Merge branch 'vendor/MPC'
[dragonfly.git] / contrib / hostapd / src / rsn_supp / wpa.c
1 /*
2  * WPA Supplicant - WPA state machine and EAPOL-Key processing
3  * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "rc4.h"
19 #include "aes_wrap.h"
20 #include "wpa.h"
21 #include "eloop.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "preauth.h"
24 #include "pmksa_cache.h"
25 #include "wpa_i.h"
26 #include "wpa_ie.h"
27 #include "peerkey.h"
28 #include "ieee802_11_defs.h"
29
30
31 /**
32  * wpa_cipher_txt - Convert cipher suite to a text string
33  * @cipher: Cipher suite (WPA_CIPHER_* enum)
34  * Returns: Pointer to a text string of the cipher suite name
35  */
36 static const char * wpa_cipher_txt(int cipher)
37 {
38         switch (cipher) {
39         case WPA_CIPHER_NONE:
40                 return "NONE";
41         case WPA_CIPHER_WEP40:
42                 return "WEP-40";
43         case WPA_CIPHER_WEP104:
44                 return "WEP-104";
45         case WPA_CIPHER_TKIP:
46                 return "TKIP";
47         case WPA_CIPHER_CCMP:
48                 return "CCMP";
49         default:
50                 return "UNKNOWN";
51         }
52 }
53
54
55 /**
56  * wpa_key_mgmt_txt - Convert key management suite to a text string
57  * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
58  * @proto: WPA/WPA2 version (WPA_PROTO_*)
59  * Returns: Pointer to a text string of the key management suite name
60  */
61 static const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
62 {
63         switch (key_mgmt) {
64         case WPA_KEY_MGMT_IEEE8021X:
65                 return proto == WPA_PROTO_RSN ?
66                         "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
67         case WPA_KEY_MGMT_PSK:
68                 return proto == WPA_PROTO_RSN ?
69                         "WPA2-PSK" : "WPA-PSK";
70         case WPA_KEY_MGMT_NONE:
71                 return "NONE";
72         case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
73                 return "IEEE 802.1X (no WPA)";
74 #ifdef CONFIG_IEEE80211R
75         case WPA_KEY_MGMT_FT_IEEE8021X:
76                 return "FT-EAP";
77         case WPA_KEY_MGMT_FT_PSK:
78                 return "FT-PSK";
79 #endif /* CONFIG_IEEE80211R */
80 #ifdef CONFIG_IEEE80211W
81         case WPA_KEY_MGMT_IEEE8021X_SHA256:
82                 return "WPA2-EAP-SHA256";
83         case WPA_KEY_MGMT_PSK_SHA256:
84                 return "WPA2-PSK-SHA256";
85 #endif /* CONFIG_IEEE80211W */
86         default:
87                 return "UNKNOWN";
88         }
89 }
90
91
92 /**
93  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
94  * @sm: Pointer to WPA state machine data from wpa_sm_init()
95  * @kck: Key Confirmation Key (KCK, part of PTK)
96  * @ver: Version field from Key Info
97  * @dest: Destination address for the frame
98  * @proto: Ethertype (usually ETH_P_EAPOL)
99  * @msg: EAPOL-Key message
100  * @msg_len: Length of message
101  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
102  */
103 void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
104                         int ver, const u8 *dest, u16 proto,
105                         u8 *msg, size_t msg_len, u8 *key_mic)
106 {
107         if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
108                 /*
109                  * Association event was not yet received; try to fetch
110                  * BSSID from the driver.
111                  */
112                 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
113                         wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
114                                    "EAPOL-Key destination address");
115                 } else {
116                         dest = sm->bssid;
117                         wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
118                                    ") as the destination for EAPOL-Key",
119                                    MAC2STR(dest));
120                 }
121         }
122         if (key_mic)
123                 wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
124         wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
125         wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
126         eapol_sm_notify_tx_eapol_key(sm->eapol);
127         os_free(msg);
128 }
129
130
131 /**
132  * wpa_sm_key_request - Send EAPOL-Key Request
133  * @sm: Pointer to WPA state machine data from wpa_sm_init()
134  * @error: Indicate whether this is an Michael MIC error report
135  * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
136  *
137  * Send an EAPOL-Key Request to the current authenticator. This function is
138  * used to request rekeying and it is usually called when a local Michael MIC
139  * failure is detected.
140  */
141 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
142 {
143         size_t rlen;
144         struct wpa_eapol_key *reply;
145         int key_info, ver;
146         u8 bssid[ETH_ALEN], *rbuf;
147
148         if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt))
149                 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
150         else if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
151                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
152         else
153                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
154
155         if (wpa_sm_get_bssid(sm, bssid) < 0) {
156                 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
157                            "request");
158                 return;
159         }
160
161         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
162                                   sizeof(*reply), &rlen, (void *) &reply);
163         if (rbuf == NULL)
164                 return;
165
166         reply->type = sm->proto == WPA_PROTO_RSN ?
167                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
168         key_info = WPA_KEY_INFO_REQUEST | ver;
169         if (sm->ptk_set)
170                 key_info |= WPA_KEY_INFO_MIC;
171         if (error)
172                 key_info |= WPA_KEY_INFO_ERROR;
173         if (pairwise)
174                 key_info |= WPA_KEY_INFO_KEY_TYPE;
175         WPA_PUT_BE16(reply->key_info, key_info);
176         WPA_PUT_BE16(reply->key_length, 0);
177         os_memcpy(reply->replay_counter, sm->request_counter,
178                   WPA_REPLAY_COUNTER_LEN);
179         inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
180
181         WPA_PUT_BE16(reply->key_data_length, 0);
182
183         wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d "
184                    "pairwise=%d ptk_set=%d len=%lu)",
185                    error, pairwise, sm->ptk_set, (unsigned long) rlen);
186         wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
187                            rbuf, rlen, key_info & WPA_KEY_INFO_MIC ?
188                            reply->key_mic : NULL);
189 }
190
191
192 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
193                                   const unsigned char *src_addr,
194                                   const u8 *pmkid)
195 {
196         int abort_cached = 0;
197
198         if (pmkid && !sm->cur_pmksa) {
199                 /* When using drivers that generate RSN IE, wpa_supplicant may
200                  * not have enough time to get the association information
201                  * event before receiving this 1/4 message, so try to find a
202                  * matching PMKSA cache entry here. */
203                 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
204                 if (sm->cur_pmksa) {
205                         wpa_printf(MSG_DEBUG, "RSN: found matching PMKID from "
206                                    "PMKSA cache");
207                 } else {
208                         wpa_printf(MSG_DEBUG, "RSN: no matching PMKID found");
209                         abort_cached = 1;
210                 }
211         }
212
213         if (pmkid && sm->cur_pmksa &&
214             os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
215                 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
216                 wpa_sm_set_pmk_from_pmksa(sm);
217                 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
218                                 sm->pmk, sm->pmk_len);
219                 eapol_sm_notify_cached(sm->eapol);
220 #ifdef CONFIG_IEEE80211R
221                 sm->xxkey_len = 0;
222 #endif /* CONFIG_IEEE80211R */
223         } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
224                 int res, pmk_len;
225                 pmk_len = PMK_LEN;
226                 res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
227                 if (res) {
228                         /*
229                          * EAP-LEAP is an exception from other EAP methods: it
230                          * uses only 16-byte PMK.
231                          */
232                         res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
233                         pmk_len = 16;
234                 } else {
235 #ifdef CONFIG_IEEE80211R
236                         u8 buf[2 * PMK_LEN];
237                         if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
238                         {
239                                 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
240                                 sm->xxkey_len = PMK_LEN;
241                                 os_memset(buf, 0, sizeof(buf));
242                         }
243 #endif /* CONFIG_IEEE80211R */
244                 }
245                 if (res == 0) {
246                         wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
247                                         "machines", sm->pmk, pmk_len);
248                         sm->pmk_len = pmk_len;
249                         pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr,
250                                         sm->own_addr, sm->network_ctx,
251                                         sm->key_mgmt);
252                         if (!sm->cur_pmksa && pmkid &&
253                             pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
254                                 wpa_printf(MSG_DEBUG, "RSN: the new PMK "
255                                            "matches with the PMKID");
256                                 abort_cached = 0;
257                         }
258                 } else {
259                         wpa_msg(sm->ctx->ctx, MSG_WARNING,
260                                 "WPA: Failed to get master session key from "
261                                 "EAPOL state machines");
262                         wpa_msg(sm->ctx->ctx, MSG_WARNING,
263                                 "WPA: Key handshake aborted");
264                         if (sm->cur_pmksa) {
265                                 wpa_printf(MSG_DEBUG, "RSN: Cancelled PMKSA "
266                                            "caching attempt");
267                                 sm->cur_pmksa = NULL;
268                                 abort_cached = 1;
269                         } else if (!abort_cached) {
270                                 return -1;
271                         }
272                 }
273         }
274
275         if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
276                 /* Send EAPOL-Start to trigger full EAP authentication. */
277                 u8 *buf;
278                 size_t buflen;
279
280                 wpa_printf(MSG_DEBUG, "RSN: no PMKSA entry found - trigger "
281                            "full EAP authentication");
282                 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
283                                          NULL, 0, &buflen, NULL);
284                 if (buf) {
285                         wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
286                                           buf, buflen);
287                         os_free(buf);
288                 }
289
290                 return -1;
291         }
292
293         return 0;
294 }
295
296
297 /**
298  * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
299  * @sm: Pointer to WPA state machine data from wpa_sm_init()
300  * @dst: Destination address for the frame
301  * @key: Pointer to the EAPOL-Key frame header
302  * @ver: Version bits from EAPOL-Key Key Info
303  * @nonce: Nonce value for the EAPOL-Key frame
304  * @wpa_ie: WPA/RSN IE
305  * @wpa_ie_len: Length of the WPA/RSN IE
306  * @ptk: PTK to use for keyed hash and encryption
307  * Returns: 0 on success, -1 on failure
308  */
309 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
310                                const struct wpa_eapol_key *key,
311                                int ver, const u8 *nonce,
312                                const u8 *wpa_ie, size_t wpa_ie_len,
313                                struct wpa_ptk *ptk)
314 {
315         size_t rlen;
316         struct wpa_eapol_key *reply;
317         u8 *rbuf;
318
319         if (wpa_ie == NULL) {
320                 wpa_printf(MSG_WARNING, "WPA: No wpa_ie set - cannot "
321                            "generate msg 2/4");
322                 return -1;
323         }
324
325         wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
326
327         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
328                                   NULL, sizeof(*reply) + wpa_ie_len,
329                                   &rlen, (void *) &reply);
330         if (rbuf == NULL)
331                 return -1;
332
333         reply->type = sm->proto == WPA_PROTO_RSN ?
334                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
335         WPA_PUT_BE16(reply->key_info,
336                      ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
337         if (sm->proto == WPA_PROTO_RSN)
338                 WPA_PUT_BE16(reply->key_length, 0);
339         else
340                 os_memcpy(reply->key_length, key->key_length, 2);
341         os_memcpy(reply->replay_counter, key->replay_counter,
342                   WPA_REPLAY_COUNTER_LEN);
343
344         WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
345         os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
346
347         os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
348
349         wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
350         wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
351                            rbuf, rlen, reply->key_mic);
352
353         return 0;
354 }
355
356
357 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
358                           const struct wpa_eapol_key *key,
359                           struct wpa_ptk *ptk)
360 {
361         size_t ptk_len = sm->pairwise_cipher == WPA_CIPHER_CCMP ? 48 : 64;
362 #ifdef CONFIG_IEEE80211R
363         if (wpa_key_mgmt_ft(sm->key_mgmt))
364                 return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
365 #endif /* CONFIG_IEEE80211R */
366
367         wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
368                        sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
369                        (u8 *) ptk, ptk_len,
370                        wpa_key_mgmt_sha256(sm->key_mgmt));
371         return 0;
372 }
373
374
375 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
376                                           const unsigned char *src_addr,
377                                           const struct wpa_eapol_key *key,
378                                           u16 ver)
379 {
380         struct wpa_eapol_ie_parse ie;
381         struct wpa_ptk *ptk;
382         u8 buf[8];
383
384         if (wpa_sm_get_network_ctx(sm) == NULL) {
385                 wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
386                            "4).");
387                 return;
388         }
389
390         wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
391         wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
392                    MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
393
394         os_memset(&ie, 0, sizeof(ie));
395
396 #ifndef CONFIG_NO_WPA2
397         if (sm->proto == WPA_PROTO_RSN) {
398                 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
399                 const u8 *_buf = (const u8 *) (key + 1);
400                 size_t len = WPA_GET_BE16(key->key_data_length);
401                 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
402                 wpa_supplicant_parse_ies(_buf, len, &ie);
403                 if (ie.pmkid) {
404                         wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
405                                     "Authenticator", ie.pmkid, PMKID_LEN);
406                 }
407         }
408 #endif /* CONFIG_NO_WPA2 */
409
410         if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
411                 goto failed;
412
413         if (sm->renew_snonce) {
414                 if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
415                         wpa_msg(sm->ctx->ctx, MSG_WARNING,
416                                 "WPA: Failed to get random data for SNonce");
417                         goto failed;
418                 }
419                 sm->renew_snonce = 0;
420                 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
421                             sm->snonce, WPA_NONCE_LEN);
422         }
423
424         /* Calculate PTK which will be stored as a temporary PTK until it has
425          * been verified when processing message 3/4. */
426         ptk = &sm->tptk;
427         wpa_derive_ptk(sm, src_addr, key, ptk);
428         /* Supplicant: swap tx/rx Mic keys */
429         os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
430         os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
431         os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
432         sm->tptk_set = 1;
433
434         if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
435                                        sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
436                                        ptk))
437                 goto failed;
438
439         os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
440         return;
441
442 failed:
443         wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
444 }
445
446
447 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
448 {
449         struct wpa_sm *sm = eloop_ctx;
450         rsn_preauth_candidate_process(sm);
451 }
452
453
454 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
455                                             const u8 *addr, int secure)
456 {
457         wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Key negotiation completed with "
458                 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
459                 wpa_cipher_txt(sm->pairwise_cipher),
460                 wpa_cipher_txt(sm->group_cipher));
461         wpa_sm_cancel_auth_timeout(sm);
462         wpa_sm_set_state(sm, WPA_COMPLETED);
463
464         if (secure) {
465                 wpa_sm_mlme_setprotection(
466                         sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
467                         MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
468                 eapol_sm_notify_portValid(sm->eapol, TRUE);
469                 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
470                         eapol_sm_notify_eap_success(sm->eapol, TRUE);
471                 /*
472                  * Start preauthentication after a short wait to avoid a
473                  * possible race condition between the data receive and key
474                  * configuration after the 4-Way Handshake. This increases the
475                  * likelyhood of the first preauth EAPOL-Start frame getting to
476                  * the target AP.
477                  */
478                 eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
479         }
480
481         if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
482                 wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted "
483                            "opportunistic PMKSA entry - marking it valid");
484                 sm->cur_pmksa->opportunistic = 0;
485         }
486
487 #ifdef CONFIG_IEEE80211R
488         if (wpa_key_mgmt_ft(sm->key_mgmt)) {
489                 /* Prepare for the next transition */
490                 wpa_ft_prepare_auth_request(sm);
491         }
492 #endif /* CONFIG_IEEE80211R */
493 }
494
495
496 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
497 {
498         struct wpa_sm *sm = eloop_ctx;
499         wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying");
500         wpa_sm_key_request(sm, 0, 1);
501 }
502
503
504 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
505                                       const struct wpa_eapol_key *key)
506 {
507         int keylen, rsclen;
508         wpa_alg alg;
509         const u8 *key_rsc;
510         u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
511
512         wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.");
513
514         switch (sm->pairwise_cipher) {
515         case WPA_CIPHER_CCMP:
516                 alg = WPA_ALG_CCMP;
517                 keylen = 16;
518                 rsclen = 6;
519                 break;
520         case WPA_CIPHER_TKIP:
521                 alg = WPA_ALG_TKIP;
522                 keylen = 32;
523                 rsclen = 6;
524                 break;
525         case WPA_CIPHER_NONE:
526                 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: "
527                            "NONE - do not use pairwise keys");
528                 return 0;
529         default:
530                 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise cipher %d",
531                            sm->pairwise_cipher);
532                 return -1;
533         }
534
535         if (sm->proto == WPA_PROTO_RSN) {
536                 key_rsc = null_rsc;
537         } else {
538                 key_rsc = key->key_rsc;
539                 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
540         }
541
542         if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
543                            (u8 *) sm->ptk.tk1, keylen) < 0) {
544                 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
545                            "driver (alg=%d keylen=%d bssid=" MACSTR ")",
546                            alg, keylen, MAC2STR(sm->bssid));
547                 return -1;
548         }
549
550         if (sm->wpa_ptk_rekey) {
551                 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
552                 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
553                                        sm, NULL);
554         }
555
556         return 0;
557 }
558
559
560 static int wpa_supplicant_check_group_cipher(int group_cipher,
561                                              int keylen, int maxkeylen,
562                                              int *key_rsc_len, wpa_alg *alg)
563 {
564         int ret = 0;
565
566         switch (group_cipher) {
567         case WPA_CIPHER_CCMP:
568                 if (keylen != 16 || maxkeylen < 16) {
569                         ret = -1;
570                         break;
571                 }
572                 *key_rsc_len = 6;
573                 *alg = WPA_ALG_CCMP;
574                 break;
575         case WPA_CIPHER_TKIP:
576                 if (keylen != 32 || maxkeylen < 32) {
577                         ret = -1;
578                         break;
579                 }
580                 *key_rsc_len = 6;
581                 *alg = WPA_ALG_TKIP;
582                 break;
583         case WPA_CIPHER_WEP104:
584                 if (keylen != 13 || maxkeylen < 13) {
585                         ret = -1;
586                         break;
587                 }
588                 *key_rsc_len = 0;
589                 *alg = WPA_ALG_WEP;
590                 break;
591         case WPA_CIPHER_WEP40:
592                 if (keylen != 5 || maxkeylen < 5) {
593                         ret = -1;
594                         break;
595                 }
596                 *key_rsc_len = 0;
597                 *alg = WPA_ALG_WEP;
598                 break;
599         default:
600                 wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
601                            group_cipher);
602                 return -1;
603         }
604
605         if (ret < 0 ) {
606                 wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key "
607                            "length %d (%d).",
608                            wpa_cipher_txt(group_cipher), keylen, maxkeylen);
609         }
610
611         return ret;
612 }
613
614
615 struct wpa_gtk_data {
616         wpa_alg alg;
617         int tx, key_rsc_len, keyidx;
618         u8 gtk[32];
619         int gtk_len;
620 };
621
622
623 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
624                                       const struct wpa_gtk_data *gd,
625                                       const u8 *key_rsc)
626 {
627         const u8 *_gtk = gd->gtk;
628         u8 gtk_buf[32];
629
630         wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
631         wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
632                    "(keyidx=%d tx=%d len=%d).", gd->keyidx, gd->tx,
633                    gd->gtk_len);
634         wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
635         if (sm->group_cipher == WPA_CIPHER_TKIP) {
636                 /* Swap Tx/Rx keys for Michael MIC */
637                 os_memcpy(gtk_buf, gd->gtk, 16);
638                 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
639                 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
640                 _gtk = gtk_buf;
641         }
642         if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
643                 if (wpa_sm_set_key(sm, gd->alg,
644                                    (u8 *) "\xff\xff\xff\xff\xff\xff",
645                                    gd->keyidx, 1, key_rsc, gd->key_rsc_len,
646                                    _gtk, gd->gtk_len) < 0) {
647                         wpa_printf(MSG_WARNING, "WPA: Failed to set "
648                                    "GTK to the driver (Group only).");
649                         return -1;
650                 }
651         } else if (wpa_sm_set_key(sm, gd->alg,
652                                   (u8 *) "\xff\xff\xff\xff\xff\xff",
653                                   gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
654                                   _gtk, gd->gtk_len) < 0) {
655                 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
656                            "the driver (alg=%d keylen=%d keyidx=%d)",
657                            gd->alg, gd->gtk_len, gd->keyidx);
658                 return -1;
659         }
660
661         return 0;
662 }
663
664
665 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
666                                                 int tx)
667 {
668         if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
669                 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
670                  * seemed to set this bit (incorrectly, since Tx is only when
671                  * doing Group Key only APs) and without this workaround, the
672                  * data connection does not work because wpa_supplicant
673                  * configured non-zero keyidx to be used for unicast. */
674                 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but pairwise "
675                            "keys are used - ignore Tx bit");
676                 return 0;
677         }
678         return tx;
679 }
680
681
682 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
683                                        const struct wpa_eapol_key *key,
684                                        const u8 *gtk, size_t gtk_len,
685                                        int key_info)
686 {
687 #ifndef CONFIG_NO_WPA2
688         struct wpa_gtk_data gd;
689
690         /*
691          * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
692          * GTK KDE format:
693          * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
694          * Reserved [bits 0-7]
695          * GTK
696          */
697
698         os_memset(&gd, 0, sizeof(gd));
699         wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
700                         gtk, gtk_len);
701
702         if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
703                 return -1;
704
705         gd.keyidx = gtk[0] & 0x3;
706         gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
707                                                      !!(gtk[0] & BIT(2)));
708         gtk += 2;
709         gtk_len -= 2;
710
711         os_memcpy(gd.gtk, gtk, gtk_len);
712         gd.gtk_len = gtk_len;
713
714         if (wpa_supplicant_check_group_cipher(sm->group_cipher,
715                                               gtk_len, gtk_len,
716                                               &gd.key_rsc_len, &gd.alg) ||
717             wpa_supplicant_install_gtk(sm, &gd, key->key_rsc)) {
718                 wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK");
719                 return -1;
720         }
721
722         wpa_supplicant_key_neg_complete(sm, sm->bssid,
723                                         key_info & WPA_KEY_INFO_SECURE);
724         return 0;
725 #else /* CONFIG_NO_WPA2 */
726         return -1;
727 #endif /* CONFIG_NO_WPA2 */
728 }
729
730
731 static int ieee80211w_set_keys(struct wpa_sm *sm,
732                                struct wpa_eapol_ie_parse *ie)
733 {
734 #ifdef CONFIG_IEEE80211W
735         if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
736                 return 0;
737
738         if (ie->igtk) {
739                 const struct wpa_igtk_kde *igtk;
740                 u16 keyidx;
741                 if (ie->igtk_len != sizeof(*igtk))
742                         return -1;
743                 igtk = (const struct wpa_igtk_kde *) ie->igtk;
744                 keyidx = WPA_GET_LE16(igtk->keyid);
745                 wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
746                            "pn %02x%02x%02x%02x%02x%02x",
747                            keyidx, MAC2STR(igtk->pn));
748                 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
749                                 igtk->igtk, WPA_IGTK_LEN);
750                 if (keyidx > 4095) {
751                         wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
752                                    keyidx);
753                         return -1;
754                 }
755                 if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
756                                    (u8 *) "\xff\xff\xff\xff\xff\xff",
757                                    keyidx, 0, igtk->pn, sizeof(igtk->pn),
758                                    igtk->igtk, WPA_IGTK_LEN) < 0) {
759                         wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
760                                    " to the driver");
761                         return -1;
762                 }
763         }
764
765         return 0;
766 #else /* CONFIG_IEEE80211W */
767         return 0;
768 #endif /* CONFIG_IEEE80211W */
769 }
770
771
772 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
773                                    const char *reason, const u8 *src_addr,
774                                    const u8 *wpa_ie, size_t wpa_ie_len,
775                                    const u8 *rsn_ie, size_t rsn_ie_len)
776 {
777         wpa_msg(sm->ctx->ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
778                 reason, MAC2STR(src_addr));
779
780         if (sm->ap_wpa_ie) {
781                 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
782                             sm->ap_wpa_ie, sm->ap_wpa_ie_len);
783         }
784         if (wpa_ie) {
785                 if (!sm->ap_wpa_ie) {
786                         wpa_printf(MSG_INFO, "WPA: No WPA IE in "
787                                    "Beacon/ProbeResp");
788                 }
789                 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
790                             wpa_ie, wpa_ie_len);
791         }
792
793         if (sm->ap_rsn_ie) {
794                 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
795                             sm->ap_rsn_ie, sm->ap_rsn_ie_len);
796         }
797         if (rsn_ie) {
798                 if (!sm->ap_rsn_ie) {
799                         wpa_printf(MSG_INFO, "WPA: No RSN IE in "
800                                    "Beacon/ProbeResp");
801                 }
802                 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
803                             rsn_ie, rsn_ie_len);
804         }
805
806         wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
807 }
808
809
810 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
811                                       const unsigned char *src_addr,
812                                       struct wpa_eapol_ie_parse *ie)
813 {
814         if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
815                 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. "
816                            "Trying to get from scan results");
817                 if (wpa_sm_get_beacon_ie(sm) < 0) {
818                         wpa_printf(MSG_WARNING, "WPA: Could not find AP from "
819                                    "the scan results");
820                 } else {
821                         wpa_printf(MSG_DEBUG, "WPA: Found the current AP from "
822                                    "updated scan results");
823                 }
824         }
825
826         if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
827             (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
828                 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
829                                        "with IE in Beacon/ProbeResp (no IE?)",
830                                        src_addr, ie->wpa_ie, ie->wpa_ie_len,
831                                        ie->rsn_ie, ie->rsn_ie_len);
832                 return -1;
833         }
834
835         if ((ie->wpa_ie && sm->ap_wpa_ie &&
836              (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
837               os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
838             (ie->rsn_ie && sm->ap_rsn_ie &&
839              (ie->rsn_ie_len != sm->ap_rsn_ie_len ||
840               os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
841                 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
842                                        "with IE in Beacon/ProbeResp",
843                                        src_addr, ie->wpa_ie, ie->wpa_ie_len,
844                                        ie->rsn_ie, ie->rsn_ie_len);
845                 return -1;
846         }
847
848         if (sm->proto == WPA_PROTO_WPA &&
849             ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
850                 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
851                                        "detected - RSN was enabled and RSN IE "
852                                        "was in msg 3/4, but not in "
853                                        "Beacon/ProbeResp",
854                                        src_addr, ie->wpa_ie, ie->wpa_ie_len,
855                                        ie->rsn_ie, ie->rsn_ie_len);
856                 return -1;
857         }
858
859 #ifdef CONFIG_IEEE80211R
860         if (wpa_key_mgmt_ft(sm->key_mgmt)) {
861                 struct rsn_mdie *mdie;
862                 /* TODO: verify that full MDIE matches with the one from scan
863                  * results, not only mobility domain */
864                 mdie = (struct rsn_mdie *) (ie->mdie + 2);
865                 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
866                     os_memcmp(mdie->mobility_domain, sm->mobility_domain,
867                               MOBILITY_DOMAIN_ID_LEN) != 0) {
868                         wpa_printf(MSG_DEBUG, "FT: MDIE in msg 3/4 did not "
869                                    "match with the current mobility domain");
870                         return -1;
871                 }
872         }
873 #endif /* CONFIG_IEEE80211R */
874
875         return 0;
876 }
877
878
879 /**
880  * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
881  * @sm: Pointer to WPA state machine data from wpa_sm_init()
882  * @dst: Destination address for the frame
883  * @key: Pointer to the EAPOL-Key frame header
884  * @ver: Version bits from EAPOL-Key Key Info
885  * @key_info: Key Info
886  * @kde: KDEs to include the EAPOL-Key frame
887  * @kde_len: Length of KDEs
888  * @ptk: PTK to use for keyed hash and encryption
889  * Returns: 0 on success, -1 on failure
890  */
891 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
892                                const struct wpa_eapol_key *key,
893                                u16 ver, u16 key_info,
894                                const u8 *kde, size_t kde_len,
895                                struct wpa_ptk *ptk)
896 {
897         size_t rlen;
898         struct wpa_eapol_key *reply;
899         u8 *rbuf;
900
901         if (kde)
902                 wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
903
904         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
905                                   sizeof(*reply) + kde_len,
906                                   &rlen, (void *) &reply);
907         if (rbuf == NULL)
908                 return -1;
909
910         reply->type = sm->proto == WPA_PROTO_RSN ?
911                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
912         key_info &= WPA_KEY_INFO_SECURE;
913         key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
914         WPA_PUT_BE16(reply->key_info, key_info);
915         if (sm->proto == WPA_PROTO_RSN)
916                 WPA_PUT_BE16(reply->key_length, 0);
917         else
918                 os_memcpy(reply->key_length, key->key_length, 2);
919         os_memcpy(reply->replay_counter, key->replay_counter,
920                   WPA_REPLAY_COUNTER_LEN);
921
922         WPA_PUT_BE16(reply->key_data_length, kde_len);
923         if (kde)
924                 os_memcpy(reply + 1, kde, kde_len);
925
926         wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
927         wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
928                            rbuf, rlen, reply->key_mic);
929
930         return 0;
931 }
932
933
934 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
935                                           const struct wpa_eapol_key *key,
936                                           u16 ver)
937 {
938         u16 key_info, keylen, len;
939         const u8 *pos;
940         struct wpa_eapol_ie_parse ie;
941
942         wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
943         wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
944                    MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
945
946         key_info = WPA_GET_BE16(key->key_info);
947
948         pos = (const u8 *) (key + 1);
949         len = WPA_GET_BE16(key->key_data_length);
950         wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
951         wpa_supplicant_parse_ies(pos, len, &ie);
952         if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
953                 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
954                 goto failed;
955         }
956 #ifdef CONFIG_IEEE80211W
957         if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
958                 wpa_printf(MSG_WARNING, "WPA: IGTK KDE in unencrypted key "
959                            "data");
960                 goto failed;
961         }
962
963         if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
964                 wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
965                            (unsigned long) ie.igtk_len);
966                 goto failed;
967         }
968 #endif /* CONFIG_IEEE80211W */
969
970         if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
971                 goto failed;
972
973         if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
974                 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
975                            "Handshake differs from 3 of 4-Way Handshake - drop"
976                            " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
977                 goto failed;
978         }
979
980         keylen = WPA_GET_BE16(key->key_length);
981         switch (sm->pairwise_cipher) {
982         case WPA_CIPHER_CCMP:
983                 if (keylen != 16) {
984                         wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
985                                    "%d (src=" MACSTR ")",
986                                    keylen, MAC2STR(sm->bssid));
987                         goto failed;
988                 }
989                 break;
990         case WPA_CIPHER_TKIP:
991                 if (keylen != 32) {
992                         wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
993                                    "%d (src=" MACSTR ")",
994                                    keylen, MAC2STR(sm->bssid));
995                         goto failed;
996                 }
997                 break;
998         }
999
1000         if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1001                                        NULL, 0, &sm->ptk)) {
1002                 goto failed;
1003         }
1004
1005         /* SNonce was successfully used in msg 3/4, so mark it to be renewed
1006          * for the next 4-Way Handshake. If msg 3 is received again, the old
1007          * SNonce will still be used to avoid changing PTK. */
1008         sm->renew_snonce = 1;
1009
1010         if (key_info & WPA_KEY_INFO_INSTALL) {
1011                 if (wpa_supplicant_install_ptk(sm, key))
1012                         goto failed;
1013         }
1014
1015         if (key_info & WPA_KEY_INFO_SECURE) {
1016                 wpa_sm_mlme_setprotection(
1017                         sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1018                         MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1019                 eapol_sm_notify_portValid(sm->eapol, TRUE);
1020         }
1021         wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1022
1023         if (ie.gtk &&
1024             wpa_supplicant_pairwise_gtk(sm, key,
1025                                         ie.gtk, ie.gtk_len, key_info) < 0) {
1026                 wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
1027                 goto failed;
1028         }
1029
1030         if (ieee80211w_set_keys(sm, &ie) < 0) {
1031                 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK");
1032                 goto failed;
1033         }
1034
1035         return;
1036
1037 failed:
1038         wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1039 }
1040
1041
1042 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1043                                              const u8 *keydata,
1044                                              size_t keydatalen,
1045                                              u16 key_info,
1046                                              struct wpa_gtk_data *gd)
1047 {
1048         int maxkeylen;
1049         struct wpa_eapol_ie_parse ie;
1050
1051         wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1052         wpa_supplicant_parse_ies(keydata, keydatalen, &ie);
1053         if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1054                 wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
1055                 return -1;
1056         }
1057         if (ie.gtk == NULL) {
1058                 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2");
1059                 return -1;
1060         }
1061         maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1062
1063         if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1064                                               gd->gtk_len, maxkeylen,
1065                                               &gd->key_rsc_len, &gd->alg))
1066                 return -1;
1067
1068         wpa_hexdump(MSG_DEBUG, "RSN: received GTK in group key handshake",
1069                     ie.gtk, ie.gtk_len);
1070         gd->keyidx = ie.gtk[0] & 0x3;
1071         gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1072                                                       !!(ie.gtk[0] & BIT(2)));
1073         if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1074                 wpa_printf(MSG_INFO, "RSN: Too long GTK in GTK IE "
1075                            "(len=%lu)", (unsigned long) ie.gtk_len - 2);
1076                 return -1;
1077         }
1078         os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1079
1080         if (ieee80211w_set_keys(sm, &ie) < 0)
1081                 wpa_printf(MSG_INFO, "RSN: Failed to configure IGTK");
1082
1083         return 0;
1084 }
1085
1086
1087 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1088                                              const struct wpa_eapol_key *key,
1089                                              size_t keydatalen, int key_info,
1090                                              size_t extra_len, u16 ver,
1091                                              struct wpa_gtk_data *gd)
1092 {
1093         size_t maxkeylen;
1094         u8 ek[32];
1095
1096         gd->gtk_len = WPA_GET_BE16(key->key_length);
1097         maxkeylen = keydatalen;
1098         if (keydatalen > extra_len) {
1099                 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:"
1100                            " key_data_length=%lu > extra_len=%lu",
1101                            (unsigned long) keydatalen,
1102                            (unsigned long) extra_len);
1103                 return -1;
1104         }
1105         if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1106                 if (maxkeylen < 8) {
1107                         wpa_printf(MSG_INFO, "WPA: Too short maxkeylen (%lu)",
1108                                    (unsigned long) maxkeylen);
1109                         return -1;
1110                 }
1111                 maxkeylen -= 8;
1112         }
1113
1114         if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1115                                               gd->gtk_len, maxkeylen,
1116                                               &gd->key_rsc_len, &gd->alg))
1117                 return -1;
1118
1119         gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1120                 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1121         if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1122                 os_memcpy(ek, key->key_iv, 16);
1123                 os_memcpy(ek + 16, sm->ptk.kek, 16);
1124                 if (keydatalen > sizeof(gd->gtk)) {
1125                         wpa_printf(MSG_WARNING, "WPA: RC4 key data "
1126                                    "too long (%lu)",
1127                                    (unsigned long) keydatalen);
1128                         return -1;
1129                 }
1130                 os_memcpy(gd->gtk, key + 1, keydatalen);
1131                 rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
1132         } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1133                 if (keydatalen % 8) {
1134                         wpa_printf(MSG_WARNING, "WPA: Unsupported AES-WRAP "
1135                                    "len %lu", (unsigned long) keydatalen);
1136                         return -1;
1137                 }
1138                 if (maxkeylen > sizeof(gd->gtk)) {
1139                         wpa_printf(MSG_WARNING, "WPA: AES-WRAP key data "
1140                                    "too long (keydatalen=%lu maxkeylen=%lu)",
1141                                    (unsigned long) keydatalen,
1142                                    (unsigned long) maxkeylen);
1143                         return -1;
1144                 }
1145                 if (aes_unwrap(sm->ptk.kek, maxkeylen / 8,
1146                                (const u8 *) (key + 1), gd->gtk)) {
1147                         wpa_printf(MSG_WARNING, "WPA: AES unwrap "
1148                                    "failed - could not decrypt GTK");
1149                         return -1;
1150                 }
1151         } else {
1152                 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d",
1153                            ver);
1154                 return -1;
1155         }
1156         gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1157                 sm, !!(key_info & WPA_KEY_INFO_TXRX));
1158         return 0;
1159 }
1160
1161
1162 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1163                                       const struct wpa_eapol_key *key,
1164                                       int ver, u16 key_info)
1165 {
1166         size_t rlen;
1167         struct wpa_eapol_key *reply;
1168         u8 *rbuf;
1169
1170         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1171                                   sizeof(*reply), &rlen, (void *) &reply);
1172         if (rbuf == NULL)
1173                 return -1;
1174
1175         reply->type = sm->proto == WPA_PROTO_RSN ?
1176                 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1177         key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1178         key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1179         WPA_PUT_BE16(reply->key_info, key_info);
1180         if (sm->proto == WPA_PROTO_RSN)
1181                 WPA_PUT_BE16(reply->key_length, 0);
1182         else
1183                 os_memcpy(reply->key_length, key->key_length, 2);
1184         os_memcpy(reply->replay_counter, key->replay_counter,
1185                   WPA_REPLAY_COUNTER_LEN);
1186
1187         WPA_PUT_BE16(reply->key_data_length, 0);
1188
1189         wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1190         wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
1191                            rbuf, rlen, reply->key_mic);
1192
1193         return 0;
1194 }
1195
1196
1197 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1198                                           const unsigned char *src_addr,
1199                                           const struct wpa_eapol_key *key,
1200                                           int extra_len, u16 ver)
1201 {
1202         u16 key_info, keydatalen;
1203         int rekey, ret;
1204         struct wpa_gtk_data gd;
1205
1206         os_memset(&gd, 0, sizeof(gd));
1207
1208         rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1209         wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
1210                    MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1211
1212         key_info = WPA_GET_BE16(key->key_info);
1213         keydatalen = WPA_GET_BE16(key->key_data_length);
1214
1215         if (sm->proto == WPA_PROTO_RSN) {
1216                 ret = wpa_supplicant_process_1_of_2_rsn(sm,
1217                                                         (const u8 *) (key + 1),
1218                                                         keydatalen, key_info,
1219                                                         &gd);
1220         } else {
1221                 ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
1222                                                         key_info, extra_len,
1223                                                         ver, &gd);
1224         }
1225
1226         wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1227
1228         if (ret)
1229                 goto failed;
1230
1231         if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
1232             wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
1233                 goto failed;
1234
1235         if (rekey) {
1236                 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
1237                         "completed with " MACSTR " [GTK=%s]",
1238                         MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1239                 wpa_sm_cancel_auth_timeout(sm);
1240                 wpa_sm_set_state(sm, WPA_COMPLETED);
1241         } else {
1242                 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1243                                                 key_info &
1244                                                 WPA_KEY_INFO_SECURE);
1245         }
1246         return;
1247
1248 failed:
1249         wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1250 }
1251
1252
1253 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1254                                                struct wpa_eapol_key *key,
1255                                                u16 ver,
1256                                                const u8 *buf, size_t len)
1257 {
1258         u8 mic[16];
1259         int ok = 0;
1260
1261         os_memcpy(mic, key->key_mic, 16);
1262         if (sm->tptk_set) {
1263                 os_memset(key->key_mic, 0, 16);
1264                 wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
1265                                   key->key_mic);
1266                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1267                         wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
1268                                    "when using TPTK - ignoring TPTK");
1269                 } else {
1270                         ok = 1;
1271                         sm->tptk_set = 0;
1272                         sm->ptk_set = 1;
1273                         os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1274                 }
1275         }
1276
1277         if (!ok && sm->ptk_set) {
1278                 os_memset(key->key_mic, 0, 16);
1279                 wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
1280                                   key->key_mic);
1281                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
1282                         wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
1283                                    "- dropping packet");
1284                         return -1;
1285                 }
1286                 ok = 1;
1287         }
1288
1289         if (!ok) {
1290                 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC "
1291                            "- dropping packet");
1292                 return -1;
1293         }
1294
1295         os_memcpy(sm->rx_replay_counter, key->replay_counter,
1296                   WPA_REPLAY_COUNTER_LEN);
1297         sm->rx_replay_counter_set = 1;
1298         return 0;
1299 }
1300
1301
1302 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
1303 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1304                                            struct wpa_eapol_key *key, u16 ver)
1305 {
1306         u16 keydatalen = WPA_GET_BE16(key->key_data_length);
1307
1308         wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1309                     (u8 *) (key + 1), keydatalen);
1310         if (!sm->ptk_set) {
1311                 wpa_printf(MSG_WARNING, "WPA: PTK not available, "
1312                            "cannot decrypt EAPOL-Key key data.");
1313                 return -1;
1314         }
1315
1316         /* Decrypt key data here so that this operation does not need
1317          * to be implemented separately for each message type. */
1318         if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
1319                 u8 ek[32];
1320                 os_memcpy(ek, key->key_iv, 16);
1321                 os_memcpy(ek + 16, sm->ptk.kek, 16);
1322                 rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
1323         } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1324                    ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1325                 u8 *buf;
1326                 if (keydatalen % 8) {
1327                         wpa_printf(MSG_WARNING, "WPA: Unsupported "
1328                                    "AES-WRAP len %d", keydatalen);
1329                         return -1;
1330                 }
1331                 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
1332                 buf = os_malloc(keydatalen);
1333                 if (buf == NULL) {
1334                         wpa_printf(MSG_WARNING, "WPA: No memory for "
1335                                    "AES-UNWRAP buffer");
1336                         return -1;
1337                 }
1338                 if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
1339                                (u8 *) (key + 1), buf)) {
1340                         os_free(buf);
1341                         wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
1342                                    "could not decrypt EAPOL-Key key data");
1343                         return -1;
1344                 }
1345                 os_memcpy(key + 1, buf, keydatalen);
1346                 os_free(buf);
1347                 WPA_PUT_BE16(key->key_data_length, keydatalen);
1348         } else {
1349                 wpa_printf(MSG_WARNING, "WPA: Unsupported key_info type %d",
1350                            ver);
1351                 return -1;
1352         }
1353         wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1354                         (u8 *) (key + 1), keydatalen);
1355         return 0;
1356 }
1357
1358
1359 /**
1360  * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1361  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1362  */
1363 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1364 {
1365         if (sm && sm->cur_pmksa) {
1366                 wpa_printf(MSG_DEBUG, "RSN: Cancelling PMKSA caching attempt");
1367                 sm->cur_pmksa = NULL;
1368         }
1369 }
1370
1371
1372 static void wpa_eapol_key_dump(const struct wpa_eapol_key *key)
1373 {
1374 #ifndef CONFIG_NO_STDOUT_DEBUG
1375         u16 key_info = WPA_GET_BE16(key->key_info);
1376
1377         wpa_printf(MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1378         wpa_printf(MSG_DEBUG, "  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
1379                    "%s%s%s%s%s%s%s)",
1380                    key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1381                    (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1382                    WPA_KEY_INFO_KEY_INDEX_SHIFT,
1383                    (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1384                    key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1385                    key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1386                    key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1387                    key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1388                    key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1389                    key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1390                    key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1391                    key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1392         wpa_printf(MSG_DEBUG, "  key_length=%u key_data_length=%u",
1393                    WPA_GET_BE16(key->key_length),
1394                    WPA_GET_BE16(key->key_data_length));
1395         wpa_hexdump(MSG_DEBUG, "  replay_counter",
1396                     key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1397         wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1398         wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1399         wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1400         wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1401         wpa_hexdump(MSG_DEBUG, "  key_mic", key->key_mic, 16);
1402 #endif /* CONFIG_NO_STDOUT_DEBUG */
1403 }
1404
1405
1406 /**
1407  * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1408  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1409  * @src_addr: Source MAC address of the EAPOL packet
1410  * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1411  * @len: Length of the EAPOL frame
1412  * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1413  *
1414  * This function is called for each received EAPOL frame. Other than EAPOL-Key
1415  * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1416  * only processing WPA and WPA2 EAPOL-Key frames.
1417  *
1418  * The received EAPOL-Key packets are validated and valid packets are replied
1419  * to. In addition, key material (PTK, GTK) is configured at the end of a
1420  * successful key handshake.
1421  */
1422 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1423                     const u8 *buf, size_t len)
1424 {
1425         size_t plen, data_len, extra_len;
1426         struct ieee802_1x_hdr *hdr;
1427         struct wpa_eapol_key *key;
1428         u16 key_info, ver;
1429         u8 *tmp;
1430         int ret = -1;
1431         struct wpa_peerkey *peerkey = NULL;
1432
1433 #ifdef CONFIG_IEEE80211R
1434         sm->ft_completed = 0;
1435 #endif /* CONFIG_IEEE80211R */
1436
1437         if (len < sizeof(*hdr) + sizeof(*key)) {
1438                 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
1439                            "EAPOL-Key (len %lu, expecting at least %lu)",
1440                            (unsigned long) len,
1441                            (unsigned long) sizeof(*hdr) + sizeof(*key));
1442                 return 0;
1443         }
1444
1445         tmp = os_malloc(len);
1446         if (tmp == NULL)
1447                 return -1;
1448         os_memcpy(tmp, buf, len);
1449
1450         hdr = (struct ieee802_1x_hdr *) tmp;
1451         key = (struct wpa_eapol_key *) (hdr + 1);
1452         plen = be_to_host16(hdr->length);
1453         data_len = plen + sizeof(*hdr);
1454         wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%lu",
1455                    hdr->version, hdr->type, (unsigned long) plen);
1456
1457         if (hdr->version < EAPOL_VERSION) {
1458                 /* TODO: backwards compatibility */
1459         }
1460         if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1461                 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, "
1462                         "not a Key frame", hdr->type);
1463                 ret = 0;
1464                 goto out;
1465         }
1466         if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
1467                 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
1468                            "invalid (frame size %lu)",
1469                            (unsigned long) plen, (unsigned long) len);
1470                 ret = 0;
1471                 goto out;
1472         }
1473
1474         if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1475         {
1476                 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, "
1477                            "discarded", key->type);
1478                 ret = 0;
1479                 goto out;
1480         }
1481         wpa_eapol_key_dump(key);
1482
1483         eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1484         wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
1485         if (data_len < len) {
1486                 wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
1487                            "802.1X data", (unsigned long) len - data_len);
1488         }
1489         key_info = WPA_GET_BE16(key->key_info);
1490         ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1491         if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1492 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1493             ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1494 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1495             ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1496                 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
1497                            "version %d.", ver);
1498                 goto out;
1499         }
1500
1501 #ifdef CONFIG_IEEE80211R
1502         if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1503                 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1504                 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1505                         wpa_printf(MSG_INFO, "FT: AP did not use "
1506                                    "AES-128-CMAC.");
1507                         goto out;
1508                 }
1509         } else
1510 #endif /* CONFIG_IEEE80211R */
1511 #ifdef CONFIG_IEEE80211W
1512         if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1513                 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1514                         wpa_printf(MSG_INFO, "WPA: AP did not use the "
1515                                    "negotiated AES-128-CMAC.");
1516                         goto out;
1517                 }
1518         } else
1519 #endif /* CONFIG_IEEE80211W */
1520         if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1521             ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1522                 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "
1523                            "descriptor version (%d) is not 2.", ver);
1524                 if (sm->group_cipher != WPA_CIPHER_CCMP &&
1525                     !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1526                         /* Earlier versions of IEEE 802.11i did not explicitly
1527                          * require version 2 descriptor for all EAPOL-Key
1528                          * packets, so allow group keys to use version 1 if
1529                          * CCMP is not used for them. */
1530                         wpa_printf(MSG_INFO, "WPA: Backwards compatibility: "
1531                                    "allow invalid version for non-CCMP group "
1532                                    "keys");
1533                 } else
1534                         goto out;
1535         }
1536
1537 #ifdef CONFIG_PEERKEY
1538         for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1539                 if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1540                         break;
1541         }
1542
1543         if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1544                 if (!peerkey->initiator && peerkey->replay_counter_set &&
1545                     os_memcmp(key->replay_counter, peerkey->replay_counter,
1546                               WPA_REPLAY_COUNTER_LEN) <= 0) {
1547                         wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
1548                                    "Counter did not increase (STK) - dropping "
1549                                    "packet");
1550                         goto out;
1551                 } else if (peerkey->initiator) {
1552                         u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1553                         os_memcpy(_tmp, key->replay_counter,
1554                                   WPA_REPLAY_COUNTER_LEN);
1555                         inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1556                         if (os_memcmp(_tmp, peerkey->replay_counter,
1557                                       WPA_REPLAY_COUNTER_LEN) != 0) {
1558                                 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
1559                                            "Counter did not match (STK) - "
1560                                            "dropping packet");
1561                                 goto out;
1562                         }
1563                 }
1564         }
1565
1566         if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1567                 wpa_printf(MSG_INFO, "RSN: Ack bit in key_info from STK peer");
1568                 goto out;
1569         }
1570 #endif /* CONFIG_PEERKEY */
1571
1572         if (!peerkey && sm->rx_replay_counter_set &&
1573             os_memcmp(key->replay_counter, sm->rx_replay_counter,
1574                       WPA_REPLAY_COUNTER_LEN) <= 0) {
1575                 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not"
1576                            " increase - dropping packet");
1577                 goto out;
1578         }
1579
1580         if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1581 #ifdef CONFIG_PEERKEY
1582             && (peerkey == NULL || !peerkey->initiator)
1583 #endif /* CONFIG_PEERKEY */
1584                 ) {
1585                 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info");
1586                 goto out;
1587         }
1588
1589         if (key_info & WPA_KEY_INFO_REQUEST) {
1590                 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - "
1591                            "dropped");
1592                 goto out;
1593         }
1594
1595         if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
1596             wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
1597                 goto out;
1598
1599 #ifdef CONFIG_PEERKEY
1600         if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
1601             peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp, data_len))
1602                 goto out;
1603 #endif /* CONFIG_PEERKEY */
1604
1605         extra_len = data_len - sizeof(*hdr) - sizeof(*key);
1606
1607         if (WPA_GET_BE16(key->key_data_length) > extra_len) {
1608                 wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1609                         "frame - key_data overflow (%d > %lu)",
1610                         WPA_GET_BE16(key->key_data_length),
1611                         (unsigned long) extra_len);
1612                 goto out;
1613         }
1614         extra_len = WPA_GET_BE16(key->key_data_length);
1615
1616         if (sm->proto == WPA_PROTO_RSN &&
1617             (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1618                 if (wpa_supplicant_decrypt_key_data(sm, key, ver))
1619                         goto out;
1620                 extra_len = WPA_GET_BE16(key->key_data_length);
1621         }
1622
1623         if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1624                 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
1625                         wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key "
1626                                    "(Pairwise) with non-zero key index");
1627                         goto out;
1628                 }
1629                 if (peerkey) {
1630                         /* PeerKey 4-Way Handshake */
1631                         peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
1632                 } else if (key_info & WPA_KEY_INFO_MIC) {
1633                         /* 3/4 4-Way Handshake */
1634                         wpa_supplicant_process_3_of_4(sm, key, ver);
1635                 } else {
1636                         /* 1/4 4-Way Handshake */
1637                         wpa_supplicant_process_1_of_4(sm, src_addr, key,
1638                                                       ver);
1639                 }
1640         } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
1641                 /* PeerKey SMK Handshake */
1642                 peerkey_rx_eapol_smk(sm, src_addr, key, extra_len, key_info,
1643                                      ver);
1644         } else {
1645                 if (key_info & WPA_KEY_INFO_MIC) {
1646                         /* 1/2 Group Key Handshake */
1647                         wpa_supplicant_process_1_of_2(sm, src_addr, key,
1648                                                       extra_len, ver);
1649                 } else {
1650                         wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) "
1651                                    "without Mic bit - dropped");
1652                 }
1653         }
1654
1655         ret = 1;
1656
1657 out:
1658         os_free(tmp);
1659         return ret;
1660 }
1661
1662
1663 #ifdef CONFIG_CTRL_IFACE
1664 static int wpa_cipher_bits(int cipher)
1665 {
1666         switch (cipher) {
1667         case WPA_CIPHER_CCMP:
1668                 return 128;
1669         case WPA_CIPHER_TKIP:
1670                 return 256;
1671         case WPA_CIPHER_WEP104:
1672                 return 104;
1673         case WPA_CIPHER_WEP40:
1674                 return 40;
1675         default:
1676                 return 0;
1677         }
1678 }
1679
1680
1681 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
1682 {
1683         switch (sm->key_mgmt) {
1684         case WPA_KEY_MGMT_IEEE8021X:
1685                 return (sm->proto == WPA_PROTO_RSN ?
1686                         RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
1687                         WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
1688         case WPA_KEY_MGMT_PSK:
1689                 return (sm->proto == WPA_PROTO_RSN ?
1690                         RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
1691                         WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
1692 #ifdef CONFIG_IEEE80211R
1693         case WPA_KEY_MGMT_FT_IEEE8021X:
1694                 return RSN_AUTH_KEY_MGMT_FT_802_1X;
1695         case WPA_KEY_MGMT_FT_PSK:
1696                 return RSN_AUTH_KEY_MGMT_FT_PSK;
1697 #endif /* CONFIG_IEEE80211R */
1698 #ifdef CONFIG_IEEE80211W
1699         case WPA_KEY_MGMT_IEEE8021X_SHA256:
1700                 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
1701         case WPA_KEY_MGMT_PSK_SHA256:
1702                 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
1703 #endif /* CONFIG_IEEE80211W */
1704         case WPA_KEY_MGMT_WPA_NONE:
1705                 return WPA_AUTH_KEY_MGMT_NONE;
1706         default:
1707                 return 0;
1708         }
1709 }
1710
1711
1712 static u32 wpa_cipher_suite(struct wpa_sm *sm, int cipher)
1713 {
1714         switch (cipher) {
1715         case WPA_CIPHER_CCMP:
1716                 return (sm->proto == WPA_PROTO_RSN ?
1717                         RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
1718         case WPA_CIPHER_TKIP:
1719                 return (sm->proto == WPA_PROTO_RSN ?
1720                         RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
1721         case WPA_CIPHER_WEP104:
1722                 return (sm->proto == WPA_PROTO_RSN ?
1723                         RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
1724         case WPA_CIPHER_WEP40:
1725                 return (sm->proto == WPA_PROTO_RSN ?
1726                         RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
1727         case WPA_CIPHER_NONE:
1728                 return (sm->proto == WPA_PROTO_RSN ?
1729                         RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
1730         default:
1731                 return 0;
1732         }
1733 }
1734
1735
1736 #define RSN_SUITE "%02x-%02x-%02x-%d"
1737 #define RSN_SUITE_ARG(s) \
1738 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
1739
1740 /**
1741  * wpa_sm_get_mib - Dump text list of MIB entries
1742  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1743  * @buf: Buffer for the list
1744  * @buflen: Length of the buffer
1745  * Returns: Number of bytes written to buffer
1746  *
1747  * This function is used fetch dot11 MIB variables.
1748  */
1749 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
1750 {
1751         char pmkid_txt[PMKID_LEN * 2 + 1];
1752         int rsna, ret;
1753         size_t len;
1754
1755         if (sm->cur_pmksa) {
1756                 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
1757                                  sm->cur_pmksa->pmkid, PMKID_LEN);
1758         } else
1759                 pmkid_txt[0] = '\0';
1760
1761         if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1762              wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1763             sm->proto == WPA_PROTO_RSN)
1764                 rsna = 1;
1765         else
1766                 rsna = 0;
1767
1768         ret = os_snprintf(buf, buflen,
1769                           "dot11RSNAOptionImplemented=TRUE\n"
1770                           "dot11RSNAPreauthenticationImplemented=TRUE\n"
1771                           "dot11RSNAEnabled=%s\n"
1772                           "dot11RSNAPreauthenticationEnabled=%s\n"
1773                           "dot11RSNAConfigVersion=%d\n"
1774                           "dot11RSNAConfigPairwiseKeysSupported=5\n"
1775                           "dot11RSNAConfigGroupCipherSize=%d\n"
1776                           "dot11RSNAConfigPMKLifetime=%d\n"
1777                           "dot11RSNAConfigPMKReauthThreshold=%d\n"
1778                           "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
1779                           "dot11RSNAConfigSATimeout=%d\n",
1780                           rsna ? "TRUE" : "FALSE",
1781                           rsna ? "TRUE" : "FALSE",
1782                           RSN_VERSION,
1783                           wpa_cipher_bits(sm->group_cipher),
1784                           sm->dot11RSNAConfigPMKLifetime,
1785                           sm->dot11RSNAConfigPMKReauthThreshold,
1786                           sm->dot11RSNAConfigSATimeout);
1787         if (ret < 0 || (size_t) ret >= buflen)
1788                 return 0;
1789         len = ret;
1790
1791         ret = os_snprintf(
1792                 buf + len, buflen - len,
1793                 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
1794                 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
1795                 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
1796                 "dot11RSNAPMKIDUsed=%s\n"
1797                 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
1798                 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
1799                 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
1800                 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
1801                 "dot11RSNA4WayHandshakeFailures=%u\n",
1802                 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1803                 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
1804                 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
1805                 pmkid_txt,
1806                 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
1807                 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
1808                 RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
1809                 sm->dot11RSNA4WayHandshakeFailures);
1810         if (ret >= 0 && (size_t) ret < buflen)
1811                 len += ret;
1812
1813         return (int) len;
1814 }
1815 #endif /* CONFIG_CTRL_IFACE */
1816
1817
1818 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
1819                                  void *ctx, int replace)
1820 {
1821         struct wpa_sm *sm = ctx;
1822
1823         if (sm->cur_pmksa == entry ||
1824             (sm->pmk_len == entry->pmk_len &&
1825              os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
1826                 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
1827                 sm->cur_pmksa = NULL;
1828
1829                 if (replace) {
1830                         /* A new entry is being added, so no need to
1831                          * deauthenticate in this case. This happens when EAP
1832                          * authentication is completed again (reauth or failed
1833                          * PMKSA caching attempt). */
1834                         return;
1835                 }
1836
1837                 os_memset(sm->pmk, 0, sizeof(sm->pmk));
1838                 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1839         }
1840 }
1841
1842
1843 /**
1844  * wpa_sm_init - Initialize WPA state machine
1845  * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
1846  * Returns: Pointer to the allocated WPA state machine data
1847  *
1848  * This function is used to allocate a new WPA state machine and the returned
1849  * value is passed to all WPA state machine calls.
1850  */
1851 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
1852 {
1853         struct wpa_sm *sm;
1854
1855         sm = os_zalloc(sizeof(*sm));
1856         if (sm == NULL)
1857                 return NULL;
1858         sm->renew_snonce = 1;
1859         sm->ctx = ctx;
1860
1861         sm->dot11RSNAConfigPMKLifetime = 43200;
1862         sm->dot11RSNAConfigPMKReauthThreshold = 70;
1863         sm->dot11RSNAConfigSATimeout = 60;
1864
1865         sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
1866         if (sm->pmksa == NULL) {
1867                 wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization "
1868                            "failed");
1869                 os_free(sm);
1870                 return NULL;
1871         }
1872
1873         return sm;
1874 }
1875
1876
1877 /**
1878  * wpa_sm_deinit - Deinitialize WPA state machine
1879  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1880  */
1881 void wpa_sm_deinit(struct wpa_sm *sm)
1882 {
1883         if (sm == NULL)
1884                 return;
1885         pmksa_cache_deinit(sm->pmksa);
1886         eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
1887         eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
1888         os_free(sm->assoc_wpa_ie);
1889         os_free(sm->ap_wpa_ie);
1890         os_free(sm->ap_rsn_ie);
1891         os_free(sm->ctx);
1892         peerkey_deinit(sm);
1893         os_free(sm);
1894 }
1895
1896
1897 /**
1898  * wpa_sm_notify_assoc - Notify WPA state machine about association
1899  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1900  * @bssid: The BSSID of the new association
1901  *
1902  * This function is called to let WPA state machine know that the connection
1903  * was established.
1904  */
1905 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
1906 {
1907         int clear_ptk = 1;
1908
1909         if (sm == NULL)
1910                 return;
1911
1912         wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
1913         os_memcpy(sm->bssid, bssid, ETH_ALEN);
1914         os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
1915         sm->rx_replay_counter_set = 0;
1916         sm->renew_snonce = 1;
1917         if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
1918                 rsn_preauth_deinit(sm);
1919
1920 #ifdef CONFIG_IEEE80211R
1921         if (wpa_ft_is_completed(sm)) {
1922                 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
1923
1924                 /* Prepare for the next transition */
1925                 wpa_ft_prepare_auth_request(sm);
1926
1927                 clear_ptk = 0;
1928         }
1929 #endif /* CONFIG_IEEE80211R */
1930
1931         if (clear_ptk) {
1932                 /*
1933                  * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
1934                  * this is not part of a Fast BSS Transition.
1935                  */
1936                 wpa_printf(MSG_DEBUG, "WPA: Clear old PTK");
1937                 sm->ptk_set = 0;
1938                 sm->tptk_set = 0;
1939         }
1940 }
1941
1942
1943 /**
1944  * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
1945  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1946  *
1947  * This function is called to let WPA state machine know that the connection
1948  * was lost. This will abort any existing pre-authentication session.
1949  */
1950 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
1951 {
1952         rsn_preauth_deinit(sm);
1953         if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
1954                 sm->dot11RSNA4WayHandshakeFailures++;
1955 }
1956
1957
1958 /**
1959  * wpa_sm_set_pmk - Set PMK
1960  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1961  * @pmk: The new PMK
1962  * @pmk_len: The length of the new PMK in bytes
1963  *
1964  * Configure the PMK for WPA state machine.
1965  */
1966 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
1967 {
1968         if (sm == NULL)
1969                 return;
1970
1971         sm->pmk_len = pmk_len;
1972         os_memcpy(sm->pmk, pmk, pmk_len);
1973
1974 #ifdef CONFIG_IEEE80211R
1975         /* Set XXKey to be PSK for FT key derivation */
1976         sm->xxkey_len = pmk_len;
1977         os_memcpy(sm->xxkey, pmk, pmk_len);
1978 #endif /* CONFIG_IEEE80211R */
1979 }
1980
1981
1982 /**
1983  * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
1984  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1985  *
1986  * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
1987  * will be cleared.
1988  */
1989 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
1990 {
1991         if (sm == NULL)
1992                 return;
1993
1994         if (sm->cur_pmksa) {
1995                 sm->pmk_len = sm->cur_pmksa->pmk_len;
1996                 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
1997         } else {
1998                 sm->pmk_len = PMK_LEN;
1999                 os_memset(sm->pmk, 0, PMK_LEN);
2000         }
2001 }
2002
2003
2004 /**
2005  * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2006  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2007  * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2008  */
2009 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2010 {
2011         if (sm)
2012                 sm->fast_reauth = fast_reauth;
2013 }
2014
2015
2016 /**
2017  * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2018  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2019  * @scard_ctx: Context pointer for smartcard related callback functions
2020  */
2021 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2022 {
2023         if (sm == NULL)
2024                 return;
2025         sm->scard_ctx = scard_ctx;
2026         if (sm->preauth_eapol)
2027                 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2028 }
2029
2030
2031 /**
2032  * wpa_sm_set_config - Notification of current configration change
2033  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2034  * @config: Pointer to current network configuration
2035  *
2036  * Notify WPA state machine that configuration has changed. config will be
2037  * stored as a backpointer to network configuration. This can be %NULL to clear
2038  * the stored pointed.
2039  */
2040 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2041 {
2042         if (!sm)
2043                 return;
2044
2045         if (config) {
2046                 sm->network_ctx = config->network_ctx;
2047                 sm->peerkey_enabled = config->peerkey_enabled;
2048                 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2049                 sm->proactive_key_caching = config->proactive_key_caching;
2050                 sm->eap_workaround = config->eap_workaround;
2051                 sm->eap_conf_ctx = config->eap_conf_ctx;
2052                 if (config->ssid) {
2053                         os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2054                         sm->ssid_len = config->ssid_len;
2055                 } else
2056                         sm->ssid_len = 0;
2057                 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2058         } else {
2059                 sm->network_ctx = NULL;
2060                 sm->peerkey_enabled = 0;
2061                 sm->allowed_pairwise_cipher = 0;
2062                 sm->proactive_key_caching = 0;
2063                 sm->eap_workaround = 0;
2064                 sm->eap_conf_ctx = NULL;
2065                 sm->ssid_len = 0;
2066                 sm->wpa_ptk_rekey = 0;
2067         }
2068         if (config == NULL || config->network_ctx != sm->network_ctx)
2069                 pmksa_cache_notify_reconfig(sm->pmksa);
2070 }
2071
2072
2073 /**
2074  * wpa_sm_set_own_addr - Set own MAC address
2075  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2076  * @addr: Own MAC address
2077  */
2078 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2079 {
2080         if (sm)
2081                 os_memcpy(sm->own_addr, addr, ETH_ALEN);
2082 }
2083
2084
2085 /**
2086  * wpa_sm_set_ifname - Set network interface name
2087  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2088  * @ifname: Interface name
2089  * @bridge_ifname: Optional bridge interface name (for pre-auth)
2090  */
2091 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2092                        const char *bridge_ifname)
2093 {
2094         if (sm) {
2095                 sm->ifname = ifname;
2096                 sm->bridge_ifname = bridge_ifname;
2097         }
2098 }
2099
2100
2101 /**
2102  * wpa_sm_set_eapol - Set EAPOL state machine pointer
2103  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2104  * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2105  */
2106 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2107 {
2108         if (sm)
2109                 sm->eapol = eapol;
2110 }
2111
2112
2113 /**
2114  * wpa_sm_set_param - Set WPA state machine parameters
2115  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2116  * @param: Parameter field
2117  * @value: Parameter value
2118  * Returns: 0 on success, -1 on failure
2119  */
2120 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2121                      unsigned int value)
2122 {
2123         int ret = 0;
2124
2125         if (sm == NULL)
2126                 return -1;
2127
2128         switch (param) {
2129         case RSNA_PMK_LIFETIME:
2130                 if (value > 0)
2131                         sm->dot11RSNAConfigPMKLifetime = value;
2132                 else
2133                         ret = -1;
2134                 break;
2135         case RSNA_PMK_REAUTH_THRESHOLD:
2136                 if (value > 0 && value <= 100)
2137                         sm->dot11RSNAConfigPMKReauthThreshold = value;
2138                 else
2139                         ret = -1;
2140                 break;
2141         case RSNA_SA_TIMEOUT:
2142                 if (value > 0)
2143                         sm->dot11RSNAConfigSATimeout = value;
2144                 else
2145                         ret = -1;
2146                 break;
2147         case WPA_PARAM_PROTO:
2148                 sm->proto = value;
2149                 break;
2150         case WPA_PARAM_PAIRWISE:
2151                 sm->pairwise_cipher = value;
2152                 break;
2153         case WPA_PARAM_GROUP:
2154                 sm->group_cipher = value;
2155                 break;
2156         case WPA_PARAM_KEY_MGMT:
2157                 sm->key_mgmt = value;
2158                 break;
2159 #ifdef CONFIG_IEEE80211W
2160         case WPA_PARAM_MGMT_GROUP:
2161                 sm->mgmt_group_cipher = value;
2162                 break;
2163 #endif /* CONFIG_IEEE80211W */
2164         case WPA_PARAM_RSN_ENABLED:
2165                 sm->rsn_enabled = value;
2166                 break;
2167         default:
2168                 break;
2169         }
2170
2171         return ret;
2172 }
2173
2174
2175 /**
2176  * wpa_sm_get_param - Get WPA state machine parameters
2177  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2178  * @param: Parameter field
2179  * Returns: Parameter value
2180  */
2181 unsigned int wpa_sm_get_param(struct wpa_sm *sm, enum wpa_sm_conf_params param)
2182 {
2183         if (sm == NULL)
2184                 return 0;
2185
2186         switch (param) {
2187         case RSNA_PMK_LIFETIME:
2188                 return sm->dot11RSNAConfigPMKLifetime;
2189         case RSNA_PMK_REAUTH_THRESHOLD:
2190                 return sm->dot11RSNAConfigPMKReauthThreshold;
2191         case RSNA_SA_TIMEOUT:
2192                 return sm->dot11RSNAConfigSATimeout;
2193         case WPA_PARAM_PROTO:
2194                 return sm->proto;
2195         case WPA_PARAM_PAIRWISE:
2196                 return sm->pairwise_cipher;
2197         case WPA_PARAM_GROUP:
2198                 return sm->group_cipher;
2199         case WPA_PARAM_KEY_MGMT:
2200                 return sm->key_mgmt;
2201 #ifdef CONFIG_IEEE80211W
2202         case WPA_PARAM_MGMT_GROUP:
2203                 return sm->mgmt_group_cipher;
2204 #endif /* CONFIG_IEEE80211W */
2205         case WPA_PARAM_RSN_ENABLED:
2206                 return sm->rsn_enabled;
2207         default:
2208                 return 0;
2209         }
2210 }
2211
2212
2213 /**
2214  * wpa_sm_get_status - Get WPA state machine
2215  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2216  * @buf: Buffer for status information
2217  * @buflen: Maximum buffer length
2218  * @verbose: Whether to include verbose status information
2219  * Returns: Number of bytes written to buf.
2220  *
2221  * Query WPA state machine for status information. This function fills in
2222  * a text area with current status information. If the buffer (buf) is not
2223  * large enough, status information will be truncated to fit the buffer.
2224  */
2225 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2226                       int verbose)
2227 {
2228         char *pos = buf, *end = buf + buflen;
2229         int ret;
2230
2231         ret = os_snprintf(pos, end - pos,
2232                           "pairwise_cipher=%s\n"
2233                           "group_cipher=%s\n"
2234                           "key_mgmt=%s\n",
2235                           wpa_cipher_txt(sm->pairwise_cipher),
2236                           wpa_cipher_txt(sm->group_cipher),
2237                           wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2238         if (ret < 0 || ret >= end - pos)
2239                 return pos - buf;
2240         pos += ret;
2241         return pos - buf;
2242 }
2243
2244
2245 /**
2246  * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2247  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2248  * @wpa_ie: Pointer to buffer for WPA/RSN IE
2249  * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2250  * Returns: 0 on success, -1 on failure
2251  */
2252 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2253                                     size_t *wpa_ie_len)
2254 {
2255         int res;
2256
2257         if (sm == NULL)
2258                 return -1;
2259
2260         res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2261         if (res < 0)
2262                 return -1;
2263         *wpa_ie_len = res;
2264
2265         wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2266                     wpa_ie, *wpa_ie_len);
2267
2268         if (sm->assoc_wpa_ie == NULL) {
2269                 /*
2270                  * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2271                  * the correct version of the IE even if PMKSA caching is
2272                  * aborted (which would remove PMKID from IE generation).
2273                  */
2274                 sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2275                 if (sm->assoc_wpa_ie == NULL)
2276                         return -1;
2277
2278                 os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2279                 sm->assoc_wpa_ie_len = *wpa_ie_len;
2280         }
2281
2282         return 0;
2283 }
2284
2285
2286 /**
2287  * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2288  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2289  * @ie: Pointer to IE data (starting from id)
2290  * @len: IE length
2291  * Returns: 0 on success, -1 on failure
2292  *
2293  * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2294  * Request frame. The IE will be used to override the default value generated
2295  * with wpa_sm_set_assoc_wpa_ie_default().
2296  */
2297 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2298 {
2299         if (sm == NULL)
2300                 return -1;
2301
2302         os_free(sm->assoc_wpa_ie);
2303         if (ie == NULL || len == 0) {
2304                 wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
2305                 sm->assoc_wpa_ie = NULL;
2306                 sm->assoc_wpa_ie_len = 0;
2307         } else {
2308                 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2309                 sm->assoc_wpa_ie = os_malloc(len);
2310                 if (sm->assoc_wpa_ie == NULL)
2311                         return -1;
2312
2313                 os_memcpy(sm->assoc_wpa_ie, ie, len);
2314                 sm->assoc_wpa_ie_len = len;
2315         }
2316
2317         return 0;
2318 }
2319
2320
2321 /**
2322  * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2323  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2324  * @ie: Pointer to IE data (starting from id)
2325  * @len: IE length
2326  * Returns: 0 on success, -1 on failure
2327  *
2328  * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2329  * frame.
2330  */
2331 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2332 {
2333         if (sm == NULL)
2334                 return -1;
2335
2336         os_free(sm->ap_wpa_ie);
2337         if (ie == NULL || len == 0) {
2338                 wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE");
2339                 sm->ap_wpa_ie = NULL;
2340                 sm->ap_wpa_ie_len = 0;
2341         } else {
2342                 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2343                 sm->ap_wpa_ie = os_malloc(len);
2344                 if (sm->ap_wpa_ie == NULL)
2345                         return -1;
2346
2347                 os_memcpy(sm->ap_wpa_ie, ie, len);
2348                 sm->ap_wpa_ie_len = len;
2349         }
2350
2351         return 0;
2352 }
2353
2354
2355 /**
2356  * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2357  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2358  * @ie: Pointer to IE data (starting from id)
2359  * @len: IE length
2360  * Returns: 0 on success, -1 on failure
2361  *
2362  * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2363  * frame.
2364  */
2365 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2366 {
2367         if (sm == NULL)
2368                 return -1;
2369
2370         os_free(sm->ap_rsn_ie);
2371         if (ie == NULL || len == 0) {
2372                 wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE");
2373                 sm->ap_rsn_ie = NULL;
2374                 sm->ap_rsn_ie_len = 0;
2375         } else {
2376                 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2377                 sm->ap_rsn_ie = os_malloc(len);
2378                 if (sm->ap_rsn_ie == NULL)
2379                         return -1;
2380
2381                 os_memcpy(sm->ap_rsn_ie, ie, len);
2382                 sm->ap_rsn_ie_len = len;
2383         }
2384
2385         return 0;
2386 }
2387
2388
2389 /**
2390  * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2391  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2392  * @data: Pointer to data area for parsing results
2393  * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2394  *
2395  * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2396  * parsed data into data.
2397  */
2398 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2399 {
2400         if (sm == NULL || sm->assoc_wpa_ie == NULL) {
2401                 wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE available from "
2402                            "association info");
2403                 return -1;
2404         }
2405         if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2406                 return -2;
2407         return 0;
2408 }