef CONFIG_IEEE80211W |
---|
3018 | tmp = group->GM_igtk; |
---|
3019 | group->GM_igtk = group->GN_igtk; |
---|
3020 | group->GN_igtk = tmp; |
---|
3021 | #endif /* CONFIG_IEEE80211W */ |
---|
3022 | wpa_gtk_update(wpa_auth, group); |
---|
3023 | wpa_group_config_group_keys(wpa_auth, group); |
---|
3024 | } |
---|
3025 | } |
---|
3026 | |
---|
3027 | |
---|
3028 | static const char * wpa_bool_txt(int val) |
---|
3029 | { |
---|
3030 | return val ? "TRUE" : "FALSE"; |
---|
3031 | } |
---|
3032 | |
---|
3033 | |
---|
3034 | #define RSN_SUITE "%02x-%02x-%02x-%d" |
---|
3035 | #define RSN_SUITE_ARG(s) \ |
---|
3036 | ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff |
---|
3037 | |
---|
3038 | int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) |
---|
3039 | { |
---|
3040 | int len = 0, ret; |
---|
3041 | char pmkid_txt[PMKID_LEN * 2 + 1]; |
---|
3042 | #ifdef CONFIG_RSN_PREAUTH |
---|
3043 | const int preauth = 1; |
---|
3044 | #else /* CONFIG_RSN_PREAUTH */ |
---|
3045 | const int preauth = 0; |
---|
3046 | #endif /* CONFIG_RSN_PREAUTH */ |
---|
3047 | |
---|
3048 | if (wpa_auth == NULL) |
---|
3049 | return len; |
---|
3050 | |
---|
3051 | ret = os_snprintf(buf + len, buflen - len, |
---|
3052 | "dot11RSNAOptionImplemented=TRUE\n" |
---|
3053 | "dot11RSNAPreauthenticationImplemented=%s\n" |
---|
3054 | "dot11RSNAEnabled=%s\n" |
---|
3055 | "dot11RSNAPreauthenticationEnabled=%s\n", |
---|
3056 | wpa_bool_txt(preauth), |
---|
3057 | wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN), |
---|
3058 | wpa_bool_txt(wpa_auth->conf.rsn_preauth)); |
---|
3059 | if (os_snprintf_error(buflen - len, ret)) |
---|
3060 | return len; |
---|
3061 | len += ret; |
---|
3062 | |
---|
3063 | wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), |
---|
3064 | wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); |
---|
3065 | |
---|
3066 | ret = os_snprintf( |
---|
3067 | buf + len, buflen - len, |
---|
3068 | "dot11RSNAConfigVersion=%u\n" |
---|
3069 | "dot11RSNAConfigPairwiseKeysSupported=9999\n" |
---|
3070 | /* FIX: dot11RSNAConfigGroupCipher */ |
---|
3071 | /* FIX: dot11RSNAConfigGroupRekeyMethod */ |
---|
3072 | /* FIX: dot11RSNAConfigGroupRekeyTime */ |
---|
3073 | /* FIX: dot11RSNAConfigGroupRekeyPackets */ |
---|
3074 | "dot11RSNAConfigGroupRekeyStrict=%u\n" |
---|
3075 | "dot11RSNAConfigGroupUpdateCount=%u\n" |
---|
3076 | "dot11RSNAConfigPairwiseUpdateCount=%u\n" |
---|
3077 | "dot11RSNAConfigGroupCipherSize=%u\n" |
---|
3078 | "dot11RSNAConfigPMKLifetime=%u\n" |
---|
3079 | "dot11RSNAConfigPMKReauthThreshold=%u\n" |
---|
3080 | "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" |
---|
3081 | "dot11RSNAConfigSATimeout=%u\n" |
---|
3082 | "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" |
---|
3083 | "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" |
---|
3084 | "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" |
---|
3085 | "dot11RSNAPMKIDUsed=%s\n" |
---|
3086 | "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" |
---|
3087 | "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" |
---|
3088 | "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" |
---|
3089 | "dot11RSNATKIPCounterMeasuresInvoked=%u\n" |
---|
3090 | "dot11RSNA4WayHandshakeFailures=%u\n" |
---|
3091 | "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", |
---|
3092 | RSN_VERSION, |
---|
3093 | !!wpa_auth->conf.wpa_strict_rekey, |
---|
3094 | dot11RSNAConfigGroupUpdateCount, |
---|
3095 | dot11RSNAConfigPairwiseUpdateCount, |
---|
3096 | wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8, |
---|
3097 | dot11RSNAConfigPMKLifetime, |
---|
3098 | dot11RSNAConfigPMKReauthThreshold, |
---|
3099 | dot11RSNAConfigSATimeout, |
---|
3100 | RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected), |
---|
3101 | RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected), |
---|
3102 | RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), |
---|
3103 | pmkid_txt, |
---|
3104 | RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested), |
---|
3105 | RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested), |
---|
3106 | RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), |
---|
3107 | wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, |
---|
3108 | wpa_auth->dot11RSNA4WayHandshakeFailures); |
---|
3109 | if (os_snprintf_error(buflen - len, ret)) |
---|
3110 | return len; |
---|
3111 | len += ret; |
---|
3112 | |
---|
3113 | /* TODO: dot11RSNAConfigPairwiseCiphersTable */ |
---|
3114 | /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ |
---|
3115 | |
---|
3116 | /* Private MIB */ |
---|
3117 | ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", |
---|
3118 | wpa_auth->group->wpa_group_state); |
---|
3119 | if (os_snprintf_error(buflen - len, ret)) |
---|
3120 | return len; |
---|
3121 | len += ret; |
---|
3122 | |
---|
3123 | return len; |
---|
3124 | } |
---|
3125 | |
---|
3126 | |
---|
3127 | int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) |
---|
3128 | { |
---|
3129 | int len = 0, ret; |
---|
3130 | u32 pairwise = 0; |
---|
3131 | |
---|
3132 | if (sm == NULL) |
---|
3133 | return 0; |
---|
3134 | |
---|
3135 | /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ |
---|
3136 | |
---|
3137 | /* dot11RSNAStatsEntry */ |
---|
3138 | |
---|
3139 | pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ? |
---|
3140 | WPA_PROTO_RSN : WPA_PROTO_WPA, |
---|
3141 | sm->pairwise); |
---|
3142 | if (pairwise == 0) |
---|
3143 | return 0; |
---|
3144 | |
---|
3145 | ret = os_snprintf( |
---|
3146 | buf + len, buflen - len, |
---|
3147 | /* TODO: dot11RSNAStatsIndex */ |
---|
3148 | "dot11RSNAStatsSTAAddress=" MACSTR "\n" |
---|
3149 | "dot11RSNAStatsVersion=1\n" |
---|
3150 | "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" |
---|
3151 | /* TODO: dot11RSNAStatsTKIPICVErrors */ |
---|
3152 | "dot11RSNAStatsTKIPLocalMICFailures=%u\n" |
---|
3153 | "dot11RSNAStatsTKIPRemoteMICFailures=%u\n" |
---|
3154 | /* TODO: dot11RSNAStatsCCMPReplays */ |
---|
3155 | /* TODO: dot11RSNAStatsCCMPDecryptErrors */ |
---|
3156 | /* TODO: dot11RSNAStatsTKIPReplays */, |
---|
3157 | MAC2STR(sm->addr), |
---|
3158 | RSN_SUITE_ARG(pairwise), |
---|
3159 | sm->dot11RSNAStatsTKIPLocalMICFailures, |
---|
3160 | sm->dot11RSNAStatsTKIPRemoteMICFailures); |
---|
3161 | if (os_snprintf_error(buflen - len, ret)) |
---|
3162 | return len; |
---|
3163 | len += ret; |
---|
3164 | |
---|
3165 | /* Private MIB */ |
---|
3166 | ret = os_snprintf(buf + len, buflen - len, |
---|
3167 | "hostapdWPAPTKState=%d\n" |
---|
3168 | "hostapdWPAPTKGroupState=%d\n", |
---|
3169 | sm->wpa_ptk_state, |
---|
3170 | sm->wpa_ptk_group_state); |
---|
3171 | if (os_snprintf_error(buflen - len, ret)) |
---|
3172 | return len; |
---|
3173 | len += ret; |
---|
3174 | |
---|
3175 | return len; |
---|
3176 | } |
---|
3177 | |
---|
3178 | |
---|
3179 | void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) |
---|
3180 | { |
---|
3181 | if (wpa_auth) |
---|
3182 | wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; |
---|
3183 | } |
---|
3184 | |
---|
3185 | |
---|
3186 | int wpa_auth_pairwise_set(struct wpa_state_machine *sm) |
---|
3187 | { |
---|
3188 | return sm && sm->pairwise_set; |
---|
3189 | } |
---|
3190 | |
---|
3191 | |
---|
3192 | int wpa_auth_get_pairwise(struct wpa_state_machine *sm) |
---|
3193 | { |
---|
3194 | return sm->pairwise; |
---|
3195 | } |
---|
3196 | |
---|
3197 | |
---|
3198 | int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) |
---|
3199 | { |
---|
3200 | if (sm == NULL) |
---|
3201 | return -1; |
---|
3202 | return sm->wpa_key_mgmt; |
---|
3203 | } |
---|
3204 | |
---|
3205 | |
---|
3206 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) |
---|
3207 | { |
---|
3208 | if (sm == NULL) |
---|
3209 | return 0; |
---|
3210 | return sm->wpa; |
---|
3211 | } |
---|
3212 | |
---|
3213 | |
---|
3214 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, |
---|
3215 | struct rsn_pmksa_cache_entry *entry) |
---|
3216 | { |
---|
3217 | if (sm == NULL || sm->pmksa != entry) |
---|
3218 | return -1; |
---|
3219 | sm->pmksa = NULL; |
---|
3220 | return 0; |
---|
3221 | } |
---|
3222 | |
---|
3223 | |
---|
3224 | struct rsn_pmksa_cache_entry * |
---|
3225 | wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) |
---|
3226 | { |
---|
3227 | return sm ? sm->pmksa : NULL; |
---|
3228 | } |
---|
3229 | |
---|
3230 | |
---|
3231 | void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) |
---|
3232 | { |
---|
3233 | if (sm) |
---|
3234 | sm->dot11RSNAStatsTKIPLocalMICFailures++; |
---|
3235 | } |
---|
3236 | |
---|
3237 | |
---|
3238 | const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) |
---|
3239 | { |
---|
3240 | if (wpa_auth == NULL) |
---|
3241 | return NULL; |
---|
3242 | *len = wpa_auth->wpa_ie_len; |
---|
3243 | return wpa_auth->wpa_ie; |
---|
3244 | } |
---|
3245 | |
---|
3246 | |
---|
3247 | int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, |
---|
3248 | int session_timeout, struct eapol_state_machine *eapol) |
---|
3249 | { |
---|
3250 | if (sm == NULL || sm->wpa != WPA_VERSION_WPA2 || |
---|
3251 | sm->wpa_auth->conf.disable_pmksa_caching) |
---|
3252 | return -1; |
---|
3253 | |
---|
3254 | if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN, |
---|
3255 | sm->PTK.kck, sm->PTK.kck_len, |
---|
3256 | sm->wpa_auth->addr, sm->addr, session_timeout, |
---|
3257 | eapol, sm->wpa_key_mgmt)) |
---|
3258 | return 0; |
---|
3259 | |
---|
3260 | return -1; |
---|
3261 | } |
---|
3262 | |
---|
3263 | |
---|
3264 | int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, |
---|
3265 | const u8 *pmk, size_t len, const u8 *sta_addr, |
---|
3266 | int session_timeout, |
---|
3267 | struct eapol_state_machine *eapol) |
---|
3268 | { |
---|
3269 | if (wpa_auth == NULL) |
---|
3270 | return -1; |
---|
3271 | |
---|
3272 | if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, |
---|
3273 | NULL, 0, |
---|
3274 | wpa_auth->addr, |
---|
3275 | sta_addr, session_timeout, eapol, |
---|
3276 | WPA_KEY_MGMT_IEEE8021X)) |
---|
3277 | return 0; |
---|
3278 | |
---|
3279 | return -1; |
---|
3280 | } |
---|
3281 | |
---|
3282 | |
---|
3283 | int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, |
---|
3284 | const u8 *pmk) |
---|
3285 | { |
---|
3286 | if (wpa_auth->conf.disable_pmksa_caching) |
---|
3287 | return -1; |
---|
3288 | |
---|
3289 | if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, |
---|
3290 | NULL, 0, |
---|
3291 | wpa_auth->addr, addr, 0, NULL, |
---|
3292 | WPA_KEY_MGMT_SAE)) |
---|
3293 | return 0; |
---|
3294 | |
---|
3295 | return -1; |
---|
3296 | } |
---|
3297 | |
---|
3298 | |
---|
3299 | void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, |
---|
3300 | const u8 *sta_addr) |
---|
3301 | { |
---|
3302 | struct rsn_pmksa_cache_entry *pmksa; |
---|
3303 | |
---|
3304 | if (wpa_auth == NULL || wpa_auth->pmksa == NULL) |
---|
3305 | return; |
---|
3306 | pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL); |
---|
3307 | if (pmksa) { |
---|
3308 | wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for " |
---|
3309 | MACSTR " based on request", MAC2STR(sta_addr)); |
---|
3310 | pmksa_cache_free_entry(wpa_auth->pmksa, pmksa); |
---|
3311 | } |
---|
3312 | } |
---|
3313 | |
---|
3314 | |
---|
3315 | /* |
---|
3316 | * Remove and free the group from wpa_authenticator. This is triggered by a |
---|
3317 | * callback to make sure nobody is currently iterating the group list while it |
---|
3318 | * gets modified. |
---|
3319 | */ |
---|
3320 | static void wpa_group_free(struct wpa_authenticator *wpa_auth, |
---|
3321 | struct wpa_group *group) |
---|
3322 | { |
---|
3323 | struct wpa_group *prev = wpa_auth->group; |
---|
3324 | |
---|
3325 | wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d", |
---|
3326 | group->vlan_id); |
---|
3327 | |
---|
3328 | while (prev) { |
---|
3329 | if (prev->next == group) { |
---|
3330 | /* This never frees the special first group as needed */ |
---|
3331 | prev->next = group->next; |
---|
3332 | os_free(group); |
---|
3333 | break; |
---|
3334 | } |
---|
3335 | prev = prev->next; |
---|
3336 | } |
---|
3337 | |
---|
3338 | } |
---|
3339 | |
---|
3340 | |
---|
3341 | /* Increase the reference counter for group */ |
---|
3342 | static void wpa_group_get(struct wpa_authenticator *wpa_auth, |
---|
3343 | struct wpa_group *group) |
---|
3344 | { |
---|
3345 | /* Skip the special first group */ |
---|
3346 | if (wpa_auth->group == group) |
---|
3347 | return; |
---|
3348 | |
---|
3349 | group->references++; |
---|
3350 | } |
---|
3351 | |
---|
3352 | |
---|
3353 | /* Decrease the reference counter and maybe free the group */ |
---|
3354 | static void wpa_group_put(struct wpa_authenticator *wpa_auth, |
---|
3355 | struct wpa_group *group) |
---|
3356 | { |
---|
3357 | /* Skip the special first group */ |
---|
3358 | if (wpa_auth->group == group) |
---|
3359 | return; |
---|
3360 | |
---|
3361 | group->references--; |
---|
3362 | if (group->references) |
---|
3363 | return; |
---|
3364 | wpa_group_free(wpa_auth, group); |
---|
3365 | } |
---|
3366 | |
---|
3367 | |
---|
3368 | /* |
---|
3369 | * Add a group that has its references counter set to zero. Caller needs to |
---|
3370 | * call wpa_group_get() on the return value to mark the entry in use. |
---|
3371 | */ |
---|
3372 | static struct wpa_group * |
---|
3373 | wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) |
---|
3374 | { |
---|
3375 | struct wpa_group *group; |
---|
3376 | |
---|
3377 | if (wpa_auth == NULL || wpa_auth->group == NULL) |
---|
3378 | return NULL; |
---|
3379 | |
---|
3380 | wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", |
---|
3381 | vlan_id); |
---|
3382 | group = wpa_group_init(wpa_auth, vlan_id, 0); |
---|
3383 | if (group == NULL) |
---|
3384 | return NULL; |
---|
3385 | |
---|
3386 | group->next = wpa_auth->group->next; |
---|
3387 | wpa_auth->group->next = group; |
---|
3388 | |
---|
3389 | return group; |
---|
3390 | } |
---|
3391 | |
---|
3392 | |
---|
3393 | int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) |
---|
3394 | { |
---|
3395 | struct wpa_group *group; |
---|
3396 | |
---|
3397 | if (sm == NULL || sm->wpa_auth == NULL) |
---|
3398 | return 0; |
---|
3399 | |
---|
3400 | group = sm->wpa_auth->group; |
---|
3401 | while (group) { |
---|
3402 | if (group->vlan_id == vlan_id) |
---|
3403 | break; |
---|
3404 | group = group->next; |
---|
3405 | } |
---|
3406 | |
---|
3407 | if (group == NULL) { |
---|
3408 | group = wpa_auth_add_group(sm->wpa_auth, vlan_id); |
---|
3409 | if (group == NULL) |
---|
3410 | return -1; |
---|
3411 | } |
---|
3412 | |
---|
3413 | if (sm->group == group) |
---|
3414 | return 0; |
---|
3415 | |
---|
3416 | if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) |
---|
3417 | return -1; |
---|
3418 | |
---|
3419 | wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " |
---|
3420 | "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); |
---|
3421 | |
---|
3422 | wpa_group_get(sm->wpa_auth, group); |
---|
3423 | wpa_group_put(sm->wpa_auth, sm->group); |
---|
3424 | sm->group = group; |
---|
3425 | |
---|
3426 | return 0; |
---|
3427 | } |
---|
3428 | |
---|
3429 | |
---|
3430 | void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, |
---|
3431 | struct wpa_state_machine *sm, int ack) |
---|
3432 | { |
---|
3433 | if (wpa_auth == NULL || sm == NULL) |
---|
3434 | return; |
---|
3435 | wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR |
---|
3436 | " ack=%d", MAC2STR(sm->addr), ack); |
---|
3437 | if (sm->pending_1_of_4_timeout && ack) { |
---|
3438 | /* |
---|
3439 | * Some deployed supplicant implementations update their SNonce |
---|
3440 | * for each EAPOL-Key 2/4 message even within the same 4-way |
---|
3441 | * handshake and then fail to use the first SNonce when |
---|
3442 | * deriving the PTK. This results in unsuccessful 4-way |
---|
3443 | * handshake whenever the relatively short initial timeout is |
---|
3444 | * reached and EAPOL-Key 1/4 is retransmitted. Try to work |
---|
3445 | * around this by increasing the timeout now that we know that |
---|
3446 | * the station has received the frame. |
---|
3447 | */ |
---|
3448 | int timeout_ms = eapol_key_timeout_subseq; |
---|
3449 | wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 " |
---|
3450 | "timeout by %u ms because of acknowledged frame", |
---|
3451 | timeout_ms); |
---|
3452 | eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); |
---|
3453 | eloop_register_timeout(timeout_ms / 1000, |
---|
3454 | (timeout_ms % 1000) * 1000, |
---|
3455 | wpa_send_eapol_timeout, wpa_auth, sm); |
---|
3456 | } |
---|
3457 | } |
---|
3458 | |
---|
3459 | |
---|
3460 | int wpa_auth_uses_sae(struct wpa_state_machine *sm) |
---|
3461 | { |
---|
3462 | if (sm == NULL) |
---|
3463 | return 0; |
---|
3464 | return wpa_key_mgmt_sae(sm->wpa_key_mgmt); |
---|
3465 | } |
---|
3466 | |
---|
3467 | |
---|
3468 | int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm) |
---|
3469 | { |
---|
3470 | if (sm == NULL) |
---|
3471 | return 0; |
---|
3472 | return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE; |
---|
3473 | } |
---|
3474 | |
---|
3475 | |
---|
3476 | #ifdef CONFIG_P2P |
---|
3477 | int wpa_auth_get_ip_addr(struct wpa_state_machine *sm, u8 *addr) |
---|
3478 | { |
---|
3479 | if (sm == NULL || WPA_GET_BE32(sm->ip_addr) == 0) |
---|
3480 | return -1; |
---|
3481 | os_memcpy(addr, sm->ip_addr, 4); |
---|
3482 | return 0; |
---|
3483 | } |
---|
3484 | #endif /* CONFIG_P2P */ |
---|
3485 | |
---|
3486 | |
---|
3487 | int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth, |
---|
3488 | struct radius_das_attrs *attr) |
---|
3489 | { |
---|
3490 | return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr); |
---|
3491 | } |
---|
3492 | |
---|
3493 | |
---|
3494 | void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth) |
---|
3495 | { |
---|
3496 | struct wpa_group *group; |
---|
3497 | |
---|
3498 | if (!wpa_auth) |
---|
3499 | return; |
---|
3500 | for (group = wpa_auth->group; group; group = group->next) |
---|
3501 | wpa_group_config_group_keys(wpa_auth, group); |
---|
3502 | } |
---|