2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
17 #ifndef CONFIG_NATIVE_WINDOWS
29 #include "ieee802_11.h"
30 #include "pmksa_cache.h"
31 #include "state_machine.h"
32 #include "wpa_auth_i.h"
33 #include "wpa_auth_ie.h"
35 #define STATE_MACHINE_DATA struct wpa_state_machine
36 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
37 #define STATE_MACHINE_ADDR sm->addr
40 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
41 static void wpa_sm_step(struct wpa_state_machine *sm);
42 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
43 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
44 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
46 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
48 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
49 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
50 static const u32 eapol_key_timeout_first = 100; /* ms */
51 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
53 /* TODO: make these configurable */
54 static const int dot11RSNAConfigPMKLifetime = 43200;
55 static const int dot11RSNAConfigPMKReauthThreshold = 70;
56 static const int dot11RSNAConfigSATimeout = 60;
59 static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
67 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
79 if (wpa_auth->cb.get_eapol == NULL)
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
88 if (wpa_auth->cb.get_psk == NULL)
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
94 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
97 if (wpa_auth->cb.get_msk == NULL)
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
105 const char *alg, const u8 *addr, int idx,
106 u8 *key, size_t key_len)
108 if (wpa_auth->cb.set_key == NULL)
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
118 if (wpa_auth->cb.get_seqnum == NULL)
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
124 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
125 const u8 *addr, int idx, u8 *seq)
127 if (wpa_auth->cb.get_seqnum_igtk == NULL)
129 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
134 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
135 const u8 *data, size_t data_len, int encrypt)
137 if (wpa_auth->cb.send_eapol == NULL)
139 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
144 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
145 int (*cb)(struct wpa_state_machine *sm, void *ctx),
148 if (wpa_auth->cb.for_each_sta == NULL)
150 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
154 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
155 int (*cb)(struct wpa_authenticator *a, void *ctx),
158 if (wpa_auth->cb.for_each_auth == NULL)
160 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
164 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
165 logger_level level, const char *txt)
167 if (wpa_auth->cb.logger == NULL)
169 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
173 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
174 logger_level level, const char *fmt, ...)
180 if (wpa_auth->cb.logger == NULL)
183 maxlen = os_strlen(fmt) + 100;
184 format = os_malloc(maxlen);
189 vsnprintf(format, maxlen, fmt, ap);
192 wpa_auth_logger(wpa_auth, addr, level, format);
198 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
201 if (wpa_auth->cb.disconnect == NULL)
203 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
204 WLAN_REASON_PREV_AUTH_NOT_VALID);
208 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
211 #ifdef CONFIG_IEEE80211R
212 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
214 #endif /* CONFIG_IEEE80211R */
215 #ifdef CONFIG_IEEE80211W
216 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
218 #endif /* CONFIG_IEEE80211W */
223 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
225 struct wpa_authenticator *wpa_auth = eloop_ctx;
227 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
228 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
231 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
234 if (wpa_auth->conf.wpa_gmk_rekey) {
235 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
236 wpa_rekey_gmk, wpa_auth, NULL);
241 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
243 struct wpa_authenticator *wpa_auth = eloop_ctx;
244 struct wpa_group *group;
246 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
247 for (group = wpa_auth->group; group; group = group->next) {
248 group->GTKReKey = TRUE;
250 group->changed = FALSE;
251 wpa_group_sm_step(wpa_auth, group);
252 } while (group->changed);
255 if (wpa_auth->conf.wpa_group_rekey) {
256 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
257 0, wpa_rekey_gtk, wpa_auth, NULL);
262 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
264 struct wpa_authenticator *wpa_auth = eloop_ctx;
265 struct wpa_state_machine *sm = timeout_ctx;
267 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
268 wpa_request_new_ptk(sm);
273 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
275 if (sm->pmksa == ctx)
281 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
284 struct wpa_authenticator *wpa_auth = ctx;
285 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
289 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
292 struct wpa_group *group;
293 u8 buf[ETH_ALEN + 8 + sizeof(group)];
296 group = os_zalloc(sizeof(struct wpa_group));
300 group->GTKAuthenticator = TRUE;
301 group->vlan_id = vlan_id;
303 switch (wpa_auth->conf.wpa_group) {
304 case WPA_CIPHER_CCMP:
307 case WPA_CIPHER_TKIP:
310 case WPA_CIPHER_WEP104:
313 case WPA_CIPHER_WEP40:
318 /* Counter = PRF-256(Random number, "Init Counter",
319 * Local MAC Address || Time)
321 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
322 wpa_get_ntp_timestamp(buf + ETH_ALEN);
323 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
324 if (os_get_random(rkey, sizeof(rkey)) ||
325 os_get_random(group->GMK, WPA_GMK_LEN)) {
326 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
332 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
333 group->Counter, WPA_NONCE_LEN);
336 wpa_group_sm_step(wpa_auth, group);
337 group->GInit = FALSE;
338 wpa_group_sm_step(wpa_auth, group);
345 * wpa_init - Initialize WPA authenticator
346 * @addr: Authenticator address
347 * @conf: Configuration for WPA authenticator
348 * @cb: Callback functions for WPA authenticator
349 * Returns: Pointer to WPA authenticator data or %NULL on failure
351 struct wpa_authenticator * wpa_init(const u8 *addr,
352 struct wpa_auth_config *conf,
353 struct wpa_auth_callbacks *cb)
355 struct wpa_authenticator *wpa_auth;
357 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
358 if (wpa_auth == NULL)
360 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
361 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
362 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
364 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
365 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
370 wpa_auth->group = wpa_group_init(wpa_auth, 0);
371 if (wpa_auth->group == NULL) {
372 os_free(wpa_auth->wpa_ie);
377 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
378 if (wpa_auth->pmksa == NULL) {
379 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
380 os_free(wpa_auth->wpa_ie);
385 #ifdef CONFIG_IEEE80211R
386 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
387 if (wpa_auth->ft_pmk_cache == NULL) {
388 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
389 os_free(wpa_auth->wpa_ie);
390 pmksa_cache_deinit(wpa_auth->pmksa);
394 #endif /* CONFIG_IEEE80211R */
396 if (wpa_auth->conf.wpa_gmk_rekey) {
397 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
398 wpa_rekey_gmk, wpa_auth, NULL);
401 if (wpa_auth->conf.wpa_group_rekey) {
402 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
403 wpa_rekey_gtk, wpa_auth, NULL);
411 * wpa_deinit - Deinitialize WPA authenticator
412 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
414 void wpa_deinit(struct wpa_authenticator *wpa_auth)
416 struct wpa_group *group, *prev;
418 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
419 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
421 #ifdef CONFIG_PEERKEY
422 while (wpa_auth->stsl_negotiations)
423 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
424 #endif /* CONFIG_PEERKEY */
426 pmksa_cache_deinit(wpa_auth->pmksa);
428 #ifdef CONFIG_IEEE80211R
429 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
430 wpa_auth->ft_pmk_cache = NULL;
431 #endif /* CONFIG_IEEE80211R */
433 os_free(wpa_auth->wpa_ie);
435 group = wpa_auth->group;
447 * wpa_reconfig - Update WPA authenticator configuration
448 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
449 * @conf: Configuration for WPA authenticator
451 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
452 struct wpa_auth_config *conf)
454 if (wpa_auth == NULL)
457 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
458 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
459 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
467 struct wpa_state_machine *
468 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
470 struct wpa_state_machine *sm;
472 sm = os_zalloc(sizeof(struct wpa_state_machine));
475 os_memcpy(sm->addr, addr, ETH_ALEN);
477 sm->wpa_auth = wpa_auth;
478 sm->group = wpa_auth->group;
484 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
485 struct wpa_state_machine *sm)
487 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
490 #ifdef CONFIG_IEEE80211R
491 if (sm->ft_completed) {
492 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
493 "FT authentication already completed - do not "
494 "start 4-way handshake");
497 #endif /* CONFIG_IEEE80211R */
500 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
501 sm->ReAuthenticationRequest = TRUE;
506 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
507 "start authentication");
513 sm->AuthenticationRequest = TRUE;
518 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
520 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
521 * reassociates back to the same AP while the previous entry for the
522 * STA has not yet been removed. */
526 sm->wpa_key_mgmt = 0;
530 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
532 os_free(sm->last_rx_eapol_key);
538 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
543 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
544 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
545 "strict rekeying - force GTK rekey since STA "
547 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
548 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
552 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
553 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
554 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
555 if (sm->in_step_loop) {
556 /* Must not free state machine while wpa_sm_step() is running.
557 * Freeing will be completed in the end of wpa_sm_step(). */
558 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
559 "machine deinit for " MACSTR, MAC2STR(sm->addr));
560 sm->pending_deinit = 1;
566 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
571 sm->PTKRequest = TRUE;
576 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
577 const u8 *replay_counter)
580 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
581 if (!sm->key_replay[i].valid)
583 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
584 WPA_REPLAY_COUNTER_LEN) == 0)
591 void wpa_receive(struct wpa_authenticator *wpa_auth,
592 struct wpa_state_machine *sm,
593 u8 *data, size_t data_len)
595 struct ieee802_1x_hdr *hdr;
596 struct wpa_eapol_key *key;
597 u16 key_info, key_data_length;
598 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
599 SMK_M1, SMK_M3, SMK_ERROR } msg;
601 struct wpa_eapol_ie_parse kde;
603 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
606 if (data_len < sizeof(*hdr) + sizeof(*key))
609 hdr = (struct ieee802_1x_hdr *) data;
610 key = (struct wpa_eapol_key *) (hdr + 1);
611 key_info = WPA_GET_BE16(key->key_info);
612 key_data_length = WPA_GET_BE16(key->key_data_length);
613 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
614 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
615 "key_data overflow (%d > %lu)",
617 (unsigned long) (data_len - sizeof(*hdr) -
622 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
625 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
626 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
627 if (key_info & WPA_KEY_INFO_ERROR) {
629 msgtxt = "SMK Error";
634 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
637 } else if (key_info & WPA_KEY_INFO_REQUEST) {
640 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
642 msgtxt = "2/2 Group";
643 } else if (key_data_length == 0) {
645 msgtxt = "4/4 Pairwise";
648 msgtxt = "2/4 Pairwise";
651 /* TODO: key_info type validation for PeerKey */
652 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
654 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
655 if (sm->pairwise == WPA_CIPHER_CCMP) {
656 if (wpa_use_aes_cmac(sm) &&
657 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
658 wpa_auth_logger(wpa_auth, sm->addr,
660 "advertised support for "
661 "AES-128-CMAC, but did not "
666 if (!wpa_use_aes_cmac(sm) &&
667 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
668 wpa_auth_logger(wpa_auth, sm->addr,
670 "did not use HMAC-SHA1-AES "
677 if (key_info & WPA_KEY_INFO_REQUEST) {
678 if (sm->req_replay_counter_used &&
679 os_memcmp(key->replay_counter, sm->req_replay_counter,
680 WPA_REPLAY_COUNTER_LEN) <= 0) {
681 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
682 "received EAPOL-Key request with "
688 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
689 !wpa_replay_counter_valid(sm, key->replay_counter)) {
691 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
692 "received EAPOL-Key %s with unexpected "
693 "replay counter", msgtxt);
694 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
695 if (!sm->key_replay[i].valid)
697 wpa_hexdump(MSG_DEBUG, "pending replay counter",
698 sm->key_replay[i].counter,
699 WPA_REPLAY_COUNTER_LEN);
701 wpa_hexdump(MSG_DEBUG, "received replay counter",
702 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
708 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
709 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
710 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
711 "received EAPOL-Key msg 2/4 in "
712 "invalid state (%d) - dropped",
716 if (sm->wpa_ie == NULL ||
717 sm->wpa_ie_len != key_data_length ||
718 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
719 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
720 "WPA IE from (Re)AssocReq did not "
721 "match with msg 2/4");
723 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
724 sm->wpa_ie, sm->wpa_ie_len);
726 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
727 (u8 *) (key + 1), key_data_length);
728 /* MLME-DEAUTHENTICATE.request */
729 wpa_sta_disconnect(wpa_auth, sm->addr);
734 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
736 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
737 "received EAPOL-Key msg 4/4 in "
738 "invalid state (%d) - dropped",
744 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
746 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
747 "received EAPOL-Key msg 2/2 in "
748 "invalid state (%d) - dropped",
749 sm->wpa_ptk_group_state);
753 #ifdef CONFIG_PEERKEY
757 if (!wpa_auth->conf.peerkey) {
758 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
759 "PeerKey use disabled - ignoring message");
762 if (!sm->PTK_valid) {
763 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
764 "received EAPOL-Key msg SMK in "
765 "invalid state - dropped");
769 #else /* CONFIG_PEERKEY */
773 return; /* STSL disabled - ignore SMK messages */
774 #endif /* CONFIG_PEERKEY */
779 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
780 "received EAPOL-Key frame (%s)", msgtxt);
782 if (key_info & WPA_KEY_INFO_ACK) {
783 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
784 "received invalid EAPOL-Key: Key Ack set");
788 if (!(key_info & WPA_KEY_INFO_MIC)) {
789 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
790 "received invalid EAPOL-Key: Key MIC not set");
794 sm->MICVerified = FALSE;
796 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
797 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
798 "received EAPOL-Key with invalid MIC");
801 sm->MICVerified = TRUE;
802 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
805 if (key_info & WPA_KEY_INFO_REQUEST) {
806 if (sm->MICVerified) {
807 sm->req_replay_counter_used = 1;
808 os_memcpy(sm->req_replay_counter, key->replay_counter,
809 WPA_REPLAY_COUNTER_LEN);
811 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
812 "received EAPOL-Key request with "
818 * TODO: should decrypt key data field if encryption was used;
819 * even though MAC address KDE is not normally encrypted,
820 * supplicant is allowed to encrypt it.
822 if (msg == SMK_ERROR) {
823 #ifdef CONFIG_PEERKEY
824 wpa_smk_error(wpa_auth, sm, key);
825 #endif /* CONFIG_PEERKEY */
827 } else if (key_info & WPA_KEY_INFO_ERROR) {
828 /* Supplicant reported a Michael MIC error */
829 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
830 "received EAPOL-Key Error Request "
831 "(STA detected Michael MIC failure)");
832 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
833 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
834 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
835 /* Error report is not a request for a new key
836 * handshake, but since Authenticator may do it, let's
837 * change the keys now anyway. */
838 wpa_request_new_ptk(sm);
839 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
840 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
841 "received EAPOL-Key Request for new "
843 wpa_request_new_ptk(sm);
844 #ifdef CONFIG_PEERKEY
845 } else if (msg == SMK_M1) {
846 wpa_smk_m1(wpa_auth, sm, key);
847 #endif /* CONFIG_PEERKEY */
848 } else if (key_data_length > 0 &&
849 wpa_parse_kde_ies((const u8 *) (key + 1),
850 key_data_length, &kde) == 0 &&
853 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
854 "received EAPOL-Key Request for GTK "
856 /* FIX: why was this triggering PTK rekeying for the
857 * STA that requested Group Key rekeying?? */
858 /* wpa_request_new_ptk(sta->wpa_sm); */
859 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
860 wpa_rekey_gtk(wpa_auth, NULL);
863 /* Do not allow the same key replay counter to be reused. This
864 * does also invalidate all other pending replay counters if
865 * retransmissions were used, i.e., we will only process one of
866 * the pending replies and ignore rest if more than one is
868 sm->key_replay[0].valid = FALSE;
871 #ifdef CONFIG_PEERKEY
873 wpa_smk_m3(wpa_auth, sm, key);
876 #endif /* CONFIG_PEERKEY */
878 os_free(sm->last_rx_eapol_key);
879 sm->last_rx_eapol_key = os_malloc(data_len);
880 if (sm->last_rx_eapol_key == NULL)
882 os_memcpy(sm->last_rx_eapol_key, data, data_len);
883 sm->last_rx_eapol_key_len = data_len;
885 sm->EAPOLKeyReceived = TRUE;
886 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
887 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
888 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
893 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
894 u8 *gtk, size_t gtk_len)
896 u8 data[ETH_ALEN + WPA_NONCE_LEN];
898 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
899 os_memcpy(data, addr, ETH_ALEN);
900 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
902 #ifdef CONFIG_IEEE80211W
903 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
904 data, sizeof(data), gtk, gtk_len);
905 #else /* CONFIG_IEEE80211W */
906 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
907 data, sizeof(data), gtk, gtk_len);
908 #endif /* CONFIG_IEEE80211W */
910 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
911 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
915 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
917 struct wpa_authenticator *wpa_auth = eloop_ctx;
918 struct wpa_state_machine *sm = timeout_ctx;
920 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
921 sm->TimeoutEvt = TRUE;
926 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
927 struct wpa_state_machine *sm, int key_info,
928 const u8 *key_rsc, const u8 *nonce,
929 const u8 *kde, size_t kde_len,
930 int keyidx, int encr, int force_version)
932 struct ieee802_1x_hdr *hdr;
933 struct wpa_eapol_key *key;
936 int key_data_len, pad_len = 0;
938 int version, pairwise;
941 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
944 version = force_version;
945 else if (wpa_use_aes_cmac(sm))
946 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
947 else if (sm->pairwise == WPA_CIPHER_CCMP)
948 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
950 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
952 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
954 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
955 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
958 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
959 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
960 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
961 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
962 pairwise, (unsigned long) kde_len, keyidx, encr);
964 key_data_len = kde_len;
966 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
967 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
968 pad_len = key_data_len % 8;
970 pad_len = 8 - pad_len;
971 key_data_len += pad_len + 8;
976 hdr = os_zalloc(len);
979 hdr->version = wpa_auth->conf.eapol_version;
980 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
981 hdr->length = host_to_be16(len - sizeof(*hdr));
982 key = (struct wpa_eapol_key *) (hdr + 1);
984 key->type = sm->wpa == WPA_VERSION_WPA2 ?
985 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
987 if (encr && sm->wpa == WPA_VERSION_WPA2)
988 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
989 if (sm->wpa != WPA_VERSION_WPA2)
990 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
991 WPA_PUT_BE16(key->key_info, key_info);
993 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
995 case WPA_CIPHER_CCMP:
996 WPA_PUT_BE16(key->key_length, 16);
998 case WPA_CIPHER_TKIP:
999 WPA_PUT_BE16(key->key_length, 32);
1001 case WPA_CIPHER_WEP40:
1002 WPA_PUT_BE16(key->key_length, 5);
1004 case WPA_CIPHER_WEP104:
1005 WPA_PUT_BE16(key->key_length, 13);
1008 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1009 WPA_PUT_BE16(key->key_length, 0);
1011 /* FIX: STSL: what to use as key_replay_counter? */
1012 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1013 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1014 os_memcpy(sm->key_replay[i].counter,
1015 sm->key_replay[i - 1].counter,
1016 WPA_REPLAY_COUNTER_LEN);
1018 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1019 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1020 WPA_REPLAY_COUNTER_LEN);
1021 sm->key_replay[0].valid = TRUE;
1024 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1027 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1030 os_memcpy(key + 1, kde, kde_len);
1031 WPA_PUT_BE16(key->key_data_length, kde_len);
1032 } else if (encr && kde) {
1033 buf = os_zalloc(key_data_len);
1039 os_memcpy(pos, kde, kde_len);
1045 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1047 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1048 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1049 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1050 (u8 *) (key + 1))) {
1055 WPA_PUT_BE16(key->key_data_length, key_data_len);
1058 os_memcpy(key->key_iv,
1059 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1060 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1061 os_memcpy(ek, key->key_iv, 16);
1062 os_memcpy(ek + 16, sm->PTK.kek, 16);
1063 os_memcpy(key + 1, buf, key_data_len);
1064 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1065 WPA_PUT_BE16(key->key_data_length, key_data_len);
1070 if (key_info & WPA_KEY_INFO_MIC) {
1071 if (!sm->PTK_valid) {
1072 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1073 "PTK not valid when sending EAPOL-Key "
1078 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1082 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1084 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1090 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1091 struct wpa_state_machine *sm, int key_info,
1092 const u8 *key_rsc, const u8 *nonce,
1093 const u8 *kde, size_t kde_len,
1094 int keyidx, int encr)
1097 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1103 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1106 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1108 timeout_ms = eapol_key_timeout_first;
1110 timeout_ms = eapol_key_timeout_subseq;
1111 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1112 wpa_send_eapol_timeout, wpa_auth, sm);
1116 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1118 struct ieee802_1x_hdr *hdr;
1119 struct wpa_eapol_key *key;
1124 if (data_len < sizeof(*hdr) + sizeof(*key))
1127 hdr = (struct ieee802_1x_hdr *) data;
1128 key = (struct wpa_eapol_key *) (hdr + 1);
1129 key_info = WPA_GET_BE16(key->key_info);
1130 os_memcpy(mic, key->key_mic, 16);
1131 os_memset(key->key_mic, 0, 16);
1132 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1133 data, data_len, key->key_mic) ||
1134 os_memcmp(mic, key->key_mic, 16) != 0)
1136 os_memcpy(key->key_mic, mic, 16);
1141 void wpa_remove_ptk(struct wpa_state_machine *sm)
1143 sm->PTK_valid = FALSE;
1144 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1145 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
1146 sm->pairwise_set = FALSE;
1147 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1151 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1158 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1159 "event %d notification", event);
1167 sm->DeauthenticationRequest = TRUE;
1170 case WPA_REAUTH_EAPOL:
1171 if (sm->GUpdateStationKeys) {
1173 * Reauthentication cancels the pending group key
1174 * update for this STA.
1176 sm->group->GKeyDoneStations--;
1177 sm->GUpdateStationKeys = FALSE;
1178 sm->PtkGroupInit = TRUE;
1180 sm->ReAuthenticationRequest = TRUE;
1183 #ifdef CONFIG_IEEE80211R
1184 /* Using FT protocol, not WPA auth state machine */
1185 sm->ft_completed = 1;
1187 #else /* CONFIG_IEEE80211R */
1189 #endif /* CONFIG_IEEE80211R */
1192 #ifdef CONFIG_IEEE80211R
1193 sm->ft_completed = 0;
1194 #endif /* CONFIG_IEEE80211R */
1196 #ifdef CONFIG_IEEE80211W
1197 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1199 #endif /* CONFIG_IEEE80211W */
1202 sm->PTK_valid = FALSE;
1203 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1205 if (event != WPA_REAUTH_EAPOL)
1213 static const char * wpa_alg_txt(int alg)
1216 case WPA_CIPHER_CCMP:
1218 case WPA_CIPHER_TKIP:
1220 case WPA_CIPHER_WEP104:
1221 case WPA_CIPHER_WEP40:
1229 SM_STATE(WPA_PTK, INITIALIZE)
1231 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1233 /* Init flag is not cleared here, so avoid busy
1234 * loop by claiming nothing changed. */
1235 sm->changed = FALSE;
1239 if (sm->GUpdateStationKeys)
1240 sm->group->GKeyDoneStations--;
1241 sm->GUpdateStationKeys = FALSE;
1242 if (sm->wpa == WPA_VERSION_WPA)
1243 sm->PInitAKeys = FALSE;
1244 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1245 * Local AA > Remote AA)) */) {
1248 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1250 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1252 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1253 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1254 WPA_EAPOL_authorized, 0);
1259 SM_STATE(WPA_PTK, DISCONNECT)
1261 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1262 sm->Disconnect = FALSE;
1263 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1267 SM_STATE(WPA_PTK, DISCONNECTED)
1269 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1270 sm->DeauthenticationRequest = FALSE;
1274 SM_STATE(WPA_PTK, AUTHENTICATION)
1276 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1277 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1278 sm->PTK_valid = FALSE;
1279 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1281 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1282 sm->AuthenticationRequest = FALSE;
1286 SM_STATE(WPA_PTK, AUTHENTICATION2)
1288 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1289 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1290 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1291 sm->ReAuthenticationRequest = FALSE;
1292 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1293 * logical place than INITIALIZE since AUTHENTICATION2 can be
1294 * re-entered on ReAuthenticationRequest without going through
1300 SM_STATE(WPA_PTK, INITPMK)
1302 u8 msk[2 * PMK_LEN];
1303 size_t len = 2 * PMK_LEN;
1305 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1306 #ifdef CONFIG_IEEE80211R
1308 #endif /* CONFIG_IEEE80211R */
1310 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1311 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1312 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1313 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1314 "(len=%lu)", (unsigned long) len);
1315 os_memcpy(sm->PMK, msk, PMK_LEN);
1316 #ifdef CONFIG_IEEE80211R
1317 if (len >= 2 * PMK_LEN) {
1318 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1319 sm->xxkey_len = PMK_LEN;
1321 #endif /* CONFIG_IEEE80211R */
1323 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1326 sm->req_replay_counter_used = 0;
1327 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1328 * will break reauthentication since EAPOL state machines may not be
1329 * get into AUTHENTICATING state that clears keyRun before WPA state
1330 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1331 * state and takes PMK from the previously used AAA Key. This will
1332 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1333 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1334 * be good workaround for this issue. */
1335 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1339 SM_STATE(WPA_PTK, INITPSK)
1342 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1343 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1345 os_memcpy(sm->PMK, psk, PMK_LEN);
1346 #ifdef CONFIG_IEEE80211R
1347 os_memcpy(sm->xxkey, psk, PMK_LEN);
1348 sm->xxkey_len = PMK_LEN;
1349 #endif /* CONFIG_IEEE80211R */
1351 sm->req_replay_counter_used = 0;
1355 SM_STATE(WPA_PTK, PTKSTART)
1357 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1358 size_t pmkid_len = 0;
1360 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1361 sm->PTKRequest = FALSE;
1362 sm->TimeoutEvt = FALSE;
1365 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1366 /* No point in sending the EAPOL-Key - we will disconnect
1367 * immediately following this. */
1371 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1372 "sending 1/4 msg of 4-Way Handshake");
1374 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1375 * one possible PSK for this STA.
1377 if (sm->wpa == WPA_VERSION_WPA2 &&
1378 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
1380 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1381 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1382 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1383 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1385 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1386 sm->pmksa->pmkid, PMKID_LEN);
1389 * Calculate PMKID since no PMKSA cache entry was
1390 * available with pre-calculated PMKID.
1392 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1393 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1394 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1397 wpa_send_eapol(sm->wpa_auth, sm,
1398 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1399 sm->ANonce, pmkid, pmkid_len, 0, 0);
1403 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1404 struct wpa_ptk *ptk)
1406 #ifdef CONFIG_IEEE80211R
1407 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1408 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
1409 #endif /* CONFIG_IEEE80211R */
1411 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1412 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1413 (u8 *) ptk, sizeof(*ptk),
1414 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1420 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1424 const u8 *pmk = NULL;
1426 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1427 sm->EAPOLKeyReceived = FALSE;
1429 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1430 * WPA-PSK: iterate through possible PSKs and select the one matching
1433 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1434 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1440 wpa_derive_ptk(sm, pmk, &PTK);
1442 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1443 sm->last_rx_eapol_key_len) == 0) {
1448 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1453 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1454 "invalid MIC in msg 2/4 of 4-Way Handshake");
1458 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1460 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1461 /* PSK may have changed from the previous choice, so update
1462 * state machine data based on whatever PSK was selected here.
1464 os_memcpy(sm->PMK, pmk, PMK_LEN);
1467 sm->MICVerified = TRUE;
1469 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1470 sm->PTK_valid = TRUE;
1474 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1476 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1481 #ifdef CONFIG_IEEE80211W
1483 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1485 if (sm->mgmt_frame_prot) {
1486 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1493 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1495 struct wpa_igtk_kde igtk;
1496 struct wpa_group *gsm = sm->group;
1498 if (!sm->mgmt_frame_prot)
1501 igtk.keyid[0] = gsm->GN_igtk;
1503 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn)
1505 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1506 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1507 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1508 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1513 #else /* CONFIG_IEEE80211W */
1515 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1521 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1526 #endif /* CONFIG_IEEE80211W */
1529 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1531 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1532 size_t gtk_len, kde_len;
1533 struct wpa_group *gsm = sm->group;
1535 int wpa_ie_len, secure, keyidx, encr = 0;
1537 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1538 sm->TimeoutEvt = FALSE;
1541 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1542 /* No point in sending the EAPOL-Key - we will disconnect
1543 * immediately following this. */
1547 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1549 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1550 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1551 wpa_ie = sm->wpa_auth->wpa_ie;
1552 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1553 if (sm->wpa == WPA_VERSION_WPA &&
1554 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1555 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1556 /* WPA-only STA, remove RSN IE */
1557 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1558 wpa_ie_len = wpa_ie[1] + 2;
1560 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1561 "sending 3/4 msg of 4-Way Handshake");
1562 if (sm->wpa == WPA_VERSION_WPA2) {
1563 /* WPA2 send GTK in the 4-way handshake */
1565 gtk = gsm->GTK[gsm->GN - 1];
1566 gtk_len = gsm->GTK_len;
1571 /* WPA does not include GTK in msg 3/4 */
1579 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1581 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1582 kde = os_malloc(kde_len);
1587 os_memcpy(pos, wpa_ie, wpa_ie_len);
1591 hdr[0] = keyidx & 0x03;
1593 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1596 pos = ieee80211w_kde_add(sm, pos);
1598 wpa_send_eapol(sm->wpa_auth, sm,
1599 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1600 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1601 WPA_KEY_INFO_KEY_TYPE,
1602 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1607 SM_STATE(WPA_PTK, PTKINITDONE)
1609 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1610 sm->EAPOLKeyReceived = FALSE;
1614 if (sm->pairwise == WPA_CIPHER_TKIP) {
1621 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1622 sm->PTK.tk1, klen)) {
1623 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1626 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1627 sm->pairwise_set = TRUE;
1629 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1630 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1631 eloop_register_timeout(sm->wpa_auth->conf.
1632 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1636 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1637 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1638 WPA_EAPOL_authorized, 1);
1642 if (0 /* IBSS == TRUE */) {
1644 if (sm->keycount == 2) {
1645 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1646 WPA_EAPOL_portValid, 1);
1649 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1652 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1653 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1654 if (sm->wpa == WPA_VERSION_WPA)
1655 sm->PInitAKeys = TRUE;
1658 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1659 "pairwise key handshake completed (%s)",
1660 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1662 #ifdef CONFIG_IEEE80211R
1663 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1664 #endif /* CONFIG_IEEE80211R */
1670 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1673 SM_ENTER(WPA_PTK, INITIALIZE);
1674 else if (sm->Disconnect
1675 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1676 SM_ENTER(WPA_PTK, DISCONNECT);
1677 else if (sm->DeauthenticationRequest)
1678 SM_ENTER(WPA_PTK, DISCONNECTED);
1679 else if (sm->AuthenticationRequest)
1680 SM_ENTER(WPA_PTK, AUTHENTICATION);
1681 else if (sm->ReAuthenticationRequest)
1682 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1683 else if (sm->PTKRequest)
1684 SM_ENTER(WPA_PTK, PTKSTART);
1685 else switch (sm->wpa_ptk_state) {
1686 case WPA_PTK_INITIALIZE:
1688 case WPA_PTK_DISCONNECT:
1689 SM_ENTER(WPA_PTK, DISCONNECTED);
1691 case WPA_PTK_DISCONNECTED:
1692 SM_ENTER(WPA_PTK, INITIALIZE);
1694 case WPA_PTK_AUTHENTICATION:
1695 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1697 case WPA_PTK_AUTHENTICATION2:
1698 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1699 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1700 WPA_EAPOL_keyRun) > 0)
1701 SM_ENTER(WPA_PTK, INITPMK);
1702 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
1703 /* FIX: && 802.1X::keyRun */)
1704 SM_ENTER(WPA_PTK, INITPSK);
1706 case WPA_PTK_INITPMK:
1707 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1708 WPA_EAPOL_keyAvailable) > 0)
1709 SM_ENTER(WPA_PTK, PTKSTART);
1711 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1712 SM_ENTER(WPA_PTK, DISCONNECT);
1715 case WPA_PTK_INITPSK:
1716 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1717 SM_ENTER(WPA_PTK, PTKSTART);
1719 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1720 "no PSK configured for the STA");
1721 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1722 SM_ENTER(WPA_PTK, DISCONNECT);
1725 case WPA_PTK_PTKSTART:
1726 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1727 sm->EAPOLKeyPairwise)
1728 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1729 else if (sm->TimeoutCtr >
1730 (int) dot11RSNAConfigPairwiseUpdateCount) {
1731 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1732 SM_ENTER(WPA_PTK, DISCONNECT);
1733 } else if (sm->TimeoutEvt)
1734 SM_ENTER(WPA_PTK, PTKSTART);
1736 case WPA_PTK_PTKCALCNEGOTIATING:
1737 if (sm->MICVerified)
1738 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1739 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1740 sm->EAPOLKeyPairwise)
1741 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1742 else if (sm->TimeoutEvt)
1743 SM_ENTER(WPA_PTK, PTKSTART);
1745 case WPA_PTK_PTKCALCNEGOTIATING2:
1746 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1748 case WPA_PTK_PTKINITNEGOTIATING:
1749 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1750 sm->EAPOLKeyPairwise && sm->MICVerified)
1751 SM_ENTER(WPA_PTK, PTKINITDONE);
1752 else if (sm->TimeoutCtr >
1753 (int) dot11RSNAConfigPairwiseUpdateCount) {
1754 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1755 SM_ENTER(WPA_PTK, DISCONNECT);
1756 } else if (sm->TimeoutEvt)
1757 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1759 case WPA_PTK_PTKINITDONE:
1765 SM_STATE(WPA_PTK_GROUP, IDLE)
1767 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1769 /* Init flag is not cleared here, so avoid busy
1770 * loop by claiming nothing changed. */
1771 sm->changed = FALSE;
1773 sm->GTimeoutCtr = 0;
1777 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1779 u8 rsc[WPA_KEY_RSC_LEN];
1780 struct wpa_group *gsm = sm->group;
1781 u8 *kde, *pos, hdr[2];
1784 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
1787 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
1788 /* No point in sending the EAPOL-Key - we will disconnect
1789 * immediately following this. */
1793 if (sm->wpa == WPA_VERSION_WPA)
1794 sm->PInitAKeys = FALSE;
1795 sm->TimeoutEvt = FALSE;
1796 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1797 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1798 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1799 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1800 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1801 "sending 1/2 msg of Group Key Handshake");
1803 if (sm->wpa == WPA_VERSION_WPA2) {
1804 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1805 ieee80211w_kde_len(sm);
1806 kde = os_malloc(kde_len);
1811 hdr[0] = gsm->GN & 0x03;
1813 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1814 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1815 pos = ieee80211w_kde_add(sm, pos);
1817 kde = gsm->GTK[gsm->GN - 1];
1818 pos = kde + gsm->GTK_len;
1821 wpa_send_eapol(sm->wpa_auth, sm,
1822 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1824 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1825 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1826 if (sm->wpa == WPA_VERSION_WPA2)
1831 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1833 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1834 sm->EAPOLKeyReceived = FALSE;
1835 if (sm->GUpdateStationKeys)
1836 sm->group->GKeyDoneStations--;
1837 sm->GUpdateStationKeys = FALSE;
1838 sm->GTimeoutCtr = 0;
1839 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1840 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1841 "group key handshake completed (%s)",
1842 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1847 SM_STATE(WPA_PTK_GROUP, KEYERROR)
1849 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1850 if (sm->GUpdateStationKeys)
1851 sm->group->GKeyDoneStations--;
1852 sm->GUpdateStationKeys = FALSE;
1853 sm->Disconnect = TRUE;
1857 SM_STEP(WPA_PTK_GROUP)
1859 if (sm->Init || sm->PtkGroupInit) {
1860 SM_ENTER(WPA_PTK_GROUP, IDLE);
1861 sm->PtkGroupInit = FALSE;
1862 } else switch (sm->wpa_ptk_group_state) {
1863 case WPA_PTK_GROUP_IDLE:
1864 if (sm->GUpdateStationKeys ||
1865 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1866 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1868 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1869 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1870 !sm->EAPOLKeyPairwise && sm->MICVerified)
1871 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1872 else if (sm->GTimeoutCtr >
1873 (int) dot11RSNAConfigGroupUpdateCount)
1874 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1875 else if (sm->TimeoutEvt)
1876 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1878 case WPA_PTK_GROUP_KEYERROR:
1879 SM_ENTER(WPA_PTK_GROUP, IDLE);
1881 case WPA_PTK_GROUP_REKEYESTABLISHED:
1882 SM_ENTER(WPA_PTK_GROUP, IDLE);
1888 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1889 struct wpa_group *group)
1893 /* FIX: is this the correct way of getting GNonce? */
1894 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1895 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1896 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1897 group->GTK[group->GN - 1], group->GTK_len);
1899 #ifdef CONFIG_IEEE80211W
1900 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1901 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1902 WPA_IGTK_LEN) < 0) {
1903 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1907 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1908 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1910 #endif /* CONFIG_IEEE80211W */
1916 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1917 struct wpa_group *group)
1919 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1920 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1921 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1922 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1925 os_memset(group->GTK, 0, sizeof(group->GTK));
1928 #ifdef CONFIG_IEEE80211W
1931 #endif /* CONFIG_IEEE80211W */
1932 /* GTK[GN] = CalcGTK() */
1933 wpa_gtk_update(wpa_auth, group);
1937 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1939 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1940 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1941 "Not in PTKINITDONE; skip Group Key update");
1944 if (sm->GUpdateStationKeys) {
1946 * This should not really happen, but just in case, make sure
1947 * we do not count the same STA twice in GKeyDoneStations.
1949 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1950 "GUpdateStationKeys already set - do not "
1951 "increment GKeyDoneStations");
1953 sm->group->GKeyDoneStations++;
1954 sm->GUpdateStationKeys = TRUE;
1961 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1962 struct wpa_group *group)
1966 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1967 "SETKEYS (VLAN-ID %d)", group->vlan_id);
1968 group->changed = TRUE;
1969 group->wpa_group_state = WPA_GROUP_SETKEYS;
1970 group->GTKReKey = FALSE;
1972 group->GM = group->GN;
1974 #ifdef CONFIG_IEEE80211W
1975 tmp = group->GM_igtk;
1976 group->GM_igtk = group->GN_igtk;
1977 group->GN_igtk = tmp;
1978 #endif /* CONFIG_IEEE80211W */
1979 /* "GKeyDoneStations = GNoStations" is done in more robust way by
1980 * counting the STAs that are marked with GUpdateStationKeys instead of
1981 * including all STAs that could be in not-yet-completed state. */
1982 wpa_gtk_update(wpa_auth, group);
1984 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
1985 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
1986 group->GKeyDoneStations);
1990 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
1991 struct wpa_group *group)
1993 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1994 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
1995 group->changed = TRUE;
1996 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
1997 wpa_auth_set_key(wpa_auth, group->vlan_id,
1998 wpa_alg_txt(wpa_auth->conf.wpa_group),
1999 NULL, group->GN, group->GTK[group->GN - 1],
2002 #ifdef CONFIG_IEEE80211W
2003 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
2004 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
2005 NULL, group->GN_igtk,
2006 group->IGTK[group->GN_igtk - 4],
2009 #endif /* CONFIG_IEEE80211W */
2013 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2014 struct wpa_group *group)
2017 wpa_group_gtk_init(wpa_auth, group);
2018 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2019 group->GTKAuthenticator) {
2020 wpa_group_setkeysdone(wpa_auth, group);
2021 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2023 wpa_group_setkeys(wpa_auth, group);
2024 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2025 if (group->GKeyDoneStations == 0)
2026 wpa_group_setkeysdone(wpa_auth, group);
2027 else if (group->GTKReKey)
2028 wpa_group_setkeys(wpa_auth, group);
2033 static void wpa_sm_step(struct wpa_state_machine *sm)
2038 if (sm->in_step_loop) {
2039 /* This should not happen, but if it does, make sure we do not
2040 * end up freeing the state machine too early by exiting the
2041 * recursive call. */
2042 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2046 sm->in_step_loop = 1;
2048 if (sm->pending_deinit)
2051 sm->changed = FALSE;
2052 sm->wpa_auth->group->changed = FALSE;
2054 SM_STEP_RUN(WPA_PTK);
2055 if (sm->pending_deinit)
2057 SM_STEP_RUN(WPA_PTK_GROUP);
2058 if (sm->pending_deinit)
2060 wpa_group_sm_step(sm->wpa_auth, sm->group);
2061 } while (sm->changed || sm->wpa_auth->group->changed);
2062 sm->in_step_loop = 0;
2064 if (sm->pending_deinit) {
2065 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2066 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2067 wpa_free_sta_sm(sm);
2072 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2074 struct wpa_state_machine *sm = eloop_ctx;
2079 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2083 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2087 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2090 struct wpa_group *group;
2092 if (wpa_auth == NULL)
2095 group = wpa_auth->group;
2097 for (i = 0; i < 2; i++) {
2099 group->GM = group->GN;
2101 #ifdef CONFIG_IEEE80211W
2102 tmp = group->GM_igtk;
2103 group->GM_igtk = group->GN_igtk;
2104 group->GN_igtk = tmp;
2105 #endif /* CONFIG_IEEE80211W */
2106 wpa_gtk_update(wpa_auth, group);
2111 static const char * wpa_bool_txt(int bool)
2113 return bool ? "TRUE" : "FALSE";
2117 static int wpa_cipher_bits(int cipher)
2120 case WPA_CIPHER_CCMP:
2122 case WPA_CIPHER_TKIP:
2124 case WPA_CIPHER_WEP104:
2126 case WPA_CIPHER_WEP40:
2134 #define RSN_SUITE "%02x-%02x-%02x-%d"
2135 #define RSN_SUITE_ARG(s) \
2136 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2138 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2141 char pmkid_txt[PMKID_LEN * 2 + 1];
2143 if (wpa_auth == NULL)
2146 ret = os_snprintf(buf + len, buflen - len,
2147 "dot11RSNAOptionImplemented=TRUE\n"
2148 #ifdef CONFIG_RSN_PREAUTH
2149 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2150 #else /* CONFIG_RSN_PREAUTH */
2151 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2152 #endif /* CONFIG_RSN_PREAUTH */
2153 "dot11RSNAEnabled=%s\n"
2154 "dot11RSNAPreauthenticationEnabled=%s\n",
2155 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2156 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2157 if (ret < 0 || (size_t) ret >= buflen - len)
2161 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2162 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2165 buf + len, buflen - len,
2166 "dot11RSNAConfigVersion=%u\n"
2167 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2168 /* FIX: dot11RSNAConfigGroupCipher */
2169 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2170 /* FIX: dot11RSNAConfigGroupRekeyTime */
2171 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2172 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2173 "dot11RSNAConfigGroupUpdateCount=%u\n"
2174 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2175 "dot11RSNAConfigGroupCipherSize=%u\n"
2176 "dot11RSNAConfigPMKLifetime=%u\n"
2177 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2178 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2179 "dot11RSNAConfigSATimeout=%u\n"
2180 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2181 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2182 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2183 "dot11RSNAPMKIDUsed=%s\n"
2184 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2185 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2186 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2187 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2188 "dot11RSNA4WayHandshakeFailures=%u\n"
2189 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2191 !!wpa_auth->conf.wpa_strict_rekey,
2192 dot11RSNAConfigGroupUpdateCount,
2193 dot11RSNAConfigPairwiseUpdateCount,
2194 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2195 dot11RSNAConfigPMKLifetime,
2196 dot11RSNAConfigPMKReauthThreshold,
2197 dot11RSNAConfigSATimeout,
2198 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2199 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2200 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2202 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2203 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2204 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2205 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2206 wpa_auth->dot11RSNA4WayHandshakeFailures);
2207 if (ret < 0 || (size_t) ret >= buflen - len)
2211 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2212 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2215 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2216 wpa_auth->group->wpa_group_state);
2217 if (ret < 0 || (size_t) ret >= buflen - len)
2225 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2233 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2235 /* dot11RSNAStatsEntry */
2237 if (sm->wpa == WPA_VERSION_WPA) {
2238 if (sm->pairwise == WPA_CIPHER_CCMP)
2239 pairwise = WPA_CIPHER_SUITE_CCMP;
2240 else if (sm->pairwise == WPA_CIPHER_TKIP)
2241 pairwise = WPA_CIPHER_SUITE_TKIP;
2242 else if (sm->pairwise == WPA_CIPHER_WEP104)
2243 pairwise = WPA_CIPHER_SUITE_WEP104;
2244 else if (sm->pairwise == WPA_CIPHER_WEP40)
2245 pairwise = WPA_CIPHER_SUITE_WEP40;
2246 else if (sm->pairwise == WPA_CIPHER_NONE)
2247 pairwise = WPA_CIPHER_SUITE_NONE;
2248 } else if (sm->wpa == WPA_VERSION_WPA2) {
2249 if (sm->pairwise == WPA_CIPHER_CCMP)
2250 pairwise = RSN_CIPHER_SUITE_CCMP;
2251 else if (sm->pairwise == WPA_CIPHER_TKIP)
2252 pairwise = RSN_CIPHER_SUITE_TKIP;
2253 else if (sm->pairwise == WPA_CIPHER_WEP104)
2254 pairwise = RSN_CIPHER_SUITE_WEP104;
2255 else if (sm->pairwise == WPA_CIPHER_WEP40)
2256 pairwise = RSN_CIPHER_SUITE_WEP40;
2257 else if (sm->pairwise == WPA_CIPHER_NONE)
2258 pairwise = RSN_CIPHER_SUITE_NONE;
2263 buf + len, buflen - len,
2264 /* TODO: dot11RSNAStatsIndex */
2265 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2266 "dot11RSNAStatsVersion=1\n"
2267 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2268 /* TODO: dot11RSNAStatsTKIPICVErrors */
2269 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2270 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2271 /* TODO: dot11RSNAStatsCCMPReplays */
2272 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2273 /* TODO: dot11RSNAStatsTKIPReplays */,
2275 RSN_SUITE_ARG(pairwise),
2276 sm->dot11RSNAStatsTKIPLocalMICFailures,
2277 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2278 if (ret < 0 || (size_t) ret >= buflen - len)
2283 ret = os_snprintf(buf + len, buflen - len,
2284 "hostapdWPAPTKState=%d\n"
2285 "hostapdWPAPTKGroupState=%d\n",
2287 sm->wpa_ptk_group_state);
2288 if (ret < 0 || (size_t) ret >= buflen - len)
2296 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2299 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2303 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2305 return sm && sm->pairwise_set;
2309 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2311 return sm->pairwise;
2315 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2319 return sm->wpa_key_mgmt;
2323 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2331 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2332 struct rsn_pmksa_cache_entry *entry)
2334 if (sm == NULL || sm->pmksa != entry)
2341 struct rsn_pmksa_cache_entry *
2342 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2344 return sm ? sm->pmksa : NULL;
2348 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2351 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2355 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2357 if (wpa_auth == NULL)
2359 *len = wpa_auth->wpa_ie_len;
2360 return wpa_auth->wpa_ie;
2364 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2365 int session_timeout, struct eapol_state_machine *eapol)
2367 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2370 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2371 sm->wpa_auth->addr, sm->addr, session_timeout,
2372 eapol, sm->wpa_key_mgmt))
2379 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2380 const u8 *pmk, size_t len, const u8 *sta_addr,
2381 int session_timeout,
2382 struct eapol_state_machine *eapol)
2384 if (wpa_auth == NULL)
2387 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2388 sta_addr, session_timeout, eapol,
2389 WPA_KEY_MGMT_IEEE8021X))
2396 static struct wpa_group *
2397 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2399 struct wpa_group *group;
2401 if (wpa_auth == NULL || wpa_auth->group == NULL)
2404 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2406 group = wpa_group_init(wpa_auth, vlan_id);
2410 group->next = wpa_auth->group->next;
2411 wpa_auth->group->next = group;
2417 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2419 struct wpa_group *group;
2421 if (sm == NULL || sm->wpa_auth == NULL)
2424 group = sm->wpa_auth->group;
2426 if (group->vlan_id == vlan_id)
2428 group = group->next;
2431 if (group == NULL) {
2432 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2437 if (sm->group == group)
2440 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2441 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2447 #endif /* CONFIG_NATIVE_WINDOWS */