Disconnect hostapd from building in base
[dragonfly.git] / contrib / hostapd / src / rsn_supp / peerkey.c
CommitLineData
a875087d
JL
1/*
2 * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
3 * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi>
4 *
4781064b
JM
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
a875087d
JL
7 */
8
9#include "includes.h"
10
11#ifdef CONFIG_PEERKEY
12
13#include "common.h"
a875087d 14#include "eloop.h"
4781064b
JM
15#include "crypto/sha1.h"
16#include "crypto/sha256.h"
17#include "crypto/random.h"
18#include "common/ieee802_11_defs.h"
a875087d
JL
19#include "wpa.h"
20#include "wpa_i.h"
21#include "wpa_ie.h"
a875087d
JL
22#include "peerkey.h"
23
24
25static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
26{
27 os_memcpy(pos, ie, ie_len);
28 return pos + ie_len;
29}
30
31
32static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
33{
34 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
35 *pos++ = RSN_SELECTOR_LEN + data_len;
36 RSN_SELECTOR_PUT(pos, kde);
37 pos += RSN_SELECTOR_LEN;
38 os_memcpy(pos, data, data_len);
39 pos += data_len;
40 return pos;
41}
42
43
44static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
45{
46#if 0
47 struct wpa_sm *sm = eloop_ctx;
48 struct wpa_peerkey *peerkey = timeout_ctx;
49#endif
50 /* TODO: time out SMK and any STK that was generated using this SMK */
51}
52
53
54static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
55 struct wpa_peerkey *peerkey)
56{
57 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
58 os_free(peerkey);
59}
60
61
62static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
63 const u8 *peer,
64 u16 mui, u16 error_type, int ver)
65{
66 size_t rlen;
67 struct wpa_eapol_key *err;
68 struct rsn_error_kde error;
69 u8 *rbuf, *pos;
70 size_t kde_len;
71 u16 key_info;
72
73 kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
74 if (peer)
75 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
76
77 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
78 NULL, sizeof(*err) + kde_len, &rlen,
79 (void *) &err);
80 if (rbuf == NULL)
81 return -1;
82
83 err->type = EAPOL_KEY_TYPE_RSN;
84 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
85 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
86 WPA_KEY_INFO_REQUEST;
87 WPA_PUT_BE16(err->key_info, key_info);
88 WPA_PUT_BE16(err->key_length, 0);
89 os_memcpy(err->replay_counter, sm->request_counter,
90 WPA_REPLAY_COUNTER_LEN);
91 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
92
93 WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
94 pos = (u8 *) (err + 1);
95
96 if (peer) {
97 /* Peer MAC Address KDE */
98 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
99 }
100
101 /* Error KDE */
102 error.mui = host_to_be16(mui);
103 error.error_type = host_to_be16(error_type);
104 wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error));
105
106 if (peer) {
107 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
108 MACSTR " mui %d error_type %d)",
109 MAC2STR(peer), mui, error_type);
110 } else {
111 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
112 "(mui %d error_type %d)", mui, error_type);
113 }
114
115 wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
116 rbuf, rlen, err->key_mic);
117
118 return 0;
119}
120
121
122static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
123 const unsigned char *src_addr,
124 const struct wpa_eapol_key *key,
125 int ver, struct wpa_peerkey *peerkey)
126{
127 size_t rlen;
128 struct wpa_eapol_key *reply;
129 u8 *rbuf, *pos;
130 size_t kde_len;
131 u16 key_info;
132
133 /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
134 kde_len = peerkey->rsnie_p_len +
135 2 + RSN_SELECTOR_LEN + ETH_ALEN +
136 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
137
138 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
139 NULL, sizeof(*reply) + kde_len, &rlen,
140 (void *) &reply);
141 if (rbuf == NULL)
142 return -1;
143
144 reply->type = EAPOL_KEY_TYPE_RSN;
145 key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
146 WPA_KEY_INFO_SECURE;
147 WPA_PUT_BE16(reply->key_info, key_info);
148 WPA_PUT_BE16(reply->key_length, 0);
149 os_memcpy(reply->replay_counter, key->replay_counter,
150 WPA_REPLAY_COUNTER_LEN);
151
152 os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
153
154 WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
155 pos = (u8 *) (reply + 1);
156
157 /* Peer RSN IE */
158 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
159
160 /* Initiator MAC Address KDE */
161 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
162
163 /* Initiator Nonce */
164 wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
165
166 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
167 wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
168 rbuf, rlen, reply->key_mic);
169
170 return 0;
171}
172
173
174static int wpa_supplicant_process_smk_m2(
175 struct wpa_sm *sm, const unsigned char *src_addr,
176 const struct wpa_eapol_key *key, size_t extra_len, int ver)
177{
178 struct wpa_peerkey *peerkey;
179 struct wpa_eapol_ie_parse kde;
180 struct wpa_ie_data ie;
181 int cipher;
182 struct rsn_ie_hdr *hdr;
183 u8 *pos;
184
185 wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
186
187 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
188 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
189 "the current network");
190 return -1;
191 }
192
193 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
194 0) {
195 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
196 return -1;
197 }
198
199 if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
200 kde.mac_addr_len < ETH_ALEN) {
201 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
202 "SMK M2");
203 return -1;
204 }
205
206 wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
207 MAC2STR(kde.mac_addr));
208
209 if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
210 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
211 "M2");
212 return -1;
213 }
214
215 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
216 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
217 return -1;
218 }
219
4781064b
JM
220 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
221 sm->allowed_pairwise_cipher, 0);
222 if (cipher < 0) {
a875087d
JL
223 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
224 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
225 STK_MUI_SMK, STK_ERR_CPHR_NS,
226 ver);
227 return -1;
228 }
4781064b
JM
229 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
230 wpa_cipher_txt(cipher));
a875087d
JL
231
232 /* TODO: find existing entry and if found, use that instead of adding
233 * a new one; how to handle the case where both ends initiate at the
234 * same time? */
235 peerkey = os_zalloc(sizeof(*peerkey));
236 if (peerkey == NULL)
237 return -1;
238 os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
239 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
240 os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
241 peerkey->rsnie_i_len = kde.rsn_ie_len;
242 peerkey->cipher = cipher;
243#ifdef CONFIG_IEEE80211W
244 if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 |
245 WPA_KEY_MGMT_PSK_SHA256))
246 peerkey->use_sha256 = 1;
247#endif /* CONFIG_IEEE80211W */
248
4781064b
JM
249 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
250 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
a875087d
JL
251 "WPA: Failed to get random data for PNonce");
252 wpa_supplicant_peerkey_free(sm, peerkey);
253 return -1;
254 }
255
256 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
257 hdr->elem_id = WLAN_EID_RSN;
258 WPA_PUT_LE16(hdr->version, RSN_VERSION);
259 pos = (u8 *) (hdr + 1);
260 /* Group Suite can be anything for SMK RSN IE; receiver will just
261 * ignore it. */
262 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
263 pos += RSN_SELECTOR_LEN;
264 /* Include only the selected cipher in pairwise cipher suite */
265 WPA_PUT_LE16(pos, 1);
266 pos += 2;
4781064b 267 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher));
a875087d
JL
268 pos += RSN_SELECTOR_LEN;
269
270 hdr->len = (pos - peerkey->rsnie_p) - 2;
271 peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
272 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
273 peerkey->rsnie_p, peerkey->rsnie_p_len);
274
275 wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
276
277 peerkey->next = sm->peerkey;
278 sm->peerkey = peerkey;
279
280 return 0;
281}
282
283
284/**
285 * rsn_smkid - Derive SMK identifier
286 * @smk: Station master key (32 bytes)
287 * @pnonce: Peer Nonce
288 * @mac_p: Peer MAC address
289 * @inonce: Initiator Nonce
290 * @mac_i: Initiator MAC address
291 * @use_sha256: Whether to use SHA256-based KDF
292 *
293 * 8.5.1.4 Station to station (STK) key hierarchy
294 * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
295 */
296static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
297 const u8 *inonce, const u8 *mac_i, u8 *smkid,
298 int use_sha256)
299{
300 char *title = "SMK Name";
301 const u8 *addr[5];
302 const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
303 ETH_ALEN };
304 unsigned char hash[SHA256_MAC_LEN];
305
306 addr[0] = (u8 *) title;
307 addr[1] = pnonce;
308 addr[2] = mac_p;
309 addr[3] = inonce;
310 addr[4] = mac_i;
311
312#ifdef CONFIG_IEEE80211W
313 if (use_sha256)
314 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash);
315 else
316#endif /* CONFIG_IEEE80211W */
317 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
318 os_memcpy(smkid, hash, PMKID_LEN);
319}
320
321
322static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
323 struct wpa_peerkey *peerkey)
324{
325 size_t mlen;
326 struct wpa_eapol_key *msg;
327 u8 *mbuf;
328 size_t kde_len;
329 u16 key_info, ver;
330
331 kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
332
333 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
334 sizeof(*msg) + kde_len, &mlen,
335 (void *) &msg);
336 if (mbuf == NULL)
337 return;
338
339 msg->type = EAPOL_KEY_TYPE_RSN;
340
4781064b 341 if (peerkey->cipher != WPA_CIPHER_TKIP)
a875087d
JL
342 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
343 else
344 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
345
346 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
347 WPA_PUT_BE16(msg->key_info, key_info);
348
4781064b 349 if (peerkey->cipher != WPA_CIPHER_TKIP)
a875087d
JL
350 WPA_PUT_BE16(msg->key_length, 16);
351 else
352 WPA_PUT_BE16(msg->key_length, 32);
353
354 os_memcpy(msg->replay_counter, peerkey->replay_counter,
355 WPA_REPLAY_COUNTER_LEN);
356 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
357
358 WPA_PUT_BE16(msg->key_data_length, kde_len);
359 wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
360 peerkey->smkid, PMKID_LEN);
361
4781064b
JM
362 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
363 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
a875087d
JL
364 "RSN: Failed to get random data for INonce (STK)");
365 os_free(mbuf);
366 return;
367 }
368 wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
369 peerkey->inonce, WPA_NONCE_LEN);
370 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
371
372 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
373 MAC2STR(peerkey->addr));
374 wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
375 mbuf, mlen, NULL);
376}
377
378
379static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
380 struct wpa_peerkey *peerkey)
381{
382 size_t mlen;
383 struct wpa_eapol_key *msg;
384 u8 *mbuf, *pos;
385 size_t kde_len;
386 u16 key_info, ver;
387 be32 lifetime;
388
389 kde_len = peerkey->rsnie_i_len +
390 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
391
392 mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
393 sizeof(*msg) + kde_len, &mlen,
394 (void *) &msg);
395 if (mbuf == NULL)
396 return;
397
398 msg->type = EAPOL_KEY_TYPE_RSN;
399
4781064b 400 if (peerkey->cipher != WPA_CIPHER_TKIP)
a875087d
JL
401 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
402 else
403 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
404
405 key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
406 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
407 WPA_PUT_BE16(msg->key_info, key_info);
408
4781064b 409 if (peerkey->cipher != WPA_CIPHER_TKIP)
a875087d
JL
410 WPA_PUT_BE16(msg->key_length, 16);
411 else
412 WPA_PUT_BE16(msg->key_length, 32);
413
414 os_memcpy(msg->replay_counter, peerkey->replay_counter,
415 WPA_REPLAY_COUNTER_LEN);
416 inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
417
418 WPA_PUT_BE16(msg->key_data_length, kde_len);
419 pos = (u8 *) (msg + 1);
420 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
421 lifetime = host_to_be32(peerkey->lifetime);
422 wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
423 (u8 *) &lifetime, sizeof(lifetime));
424
425 os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
426
427 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
428 MAC2STR(peerkey->addr));
429 wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
430 ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
431}
432
433
434static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey,
435 struct wpa_eapol_ie_parse *kde)
436{
437 wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")",
438 MAC2STR(kde->mac_addr));
439
440 if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0)
441 {
442 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
443 "match with the one used in SMK M3");
444 return -1;
445 }
446
447 if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
448 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not "
449 "match with the one received in SMK M2");
450 return -1;
451 }
452
453 return 0;
454}
455
456
457static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
458 const unsigned char *src_addr,
459 const struct wpa_eapol_key *key,
460 int ver,
461 struct wpa_peerkey *peerkey,
462 struct wpa_eapol_ie_parse *kde)
463{
464 int cipher;
465 struct wpa_ie_data ie;
466
467 wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
468 MAC2STR(kde->mac_addr));
469 if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
470 wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
471 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
472 /* TODO: abort negotiation */
473 return -1;
474 }
475
476 if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
477 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
478 "not match with INonce used in SMK M1");
479 return -1;
480 }
481
482 if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
483 {
484 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
485 "match with the one used in SMK M1");
486 return -1;
487 }
488
489 os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
490 peerkey->rsnie_p_len = kde->rsn_ie_len;
491 os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
492
4781064b
JM
493 cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
494 sm->allowed_pairwise_cipher, 0);
495 if (cipher < 0) {
a875087d
JL
496 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
497 "unacceptable cipher", MAC2STR(kde->mac_addr));
498 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
499 STK_MUI_SMK, STK_ERR_CPHR_NS,
500 ver);
501 /* TODO: abort negotiation */
502 return -1;
503 }
4781064b
JM
504 wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
505 wpa_cipher_txt(cipher));
506 peerkey->cipher = cipher;
a875087d
JL
507
508 return 0;
509}
510
511
512static int wpa_supplicant_process_smk_m45(
513 struct wpa_sm *sm, const unsigned char *src_addr,
514 const struct wpa_eapol_key *key, size_t extra_len, int ver)
515{
516 struct wpa_peerkey *peerkey;
517 struct wpa_eapol_ie_parse kde;
518 u32 lifetime;
a875087d
JL
519
520 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
521 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
522 "the current network");
523 return -1;
524 }
525
526 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
527 0) {
528 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
529 return -1;
530 }
531
532 if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
533 kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
534 kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
535 kde.lifetime == NULL || kde.lifetime_len < 4) {
536 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
537 "Lifetime KDE in SMK M4/M5");
538 return -1;
539 }
540
541 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
542 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
543 os_memcmp(peerkey->initiator ? peerkey->inonce :
544 peerkey->pnonce,
545 key->key_nonce, WPA_NONCE_LEN) == 0)
546 break;
547 }
548 if (peerkey == NULL) {
549 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
550 "for SMK M4/M5: peer " MACSTR,
551 MAC2STR(kde.mac_addr));
552 return -1;
553 }
554
555 if (peerkey->initiator) {
556 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver,
557 peerkey, &kde) < 0)
558 return -1;
559 } else {
560 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0)
561 return -1;
562 }
563
564 os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
565 peerkey->smk_complete = 1;
566 wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
567 lifetime = WPA_GET_BE32(kde.lifetime);
568 wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
569 if (lifetime > 1000000000)
4781064b 570 lifetime = 1000000000; /* avoid overflowing eloop time */
a875087d 571 peerkey->lifetime = lifetime;
a875087d
JL
572 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
573 sm, peerkey);
574
575 if (peerkey->initiator) {
576 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
577 peerkey->inonce, sm->own_addr, peerkey->smkid,
578 peerkey->use_sha256);
579 wpa_supplicant_send_stk_1_of_4(sm, peerkey);
580 } else {
581 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
582 peerkey->inonce, peerkey->addr, peerkey->smkid,
583 peerkey->use_sha256);
584 }
585 wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
586
587 return 0;
588}
589
590
591static int wpa_supplicant_process_smk_error(
592 struct wpa_sm *sm, const unsigned char *src_addr,
593 const struct wpa_eapol_key *key, size_t extra_len)
594{
595 struct wpa_eapol_ie_parse kde;
596 struct rsn_error_kde error;
597 u8 peer[ETH_ALEN];
598 u16 error_type;
599
600 wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
601
602 if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
603 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
604 "the current network");
605 return -1;
606 }
607
608 if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
609 0) {
610 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
611 return -1;
612 }
613
614 if (kde.error == NULL || kde.error_len < sizeof(error)) {
615 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
616 return -1;
617 }
618
619 if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
620 os_memcpy(peer, kde.mac_addr, ETH_ALEN);
4781064b
JM
621 else
622 os_memset(peer, 0, ETH_ALEN);
a875087d
JL
623 os_memcpy(&error, kde.error, sizeof(error));
624 error_type = be_to_host16(error.error_type);
4781064b 625 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
a875087d
JL
626 "RSN: SMK Error KDE received: MUI %d error_type %d peer "
627 MACSTR,
628 be_to_host16(error.mui), error_type,
629 MAC2STR(peer));
630
631 if (kde.mac_addr &&
632 (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
633 error_type == STK_ERR_CPHR_NS)) {
634 struct wpa_peerkey *peerkey;
635
636 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
637 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
638 0)
639 break;
640 }
641 if (peerkey == NULL) {
642 wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
643 "found for SMK Error");
644 return -1;
645 }
646 /* TODO: abort SMK/STK handshake and remove all related keys */
647 }
648
649 return 0;
650}
651
652
653static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
654 struct wpa_peerkey *peerkey,
655 const struct wpa_eapol_key *key,
656 u16 ver)
657{
658 struct wpa_eapol_ie_parse ie;
659 const u8 *kde;
660 size_t len, kde_buf_len;
661 struct wpa_ptk *stk;
662 u8 buf[8], *kde_buf, *pos;
663 be32 lifetime;
664
665 wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
666 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
667
668 os_memset(&ie, 0, sizeof(ie));
669
670 /* RSN: msg 1/4 should contain SMKID for the selected SMK */
671 kde = (const u8 *) (key + 1);
672 len = WPA_GET_BE16(key->key_data_length);
673 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
674 if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
675 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
676 return;
677 }
678 if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
679 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
680 ie.pmkid, PMKID_LEN);
681 return;
682 }
683
4781064b
JM
684 if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
685 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
a875087d
JL
686 "RSN: Failed to get random data for PNonce");
687 return;
688 }
689 wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
690 peerkey->pnonce, WPA_NONCE_LEN);
691
692 /* Calculate STK which will be stored as a temporary STK until it has
693 * been verified when processing message 3/4. */
694 stk = &peerkey->tstk;
695 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
696 sm->own_addr, peerkey->addr,
697 peerkey->pnonce, key->key_nonce,
698 (u8 *) stk, sizeof(*stk),
699 peerkey->use_sha256);
700 /* Supplicant: swap tx/rx Mic keys */
701 os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
702 os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
703 os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
704 peerkey->tstk_set = 1;
705
706 kde_buf_len = peerkey->rsnie_p_len +
707 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
708 2 + RSN_SELECTOR_LEN + PMKID_LEN;
709 kde_buf = os_malloc(kde_buf_len);
710 if (kde_buf == NULL)
711 return;
712 pos = kde_buf;
713 pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
714 lifetime = host_to_be32(peerkey->lifetime);
715 pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
716 (u8 *) &lifetime, sizeof(lifetime));
717 wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
718
719 if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
720 peerkey->pnonce, kde_buf, kde_buf_len,
721 stk)) {
722 os_free(kde_buf);
723 return;
724 }
725 os_free(kde_buf);
726
727 os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
728}
729
730
731static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
732 struct wpa_peerkey *peerkey,
733 struct wpa_eapol_ie_parse *kde)
734{
735 u32 lifetime;
a875087d
JL
736
737 if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
738 return;
739
740 lifetime = WPA_GET_BE32(kde->lifetime);
741
742 if (lifetime >= peerkey->lifetime) {
743 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
744 "which is larger than or equal to own value %u "
745 "seconds - ignored", lifetime, peerkey->lifetime);
746 return;
747 }
748
749 wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
750 "(own was %u seconds) - updated",
751 lifetime, peerkey->lifetime);
752 peerkey->lifetime = lifetime;
753
a875087d
JL
754 eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
755 eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
756 sm, peerkey);
757}
758
759
760static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
761 struct wpa_peerkey *peerkey,
762 const struct wpa_eapol_key *key,
763 u16 ver)
764{
765 struct wpa_eapol_ie_parse kde;
766 const u8 *keydata;
767 size_t len;
768
769 wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
770 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
771
772 os_memset(&kde, 0, sizeof(kde));
773
774 /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
775 * from the peer. It may also include Lifetime KDE. */
776 keydata = (const u8 *) (key + 1);
777 len = WPA_GET_BE16(key->key_data_length);
778 wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
779 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
780 kde.pmkid == NULL || kde.rsn_ie == NULL) {
781 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
782 return;
783 }
784
785 if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
786 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
787 kde.pmkid, PMKID_LEN);
788 return;
789 }
790
791 if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
792 os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
793 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
794 "handshakes did not match");
795 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
796 peerkey->rsnie_p, peerkey->rsnie_p_len);
797 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
798 kde.rsn_ie, kde.rsn_ie_len);
799 return;
800 }
801
802 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
803
804 wpa_supplicant_send_stk_3_of_4(sm, peerkey);
805 os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
806}
807
808
809static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
810 struct wpa_peerkey *peerkey,
811 const struct wpa_eapol_key *key,
812 u16 ver)
813{
814 struct wpa_eapol_ie_parse kde;
815 const u8 *keydata;
816 size_t len, key_len;
817 const u8 *_key;
818 u8 key_buf[32], rsc[6];
819
820 wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
821 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
822
823 os_memset(&kde, 0, sizeof(kde));
824
825 /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
826 * Lifetime KDE. */
827 keydata = (const u8 *) (key + 1);
828 len = WPA_GET_BE16(key->key_data_length);
829 wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
830 if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
831 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
832 "STK 3/4");
833 return;
834 }
835
836 if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
837 os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
838 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
839 "handshakes did not match");
840 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
841 "handshake",
842 peerkey->rsnie_i, peerkey->rsnie_i_len);
843 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
844 "handshake",
845 kde.rsn_ie, kde.rsn_ie_len);
846 return;
847 }
848
849 if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
850 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
851 "4-Way Handshake differs from 3 of STK 4-Way "
852 "Handshake - drop packet (src=" MACSTR ")",
853 MAC2STR(peerkey->addr));
854 return;
855 }
856
857 wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
858
859 if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
860 WPA_GET_BE16(key->key_info),
861 NULL, 0, &peerkey->stk))
862 return;
863
864 _key = (u8 *) peerkey->stk.tk1;
865 if (peerkey->cipher == WPA_CIPHER_TKIP) {
866 /* Swap Tx/Rx keys for Michael MIC */
867 os_memcpy(key_buf, _key, 16);
868 os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8);
869 os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8);
870 _key = key_buf;
871 key_len = 32;
872 } else
873 key_len = 16;
874
875 os_memset(rsc, 0, 6);
876 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
877 rsc, sizeof(rsc), _key, key_len) < 0) {
878 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
879 "driver.");
880 return;
881 }
882}
883
884
885static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
886 struct wpa_peerkey *peerkey,
887 const struct wpa_eapol_key *key,
888 u16 ver)
889{
890 u8 rsc[6];
891
892 wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
893 MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
894
895 os_memset(rsc, 0, 6);
896 if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
897 rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
898 peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
899 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
900 "driver.");
901 return;
902 }
903}
904
905
906/**
907 * peerkey_verify_eapol_key_mic - Verify PeerKey MIC
908 * @sm: Pointer to WPA state machine data from wpa_sm_init()
909 * @peerkey: Pointer to the PeerKey data for the peer
910 * @key: Pointer to the EAPOL-Key frame header
911 * @ver: Version bits from EAPOL-Key Key Info
912 * @buf: Pointer to the beginning of EAPOL-Key frame
913 * @len: Length of the EAPOL-Key frame
914 * Returns: 0 on success, -1 on failure
915 */
916int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
917 struct wpa_peerkey *peerkey,
918 struct wpa_eapol_key *key, u16 ver,
919 const u8 *buf, size_t len)
920{
921 u8 mic[16];
922 int ok = 0;
923
924 if (peerkey->initiator && !peerkey->stk_set) {
925 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
926 sm->own_addr, peerkey->addr,
927 peerkey->inonce, key->key_nonce,
928 (u8 *) &peerkey->stk, sizeof(peerkey->stk),
929 peerkey->use_sha256);
930 peerkey->stk_set = 1;
931 }
932
933 os_memcpy(mic, key->key_mic, 16);
934 if (peerkey->tstk_set) {
935 os_memset(key->key_mic, 0, 16);
936 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
937 key->key_mic);
938 if (os_memcmp(mic, key->key_mic, 16) != 0) {
939 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
940 "when using TSTK - ignoring TSTK");
941 } else {
942 ok = 1;
943 peerkey->tstk_set = 0;
944 peerkey->stk_set = 1;
945 os_memcpy(&peerkey->stk, &peerkey->tstk,
946 sizeof(peerkey->stk));
947 }
948 }
949
950 if (!ok && peerkey->stk_set) {
951 os_memset(key->key_mic, 0, 16);
952 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
953 key->key_mic);
954 if (os_memcmp(mic, key->key_mic, 16) != 0) {
955 wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
956 "- dropping packet");
957 return -1;
958 }
959 ok = 1;
960 }
961
962 if (!ok) {
963 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
964 "- dropping packet");
965 return -1;
966 }
967
968 os_memcpy(peerkey->replay_counter, key->replay_counter,
969 WPA_REPLAY_COUNTER_LEN);
970 peerkey->replay_counter_set = 1;
971 return 0;
972}
973
974
975/**
976 * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
977 * @sm: Pointer to WPA state machine data from wpa_sm_init()
978 * @peer: MAC address of the peer STA
979 * Returns: 0 on success, or -1 on failure
980 *
981 * Send an EAPOL-Key Request to the current authenticator to start STK
982 * handshake with the peer.
983 */
984int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
985{
986 size_t rlen, kde_len;
987 struct wpa_eapol_key *req;
988 int key_info, ver;
989 u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
990 u16 count;
991 struct rsn_ie_hdr *hdr;
992 struct wpa_peerkey *peerkey;
993 struct wpa_ie_data ie;
994
995 if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled)
996 return -1;
997
998 if (sm->ap_rsn_ie &&
999 wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
1000 !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
1001 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
1002 return -1;
1003 }
1004
4781064b 1005 if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
a875087d
JL
1006 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1007 else
1008 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1009
1010 if (wpa_sm_get_bssid(sm, bssid) < 0) {
1011 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
1012 "SMK M1");
1013 return -1;
1014 }
1015
1016 /* TODO: find existing entry and if found, use that instead of adding
1017 * a new one */
1018 peerkey = os_zalloc(sizeof(*peerkey));
1019 if (peerkey == NULL)
1020 return -1;
1021 peerkey->initiator = 1;
1022 os_memcpy(peerkey->addr, peer, ETH_ALEN);
1023#ifdef CONFIG_IEEE80211W
1024 if (wpa_key_mgmt_sha256(sm->key_mgmt))
1025 peerkey->use_sha256 = 1;
1026#endif /* CONFIG_IEEE80211W */
1027
1028 /* SMK M1:
1029 * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1030 * MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
1031 */
1032
1033 hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
1034 hdr->elem_id = WLAN_EID_RSN;
1035 WPA_PUT_LE16(hdr->version, RSN_VERSION);
1036 pos = (u8 *) (hdr + 1);
1037 /* Group Suite can be anything for SMK RSN IE; receiver will just
1038 * ignore it. */
1039 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1040 pos += RSN_SELECTOR_LEN;
1041 count_pos = pos;
1042 pos += 2;
1043
4781064b
JM
1044 count = rsn_cipher_put_suites(pos, sm->allowed_pairwise_cipher);
1045 pos += count * RSN_SELECTOR_LEN;
a875087d
JL
1046 WPA_PUT_LE16(count_pos, count);
1047
1048 hdr->len = (pos - peerkey->rsnie_i) - 2;
1049 peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
1050 wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
1051 peerkey->rsnie_i, peerkey->rsnie_i_len);
1052
1053 kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1054
1055 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1056 sizeof(*req) + kde_len, &rlen,
1057 (void *) &req);
1058 if (rbuf == NULL) {
1059 wpa_supplicant_peerkey_free(sm, peerkey);
1060 return -1;
1061 }
1062
1063 req->type = EAPOL_KEY_TYPE_RSN;
1064 key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
1065 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1066 WPA_PUT_BE16(req->key_info, key_info);
1067 WPA_PUT_BE16(req->key_length, 0);
1068 os_memcpy(req->replay_counter, sm->request_counter,
1069 WPA_REPLAY_COUNTER_LEN);
1070 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1071
4781064b
JM
1072 if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
1073 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
a875087d
JL
1074 "WPA: Failed to get random data for INonce");
1075 os_free(rbuf);
1076 wpa_supplicant_peerkey_free(sm, peerkey);
1077 return -1;
1078 }
1079 os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1080 wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1081 req->key_nonce, WPA_NONCE_LEN);
1082
1083 WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
1084 pos = (u8 *) (req + 1);
1085
1086 /* Initiator RSN IE */
1087 pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
1088 /* Peer MAC address KDE */
1089 wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1090
1091 wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
1092 MACSTR ")", MAC2STR(peer));
1093 wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1094 rbuf, rlen, req->key_mic);
1095
1096 peerkey->next = sm->peerkey;
1097 sm->peerkey = peerkey;
1098
1099 return 0;
1100}
1101
1102
1103/**
1104 * peerkey_deinit - Free PeerKey values
1105 * @sm: Pointer to WPA state machine data from wpa_sm_init()
1106 */
1107void peerkey_deinit(struct wpa_sm *sm)
1108{
1109 struct wpa_peerkey *prev, *peerkey = sm->peerkey;
1110 while (peerkey) {
1111 prev = peerkey;
1112 peerkey = peerkey->next;
4781064b 1113 wpa_supplicant_peerkey_free(sm, prev);
a875087d 1114 }
4781064b 1115 sm->peerkey = NULL;
a875087d
JL
1116}
1117
1118
1119void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
1120 struct wpa_eapol_key *key, u16 key_info, u16 ver)
1121{
1122 if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
1123 (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
1124 /* 3/4 STK 4-Way Handshake */
1125 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
1126 } else if (key_info & WPA_KEY_INFO_ACK) {
1127 /* 1/4 STK 4-Way Handshake */
1128 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
1129 } else if (key_info & WPA_KEY_INFO_SECURE) {
1130 /* 4/4 STK 4-Way Handshake */
1131 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
1132 } else {
1133 /* 2/4 STK 4-Way Handshake */
1134 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
1135 }
1136}
1137
1138
1139void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
1140 struct wpa_eapol_key *key, size_t extra_len,
1141 u16 key_info, u16 ver)
1142{
1143 if (key_info & WPA_KEY_INFO_ERROR) {
1144 /* SMK Error */
1145 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len);
1146 } else if (key_info & WPA_KEY_INFO_ACK) {
1147 /* SMK M2 */
1148 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len,
1149 ver);
1150 } else {
1151 /* SMK M4 or M5 */
1152 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len,
1153 ver);
1154 }
1155}
1156
1157#endif /* CONFIG_PEERKEY */