2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "crypto/random.h"
15 #include "common/ieee802_11_defs.h"
16 #include "eapol_supp/eapol_supp_sm.h"
20 #include "pmksa_cache.h"
27 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
28 * @sm: Pointer to WPA state machine data from wpa_sm_init()
29 * @kck: Key Confirmation Key (KCK, part of PTK)
30 * @kck_len: KCK length in octets
31 * @ver: Version field from Key Info
32 * @dest: Destination address for the frame
33 * @proto: Ethertype (usually ETH_P_EAPOL)
34 * @msg: EAPOL-Key message
35 * @msg_len: Length of message
36 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
38 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
39 int ver, const u8 *dest, u16 proto,
40 u8 *msg, size_t msg_len, u8 *key_mic)
42 size_t mic_len = wpa_mic_len(sm->key_mgmt);
44 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
46 * Association event was not yet received; try to fetch
47 * BSSID from the driver.
49 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
50 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
51 "WPA: Failed to read BSSID for "
52 "EAPOL-Key destination address");
55 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56 "WPA: Use BSSID (" MACSTR
57 ") as the destination for EAPOL-Key",
62 wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
64 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
65 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
69 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
70 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
71 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
72 wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
73 eapol_sm_notify_tx_eapol_key(sm->eapol);
80 * wpa_sm_key_request - Send EAPOL-Key Request
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 * @error: Indicate whether this is an Michael MIC error report
83 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
85 * Send an EAPOL-Key Request to the current authenticator. This function is
86 * used to request rekeying and it is usually called when a local Michael MIC
87 * failure is detected.
89 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
91 size_t mic_len, hdrlen, rlen;
92 struct wpa_eapol_key *reply;
93 struct wpa_eapol_key_192 *reply192;
95 u8 bssid[ETH_ALEN], *rbuf, *key_mic;
97 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
98 wpa_key_mgmt_suite_b(sm->key_mgmt))
99 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
100 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
101 wpa_key_mgmt_sha256(sm->key_mgmt))
102 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
103 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
104 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
106 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
108 if (wpa_sm_get_bssid(sm, bssid) < 0) {
109 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
110 "Failed to read BSSID for EAPOL-Key request");
114 mic_len = wpa_mic_len(sm->key_mgmt);
115 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
116 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
117 hdrlen, &rlen, (void *) &reply);
120 reply192 = (struct wpa_eapol_key_192 *) reply;
122 reply->type = (sm->proto == WPA_PROTO_RSN ||
123 sm->proto == WPA_PROTO_OSEN) ?
124 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
125 key_info = WPA_KEY_INFO_REQUEST | ver;
127 key_info |= WPA_KEY_INFO_MIC;
129 key_info |= WPA_KEY_INFO_ERROR;
131 key_info |= WPA_KEY_INFO_KEY_TYPE;
132 WPA_PUT_BE16(reply->key_info, key_info);
133 WPA_PUT_BE16(reply->key_length, 0);
134 os_memcpy(reply->replay_counter, sm->request_counter,
135 WPA_REPLAY_COUNTER_LEN);
136 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
139 WPA_PUT_BE16(reply192->key_data_length, 0);
141 WPA_PUT_BE16(reply->key_data_length, 0);
142 if (!(key_info & WPA_KEY_INFO_MIC))
145 key_mic = reply192->key_mic; /* same offset in reply */
147 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
148 "WPA: Sending EAPOL-Key Request (error=%d "
149 "pairwise=%d ptk_set=%d len=%lu)",
150 error, pairwise, sm->ptk_set, (unsigned long) rlen);
151 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
152 ETH_P_EAPOL, rbuf, rlen, key_mic);
156 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
158 #ifdef CONFIG_IEEE80211R
159 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
160 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
161 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
162 "RSN: Cannot set low order 256 bits of MSK for key management offload");
164 #endif /* CONFIG_IEEE80211R */
165 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
166 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
167 "RSN: Cannot set PMK for key management offload");
168 #ifdef CONFIG_IEEE80211R
170 #endif /* CONFIG_IEEE80211R */
174 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
175 const unsigned char *src_addr,
178 int abort_cached = 0;
180 if (pmkid && !sm->cur_pmksa) {
181 /* When using drivers that generate RSN IE, wpa_supplicant may
182 * not have enough time to get the association information
183 * event before receiving this 1/4 message, so try to find a
184 * matching PMKSA cache entry here. */
185 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
188 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
189 "RSN: found matching PMKID from PMKSA cache");
191 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
192 "RSN: no matching PMKID found");
197 if (pmkid && sm->cur_pmksa &&
198 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
199 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
200 wpa_sm_set_pmk_from_pmksa(sm);
201 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
202 sm->pmk, sm->pmk_len);
203 eapol_sm_notify_cached(sm->eapol);
204 #ifdef CONFIG_IEEE80211R
206 #endif /* CONFIG_IEEE80211R */
207 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
210 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
213 * EAP-LEAP is an exception from other EAP methods: it
214 * uses only 16-byte PMK.
216 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
219 #ifdef CONFIG_IEEE80211R
221 if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
223 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
224 sm->xxkey_len = PMK_LEN;
225 os_memset(buf, 0, sizeof(buf));
227 #endif /* CONFIG_IEEE80211R */
230 struct rsn_pmksa_cache_entry *sa = NULL;
231 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
232 "machines", sm->pmk, pmk_len);
233 sm->pmk_len = pmk_len;
234 wpa_supplicant_key_mgmt_set_pmk(sm);
235 if (sm->proto == WPA_PROTO_RSN &&
236 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
237 !wpa_key_mgmt_ft(sm->key_mgmt)) {
238 sa = pmksa_cache_add(sm->pmksa,
241 src_addr, sm->own_addr,
245 if (!sm->cur_pmksa && pmkid &&
246 pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
248 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
249 "RSN: the new PMK matches with the "
252 } else if (sa && !sm->cur_pmksa && pmkid) {
254 * It looks like the authentication server
255 * derived mismatching MSK. This should not
256 * really happen, but bugs happen.. There is not
257 * much we can do here without knowing what
258 * exactly caused the server to misbehave.
260 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
261 "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
268 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
269 "WPA: Failed to get master session key from "
270 "EAPOL state machines - key handshake "
273 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
274 "RSN: Cancelled PMKSA caching "
276 sm->cur_pmksa = NULL;
278 } else if (!abort_cached) {
284 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
285 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
286 !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
288 /* Send EAPOL-Start to trigger full EAP authentication. */
292 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
293 "RSN: no PMKSA entry found - trigger "
294 "full EAP authentication");
295 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
296 NULL, 0, &buflen, NULL);
298 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
312 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
313 * @sm: Pointer to WPA state machine data from wpa_sm_init()
314 * @dst: Destination address for the frame
315 * @key: Pointer to the EAPOL-Key frame header
316 * @ver: Version bits from EAPOL-Key Key Info
317 * @nonce: Nonce value for the EAPOL-Key frame
318 * @wpa_ie: WPA/RSN IE
319 * @wpa_ie_len: Length of the WPA/RSN IE
320 * @ptk: PTK to use for keyed hash and encryption
321 * Returns: 0 on success, -1 on failure
323 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
324 const struct wpa_eapol_key *key,
325 int ver, const u8 *nonce,
326 const u8 *wpa_ie, size_t wpa_ie_len,
329 size_t mic_len, hdrlen, rlen;
330 struct wpa_eapol_key *reply;
331 struct wpa_eapol_key_192 *reply192;
333 u8 *rsn_ie_buf = NULL;
335 if (wpa_ie == NULL) {
336 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
337 "cannot generate msg 2/4");
341 #ifdef CONFIG_IEEE80211R
342 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
346 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
347 * FTIE from (Re)Association Response.
349 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
350 sm->assoc_resp_ies_len);
351 if (rsn_ie_buf == NULL)
353 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
354 res = wpa_insert_pmkid(rsn_ie_buf, wpa_ie_len,
362 if (sm->assoc_resp_ies) {
363 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
364 sm->assoc_resp_ies_len);
365 wpa_ie_len += sm->assoc_resp_ies_len;
370 #endif /* CONFIG_IEEE80211R */
372 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
374 mic_len = wpa_mic_len(sm->key_mgmt);
375 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
376 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
377 NULL, hdrlen + wpa_ie_len,
378 &rlen, (void *) &reply);
383 reply192 = (struct wpa_eapol_key_192 *) reply;
385 reply->type = (sm->proto == WPA_PROTO_RSN ||
386 sm->proto == WPA_PROTO_OSEN) ?
387 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
388 WPA_PUT_BE16(reply->key_info,
389 ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
390 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
391 WPA_PUT_BE16(reply->key_length, 0);
393 os_memcpy(reply->key_length, key->key_length, 2);
394 os_memcpy(reply->replay_counter, key->replay_counter,
395 WPA_REPLAY_COUNTER_LEN);
396 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
397 WPA_REPLAY_COUNTER_LEN);
399 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
401 WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
402 os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
404 WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
405 os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
409 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
411 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
412 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
413 rbuf, rlen, key_mic);
419 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
420 const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
422 #ifdef CONFIG_IEEE80211R
423 if (wpa_key_mgmt_ft(sm->key_mgmt))
424 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
425 #endif /* CONFIG_IEEE80211R */
427 return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
428 sm->own_addr, sm->bssid, sm->snonce,
429 key->key_nonce, ptk, sm->key_mgmt,
430 sm->pairwise_cipher);
434 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
435 const unsigned char *src_addr,
436 const struct wpa_eapol_key *key,
437 u16 ver, const u8 *key_data,
440 struct wpa_eapol_ie_parse ie;
443 u8 *kde, *kde_buf = NULL;
446 if (wpa_sm_get_network_ctx(sm) == NULL) {
447 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
448 "found (msg 1 of 4)");
452 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
453 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
454 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
456 os_memset(&ie, 0, sizeof(ie));
458 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
459 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
460 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
461 key_data, key_data_len);
462 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
465 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
466 "Authenticator", ie.pmkid, PMKID_LEN);
470 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
472 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
473 "msg 1/4 - requesting full EAP authentication");
479 if (sm->renew_snonce) {
480 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
481 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
482 "WPA: Failed to get random data for SNonce");
485 sm->renew_snonce = 0;
486 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
487 sm->snonce, WPA_NONCE_LEN);
490 /* Calculate PTK which will be stored as a temporary PTK until it has
491 * been verified when processing message 3/4. */
493 wpa_derive_ptk(sm, src_addr, key, ptk);
494 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
496 /* Supplicant: swap tx/rx Mic keys */
497 os_memcpy(buf, &ptk->tk[16], 8);
498 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
499 os_memcpy(&ptk->tk[24], buf, 8);
500 os_memset(buf, 0, sizeof(buf));
504 kde = sm->assoc_wpa_ie;
505 kde_len = sm->assoc_wpa_ie_len;
509 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
512 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
513 "into EAPOL-Key 2/4");
514 os_memcpy(kde_buf, kde, kde_len);
517 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
518 *pos++ = RSN_SELECTOR_LEN + 1;
519 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
520 pos += RSN_SELECTOR_LEN;
525 #endif /* CONFIG_P2P */
527 if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
532 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
537 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
541 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
543 struct wpa_sm *sm = eloop_ctx;
544 rsn_preauth_candidate_process(sm);
548 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
549 const u8 *addr, int secure)
551 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
552 "WPA: Key negotiation completed with "
553 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
554 wpa_cipher_txt(sm->pairwise_cipher),
555 wpa_cipher_txt(sm->group_cipher));
556 wpa_sm_cancel_auth_timeout(sm);
557 wpa_sm_set_state(sm, WPA_COMPLETED);
560 wpa_sm_mlme_setprotection(
561 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
562 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
563 eapol_sm_notify_portValid(sm->eapol, TRUE);
564 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
565 eapol_sm_notify_eap_success(sm->eapol, TRUE);
567 * Start preauthentication after a short wait to avoid a
568 * possible race condition between the data receive and key
569 * configuration after the 4-Way Handshake. This increases the
570 * likelihood of the first preauth EAPOL-Start frame getting to
573 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
576 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
577 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
578 "RSN: Authenticator accepted "
579 "opportunistic PMKSA entry - marking it valid");
580 sm->cur_pmksa->opportunistic = 0;
583 #ifdef CONFIG_IEEE80211R
584 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
585 /* Prepare for the next transition */
586 wpa_ft_prepare_auth_request(sm, NULL);
588 #endif /* CONFIG_IEEE80211R */
592 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
594 struct wpa_sm *sm = eloop_ctx;
595 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
596 wpa_sm_key_request(sm, 0, 1);
600 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
601 const struct wpa_eapol_key *key)
606 u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
608 if (sm->ptk.installed) {
609 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
610 "WPA: Do not re-install same PTK to the driver");
614 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
615 "WPA: Installing PTK to the driver");
617 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
618 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
619 "Suite: NONE - do not use pairwise keys");
623 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
624 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
625 "WPA: Unsupported pairwise cipher %d",
626 sm->pairwise_cipher);
630 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
631 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
632 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
634 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
637 key_rsc = key->key_rsc;
638 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
641 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
642 sm->ptk.tk, keylen) < 0) {
643 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
644 "WPA: Failed to set PTK to the "
645 "driver (alg=%d keylen=%d bssid=" MACSTR ")",
646 alg, keylen, MAC2STR(sm->bssid));
650 /* TK is not needed anymore in supplicant */
651 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
652 sm->ptk.installed = 1;
654 if (sm->wpa_ptk_rekey) {
655 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
656 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
664 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
666 int keylen, int maxkeylen,
672 *alg = wpa_cipher_to_alg(group_cipher);
673 if (*alg == WPA_ALG_NONE) {
674 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
675 "WPA: Unsupported Group Cipher %d",
679 *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
681 klen = wpa_cipher_key_len(group_cipher);
682 if (keylen != klen || maxkeylen < klen) {
683 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
684 "WPA: Unsupported %s Group Cipher key length %d (%d)",
685 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
692 struct wpa_gtk_data {
694 int tx, key_rsc_len, keyidx;
700 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
701 const struct wpa_gtk_data *gd,
702 const u8 *key_rsc, int wnm_sleep)
704 const u8 *_gtk = gd->gtk;
707 /* Detect possible key reinstallation */
708 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
709 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
710 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
711 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
712 sm->gtk_wnm_sleep.gtk_len) == 0)) {
713 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
714 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
715 gd->keyidx, gd->tx, gd->gtk_len);
719 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
720 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
721 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
722 gd->keyidx, gd->tx, gd->gtk_len);
723 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
724 if (sm->group_cipher == WPA_CIPHER_TKIP) {
725 /* Swap Tx/Rx keys for Michael MIC */
726 os_memcpy(gtk_buf, gd->gtk, 16);
727 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
728 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
731 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
732 if (wpa_sm_set_key(sm, gd->alg, NULL,
733 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
734 _gtk, gd->gtk_len) < 0) {
735 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
736 "WPA: Failed to set GTK to the driver "
738 os_memset(gtk_buf, 0, sizeof(gtk_buf));
741 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
742 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
743 _gtk, gd->gtk_len) < 0) {
744 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
745 "WPA: Failed to set GTK to "
746 "the driver (alg=%d keylen=%d keyidx=%d)",
747 gd->alg, gd->gtk_len, gd->keyidx);
748 os_memset(gtk_buf, 0, sizeof(gtk_buf));
751 os_memset(gtk_buf, 0, sizeof(gtk_buf));
754 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
755 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
756 sm->gtk_wnm_sleep.gtk_len);
758 sm->gtk.gtk_len = gd->gtk_len;
759 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
766 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
769 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
770 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
771 * seemed to set this bit (incorrectly, since Tx is only when
772 * doing Group Key only APs) and without this workaround, the
773 * data connection does not work because wpa_supplicant
774 * configured non-zero keyidx to be used for unicast. */
775 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
776 "WPA: Tx bit set for GTK, but pairwise "
777 "keys are used - ignore Tx bit");
784 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
785 const struct wpa_eapol_key *key,
786 const u8 *gtk, size_t gtk_len,
789 struct wpa_gtk_data gd;
792 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
794 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
795 * Reserved [bits 0-7]
799 os_memset(&gd, 0, sizeof(gd));
800 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
803 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
806 gd.keyidx = gtk[0] & 0x3;
807 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
808 !!(gtk[0] & BIT(2)));
812 os_memcpy(gd.gtk, gtk, gtk_len);
813 gd.gtk_len = gtk_len;
815 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
816 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
818 &gd.key_rsc_len, &gd.alg) ||
819 wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
820 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
821 "RSN: Failed to install GTK");
822 os_memset(&gd, 0, sizeof(gd));
825 os_memset(&gd, 0, sizeof(gd));
827 wpa_supplicant_key_neg_complete(sm, sm->bssid,
828 key_info & WPA_KEY_INFO_SECURE);
833 #ifdef CONFIG_IEEE80211W
834 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
835 const struct wpa_igtk_kde *igtk,
838 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
839 u16 keyidx = WPA_GET_LE16(igtk->keyid);
841 /* Detect possible key reinstallation */
842 if ((sm->igtk.igtk_len == len &&
843 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
844 (sm->igtk_wnm_sleep.igtk_len == len &&
845 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
846 sm->igtk_wnm_sleep.igtk_len) == 0)) {
847 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
848 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
853 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
854 "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
855 keyidx, MAC2STR(igtk->pn));
856 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
858 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
859 "WPA: Invalid IGTK KeyID %d", keyidx);
862 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
863 broadcast_ether_addr,
864 keyidx, 0, igtk->pn, sizeof(igtk->pn),
865 igtk->igtk, len) < 0) {
866 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
867 "WPA: Failed to configure IGTK to the driver");
872 sm->igtk_wnm_sleep.igtk_len = len;
873 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
874 sm->igtk_wnm_sleep.igtk_len);
876 sm->igtk.igtk_len = len;
877 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
882 #endif /* CONFIG_IEEE80211W */
885 static int ieee80211w_set_keys(struct wpa_sm *sm,
886 struct wpa_eapol_ie_parse *ie)
888 #ifdef CONFIG_IEEE80211W
889 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
894 const struct wpa_igtk_kde *igtk;
896 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
897 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
900 igtk = (const struct wpa_igtk_kde *) ie->igtk;
901 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
906 #else /* CONFIG_IEEE80211W */
908 #endif /* CONFIG_IEEE80211W */
912 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
913 const char *reason, const u8 *src_addr,
914 const u8 *wpa_ie, size_t wpa_ie_len,
915 const u8 *rsn_ie, size_t rsn_ie_len)
917 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
918 reason, MAC2STR(src_addr));
921 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
922 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
925 if (!sm->ap_wpa_ie) {
926 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
927 "WPA: No WPA IE in Beacon/ProbeResp");
929 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
934 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
935 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
938 if (!sm->ap_rsn_ie) {
939 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
940 "WPA: No RSN IE in Beacon/ProbeResp");
942 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
946 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
950 #ifdef CONFIG_IEEE80211R
952 static int ft_validate_mdie(struct wpa_sm *sm,
953 const unsigned char *src_addr,
954 struct wpa_eapol_ie_parse *ie,
955 const u8 *assoc_resp_mdie)
957 struct rsn_mdie *mdie;
959 mdie = (struct rsn_mdie *) (ie->mdie + 2);
960 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
961 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
962 MOBILITY_DOMAIN_ID_LEN) != 0) {
963 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
964 "not match with the current mobility domain");
968 if (assoc_resp_mdie &&
969 (assoc_resp_mdie[1] != ie->mdie[1] ||
970 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
971 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
972 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
973 ie->mdie, 2 + ie->mdie[1]);
974 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
975 assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
983 static int ft_validate_ftie(struct wpa_sm *sm,
984 const unsigned char *src_addr,
985 struct wpa_eapol_ie_parse *ie,
986 const u8 *assoc_resp_ftie)
988 if (ie->ftie == NULL) {
989 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
990 "FT: No FTIE in EAPOL-Key msg 3/4");
994 if (assoc_resp_ftie == NULL)
997 if (assoc_resp_ftie[1] != ie->ftie[1] ||
998 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
999 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
1000 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
1001 ie->ftie, 2 + ie->ftie[1]);
1002 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
1003 assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
1011 static int ft_validate_rsnie(struct wpa_sm *sm,
1012 const unsigned char *src_addr,
1013 struct wpa_eapol_ie_parse *ie)
1015 struct wpa_ie_data rsn;
1021 * Verify that PMKR1Name from EAPOL-Key message 3/4
1022 * matches with the value we derived.
1024 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
1025 rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
1026 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
1027 "FT 4-way handshake message 3/4");
1031 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
1033 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1034 "FT: PMKR1Name mismatch in "
1035 "FT 4-way handshake message 3/4");
1036 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
1037 rsn.pmkid, WPA_PMK_NAME_LEN);
1038 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1039 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1047 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
1048 const unsigned char *src_addr,
1049 struct wpa_eapol_ie_parse *ie)
1051 const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
1053 if (sm->assoc_resp_ies) {
1054 pos = sm->assoc_resp_ies;
1055 end = pos + sm->assoc_resp_ies_len;
1056 while (pos + 2 < end) {
1057 if (pos + 2 + pos[1] > end)
1060 case WLAN_EID_MOBILITY_DOMAIN:
1063 case WLAN_EID_FAST_BSS_TRANSITION:
1071 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1072 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1073 ft_validate_rsnie(sm, src_addr, ie) < 0)
1079 #endif /* CONFIG_IEEE80211R */
1082 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1083 const unsigned char *src_addr,
1084 struct wpa_eapol_ie_parse *ie)
1086 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1087 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1088 "WPA: No WPA/RSN IE for this AP known. "
1089 "Trying to get from scan results");
1090 if (wpa_sm_get_beacon_ie(sm) < 0) {
1091 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1092 "WPA: Could not find AP from "
1093 "the scan results");
1095 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1096 "WPA: Found the current AP from "
1097 "updated scan results");
1101 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1102 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1103 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1104 "with IE in Beacon/ProbeResp (no IE?)",
1105 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1106 ie->rsn_ie, ie->rsn_ie_len);
1110 if ((ie->wpa_ie && sm->ap_wpa_ie &&
1111 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1112 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1113 (ie->rsn_ie && sm->ap_rsn_ie &&
1114 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1115 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1116 ie->rsn_ie, ie->rsn_ie_len))) {
1117 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1118 "with IE in Beacon/ProbeResp",
1119 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1120 ie->rsn_ie, ie->rsn_ie_len);
1124 if (sm->proto == WPA_PROTO_WPA &&
1125 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1126 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1127 "detected - RSN was enabled and RSN IE "
1128 "was in msg 3/4, but not in "
1130 src_addr, ie->wpa_ie, ie->wpa_ie_len,
1131 ie->rsn_ie, ie->rsn_ie_len);
1135 #ifdef CONFIG_IEEE80211R
1136 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1137 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1139 #endif /* CONFIG_IEEE80211R */
1146 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1147 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1148 * @dst: Destination address for the frame
1149 * @key: Pointer to the EAPOL-Key frame header
1150 * @ver: Version bits from EAPOL-Key Key Info
1151 * @key_info: Key Info
1152 * @ptk: PTK to use for keyed hash and encryption
1153 * Returns: 0 on success, -1 on failure
1155 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1156 const struct wpa_eapol_key *key,
1157 u16 ver, u16 key_info,
1158 struct wpa_ptk *ptk)
1160 size_t mic_len, hdrlen, rlen;
1161 struct wpa_eapol_key *reply;
1162 struct wpa_eapol_key_192 *reply192;
1165 mic_len = wpa_mic_len(sm->key_mgmt);
1166 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1167 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1168 hdrlen, &rlen, (void *) &reply);
1171 reply192 = (struct wpa_eapol_key_192 *) reply;
1173 reply->type = (sm->proto == WPA_PROTO_RSN ||
1174 sm->proto == WPA_PROTO_OSEN) ?
1175 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1176 key_info &= WPA_KEY_INFO_SECURE;
1177 key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1178 WPA_PUT_BE16(reply->key_info, key_info);
1179 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1180 WPA_PUT_BE16(reply->key_length, 0);
1182 os_memcpy(reply->key_length, key->key_length, 2);
1183 os_memcpy(reply->replay_counter, key->replay_counter,
1184 WPA_REPLAY_COUNTER_LEN);
1186 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1188 WPA_PUT_BE16(reply192->key_data_length, 0);
1190 WPA_PUT_BE16(reply->key_data_length, 0);
1192 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1193 wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
1194 rbuf, rlen, key_mic);
1200 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1201 const struct wpa_eapol_key *key,
1202 u16 ver, const u8 *key_data,
1203 size_t key_data_len)
1205 u16 key_info, keylen;
1206 struct wpa_eapol_ie_parse ie;
1208 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1209 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1210 "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1212 key_info = WPA_GET_BE16(key->key_info);
1214 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1215 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1217 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1218 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1219 "WPA: GTK IE in unencrypted key data");
1222 #ifdef CONFIG_IEEE80211W
1223 if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1224 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1225 "WPA: IGTK KDE in unencrypted key data");
1230 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1231 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1232 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1233 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1234 "WPA: Invalid IGTK KDE length %lu",
1235 (unsigned long) ie.igtk_len);
1238 #endif /* CONFIG_IEEE80211W */
1240 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1243 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1244 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1245 "WPA: ANonce from message 1 of 4-Way Handshake "
1246 "differs from 3 of 4-Way Handshake - drop packet (src="
1247 MACSTR ")", MAC2STR(sm->bssid));
1251 keylen = WPA_GET_BE16(key->key_length);
1252 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1253 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1254 "WPA: Invalid %s key length %d (src=" MACSTR
1255 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1256 MAC2STR(sm->bssid));
1261 if (ie.ip_addr_alloc) {
1262 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1263 wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1264 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1266 #endif /* CONFIG_P2P */
1268 if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1273 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1274 * for the next 4-Way Handshake. If msg 3 is received again, the old
1275 * SNonce will still be used to avoid changing PTK. */
1276 sm->renew_snonce = 1;
1278 if (key_info & WPA_KEY_INFO_INSTALL) {
1279 if (wpa_supplicant_install_ptk(sm, key))
1283 if (key_info & WPA_KEY_INFO_SECURE) {
1284 wpa_sm_mlme_setprotection(
1285 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1286 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1287 eapol_sm_notify_portValid(sm->eapol, TRUE);
1289 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1291 if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1292 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1293 key_info & WPA_KEY_INFO_SECURE);
1294 } else if (ie.gtk &&
1295 wpa_supplicant_pairwise_gtk(sm, key,
1296 ie.gtk, ie.gtk_len, key_info) < 0) {
1297 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1298 "RSN: Failed to configure GTK");
1302 if (ieee80211w_set_keys(sm, &ie) < 0) {
1303 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1304 "RSN: Failed to configure IGTK");
1309 wpa_sm_set_rekey_offload(sm);
1311 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1312 struct rsn_pmksa_cache_entry *sa;
1314 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
1315 sm->ptk.kck, sm->ptk.kck_len,
1316 sm->bssid, sm->own_addr,
1317 sm->network_ctx, sm->key_mgmt);
1322 sm->msg_3_of_4_ok = 1;
1326 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1330 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1334 struct wpa_gtk_data *gd)
1337 struct wpa_eapol_ie_parse ie;
1339 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1340 if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1342 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1343 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1344 "WPA: GTK IE in unencrypted key data");
1347 if (ie.gtk == NULL) {
1348 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1349 "WPA: No GTK IE in Group Key msg 1/2");
1352 maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1354 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1355 gd->gtk_len, maxkeylen,
1356 &gd->key_rsc_len, &gd->alg))
1359 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1360 ie.gtk, ie.gtk_len);
1361 gd->keyidx = ie.gtk[0] & 0x3;
1362 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1363 !!(ie.gtk[0] & BIT(2)));
1364 if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1365 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1366 "RSN: Too long GTK in GTK IE (len=%lu)",
1367 (unsigned long) ie.gtk_len - 2);
1370 os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1372 if (ieee80211w_set_keys(sm, &ie) < 0)
1373 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1374 "RSN: Failed to configure IGTK");
1380 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1381 const struct wpa_eapol_key *key,
1383 size_t key_data_len, u16 key_info,
1384 u16 ver, struct wpa_gtk_data *gd)
1389 gtk_len = WPA_GET_BE16(key->key_length);
1390 maxkeylen = key_data_len;
1391 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1392 if (maxkeylen < 8) {
1393 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1394 "WPA: Too short maxkeylen (%lu)",
1395 (unsigned long) maxkeylen);
1401 if (gtk_len > maxkeylen ||
1402 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1404 &gd->key_rsc_len, &gd->alg))
1407 gd->gtk_len = gtk_len;
1408 gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1409 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1410 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1411 #ifdef CONFIG_NO_RC4
1412 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1413 "WPA: RC4 not supported in the build");
1415 #else /* CONFIG_NO_RC4 */
1417 if (key_data_len > sizeof(gd->gtk)) {
1418 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1419 "WPA: RC4 key data too long (%lu)",
1420 (unsigned long) key_data_len);
1423 os_memcpy(ek, key->key_iv, 16);
1424 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1425 os_memcpy(gd->gtk, key_data, key_data_len);
1426 if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1427 os_memset(ek, 0, sizeof(ek));
1428 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1432 os_memset(ek, 0, sizeof(ek));
1433 #endif /* CONFIG_NO_RC4 */
1434 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1435 if (maxkeylen % 8) {
1436 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1437 "WPA: Unsupported AES-WRAP len %lu",
1438 (unsigned long) maxkeylen);
1441 if (maxkeylen > sizeof(gd->gtk)) {
1442 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1443 "WPA: AES-WRAP key data "
1444 "too long (keydatalen=%lu maxkeylen=%lu)",
1445 (unsigned long) key_data_len,
1446 (unsigned long) maxkeylen);
1449 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1450 key_data, gd->gtk)) {
1451 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1452 "WPA: AES unwrap failed - could not decrypt "
1457 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1458 "WPA: Unsupported key_info type %d", ver);
1461 gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1462 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1467 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1468 const struct wpa_eapol_key *key,
1469 int ver, u16 key_info)
1471 size_t mic_len, hdrlen, rlen;
1472 struct wpa_eapol_key *reply;
1473 struct wpa_eapol_key_192 *reply192;
1476 mic_len = wpa_mic_len(sm->key_mgmt);
1477 hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1478 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1479 hdrlen, &rlen, (void *) &reply);
1482 reply192 = (struct wpa_eapol_key_192 *) reply;
1484 reply->type = (sm->proto == WPA_PROTO_RSN ||
1485 sm->proto == WPA_PROTO_OSEN) ?
1486 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1487 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1488 key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1489 WPA_PUT_BE16(reply->key_info, key_info);
1490 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1491 WPA_PUT_BE16(reply->key_length, 0);
1493 os_memcpy(reply->key_length, key->key_length, 2);
1494 os_memcpy(reply->replay_counter, key->replay_counter,
1495 WPA_REPLAY_COUNTER_LEN);
1497 key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1499 WPA_PUT_BE16(reply192->key_data_length, 0);
1501 WPA_PUT_BE16(reply->key_data_length, 0);
1503 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1504 wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid,
1505 ETH_P_EAPOL, rbuf, rlen, key_mic);
1511 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1512 const unsigned char *src_addr,
1513 const struct wpa_eapol_key *key,
1515 size_t key_data_len, u16 ver)
1519 struct wpa_gtk_data gd;
1521 if (!sm->msg_3_of_4_ok) {
1522 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1523 "WPA: Group Key Handshake started prior to completion of 4-way handshake");
1527 os_memset(&gd, 0, sizeof(gd));
1529 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1530 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1531 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1533 key_info = WPA_GET_BE16(key->key_info);
1535 if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1536 ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1537 key_data_len, key_info,
1540 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1542 key_info, ver, &gd);
1545 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1550 if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) ||
1551 wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1553 os_memset(&gd, 0, sizeof(gd));
1556 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Group rekeying "
1557 "completed with " MACSTR " [GTK=%s]",
1558 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1559 wpa_sm_cancel_auth_timeout(sm);
1560 wpa_sm_set_state(sm, WPA_COMPLETED);
1562 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1564 WPA_KEY_INFO_SECURE);
1567 wpa_sm_set_rekey_offload(sm);
1572 os_memset(&gd, 0, sizeof(gd));
1573 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1577 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1578 struct wpa_eapol_key_192 *key,
1580 const u8 *buf, size_t len)
1582 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1584 size_t mic_len = wpa_mic_len(sm->key_mgmt);
1586 os_memcpy(mic, key->key_mic, mic_len);
1588 os_memset(key->key_mic, 0, mic_len);
1589 wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1590 ver, buf, len, key->key_mic);
1591 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1592 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1593 "WPA: Invalid EAPOL-Key MIC "
1594 "when using TPTK - ignoring TPTK");
1599 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1600 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1604 if (!ok && sm->ptk_set) {
1605 os_memset(key->key_mic, 0, mic_len);
1606 wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1607 ver, buf, len, key->key_mic);
1608 if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1609 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1610 "WPA: Invalid EAPOL-Key MIC - "
1618 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1619 "WPA: Could not verify EAPOL-Key MIC - "
1624 os_memcpy(sm->rx_replay_counter, key->replay_counter,
1625 WPA_REPLAY_COUNTER_LEN);
1626 sm->rx_replay_counter_set = 1;
1631 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1632 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1633 struct wpa_eapol_key *key, u16 ver,
1634 u8 *key_data, size_t *key_data_len)
1636 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1637 key_data, *key_data_len);
1639 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1640 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1645 /* Decrypt key data here so that this operation does not need
1646 * to be implemented separately for each message type. */
1647 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1648 #ifdef CONFIG_NO_RC4
1649 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1650 "WPA: RC4 not supported in the build");
1652 #else /* CONFIG_NO_RC4 */
1654 os_memcpy(ek, key->key_iv, 16);
1655 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1656 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1657 os_memset(ek, 0, sizeof(ek));
1658 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1662 os_memset(ek, 0, sizeof(ek));
1663 #endif /* CONFIG_NO_RC4 */
1664 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1665 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1666 sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1667 wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1669 if (*key_data_len < 8 || *key_data_len % 8) {
1670 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1671 "WPA: Unsupported AES-WRAP len %u",
1672 (unsigned int) *key_data_len);
1675 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1676 buf = os_malloc(*key_data_len);
1678 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1679 "WPA: No memory for AES-UNWRAP buffer");
1682 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1686 "WPA: AES unwrap failed - "
1687 "could not decrypt EAPOL-Key key data");
1690 os_memcpy(key_data, buf, *key_data_len);
1692 WPA_PUT_BE16(key->key_data_length, *key_data_len);
1694 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1695 "WPA: Unsupported key_info type %d", ver);
1698 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1699 key_data, *key_data_len);
1705 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1706 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1708 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1710 if (sm && sm->cur_pmksa) {
1711 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1712 "RSN: Cancelling PMKSA caching attempt");
1713 sm->cur_pmksa = NULL;
1718 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1719 const struct wpa_eapol_key *key,
1720 unsigned int key_data_len,
1721 const u8 *mic, unsigned int mic_len)
1723 #ifndef CONFIG_NO_STDOUT_DEBUG
1724 u16 key_info = WPA_GET_BE16(key->key_info);
1726 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
1727 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1728 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1729 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1730 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1731 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1732 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1733 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1734 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1735 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1736 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1737 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1738 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1739 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1740 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1741 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1742 " key_length=%u key_data_length=%u",
1743 WPA_GET_BE16(key->key_length), key_data_len);
1744 wpa_hexdump(MSG_DEBUG, " replay_counter",
1745 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1746 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
1747 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
1748 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
1749 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
1750 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
1751 #endif /* CONFIG_NO_STDOUT_DEBUG */
1756 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1757 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1758 * @src_addr: Source MAC address of the EAPOL packet
1759 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1760 * @len: Length of the EAPOL frame
1761 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1763 * This function is called for each received EAPOL frame. Other than EAPOL-Key
1764 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1765 * only processing WPA and WPA2 EAPOL-Key frames.
1767 * The received EAPOL-Key packets are validated and valid packets are replied
1768 * to. In addition, key material (PTK, GTK) is configured at the end of a
1769 * successful key handshake.
1771 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1772 const u8 *buf, size_t len)
1774 size_t plen, data_len, key_data_len;
1775 const struct ieee802_1x_hdr *hdr;
1776 struct wpa_eapol_key *key;
1777 struct wpa_eapol_key_192 *key192;
1781 struct wpa_peerkey *peerkey = NULL;
1783 size_t mic_len, keyhdrlen;
1785 #ifdef CONFIG_IEEE80211R
1786 sm->ft_completed = 0;
1787 #endif /* CONFIG_IEEE80211R */
1789 mic_len = wpa_mic_len(sm->key_mgmt);
1790 keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1792 if (len < sizeof(*hdr) + keyhdrlen) {
1793 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1794 "WPA: EAPOL frame too short to be a WPA "
1795 "EAPOL-Key (len %lu, expecting at least %lu)",
1796 (unsigned long) len,
1797 (unsigned long) sizeof(*hdr) + keyhdrlen);
1801 hdr = (const struct ieee802_1x_hdr *) buf;
1802 plen = be_to_host16(hdr->length);
1803 data_len = plen + sizeof(*hdr);
1804 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1805 "IEEE 802.1X RX: version=%d type=%d length=%lu",
1806 hdr->version, hdr->type, (unsigned long) plen);
1808 if (hdr->version < EAPOL_VERSION) {
1809 /* TODO: backwards compatibility */
1811 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1812 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1813 "WPA: EAPOL frame (type %u) discarded, "
1814 "not a Key frame", hdr->type);
1818 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1819 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1820 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1821 "WPA: EAPOL frame payload size %lu "
1822 "invalid (frame size %lu)",
1823 (unsigned long) plen, (unsigned long) len);
1827 if (data_len < len) {
1828 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1829 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
1830 (unsigned long) len - data_len);
1834 * Make a copy of the frame since we need to modify the buffer during
1835 * MAC validation and Key Data decryption.
1837 tmp = os_malloc(data_len);
1840 os_memcpy(tmp, buf, data_len);
1841 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1842 key192 = (struct wpa_eapol_key_192 *)
1843 (tmp + sizeof(struct ieee802_1x_hdr));
1845 key_data = (u8 *) (key192 + 1);
1847 key_data = (u8 *) (key + 1);
1849 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1851 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1852 "WPA: EAPOL-Key type (%d) unknown, discarded",
1859 key_data_len = WPA_GET_BE16(key192->key_data_length);
1861 key_data_len = WPA_GET_BE16(key->key_data_length);
1862 wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1864 if (key_data_len > plen - keyhdrlen) {
1865 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1866 "frame - key_data overflow (%u > %u)",
1867 (unsigned int) key_data_len,
1868 (unsigned int) (plen - keyhdrlen));
1872 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1873 key_info = WPA_GET_BE16(key->key_info);
1874 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1875 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1876 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1877 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1878 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1879 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1880 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1881 sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1882 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1883 "WPA: Unsupported EAPOL-Key descriptor version %d",
1888 if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1889 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1890 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1891 "OSEN: Unsupported EAPOL-Key descriptor version %d",
1896 if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1897 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1898 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1899 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1904 #ifdef CONFIG_IEEE80211R
1905 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1906 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1907 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1908 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1909 "FT: AP did not use AES-128-CMAC");
1913 #endif /* CONFIG_IEEE80211R */
1914 #ifdef CONFIG_IEEE80211W
1915 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1916 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1917 sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1918 !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1919 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1920 "WPA: AP did not use the "
1921 "negotiated AES-128-CMAC");
1925 #endif /* CONFIG_IEEE80211W */
1926 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1927 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1928 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1929 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1930 "WPA: CCMP is used, but EAPOL-Key "
1931 "descriptor version (%d) is not 2", ver);
1932 if (sm->group_cipher != WPA_CIPHER_CCMP &&
1933 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1934 /* Earlier versions of IEEE 802.11i did not explicitly
1935 * require version 2 descriptor for all EAPOL-Key
1936 * packets, so allow group keys to use version 1 if
1937 * CCMP is not used for them. */
1938 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1939 "WPA: Backwards compatibility: allow invalid "
1940 "version for non-CCMP group keys");
1941 } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1942 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1943 "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1946 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1947 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1948 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1949 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1950 "WPA: GCMP is used, but EAPOL-Key "
1951 "descriptor version (%d) is not 2", ver);
1955 #ifdef CONFIG_PEERKEY
1956 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1957 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1961 if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1962 if (!peerkey->initiator && peerkey->replay_counter_set &&
1963 os_memcmp(key->replay_counter, peerkey->replay_counter,
1964 WPA_REPLAY_COUNTER_LEN) <= 0) {
1965 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1966 "RSN: EAPOL-Key Replay Counter did not "
1967 "increase (STK) - dropping packet");
1969 } else if (peerkey->initiator) {
1970 u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1971 os_memcpy(_tmp, key->replay_counter,
1972 WPA_REPLAY_COUNTER_LEN);
1973 inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1974 if (os_memcmp(_tmp, peerkey->replay_counter,
1975 WPA_REPLAY_COUNTER_LEN) != 0) {
1976 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1977 "RSN: EAPOL-Key Replay "
1978 "Counter did not match (STK) - "
1985 if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1986 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1987 "RSN: Ack bit in key_info from STK peer");
1990 #endif /* CONFIG_PEERKEY */
1992 if (!peerkey && sm->rx_replay_counter_set &&
1993 os_memcmp(key->replay_counter, sm->rx_replay_counter,
1994 WPA_REPLAY_COUNTER_LEN) <= 0) {
1995 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1996 "WPA: EAPOL-Key Replay Counter did not increase - "
2001 if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
2002 #ifdef CONFIG_PEERKEY
2003 && (peerkey == NULL || !peerkey->initiator)
2004 #endif /* CONFIG_PEERKEY */
2006 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2007 "WPA: No Ack bit in key_info");
2011 if (key_info & WPA_KEY_INFO_REQUEST) {
2012 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2013 "WPA: EAPOL-Key with Request bit - dropped");
2017 if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
2018 wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
2021 #ifdef CONFIG_PEERKEY
2022 if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
2023 peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
2026 #endif /* CONFIG_PEERKEY */
2028 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
2029 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2031 * Only decrypt the Key Data field if the frame's authenticity
2032 * was verified. When using AES-SIV (FILS), the MIC flag is not
2033 * set, so this check should only be performed if mic_len != 0
2034 * which is the case in this code branch.
2036 if (!(key_info & WPA_KEY_INFO_MIC)) {
2037 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2038 "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
2041 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
2046 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
2047 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
2048 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2049 "WPA: Ignored EAPOL-Key (Pairwise) with "
2050 "non-zero key index");
2054 /* PeerKey 4-Way Handshake */
2055 peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
2056 key_data, key_data_len);
2057 } else if (key_info & WPA_KEY_INFO_MIC) {
2058 /* 3/4 4-Way Handshake */
2059 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
2062 /* 1/4 4-Way Handshake */
2063 wpa_supplicant_process_1_of_4(sm, src_addr, key,
2067 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2068 /* PeerKey SMK Handshake */
2069 peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
2072 if (key_info & WPA_KEY_INFO_MIC) {
2073 /* 1/2 Group Key Handshake */
2074 wpa_supplicant_process_1_of_2(sm, src_addr, key,
2075 key_data, key_data_len,
2078 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2079 "WPA: EAPOL-Key (Group) without Mic bit - "
2087 bin_clear_free(tmp, data_len);
2092 #ifdef CONFIG_CTRL_IFACE
2093 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2095 switch (sm->key_mgmt) {
2096 case WPA_KEY_MGMT_IEEE8021X:
2097 return ((sm->proto == WPA_PROTO_RSN ||
2098 sm->proto == WPA_PROTO_OSEN) ?
2099 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2100 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2101 case WPA_KEY_MGMT_PSK:
2102 return (sm->proto == WPA_PROTO_RSN ?
2103 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2104 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2105 #ifdef CONFIG_IEEE80211R
2106 case WPA_KEY_MGMT_FT_IEEE8021X:
2107 return RSN_AUTH_KEY_MGMT_FT_802_1X;
2108 case WPA_KEY_MGMT_FT_PSK:
2109 return RSN_AUTH_KEY_MGMT_FT_PSK;
2110 #endif /* CONFIG_IEEE80211R */
2111 #ifdef CONFIG_IEEE80211W
2112 case WPA_KEY_MGMT_IEEE8021X_SHA256:
2113 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2114 case WPA_KEY_MGMT_PSK_SHA256:
2115 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2116 #endif /* CONFIG_IEEE80211W */
2117 case WPA_KEY_MGMT_CCKM:
2118 return (sm->proto == WPA_PROTO_RSN ?
2119 RSN_AUTH_KEY_MGMT_CCKM:
2120 WPA_AUTH_KEY_MGMT_CCKM);
2121 case WPA_KEY_MGMT_WPA_NONE:
2122 return WPA_AUTH_KEY_MGMT_NONE;
2123 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2124 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2125 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2126 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2133 #define RSN_SUITE "%02x-%02x-%02x-%d"
2134 #define RSN_SUITE_ARG(s) \
2135 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2138 * wpa_sm_get_mib - Dump text list of MIB entries
2139 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2140 * @buf: Buffer for the list
2141 * @buflen: Length of the buffer
2142 * Returns: Number of bytes written to buffer
2144 * This function is used fetch dot11 MIB variables.
2146 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2148 char pmkid_txt[PMKID_LEN * 2 + 1];
2152 if (sm->cur_pmksa) {
2153 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2154 sm->cur_pmksa->pmkid, PMKID_LEN);
2156 pmkid_txt[0] = '\0';
2158 if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2159 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2160 sm->proto == WPA_PROTO_RSN)
2165 ret = os_snprintf(buf, buflen,
2166 "dot11RSNAOptionImplemented=TRUE\n"
2167 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2168 "dot11RSNAEnabled=%s\n"
2169 "dot11RSNAPreauthenticationEnabled=%s\n"
2170 "dot11RSNAConfigVersion=%d\n"
2171 "dot11RSNAConfigPairwiseKeysSupported=5\n"
2172 "dot11RSNAConfigGroupCipherSize=%d\n"
2173 "dot11RSNAConfigPMKLifetime=%d\n"
2174 "dot11RSNAConfigPMKReauthThreshold=%d\n"
2175 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2176 "dot11RSNAConfigSATimeout=%d\n",
2177 rsna ? "TRUE" : "FALSE",
2178 rsna ? "TRUE" : "FALSE",
2180 wpa_cipher_key_len(sm->group_cipher) * 8,
2181 sm->dot11RSNAConfigPMKLifetime,
2182 sm->dot11RSNAConfigPMKReauthThreshold,
2183 sm->dot11RSNAConfigSATimeout);
2184 if (os_snprintf_error(buflen, ret))
2189 buf + len, buflen - len,
2190 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2191 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2192 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2193 "dot11RSNAPMKIDUsed=%s\n"
2194 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2195 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2196 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2197 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2198 "dot11RSNA4WayHandshakeFailures=%u\n",
2199 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2200 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2201 sm->pairwise_cipher)),
2202 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2205 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2206 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2207 sm->pairwise_cipher)),
2208 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2210 sm->dot11RSNA4WayHandshakeFailures);
2211 if (!os_snprintf_error(buflen - len, ret))
2216 #endif /* CONFIG_CTRL_IFACE */
2219 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2220 void *ctx, enum pmksa_free_reason reason)
2222 struct wpa_sm *sm = ctx;
2225 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2226 MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2228 if (sm->cur_pmksa == entry) {
2229 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2230 "RSN: %s current PMKSA entry",
2231 reason == PMKSA_REPLACE ? "replaced" : "removed");
2232 pmksa_cache_clear_current(sm);
2235 * If an entry is simply being replaced, there's no need to
2236 * deauthenticate because it will be immediately re-added.
2237 * This happens when EAP authentication is completed again
2238 * (reauth or failed PMKSA caching attempt).
2240 if (reason != PMKSA_REPLACE)
2244 if (reason == PMKSA_EXPIRE &&
2245 (sm->pmk_len == entry->pmk_len &&
2246 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2247 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2248 "RSN: deauthenticating due to expired PMK");
2249 pmksa_cache_clear_current(sm);
2254 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2255 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2261 * wpa_sm_init - Initialize WPA state machine
2262 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2263 * Returns: Pointer to the allocated WPA state machine data
2265 * This function is used to allocate a new WPA state machine and the returned
2266 * value is passed to all WPA state machine calls.
2268 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2272 sm = os_zalloc(sizeof(*sm));
2275 dl_list_init(&sm->pmksa_candidates);
2276 sm->renew_snonce = 1;
2279 sm->dot11RSNAConfigPMKLifetime = 43200;
2280 sm->dot11RSNAConfigPMKReauthThreshold = 70;
2281 sm->dot11RSNAConfigSATimeout = 60;
2283 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2284 if (sm->pmksa == NULL) {
2285 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2286 "RSN: PMKSA cache initialization failed");
2296 * wpa_sm_deinit - Deinitialize WPA state machine
2297 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2299 void wpa_sm_deinit(struct wpa_sm *sm)
2303 pmksa_cache_deinit(sm->pmksa);
2304 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2305 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2306 os_free(sm->assoc_wpa_ie);
2307 os_free(sm->ap_wpa_ie);
2308 os_free(sm->ap_rsn_ie);
2312 #ifdef CONFIG_IEEE80211R
2313 os_free(sm->assoc_resp_ies);
2314 #endif /* CONFIG_IEEE80211R */
2320 * wpa_sm_notify_assoc - Notify WPA state machine about association
2321 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2322 * @bssid: The BSSID of the new association
2324 * This function is called to let WPA state machine know that the connection
2327 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2334 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2335 "WPA: Association event - clear replay counter");
2336 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2337 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2338 sm->rx_replay_counter_set = 0;
2339 sm->renew_snonce = 1;
2340 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2341 rsn_preauth_deinit(sm);
2343 #ifdef CONFIG_IEEE80211R
2344 if (wpa_ft_is_completed(sm)) {
2346 * Clear portValid to kick EAPOL state machine to re-enter
2347 * AUTHENTICATED state to get the EAPOL port Authorized.
2349 eapol_sm_notify_portValid(sm->eapol, FALSE);
2350 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2352 /* Prepare for the next transition */
2353 wpa_ft_prepare_auth_request(sm, NULL);
2357 #endif /* CONFIG_IEEE80211R */
2361 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2362 * this is not part of a Fast BSS Transition.
2364 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2366 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2368 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2369 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2370 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2371 #ifdef CONFIG_IEEE80211W
2372 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2373 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2374 #endif /* CONFIG_IEEE80211W */
2379 #endif /* CONFIG_TDLS */
2382 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2383 #endif /* CONFIG_P2P */
2388 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2389 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2391 * This function is called to let WPA state machine know that the connection
2392 * was lost. This will abort any existing pre-authentication session.
2394 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2396 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2397 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2399 rsn_preauth_deinit(sm);
2400 pmksa_cache_clear_current(sm);
2401 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2402 sm->dot11RSNA4WayHandshakeFailures++;
2404 wpa_tdls_disassoc(sm);
2405 #endif /* CONFIG_TDLS */
2406 #ifdef CONFIG_IEEE80211R
2407 sm->ft_reassoc_completed = 0;
2408 #endif /* CONFIG_IEEE80211R */
2410 /* Keys are not needed in the WPA state machine anymore */
2413 sm->msg_3_of_4_ok = 0;
2418 * wpa_sm_set_pmk - Set PMK
2419 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2421 * @pmk_len: The length of the new PMK in bytes
2422 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2424 * Configure the PMK for WPA state machine.
2426 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2432 sm->pmk_len = pmk_len;
2433 os_memcpy(sm->pmk, pmk, pmk_len);
2435 #ifdef CONFIG_IEEE80211R
2436 /* Set XXKey to be PSK for FT key derivation */
2437 sm->xxkey_len = pmk_len;
2438 os_memcpy(sm->xxkey, pmk, pmk_len);
2439 #endif /* CONFIG_IEEE80211R */
2442 pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
2443 bssid, sm->own_addr,
2444 sm->network_ctx, sm->key_mgmt);
2450 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2451 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2453 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2456 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2461 if (sm->cur_pmksa) {
2462 sm->pmk_len = sm->cur_pmksa->pmk_len;
2463 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2465 sm->pmk_len = PMK_LEN;
2466 os_memset(sm->pmk, 0, PMK_LEN);
2472 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2473 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2474 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2476 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2479 sm->fast_reauth = fast_reauth;
2484 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2485 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2486 * @scard_ctx: Context pointer for smartcard related callback functions
2488 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2492 sm->scard_ctx = scard_ctx;
2493 if (sm->preauth_eapol)
2494 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2499 * wpa_sm_set_config - Notification of current configration change
2500 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2501 * @config: Pointer to current network configuration
2503 * Notify WPA state machine that configuration has changed. config will be
2504 * stored as a backpointer to network configuration. This can be %NULL to clear
2505 * the stored pointed.
2507 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2513 sm->network_ctx = config->network_ctx;
2514 sm->peerkey_enabled = config->peerkey_enabled;
2515 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2516 sm->proactive_key_caching = config->proactive_key_caching;
2517 sm->eap_workaround = config->eap_workaround;
2518 sm->eap_conf_ctx = config->eap_conf_ctx;
2520 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2521 sm->ssid_len = config->ssid_len;
2524 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2525 sm->p2p = config->p2p;
2527 sm->network_ctx = NULL;
2528 sm->peerkey_enabled = 0;
2529 sm->allowed_pairwise_cipher = 0;
2530 sm->proactive_key_caching = 0;
2531 sm->eap_workaround = 0;
2532 sm->eap_conf_ctx = NULL;
2534 sm->wpa_ptk_rekey = 0;
2541 * wpa_sm_set_own_addr - Set own MAC address
2542 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2543 * @addr: Own MAC address
2545 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2548 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2553 * wpa_sm_set_ifname - Set network interface name
2554 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2555 * @ifname: Interface name
2556 * @bridge_ifname: Optional bridge interface name (for pre-auth)
2558 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2559 const char *bridge_ifname)
2562 sm->ifname = ifname;
2563 sm->bridge_ifname = bridge_ifname;
2569 * wpa_sm_set_eapol - Set EAPOL state machine pointer
2570 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2571 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2573 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2581 * wpa_sm_set_param - Set WPA state machine parameters
2582 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2583 * @param: Parameter field
2584 * @value: Parameter value
2585 * Returns: 0 on success, -1 on failure
2587 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2596 case RSNA_PMK_LIFETIME:
2598 sm->dot11RSNAConfigPMKLifetime = value;
2602 case RSNA_PMK_REAUTH_THRESHOLD:
2603 if (value > 0 && value <= 100)
2604 sm->dot11RSNAConfigPMKReauthThreshold = value;
2608 case RSNA_SA_TIMEOUT:
2610 sm->dot11RSNAConfigSATimeout = value;
2614 case WPA_PARAM_PROTO:
2617 case WPA_PARAM_PAIRWISE:
2618 sm->pairwise_cipher = value;
2620 case WPA_PARAM_GROUP:
2621 sm->group_cipher = value;
2623 case WPA_PARAM_KEY_MGMT:
2624 sm->key_mgmt = value;
2626 #ifdef CONFIG_IEEE80211W
2627 case WPA_PARAM_MGMT_GROUP:
2628 sm->mgmt_group_cipher = value;
2630 #endif /* CONFIG_IEEE80211W */
2631 case WPA_PARAM_RSN_ENABLED:
2632 sm->rsn_enabled = value;
2646 * wpa_sm_get_status - Get WPA state machine
2647 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2648 * @buf: Buffer for status information
2649 * @buflen: Maximum buffer length
2650 * @verbose: Whether to include verbose status information
2651 * Returns: Number of bytes written to buf.
2653 * Query WPA state machine for status information. This function fills in
2654 * a text area with current status information. If the buffer (buf) is not
2655 * large enough, status information will be truncated to fit the buffer.
2657 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2660 char *pos = buf, *end = buf + buflen;
2663 ret = os_snprintf(pos, end - pos,
2664 "pairwise_cipher=%s\n"
2667 wpa_cipher_txt(sm->pairwise_cipher),
2668 wpa_cipher_txt(sm->group_cipher),
2669 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2670 if (os_snprintf_error(end - pos, ret))
2674 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2675 struct wpa_ie_data rsn;
2676 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2678 rsn.capabilities & (WPA_CAPABILITY_MFPR |
2679 WPA_CAPABILITY_MFPC)) {
2680 ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2682 WPA_CAPABILITY_MFPR) ? 2 : 1);
2683 if (os_snprintf_error(end - pos, ret))
2693 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2695 struct wpa_ie_data rsn;
2697 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2700 if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2701 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2709 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2710 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2711 * @wpa_ie: Pointer to buffer for WPA/RSN IE
2712 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2713 * Returns: 0 on success, -1 on failure
2715 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2723 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2728 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2729 wpa_ie, *wpa_ie_len);
2731 if (sm->assoc_wpa_ie == NULL) {
2733 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2734 * the correct version of the IE even if PMKSA caching is
2735 * aborted (which would remove PMKID from IE generation).
2737 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2738 if (sm->assoc_wpa_ie == NULL)
2741 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2742 sm->assoc_wpa_ie_len = *wpa_ie_len;
2750 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2751 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2752 * @ie: Pointer to IE data (starting from id)
2754 * Returns: 0 on success, -1 on failure
2756 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2757 * Request frame. The IE will be used to override the default value generated
2758 * with wpa_sm_set_assoc_wpa_ie_default().
2760 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2765 os_free(sm->assoc_wpa_ie);
2766 if (ie == NULL || len == 0) {
2767 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2768 "WPA: clearing own WPA/RSN IE");
2769 sm->assoc_wpa_ie = NULL;
2770 sm->assoc_wpa_ie_len = 0;
2772 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2773 sm->assoc_wpa_ie = os_malloc(len);
2774 if (sm->assoc_wpa_ie == NULL)
2777 os_memcpy(sm->assoc_wpa_ie, ie, len);
2778 sm->assoc_wpa_ie_len = len;
2786 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2787 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2788 * @ie: Pointer to IE data (starting from id)
2790 * Returns: 0 on success, -1 on failure
2792 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2795 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2800 os_free(sm->ap_wpa_ie);
2801 if (ie == NULL || len == 0) {
2802 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2803 "WPA: clearing AP WPA IE");
2804 sm->ap_wpa_ie = NULL;
2805 sm->ap_wpa_ie_len = 0;
2807 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2808 sm->ap_wpa_ie = os_malloc(len);
2809 if (sm->ap_wpa_ie == NULL)
2812 os_memcpy(sm->ap_wpa_ie, ie, len);
2813 sm->ap_wpa_ie_len = len;
2821 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2822 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2823 * @ie: Pointer to IE data (starting from id)
2825 * Returns: 0 on success, -1 on failure
2827 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2830 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2835 os_free(sm->ap_rsn_ie);
2836 if (ie == NULL || len == 0) {
2837 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2838 "WPA: clearing AP RSN IE");
2839 sm->ap_rsn_ie = NULL;
2840 sm->ap_rsn_ie_len = 0;
2842 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2843 sm->ap_rsn_ie = os_malloc(len);
2844 if (sm->ap_rsn_ie == NULL)
2847 os_memcpy(sm->ap_rsn_ie, ie, len);
2848 sm->ap_rsn_ie_len = len;
2856 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2857 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2858 * @data: Pointer to data area for parsing results
2859 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2861 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2862 * parsed data into data.
2864 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2869 if (sm->assoc_wpa_ie == NULL) {
2870 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2871 "WPA: No WPA/RSN IE available from association info");
2874 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2880 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2882 return pmksa_cache_list(sm->pmksa, buf, len);
2886 void wpa_sm_drop_sa(struct wpa_sm *sm)
2888 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2891 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2892 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2893 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2894 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
2895 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
2896 #ifdef CONFIG_IEEE80211W
2897 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
2898 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
2899 #endif /* CONFIG_IEEE80211W */
2900 #ifdef CONFIG_IEEE80211R
2901 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2902 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2903 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2904 #endif /* CONFIG_IEEE80211R */
2908 int wpa_sm_has_ptk(struct wpa_sm *sm)
2916 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2918 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2922 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2924 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2929 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2932 u8 keylen; /* plaintext key len */
2935 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2936 struct wpa_gtk_data gd;
2938 os_memset(&gd, 0, sizeof(gd));
2939 keylen = wpa_cipher_key_len(sm->group_cipher);
2940 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2941 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2942 if (gd.alg == WPA_ALG_NONE) {
2943 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2948 keyinfo = WPA_GET_LE16(buf + 2);
2949 gd.gtk_len = keylen;
2950 if (gd.gtk_len != buf[4]) {
2951 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2952 gd.gtk_len, buf[4]);
2955 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2956 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2957 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2959 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2961 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2962 gd.gtk, gd.gtk_len);
2963 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
2964 os_memset(&gd, 0, sizeof(gd));
2965 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2969 os_memset(&gd, 0, sizeof(gd));
2970 #ifdef CONFIG_IEEE80211W
2971 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2972 const struct wpa_igtk_kde *igtk;
2974 igtk = (const struct wpa_igtk_kde *) (buf + 2);
2975 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
2977 #endif /* CONFIG_IEEE80211W */
2979 wpa_printf(MSG_DEBUG, "Unknown element id");
2985 #endif /* CONFIG_WNM */
2988 #ifdef CONFIG_PEERKEY
2989 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2990 const u8 *buf, size_t len)
2992 struct wpa_peerkey *peerkey;
2994 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2995 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3002 wpa_sm_rx_eapol(sm, src_addr, buf, len);
3006 #endif /* CONFIG_PEERKEY */
3011 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
3013 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
3015 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
3019 #endif /* CONFIG_P2P */
3022 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
3024 if (rx_replay_counter == NULL)
3027 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
3028 WPA_REPLAY_COUNTER_LEN);
3029 sm->rx_replay_counter_set = 1;
3030 wpa_printf(MSG_DEBUG, "Updated key replay counter");
3034 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
3035 const u8 *ptk_kck, size_t ptk_kck_len,
3036 const u8 *ptk_kek, size_t ptk_kek_len)
3038 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
3039 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
3040 sm->ptk.kck_len = ptk_kck_len;
3041 wpa_printf(MSG_DEBUG, "Updated PTK KCK");
3043 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
3044 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
3045 sm->ptk.kek_len = ptk_kek_len;
3046 wpa_printf(MSG_DEBUG, "Updated PTK KEK");