2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
17 #ifndef CONFIG_NATIVE_WINDOWS
29 #include "ieee802_11.h"
30 #include "pmksa_cache.h"
31 #include "state_machine.h"
33 #define STATE_MACHINE_DATA struct wpa_state_machine
34 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
35 #define STATE_MACHINE_ADDR sm->addr
38 #define RSN_NUM_REPLAY_COUNTERS_1 0
39 #define RSN_NUM_REPLAY_COUNTERS_2 1
40 #define RSN_NUM_REPLAY_COUNTERS_4 2
41 #define RSN_NUM_REPLAY_COUNTERS_16 3
46 struct wpa_stsl_negotiation {
47 struct wpa_stsl_negotiation *next;
48 u8 initiator[ETH_ALEN];
53 struct wpa_state_machine {
54 struct wpa_authenticator *wpa_auth;
55 struct wpa_group *group;
60 WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED,
61 WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2,
62 WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART,
63 WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2,
64 WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE
68 WPA_PTK_GROUP_IDLE = 0,
69 WPA_PTK_GROUP_REKEYNEGOTIATING,
70 WPA_PTK_GROUP_REKEYESTABLISHED,
71 WPA_PTK_GROUP_KEYERROR
72 } wpa_ptk_group_state;
75 Boolean DeauthenticationRequest;
76 Boolean AuthenticationRequest;
77 Boolean ReAuthenticationRequest;
82 Boolean EAPOLKeyReceived;
83 Boolean EAPOLKeyPairwise;
84 Boolean EAPOLKeyRequest;
86 Boolean GUpdateStationKeys;
87 u8 ANonce[WPA_NONCE_LEN];
88 u8 SNonce[WPA_NONCE_LEN];
95 u8 key_replay_counter[WPA_REPLAY_COUNTER_LEN];
96 Boolean key_replay_counter_valid;
97 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
98 Boolean PTKRequest; /* not in IEEE 802.11i state machine */
101 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
102 size_t last_rx_eapol_key_len;
104 unsigned int changed:1;
105 unsigned int in_step_loop:1;
106 unsigned int pending_deinit:1;
107 unsigned int started:1;
108 unsigned int sta_counted:1;
109 unsigned int mgmt_frame_prot:1;
111 u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
112 int req_replay_counter_used;
118 WPA_VERSION_NO_WPA = 0 /* WPA not used */,
119 WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */,
120 WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */
122 int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
123 int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
124 struct rsn_pmksa_cache_entry *pmksa;
126 u32 dot11RSNAStatsTKIPLocalMICFailures;
127 u32 dot11RSNAStatsTKIPRemoteMICFailures;
131 /* per group key state machine data */
133 struct wpa_group *next;
138 int GKeyDoneStations;
142 Boolean GTKAuthenticator;
143 u8 Counter[WPA_NONCE_LEN];
146 WPA_GROUP_GTK_INIT = 0,
147 WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE
151 u8 GTK[2][WPA_GTK_MAX_LEN];
152 u8 GNonce[WPA_NONCE_LEN];
154 #ifdef CONFIG_IEEE80211W
155 u8 DGTK[WPA_DGTK_LEN];
156 u8 IGTK[2][WPA_IGTK_LEN];
157 #endif /* CONFIG_IEEE80211W */
161 /* per authenticator data */
162 struct wpa_authenticator {
163 struct wpa_group *group;
165 unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
166 u8 dot11RSNAAuthenticationSuiteSelected[4];
167 u8 dot11RSNAPairwiseCipherSelected[4];
168 u8 dot11RSNAGroupCipherSelected[4];
169 u8 dot11RSNAPMKIDUsed[PMKID_LEN];
170 u8 dot11RSNAAuthenticationSuiteRequested[4]; /* FIX: update */
171 u8 dot11RSNAPairwiseCipherRequested[4]; /* FIX: update */
172 u8 dot11RSNAGroupCipherRequested[4]; /* FIX: update */
173 unsigned int dot11RSNATKIPCounterMeasuresInvoked;
174 unsigned int dot11RSNA4WayHandshakeFailures;
176 struct wpa_stsl_negotiation *stsl_negotiations;
178 struct wpa_auth_config conf;
179 struct wpa_auth_callbacks cb;
186 struct rsn_pmksa_cache *pmksa;
190 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
191 static void wpa_sm_step(struct wpa_state_machine *sm);
192 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
193 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
194 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
195 struct wpa_group *group);
196 static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
197 struct wpa_stsl_negotiation *neg);
198 static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
199 struct wpa_state_machine *sm, int key_info,
200 const u8 *key_rsc, const u8 *nonce,
201 const u8 *kde, size_t kde_len,
202 int keyidx, int encr, int force_version);
204 /* Default timeouts are 100 ms, but this seems to be a bit too fast for most
205 * WPA Supplicants, so use a bit longer timeout. */
206 static const u32 dot11RSNAConfigGroupUpdateTimeOut = 1000; /* ms */
207 static const u32 dot11RSNAConfigGroupUpdateCount = 3;
208 static const u32 dot11RSNAConfigPairwiseUpdateTimeOut = 1000; /* ms */
209 static const u32 dot11RSNAConfigPairwiseUpdateCount = 3;
211 /* TODO: make these configurable */
212 static const int dot11RSNAConfigPMKLifetime = 43200;
213 static const int dot11RSNAConfigPMKReauthThreshold = 70;
214 static const int dot11RSNAConfigSATimeout = 60;
217 static const int WPA_SELECTOR_LEN = 4;
218 static const u8 WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 };
219 static const u16 WPA_VERSION = 1;
220 static const u8 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 };
221 static const u8 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 };
222 static const u8 WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 };
223 static const u8 WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 };
224 static const u8 WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 };
225 static const u8 WPA_CIPHER_SUITE_WRAP[] = { 0x00, 0x50, 0xf2, 3 };
226 static const u8 WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 };
227 static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 };
228 #ifdef CONFIG_IEEE80211W
229 static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
230 #endif /* CONFIG_IEEE80211W */
232 static const int RSN_SELECTOR_LEN = 4;
233 static const u16 RSN_VERSION = 1;
234 static const u8 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 };
235 static const u8 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 };
236 static const u8 RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 };
237 static const u8 RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 };
238 static const u8 RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 };
239 static const u8 RSN_CIPHER_SUITE_WRAP[] = { 0x00, 0x0f, 0xac, 3 };
240 static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
241 static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
243 /* EAPOL-Key Key Data Encapsulation
244 * GroupKey and PeerKey require encryption, otherwise, encryption is optional.
246 static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
248 static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
250 static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
251 static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
252 #ifdef CONFIG_PEERKEY
253 static const u8 RSN_KEY_DATA_SMK[] = { 0x00, 0x0f, 0xac, 5 };
254 static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
255 static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
256 static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
257 #endif /* CONFIG_PEERKEY */
258 #ifdef CONFIG_IEEE80211W
259 /* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
260 * already taken by 802.11ma (PeerKey). Need to update the values here once
261 * IEEE 802.11w fixes these. */
262 static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
263 static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
264 #endif /* CONFIG_IEEE80211W */
266 #ifdef CONFIG_PEERKEY
268 STK_MUI_4WAY_STA_AP = 1,
269 STK_MUI_4WAY_STAT_STA = 2,
276 STK_ERR_STA_NRSN = 2,
280 #endif /* CONFIG_PEERKEY */
282 #define GENERIC_INFO_ELEM 0xdd
283 #define RSN_INFO_ELEM 0x30
286 #pragma pack(push, 1)
287 #endif /* _MSC_VER */
290 * 00-50-f2:1 (OUI:OUI type)
291 * 0x01 0x00 (version; little endian)
292 * (all following fields are optional:)
293 * Group Suite Selector (4 octets) (default: TKIP)
294 * Pairwise Suite Count (2 octets, little endian) (default: 1)
295 * Pairwise Suite List (4 * n octets) (default: TKIP)
296 * Authenticated Key Management Suite Count (2 octets, little endian)
298 * Authenticated Key Management Suite List (4 * n octets)
299 * (default: unspec 802.1X)
300 * WPA Capabilities (2 octets, little endian) (default: 0)
313 * 0x01 0x00 (version; little endian)
314 * (all following fields are optional:)
315 * Group Suite Selector (4 octets) (default: CCMP)
316 * Pairwise Suite Count (2 octets, little endian) (default: 1)
317 * Pairwise Suite List (4 * n octets) (default: CCMP)
318 * Authenticated Key Management Suite Count (2 octets, little endian)
320 * Authenticated Key Management Suite List (4 * n octets)
321 * (default: unspec 802.1X)
322 * RSN Capabilities (2 octets, little endian) (default: 0)
323 * PMKID Count (2 octets) (default: 0)
324 * PMKID List (16 * n octets)
325 * Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
329 u8 elem_id; /* WLAN_EID_RSN */
335 struct rsn_error_kde {
341 #ifdef CONFIG_IEEE80211W
346 struct wpa_igtk_kde {
349 u8 igtk[WPA_IGTK_LEN];
351 #endif /* CONFIG_IEEE80211W */
355 #endif /* _MSC_VER */
358 static inline void wpa_auth_mic_failure_report(
359 struct wpa_authenticator *wpa_auth, const u8 *addr)
361 if (wpa_auth->cb.mic_failure_report)
362 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
366 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
367 const u8 *addr, wpa_eapol_variable var,
370 if (wpa_auth->cb.set_eapol)
371 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
375 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
376 const u8 *addr, wpa_eapol_variable var)
378 if (wpa_auth->cb.get_eapol == NULL)
380 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
384 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
385 const u8 *addr, const u8 *prev_psk)
387 if (wpa_auth->cb.get_psk == NULL)
389 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
393 static inline int wpa_auth_get_pmk(struct wpa_authenticator *wpa_auth,
394 const u8 *addr, u8 *pmk, size_t *len)
396 if (wpa_auth->cb.get_pmk == NULL)
398 return wpa_auth->cb.get_pmk(wpa_auth->cb.ctx, addr, pmk, len);
402 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
404 const char *alg, const u8 *addr, int idx,
405 u8 *key, size_t key_len)
407 if (wpa_auth->cb.set_key == NULL)
409 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
414 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
415 const u8 *addr, int idx, u8 *seq)
417 if (wpa_auth->cb.get_seqnum == NULL)
419 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
423 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
424 const u8 *addr, int idx, u8 *seq)
426 if (wpa_auth->cb.get_seqnum_igtk == NULL)
428 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
433 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
434 const u8 *data, size_t data_len, int encrypt)
436 if (wpa_auth->cb.send_eapol == NULL)
438 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
443 static inline int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
444 int (*cb)(struct wpa_state_machine *sm,
448 if (wpa_auth->cb.for_each_sta == NULL)
450 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
454 static void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
455 logger_level level, const char *txt)
457 if (wpa_auth->cb.logger == NULL)
459 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
463 static void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth,
464 const u8 *addr, logger_level level,
465 const char *fmt, ...)
471 if (wpa_auth->cb.logger == NULL)
474 maxlen = strlen(fmt) + 100;
475 format = malloc(maxlen);
480 vsnprintf(format, maxlen, fmt, ap);
483 wpa_auth_logger(wpa_auth, addr, level, format);
489 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
491 struct wpa_ie_hdr *hdr;
495 hdr = (struct wpa_ie_hdr *) buf;
496 hdr->elem_id = WLAN_EID_GENERIC;
497 memcpy(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
498 hdr->version = host_to_le16(WPA_VERSION);
499 pos = (u8 *) (hdr + 1);
501 if (conf->wpa_group == WPA_CIPHER_CCMP) {
502 memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
503 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
504 memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
505 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
506 memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
507 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
508 memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
510 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
514 pos += WPA_SELECTOR_LEN;
520 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
521 memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
522 pos += WPA_SELECTOR_LEN;
525 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
526 memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
527 pos += WPA_SELECTOR_LEN;
530 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
531 memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
532 pos += WPA_SELECTOR_LEN;
536 if (num_suites == 0) {
537 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
541 *count++ = num_suites & 0xff;
542 *count = (num_suites >> 8) & 0xff;
548 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
549 memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN);
550 pos += WPA_SELECTOR_LEN;
553 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
554 memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
556 pos += WPA_SELECTOR_LEN;
560 if (num_suites == 0) {
561 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
565 *count++ = num_suites & 0xff;
566 *count = (num_suites >> 8) & 0xff;
568 /* WPA Capabilities; use defaults, so no need to include it */
570 hdr->len = (pos - buf) - 2;
576 static int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
578 struct rsn_ie_hdr *hdr;
583 hdr = (struct rsn_ie_hdr *) buf;
584 hdr->elem_id = WLAN_EID_RSN;
585 pos = (u8 *) &hdr->version;
586 *pos++ = RSN_VERSION & 0xff;
587 *pos++ = RSN_VERSION >> 8;
588 pos = (u8 *) (hdr + 1);
590 if (conf->wpa_group == WPA_CIPHER_CCMP) {
591 memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
592 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
593 memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
594 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
595 memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
596 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
597 memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
599 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
603 pos += RSN_SELECTOR_LEN;
609 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
610 memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
611 pos += RSN_SELECTOR_LEN;
614 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
615 memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
616 pos += RSN_SELECTOR_LEN;
619 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
620 memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
621 pos += RSN_SELECTOR_LEN;
625 if (num_suites == 0) {
626 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
630 *count++ = num_suites & 0xff;
631 *count = (num_suites >> 8) & 0xff;
637 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
638 memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN);
639 pos += RSN_SELECTOR_LEN;
642 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
643 memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
645 pos += RSN_SELECTOR_LEN;
649 if (num_suites == 0) {
650 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
654 *count++ = num_suites & 0xff;
655 *count = (num_suites >> 8) & 0xff;
657 /* RSN Capabilities */
659 if (conf->rsn_preauth)
660 capab |= WPA_CAPABILITY_PREAUTH;
662 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
663 if (conf->wme_enabled) {
664 /* 4 PTKSA replay counters when using WME */
665 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
667 #ifdef CONFIG_IEEE80211W
668 if (conf->ieee80211w != WPA_NO_IEEE80211W)
669 capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
670 #endif /* CONFIG_IEEE80211W */
671 *pos++ = capab & 0xff;
674 #ifdef CONFIG_IEEE80211W
675 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
676 if (pos + 2 + 4 > buf + len)
679 WPA_PUT_LE16(pos, 0);
682 /* Management Group Cipher Suite */
683 memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN);
684 pos += RSN_SELECTOR_LEN;
686 #endif /* CONFIG_IEEE80211W */
688 hdr->len = (pos - buf) - 2;
694 static int wpa_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
701 if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) {
702 res = wpa_write_rsn_ie(&wpa_auth->conf,
703 pos, buf + sizeof(buf) - pos);
708 if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA) {
709 res = wpa_write_wpa_ie(&wpa_auth->conf,
710 pos, buf + sizeof(buf) - pos);
716 free(wpa_auth->wpa_ie);
717 wpa_auth->wpa_ie = malloc(pos - buf);
718 if (wpa_auth->wpa_ie == NULL)
720 memcpy(wpa_auth->wpa_ie, buf, pos - buf);
721 wpa_auth->wpa_ie_len = pos - buf;
727 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
730 if (wpa_auth->cb.disconnect == NULL)
732 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
733 WLAN_REASON_PREV_AUTH_NOT_VALID);
737 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
739 struct wpa_authenticator *wpa_auth = eloop_ctx;
741 if (hostapd_get_rand(wpa_auth->group->GMK, WPA_GMK_LEN)) {
742 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
745 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
748 if (wpa_auth->conf.wpa_gmk_rekey) {
749 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
750 wpa_rekey_gmk, wpa_auth, NULL);
755 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
757 struct wpa_authenticator *wpa_auth = eloop_ctx;
758 struct wpa_group *group;
760 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
761 for (group = wpa_auth->group; group; group = group->next) {
762 group->GTKReKey = TRUE;
764 group->changed = FALSE;
765 wpa_group_sm_step(wpa_auth, group);
766 } while (group->changed);
769 if (wpa_auth->conf.wpa_group_rekey) {
770 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
771 0, wpa_rekey_gtk, wpa_auth, NULL);
776 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
778 if (sm->pmksa == ctx)
784 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
787 struct wpa_authenticator *wpa_auth = ctx;
788 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
792 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
795 struct wpa_group *group;
796 u8 buf[ETH_ALEN + 8 + sizeof(group)];
799 group = wpa_zalloc(sizeof(struct wpa_group));
803 group->GTKAuthenticator = TRUE;
804 group->vlan_id = vlan_id;
806 switch (wpa_auth->conf.wpa_group) {
807 case WPA_CIPHER_CCMP:
810 case WPA_CIPHER_TKIP:
813 case WPA_CIPHER_WEP104:
816 case WPA_CIPHER_WEP40:
821 /* Counter = PRF-256(Random number, "Init Counter",
822 * Local MAC Address || Time)
824 memcpy(buf, wpa_auth->addr, ETH_ALEN);
825 wpa_get_ntp_timestamp(buf + ETH_ALEN);
826 memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
827 if (hostapd_get_rand(rkey, sizeof(rkey)) ||
828 hostapd_get_rand(group->GMK, WPA_GMK_LEN)) {
829 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
835 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
836 group->Counter, WPA_NONCE_LEN);
839 wpa_group_sm_step(wpa_auth, group);
840 group->GInit = FALSE;
841 wpa_group_sm_step(wpa_auth, group);
848 * wpa_init - Initialize WPA authenticator
849 * @addr: Authenticator address
850 * @conf: Configuration for WPA authenticator
851 * Returns: Pointer to WPA authenticator data or %NULL on failure
853 struct wpa_authenticator * wpa_init(const u8 *addr,
854 struct wpa_auth_config *conf,
855 struct wpa_auth_callbacks *cb)
857 struct wpa_authenticator *wpa_auth;
859 wpa_auth = wpa_zalloc(sizeof(struct wpa_authenticator));
860 if (wpa_auth == NULL)
862 memcpy(wpa_auth->addr, addr, ETH_ALEN);
863 memcpy(&wpa_auth->conf, conf, sizeof(*conf));
864 memcpy(&wpa_auth->cb, cb, sizeof(*cb));
866 if (wpa_gen_wpa_ie(wpa_auth)) {
867 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
872 wpa_auth->group = wpa_group_init(wpa_auth, 0);
873 if (wpa_auth->group == NULL) {
874 free(wpa_auth->wpa_ie);
879 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
880 if (wpa_auth->pmksa == NULL) {
881 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
882 free(wpa_auth->wpa_ie);
887 if (wpa_auth->conf.wpa_gmk_rekey) {
888 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
889 wpa_rekey_gmk, wpa_auth, NULL);
892 if (wpa_auth->conf.wpa_group_rekey) {
893 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
894 wpa_rekey_gtk, wpa_auth, NULL);
902 * wpa_deinit - Deinitialize WPA authenticator
903 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
905 void wpa_deinit(struct wpa_authenticator *wpa_auth)
907 struct wpa_group *group, *prev;
909 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
910 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
912 while (wpa_auth->stsl_negotiations)
913 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
915 pmksa_cache_deinit(wpa_auth->pmksa);
917 free(wpa_auth->wpa_ie);
919 group = wpa_auth->group;
931 * wpa_reconfig - Update WPA authenticator configuration
932 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
933 * @conf: Configuration for WPA authenticator
935 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
936 struct wpa_auth_config *conf)
938 if (wpa_auth == NULL)
941 memcpy(&wpa_auth->conf, conf, sizeof(*conf));
944 * Disassociate stations if configuration changed
951 static int wpa_selector_to_bitfield(u8 *s)
953 if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
954 return WPA_CIPHER_NONE;
955 if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
956 return WPA_CIPHER_WEP40;
957 if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
958 return WPA_CIPHER_TKIP;
959 if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
960 return WPA_CIPHER_CCMP;
961 if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
962 return WPA_CIPHER_WEP104;
967 static int wpa_key_mgmt_to_bitfield(u8 *s)
969 if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0)
970 return WPA_KEY_MGMT_IEEE8021X;
971 if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) ==
973 return WPA_KEY_MGMT_PSK;
978 static int rsn_selector_to_bitfield(u8 *s)
980 if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
981 return WPA_CIPHER_NONE;
982 if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
983 return WPA_CIPHER_WEP40;
984 if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
985 return WPA_CIPHER_TKIP;
986 if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
987 return WPA_CIPHER_CCMP;
988 if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
989 return WPA_CIPHER_WEP104;
990 #ifdef CONFIG_IEEE80211W
991 if (memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
992 return WPA_CIPHER_AES_128_CMAC;
993 #endif /* CONFIG_IEEE80211W */
998 static int rsn_key_mgmt_to_bitfield(u8 *s)
1000 if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0)
1001 return WPA_KEY_MGMT_IEEE8021X;
1002 if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) ==
1004 return WPA_KEY_MGMT_PSK;
1009 static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
1010 size_t data_len, const u8 *data2, size_t data2_len)
1012 *pos++ = GENERIC_INFO_ELEM;
1013 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
1014 memcpy(pos, kde, RSN_SELECTOR_LEN);
1015 pos += RSN_SELECTOR_LEN;
1016 memcpy(pos, data, data_len);
1019 memcpy(pos, data2, data2_len);
1026 struct wpa_ie_data {
1027 int pairwise_cipher;
1033 int mgmt_group_cipher;
1037 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
1038 struct wpa_ie_data *data)
1040 struct wpa_ie_hdr *hdr;
1045 memset(data, 0, sizeof(*data));
1046 data->pairwise_cipher = WPA_CIPHER_TKIP;
1047 data->group_cipher = WPA_CIPHER_TKIP;
1048 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1049 data->mgmt_group_cipher = 0;
1051 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
1054 hdr = (struct wpa_ie_hdr *) wpa_ie;
1056 if (hdr->elem_id != WLAN_EID_GENERIC ||
1057 hdr->len != wpa_ie_len - 2 ||
1058 memcmp(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
1059 le_to_host16(hdr->version) != WPA_VERSION) {
1063 pos = (u8 *) (hdr + 1);
1064 left = wpa_ie_len - sizeof(*hdr);
1066 if (left >= WPA_SELECTOR_LEN) {
1067 data->group_cipher = wpa_selector_to_bitfield(pos);
1068 pos += WPA_SELECTOR_LEN;
1069 left -= WPA_SELECTOR_LEN;
1070 } else if (left > 0)
1074 data->pairwise_cipher = 0;
1075 count = pos[0] | (pos[1] << 8);
1078 if (count == 0 || left < count * WPA_SELECTOR_LEN)
1080 for (i = 0; i < count; i++) {
1081 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
1082 pos += WPA_SELECTOR_LEN;
1083 left -= WPA_SELECTOR_LEN;
1085 } else if (left == 1)
1090 count = pos[0] | (pos[1] << 8);
1093 if (count == 0 || left < count * WPA_SELECTOR_LEN)
1095 for (i = 0; i < count; i++) {
1096 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
1097 pos += WPA_SELECTOR_LEN;
1098 left -= WPA_SELECTOR_LEN;
1100 } else if (left == 1)
1104 data->capabilities = pos[0] | (pos[1] << 8);
1117 static int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
1118 struct wpa_ie_data *data)
1120 struct rsn_ie_hdr *hdr;
1125 memset(data, 0, sizeof(*data));
1126 data->pairwise_cipher = WPA_CIPHER_CCMP;
1127 data->group_cipher = WPA_CIPHER_CCMP;
1128 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1129 #ifdef CONFIG_IEEE80211W
1130 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1131 #else /* CONFIG_IEEE80211W */
1132 data->mgmt_group_cipher = 0;
1133 #endif /* CONFIG_IEEE80211W */
1135 if (rsn_ie_len < sizeof(struct rsn_ie_hdr))
1138 hdr = (struct rsn_ie_hdr *) rsn_ie;
1140 if (hdr->elem_id != WLAN_EID_RSN ||
1141 hdr->len != rsn_ie_len - 2 ||
1142 le_to_host16(hdr->version) != RSN_VERSION) {
1146 pos = (u8 *) (hdr + 1);
1147 left = rsn_ie_len - sizeof(*hdr);
1149 if (left >= RSN_SELECTOR_LEN) {
1150 data->group_cipher = rsn_selector_to_bitfield(pos);
1151 pos += RSN_SELECTOR_LEN;
1152 left -= RSN_SELECTOR_LEN;
1153 } else if (left > 0)
1157 data->pairwise_cipher = 0;
1158 count = pos[0] | (pos[1] << 8);
1161 if (count == 0 || left < count * RSN_SELECTOR_LEN)
1163 for (i = 0; i < count; i++) {
1164 data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
1165 pos += RSN_SELECTOR_LEN;
1166 left -= RSN_SELECTOR_LEN;
1168 } else if (left == 1)
1173 count = pos[0] | (pos[1] << 8);
1176 if (count == 0 || left < count * RSN_SELECTOR_LEN)
1178 for (i = 0; i < count; i++) {
1179 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
1180 pos += RSN_SELECTOR_LEN;
1181 left -= RSN_SELECTOR_LEN;
1183 } else if (left == 1)
1187 data->capabilities = pos[0] | (pos[1] << 8);
1193 data->num_pmkid = pos[0] | (pos[1] << 8);
1196 if (left < (int) data->num_pmkid * PMKID_LEN) {
1197 wpa_printf(MSG_DEBUG, "RSN: too short RSN IE for "
1198 "PMKIDs (num=%lu, left=%d)",
1199 (unsigned long) data->num_pmkid, left);
1203 pos += data->num_pmkid * PMKID_LEN;
1204 left -= data->num_pmkid * PMKID_LEN;
1207 #ifdef CONFIG_IEEE80211W
1209 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
1210 if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
1211 wpa_printf(MSG_DEBUG, "RSN: Unsupported management "
1212 "group cipher 0x%x",
1213 data->mgmt_group_cipher);
1216 pos += RSN_SELECTOR_LEN;
1217 left -= RSN_SELECTOR_LEN;
1219 #endif /* CONFIG_IEEE80211W */
1229 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
1230 struct wpa_state_machine *sm,
1231 const u8 *wpa_ie, size_t wpa_ie_len)
1233 struct wpa_ie_data data;
1234 int ciphers, key_mgmt, res, version;
1238 if (wpa_auth == NULL || sm == NULL)
1239 return WPA_NOT_ENABLED;
1241 if (wpa_ie == NULL || wpa_ie_len < 1)
1242 return WPA_INVALID_IE;
1244 if (wpa_ie[0] == WLAN_EID_RSN)
1245 version = HOSTAPD_WPA_VERSION_WPA2;
1247 version = HOSTAPD_WPA_VERSION_WPA;
1249 if (version == HOSTAPD_WPA_VERSION_WPA2) {
1250 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
1252 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
1253 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1254 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
1255 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
1256 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
1257 memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected,
1258 selector, RSN_SELECTOR_LEN);
1260 selector = RSN_CIPHER_SUITE_CCMP;
1261 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
1262 selector = RSN_CIPHER_SUITE_CCMP;
1263 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
1264 selector = RSN_CIPHER_SUITE_TKIP;
1265 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
1266 selector = RSN_CIPHER_SUITE_WEP104;
1267 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
1268 selector = RSN_CIPHER_SUITE_WEP40;
1269 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
1270 selector = RSN_CIPHER_SUITE_NONE;
1271 memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected,
1272 selector, RSN_SELECTOR_LEN);
1274 selector = RSN_CIPHER_SUITE_CCMP;
1275 if (data.group_cipher & WPA_CIPHER_CCMP)
1276 selector = RSN_CIPHER_SUITE_CCMP;
1277 else if (data.group_cipher & WPA_CIPHER_TKIP)
1278 selector = RSN_CIPHER_SUITE_TKIP;
1279 else if (data.group_cipher & WPA_CIPHER_WEP104)
1280 selector = RSN_CIPHER_SUITE_WEP104;
1281 else if (data.group_cipher & WPA_CIPHER_WEP40)
1282 selector = RSN_CIPHER_SUITE_WEP40;
1283 else if (data.group_cipher & WPA_CIPHER_NONE)
1284 selector = RSN_CIPHER_SUITE_NONE;
1285 memcpy(wpa_auth->dot11RSNAGroupCipherSelected,
1286 selector, RSN_SELECTOR_LEN);
1288 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
1290 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
1291 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1292 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
1293 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
1294 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
1295 memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected,
1296 selector, WPA_SELECTOR_LEN);
1298 selector = WPA_CIPHER_SUITE_TKIP;
1299 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
1300 selector = WPA_CIPHER_SUITE_CCMP;
1301 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
1302 selector = WPA_CIPHER_SUITE_TKIP;
1303 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
1304 selector = WPA_CIPHER_SUITE_WEP104;
1305 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
1306 selector = WPA_CIPHER_SUITE_WEP40;
1307 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
1308 selector = WPA_CIPHER_SUITE_NONE;
1309 memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected,
1310 selector, WPA_SELECTOR_LEN);
1312 selector = WPA_CIPHER_SUITE_TKIP;
1313 if (data.group_cipher & WPA_CIPHER_CCMP)
1314 selector = WPA_CIPHER_SUITE_CCMP;
1315 else if (data.group_cipher & WPA_CIPHER_TKIP)
1316 selector = WPA_CIPHER_SUITE_TKIP;
1317 else if (data.group_cipher & WPA_CIPHER_WEP104)
1318 selector = WPA_CIPHER_SUITE_WEP104;
1319 else if (data.group_cipher & WPA_CIPHER_WEP40)
1320 selector = WPA_CIPHER_SUITE_WEP40;
1321 else if (data.group_cipher & WPA_CIPHER_NONE)
1322 selector = WPA_CIPHER_SUITE_NONE;
1323 memcpy(wpa_auth->dot11RSNAGroupCipherSelected,
1324 selector, WPA_SELECTOR_LEN);
1327 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
1328 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
1329 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
1330 return WPA_INVALID_IE;
1333 if (data.group_cipher != wpa_auth->conf.wpa_group) {
1334 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
1335 MACSTR, data.group_cipher, MAC2STR(sm->addr));
1336 return WPA_INVALID_GROUP;
1339 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
1341 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
1342 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
1343 return WPA_INVALID_AKMP;
1345 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1346 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1348 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
1350 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
1352 wpa_printf(MSG_DEBUG, "Invalid WPA pairwise cipher (0x%x) "
1354 data.pairwise_cipher, MAC2STR(sm->addr));
1355 return WPA_INVALID_PAIRWISE;
1358 #ifdef CONFIG_IEEE80211W
1359 if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
1360 if (!(data.capabilities &
1361 WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) {
1362 wpa_printf(MSG_DEBUG, "Management frame protection "
1363 "required, but client did not enable it");
1364 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1367 if (ciphers & WPA_CIPHER_TKIP) {
1368 wpa_printf(MSG_DEBUG, "Management frame protection "
1370 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1373 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
1374 wpa_printf(MSG_DEBUG, "Unsupported management group "
1375 "cipher %d", data.mgmt_group_cipher);
1376 return WPA_INVALID_MGMT_GROUP_CIPHER;
1380 if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
1381 !(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1382 sm->mgmt_frame_prot = 0;
1384 sm->mgmt_frame_prot = 1;
1385 #endif /* CONFIG_IEEE80211W */
1387 if (ciphers & WPA_CIPHER_CCMP)
1388 sm->pairwise = WPA_CIPHER_CCMP;
1390 sm->pairwise = WPA_CIPHER_TKIP;
1392 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
1393 if (wpa_ie[0] == WLAN_EID_RSN)
1394 sm->wpa = WPA_VERSION_WPA2;
1396 sm->wpa = WPA_VERSION_WPA;
1398 for (i = 0; i < data.num_pmkid; i++) {
1399 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
1400 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
1401 sm->pmksa = pmksa_cache_get(wpa_auth->pmksa, sm->addr,
1402 &data.pmkid[i * PMKID_LEN]);
1404 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1405 "PMKID found from PMKSA cache "
1406 "eap_type=%d vlan_id=%d",
1407 sm->pmksa->eap_type_authsrv,
1408 sm->pmksa->vlan_id);
1409 memcpy(wpa_auth->dot11RSNAPMKIDUsed,
1410 sm->pmksa->pmkid, PMKID_LEN);
1415 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
1417 sm->wpa_ie = malloc(wpa_ie_len);
1418 if (sm->wpa_ie == NULL)
1419 return WPA_ALLOC_FAIL;
1421 memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
1422 sm->wpa_ie_len = wpa_ie_len;
1428 struct wpa_eapol_ie_parse {
1437 size_t mac_addr_len;
1438 #ifdef CONFIG_PEERKEY
1444 size_t lifetime_len;
1447 #endif /* CONFIG_PEERKEY */
1452 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
1453 * @pos: Pointer to the IE header
1454 * @end: Pointer to the end of the Key Data buffer
1455 * @ie: Pointer to parsed IE data
1456 * Returns: 0 on success, 1 if end mark is found, -1 on failure
1458 static int wpa_parse_generic(const u8 *pos, const u8 *end,
1459 struct wpa_eapol_ie_parse *ie)
1465 memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
1466 pos[2 + WPA_SELECTOR_LEN] == 1 &&
1467 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
1469 ie->wpa_ie_len = pos[1] + 2;
1473 if (pos + 1 + RSN_SELECTOR_LEN < end &&
1474 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1475 memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1476 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1480 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1481 memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1482 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1483 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1487 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1488 memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1489 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1490 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1494 #ifdef CONFIG_PEERKEY
1495 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1496 memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1497 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
1498 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
1502 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1503 memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1504 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
1505 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
1509 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1510 memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1511 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
1512 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
1516 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1517 memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1518 ie->error = pos + 2 + RSN_SELECTOR_LEN;
1519 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
1522 #endif /* CONFIG_PEERKEY */
1529 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
1530 * @buf: Pointer to the Key Data buffer
1531 * @len: Key Data Length
1532 * @ie: Pointer to parsed IE data
1533 * Returns: 0 on success, -1 on failure
1535 static int wpa_parse_kde_ies(const u8 *buf, size_t len,
1536 struct wpa_eapol_ie_parse *ie)
1538 const u8 *pos, *end;
1541 memset(ie, 0, sizeof(*ie));
1542 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
1543 if (pos[0] == 0xdd &&
1544 ((pos == buf + len - 1) || pos[1] == 0)) {
1545 /* Ignore padding */
1548 if (pos + 2 + pos[1] > end) {
1549 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
1550 "underflow (ie=%d len=%d)", pos[0], pos[1]);
1554 if (*pos == RSN_INFO_ELEM) {
1556 ie->rsn_ie_len = pos[1] + 2;
1557 } else if (*pos == GENERIC_INFO_ELEM) {
1558 ret = wpa_parse_generic(pos, end, ie);
1566 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
1567 "Key Data IE", pos, 2 + pos[1]);
1575 struct wpa_state_machine *
1576 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
1578 struct wpa_state_machine *sm;
1580 sm = wpa_zalloc(sizeof(struct wpa_state_machine));
1583 memcpy(sm->addr, addr, ETH_ALEN);
1585 sm->wpa_auth = wpa_auth;
1586 sm->group = wpa_auth->group;
1592 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
1593 struct wpa_state_machine *sm)
1595 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
1599 memset(sm->key_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
1600 sm->ReAuthenticationRequest = TRUE;
1605 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1606 "start authentication");
1612 sm->AuthenticationRequest = TRUE;
1617 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
1619 free(sm->last_rx_eapol_key);
1625 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
1630 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
1631 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1632 "strict rekeying - force GTK rekey since STA "
1634 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
1635 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
1639 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1640 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
1641 if (sm->in_step_loop) {
1642 /* Must not free state machine while wpa_sm_step() is running.
1643 * Freeing will be completed in the end of wpa_sm_step(). */
1644 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
1645 "machine deinit for " MACSTR, MAC2STR(sm->addr));
1646 sm->pending_deinit = 1;
1648 wpa_free_sta_sm(sm);
1652 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
1657 sm->PTKRequest = TRUE;
1662 #ifdef CONFIG_PEERKEY
1663 static void wpa_stsl_step(void *eloop_ctx, void *timeout_ctx)
1666 struct wpa_authenticator *wpa_auth = eloop_ctx;
1667 struct wpa_stsl_negotiation *neg = timeout_ctx;
1674 struct wpa_stsl_search {
1676 struct wpa_state_machine *sm;
1680 static int wpa_stsl_select_sta(struct wpa_state_machine *sm, void *ctx)
1682 struct wpa_stsl_search *search = ctx;
1683 if (memcmp(search->addr, sm->addr, ETH_ALEN) == 0) {
1691 static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth,
1692 struct wpa_state_machine *sm, const u8 *peer,
1693 u16 mui, u16 error_type)
1695 u8 kde[2 + RSN_SELECTOR_LEN + ETH_ALEN +
1696 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde)];
1699 struct rsn_error_kde error;
1701 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1702 "Sending SMK Error");
1704 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde);
1708 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN,
1710 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1713 error.mui = host_to_be16(mui);
1714 error.error_type = host_to_be16(error_type);
1715 pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
1716 (u8 *) &error, sizeof(error), NULL, 0);
1718 __wpa_send_eapol(wpa_auth, sm,
1719 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1720 WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_ERROR,
1721 NULL, NULL, kde, kde_len, 0, 0, 0);
1725 static void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
1726 struct wpa_state_machine *sm,
1727 struct wpa_eapol_key *key)
1729 struct wpa_eapol_ie_parse kde;
1730 struct wpa_stsl_search search;
1734 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1735 ntohs(key->key_data_length), &kde) < 0) {
1736 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1");
1740 if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
1741 kde.mac_addr_len < ETH_ALEN) {
1742 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
1747 /* Initiator = sm->addr; Peer = kde.mac_addr */
1749 search.addr = kde.mac_addr;
1751 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1752 0 || search.sm == NULL) {
1753 wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
1754 " aborted - STA not associated anymore",
1755 MAC2STR(kde.mac_addr));
1756 wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
1758 /* FIX: wpa_stsl_remove(wpa_auth, neg); */
1762 buf_len = kde.rsn_ie_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1763 buf = malloc(buf_len);
1766 /* Initiator RSN IE */
1767 memcpy(buf, kde.rsn_ie, kde.rsn_ie_len);
1768 pos = buf + kde.rsn_ie_len;
1769 /* Initiator MAC Address */
1770 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->addr, ETH_ALEN,
1774 * EAPOL-Key(S=1, M=1, A=1, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1775 * MIC=MIC, DataKDs=(RSNIE_I, MAC_I KDE)
1778 wpa_auth_logger(wpa_auth, search.sm->addr, LOGGER_DEBUG,
1781 __wpa_send_eapol(wpa_auth, search.sm,
1782 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1783 WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE,
1784 NULL, key->key_nonce, buf, buf_len, 0, 0, 0);
1791 static void wpa_send_smk_m4(struct wpa_authenticator *wpa_auth,
1792 struct wpa_state_machine *sm,
1793 struct wpa_eapol_key *key,
1794 struct wpa_eapol_ie_parse *kde,
1802 * EAPOL-Key(S=1, M=1, A=0, I=1, K=0, SM=1, KeyRSC=0, Nonce=PNonce,
1803 * MIC=MIC, DataKDs=(MAC_I KDE, INonce KDE, SMK KDE,
1807 buf_len = 2 + RSN_SELECTOR_LEN + ETH_ALEN +
1808 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
1809 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN +
1810 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
1811 pos = buf = malloc(buf_len);
1815 /* Initiator MAC Address */
1816 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, kde->mac_addr, ETH_ALEN,
1819 /* Initiator Nonce */
1820 pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, kde->nonce, WPA_NONCE_LEN,
1823 /* SMK with PNonce */
1824 pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN,
1825 key->key_nonce, WPA_NONCE_LEN);
1828 lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
1829 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
1830 (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
1832 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1835 __wpa_send_eapol(wpa_auth, sm,
1836 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1837 WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SMK_MESSAGE,
1838 NULL, key->key_nonce, buf, buf_len, 0, 1, 0);
1844 static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth,
1845 struct wpa_state_machine *sm,
1846 struct wpa_eapol_key *key,
1847 struct wpa_eapol_ie_parse *kde,
1848 const u8 *smk, const u8 *peer)
1855 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1856 * MIC=MIC, DataKDs=(RSNIE_P, MAC_P KDE, PNonce, SMK KDE,
1860 buf_len = kde->rsn_ie_len +
1861 2 + RSN_SELECTOR_LEN + ETH_ALEN +
1862 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
1863 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN +
1864 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
1865 pos = buf = malloc(buf_len);
1870 memcpy(buf, kde->rsn_ie, kde->rsn_ie_len);
1871 pos = buf + kde->rsn_ie_len;
1873 /* Peer MAC Address */
1874 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, NULL, 0);
1877 pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, key->key_nonce,
1878 WPA_NONCE_LEN, NULL, 0);
1880 /* SMK and INonce */
1881 pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN,
1882 kde->nonce, WPA_NONCE_LEN);
1885 lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
1886 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
1887 (u8 *) &lifetime, sizeof(lifetime), NULL, 0);
1889 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1892 __wpa_send_eapol(wpa_auth, sm,
1893 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1894 WPA_KEY_INFO_SMK_MESSAGE,
1895 NULL, kde->nonce, buf, buf_len, 0, 1, 0);
1901 static void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
1902 struct wpa_state_machine *sm,
1903 struct wpa_eapol_key *key)
1905 struct wpa_eapol_ie_parse kde;
1906 struct wpa_stsl_search search;
1907 u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos;
1909 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1910 ntohs(key->key_data_length), &kde) < 0) {
1911 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3");
1915 if (kde.rsn_ie == NULL ||
1916 kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
1917 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN) {
1918 wpa_printf(MSG_INFO, "RSN: No RSN IE, MAC address KDE, or "
1919 "Nonce KDE in SMK M3");
1923 /* Peer = sm->addr; Initiator = kde.mac_addr;
1924 * Peer Nonce = key->key_nonce; Initiator Nonce = kde.nonce */
1926 search.addr = kde.mac_addr;
1928 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1929 0 || search.sm == NULL) {
1930 wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
1931 " aborted - STA not associated anymore",
1932 MAC2STR(kde.mac_addr));
1933 wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
1935 /* FIX: wpa_stsl_remove(wpa_auth, neg); */
1939 if (hostapd_get_rand(smk, WPA_PMK_LEN)) {
1940 wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
1944 /* SMK = PRF-256(Random number, "SMK Derivation",
1945 * AA || Time || INonce || PNonce)
1947 memcpy(buf, wpa_auth->addr, ETH_ALEN);
1948 pos = buf + ETH_ALEN;
1949 wpa_get_ntp_timestamp(pos);
1951 memcpy(pos, kde.nonce, WPA_NONCE_LEN);
1952 pos += WPA_NONCE_LEN;
1953 memcpy(pos, key->key_nonce, WPA_NONCE_LEN);
1954 sha1_prf(smk, WPA_PMK_LEN, "SMK Derivation", buf, sizeof(buf),
1957 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", smk, WPA_PMK_LEN);
1959 wpa_send_smk_m4(wpa_auth, sm, key, &kde, smk);
1960 wpa_send_smk_m5(wpa_auth, search.sm, key, &kde, smk, sm->addr);
1962 /* Authenticator does not need SMK anymore and it is required to forget
1964 memset(smk, 0, sizeof(*smk));
1968 static void wpa_smk_error(struct wpa_authenticator *wpa_auth,
1969 struct wpa_state_machine *sm,
1970 struct wpa_eapol_key *key)
1972 struct wpa_eapol_ie_parse kde;
1973 struct wpa_stsl_search search;
1974 struct rsn_error_kde error;
1975 u16 mui, error_type;
1977 if (wpa_parse_kde_ies((const u8 *) (key + 1),
1978 ntohs(key->key_data_length), &kde) < 0) {
1979 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
1983 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
1984 kde.error == NULL || kde.error_len < sizeof(error)) {
1985 wpa_printf(MSG_INFO, "RSN: No MAC address or Error KDE in "
1990 search.addr = kde.mac_addr;
1992 if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
1993 0 || search.sm == NULL) {
1994 wpa_printf(MSG_DEBUG, "RSN: Peer STA " MACSTR " not "
1995 "associated for SMK Error message from " MACSTR,
1996 MAC2STR(kde.mac_addr), MAC2STR(sm->addr));
2000 memcpy(&error, kde.error, sizeof(error));
2001 mui = be_to_host16(error.mui);
2002 error_type = be_to_host16(error.error_type);
2003 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2004 "STA reported SMK Error: Peer " MACSTR
2005 " MUI %d Error Type %d",
2006 MAC2STR(kde.mac_addr), mui, error_type);
2008 wpa_smk_send_error(wpa_auth, search.sm, sm->addr, mui, error_type);
2010 #endif /* CONFIG_PEERKEY */
2013 static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
2014 struct wpa_stsl_negotiation *neg)
2016 #ifdef CONFIG_PEERKEY
2017 struct wpa_stsl_negotiation *pos, *prev;
2019 if (wpa_auth == NULL)
2021 pos = wpa_auth->stsl_negotiations;
2026 prev->next = pos->next;
2028 wpa_auth->stsl_negotiations = pos->next;
2030 eloop_cancel_timeout(wpa_stsl_step, wpa_auth, pos);
2037 #endif /* CONFIG_PEERKEY */
2043 void wpa_receive(struct wpa_authenticator *wpa_auth,
2044 struct wpa_state_machine *sm,
2045 u8 *data, size_t data_len)
2047 struct ieee802_1x_hdr *hdr;
2048 struct wpa_eapol_key *key;
2049 u16 key_info, key_data_length;
2050 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
2051 SMK_M1, SMK_M3, SMK_ERROR } msg;
2053 struct wpa_eapol_ie_parse kde;
2055 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
2058 if (data_len < sizeof(*hdr) + sizeof(*key))
2061 hdr = (struct ieee802_1x_hdr *) data;
2062 key = (struct wpa_eapol_key *) (hdr + 1);
2063 key_info = ntohs(key->key_info);
2064 key_data_length = ntohs(key->key_data_length);
2065 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
2066 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
2067 "key_data overflow (%d > %lu)",
2069 (unsigned long) (data_len - sizeof(*hdr) -
2074 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
2077 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
2078 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
2079 if (key_info & WPA_KEY_INFO_ERROR) {
2081 msgtxt = "SMK Error";
2086 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2089 } else if (key_info & WPA_KEY_INFO_REQUEST) {
2092 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
2094 msgtxt = "2/2 Group";
2095 } else if (key_data_length == 0) {
2097 msgtxt = "4/4 Pairwise";
2100 msgtxt = "2/4 Pairwise";
2103 if (key_info & WPA_KEY_INFO_REQUEST) {
2104 if (sm->req_replay_counter_used &&
2105 memcmp(key->replay_counter, sm->req_replay_counter,
2106 WPA_REPLAY_COUNTER_LEN) <= 0) {
2107 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
2108 "received EAPOL-Key request with "
2109 "replayed counter");
2114 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
2115 (!sm->key_replay_counter_valid ||
2116 memcmp(key->replay_counter, sm->key_replay_counter,
2117 WPA_REPLAY_COUNTER_LEN) != 0)) {
2118 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2119 "received EAPOL-Key %s with unexpected "
2120 "replay counter", msgtxt);
2121 wpa_hexdump(MSG_DEBUG, "expected replay counter",
2122 sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
2123 wpa_hexdump(MSG_DEBUG, "received replay counter",
2124 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
2130 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
2131 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
2132 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2133 "received EAPOL-Key msg 2/4 in "
2134 "invalid state (%d) - dropped",
2138 if (sm->wpa_ie == NULL ||
2139 sm->wpa_ie_len != key_data_length ||
2140 memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
2141 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2142 "WPA IE from (Re)AssocReq did not "
2143 "match with msg 2/4");
2145 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
2146 sm->wpa_ie, sm->wpa_ie_len);
2148 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
2149 (u8 *) (key + 1), key_data_length);
2150 /* MLME-DEAUTHENTICATE.request */
2151 wpa_sta_disconnect(wpa_auth, sm->addr);
2156 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
2158 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2159 "received EAPOL-Key msg 4/4 in "
2160 "invalid state (%d) - dropped",
2166 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
2167 || !sm->PTK_valid) {
2168 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2169 "received EAPOL-Key msg 2/2 in "
2170 "invalid state (%d) - dropped",
2171 sm->wpa_ptk_group_state);
2175 #ifdef CONFIG_PEERKEY
2179 if (!wpa_auth->conf.peerkey) {
2180 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
2181 "PeerKey use disabled - ignoring message");
2184 if (!sm->PTK_valid) {
2185 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2186 "received EAPOL-Key msg SMK in "
2187 "invalid state - dropped");
2191 #else /* CONFIG_PEERKEY */
2195 return; /* STSL disabled - ignore SMK messages */
2196 #endif /* CONFIG_PEERKEY */
2201 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
2202 "received EAPOL-Key frame (%s)", msgtxt);
2204 if (key_info & WPA_KEY_INFO_ACK) {
2205 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2206 "received invalid EAPOL-Key: Key Ack set");
2210 if (!(key_info & WPA_KEY_INFO_MIC)) {
2211 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2212 "received invalid EAPOL-Key: Key MIC not set");
2216 sm->MICVerified = FALSE;
2217 if (sm->PTK_valid) {
2218 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
2219 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2220 "received EAPOL-Key with invalid MIC");
2223 sm->MICVerified = TRUE;
2224 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
2227 if (key_info & WPA_KEY_INFO_REQUEST) {
2228 if (sm->MICVerified) {
2229 sm->req_replay_counter_used = 1;
2230 memcpy(sm->req_replay_counter, key->replay_counter,
2231 WPA_REPLAY_COUNTER_LEN);
2233 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2234 "received EAPOL-Key request with "
2240 * TODO: should decrypt key data field if encryption was used;
2241 * even though MAC address KDE is not normally encrypted,
2242 * supplicant is allowed to encrypt it.
2244 if (msg == SMK_ERROR) {
2245 #ifdef CONFIG_PEERKEY
2246 wpa_smk_error(wpa_auth, sm, key);
2247 #endif /* CONFIG_PEERKEY */
2249 } else if (key_info & WPA_KEY_INFO_ERROR) {
2250 /* Supplicant reported a Michael MIC error */
2251 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2252 "received EAPOL-Key Error Request "
2253 "(STA detected Michael MIC failure)");
2254 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
2255 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
2256 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
2257 /* Error report is not a request for a new key
2258 * handshake, but since Authenticator may do it, let's
2259 * change the keys now anyway. */
2260 wpa_request_new_ptk(sm);
2261 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
2262 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2263 "received EAPOL-Key Request for new "
2265 wpa_request_new_ptk(sm);
2266 #ifdef CONFIG_PEERKEY
2267 } else if (msg == SMK_M1) {
2268 wpa_smk_m1(wpa_auth, sm, key);
2269 #endif /* CONFIG_PEERKEY */
2270 } else if (key_data_length > 0 &&
2271 wpa_parse_kde_ies((const u8 *) (key + 1),
2272 key_data_length, &kde) == 0 &&
2275 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2276 "received EAPOL-Key Request for GTK "
2278 /* FIX: why was this triggering PTK rekeying for the
2279 * STA that requested Group Key rekeying?? */
2280 /* wpa_request_new_ptk(sta->wpa_sm); */
2281 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
2282 wpa_rekey_gtk(wpa_auth, NULL);
2285 /* Do not allow the same key replay counter to be reused. */
2286 sm->key_replay_counter_valid = FALSE;
2289 #ifdef CONFIG_PEERKEY
2290 if (msg == SMK_M3) {
2291 wpa_smk_m3(wpa_auth, sm, key);
2294 #endif /* CONFIG_PEERKEY */
2296 free(sm->last_rx_eapol_key);
2297 sm->last_rx_eapol_key = malloc(data_len);
2298 if (sm->last_rx_eapol_key == NULL)
2300 memcpy(sm->last_rx_eapol_key, data, data_len);
2301 sm->last_rx_eapol_key_len = data_len;
2303 sm->EAPOLKeyReceived = TRUE;
2304 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
2305 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
2306 memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
2311 static void wpa_pmk_to_ptk(const u8 *pmk, const u8 *addr1, const u8 *addr2,
2312 const u8 *nonce1, const u8 *nonce2,
2313 u8 *ptk, size_t ptk_len)
2315 u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
2317 /* PTK = PRF-X(PMK, "Pairwise key expansion",
2318 * Min(AA, SA) || Max(AA, SA) ||
2319 * Min(ANonce, SNonce) || Max(ANonce, SNonce)) */
2321 if (memcmp(addr1, addr2, ETH_ALEN) < 0) {
2322 memcpy(data, addr1, ETH_ALEN);
2323 memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
2325 memcpy(data, addr2, ETH_ALEN);
2326 memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
2329 if (memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
2330 memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
2331 memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
2334 memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
2335 memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
2339 sha1_prf(pmk, WPA_PMK_LEN, "Pairwise key expansion",
2340 data, sizeof(data), ptk, ptk_len);
2342 wpa_hexdump_key(MSG_DEBUG, "PMK", pmk, WPA_PMK_LEN);
2343 wpa_hexdump_key(MSG_DEBUG, "PTK", ptk, ptk_len);
2347 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
2348 u8 *gtk, size_t gtk_len)
2350 u8 data[ETH_ALEN + WPA_NONCE_LEN];
2352 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
2353 memcpy(data, addr, ETH_ALEN);
2354 memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
2356 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
2357 data, sizeof(data), gtk, gtk_len);
2359 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
2360 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
2364 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
2366 struct wpa_authenticator *wpa_auth = eloop_ctx;
2367 struct wpa_state_machine *sm = timeout_ctx;
2369 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
2370 sm->TimeoutEvt = TRUE;
2375 static int wpa_calc_eapol_key_mic(int ver, u8 *key, u8 *data, size_t len,
2378 u8 hash[SHA1_MAC_LEN];
2381 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
2382 hmac_md5(key, 16, data, len, mic);
2384 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
2385 hmac_sha1(key, 16, data, len, hash);
2386 memcpy(mic, hash, MD5_MAC_LEN);
2395 static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
2396 struct wpa_state_machine *sm, int key_info,
2397 const u8 *key_rsc, const u8 *nonce,
2398 const u8 *kde, size_t kde_len,
2399 int keyidx, int encr, int force_version)
2401 struct ieee802_1x_hdr *hdr;
2402 struct wpa_eapol_key *key;
2405 int key_data_len, pad_len = 0;
2407 int version, pairwise;
2409 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
2412 version = force_version;
2413 else if (sm->pairwise == WPA_CIPHER_CCMP)
2414 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
2416 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
2418 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
2420 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(secure=%d mic=%d ack=%d "
2421 "install=%d pairwise=%d kde_len=%lu keyidx=%d encr=%d)",
2422 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
2423 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
2424 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
2425 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
2426 pairwise, (unsigned long) kde_len, keyidx, encr);
2428 key_data_len = kde_len;
2430 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && encr) {
2431 pad_len = key_data_len % 8;
2433 pad_len = 8 - pad_len;
2434 key_data_len += pad_len + 8;
2437 len += key_data_len;
2439 hdr = wpa_zalloc(len);
2442 hdr->version = wpa_auth->conf.eapol_version;
2443 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
2444 hdr->length = htons(len - sizeof(*hdr));
2445 key = (struct wpa_eapol_key *) (hdr + 1);
2447 key->type = sm->wpa == WPA_VERSION_WPA2 ?
2448 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
2449 key_info |= version;
2450 if (encr && sm->wpa == WPA_VERSION_WPA2)
2451 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2452 if (sm->wpa != WPA_VERSION_WPA2)
2453 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
2454 key->key_info = htons(key_info);
2456 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
2458 case WPA_CIPHER_CCMP:
2459 key->key_length = htons(16);
2461 case WPA_CIPHER_TKIP:
2462 key->key_length = htons(32);
2464 case WPA_CIPHER_WEP40:
2465 key->key_length = htons(5);
2467 case WPA_CIPHER_WEP104:
2468 key->key_length = htons(13);
2471 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
2472 key->key_length = htons(0);
2474 /* FIX: STSL: what to use as key_replay_counter? */
2475 inc_byte_array(sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
2476 memcpy(key->replay_counter, sm->key_replay_counter,
2477 WPA_REPLAY_COUNTER_LEN);
2478 sm->key_replay_counter_valid = TRUE;
2481 memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
2484 memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
2487 memcpy(key + 1, kde, kde_len);
2488 key->key_data_length = htons(kde_len);
2489 } else if (encr && kde) {
2490 buf = wpa_zalloc(key_data_len);
2496 memcpy(pos, kde, kde_len);
2502 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
2504 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
2505 aes_wrap(sm->PTK.encr_key, (key_data_len - 8) / 8, buf,
2507 key->key_data_length = htons(key_data_len);
2511 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
2512 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2513 memcpy(ek, key->key_iv, 16);
2514 memcpy(ek + 16, sm->PTK.encr_key, 16);
2515 memcpy(key + 1, buf, key_data_len);
2516 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
2517 key->key_data_length = htons(key_data_len);
2522 if (key_info & WPA_KEY_INFO_MIC) {
2523 if (!sm->PTK_valid) {
2524 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2525 "PTK not valid when sending EAPOL-Key "
2530 wpa_calc_eapol_key_mic(version,
2531 sm->PTK.mic_key, (u8 *) hdr, len,
2535 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
2537 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
2543 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
2544 struct wpa_state_machine *sm, int key_info,
2545 const u8 *key_rsc, const u8 *nonce,
2546 const u8 *kde, size_t kde_len,
2547 int keyidx, int encr)
2550 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
2555 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
2558 timeout_ms = pairwise ? dot11RSNAConfigPairwiseUpdateTimeOut :
2559 dot11RSNAConfigGroupUpdateTimeOut;
2560 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
2561 wpa_send_eapol_timeout, wpa_auth, sm);
2565 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
2567 struct ieee802_1x_hdr *hdr;
2568 struct wpa_eapol_key *key;
2573 if (data_len < sizeof(*hdr) + sizeof(*key))
2576 hdr = (struct ieee802_1x_hdr *) data;
2577 key = (struct wpa_eapol_key *) (hdr + 1);
2578 key_info = ntohs(key->key_info);
2579 memcpy(mic, key->key_mic, 16);
2580 memset(key->key_mic, 0, 16);
2581 if (wpa_calc_eapol_key_mic(key_info & WPA_KEY_INFO_TYPE_MASK,
2582 PTK->mic_key, data, data_len, key->key_mic)
2583 || memcmp(mic, key->key_mic, 16) != 0)
2585 memcpy(key->key_mic, mic, 16);
2590 void wpa_remove_ptk(struct wpa_state_machine *sm)
2592 sm->PTK_valid = FALSE;
2593 memset(&sm->PTK, 0, sizeof(sm->PTK));
2594 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
2595 sm->pairwise_set = FALSE;
2599 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
2604 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2605 "event %d notification", event);
2613 sm->DeauthenticationRequest = TRUE;
2616 case WPA_REAUTH_EAPOL:
2617 sm->ReAuthenticationRequest = TRUE;
2621 sm->PTK_valid = FALSE;
2622 memset(&sm->PTK, 0, sizeof(sm->PTK));
2624 if (event != WPA_REAUTH_EAPOL)
2631 static const char * wpa_alg_txt(int alg)
2634 case WPA_CIPHER_CCMP:
2636 case WPA_CIPHER_TKIP:
2638 case WPA_CIPHER_WEP104:
2639 case WPA_CIPHER_WEP40:
2647 SM_STATE(WPA_PTK, INITIALIZE)
2649 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
2651 /* Init flag is not cleared here, so avoid busy
2652 * loop by claiming nothing changed. */
2653 sm->changed = FALSE;
2657 if (sm->GUpdateStationKeys)
2658 sm->group->GKeyDoneStations--;
2659 sm->GUpdateStationKeys = FALSE;
2660 if (sm->wpa == WPA_VERSION_WPA)
2661 sm->PInitAKeys = FALSE;
2662 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
2663 * Local AA > Remote AA)) */) {
2666 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
2668 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
2670 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2671 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2672 WPA_EAPOL_authorized, 0);
2677 SM_STATE(WPA_PTK, DISCONNECT)
2679 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
2680 sm->Disconnect = FALSE;
2681 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
2685 SM_STATE(WPA_PTK, DISCONNECTED)
2687 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
2688 if (sm->sta_counted) {
2689 sm->group->GNoStations--;
2690 sm->sta_counted = 0;
2692 wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
2693 "decrease GNoStations (STA " MACSTR ")",
2696 sm->DeauthenticationRequest = FALSE;
2700 SM_STATE(WPA_PTK, AUTHENTICATION)
2702 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
2703 if (!sm->sta_counted) {
2704 sm->group->GNoStations++;
2705 sm->sta_counted = 1;
2707 wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not "
2708 "increase GNoStations (STA " MACSTR ")",
2711 memset(&sm->PTK, 0, sizeof(sm->PTK));
2712 sm->PTK_valid = FALSE;
2713 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
2715 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
2716 sm->AuthenticationRequest = FALSE;
2720 SM_STATE(WPA_PTK, AUTHENTICATION2)
2722 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
2723 memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
2724 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2725 sm->ReAuthenticationRequest = FALSE;
2726 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
2727 * logical place than INITIALIZE since AUTHENTICATION2 can be
2728 * re-entered on ReAuthenticationRequest without going through
2734 SM_STATE(WPA_PTK, INITPMK)
2736 size_t len = WPA_PMK_LEN;
2738 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
2740 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
2741 memcpy(sm->PMK, sm->pmksa->pmk, WPA_PMK_LEN);
2742 } else if (wpa_auth_get_pmk(sm->wpa_auth, sm->addr, sm->PMK, &len) ==
2744 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
2745 "(len=%lu)", (unsigned long) len);
2747 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
2750 sm->req_replay_counter_used = 0;
2751 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
2752 * will break reauthentication since EAPOL state machines may not be
2753 * get into AUTHENTICATING state that clears keyRun before WPA state
2754 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
2755 * state and takes PMK from the previously used AAA Key. This will
2756 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2757 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
2758 * be good workaround for this issue. */
2759 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2763 SM_STATE(WPA_PTK, INITPSK)
2766 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
2767 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
2769 memcpy(sm->PMK, psk, WPA_PMK_LEN);
2770 sm->req_replay_counter_used = 0;
2774 SM_STATE(WPA_PTK, PTKSTART)
2776 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
2777 size_t pmkid_len = 0;
2779 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
2780 sm->PTKRequest = FALSE;
2781 sm->TimeoutEvt = FALSE;
2782 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2783 "sending 1/4 msg of 4-Way Handshake");
2785 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
2786 * one possible PSK for this STA.
2788 if (sm->wpa == WPA_VERSION_WPA2 &&
2789 sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) {
2791 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
2792 pmkid[0] = WLAN_EID_GENERIC;
2793 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
2794 memcpy(&pmkid[2], RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN);
2796 memcpy(&pmkid[2 + RSN_SELECTOR_LEN], sm->pmksa->pmkid,
2800 * Calculate PMKID since no PMKSA cache entry was
2801 * available with pre-calculated PMKID.
2803 rsn_pmkid(sm->PMK, WPA_PMK_LEN, sm->wpa_auth->addr,
2804 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN]);
2807 wpa_send_eapol(sm->wpa_auth, sm,
2808 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
2809 sm->ANonce, pmkid, pmkid_len, 0, 0);
2814 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
2818 const u8 *pmk = NULL;
2820 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
2821 sm->EAPOLKeyReceived = FALSE;
2823 /* WPA with IEEE 802.1X: use the derived PMK from EAP
2824 * WPA-PSK: iterate through possible PSKs and select the one matching
2827 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2828 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
2834 wpa_pmk_to_ptk(pmk, sm->wpa_auth->addr, sm->addr,
2835 sm->ANonce, sm->SNonce,
2836 (u8 *) &PTK, sizeof(PTK));
2838 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
2839 sm->last_rx_eapol_key_len) == 0) {
2844 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK)
2849 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2850 "invalid MIC in msg 2/4 of 4-Way Handshake");
2854 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
2856 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
2857 /* PSK may have changed from the previous choice, so update
2858 * state machine data based on whatever PSK was selected here.
2860 memcpy(sm->PMK, pmk, WPA_PMK_LEN);
2863 sm->MICVerified = TRUE;
2865 memcpy(&sm->PTK, &PTK, sizeof(PTK));
2866 sm->PTK_valid = TRUE;
2870 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
2872 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
2877 #ifdef CONFIG_IEEE80211W
2879 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2881 if (sm->mgmt_frame_prot) {
2882 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_dhv_kde) +
2883 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
2890 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2892 struct wpa_dhv_kde dhv;
2893 struct wpa_igtk_kde igtk;
2894 struct wpa_group *gsm = sm->group;
2899 if (!sm->mgmt_frame_prot)
2902 addr[0] = sm->wpa_auth->addr;
2906 addr[2] = gsm->DGTK;
2907 len[2] = WPA_DGTK_LEN;
2908 sha256_vector(3, addr, len, mac);
2909 memcpy(dhv.dhv, mac, WPA_DHV_LEN);
2910 wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv.dhv, WPA_DHV_LEN);
2911 pos = wpa_add_kde(pos, RSN_KEY_DATA_DHV,
2912 (const u8 *) &dhv, sizeof(dhv), NULL, 0);
2914 igtk.keyid[0] = gsm->GN;
2916 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN, igtk.pn) < 0)
2917 memset(igtk.pn, 0, sizeof(igtk.pn));
2918 memcpy(igtk.igtk, gsm->IGTK[gsm->GN - 1], WPA_IGTK_LEN);
2919 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
2920 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
2925 #else /* CONFIG_IEEE80211W */
2927 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
2933 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
2938 #endif /* CONFIG_IEEE80211W */
2941 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
2943 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
2944 size_t gtk_len, kde_len;
2945 struct wpa_group *gsm = sm->group;
2947 int wpa_ie_len, secure, keyidx, encr = 0;
2949 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
2950 sm->TimeoutEvt = FALSE;
2951 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
2953 memset(rsc, 0, WPA_KEY_RSC_LEN);
2954 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2955 wpa_ie = sm->wpa_auth->wpa_ie;
2956 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
2957 if (sm->wpa == WPA_VERSION_WPA &&
2958 (sm->wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) &&
2959 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
2960 /* WPA-only STA, remove RSN IE */
2961 wpa_ie = wpa_ie + wpa_ie[1] + 2;
2962 wpa_ie_len = wpa_ie[1] + 2;
2964 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2965 "sending 3/4 msg of 4-Way Handshake");
2966 if (sm->wpa == WPA_VERSION_WPA2) {
2967 /* WPA2 send GTK in the 4-way handshake */
2969 gtk = gsm->GTK[gsm->GN - 1];
2970 gtk_len = gsm->GTK_len;
2975 /* WPA does not include GTK in msg 3/4 */
2983 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
2985 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
2986 kde = malloc(kde_len);
2991 memcpy(pos, wpa_ie, wpa_ie_len);
2995 hdr[0] = keyidx & 0x03;
2997 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3000 pos = ieee80211w_kde_add(sm, pos);
3002 wpa_send_eapol(sm->wpa_auth, sm,
3003 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
3004 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
3005 WPA_KEY_INFO_KEY_TYPE,
3006 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
3012 SM_STATE(WPA_PTK, PTKINITDONE)
3014 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
3015 sm->EAPOLKeyReceived = FALSE;
3019 if (sm->pairwise == WPA_CIPHER_TKIP) {
3026 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3027 sm->PTK.tk1, klen)) {
3028 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
3031 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
3032 sm->pairwise_set = TRUE;
3034 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) {
3035 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3036 WPA_EAPOL_authorized, 1);
3040 if (0 /* IBSS == TRUE */) {
3042 if (sm->keycount == 2) {
3043 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3044 WPA_EAPOL_portValid, 1);
3047 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3050 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3051 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3052 if (sm->wpa == WPA_VERSION_WPA)
3053 sm->PInitAKeys = TRUE;
3056 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3057 "pairwise key handshake completed (%s)",
3058 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3064 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3067 SM_ENTER(WPA_PTK, INITIALIZE);
3068 else if (sm->Disconnect
3069 /* || FIX: dot11RSNAConfigSALifetime timeout */)
3070 SM_ENTER(WPA_PTK, DISCONNECT);
3071 else if (sm->DeauthenticationRequest)
3072 SM_ENTER(WPA_PTK, DISCONNECTED);
3073 else if (sm->AuthenticationRequest)
3074 SM_ENTER(WPA_PTK, AUTHENTICATION);
3075 else if (sm->ReAuthenticationRequest)
3076 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3077 else if (sm->PTKRequest)
3078 SM_ENTER(WPA_PTK, PTKSTART);
3079 else switch (sm->wpa_ptk_state) {
3080 case WPA_PTK_INITIALIZE:
3082 case WPA_PTK_DISCONNECT:
3083 SM_ENTER(WPA_PTK, DISCONNECTED);
3085 case WPA_PTK_DISCONNECTED:
3086 SM_ENTER(WPA_PTK, INITIALIZE);
3088 case WPA_PTK_AUTHENTICATION:
3089 SM_ENTER(WPA_PTK, AUTHENTICATION2);
3091 case WPA_PTK_AUTHENTICATION2:
3092 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_IEEE8021X) &&
3093 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3094 WPA_EAPOL_keyRun) > 0)
3095 SM_ENTER(WPA_PTK, INITPMK);
3096 else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK)
3097 /* FIX: && 802.1X::keyRun */)
3098 SM_ENTER(WPA_PTK, INITPSK);
3100 case WPA_PTK_INITPMK:
3101 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3102 WPA_EAPOL_keyAvailable) > 0)
3103 SM_ENTER(WPA_PTK, PTKSTART);
3105 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3106 SM_ENTER(WPA_PTK, DISCONNECT);
3109 case WPA_PTK_INITPSK:
3110 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
3111 SM_ENTER(WPA_PTK, PTKSTART);
3113 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3114 "no PSK configured for the STA");
3115 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3116 SM_ENTER(WPA_PTK, DISCONNECT);
3119 case WPA_PTK_PTKSTART:
3120 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3121 sm->EAPOLKeyPairwise)
3122 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3123 else if (sm->TimeoutCtr >
3124 (int) dot11RSNAConfigPairwiseUpdateCount) {
3125 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3126 SM_ENTER(WPA_PTK, DISCONNECT);
3127 } else if (sm->TimeoutEvt)
3128 SM_ENTER(WPA_PTK, PTKSTART);
3130 case WPA_PTK_PTKCALCNEGOTIATING:
3131 if (sm->MICVerified)
3132 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
3133 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3134 sm->EAPOLKeyPairwise)
3135 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
3136 else if (sm->TimeoutEvt)
3137 SM_ENTER(WPA_PTK, PTKSTART);
3139 case WPA_PTK_PTKCALCNEGOTIATING2:
3140 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3142 case WPA_PTK_PTKINITNEGOTIATING:
3143 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3144 sm->EAPOLKeyPairwise && sm->MICVerified)
3145 SM_ENTER(WPA_PTK, PTKINITDONE);
3146 else if (sm->TimeoutCtr >
3147 (int) dot11RSNAConfigPairwiseUpdateCount) {
3148 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3149 SM_ENTER(WPA_PTK, DISCONNECT);
3150 } else if (sm->TimeoutEvt)
3151 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
3153 case WPA_PTK_PTKINITDONE:
3159 SM_STATE(WPA_PTK_GROUP, IDLE)
3161 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
3163 /* Init flag is not cleared here, so avoid busy
3164 * loop by claiming nothing changed. */
3165 sm->changed = FALSE;
3167 sm->GTimeoutCtr = 0;
3171 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
3173 u8 rsc[WPA_KEY_RSC_LEN];
3174 struct wpa_group *gsm = sm->group;
3175 u8 *kde, *pos, hdr[2];
3178 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
3179 if (sm->wpa == WPA_VERSION_WPA)
3180 sm->PInitAKeys = FALSE;
3181 sm->TimeoutEvt = FALSE;
3182 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
3183 memset(rsc, 0, WPA_KEY_RSC_LEN);
3184 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
3185 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3186 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3187 "sending 1/2 msg of Group Key Handshake");
3189 if (sm->wpa == WPA_VERSION_WPA2) {
3190 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
3191 ieee80211w_kde_len(sm);
3192 kde = malloc(kde_len);
3197 hdr[0] = gsm->GN & 0x03;
3199 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
3200 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
3201 pos = ieee80211w_kde_add(sm, pos);
3203 kde = gsm->GTK[gsm->GN - 1];
3204 pos = kde + gsm->GTK_len;
3207 wpa_send_eapol(sm->wpa_auth, sm,
3208 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
3210 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
3211 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
3212 if (sm->wpa == WPA_VERSION_WPA2)
3218 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
3220 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
3221 sm->EAPOLKeyReceived = FALSE;
3222 sm->GUpdateStationKeys = FALSE;
3223 sm->group->GKeyDoneStations--;
3224 sm->GTimeoutCtr = 0;
3225 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
3226 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3227 "group key handshake completed (%s)",
3228 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
3233 SM_STATE(WPA_PTK_GROUP, KEYERROR)
3235 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
3236 sm->group->GKeyDoneStations--;
3237 sm->GUpdateStationKeys = FALSE;
3238 sm->Disconnect = TRUE;
3242 SM_STEP(WPA_PTK_GROUP)
3245 SM_ENTER(WPA_PTK_GROUP, IDLE);
3246 else switch (sm->wpa_ptk_group_state) {
3247 case WPA_PTK_GROUP_IDLE:
3248 if (sm->GUpdateStationKeys ||
3249 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
3250 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3252 case WPA_PTK_GROUP_REKEYNEGOTIATING:
3253 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
3254 !sm->EAPOLKeyPairwise && sm->MICVerified)
3255 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
3256 else if (sm->GTimeoutCtr >
3257 (int) dot11RSNAConfigGroupUpdateCount)
3258 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
3259 else if (sm->TimeoutEvt)
3260 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
3262 case WPA_PTK_GROUP_KEYERROR:
3263 SM_ENTER(WPA_PTK_GROUP, IDLE);
3265 case WPA_PTK_GROUP_REKEYESTABLISHED:
3266 SM_ENTER(WPA_PTK_GROUP, IDLE);
3272 static void wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3273 struct wpa_group *group)
3275 /* FIX: is this the correct way of getting GNonce? */
3276 memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
3277 inc_byte_array(group->Counter, WPA_NONCE_LEN);
3278 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
3279 group->GTK[group->GN - 1], group->GTK_len);
3281 #ifdef CONFIG_IEEE80211W
3282 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
3283 hostapd_get_rand(group->DGTK, WPA_DGTK_LEN);
3284 wpa_hexdump_key(MSG_DEBUG, "DGTK", group->DGTK, WPA_DGTK_LEN);
3285 hostapd_get_rand(group->IGTK[group->GN - 1], WPA_IGTK_LEN);
3286 wpa_hexdump_key(MSG_DEBUG, "IGTK",
3287 group->IGTK[group->GN - 1], WPA_IGTK_LEN);
3289 #endif /* CONFIG_IEEE80211W */
3293 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3294 struct wpa_group *group)
3296 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3297 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
3298 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
3299 group->wpa_group_state = WPA_GROUP_GTK_INIT;
3302 memset(group->GTK, 0, sizeof(group->GTK));
3305 /* GTK[GN] = CalcGTK() */
3306 wpa_gtk_update(wpa_auth, group);
3310 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
3312 sm->GUpdateStationKeys = TRUE;
3318 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3319 struct wpa_group *group)
3323 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3324 "SETKEYS (VLAN-ID %d)", group->vlan_id);
3325 group->changed = TRUE;
3326 group->wpa_group_state = WPA_GROUP_SETKEYS;
3327 group->GTKReKey = FALSE;
3329 group->GM = group->GN;
3331 group->GKeyDoneStations = group->GNoStations;
3332 wpa_gtk_update(wpa_auth, group);
3334 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
3338 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
3339 struct wpa_group *group)
3341 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
3342 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
3343 group->changed = TRUE;
3344 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
3345 wpa_auth_set_key(wpa_auth, group->vlan_id,
3346 wpa_alg_txt(wpa_auth->conf.wpa_group),
3347 NULL, group->GN, group->GTK[group->GN - 1],
3350 #ifdef CONFIG_IEEE80211W
3351 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
3352 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
3353 NULL, group->GN, group->IGTK[group->GN - 1],
3355 wpa_auth_set_key(wpa_auth, group->vlan_id, "DGTK",
3356 NULL, 0, group->DGTK, WPA_DGTK_LEN);
3358 #endif /* CONFIG_IEEE80211W */
3362 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
3363 struct wpa_group *group)
3366 wpa_group_gtk_init(wpa_auth, group);
3367 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
3368 group->GTKAuthenticator) {
3369 wpa_group_setkeysdone(wpa_auth, group);
3370 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
3372 wpa_group_setkeys(wpa_auth, group);
3373 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
3374 if (group->GKeyDoneStations == 0)
3375 wpa_group_setkeysdone(wpa_auth, group);
3376 else if (group->GTKReKey)
3377 wpa_group_setkeys(wpa_auth, group);
3382 static void wpa_sm_step(struct wpa_state_machine *sm)
3387 if (sm->in_step_loop) {
3388 /* This should not happen, but if it does, make sure we do not
3389 * end up freeing the state machine too early by exiting the
3390 * recursive call. */
3391 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
3395 sm->in_step_loop = 1;
3397 if (sm->pending_deinit)
3400 sm->changed = FALSE;
3401 sm->wpa_auth->group->changed = FALSE;
3403 SM_STEP_RUN(WPA_PTK);
3404 if (sm->pending_deinit)
3406 SM_STEP_RUN(WPA_PTK_GROUP);
3407 if (sm->pending_deinit)
3409 wpa_group_sm_step(sm->wpa_auth, sm->group);
3410 } while (sm->changed || sm->wpa_auth->group->changed);
3411 sm->in_step_loop = 0;
3413 if (sm->pending_deinit) {
3414 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
3415 "machine deinit for " MACSTR, MAC2STR(sm->addr));
3416 wpa_free_sta_sm(sm);
3421 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
3423 struct wpa_state_machine *sm = eloop_ctx;
3428 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
3432 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
3436 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
3439 struct wpa_group *group;
3441 if (wpa_auth == NULL)
3444 group = wpa_auth->group;
3446 for (i = 0; i < 2; i++) {
3448 group->GM = group->GN;
3450 wpa_gtk_update(wpa_auth, group);
3455 static const char * wpa_bool_txt(int bool)
3457 return bool ? "TRUE" : "FALSE";
3461 static int wpa_cipher_bits(int cipher)
3464 case WPA_CIPHER_CCMP:
3466 case WPA_CIPHER_TKIP:
3468 case WPA_CIPHER_WEP104:
3470 case WPA_CIPHER_WEP40:
3478 #define RSN_SUITE "%02x-%02x-%02x-%d"
3479 #define RSN_SUITE_ARG(s) (s)[0], (s)[1], (s)[2], (s)[3]
3481 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
3484 char pmkid_txt[PMKID_LEN * 2 + 1];
3486 if (wpa_auth == NULL)
3489 ret = snprintf(buf + len, buflen - len,
3490 "dot11RSNAOptionImplemented=TRUE\n"
3491 #ifdef CONFIG_RSN_PREAUTH
3492 "dot11RSNAPreauthenticationImplemented=TRUE\n"
3493 #else /* CONFIG_RSN_PREAUTH */
3494 "dot11RSNAPreauthenticationImplemented=FALSE\n"
3495 #endif /* CONFIG_RSN_PREAUTH */
3496 "dot11RSNAEnabled=%s\n"
3497 "dot11RSNAPreauthenticationEnabled=%s\n",
3498 wpa_bool_txt(wpa_auth->conf.wpa &
3499 HOSTAPD_WPA_VERSION_WPA2),
3500 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
3501 if (ret < 0 || (size_t) ret >= buflen - len)
3505 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
3506 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
3508 ret = snprintf(buf + len, buflen - len,
3509 "dot11RSNAConfigVersion=%u\n"
3510 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
3511 /* FIX: dot11RSNAConfigGroupCipher */
3512 /* FIX: dot11RSNAConfigGroupRekeyMethod */
3513 /* FIX: dot11RSNAConfigGroupRekeyTime */
3514 /* FIX: dot11RSNAConfigGroupRekeyPackets */
3515 "dot11RSNAConfigGroupRekeyStrict=%u\n"
3516 "dot11RSNAConfigGroupUpdateCount=%u\n"
3517 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
3518 "dot11RSNAConfigGroupCipherSize=%u\n"
3519 "dot11RSNAConfigPMKLifetime=%u\n"
3520 "dot11RSNAConfigPMKReauthThreshold=%u\n"
3521 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
3522 "dot11RSNAConfigSATimeout=%u\n"
3523 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3524 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3525 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3526 "dot11RSNAPMKIDUsed=%s\n"
3527 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3528 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3529 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3530 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
3531 "dot11RSNA4WayHandshakeFailures=%u\n"
3532 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
3534 !!wpa_auth->conf.wpa_strict_rekey,
3535 dot11RSNAConfigGroupUpdateCount,
3536 dot11RSNAConfigPairwiseUpdateCount,
3537 wpa_cipher_bits(wpa_auth->conf.wpa_group),
3538 dot11RSNAConfigPMKLifetime,
3539 dot11RSNAConfigPMKReauthThreshold,
3540 dot11RSNAConfigSATimeout,
3541 RSN_SUITE_ARG(wpa_auth->
3542 dot11RSNAAuthenticationSuiteSelected),
3543 RSN_SUITE_ARG(wpa_auth->
3544 dot11RSNAPairwiseCipherSelected),
3545 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
3547 RSN_SUITE_ARG(wpa_auth->
3548 dot11RSNAAuthenticationSuiteRequested),
3549 RSN_SUITE_ARG(wpa_auth->
3550 dot11RSNAPairwiseCipherRequested),
3551 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
3552 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
3553 wpa_auth->dot11RSNA4WayHandshakeFailures);
3554 if (ret < 0 || (size_t) ret >= buflen - len)
3558 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
3559 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
3562 ret = snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
3563 wpa_auth->group->wpa_group_state);
3564 if (ret < 0 || (size_t) ret >= buflen - len)
3572 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
3575 u8 not_used[4] = { 0, 0, 0, 0 };
3576 const u8 *pairwise = not_used;
3581 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
3583 /* dot11RSNAStatsEntry */
3585 if (sm->wpa == WPA_VERSION_WPA) {
3586 if (sm->pairwise == WPA_CIPHER_CCMP)
3587 pairwise = WPA_CIPHER_SUITE_CCMP;
3588 else if (sm->pairwise == WPA_CIPHER_TKIP)
3589 pairwise = WPA_CIPHER_SUITE_TKIP;
3590 else if (sm->pairwise == WPA_CIPHER_WEP104)
3591 pairwise = WPA_CIPHER_SUITE_WEP104;
3592 else if (sm->pairwise == WPA_CIPHER_WEP40)
3593 pairwise = WPA_CIPHER_SUITE_WEP40;
3594 else if (sm->pairwise == WPA_CIPHER_NONE)
3595 pairwise = WPA_CIPHER_SUITE_NONE;
3596 } else if (sm->wpa == WPA_VERSION_WPA2) {
3597 if (sm->pairwise == WPA_CIPHER_CCMP)
3598 pairwise = RSN_CIPHER_SUITE_CCMP;
3599 else if (sm->pairwise == WPA_CIPHER_TKIP)
3600 pairwise = RSN_CIPHER_SUITE_TKIP;
3601 else if (sm->pairwise == WPA_CIPHER_WEP104)
3602 pairwise = RSN_CIPHER_SUITE_WEP104;
3603 else if (sm->pairwise == WPA_CIPHER_WEP40)
3604 pairwise = RSN_CIPHER_SUITE_WEP40;
3605 else if (sm->pairwise == WPA_CIPHER_NONE)
3606 pairwise = RSN_CIPHER_SUITE_NONE;
3610 ret = snprintf(buf + len, buflen - len,
3611 /* TODO: dot11RSNAStatsIndex */
3612 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
3613 "dot11RSNAStatsVersion=1\n"
3614 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
3615 /* TODO: dot11RSNAStatsTKIPICVErrors */
3616 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
3617 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
3618 /* TODO: dot11RSNAStatsCCMPReplays */
3619 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
3620 /* TODO: dot11RSNAStatsTKIPReplays */,
3622 RSN_SUITE_ARG(pairwise),
3623 sm->dot11RSNAStatsTKIPLocalMICFailures,
3624 sm->dot11RSNAStatsTKIPRemoteMICFailures);
3625 if (ret < 0 || (size_t) ret >= buflen - len)
3630 ret = snprintf(buf + len, buflen - len,
3631 "hostapdWPAPTKState=%d\n"
3632 "hostapdWPAPTKGroupState=%d\n",
3634 sm->wpa_ptk_group_state);
3635 if (ret < 0 || (size_t) ret >= buflen - len)
3643 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
3646 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
3650 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
3652 return sm && sm->pairwise_set;
3656 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
3660 return sm->wpa_key_mgmt;
3664 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3672 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3673 struct rsn_pmksa_cache_entry *entry)
3675 if (sm == NULL || sm->pmksa != entry)
3682 struct rsn_pmksa_cache_entry *
3683 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3685 return sm ? sm->pmksa : NULL;
3689 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
3692 sm->dot11RSNAStatsTKIPLocalMICFailures++;
3696 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
3698 if (wpa_auth == NULL)
3700 *len = wpa_auth->wpa_ie_len;
3701 return wpa_auth->wpa_ie;
3705 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
3706 int session_timeout, struct eapol_state_machine *eapol)
3708 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
3711 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, WPA_PMK_LEN,
3712 sm->wpa_auth->addr, sm->addr, session_timeout,
3720 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
3721 const u8 *pmk, size_t len, const u8 *sta_addr,
3722 int session_timeout,
3723 struct eapol_state_machine *eapol)
3725 if (wpa_auth == NULL)
3728 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
3729 sta_addr, session_timeout, eapol))
3736 static struct wpa_group *
3737 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
3739 struct wpa_group *group;
3741 if (wpa_auth == NULL || wpa_auth->group == NULL)
3744 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
3746 group = wpa_group_init(wpa_auth, vlan_id);
3750 group->next = wpa_auth->group->next;
3751 wpa_auth->group->next = group;
3757 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
3759 struct wpa_group *group;
3761 if (sm == NULL || sm->wpa_auth == NULL)
3764 group = sm->wpa_auth->group;
3766 if (group->vlan_id == vlan_id)
3768 group = group->next;
3771 if (group == NULL) {
3772 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
3777 if (sm->group == group)
3780 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
3781 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
3783 if (sm->group && sm->group != group && sm->sta_counted) {
3784 sm->group->GNoStations--;
3785 sm->sta_counted = 0;
3786 wpa_printf(MSG_DEBUG, "WLA: Decreased GNoStations for the "
3787 "previously used group state machine");
3794 #endif /* CONFIG_NATIVE_WINDOWS */
nant's projects / dragonfly.git / blob