Context Navigation

source: rtems-libbsd/freebsd/contrib/wpa/src/ap/wpa_auth.c @ b0f0b2f

55-freebsd-126-freebsd-12

Last change on this file since b0f0b2f was b0f0b2f, checked in by Christian Mauderer <Christian.Mauderer@…>, on 11/08/17 at 13:10:40
wpa: Import all files for KRACK patch.
Property mode set to `100644`
File size: 94.3 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/*
4	* IEEE 802.11 RSN / WPA Authenticator
5	* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
6	*
7	* This software may be distributed under the terms of the BSD license.
8	* See README for more details.
9	*/
10
11	#include "utils/includes.h"
12
13	#include "utils/common.h"
14	#include "utils/eloop.h"
15	#include "utils/state_machine.h"
16	#include "utils/bitfield.h"
17	#include "common/ieee802_11_defs.h"
18	#include "crypto/aes_wrap.h"
19	#include "crypto/crypto.h"
20	#include "crypto/sha1.h"
21	#include "crypto/sha256.h"
22	#include "crypto/random.h"
23	#include "eapol_auth/eapol_auth_sm.h"
24	#include "ap_config.h"
25	#include "ieee802_11.h"
26	#include "wpa_auth.h"
27	#include "pmksa_cache_auth.h"
28	#include "wpa_auth_i.h"
29	#include "wpa_auth_ie.h"
30
31	#define STATE_MACHINE_DATA struct wpa_state_machine
32	#define STATE_MACHINE_DEBUG_PREFIX "WPA"
33	#define STATE_MACHINE_ADDR sm->addr
34
35
36	static void wpa_send_eapol_timeout(void eloop_ctx, void timeout_ctx);
37	static int wpa_sm_step(struct wpa_state_machine *sm);
38	static int wpa_verify_key_mic(int akmp, struct wpa_ptk PTK, u8 data,
39	size_t data_len);
40	static void wpa_sm_call_step(void eloop_ctx, void timeout_ctx);
41	static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
42	struct wpa_group *group);
43	static void wpa_request_new_ptk(struct wpa_state_machine *sm);
44	static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
45	struct wpa_group *group);
46	static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
47	struct wpa_group *group);
48	static int wpa_derive_ptk(struct wpa_state_machine sm, const u8 snonce,
49	const u8 pmk, struct wpa_ptk ptk);
50	static void wpa_group_free(struct wpa_authenticator *wpa_auth,
51	struct wpa_group *group);
52	static void wpa_group_get(struct wpa_authenticator *wpa_auth,
53	struct wpa_group *group);
54	static void wpa_group_put(struct wpa_authenticator *wpa_auth,
55	struct wpa_group *group);
56
57	static const u32 dot11RSNAConfigGroupUpdateCount = 4;
58	static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
59	static const u32 eapol_key_timeout_first = 100; /* ms */
60	static const u32 eapol_key_timeout_subseq = 1000; /* ms */
61	static const u32 eapol_key_timeout_first_group = 500; /* ms */
62
63	/* TODO: make these configurable */
64	static const int dot11RSNAConfigPMKLifetime = 43200;
65	static const int dot11RSNAConfigPMKReauthThreshold = 70;
66	static const int dot11RSNAConfigSATimeout = 60;
67
68
69	static inline int wpa_auth_mic_failure_report(
70	struct wpa_authenticator wpa_auth, const u8 addr)
71	{
72	if (wpa_auth->cb.mic_failure_report)
73	return wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
74	return 0;
75	}
76
77
78	static inline void wpa_auth_psk_failure_report(
79	struct wpa_authenticator wpa_auth, const u8 addr)
80	{
81	if (wpa_auth->cb.psk_failure_report)
82	wpa_auth->cb.psk_failure_report(wpa_auth->cb.ctx, addr);
83	}
84
85
86	static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
87	const u8 *addr, wpa_eapol_variable var,
88	int value)
89	{
90	if (wpa_auth->cb.set_eapol)
91	wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
92	}
93
94
95	static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
96	const u8 *addr, wpa_eapol_variable var)
97	{
98	if (wpa_auth->cb.get_eapol == NULL)
99	return -1;
100	return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
101	}
102
103
104	static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
105	const u8 *addr,
106	const u8 *p2p_dev_addr,
107	const u8 *prev_psk)
108	{
109	if (wpa_auth->cb.get_psk == NULL)
110	return NULL;
111	return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, p2p_dev_addr,
112	prev_psk);
113	}
114
115
116	static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
117	const u8 addr, u8 msk, size_t *len)
118	{
119	if (wpa_auth->cb.get_msk == NULL)
120	return -1;
121	return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
122	}
123
124
125	static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
126	int vlan_id,
127	enum wpa_alg alg, const u8 *addr, int idx,
128	u8 *key, size_t key_len)
129	{
130	if (wpa_auth->cb.set_key == NULL)
131	return -1;
132	return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
133	key, key_len);
134	}
135
136
137	static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
138	const u8 addr, int idx, u8 seq)
139	{
140	if (wpa_auth->cb.get_seqnum == NULL)
141	return -1;
142	return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
143	}
144
145
146	static inline int
147	wpa_auth_send_eapol(struct wpa_authenticator wpa_auth, const u8 addr,
148	const u8 *data, size_t data_len, int encrypt)
149	{
150	if (wpa_auth->cb.send_eapol == NULL)
151	return -1;
152	return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
153	encrypt);
154	}
155
156
157	#ifdef CONFIG_MESH
158	static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
159	const u8 *addr)
160	{
161	if (wpa_auth->cb.start_ampe == NULL)
162	return -1;
163	return wpa_auth->cb.start_ampe(wpa_auth->cb.ctx, addr);
164	}
165	#endif /* CONFIG_MESH */
166
167
168	int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
169	int (cb)(struct wpa_state_machine sm, void *ctx),
170	void *cb_ctx)
171	{
172	if (wpa_auth->cb.for_each_sta == NULL)
173	return 0;
174	return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
175	}
176
177
178	int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
179	int (cb)(struct wpa_authenticator a, void *ctx),
180	void *cb_ctx)
181	{
182	if (wpa_auth->cb.for_each_auth == NULL)
183	return 0;
184	return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
185	}
186
187
188	void wpa_auth_logger(struct wpa_authenticator wpa_auth, const u8 addr,
189	logger_level level, const char *txt)
190	{
191	if (wpa_auth->cb.logger == NULL)
192	return;
193	wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
194	}
195
196
197	void wpa_auth_vlogger(struct wpa_authenticator wpa_auth, const u8 addr,
198	logger_level level, const char *fmt, ...)
199	{
200	char *format;
201	int maxlen;
202	va_list ap;
203
204	if (wpa_auth->cb.logger == NULL)
205	return;
206
207	maxlen = os_strlen(fmt) + 100;
208	format = os_malloc(maxlen);
209	if (!format)
210	return;
211
212	va_start(ap, fmt);
213	vsnprintf(format, maxlen, fmt, ap);
214	va_end(ap);
215
216	wpa_auth_logger(wpa_auth, addr, level, format);
217
218	os_free(format);
219	}
220
221
222	static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
223	const u8 *addr)
224	{
225	if (wpa_auth->cb.disconnect == NULL)
226	return;
227	wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
228	wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
229	WLAN_REASON_PREV_AUTH_NOT_VALID);
230	}
231
232
233	static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
234	{
235	int ret = 0;
236	#ifdef CONFIG_IEEE80211R
237	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
238	ret = 1;
239	#endif /* CONFIG_IEEE80211R */
240	#ifdef CONFIG_IEEE80211W
241	if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
242	ret = 1;
243	#endif /* CONFIG_IEEE80211W */
244	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN)
245	ret = 1;
246	return ret;
247	}
248
249
250	static void wpa_rekey_gmk(void eloop_ctx, void timeout_ctx)
251	{
252	struct wpa_authenticator *wpa_auth = eloop_ctx;
253
254	if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
255	wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
256	"initialization.");
257	} else {
258	wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
259	wpa_hexdump_key(MSG_DEBUG, "GMK",
260	wpa_auth->group->GMK, WPA_GMK_LEN);
261	}
262
263	if (wpa_auth->conf.wpa_gmk_rekey) {
264	eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
265	wpa_rekey_gmk, wpa_auth, NULL);
266	}
267	}
268
269
270	static void wpa_rekey_gtk(void eloop_ctx, void timeout_ctx)
271	{
272	struct wpa_authenticator *wpa_auth = eloop_ctx;
273	struct wpa_group group, next;
274
275	wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
276	group = wpa_auth->group;
277	while (group) {
278	wpa_group_get(wpa_auth, group);
279
280	group->GTKReKey = TRUE;
281	do {
282	group->changed = FALSE;
283	wpa_group_sm_step(wpa_auth, group);
284	} while (group->changed);
285
286	next = group->next;
287	wpa_group_put(wpa_auth, group);
288	group = next;
289	}
290
291	if (wpa_auth->conf.wpa_group_rekey) {
292	eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
293	0, wpa_rekey_gtk, wpa_auth, NULL);
294	}
295	}
296
297
298	static void wpa_rekey_ptk(void eloop_ctx, void timeout_ctx)
299	{
300	struct wpa_authenticator *wpa_auth = eloop_ctx;
301	struct wpa_state_machine *sm = timeout_ctx;
302
303	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
304	wpa_request_new_ptk(sm);
305	wpa_sm_step(sm);
306	}
307
308
309	static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine sm, void ctx)
310	{
311	if (sm->pmksa == ctx)
312	sm->pmksa = NULL;
313	return 0;
314	}
315
316
317	static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
318	void *ctx)
319	{
320	struct wpa_authenticator *wpa_auth = ctx;
321	wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
322	}
323
324
325	static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
326	struct wpa_group *group)
327	{
328	u8 buf[ETH_ALEN + 8 + sizeof(unsigned long)];
329	u8 rkey[32];
330	unsigned long ptr;
331
332	if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
333	return -1;
334	wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
335
336	/*
337	* Counter = PRF-256(Random number, "Init Counter",
338	* Local MAC Address \|\| Time)
339	*/
340	os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
341	wpa_get_ntp_timestamp(buf + ETH_ALEN);
342	ptr = (unsigned long) group;
343	os_memcpy(buf + ETH_ALEN + 8, &ptr, sizeof(ptr));
344	if (random_get_bytes(rkey, sizeof(rkey)) < 0)
345	return -1;
346
347	if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
348	group->Counter, WPA_NONCE_LEN) < 0)
349	return -1;
350	wpa_hexdump_key(MSG_DEBUG, "Key Counter",
351	group->Counter, WPA_NONCE_LEN);
352
353	return 0;
354	}
355
356
357	static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
358	int vlan_id, int delay_init)
359	{
360	struct wpa_group *group;
361
362	group = os_zalloc(sizeof(struct wpa_group));
363	if (group == NULL)
364	return NULL;
365
366	group->GTKAuthenticator = TRUE;
367	group->vlan_id = vlan_id;
368	group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
369
370	if (random_pool_ready() != 1) {
371	wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
372	"for secure operations - update keys later when "
373	"the first station connects");
374	}
375
376	/*
377	* Set initial GMK/Counter value here. The actual values that will be
378	* used in negotiations will be set once the first station tries to
379	* connect. This allows more time for collecting additional randomness
380	* on embedded devices.
381	*/
382	if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
383	wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
384	"initialization.");
385	os_free(group);
386	return NULL;
387	}
388
389	group->GInit = TRUE;
390	if (delay_init) {
391	wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
392	"until Beacon frames have been configured");
393	/* Initialization is completed in wpa_init_keys(). */
394	} else {
395	wpa_group_sm_step(wpa_auth, group);
396	group->GInit = FALSE;
397	wpa_group_sm_step(wpa_auth, group);
398	}
399
400	return group;
401	}
402
403
404	/**
405	* wpa_init - Initialize WPA authenticator
406	* @addr: Authenticator address
407	* @conf: Configuration for WPA authenticator
408	* @cb: Callback functions for WPA authenticator
409	* Returns: Pointer to WPA authenticator data or %NULL on failure
410	*/
411	struct wpa_authenticator * wpa_init(const u8 *addr,
412	struct wpa_auth_config *conf,
413	struct wpa_auth_callbacks *cb)
414	{
415	struct wpa_authenticator *wpa_auth;
416
417	wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
418	if (wpa_auth == NULL)
419	return NULL;
420	os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
421	os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
422	os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
423
424	if (wpa_auth_gen_wpa_ie(wpa_auth)) {
425	wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
426	os_free(wpa_auth);
427	return NULL;
428	}
429
430	wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
431	if (wpa_auth->group == NULL) {
432	os_free(wpa_auth->wpa_ie);
433	os_free(wpa_auth);
434	return NULL;
435	}
436
437	wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
438	wpa_auth);
439	if (wpa_auth->pmksa == NULL) {
440	wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
441	os_free(wpa_auth->group);
442	os_free(wpa_auth->wpa_ie);
443	os_free(wpa_auth);
444	return NULL;
445	}
446
447	#ifdef CONFIG_IEEE80211R
448	wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
449	if (wpa_auth->ft_pmk_cache == NULL) {
450	wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
451	os_free(wpa_auth->group);
452	os_free(wpa_auth->wpa_ie);
453	pmksa_cache_auth_deinit(wpa_auth->pmksa);
454	os_free(wpa_auth);
455	return NULL;
456	}
457	#endif /* CONFIG_IEEE80211R */
458
459	if (wpa_auth->conf.wpa_gmk_rekey) {
460	eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
461	wpa_rekey_gmk, wpa_auth, NULL);
462	}
463
464	if (wpa_auth->conf.wpa_group_rekey) {
465	eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
466	wpa_rekey_gtk, wpa_auth, NULL);
467	}
468
469	#ifdef CONFIG_P2P
470	if (WPA_GET_BE32(conf->ip_addr_start)) {
471	int count = WPA_GET_BE32(conf->ip_addr_end) -
472	WPA_GET_BE32(conf->ip_addr_start) + 1;
473	if (count > 1000)
474	count = 1000;
475	if (count > 0)
476	wpa_auth->ip_pool = bitfield_alloc(count);
477	}
478	#endif /* CONFIG_P2P */
479
480	return wpa_auth;
481	}
482
483
484	int wpa_init_keys(struct wpa_authenticator *wpa_auth)
485	{
486	struct wpa_group *group = wpa_auth->group;
487
488	wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
489	"keys");
490	wpa_group_sm_step(wpa_auth, group);
491	group->GInit = FALSE;
492	wpa_group_sm_step(wpa_auth, group);
493	if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
494	return -1;
495	return 0;
496	}
497
498
499	/**
500	* wpa_deinit - Deinitialize WPA authenticator
501	* @wpa_auth: Pointer to WPA authenticator data from wpa_init()
502	*/
503	void wpa_deinit(struct wpa_authenticator *wpa_auth)
504	{
505	struct wpa_group group, prev;
506
507	eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
508	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
509
510	#ifdef CONFIG_PEERKEY
511	while (wpa_auth->stsl_negotiations)
512	wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
513	#endif /* CONFIG_PEERKEY */
514
515	pmksa_cache_auth_deinit(wpa_auth->pmksa);
516
517	#ifdef CONFIG_IEEE80211R
518	wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
519	wpa_auth->ft_pmk_cache = NULL;
520	#endif /* CONFIG_IEEE80211R */
521
522	#ifdef CONFIG_P2P
523	bitfield_free(wpa_auth->ip_pool);
524	#endif /* CONFIG_P2P */
525
526
527	os_free(wpa_auth->wpa_ie);
528
529	group = wpa_auth->group;
530	while (group) {
531	prev = group;
532	group = group->next;
533	os_free(prev);
534	}
535
536	os_free(wpa_auth);
537	}
538
539
540	/**
541	* wpa_reconfig - Update WPA authenticator configuration
542	* @wpa_auth: Pointer to WPA authenticator data from wpa_init()
543	* @conf: Configuration for WPA authenticator
544	*/
545	int wpa_reconfig(struct wpa_authenticator *wpa_auth,
546	struct wpa_auth_config *conf)
547	{
548	struct wpa_group *group;
549	if (wpa_auth == NULL)
550	return 0;
551
552	os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
553	if (wpa_auth_gen_wpa_ie(wpa_auth)) {
554	wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
555	return -1;
556	}
557
558	/*
559	* Reinitialize GTK to make sure it is suitable for the new
560	* configuration.
561	*/
562	group = wpa_auth->group;
563	group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
564	group->GInit = TRUE;
565	wpa_group_sm_step(wpa_auth, group);
566	group->GInit = FALSE;
567	wpa_group_sm_step(wpa_auth, group);
568
569	return 0;
570	}
571
572
573	struct wpa_state_machine *
574	wpa_auth_sta_init(struct wpa_authenticator wpa_auth, const u8 addr,
575	const u8 *p2p_dev_addr)
576	{
577	struct wpa_state_machine *sm;
578
579	if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
580	return NULL;
581
582	sm = os_zalloc(sizeof(struct wpa_state_machine));
583	if (sm == NULL)
584	return NULL;
585	os_memcpy(sm->addr, addr, ETH_ALEN);
586	if (p2p_dev_addr)
587	os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
588
589	sm->wpa_auth = wpa_auth;
590	sm->group = wpa_auth->group;
591	wpa_group_get(sm->wpa_auth, sm->group);
592
593	return sm;
594	}
595
596
597	int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
598	struct wpa_state_machine *sm)
599	{
600	if (wpa_auth == NULL \|\| !wpa_auth->conf.wpa \|\| sm == NULL)
601	return -1;
602
603	#ifdef CONFIG_IEEE80211R
604	if (sm->ft_completed) {
605	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
606	"FT authentication already completed - do not "
607	"start 4-way handshake");
608	/* Go to PTKINITDONE state to allow GTK rekeying */
609	sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
610	return 0;
611	}
612	#endif /* CONFIG_IEEE80211R */
613
614	if (sm->started) {
615	os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
616	sm->ReAuthenticationRequest = TRUE;
617	return wpa_sm_step(sm);
618	}
619
620	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
621	"start authentication");
622	sm->started = 1;
623
624	sm->Init = TRUE;
625	if (wpa_sm_step(sm) == 1)
626	return 1; /* should not really happen */
627	sm->Init = FALSE;
628	sm->AuthenticationRequest = TRUE;
629	return wpa_sm_step(sm);
630	}
631
632
633	void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
634	{
635	/* WPA/RSN was not used - clear WPA state. This is needed if the STA
636	* reassociates back to the same AP while the previous entry for the
637	* STA has not yet been removed. */
638	if (sm == NULL)
639	return;
640
641	sm->wpa_key_mgmt = 0;
642	}
643
644
645	static void wpa_free_sta_sm(struct wpa_state_machine *sm)
646	{
647	#ifdef CONFIG_P2P
648	if (WPA_GET_BE32(sm->ip_addr)) {
649	u32 start;
650	wpa_printf(MSG_DEBUG, "P2P: Free assigned IP "
651	"address %u.%u.%u.%u from " MACSTR,
652	sm->ip_addr[0], sm->ip_addr[1],
653	sm->ip_addr[2], sm->ip_addr[3],
654	MAC2STR(sm->addr));
655	start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
656	bitfield_clear(sm->wpa_auth->ip_pool,
657	WPA_GET_BE32(sm->ip_addr) - start);
658	}
659	#endif /* CONFIG_P2P */
660	if (sm->GUpdateStationKeys) {
661	sm->group->GKeyDoneStations--;
662	sm->GUpdateStationKeys = FALSE;
663	}
664	#ifdef CONFIG_IEEE80211R
665	os_free(sm->assoc_resp_ftie);
666	wpabuf_free(sm->ft_pending_req_ies);
667	#endif /* CONFIG_IEEE80211R */
668	os_free(sm->last_rx_eapol_key);
669	os_free(sm->wpa_ie);
670	wpa_group_put(sm->wpa_auth, sm->group);
671	os_free(sm);
672	}
673
674
675	void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
676	{
677	if (sm == NULL)
678	return;
679
680	if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
681	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
682	"strict rekeying - force GTK rekey since STA "
683	"is leaving");
684	eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
685	eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
686	NULL);
687	}
688
689	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
690	sm->pending_1_of_4_timeout = 0;
691	eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
692	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
693	if (sm->in_step_loop) {
694	/* Must not free state machine while wpa_sm_step() is running.
695	* Freeing will be completed in the end of wpa_sm_step(). */
696	wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
697	"machine deinit for " MACSTR, MAC2STR(sm->addr));
698	sm->pending_deinit = 1;
699	} else
700	wpa_free_sta_sm(sm);
701	}
702
703
704	static void wpa_request_new_ptk(struct wpa_state_machine *sm)
705	{
706	if (sm == NULL)
707	return;
708
709	sm->PTKRequest = TRUE;
710	sm->PTK_valid = 0;
711	}
712
713
714	static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
715	const u8 *replay_counter)
716	{
717	int i;
718	for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
719	if (!ctr[i].valid)
720	break;
721	if (os_memcmp(replay_counter, ctr[i].counter,
722	WPA_REPLAY_COUNTER_LEN) == 0)
723	return 1;
724	}
725	return 0;
726	}
727
728
729	static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
730	const u8 *replay_counter)
731	{
732	int i;
733	for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
734	if (ctr[i].valid &&
735	(replay_counter == NULL \|\|
736	os_memcmp(replay_counter, ctr[i].counter,
737	WPA_REPLAY_COUNTER_LEN) == 0))
738	ctr[i].valid = FALSE;
739	}
740	}
741
742
743	#ifdef CONFIG_IEEE80211R
744	static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
745	struct wpa_state_machine *sm,
746	struct wpa_eapol_ie_parse *kde)
747	{
748	struct wpa_ie_data ie;
749	struct rsn_mdie *mdie;
750
751	if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 \|\|
752	ie.num_pmkid != 1 \|\| ie.pmkid == NULL) {
753	wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
754	"FT 4-way handshake message 2/4");
755	return -1;
756	}
757
758	os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
759	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
760	sm->sup_pmk_r1_name, PMKID_LEN);
761
762	if (!kde->mdie \|\| !kde->ftie) {
763	wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
764	"message 2/4", kde->mdie ? "FTIE" : "MDIE");
765	return -1;
766	}
767
768	mdie = (struct rsn_mdie *) (kde->mdie + 2);
769	if (kde->mdie[1] < sizeof(struct rsn_mdie) \|\|
770	os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
771	MOBILITY_DOMAIN_ID_LEN) != 0) {
772	wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
773	return -1;
774	}
775
776	if (sm->assoc_resp_ftie &&
777	(kde->ftie[1] != sm->assoc_resp_ftie[1] \|\|
778	os_memcmp(kde->ftie, sm->assoc_resp_ftie,
779	2 + sm->assoc_resp_ftie[1]) != 0)) {
780	wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
781	wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
782	kde->ftie, kde->ftie_len);
783	wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
784	sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
785	return -1;
786	}
787
788	return 0;
789	}
790	#endif /* CONFIG_IEEE80211R */
791
792
793	static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
794	struct wpa_state_machine *sm, int group)
795	{
796	/* Supplicant reported a Michael MIC error */
797	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
798	"received EAPOL-Key Error Request "
799	"(STA detected Michael MIC failure (group=%d))",
800	group);
801
802	if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
803	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
804	"ignore Michael MIC failure report since "
805	"group cipher is not TKIP");
806	} else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
807	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
808	"ignore Michael MIC failure report since "
809	"pairwise cipher is not TKIP");
810	} else {
811	if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
812	return 1; /* STA entry was removed */
813	sm->dot11RSNAStatsTKIPRemoteMICFailures++;
814	wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
815	}
816
817	/*
818	* Error report is not a request for a new key handshake, but since
819	* Authenticator may do it, let's change the keys now anyway.
820	*/
821	wpa_request_new_ptk(sm);
822	return 0;
823	}
824
825
826	static int wpa_try_alt_snonce(struct wpa_state_machine sm, u8 data,
827	size_t data_len)
828	{
829	struct wpa_ptk PTK;
830	int ok = 0;
831	const u8 *pmk = NULL;
832
833	for (;;) {
834	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
835	pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
836	sm->p2p_dev_addr, pmk);
837	if (pmk == NULL)
838	break;
839	} else
840	pmk = sm->PMK;
841
842	wpa_derive_ptk(sm, sm->alt_SNonce, pmk, &PTK);
843
844	if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, data, data_len)
845	== 0) {
846	ok = 1;
847	break;
848	}
849
850	if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
851	break;
852	}
853
854	if (!ok) {
855	wpa_printf(MSG_DEBUG,
856	"WPA: Earlier SNonce did not result in matching MIC");
857	return -1;
858	}
859
860	wpa_printf(MSG_DEBUG,
861	"WPA: Earlier SNonce resulted in matching MIC");
862	sm->alt_snonce_valid = 0;
863	os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
864	os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
865	sm->PTK_valid = TRUE;
866
867	return 0;
868	}
869
870
871	void wpa_receive(struct wpa_authenticator *wpa_auth,
872	struct wpa_state_machine *sm,
873	u8 *data, size_t data_len)
874	{
875	struct ieee802_1x_hdr *hdr;
876	struct wpa_eapol_key *key;
877	struct wpa_eapol_key_192 *key192;
878	u16 key_info, key_data_length;
879	enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
880	SMK_M1, SMK_M3, SMK_ERROR } msg;
881	char *msgtxt;
882	struct wpa_eapol_ie_parse kde;
883	int ft;
884	const u8 eapol_key_ie, key_data;
885	size_t eapol_key_ie_len, keyhdrlen, mic_len;
886
887	if (wpa_auth == NULL \|\| !wpa_auth->conf.wpa \|\| sm == NULL)
888	return;
889
890	mic_len = wpa_mic_len(sm->wpa_key_mgmt);
891	keyhdrlen = mic_len == 24 ? sizeof(key192) : sizeof(key);
892
893	if (data_len < sizeof(*hdr) + keyhdrlen)
894	return;
895
896	hdr = (struct ieee802_1x_hdr *) data;
897	key = (struct wpa_eapol_key *) (hdr + 1);
898	key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
899	key_info = WPA_GET_BE16(key->key_info);
900	if (mic_len == 24) {
901	key_data = (const u8 *) (key192 + 1);
902	key_data_length = WPA_GET_BE16(key192->key_data_length);
903	} else {
904	key_data = (const u8 *) (key + 1);
905	key_data_length = WPA_GET_BE16(key->key_data_length);
906	}
907	wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
908	" key_info=0x%x type=%u key_data_length=%u",
909	MAC2STR(sm->addr), key_info, key->type, key_data_length);
910	if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
911	wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
912	"key_data overflow (%d > %lu)",
913	key_data_length,
914	(unsigned long) (data_len - sizeof(*hdr) -
915	keyhdrlen));
916	return;
917	}
918
919	if (sm->wpa == WPA_VERSION_WPA2) {
920	if (key->type == EAPOL_KEY_TYPE_WPA) {
921	/*
922	* Some deployed station implementations seem to send
923	* msg 4/4 with incorrect type value in WPA2 mode.
924	*/
925	wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
926	"with unexpected WPA type in RSN mode");
927	} else if (key->type != EAPOL_KEY_TYPE_RSN) {
928	wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
929	"unexpected type %d in RSN mode",
930	key->type);
931	return;
932	}
933	} else {
934	if (key->type != EAPOL_KEY_TYPE_WPA) {
935	wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
936	"unexpected type %d in WPA mode",
937	key->type);
938	return;
939	}
940	}
941
942	wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
943	WPA_NONCE_LEN);
944	wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
945	key->replay_counter, WPA_REPLAY_COUNTER_LEN);
946
947	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
948	* are set */
949
950	if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE \| WPA_KEY_INFO_REQUEST)) ==
951	(WPA_KEY_INFO_SMK_MESSAGE \| WPA_KEY_INFO_REQUEST)) {
952	if (key_info & WPA_KEY_INFO_ERROR) {
953	msg = SMK_ERROR;
954	msgtxt = "SMK Error";
955	} else {
956	msg = SMK_M1;
957	msgtxt = "SMK M1";
958	}
959	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
960	msg = SMK_M3;
961	msgtxt = "SMK M3";
962	} else if (key_info & WPA_KEY_INFO_REQUEST) {
963	msg = REQUEST;
964	msgtxt = "Request";
965	} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
966	msg = GROUP_2;
967	msgtxt = "2/2 Group";
968	} else if (key_data_length == 0) {
969	msg = PAIRWISE_4;
970	msgtxt = "4/4 Pairwise";
971	} else {
972	msg = PAIRWISE_2;
973	msgtxt = "2/4 Pairwise";
974	}
975
976	/* TODO: key_info type validation for PeerKey */
977	if (msg == REQUEST \|\| msg == PAIRWISE_2 \|\| msg == PAIRWISE_4 \|\|
978	msg == GROUP_2) {
979	u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
980	if (sm->pairwise == WPA_CIPHER_CCMP \|\|
981	sm->pairwise == WPA_CIPHER_GCMP) {
982	if (wpa_use_aes_cmac(sm) &&
983	sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
984	!wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
985	ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
986	wpa_auth_logger(wpa_auth, sm->addr,
987	LOGGER_WARNING,
988	"advertised support for "
989	"AES-128-CMAC, but did not "
990	"use it");
991	return;
992	}
993
994	if (!wpa_use_aes_cmac(sm) &&
995	ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
996	wpa_auth_logger(wpa_auth, sm->addr,
997	LOGGER_WARNING,
998	"did not use HMAC-SHA1-AES "
999	"with CCMP/GCMP");
1000	return;
1001	}
1002	}
1003
1004	if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
1005	ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1006	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1007	"did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1008	return;
1009	}
1010	}
1011
1012	if (key_info & WPA_KEY_INFO_REQUEST) {
1013	if (sm->req_replay_counter_used &&
1014	os_memcmp(key->replay_counter, sm->req_replay_counter,
1015	WPA_REPLAY_COUNTER_LEN) <= 0) {
1016	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1017	"received EAPOL-Key request with "
1018	"replayed counter");
1019	return;
1020	}
1021	}
1022
1023	if (!(key_info & WPA_KEY_INFO_REQUEST) &&
1024	!wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
1025	int i;
1026
1027	if (msg == PAIRWISE_2 &&
1028	wpa_replay_counter_valid(sm->prev_key_replay,
1029	key->replay_counter) &&
1030	sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1031	os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
1032	{
1033	/*
1034	* Some supplicant implementations (e.g., Windows XP
1035	* WZC) update SNonce for each EAPOL-Key 2/4. This
1036	* breaks the workaround on accepting any of the
1037	* pending requests, so allow the SNonce to be updated
1038	* even if we have already sent out EAPOL-Key 3/4.
1039	*/
1040	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1041	"Process SNonce update from STA "
1042	"based on retransmitted EAPOL-Key "
1043	"1/4");
1044	sm->update_snonce = 1;
1045	os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1046	sm->alt_snonce_valid = TRUE;
1047	os_memcpy(sm->alt_replay_counter,
1048	sm->key_replay[0].counter,
1049	WPA_REPLAY_COUNTER_LEN);
1050	goto continue_processing;
1051	}
1052
1053	if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1054	sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1055	os_memcmp(key->replay_counter, sm->alt_replay_counter,
1056	WPA_REPLAY_COUNTER_LEN) == 0) {
1057	/*
1058	* Supplicant may still be using the old SNonce since
1059	* there was two EAPOL-Key 2/4 messages and they had
1060	* different SNonce values.
1061	*/
1062	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1063	"Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
1064	goto continue_processing;
1065	}
1066
1067	if (msg == PAIRWISE_2 &&
1068	wpa_replay_counter_valid(sm->prev_key_replay,
1069	key->replay_counter) &&
1070	sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1071	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1072	"ignore retransmitted EAPOL-Key %s - "
1073	"SNonce did not change", msgtxt);
1074	} else {
1075	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1076	"received EAPOL-Key %s with "
1077	"unexpected replay counter", msgtxt);
1078	}
1079	for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
1080	if (!sm->key_replay[i].valid)
1081	break;
1082	wpa_hexdump(MSG_DEBUG, "pending replay counter",
1083	sm->key_replay[i].counter,
1084	WPA_REPLAY_COUNTER_LEN);
1085	}
1086	wpa_hexdump(MSG_DEBUG, "received replay counter",
1087	key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1088	return;
1089	}
1090
1091	continue_processing:
1092	switch (msg) {
1093	case PAIRWISE_2:
1094	if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
1095	sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1096	(!sm->update_snonce \|\|
1097	sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
1098	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1099	"received EAPOL-Key msg 2/4 in "
1100	"invalid state (%d) - dropped",
1101	sm->wpa_ptk_state);
1102	return;
1103	}
1104	random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
1105	if (sm->group->reject_4way_hs_for_entropy) {
1106	/*
1107	* The system did not have enough entropy to generate
1108	* strong random numbers. Reject the first 4-way
1109	* handshake(s) and collect some entropy based on the
1110	* information from it. Once enough entropy is
1111	* available, the next atempt will trigger GMK/Key
1112	* Counter update and the station will be allowed to
1113	* continue.
1114	*/
1115	wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
1116	"collect more entropy for random number "
1117	"generation");
1118	random_mark_pool_ready();
1119	wpa_sta_disconnect(wpa_auth, sm->addr);
1120	return;
1121	}
1122	if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
1123	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1124	"received EAPOL-Key msg 2/4 with "
1125	"invalid Key Data contents");
1126	return;
1127	}
1128	if (kde.rsn_ie) {
1129	eapol_key_ie = kde.rsn_ie;
1130	eapol_key_ie_len = kde.rsn_ie_len;
1131	} else if (kde.osen) {
1132	eapol_key_ie = kde.osen;
1133	eapol_key_ie_len = kde.osen_len;
1134	} else {
1135	eapol_key_ie = kde.wpa_ie;
1136	eapol_key_ie_len = kde.wpa_ie_len;
1137	}
1138	ft = sm->wpa == WPA_VERSION_WPA2 &&
1139	wpa_key_mgmt_ft(sm->wpa_key_mgmt);
1140	if (sm->wpa_ie == NULL \|\|
1141	wpa_compare_rsn_ie(ft,
1142	sm->wpa_ie, sm->wpa_ie_len,
1143	eapol_key_ie, eapol_key_ie_len)) {
1144	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1145	"WPA IE from (Re)AssocReq did not "
1146	"match with msg 2/4");
1147	if (sm->wpa_ie) {
1148	wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
1149	sm->wpa_ie, sm->wpa_ie_len);
1150	}
1151	wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
1152	eapol_key_ie, eapol_key_ie_len);
1153	/* MLME-DEAUTHENTICATE.request */
1154	wpa_sta_disconnect(wpa_auth, sm->addr);
1155	return;
1156	}
1157	#ifdef CONFIG_IEEE80211R
1158	if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
1159	wpa_sta_disconnect(wpa_auth, sm->addr);
1160	return;
1161	}
1162	#endif /* CONFIG_IEEE80211R */
1163	#ifdef CONFIG_P2P
1164	if (kde.ip_addr_req && kde.ip_addr_req[0] &&
1165	wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
1166	int idx;
1167	wpa_printf(MSG_DEBUG, "P2P: IP address requested in "
1168	"EAPOL-Key exchange");
1169	idx = bitfield_get_first_zero(wpa_auth->ip_pool);
1170	if (idx >= 0) {
1171	u32 start = WPA_GET_BE32(wpa_auth->conf.
1172	ip_addr_start);
1173	bitfield_set(wpa_auth->ip_pool, idx);
1174	WPA_PUT_BE32(sm->ip_addr, start + idx);
1175	wpa_printf(MSG_DEBUG, "P2P: Assigned IP "
1176	"address %u.%u.%u.%u to " MACSTR,
1177	sm->ip_addr[0], sm->ip_addr[1],
1178	sm->ip_addr[2], sm->ip_addr[3],
1179	MAC2STR(sm->addr));
1180	}
1181	}
1182	#endif /* CONFIG_P2P */
1183	break;
1184	case PAIRWISE_4:
1185	if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING \|\|
1186	!sm->PTK_valid) {
1187	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1188	"received EAPOL-Key msg 4/4 in "
1189	"invalid state (%d) - dropped",
1190	sm->wpa_ptk_state);
1191	return;
1192	}
1193	break;
1194	case GROUP_2:
1195	if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1196	\|\| !sm->PTK_valid) {
1197	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1198	"received EAPOL-Key msg 2/2 in "
1199	"invalid state (%d) - dropped",
1200	sm->wpa_ptk_group_state);
1201	return;
1202	}
1203	break;
1204	#ifdef CONFIG_PEERKEY
1205	case SMK_M1:
1206	case SMK_M3:
1207	case SMK_ERROR:
1208	if (!wpa_auth->conf.peerkey) {
1209	wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
1210	"PeerKey use disabled - ignoring message");
1211	return;
1212	}
1213	if (!sm->PTK_valid) {
1214	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1215	"received EAPOL-Key msg SMK in "
1216	"invalid state - dropped");
1217	return;
1218	}
1219	break;
1220	#else /* CONFIG_PEERKEY */
1221	case SMK_M1:
1222	case SMK_M3:
1223	case SMK_ERROR:
1224	return; /* STSL disabled - ignore SMK messages */
1225	#endif /* CONFIG_PEERKEY */
1226	case REQUEST:
1227	break;
1228	}
1229
1230	wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1231	"received EAPOL-Key frame (%s)", msgtxt);
1232
1233	if (key_info & WPA_KEY_INFO_ACK) {
1234	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1235	"received invalid EAPOL-Key: Key Ack set");
1236	return;
1237	}
1238
1239	if (!(key_info & WPA_KEY_INFO_MIC)) {
1240	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1241	"received invalid EAPOL-Key: Key MIC not set");
1242	return;
1243	}
1244
1245	sm->MICVerified = FALSE;
1246	if (sm->PTK_valid && !sm->update_snonce) {
1247	if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
1248	data_len) &&
1249	(msg != PAIRWISE_4 \|\| !sm->alt_snonce_valid \|\|
1250	wpa_try_alt_snonce(sm, data, data_len))) {
1251	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1252	"received EAPOL-Key with invalid MIC");
1253	return;
1254	}
1255	sm->MICVerified = TRUE;
1256	eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1257	sm->pending_1_of_4_timeout = 0;
1258	}
1259
1260	if (key_info & WPA_KEY_INFO_REQUEST) {
1261	if (sm->MICVerified) {
1262	sm->req_replay_counter_used = 1;
1263	os_memcpy(sm->req_replay_counter, key->replay_counter,
1264	WPA_REPLAY_COUNTER_LEN);
1265	} else {
1266	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1267	"received EAPOL-Key request with "
1268	"invalid MIC");
1269	return;
1270	}
1271
1272	/*
1273	* TODO: should decrypt key data field if encryption was used;
1274	* even though MAC address KDE is not normally encrypted,
1275	* supplicant is allowed to encrypt it.
1276	*/
1277	if (msg == SMK_ERROR) {
1278	#ifdef CONFIG_PEERKEY
1279	wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
1280	#endif /* CONFIG_PEERKEY */
1281	return;
1282	} else if (key_info & WPA_KEY_INFO_ERROR) {
1283	if (wpa_receive_error_report(
1284	wpa_auth, sm,
1285	!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
1286	return; /* STA entry was removed */
1287	} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1288	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1289	"received EAPOL-Key Request for new "
1290	"4-Way Handshake");
1291	wpa_request_new_ptk(sm);
1292	#ifdef CONFIG_PEERKEY
1293	} else if (msg == SMK_M1) {
1294	wpa_smk_m1(wpa_auth, sm, key, key_data,
1295	key_data_length);
1296	#endif /* CONFIG_PEERKEY */
1297	} else if (key_data_length > 0 &&
1298	wpa_parse_kde_ies(key_data, key_data_length,
1299	&kde) == 0 &&
1300	kde.mac_addr) {
1301	} else {
1302	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1303	"received EAPOL-Key Request for GTK "
1304	"rekeying");
1305	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1306	wpa_rekey_gtk(wpa_auth, NULL);
1307	}
1308	} else {
1309	/* Do not allow the same key replay counter to be reused. */
1310	wpa_replay_counter_mark_invalid(sm->key_replay,
1311	key->replay_counter);
1312
1313	if (msg == PAIRWISE_2) {
1314	/*
1315	* Maintain a copy of the pending EAPOL-Key frames in
1316	* case the EAPOL-Key frame was retransmitted. This is
1317	* needed to allow EAPOL-Key msg 2/4 reply to another
1318	* pending msg 1/4 to update the SNonce to work around
1319	* unexpected supplicant behavior.
1320	*/
1321	os_memcpy(sm->prev_key_replay, sm->key_replay,
1322	sizeof(sm->key_replay));
1323	} else {
1324	os_memset(sm->prev_key_replay, 0,
1325	sizeof(sm->prev_key_replay));
1326	}
1327
1328	/*
1329	* Make sure old valid counters are not accepted anymore and
1330	* do not get copied again.
1331	*/
1332	wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1333	}
1334
1335	#ifdef CONFIG_PEERKEY
1336	if (msg == SMK_M3) {
1337	wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
1338	return;
1339	}
1340	#endif /* CONFIG_PEERKEY */
1341
1342	os_free(sm->last_rx_eapol_key);
1343	sm->last_rx_eapol_key = os_malloc(data_len);
1344	if (sm->last_rx_eapol_key == NULL)
1345	return;
1346	os_memcpy(sm->last_rx_eapol_key, data, data_len);
1347	sm->last_rx_eapol_key_len = data_len;
1348
1349	sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1350	sm->EAPOLKeyReceived = TRUE;
1351	sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1352	sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1353	os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1354	wpa_sm_step(sm);
1355	}
1356
1357
1358	static int wpa_gmk_to_gtk(const u8 gmk, const char label, const u8 *addr,
1359	const u8 gnonce, u8 gtk, size_t gtk_len)
1360	{
1361	u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1362	u8 *pos;
1363	int ret = 0;
1364
1365	/* GTK = PRF-X(GMK, "Group key expansion",
1366	* AA \|\| GNonce \|\| Time \|\| random data)
1367	* The example described in the IEEE 802.11 standard uses only AA and
1368	* GNonce as inputs here. Add some more entropy since this derivation
1369	* is done only at the Authenticator and as such, does not need to be
1370	* exactly same.
1371	*/
1372	os_memcpy(data, addr, ETH_ALEN);
1373	os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1374	pos = data + ETH_ALEN + WPA_NONCE_LEN;
1375	wpa_get_ntp_timestamp(pos);
1376	pos += 8;
1377	if (random_get_bytes(pos, 16) < 0)
1378	ret = -1;
1379
1380	#ifdef CONFIG_IEEE80211W
1381	sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
1382	#else /* CONFIG_IEEE80211W */
1383	if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1384	< 0)
1385	ret = -1;
1386	#endif /* CONFIG_IEEE80211W */
1387
1388	return ret;
1389	}
1390
1391
1392	static void wpa_send_eapol_timeout(void eloop_ctx, void timeout_ctx)
1393	{
1394	struct wpa_authenticator *wpa_auth = eloop_ctx;
1395	struct wpa_state_machine *sm = timeout_ctx;
1396
1397	sm->pending_1_of_4_timeout = 0;
1398	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1399	sm->TimeoutEvt = TRUE;
1400	wpa_sm_step(sm);
1401	}
1402
1403
1404	void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1405	struct wpa_state_machine *sm, int key_info,
1406	const u8 key_rsc, const u8 nonce,
1407	const u8 *kde, size_t kde_len,
1408	int keyidx, int encr, int force_version)
1409	{
1410	struct ieee802_1x_hdr *hdr;
1411	struct wpa_eapol_key *key;
1412	struct wpa_eapol_key_192 *key192;
1413	size_t len, mic_len, keyhdrlen;
1414	int alg;
1415	int key_data_len, pad_len = 0;
1416	u8 buf, pos;
1417	int version, pairwise;
1418	int i;
1419	u8 *key_data;
1420
1421	mic_len = wpa_mic_len(sm->wpa_key_mgmt);
1422	keyhdrlen = mic_len == 24 ? sizeof(key192) : sizeof(key);
1423
1424	len = sizeof(struct ieee802_1x_hdr) + keyhdrlen;
1425
1426	if (force_version)
1427	version = force_version;
1428	else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN \|\|
1429	wpa_key_mgmt_suite_b(sm->wpa_key_mgmt))
1430	version = WPA_KEY_INFO_TYPE_AKM_DEFINED;
1431	else if (wpa_use_aes_cmac(sm))
1432	version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1433	else if (sm->pairwise != WPA_CIPHER_TKIP)
1434	version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1435	else
1436	version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1437
1438	pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1439
1440	wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1441	"ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1442	"encr=%d)",
1443	version,
1444	(key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1445	(key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1446	(key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1447	(key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1448	pairwise, (unsigned long) kde_len, keyidx, encr);
1449
1450	key_data_len = kde_len;
1451
1452	if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES \|\|
1453	sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN \|\|
1454	wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) \|\|
1455	version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1456	pad_len = key_data_len % 8;
1457	if (pad_len)
1458	pad_len = 8 - pad_len;
1459	key_data_len += pad_len + 8;
1460	}
1461
1462	len += key_data_len;
1463
1464	hdr = os_zalloc(len);
1465	if (hdr == NULL)
1466	return;
1467	hdr->version = wpa_auth->conf.eapol_version;
1468	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1469	hdr->length = host_to_be16(len - sizeof(*hdr));
1470	key = (struct wpa_eapol_key *) (hdr + 1);
1471	key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
1472	key_data = ((u8 *) (hdr + 1)) + keyhdrlen;
1473
1474	key->type = sm->wpa == WPA_VERSION_WPA2 ?
1475	EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1476	key_info \|= version;
1477	if (encr && sm->wpa == WPA_VERSION_WPA2)
1478	key_info \|= WPA_KEY_INFO_ENCR_KEY_DATA;
1479	if (sm->wpa != WPA_VERSION_WPA2)
1480	key_info \|= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1481	WPA_PUT_BE16(key->key_info, key_info);
1482
1483	alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1484	WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
1485	if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1486	WPA_PUT_BE16(key->key_length, 0);
1487
1488	/* FIX: STSL: what to use as key_replay_counter? */
1489	for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1490	sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1491	os_memcpy(sm->key_replay[i].counter,
1492	sm->key_replay[i - 1].counter,
1493	WPA_REPLAY_COUNTER_LEN);
1494	}
1495	inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1496	os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1497	WPA_REPLAY_COUNTER_LEN);
1498	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter",
1499	key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1500	sm->key_replay[0].valid = TRUE;
1501
1502	if (nonce)
1503	os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1504
1505	if (key_rsc)
1506	os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1507
1508	if (kde && !encr) {
1509	os_memcpy(key_data, kde, kde_len);
1510	if (mic_len == 24)
1511	WPA_PUT_BE16(key192->key_data_length, kde_len);
1512	else
1513	WPA_PUT_BE16(key->key_data_length, kde_len);
1514	} else if (encr && kde) {
1515	buf = os_zalloc(key_data_len);
1516	if (buf == NULL) {
1517	os_free(hdr);
1518	return;
1519	}
1520	pos = buf;
1521	os_memcpy(pos, kde, kde_len);
1522	pos += kde_len;
1523
1524	if (pad_len)
1525	*pos++ = 0xdd;
1526
1527	wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1528	buf, key_data_len);
1529	if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES \|\|
1530	sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN \|\|
1531	wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) \|\|
1532	version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1533	if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
1534	(key_data_len - 8) / 8, buf, key_data)) {
1535	os_free(hdr);
1536	os_free(buf);
1537	return;
1538	}
1539	if (mic_len == 24)
1540	WPA_PUT_BE16(key192->key_data_length,
1541	key_data_len);
1542	else
1543	WPA_PUT_BE16(key->key_data_length,
1544	key_data_len);
1545	#ifndef CONFIG_NO_RC4
1546	} else if (sm->PTK.kek_len == 16) {
1547	u8 ek[32];
1548	os_memcpy(key->key_iv,
1549	sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1550	inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1551	os_memcpy(ek, key->key_iv, 16);
1552	os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
1553	os_memcpy(key_data, buf, key_data_len);
1554	rc4_skip(ek, 32, 256, key_data, key_data_len);
1555	if (mic_len == 24)
1556	WPA_PUT_BE16(key192->key_data_length,
1557	key_data_len);
1558	else
1559	WPA_PUT_BE16(key->key_data_length,
1560	key_data_len);
1561	#endif /* CONFIG_NO_RC4 */
1562	} else {
1563	os_free(hdr);
1564	os_free(buf);
1565	return;
1566	}
1567	os_free(buf);
1568	}
1569
1570	if (key_info & WPA_KEY_INFO_MIC) {
1571	u8 *key_mic;
1572
1573	if (!sm->PTK_valid) {
1574	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1575	"PTK not valid when sending EAPOL-Key "
1576	"frame");
1577	os_free(hdr);
1578	return;
1579	}
1580
1581	key_mic = key192->key_mic; /* same offset for key and key192 */
1582	wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
1583	sm->wpa_key_mgmt, version,
1584	(u8 *) hdr, len, key_mic);
1585	#ifdef CONFIG_TESTING_OPTIONS
1586	if (!pairwise &&
1587	wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
1588	drand48() <
1589	wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1590	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1591	"Corrupting group EAPOL-Key Key MIC");
1592	key_mic[0]++;
1593	}
1594	#endif /* CONFIG_TESTING_OPTIONS */
1595	}
1596
1597	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1598	1);
1599	wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1600	sm->pairwise_set);
1601	os_free(hdr);
1602	}
1603
1604
1605	static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1606	struct wpa_state_machine *sm, int key_info,
1607	const u8 key_rsc, const u8 nonce,
1608	const u8 *kde, size_t kde_len,
1609	int keyidx, int encr)
1610	{
1611	int timeout_ms;
1612	int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1613	int ctr;
1614
1615	if (sm == NULL)
1616	return;
1617
1618	__wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1619	keyidx, encr, 0);
1620
1621	ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1622	if (ctr == 1 && wpa_auth->conf.tx_status)
1623	timeout_ms = pairwise ? eapol_key_timeout_first :
1624	eapol_key_timeout_first_group;
1625	else
1626	timeout_ms = eapol_key_timeout_subseq;
1627	if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
1628	sm->pending_1_of_4_timeout = 1;
1629	wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
1630	"counter %d)", timeout_ms, ctr);
1631	eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1632	wpa_send_eapol_timeout, wpa_auth, sm);
1633	}
1634
1635
1636	static int wpa_verify_key_mic(int akmp, struct wpa_ptk PTK, u8 data,
1637	size_t data_len)
1638	{
1639	struct ieee802_1x_hdr *hdr;
1640	struct wpa_eapol_key *key;
1641	struct wpa_eapol_key_192 *key192;
1642	u16 key_info;
1643	int ret = 0;
1644	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1645	size_t mic_len = wpa_mic_len(akmp);
1646
1647	if (data_len < sizeof(hdr) + sizeof(key))
1648	return -1;
1649
1650	hdr = (struct ieee802_1x_hdr *) data;
1651	key = (struct wpa_eapol_key *) (hdr + 1);
1652	key192 = (struct wpa_eapol_key_192 *) (hdr + 1);
1653	key_info = WPA_GET_BE16(key->key_info);
1654	os_memcpy(mic, key192->key_mic, mic_len);
1655	os_memset(key192->key_mic, 0, mic_len);
1656	if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
1657	key_info & WPA_KEY_INFO_TYPE_MASK,
1658	data, data_len, key192->key_mic) \|\|
1659	os_memcmp_const(mic, key192->key_mic, mic_len) != 0)
1660	ret = -1;
1661	os_memcpy(key192->key_mic, mic, mic_len);
1662	return ret;
1663	}
1664
1665
1666	void wpa_remove_ptk(struct wpa_state_machine *sm)
1667	{
1668	sm->PTK_valid = FALSE;
1669	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1670	wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
1671	sm->pairwise_set = FALSE;
1672	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1673	}
1674
1675
1676	int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
1677	{
1678	int remove_ptk = 1;
1679
1680	if (sm == NULL)
1681	return -1;
1682
1683	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1684	"event %d notification", event);
1685
1686	switch (event) {
1687	case WPA_AUTH:
1688	#ifdef CONFIG_MESH
1689	/* PTKs are derived through AMPE */
1690	if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1691	/* not mesh */
1692	break;
1693	}
1694	return 0;
1695	#endif /* CONFIG_MESH */
1696	case WPA_ASSOC:
1697	break;
1698	case WPA_DEAUTH:
1699	case WPA_DISASSOC:
1700	sm->DeauthenticationRequest = TRUE;
1701	break;
1702	case WPA_REAUTH:
1703	case WPA_REAUTH_EAPOL:
1704	if (!sm->started) {
1705	/*
1706	* When using WPS, we may end up here if the STA
1707	* manages to re-associate without the previous STA
1708	* entry getting removed. Consequently, we need to make
1709	* sure that the WPA state machines gets initialized
1710	* properly at this point.
1711	*/
1712	wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1713	"started - initialize now");
1714	sm->started = 1;
1715	sm->Init = TRUE;
1716	if (wpa_sm_step(sm) == 1)
1717	return 1; /* should not really happen */
1718	sm->Init = FALSE;
1719	sm->AuthenticationRequest = TRUE;
1720	break;
1721	}
1722	if (sm->GUpdateStationKeys) {
1723	/*
1724	* Reauthentication cancels the pending group key
1725	* update for this STA.
1726	*/
1727	sm->group->GKeyDoneStations--;
1728	sm->GUpdateStationKeys = FALSE;
1729	sm->PtkGroupInit = TRUE;
1730	}
1731	sm->ReAuthenticationRequest = TRUE;
1732	break;
1733	case WPA_ASSOC_FT:
1734	#ifdef CONFIG_IEEE80211R
1735	wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1736	"after association");
1737	wpa_ft_install_ptk(sm);
1738
1739	/* Using FT protocol, not WPA auth state machine */
1740	sm->ft_completed = 1;
1741	return 0;
1742	#else /* CONFIG_IEEE80211R */
1743	break;
1744	#endif /* CONFIG_IEEE80211R */
1745	}
1746
1747	#ifdef CONFIG_IEEE80211R
1748	sm->ft_completed = 0;
1749	#endif /* CONFIG_IEEE80211R */
1750
1751	#ifdef CONFIG_IEEE80211W
1752	if (sm->mgmt_frame_prot && event == WPA_AUTH)
1753	remove_ptk = 0;
1754	#endif /* CONFIG_IEEE80211W */
1755
1756	if (remove_ptk) {
1757	sm->PTK_valid = FALSE;
1758	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1759
1760	if (event != WPA_REAUTH_EAPOL)
1761	wpa_remove_ptk(sm);
1762	}
1763
1764	if (sm->in_step_loop) {
1765	/*
1766	* wpa_sm_step() is already running - avoid recursive call to
1767	* it by making the existing loop process the new update.
1768	*/
1769	sm->changed = TRUE;
1770	return 0;
1771	}
1772	return wpa_sm_step(sm);
1773	}
1774
1775
1776	SM_STATE(WPA_PTK, INITIALIZE)
1777	{
1778	SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1779	if (sm->Init) {
1780	/* Init flag is not cleared here, so avoid busy
1781	* loop by claiming nothing changed. */
1782	sm->changed = FALSE;
1783	}
1784
1785	sm->keycount = 0;
1786	if (sm->GUpdateStationKeys)
1787	sm->group->GKeyDoneStations--;
1788	sm->GUpdateStationKeys = FALSE;
1789	if (sm->wpa == WPA_VERSION_WPA)
1790	sm->PInitAKeys = FALSE;
1791	if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1792	* Local AA > Remote AA)) */) {
1793	sm->Pair = TRUE;
1794	}
1795	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1796	wpa_remove_ptk(sm);
1797	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1798	sm->TimeoutCtr = 0;
1799	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1800	wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1801	WPA_EAPOL_authorized, 0);
1802	}
1803	}
1804
1805
1806	SM_STATE(WPA_PTK, DISCONNECT)
1807	{
1808	SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1809	sm->Disconnect = FALSE;
1810	wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1811	}
1812
1813
1814	SM_STATE(WPA_PTK, DISCONNECTED)
1815	{
1816	SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1817	sm->DeauthenticationRequest = FALSE;
1818	}
1819
1820
1821	SM_STATE(WPA_PTK, AUTHENTICATION)
1822	{
1823	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1824	os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1825	sm->PTK_valid = FALSE;
1826	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1827	1);
1828	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1829	sm->AuthenticationRequest = FALSE;
1830	}
1831
1832
1833	static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1834	struct wpa_group *group)
1835	{
1836	if (group->first_sta_seen)
1837	return;
1838	/*
1839	* System has run bit further than at the time hostapd was started
1840	* potentially very early during boot up. This provides better chances
1841	* of collecting more randomness on embedded systems. Re-initialize the
1842	* GMK and Counter here to improve their strength if there was not
1843	* enough entropy available immediately after system startup.
1844	*/
1845	wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1846	"station");
1847	if (random_pool_ready() != 1) {
1848	wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1849	"to proceed - reject first 4-way handshake");
1850	group->reject_4way_hs_for_entropy = TRUE;
1851	} else {
1852	group->first_sta_seen = TRUE;
1853	group->reject_4way_hs_for_entropy = FALSE;
1854	}
1855
1856	if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 \|\|
1857	wpa_gtk_update(wpa_auth, group) < 0 \|\|
1858	wpa_group_config_group_keys(wpa_auth, group) < 0) {
1859	wpa_printf(MSG_INFO, "WPA: GMK/GTK setup failed");
1860	group->first_sta_seen = FALSE;
1861	group->reject_4way_hs_for_entropy = TRUE;
1862	}
1863	}
1864
1865
1866	SM_STATE(WPA_PTK, AUTHENTICATION2)
1867	{
1868	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1869
1870	wpa_group_ensure_init(sm->wpa_auth, sm->group);
1871	sm->ReAuthenticationRequest = FALSE;
1872
1873	/*
1874	* Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
1875	* ambiguous. The Authenticator state machine uses a counter that is
1876	* incremented by one for each 4-way handshake. However, the security
1877	* analysis of 4-way handshake points out that unpredictable nonces
1878	* help in preventing precomputation attacks. Instead of the state
1879	* machine definition, use an unpredictable nonce value here to provide
1880	* stronger protection against potential precomputation attacks.
1881	*/
1882	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
1883	wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
1884	"ANonce.");
1885	sm->Disconnect = TRUE;
1886	return;
1887	}
1888	wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1889	WPA_NONCE_LEN);
1890	/* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1891	* logical place than INITIALIZE since AUTHENTICATION2 can be
1892	* re-entered on ReAuthenticationRequest without going through
1893	* INITIALIZE. */
1894	sm->TimeoutCtr = 0;
1895	}
1896
1897
1898	SM_STATE(WPA_PTK, INITPMK)
1899	{
1900	u8 msk[2 * PMK_LEN];
1901	size_t len = 2 * PMK_LEN;
1902
1903	SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1904	#ifdef CONFIG_IEEE80211R
1905	sm->xxkey_len = 0;
1906	#endif /* CONFIG_IEEE80211R */
1907	if (sm->pmksa) {
1908	wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1909	os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1910	} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1911	wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1912	"(len=%lu)", (unsigned long) len);
1913	os_memcpy(sm->PMK, msk, PMK_LEN);
1914	#ifdef CONFIG_IEEE80211R
1915	if (len >= 2 * PMK_LEN) {
1916	os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1917	sm->xxkey_len = PMK_LEN;
1918	}
1919	#endif /* CONFIG_IEEE80211R */
1920	} else {
1921	wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",
1922	sm->wpa_auth->cb.get_msk);
1923	sm->Disconnect = TRUE;
1924	return;
1925	}
1926	os_memset(msk, 0, sizeof(msk));
1927
1928	sm->req_replay_counter_used = 0;
1929	/* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1930	* will break reauthentication since EAPOL state machines may not be
1931	* get into AUTHENTICATING state that clears keyRun before WPA state
1932	* machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1933	* state and takes PMK from the previously used AAA Key. This will
1934	* eventually fail in 4-Way Handshake because Supplicant uses PMK
1935	* derived from the new AAA Key. Setting keyRun = FALSE here seems to
1936	* be good workaround for this issue. */
1937	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1938	}
1939
1940
1941	SM_STATE(WPA_PTK, INITPSK)
1942	{
1943	const u8 *psk;
1944	SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1945	psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL);
1946	if (psk) {
1947	os_memcpy(sm->PMK, psk, PMK_LEN);
1948	#ifdef CONFIG_IEEE80211R
1949	os_memcpy(sm->xxkey, psk, PMK_LEN);
1950	sm->xxkey_len = PMK_LEN;
1951	#endif /* CONFIG_IEEE80211R */
1952	}
1953	sm->req_replay_counter_used = 0;
1954	}
1955
1956
1957	SM_STATE(WPA_PTK, PTKSTART)
1958	{
1959	u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1960	size_t pmkid_len = 0;
1961
1962	SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1963	sm->PTKRequest = FALSE;
1964	sm->TimeoutEvt = FALSE;
1965	sm->alt_snonce_valid = FALSE;
1966
1967	sm->TimeoutCtr++;
1968	if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1969	/* No point in sending the EAPOL-Key - we will disconnect
1970	* immediately following this. */
1971	return;
1972	}
1973
1974	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1975	"sending 1/4 msg of 4-Way Handshake");
1976	/*
1977	* TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1978	* one possible PSK for this STA.
1979	*/
1980	if (sm->wpa == WPA_VERSION_WPA2 &&
1981	wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1982	sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
1983	pmkid = buf;
1984	pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1985	pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1986	pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1987	RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1988	if (sm->pmksa) {
1989	os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1990	sm->pmksa->pmkid, PMKID_LEN);
1991	} else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
1992	/* No KCK available to derive PMKID */
1993	pmkid = NULL;
1994	} else {
1995	/*
1996	* Calculate PMKID since no PMKSA cache entry was
1997	* available with pre-calculated PMKID.
1998	*/
1999	rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
2000	sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
2001	wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
2002	}
2003	}
2004	wpa_send_eapol(sm->wpa_auth, sm,
2005	WPA_KEY_INFO_ACK \| WPA_KEY_INFO_KEY_TYPE, NULL,
2006	sm->ANonce, pmkid, pmkid_len, 0, 0);
2007	}
2008
2009
2010	static int wpa_derive_ptk(struct wpa_state_machine sm, const u8 snonce,
2011	const u8 pmk, struct wpa_ptk ptk)
2012	{
2013	#ifdef CONFIG_IEEE80211R
2014	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
2015	return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
2016	#endif /* CONFIG_IEEE80211R */
2017
2018	return wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
2019	sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2020	ptk, sm->wpa_key_mgmt, sm->pairwise);
2021	}
2022
2023
2024	SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2025	{
2026	struct wpa_ptk PTK;
2027	int ok = 0, psk_found = 0;
2028	const u8 *pmk = NULL;
2029
2030	SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2031	sm->EAPOLKeyReceived = FALSE;
2032	sm->update_snonce = FALSE;
2033
2034	/* WPA with IEEE 802.1X: use the derived PMK from EAP
2035	* WPA-PSK: iterate through possible PSKs and select the one matching
2036	* the packet */
2037	for (;;) {
2038	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2039	pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2040	sm->p2p_dev_addr, pmk);
2041	if (pmk == NULL)
2042	break;
2043	psk_found = 1;
2044	} else
2045	pmk = sm->PMK;
2046
2047	wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK);
2048
2049	if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
2050	sm->last_rx_eapol_key,
2051	sm->last_rx_eapol_key_len) == 0) {
2052	ok = 1;
2053	break;
2054	}
2055
2056	if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
2057	break;
2058	}
2059
2060	if (!ok) {
2061	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2062	"invalid MIC in msg 2/4 of 4-Way Handshake");
2063	if (psk_found)
2064	wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
2065	return;
2066	}
2067
2068	#ifdef CONFIG_IEEE80211R
2069	if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2070	/*
2071	* Verify that PMKR1Name from EAPOL-Key message 2/4 matches
2072	* with the value we derived.
2073	*/
2074	if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
2075	WPA_PMK_NAME_LEN) != 0) {
2076	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2077	"PMKR1Name mismatch in FT 4-way "
2078	"handshake");
2079	wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
2080	"Supplicant",
2081	sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
2082	wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2083	sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2084	return;
2085	}
2086	}
2087	#endif /* CONFIG_IEEE80211R */
2088
2089	sm->pending_1_of_4_timeout = 0;
2090	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2091
2092	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2093	/* PSK may have changed from the previous choice, so update
2094	* state machine data based on whatever PSK was selected here.
2095	*/
2096	os_memcpy(sm->PMK, pmk, PMK_LEN);
2097	}
2098
2099	sm->MICVerified = TRUE;
2100
2101	os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
2102	sm->PTK_valid = TRUE;
2103	}
2104
2105
2106	SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2107	{
2108	SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2109	sm->TimeoutCtr = 0;
2110	}
2111
2112
2113	#ifdef CONFIG_IEEE80211W
2114
2115	static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2116	{
2117	if (sm->mgmt_frame_prot) {
2118	size_t len;
2119	len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2120	return 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN + len;
2121	}
2122
2123	return 0;
2124	}
2125
2126
2127	static u8 * ieee80211w_kde_add(struct wpa_state_machine sm, u8 pos)
2128	{
2129	struct wpa_igtk_kde igtk;
2130	struct wpa_group *gsm = sm->group;
2131	u8 rsc[WPA_KEY_RSC_LEN];
2132	size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2133
2134	if (!sm->mgmt_frame_prot)
2135	return pos;
2136
2137	igtk.keyid[0] = gsm->GN_igtk;
2138	igtk.keyid[1] = 0;
2139	if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE \|\|
2140	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
2141	os_memset(igtk.pn, 0, sizeof(igtk.pn));
2142	else
2143	os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
2144	os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
2145	if (sm->wpa_auth->conf.disable_gtk) {
2146	/*
2147	* Provide unique random IGTK to each STA to prevent use of
2148	* IGTK in the BSS.
2149	*/
2150	if (random_get_bytes(igtk.igtk, len) < 0)
2151	return pos;
2152	}
2153	pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
2154	(const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
2155	NULL, 0);
2156
2157	return pos;
2158	}
2159
2160	#else /* CONFIG_IEEE80211W */
2161
2162	static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2163	{
2164	return 0;
2165	}
2166
2167
2168	static u8 * ieee80211w_kde_add(struct wpa_state_machine sm, u8 pos)
2169	{
2170	return pos;
2171	}
2172
2173	#endif /* CONFIG_IEEE80211W */
2174
2175
2176	SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2177	{
2178	u8 rsc[WPA_KEY_RSC_LEN], _rsc, gtk, kde, pos, dummy_gtk[32];
2179	size_t gtk_len, kde_len;
2180	struct wpa_group *gsm = sm->group;
2181	u8 *wpa_ie;
2182	int wpa_ie_len, secure, keyidx, encr = 0;
2183
2184	SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2185	sm->TimeoutEvt = FALSE;
2186
2187	sm->TimeoutCtr++;
2188	if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
2189	/* No point in sending the EAPOL-Key - we will disconnect
2190	* immediately following this. */
2191	return;
2192	}
2193
2194	/* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
2195	GTK[GN], IGTK, [FTIE], [TIE * 2])
2196	*/
2197	os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2198	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2199	/* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
2200	wpa_ie = sm->wpa_auth->wpa_ie;
2201	wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2202	if (sm->wpa == WPA_VERSION_WPA &&
2203	(sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
2204	wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2205	/* WPA-only STA, remove RSN IE and possible MDIE */
2206	wpa_ie = wpa_ie + wpa_ie[1] + 2;
2207	if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
2208	wpa_ie = wpa_ie + wpa_ie[1] + 2;
2209	wpa_ie_len = wpa_ie[1] + 2;
2210	}
2211	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2212	"sending 3/4 msg of 4-Way Handshake");
2213	if (sm->wpa == WPA_VERSION_WPA2) {
2214	/* WPA2 send GTK in the 4-way handshake */
2215	secure = 1;
2216	gtk = gsm->GTK[gsm->GN - 1];
2217	gtk_len = gsm->GTK_len;
2218	if (sm->wpa_auth->conf.disable_gtk) {
2219	/*
2220	* Provide unique random GTK to each STA to prevent use
2221	* of GTK in the BSS.
2222	*/
2223	if (random_get_bytes(dummy_gtk, gtk_len) < 0)
2224	return;
2225	gtk = dummy_gtk;
2226	}
2227	keyidx = gsm->GN;
2228	_rsc = rsc;
2229	encr = 1;
2230	} else {
2231	/* WPA does not include GTK in msg 3/4 */
2232	secure = 0;
2233	gtk = NULL;
2234	gtk_len = 0;
2235	keyidx = 0;
2236	_rsc = NULL;
2237	if (sm->rx_eapol_key_secure) {
2238	/*
2239	* It looks like Windows 7 supplicant tries to use
2240	* Secure bit in msg 2/4 after having reported Michael
2241	* MIC failure and it then rejects the 4-way handshake
2242	* if msg 3/4 does not set Secure bit. Work around this
2243	* by setting the Secure bit here even in the case of
2244	* WPA if the supplicant used it first.
2245	*/
2246	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2247	"STA used Secure bit in WPA msg 2/4 - "
2248	"set Secure for 3/4 as workaround");
2249	secure = 1;
2250	}
2251	}
2252
2253	kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2254	if (gtk)
2255	kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
2256	#ifdef CONFIG_IEEE80211R
2257	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2258	kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
2259	kde_len += 300; /* FTIE + 2 * TIE */
2260	}
2261	#endif /* CONFIG_IEEE80211R */
2262	#ifdef CONFIG_P2P
2263	if (WPA_GET_BE32(sm->ip_addr) > 0)
2264	kde_len += 2 + RSN_SELECTOR_LEN + 3 * 4;
2265	#endif /* CONFIG_P2P */
2266	kde = os_malloc(kde_len);
2267	if (kde == NULL)
2268	return;
2269
2270	pos = kde;
2271	os_memcpy(pos, wpa_ie, wpa_ie_len);
2272	pos += wpa_ie_len;
2273	#ifdef CONFIG_IEEE80211R
2274	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2275	int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
2276	if (res < 0) {
2277	wpa_printf(MSG_ERROR, "FT: Failed to insert "
2278	"PMKR1Name into RSN IE in EAPOL-Key data");
2279	os_free(kde);
2280	return;
2281	}
2282	pos += res;
2283	}
2284	#endif /* CONFIG_IEEE80211R */
2285	if (gtk) {
2286	u8 hdr[2];
2287	hdr[0] = keyidx & 0x03;
2288	hdr[1] = 0;
2289	pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2290	gtk, gtk_len);
2291	}
2292	pos = ieee80211w_kde_add(sm, pos);
2293
2294	#ifdef CONFIG_IEEE80211R
2295	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2296	int res;
2297	struct wpa_auth_config *conf;
2298
2299	conf = &sm->wpa_auth->conf;
2300	res = wpa_write_ftie(conf, conf->r0_key_holder,
2301	conf->r0_key_holder_len,
2302	NULL, NULL, pos, kde + kde_len - pos,
2303	NULL, 0);
2304	if (res < 0) {
2305	wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
2306	"into EAPOL-Key Key Data");
2307	os_free(kde);
2308	return;
2309	}
2310	pos += res;
2311
2312	/* TIE[ReassociationDeadline] (TU) */
2313	*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2314	*pos++ = 5;
2315	*pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
2316	WPA_PUT_LE32(pos, conf->reassociation_deadline);
2317	pos += 4;
2318
2319	/* TIE[KeyLifetime] (seconds) */
2320	*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
2321	*pos++ = 5;
2322	*pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
2323	WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
2324	pos += 4;
2325	}
2326	#endif /* CONFIG_IEEE80211R */
2327	#ifdef CONFIG_P2P
2328	if (WPA_GET_BE32(sm->ip_addr) > 0) {
2329	u8 addr[3 * 4];
2330	os_memcpy(addr, sm->ip_addr, 4);
2331	os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
2332	os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
2333	pos = wpa_add_kde(pos, WFA_KEY_DATA_IP_ADDR_ALLOC,
2334	addr, sizeof(addr), NULL, 0);
2335	}
2336	#endif /* CONFIG_P2P */
2337
2338	wpa_send_eapol(sm->wpa_auth, sm,
2339	(secure ? WPA_KEY_INFO_SECURE : 0) \| WPA_KEY_INFO_MIC \|
2340	WPA_KEY_INFO_ACK \| WPA_KEY_INFO_INSTALL \|
2341	WPA_KEY_INFO_KEY_TYPE,
2342	_rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
2343	os_free(kde);
2344	}
2345
2346
2347	SM_STATE(WPA_PTK, PTKINITDONE)
2348	{
2349	SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
2350	sm->EAPOLKeyReceived = FALSE;
2351	if (sm->Pair) {
2352	enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
2353	int klen = wpa_cipher_key_len(sm->pairwise);
2354	if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2355	sm->PTK.tk, klen)) {
2356	wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2357	return;
2358	}
2359	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
2360	sm->pairwise_set = TRUE;
2361
2362	if (sm->wpa_auth->conf.wpa_ptk_rekey) {
2363	eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2364	eloop_register_timeout(sm->wpa_auth->conf.
2365	wpa_ptk_rekey, 0, wpa_rekey_ptk,
2366	sm->wpa_auth, sm);
2367	}
2368
2369	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
2370	wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2371	WPA_EAPOL_authorized, 1);
2372	}
2373	}
2374
2375	if (0 /* IBSS == TRUE */) {
2376	sm->keycount++;
2377	if (sm->keycount == 2) {
2378	wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2379	WPA_EAPOL_portValid, 1);
2380	}
2381	} else {
2382	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
2383	1);
2384	}
2385	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
2386	wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
2387	if (sm->wpa == WPA_VERSION_WPA)
2388	sm->PInitAKeys = TRUE;
2389	else
2390	sm->has_GTK = TRUE;
2391	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2392	"pairwise key handshake completed (%s)",
2393	sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2394
2395	#ifdef CONFIG_IEEE80211R
2396	wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
2397	#endif /* CONFIG_IEEE80211R */
2398	}
2399
2400
2401	SM_STEP(WPA_PTK)
2402	{
2403	struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2404
2405	if (sm->Init)
2406	SM_ENTER(WPA_PTK, INITIALIZE);
2407	else if (sm->Disconnect
2408	/* \|\| FIX: dot11RSNAConfigSALifetime timeout */) {
2409	wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2410	"WPA_PTK: sm->Disconnect");
2411	SM_ENTER(WPA_PTK, DISCONNECT);
2412	}
2413	else if (sm->DeauthenticationRequest)
2414	SM_ENTER(WPA_PTK, DISCONNECTED);
2415	else if (sm->AuthenticationRequest)
2416	SM_ENTER(WPA_PTK, AUTHENTICATION);
2417	else if (sm->ReAuthenticationRequest)
2418	SM_ENTER(WPA_PTK, AUTHENTICATION2);
2419	else if (sm->PTKRequest)
2420	SM_ENTER(WPA_PTK, PTKSTART);
2421	else switch (sm->wpa_ptk_state) {
2422	case WPA_PTK_INITIALIZE:
2423	break;
2424	case WPA_PTK_DISCONNECT:
2425	SM_ENTER(WPA_PTK, DISCONNECTED);
2426	break;
2427	case WPA_PTK_DISCONNECTED:
2428	SM_ENTER(WPA_PTK, INITIALIZE);
2429	break;
2430	case WPA_PTK_AUTHENTICATION:
2431	SM_ENTER(WPA_PTK, AUTHENTICATION2);
2432	break;
2433	case WPA_PTK_AUTHENTICATION2:
2434	if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
2435	wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2436	WPA_EAPOL_keyRun) > 0)
2437	SM_ENTER(WPA_PTK, INITPMK);
2438	else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
2439	/* FIX: && 802.1X::keyRun */)
2440	SM_ENTER(WPA_PTK, INITPSK);
2441	break;
2442	case WPA_PTK_INITPMK:
2443	if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2444	WPA_EAPOL_keyAvailable) > 0)
2445	SM_ENTER(WPA_PTK, PTKSTART);
2446	else {
2447	wpa_auth->dot11RSNA4WayHandshakeFailures++;
2448	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2449	"INITPMK - keyAvailable = false");
2450	SM_ENTER(WPA_PTK, DISCONNECT);
2451	}
2452	break;
2453	case WPA_PTK_INITPSK:
2454	if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
2455	NULL))
2456	SM_ENTER(WPA_PTK, PTKSTART);
2457	else {
2458	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2459	"no PSK configured for the STA");
2460	wpa_auth->dot11RSNA4WayHandshakeFailures++;
2461	SM_ENTER(WPA_PTK, DISCONNECT);
2462	}
2463	break;
2464	case WPA_PTK_PTKSTART:
2465	if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2466	sm->EAPOLKeyPairwise)
2467	SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2468	else if (sm->TimeoutCtr >
2469	(int) dot11RSNAConfigPairwiseUpdateCount) {
2470	wpa_auth->dot11RSNA4WayHandshakeFailures++;
2471	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2472	"PTKSTART: Retry limit %d reached",
2473	dot11RSNAConfigPairwiseUpdateCount);
2474	SM_ENTER(WPA_PTK, DISCONNECT);
2475	} else if (sm->TimeoutEvt)
2476	SM_ENTER(WPA_PTK, PTKSTART);
2477	break;
2478	case WPA_PTK_PTKCALCNEGOTIATING:
2479	if (sm->MICVerified)
2480	SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2481	else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2482	sm->EAPOLKeyPairwise)
2483	SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2484	else if (sm->TimeoutEvt)
2485	SM_ENTER(WPA_PTK, PTKSTART);
2486	break;
2487	case WPA_PTK_PTKCALCNEGOTIATING2:
2488	SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2489	break;
2490	case WPA_PTK_PTKINITNEGOTIATING:
2491	if (sm->update_snonce)
2492	SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2493	else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2494	sm->EAPOLKeyPairwise && sm->MICVerified)
2495	SM_ENTER(WPA_PTK, PTKINITDONE);
2496	else if (sm->TimeoutCtr >
2497	(int) dot11RSNAConfigPairwiseUpdateCount) {
2498	wpa_auth->dot11RSNA4WayHandshakeFailures++;
2499	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2500	"PTKINITNEGOTIATING: Retry limit %d "
2501	"reached",
2502	dot11RSNAConfigPairwiseUpdateCount);
2503	SM_ENTER(WPA_PTK, DISCONNECT);
2504	} else if (sm->TimeoutEvt)
2505	SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2506	break;
2507	case WPA_PTK_PTKINITDONE:
2508	break;
2509	}
2510	}
2511
2512
2513	SM_STATE(WPA_PTK_GROUP, IDLE)
2514	{
2515	SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2516	if (sm->Init) {
2517	/* Init flag is not cleared here, so avoid busy
2518	* loop by claiming nothing changed. */
2519	sm->changed = FALSE;
2520	}
2521	sm->GTimeoutCtr = 0;
2522	}
2523
2524
2525	SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2526	{
2527	u8 rsc[WPA_KEY_RSC_LEN];
2528	struct wpa_group *gsm = sm->group;
2529	const u8 *kde;
2530	u8 kde_buf = NULL, pos, hdr[2];
2531	size_t kde_len;
2532	u8 *gtk, dummy_gtk[32];
2533
2534	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
2535
2536	sm->GTimeoutCtr++;
2537	if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2538	/* No point in sending the EAPOL-Key - we will disconnect
2539	* immediately following this. */
2540	return;
2541	}
2542
2543	if (sm->wpa == WPA_VERSION_WPA)
2544	sm->PInitAKeys = FALSE;
2545	sm->TimeoutEvt = FALSE;
2546	/* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2547	os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2548	if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2549	wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2550	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2551	"sending 1/2 msg of Group Key Handshake");
2552
2553	gtk = gsm->GTK[gsm->GN - 1];
2554	if (sm->wpa_auth->conf.disable_gtk) {
2555	/*
2556	* Provide unique random GTK to each STA to prevent use
2557	* of GTK in the BSS.
2558	*/
2559	if (random_get_bytes(dummy_gtk, gsm->GTK_len) < 0)
2560	return;
2561	gtk = dummy_gtk;
2562	}
2563	if (sm->wpa == WPA_VERSION_WPA2) {
2564	kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2565	ieee80211w_kde_len(sm);
2566	kde_buf = os_malloc(kde_len);
2567	if (kde_buf == NULL)
2568	return;
2569
2570	kde = pos = kde_buf;
2571	hdr[0] = gsm->GN & 0x03;
2572	hdr[1] = 0;
2573	pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2574	gtk, gsm->GTK_len);
2575	pos = ieee80211w_kde_add(sm, pos);
2576	kde_len = pos - kde;
2577	} else {
2578	kde = gtk;
2579	kde_len = gsm->GTK_len;
2580	}
2581
2582	wpa_send_eapol(sm->wpa_auth, sm,
2583	WPA_KEY_INFO_SECURE \| WPA_KEY_INFO_MIC \|
2584	WPA_KEY_INFO_ACK \|
2585	(!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2586	rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
2587
2588	os_free(kde_buf);
2589	}
2590
2591
2592	SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2593	{
2594	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2595	sm->EAPOLKeyReceived = FALSE;
2596	if (sm->GUpdateStationKeys)
2597	sm->group->GKeyDoneStations--;
2598	sm->GUpdateStationKeys = FALSE;
2599	sm->GTimeoutCtr = 0;
2600	/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2601	wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2602	"group key handshake completed (%s)",
2603	sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2604	sm->has_GTK = TRUE;
2605	}
2606
2607
2608	SM_STATE(WPA_PTK_GROUP, KEYERROR)
2609	{
2610	SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2611	if (sm->GUpdateStationKeys)
2612	sm->group->GKeyDoneStations--;
2613	sm->GUpdateStationKeys = FALSE;
2614	sm->Disconnect = TRUE;
2615	}
2616
2617
2618	SM_STEP(WPA_PTK_GROUP)
2619	{
2620	if (sm->Init \|\| sm->PtkGroupInit) {
2621	SM_ENTER(WPA_PTK_GROUP, IDLE);
2622	sm->PtkGroupInit = FALSE;
2623	} else switch (sm->wpa_ptk_group_state) {
2624	case WPA_PTK_GROUP_IDLE:
2625	if (sm->GUpdateStationKeys \|\|
2626	(sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2627	SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2628	break;
2629	case WPA_PTK_GROUP_REKEYNEGOTIATING:
2630	if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2631	!sm->EAPOLKeyPairwise && sm->MICVerified)
2632	SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2633	else if (sm->GTimeoutCtr >
2634	(int) dot11RSNAConfigGroupUpdateCount)
2635	SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2636	else if (sm->TimeoutEvt)
2637	SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2638	break;
2639	case WPA_PTK_GROUP_KEYERROR:
2640	SM_ENTER(WPA_PTK_GROUP, IDLE);
2641	break;
2642	case WPA_PTK_GROUP_REKEYESTABLISHED:
2643	SM_ENTER(WPA_PTK_GROUP, IDLE);
2644	break;
2645	}
2646	}
2647
2648
2649	static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2650	struct wpa_group *group)
2651	{
2652	int ret = 0;
2653
2654	os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2655	inc_byte_array(group->Counter, WPA_NONCE_LEN);
2656	if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2657	wpa_auth->addr, group->GNonce,
2658	group->GTK[group->GN - 1], group->GTK_len) < 0)
2659	ret = -1;
2660	wpa_hexdump_key(MSG_DEBUG, "GTK",
2661	group->GTK[group->GN - 1], group->GTK_len);
2662
2663	#ifdef CONFIG_IEEE80211W
2664	if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2665	size_t len;
2666	len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2667	os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2668	inc_byte_array(group->Counter, WPA_NONCE_LEN);
2669	if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2670	wpa_auth->addr, group->GNonce,
2671	group->IGTK[group->GN_igtk - 4], len) < 0)
2672	ret = -1;
2673	wpa_hexdump_key(MSG_DEBUG, "IGTK",
2674	group->IGTK[group->GN_igtk - 4], len);
2675	}
2676	#endif /* CONFIG_IEEE80211W */
2677
2678	return ret;
2679	}
2680
2681
2682	static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2683	struct wpa_group *group)
2684	{
2685	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2686	"GTK_INIT (VLAN-ID %d)", group->vlan_id);
2687	group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2688	group->wpa_group_state = WPA_GROUP_GTK_INIT;
2689
2690	/* GTK[0..N] = 0 */
2691	os_memset(group->GTK, 0, sizeof(group->GTK));
2692	group->GN = 1;
2693	group->GM = 2;
2694	#ifdef CONFIG_IEEE80211W
2695	group->GN_igtk = 4;
2696	group->GM_igtk = 5;
2697	#endif /* CONFIG_IEEE80211W */
2698	/* GTK[GN] = CalcGTK() */
2699	wpa_gtk_update(wpa_auth, group);
2700	}
2701
2702
2703	static int wpa_group_update_sta(struct wpa_state_machine sm, void ctx)
2704	{
2705	if (ctx != NULL && ctx != sm->group)
2706	return 0;
2707
2708	if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2709	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2710	"Not in PTKINITDONE; skip Group Key update");
2711	sm->GUpdateStationKeys = FALSE;
2712	return 0;
2713	}
2714	if (sm->GUpdateStationKeys) {
2715	/*
2716	* This should not really happen, so add a debug log entry.
2717	* Since we clear the GKeyDoneStations before the loop, the
2718	* station needs to be counted here anyway.
2719	*/
2720	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2721	"GUpdateStationKeys was already set when "
2722	"marking station for GTK rekeying");
2723	}
2724
2725	/* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
2726	if (sm->is_wnmsleep)
2727	return 0;
2728
2729	sm->group->GKeyDoneStations++;
2730	sm->GUpdateStationKeys = TRUE;
2731
2732	wpa_sm_step(sm);
2733	return 0;
2734	}
2735
2736
2737	#ifdef CONFIG_WNM
2738	/* update GTK when exiting WNM-Sleep Mode */
2739	void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
2740	{
2741	if (sm == NULL \|\| sm->is_wnmsleep)
2742	return;
2743
2744	wpa_group_update_sta(sm, NULL);
2745	}
2746
2747
2748	void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
2749	{
2750	if (sm)
2751	sm->is_wnmsleep = !!flag;
2752	}
2753
2754
2755	int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine sm, u8 pos)
2756	{
2757	struct wpa_group *gsm = sm->group;
2758	u8 *start = pos;
2759
2760	/*
2761	* GTK subelement:
2762	* Sub-elem ID[1] \| Length[1] \| Key Info[2] \| Key Length[1] \| RSC[8] \|
2763	* Key[5..32]
2764	*/
2765	*pos++ = WNM_SLEEP_SUBELEM_GTK;
2766	*pos++ = 11 + gsm->GTK_len;
2767	/* Key ID in B0-B1 of Key Info */
2768	WPA_PUT_LE16(pos, gsm->GN & 0x03);
2769	pos += 2;
2770	*pos++ = gsm->GTK_len;
2771	if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
2772	return 0;
2773	pos += 8;
2774	os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2775	pos += gsm->GTK_len;
2776
2777	wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
2778	gsm->GN);
2779	wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
2780	gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2781
2782	return pos - start;
2783	}
2784
2785
2786	#ifdef CONFIG_IEEE80211W
2787	int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine sm, u8 pos)
2788	{
2789	struct wpa_group *gsm = sm->group;
2790	u8 *start = pos;
2791	size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
2792
2793	/*
2794	* IGTK subelement:
2795	* Sub-elem ID[1] \| Length[1] \| KeyID[2] \| PN[6] \| Key[16]
2796	*/
2797	*pos++ = WNM_SLEEP_SUBELEM_IGTK;
2798	*pos++ = 2 + 6 + len;
2799	WPA_PUT_LE16(pos, gsm->GN_igtk);
2800	pos += 2;
2801	if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
2802	return 0;
2803	pos += 6;
2804
2805	os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
2806	pos += len;
2807
2808	wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
2809	gsm->GN_igtk);
2810	wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
2811	gsm->IGTK[gsm->GN_igtk - 4], len);
2812
2813	return pos - start;
2814	}
2815	#endif /* CONFIG_IEEE80211W */
2816	#endif /* CONFIG_WNM */
2817
2818
2819	static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2820	struct wpa_group *group)
2821	{
2822	int tmp;
2823
2824	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2825	"SETKEYS (VLAN-ID %d)", group->vlan_id);
2826	group->changed = TRUE;
2827	group->wpa_group_state = WPA_GROUP_SETKEYS;
2828	group->GTKReKey = FALSE;
2829	tmp = group->GM;
2830	group->GM = group->GN;
2831	group->GN = tmp;
2832	#ifdef CONFIG_IEEE80211W
2833	tmp = group->GM_igtk;
2834	group->GM_igtk = group->GN_igtk;
2835	group->GN_igtk = tmp;
2836	#endif /* CONFIG_IEEE80211W */
2837	/* "GKeyDoneStations = GNoStations" is done in more robust way by
2838	* counting the STAs that are marked with GUpdateStationKeys instead of
2839	* including all STAs that could be in not-yet-completed state. */
2840	wpa_gtk_update(wpa_auth, group);
2841
2842	if (group->GKeyDoneStations) {
2843	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
2844	"GKeyDoneStations=%d when starting new GTK rekey",
2845	group->GKeyDoneStations);
2846	group->GKeyDoneStations = 0;
2847	}
2848	wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
2849	wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2850	group->GKeyDoneStations);
2851	}
2852
2853
2854	static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2855	struct wpa_group *group)
2856	{
2857	int ret = 0;
2858
2859	if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2860	wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
2861	broadcast_ether_addr, group->GN,
2862	group->GTK[group->GN - 1], group->GTK_len) < 0)
2863	ret = -1;
2864
2865	#ifdef CONFIG_IEEE80211W
2866	if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2867	enum wpa_alg alg;
2868	size_t len;
2869
2870	alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
2871	len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
2872
2873	if (ret == 0 &&
2874	wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
2875	broadcast_ether_addr, group->GN_igtk,
2876	group->IGTK[group->GN_igtk - 4], len) < 0)
2877	ret = -1;
2878	}
2879	#endif /* CONFIG_IEEE80211W */
2880
2881	return ret;
2882	}
2883
2884
2885	static int wpa_group_disconnect_cb(struct wpa_state_machine sm, void ctx)
2886	{
2887	if (sm->group == ctx) {
2888	wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
2889	" for discconnection due to fatal failure",
2890	MAC2STR(sm->addr));
2891	sm->Disconnect = TRUE;
2892	}
2893
2894	return 0;
2895	}
2896
2897
2898	static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
2899	struct wpa_group *group)
2900	{
2901	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE");
2902	group->changed = TRUE;
2903	group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
2904	wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
2905	}
2906
2907
2908	static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2909	struct wpa_group *group)
2910	{
2911	wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2912	"SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2913	group->changed = TRUE;
2914	group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2915
2916	if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
2917	wpa_group_fatal_failure(wpa_auth, group);
2918	return -1;
2919	}
2920
2921	return 0;
2922	}
2923
2924
2925	static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2926	struct wpa_group *group)
2927	{
2928	if (group->GInit) {
2929	wpa_group_gtk_init(wpa_auth, group);
2930	} else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
2931	/* Do not allow group operations */
2932	} else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2933	group->GTKAuthenticator) {
2934	wpa_group_setkeysdone(wpa_auth, group);
2935	} else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2936	group->GTKReKey) {
2937	wpa_group_setkeys(wpa_auth, group);
2938	} else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2939	if (group->GKeyDoneStations == 0)
2940	wpa_group_setkeysdone(wpa_auth, group);
2941	else if (group->GTKReKey)
2942	wpa_group_setkeys(wpa_auth, group);
2943	}
2944	}
2945
2946
2947	static int wpa_sm_step(struct wpa_state_machine *sm)
2948	{
2949	if (sm == NULL)
2950	return 0;
2951
2952	if (sm->in_step_loop) {
2953	/* This should not happen, but if it does, make sure we do not
2954	* end up freeing the state machine too early by exiting the
2955	* recursive call. */
2956	wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2957	return 0;
2958	}
2959
2960	sm->in_step_loop = 1;
2961	do {
2962	if (sm->pending_deinit)
2963	break;
2964
2965	sm->changed = FALSE;
2966	sm->wpa_auth->group->changed = FALSE;
2967
2968	SM_STEP_RUN(WPA_PTK);
2969	if (sm->pending_deinit)
2970	break;
2971	SM_STEP_RUN(WPA_PTK_GROUP);
2972	if (sm->pending_deinit)
2973	break;
2974	wpa_group_sm_step(sm->wpa_auth, sm->group);
2975	} while (sm->changed \|\| sm->wpa_auth->group->changed);
2976	sm->in_step_loop = 0;
2977
2978	if (sm->pending_deinit) {
2979	wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2980	"machine deinit for " MACSTR, MAC2STR(sm->addr));
2981	wpa_free_sta_sm(sm);
2982	return 1;
2983	}
2984	return 0;
2985	}
2986
2987
2988	static void wpa_sm_call_step(void eloop_ctx, void timeout_ctx)
2989	{
2990	struct wpa_state_machine *sm = eloop_ctx;
2991	wpa_sm_step(sm);
2992	}
2993
2994
2995	void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2996	{
2997	if (sm == NULL)
2998	return;
2999	eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3000	}
3001
3002
3003	void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3004	{
3005	int tmp, i;
3006	struct wpa_group *group;
3007
3008	if (wpa_auth == NULL)
3009	return;
3010
3011	group = wpa_auth->group;
3012
3013	for (i = 0; i < 2; i++) {
3014	tmp = group->GM;
3015	group->GM = group->GN;
3016	group->GN = tmp;
3017	#ifdef CONFIG_IEEE80211W
3018	tmp = group->GM_igtk;
3019	group->GM_igtk = group->GN_igtk;
3020	group->GN_igtk = tmp;
3021	#endif /* CONFIG_IEEE80211W */
3022	wpa_gtk_update(wpa_auth, group);
3023	wpa_group_config_group_keys(wpa_auth, group);
3024	}
3025	}
3026
3027
3028	static const char * wpa_bool_txt(int val)
3029	{
3030	return val ? "TRUE" : "FALSE";
3031	}
3032
3033
3034	#define RSN_SUITE "%02x-%02x-%02x-%d"
3035	#define RSN_SUITE_ARG(s) \
3036	((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
3037
3038	int wpa_get_mib(struct wpa_authenticator wpa_auth, char buf, size_t buflen)
3039	{
3040	int len = 0, ret;
3041	char pmkid_txt[PMKID_LEN * 2 + 1];
3042	#ifdef CONFIG_RSN_PREAUTH
3043	const int preauth = 1;
3044	#else /* CONFIG_RSN_PREAUTH */
3045	const int preauth = 0;
3046	#endif /* CONFIG_RSN_PREAUTH */
3047
3048	if (wpa_auth == NULL)
3049	return len;
3050
3051	ret = os_snprintf(buf + len, buflen - len,
3052	"dot11RSNAOptionImplemented=TRUE\n"
3053	"dot11RSNAPreauthenticationImplemented=%s\n"
3054	"dot11RSNAEnabled=%s\n"
3055	"dot11RSNAPreauthenticationEnabled=%s\n",
3056	wpa_bool_txt(preauth),
3057	wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
3058	wpa_bool_txt(wpa_auth->conf.rsn_preauth));
3059	if (os_snprintf_error(buflen - len, ret))
3060	return len;
3061	len += ret;
3062
3063	wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3064	wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3065
3066	ret = os_snprintf(
3067	buf + len, buflen - len,
3068	"dot11RSNAConfigVersion=%u\n"
3069	"dot11RSNAConfigPairwiseKeysSupported=9999\n"
3070	/* FIX: dot11RSNAConfigGroupCipher */
3071	/* FIX: dot11RSNAConfigGroupRekeyMethod */
3072	/* FIX: dot11RSNAConfigGroupRekeyTime */
3073	/* FIX: dot11RSNAConfigGroupRekeyPackets */
3074	"dot11RSNAConfigGroupRekeyStrict=%u\n"
3075	"dot11RSNAConfigGroupUpdateCount=%u\n"
3076	"dot11RSNAConfigPairwiseUpdateCount=%u\n"
3077	"dot11RSNAConfigGroupCipherSize=%u\n"
3078	"dot11RSNAConfigPMKLifetime=%u\n"
3079	"dot11RSNAConfigPMKReauthThreshold=%u\n"
3080	"dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3081	"dot11RSNAConfigSATimeout=%u\n"
3082	"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3083	"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3084	"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3085	"dot11RSNAPMKIDUsed=%s\n"
3086	"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3087	"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3088	"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3089	"dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3090	"dot11RSNA4WayHandshakeFailures=%u\n"
3091	"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3092	RSN_VERSION,
3093	!!wpa_auth->conf.wpa_strict_rekey,
3094	dot11RSNAConfigGroupUpdateCount,
3095	dot11RSNAConfigPairwiseUpdateCount,
3096	wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
3097	dot11RSNAConfigPMKLifetime,
3098	dot11RSNAConfigPMKReauthThreshold,
3099	dot11RSNAConfigSATimeout,
3100	RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
3101	RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
3102	RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3103	pmkid_txt,
3104	RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
3105	RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
3106	RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3107	wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3108	wpa_auth->dot11RSNA4WayHandshakeFailures);
3109	if (os_snprintf_error(buflen - len, ret))
3110	return len;
3111	len += ret;
3112
3113	/* TODO: dot11RSNAConfigPairwiseCiphersTable */
3114	/* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3115
3116	/* Private MIB */
3117	ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3118	wpa_auth->group->wpa_group_state);
3119	if (os_snprintf_error(buflen - len, ret))
3120	return len;
3121	len += ret;
3122
3123	return len;
3124	}
3125
3126
3127	int wpa_get_mib_sta(struct wpa_state_machine sm, char buf, size_t buflen)
3128	{
3129	int len = 0, ret;
3130	u32 pairwise = 0;
3131
3132	if (sm == NULL)
3133	return 0;
3134
3135	/* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3136
3137	/* dot11RSNAStatsEntry */
3138
3139	pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
3140	WPA_PROTO_RSN : WPA_PROTO_WPA,
3141	sm->pairwise);
3142	if (pairwise == 0)
3143	return 0;
3144
3145	ret = os_snprintf(
3146	buf + len, buflen - len,
3147	/* TODO: dot11RSNAStatsIndex */
3148	"dot11RSNAStatsSTAAddress=" MACSTR "\n"
3149	"dot11RSNAStatsVersion=1\n"
3150	"dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3151	/* TODO: dot11RSNAStatsTKIPICVErrors */
3152	"dot11RSNAStatsTKIPLocalMICFailures=%u\n"
3153	"dot11RSNAStatsTKIPRemoteMICFailures=%u\n"
3154	/* TODO: dot11RSNAStatsCCMPReplays */
3155	/* TODO: dot11RSNAStatsCCMPDecryptErrors */
3156	/* TODO: dot11RSNAStatsTKIPReplays */,
3157	MAC2STR(sm->addr),
3158	RSN_SUITE_ARG(pairwise),
3159	sm->dot11RSNAStatsTKIPLocalMICFailures,
3160	sm->dot11RSNAStatsTKIPRemoteMICFailures);
3161	if (os_snprintf_error(buflen - len, ret))
3162	return len;
3163	len += ret;
3164
3165	/* Private MIB */
3166	ret = os_snprintf(buf + len, buflen - len,
3167	"hostapdWPAPTKState=%d\n"
3168	"hostapdWPAPTKGroupState=%d\n",
3169	sm->wpa_ptk_state,
3170	sm->wpa_ptk_group_state);
3171	if (os_snprintf_error(buflen - len, ret))
3172	return len;
3173	len += ret;
3174
3175	return len;
3176	}
3177
3178
3179	void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3180	{
3181	if (wpa_auth)
3182	wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3183	}
3184
3185
3186	int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3187	{
3188	return sm && sm->pairwise_set;
3189	}
3190
3191
3192	int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
3193	{
3194	return sm->pairwise;
3195	}
3196
3197
3198	int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3199	{
3200	if (sm == NULL)
3201	return -1;
3202	return sm->wpa_key_mgmt;
3203	}
3204
3205
3206	int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3207	{
3208	if (sm == NULL)
3209	return 0;
3210	return sm->wpa;
3211	}
3212
3213
3214	int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3215	struct rsn_pmksa_cache_entry *entry)
3216	{
3217	if (sm == NULL \|\| sm->pmksa != entry)
3218	return -1;
3219	sm->pmksa = NULL;
3220	return 0;
3221	}
3222
3223
3224	struct rsn_pmksa_cache_entry *
3225	wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3226	{
3227	return sm ? sm->pmksa : NULL;
3228	}
3229
3230
3231	void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3232	{
3233	if (sm)
3234	sm->dot11RSNAStatsTKIPLocalMICFailures++;
3235	}
3236
3237
3238	const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator wpa_auth, size_t len)
3239	{
3240	if (wpa_auth == NULL)
3241	return NULL;
3242	*len = wpa_auth->wpa_ie_len;
3243	return wpa_auth->wpa_ie;
3244	}
3245
3246
3247	int wpa_auth_pmksa_add(struct wpa_state_machine sm, const u8 pmk,
3248	int session_timeout, struct eapol_state_machine *eapol)
3249	{
3250	if (sm == NULL \|\| sm->wpa != WPA_VERSION_WPA2 \|\|
3251	sm->wpa_auth->conf.disable_pmksa_caching)
3252	return -1;
3253
3254	if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
3255	sm->PTK.kck, sm->PTK.kck_len,
3256	sm->wpa_auth->addr, sm->addr, session_timeout,
3257	eapol, sm->wpa_key_mgmt))
3258	return 0;
3259
3260	return -1;
3261	}
3262
3263
3264	int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3265	const u8 pmk, size_t len, const u8 sta_addr,
3266	int session_timeout,
3267	struct eapol_state_machine *eapol)
3268	{
3269	if (wpa_auth == NULL)
3270	return -1;
3271
3272	if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len,
3273	NULL, 0,
3274	wpa_auth->addr,
3275	sta_addr, session_timeout, eapol,
3276	WPA_KEY_MGMT_IEEE8021X))
3277	return 0;
3278
3279	return -1;
3280	}
3281
3282
3283	int wpa_auth_pmksa_add_sae(struct wpa_authenticator wpa_auth, const u8 addr,
3284	const u8 *pmk)
3285	{
3286	if (wpa_auth->conf.disable_pmksa_caching)
3287	return -1;
3288
3289	if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN,
3290	NULL, 0,
3291	wpa_auth->addr, addr, 0, NULL,
3292	WPA_KEY_MGMT_SAE))
3293	return 0;
3294
3295	return -1;
3296	}
3297
3298
3299	void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
3300	const u8 *sta_addr)
3301	{
3302	struct rsn_pmksa_cache_entry *pmksa;
3303
3304	if (wpa_auth == NULL \|\| wpa_auth->pmksa == NULL)
3305	return;
3306	pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
3307	if (pmksa) {
3308	wpa_printf(MSG_DEBUG, "WPA: Remove PMKSA cache entry for "
3309	MACSTR " based on request", MAC2STR(sta_addr));
3310	pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
3311	}
3312	}
3313
3314
3315	/*
3316	* Remove and free the group from wpa_authenticator. This is triggered by a
3317	* callback to make sure nobody is currently iterating the group list while it
3318	* gets modified.
3319	*/
3320	static void wpa_group_free(struct wpa_authenticator *wpa_auth,
3321	struct wpa_group *group)
3322	{
3323	struct wpa_group *prev = wpa_auth->group;
3324
3325	wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
3326	group->vlan_id);
3327
3328	while (prev) {
3329	if (prev->next == group) {
3330	/* This never frees the special first group as needed */
3331	prev->next = group->next;
3332	os_free(group);
3333	break;
3334	}
3335	prev = prev->next;
3336	}
3337
3338	}
3339
3340
3341	/* Increase the reference counter for group */
3342	static void wpa_group_get(struct wpa_authenticator *wpa_auth,
3343	struct wpa_group *group)
3344	{
3345	/* Skip the special first group */
3346	if (wpa_auth->group == group)
3347	return;
3348
3349	group->references++;
3350	}
3351
3352
3353	/* Decrease the reference counter and maybe free the group */
3354	static void wpa_group_put(struct wpa_authenticator *wpa_auth,
3355	struct wpa_group *group)
3356	{
3357	/* Skip the special first group */
3358	if (wpa_auth->group == group)
3359	return;
3360
3361	group->references--;
3362	if (group->references)
3363	return;
3364	wpa_group_free(wpa_auth, group);
3365	}
3366
3367
3368	/*
3369	* Add a group that has its references counter set to zero. Caller needs to
3370	* call wpa_group_get() on the return value to mark the entry in use.
3371	*/
3372	static struct wpa_group *
3373	wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3374	{
3375	struct wpa_group *group;
3376
3377	if (wpa_auth == NULL \|\| wpa_auth->group == NULL)
3378	return NULL;
3379
3380	wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3381	vlan_id);
3382	group = wpa_group_init(wpa_auth, vlan_id, 0);
3383	if (group == NULL)
3384	return NULL;
3385
3386	group->next = wpa_auth->group->next;
3387	wpa_auth->group->next = group;
3388
3389	return group;
3390	}
3391
3392
3393	int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3394	{
3395	struct wpa_group *group;
3396
3397	if (sm == NULL \|\| sm->wpa_auth == NULL)
3398	return 0;
3399
3400	group = sm->wpa_auth->group;
3401	while (group) {
3402	if (group->vlan_id == vlan_id)
3403	break;
3404	group = group->next;
3405	}
3406
3407	if (group == NULL) {
3408	group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3409	if (group == NULL)
3410	return -1;
3411	}
3412
3413	if (sm->group == group)
3414	return 0;
3415
3416	if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
3417	return -1;
3418
3419	wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3420	"machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3421
3422	wpa_group_get(sm->wpa_auth, group);
3423	wpa_group_put(sm->wpa_auth, sm->group);
3424	sm->group = group;
3425
3426	return 0;
3427	}
3428
3429
3430	void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
3431	struct wpa_state_machine *sm, int ack)
3432	{
3433	if (wpa_auth == NULL \|\| sm == NULL)
3434	return;
3435	wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
3436	" ack=%d", MAC2STR(sm->addr), ack);
3437	if (sm->pending_1_of_4_timeout && ack) {
3438	/*
3439	* Some deployed supplicant implementations update their SNonce
3440	* for each EAPOL-Key 2/4 message even within the same 4-way
3441	* handshake and then fail to use the first SNonce when
3442	* deriving the PTK. This results in unsuccessful 4-way
3443	* handshake whenever the relatively short initial timeout is
3444	* reached and EAPOL-Key 1/4 is retransmitted. Try to work
3445	* around this by increasing the timeout now that we know that
3446	* the station has received the frame.
3447	*/
3448	int timeout_ms = eapol_key_timeout_subseq;
3449	wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 "
3450	"timeout by %u ms because of acknowledged frame",
3451	timeout_ms);
3452	eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
3453	eloop_register_timeout(timeout_ms / 1000,
3454	(timeout_ms % 1000) * 1000,
3455	wpa_send_eapol_timeout, wpa_auth, sm);
3456	}
3457	}
3458
3459
3460	int wpa_auth_uses_sae(struct wpa_state_machine *sm)
3461	{
3462	if (sm == NULL)
3463	return 0;
3464	return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
3465	}
3466
3467
3468	int wpa_auth_uses_ft_sae(struct wpa_state_machine *sm)
3469	{
3470	if (sm == NULL)
3471	return 0;
3472	return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE;
3473	}
3474
3475
3476	#ifdef CONFIG_P2P
3477	int wpa_auth_get_ip_addr(struct wpa_state_machine sm, u8 addr)
3478	{
3479	if (sm == NULL \|\| WPA_GET_BE32(sm->ip_addr) == 0)
3480	return -1;
3481	os_memcpy(addr, sm->ip_addr, 4);
3482	return 0;
3483	}
3484	#endif /* CONFIG_P2P */
3485
3486
3487	int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
3488	struct radius_das_attrs *attr)
3489	{
3490	return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
3491	}
3492
3493
3494	void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
3495	{
3496	struct wpa_group *group;
3497
3498	if (!wpa_auth)
3499	return;
3500	for (group = wpa_auth->group; group; group = group->next)
3501	wpa_group_config_group_keys(wpa_auth, group);
3502	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: