1 /*
2  * WPA Supplicant - WPA state machine and EAPOL-Key processing
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  * Copyright(c) 2015 Intel Deutschland GmbH
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #include "includes.h"
11 
12 #include "common.h"
13 #include "crypto/aes_wrap.h"
14 #include "crypto/crypto.h"
15 #include "crypto/random.h"
16 #include "common/ieee802_11_defs.h"
17 #include "eapol_supp/eapol_supp_sm.h"
18 #include "wpa.h"
19 #include "eloop.h"
20 #include "preauth.h"
21 #include "pmksa_cache.h"
22 #include "wpa_i.h"
23 #include "wpa_ie.h"
24 #include "peerkey.h"
25 
26 
27 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
28 
29 
30 /**
31  * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
32  * @sm: Pointer to WPA state machine data from wpa_sm_init()
33  * @kck: Key Confirmation Key (KCK, part of PTK)
34  * @kck_len: KCK length in octets
35  * @ver: Version field from Key Info
36  * @dest: Destination address for the frame
37  * @proto: Ethertype (usually ETH_P_EAPOL)
38  * @msg: EAPOL-Key message
39  * @msg_len: Length of message
40  * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
41  * Returns: >= 0 on success, < 0 on failure
42  */
wpa_eapol_key_send(struct wpa_sm * sm,const u8 * kck,size_t kck_len,int ver,const u8 * dest,u16 proto,u8 * msg,size_t msg_len,u8 * key_mic)43 int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
44 		       int ver, const u8 *dest, u16 proto,
45 		       u8 *msg, size_t msg_len, u8 *key_mic)
46 {
47 	int ret = -1;
48 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
49 
50 	if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
51 		/*
52 		 * Association event was not yet received; try to fetch
53 		 * BSSID from the driver.
54 		 */
55 		if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
56 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
57 				"WPA: Failed to read BSSID for "
58 				"EAPOL-Key destination address");
59 		} else {
60 			dest = sm->bssid;
61 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
62 				"WPA: Use BSSID (" MACSTR
63 				") as the destination for EAPOL-Key",
64 				MAC2STR(dest));
65 		}
66 	}
67 	if (key_mic &&
68 	    wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
69 			      key_mic)) {
70 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
71 			"WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
72 			ver, sm->key_mgmt);
73 		goto out;
74 	}
75 	wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
76 	wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
77 	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
78 	ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
79 	eapol_sm_notify_tx_eapol_key(sm->eapol);
80 out:
81 	os_free(msg);
82 	return ret;
83 }
84 
85 
86 /**
87  * wpa_sm_key_request - Send EAPOL-Key Request
88  * @sm: Pointer to WPA state machine data from wpa_sm_init()
89  * @error: Indicate whether this is an Michael MIC error report
90  * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
91  *
92  * Send an EAPOL-Key Request to the current authenticator. This function is
93  * used to request rekeying and it is usually called when a local Michael MIC
94  * failure is detected.
95  */
wpa_sm_key_request(struct wpa_sm * sm,int error,int pairwise)96 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
97 {
98 	size_t mic_len, hdrlen, rlen;
99 	struct wpa_eapol_key *reply;
100 	struct wpa_eapol_key_192 *reply192;
101 	int key_info, ver;
102 	u8 bssid[ETH_ALEN], *rbuf, *key_mic;
103 
104 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
105 	    wpa_key_mgmt_suite_b(sm->key_mgmt))
106 		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
107 	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
108 		 wpa_key_mgmt_sha256(sm->key_mgmt))
109 		ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
110 	else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
111 		ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
112 	else
113 		ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
114 
115 	if (wpa_sm_get_bssid(sm, bssid) < 0) {
116 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
117 			"Failed to read BSSID for EAPOL-Key request");
118 		return;
119 	}
120 
121 	mic_len = wpa_mic_len(sm->key_mgmt);
122 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
123 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
124 				  hdrlen, &rlen, (void *) &reply);
125 	if (rbuf == NULL)
126 		return;
127 	reply192 = (struct wpa_eapol_key_192 *) reply;
128 
129 	reply->type = (sm->proto == WPA_PROTO_RSN ||
130 		       sm->proto == WPA_PROTO_OSEN) ?
131 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
132 	key_info = WPA_KEY_INFO_REQUEST | ver;
133 	if (sm->ptk_set)
134 		key_info |= WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
135 	if (error)
136 		key_info |= WPA_KEY_INFO_ERROR;
137 	if (pairwise)
138 		key_info |= WPA_KEY_INFO_KEY_TYPE;
139 	WPA_PUT_BE16(reply->key_info, key_info);
140 	WPA_PUT_BE16(reply->key_length, 0);
141 	os_memcpy(reply->replay_counter, sm->request_counter,
142 		  WPA_REPLAY_COUNTER_LEN);
143 	inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
144 
145 	if (mic_len == 24)
146 		WPA_PUT_BE16(reply192->key_data_length, 0);
147 	else
148 		WPA_PUT_BE16(reply->key_data_length, 0);
149 	if (!(key_info & WPA_KEY_INFO_MIC))
150 		key_mic = NULL;
151 	else
152 		key_mic = reply192->key_mic; /* same offset in reply */
153 
154 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
155 		"WPA: Sending EAPOL-Key Request (error=%d "
156 		"pairwise=%d ptk_set=%d len=%lu)",
157 		error, pairwise, sm->ptk_set, (unsigned long) rlen);
158 	wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
159 			   ETH_P_EAPOL, rbuf, rlen, key_mic);
160 }
161 
162 
wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm * sm)163 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
164 {
165 #ifdef CONFIG_IEEE80211R
166 	if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
167 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
168 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
169 				"RSN: Cannot set low order 256 bits of MSK for key management offload");
170 	} else {
171 #endif /* CONFIG_IEEE80211R */
172 		if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
173 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
174 				"RSN: Cannot set PMK for key management offload");
175 #ifdef CONFIG_IEEE80211R
176 	}
177 #endif /* CONFIG_IEEE80211R */
178 }
179 
180 
wpa_supplicant_get_pmk(struct wpa_sm * sm,const unsigned char * src_addr,const u8 * pmkid)181 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
182 				  const unsigned char *src_addr,
183 				  const u8 *pmkid)
184 {
185 	int abort_cached = 0;
186 
187 	if (pmkid && !sm->cur_pmksa) {
188 		/* When using drivers that generate RSN IE, wpa_supplicant may
189 		 * not have enough time to get the association information
190 		 * event before receiving this 1/4 message, so try to find a
191 		 * matching PMKSA cache entry here. */
192 		sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
193 						NULL);
194 		if (sm->cur_pmksa) {
195 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
196 				"RSN: found matching PMKID from PMKSA cache");
197 		} else {
198 			wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
199 				"RSN: no matching PMKID found");
200 			abort_cached = 1;
201 		}
202 	}
203 
204 	if (pmkid && sm->cur_pmksa &&
205 	    os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
206 		wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
207 		wpa_sm_set_pmk_from_pmksa(sm);
208 		wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
209 				sm->pmk, sm->pmk_len);
210 		eapol_sm_notify_cached(sm->eapol);
211 #ifdef CONFIG_IEEE80211R
212 		sm->xxkey_len = 0;
213 #endif /* CONFIG_IEEE80211R */
214 	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
215 		int res, pmk_len;
216 
217 		if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
218 			pmk_len = PMK_LEN_SUITE_B_192;
219 		else
220 			pmk_len = PMK_LEN;
221 		res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
222 		if (res) {
223 			if (pmk_len == PMK_LEN) {
224 				/*
225 				 * EAP-LEAP is an exception from other EAP
226 				 * methods: it uses only 16-byte PMK.
227 				 */
228 				res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
229 				pmk_len = 16;
230 			}
231 		} else {
232 #ifdef CONFIG_IEEE80211R
233 			u8 buf[2 * PMK_LEN];
234 			if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
235 			{
236 				os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
237 				sm->xxkey_len = PMK_LEN;
238 				os_memset(buf, 0, sizeof(buf));
239 			}
240 #endif /* CONFIG_IEEE80211R */
241 		}
242 		if (res == 0) {
243 			struct rsn_pmksa_cache_entry *sa = NULL;
244 			wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
245 					"machines", sm->pmk, pmk_len);
246 			sm->pmk_len = pmk_len;
247 			wpa_supplicant_key_mgmt_set_pmk(sm);
248 			if (sm->proto == WPA_PROTO_RSN &&
249 			    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
250 			    !wpa_key_mgmt_ft(sm->key_mgmt)) {
251 				sa = pmksa_cache_add(sm->pmksa,
252 						     sm->pmk, pmk_len, NULL,
253 						     NULL, 0,
254 						     src_addr, sm->own_addr,
255 						     sm->network_ctx,
256 						     sm->key_mgmt);
257 			}
258 			if (!sm->cur_pmksa && pmkid &&
259 			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
260 			{
261 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
262 					"RSN: the new PMK matches with the "
263 					"PMKID");
264 				abort_cached = 0;
265 			} else if (sa && !sm->cur_pmksa && pmkid) {
266 				/*
267 				 * It looks like the authentication server
268 				 * derived mismatching MSK. This should not
269 				 * really happen, but bugs happen.. There is not
270 				 * much we can do here without knowing what
271 				 * exactly caused the server to misbehave.
272 				 */
273 				wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
274 					"RSN: PMKID mismatch - authentication server may have derived different MSK?!");
275 				return -1;
276 			}
277 
278 			if (!sm->cur_pmksa)
279 				sm->cur_pmksa = sa;
280 		} else {
281 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
282 				"WPA: Failed to get master session key from "
283 				"EAPOL state machines - key handshake "
284 				"aborted");
285 			if (sm->cur_pmksa) {
286 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
287 					"RSN: Cancelled PMKSA caching "
288 					"attempt");
289 				sm->cur_pmksa = NULL;
290 				abort_cached = 1;
291 			} else if (!abort_cached) {
292 				return -1;
293 			}
294 		}
295 	}
296 
297 	if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
298 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
299 	    !wpa_key_mgmt_ft(sm->key_mgmt) && sm->key_mgmt != WPA_KEY_MGMT_OSEN)
300 	{
301 		/* Send EAPOL-Start to trigger full EAP authentication. */
302 		u8 *buf;
303 		size_t buflen;
304 
305 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
306 			"RSN: no PMKSA entry found - trigger "
307 			"full EAP authentication");
308 		buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
309 					 NULL, 0, &buflen, NULL);
310 		if (buf) {
311 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
312 					  buf, buflen);
313 			os_free(buf);
314 			return -2;
315 		}
316 
317 		return -1;
318 	}
319 
320 	return 0;
321 }
322 
323 
324 /**
325  * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
326  * @sm: Pointer to WPA state machine data from wpa_sm_init()
327  * @dst: Destination address for the frame
328  * @key: Pointer to the EAPOL-Key frame header
329  * @ver: Version bits from EAPOL-Key Key Info
330  * @nonce: Nonce value for the EAPOL-Key frame
331  * @wpa_ie: WPA/RSN IE
332  * @wpa_ie_len: Length of the WPA/RSN IE
333  * @ptk: PTK to use for keyed hash and encryption
334  * Returns: >= 0 on success, < 0 on failure
335  */
wpa_supplicant_send_2_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,int ver,const u8 * nonce,const u8 * wpa_ie,size_t wpa_ie_len,struct wpa_ptk * ptk)336 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
337 			       const struct wpa_eapol_key *key,
338 			       int ver, const u8 *nonce,
339 			       const u8 *wpa_ie, size_t wpa_ie_len,
340 			       struct wpa_ptk *ptk)
341 {
342 	size_t mic_len, hdrlen, rlen;
343 	struct wpa_eapol_key *reply;
344 	struct wpa_eapol_key_192 *reply192;
345 	u8 *rbuf, *key_mic;
346 	u8 *rsn_ie_buf = NULL;
347 
348 	if (wpa_ie == NULL) {
349 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
350 			"cannot generate msg 2/4");
351 		return -1;
352 	}
353 
354 #ifdef CONFIG_IEEE80211R
355 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
356 		int res;
357 
358 		/*
359 		 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
360 		 * FTIE from (Re)Association Response.
361 		 */
362 		rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
363 				       sm->assoc_resp_ies_len);
364 		if (rsn_ie_buf == NULL)
365 			return -1;
366 		os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
367 		res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len,
368 				       sm->pmk_r1_name);
369 		if (res < 0) {
370 			os_free(rsn_ie_buf);
371 			return -1;
372 		}
373 
374 		if (sm->assoc_resp_ies) {
375 			os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
376 				  sm->assoc_resp_ies_len);
377 			wpa_ie_len += sm->assoc_resp_ies_len;
378 		}
379 
380 		wpa_ie = rsn_ie_buf;
381 	}
382 #endif /* CONFIG_IEEE80211R */
383 
384 	wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
385 
386 	mic_len = wpa_mic_len(sm->key_mgmt);
387 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
388 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
389 				  NULL, hdrlen + wpa_ie_len,
390 				  &rlen, (void *) &reply);
391 	if (rbuf == NULL) {
392 		os_free(rsn_ie_buf);
393 		return -1;
394 	}
395 	reply192 = (struct wpa_eapol_key_192 *) reply;
396 
397 	reply->type = (sm->proto == WPA_PROTO_RSN ||
398 		       sm->proto == WPA_PROTO_OSEN) ?
399 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
400 	WPA_PUT_BE16(reply->key_info,
401 		     ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
402 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
403 		WPA_PUT_BE16(reply->key_length, 0);
404 	else
405 		os_memcpy(reply->key_length, key->key_length, 2);
406 	os_memcpy(reply->replay_counter, key->replay_counter,
407 		  WPA_REPLAY_COUNTER_LEN);
408 	wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
409 		    WPA_REPLAY_COUNTER_LEN);
410 
411 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
412 	if (mic_len == 24) {
413 		WPA_PUT_BE16(reply192->key_data_length, wpa_ie_len);
414 		os_memcpy(reply192 + 1, wpa_ie, wpa_ie_len);
415 	} else {
416 		WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
417 		os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
418 	}
419 	os_free(rsn_ie_buf);
420 
421 	os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
422 
423 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
424 	return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
425 				  ETH_P_EAPOL, rbuf, rlen, key_mic);
426 }
427 
428 
wpa_derive_ptk(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,struct wpa_ptk * ptk)429 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
430 			  const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
431 {
432 #ifdef CONFIG_IEEE80211R
433 	if (wpa_key_mgmt_ft(sm->key_mgmt))
434 		return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
435 #endif /* CONFIG_IEEE80211R */
436 
437 	return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
438 			      sm->own_addr, sm->bssid, sm->snonce,
439 			      key->key_nonce, ptk, sm->key_mgmt,
440 			      sm->pairwise_cipher);
441 }
442 
443 
wpa_supplicant_process_1_of_4(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)444 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
445 					  const unsigned char *src_addr,
446 					  const struct wpa_eapol_key *key,
447 					  u16 ver, const u8 *key_data,
448 					  size_t key_data_len)
449 {
450 	struct wpa_eapol_ie_parse ie;
451 	struct wpa_ptk *ptk;
452 	int res;
453 	u8 *kde, *kde_buf = NULL;
454 	size_t kde_len;
455 
456 	if (wpa_sm_get_network_ctx(sm) == NULL) {
457 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
458 			"found (msg 1 of 4)");
459 		return;
460 	}
461 
462 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
463 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
464 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
465 
466 	os_memset(&ie, 0, sizeof(ie));
467 
468 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
469 		/* RSN: msg 1/4 should contain PMKID for the selected PMK */
470 		wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
471 			    key_data, key_data_len);
472 		if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
473 			goto failed;
474 		if (ie.pmkid) {
475 			wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
476 				    "Authenticator", ie.pmkid, PMKID_LEN);
477 		}
478 	}
479 
480 	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
481 	if (res == -2) {
482 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
483 			"msg 1/4 - requesting full EAP authentication");
484 		return;
485 	}
486 	if (res)
487 		goto failed;
488 
489 	if (sm->renew_snonce) {
490 		if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
491 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
492 				"WPA: Failed to get random data for SNonce");
493 			goto failed;
494 		}
495 		sm->renew_snonce = 0;
496 		wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
497 			    sm->snonce, WPA_NONCE_LEN);
498 	}
499 
500 	/* Calculate PTK which will be stored as a temporary PTK until it has
501 	 * been verified when processing message 3/4. */
502 	ptk = &sm->tptk;
503 	wpa_derive_ptk(sm, src_addr, key, ptk);
504 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
505 		u8 buf[8];
506 		/* Supplicant: swap tx/rx Mic keys */
507 		os_memcpy(buf, &ptk->tk[16], 8);
508 		os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
509 		os_memcpy(&ptk->tk[24], buf, 8);
510 		os_memset(buf, 0, sizeof(buf));
511 	}
512 	sm->tptk_set = 1;
513 	sm->tk_to_set = 1;
514 
515 	kde = sm->assoc_wpa_ie;
516 	kde_len = sm->assoc_wpa_ie_len;
517 
518 #ifdef CONFIG_P2P
519 	if (sm->p2p) {
520 		kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
521 		if (kde_buf) {
522 			u8 *pos;
523 			wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
524 				   "into EAPOL-Key 2/4");
525 			os_memcpy(kde_buf, kde, kde_len);
526 			kde = kde_buf;
527 			pos = kde + kde_len;
528 			*pos++ = WLAN_EID_VENDOR_SPECIFIC;
529 			*pos++ = RSN_SELECTOR_LEN + 1;
530 			RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
531 			pos += RSN_SELECTOR_LEN;
532 			*pos++ = 0x01;
533 			kde_len = pos - kde;
534 		}
535 	}
536 #endif /* CONFIG_P2P */
537 
538 	if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
539 				       kde, kde_len, ptk) < 0)
540 		goto failed;
541 
542 	os_free(kde_buf);
543 	os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
544 	return;
545 
546 failed:
547 	os_free(kde_buf);
548 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
549 }
550 
551 
wpa_sm_start_preauth(void * eloop_ctx,void * timeout_ctx)552 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
553 {
554 	struct wpa_sm *sm = eloop_ctx;
555 	rsn_preauth_candidate_process(sm);
556 }
557 
558 
wpa_supplicant_key_neg_complete(struct wpa_sm * sm,const u8 * addr,int secure)559 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
560 					    const u8 *addr, int secure)
561 {
562 	wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
563 		"WPA: Key negotiation completed with "
564 		MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
565 		wpa_cipher_txt(sm->pairwise_cipher),
566 		wpa_cipher_txt(sm->group_cipher));
567 	wpa_sm_cancel_auth_timeout(sm);
568 	wpa_sm_set_state(sm, WPA_COMPLETED);
569 
570 	if (secure) {
571 		wpa_sm_mlme_setprotection(
572 			sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
573 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
574 		eapol_sm_notify_portValid(sm->eapol, TRUE);
575 		if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
576 			eapol_sm_notify_eap_success(sm->eapol, TRUE);
577 		/*
578 		 * Start preauthentication after a short wait to avoid a
579 		 * possible race condition between the data receive and key
580 		 * configuration after the 4-Way Handshake. This increases the
581 		 * likelihood of the first preauth EAPOL-Start frame getting to
582 		 * the target AP.
583 		 */
584 		eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
585 	}
586 
587 	if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
588 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
589 			"RSN: Authenticator accepted "
590 			"opportunistic PMKSA entry - marking it valid");
591 		sm->cur_pmksa->opportunistic = 0;
592 	}
593 
594 #ifdef CONFIG_IEEE80211R
595 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
596 		/* Prepare for the next transition */
597 		wpa_ft_prepare_auth_request(sm, NULL);
598 	}
599 #endif /* CONFIG_IEEE80211R */
600 }
601 
602 
wpa_sm_rekey_ptk(void * eloop_ctx,void * timeout_ctx)603 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
604 {
605 	struct wpa_sm *sm = eloop_ctx;
606 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
607 	wpa_sm_key_request(sm, 0, 1);
608 }
609 
610 
wpa_supplicant_install_ptk(struct wpa_sm * sm,const struct wpa_eapol_key * key)611 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
612 				      const struct wpa_eapol_key *key)
613 {
614 	int keylen, rsclen;
615 	enum wpa_alg alg;
616 	const u8 *key_rsc;
617 
618 	if (!sm->tk_to_set) {
619 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
620 			"WPA: Do not re-install same PTK to the driver");
621 		return 0;
622 	}
623 
624 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
625 		"WPA: Installing PTK to the driver");
626 
627 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
628 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
629 			"Suite: NONE - do not use pairwise keys");
630 		return 0;
631 	}
632 
633 	if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
634 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
635 			"WPA: Unsupported pairwise cipher %d",
636 			sm->pairwise_cipher);
637 		return -1;
638 	}
639 
640 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
641 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
642 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
643 
644 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
645 		key_rsc = null_rsc;
646 	} else {
647 		key_rsc = key->key_rsc;
648 		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
649 	}
650 
651 	if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
652 			   sm->ptk.tk, keylen) < 0) {
653 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
654 			"WPA: Failed to set PTK to the "
655 			"driver (alg=%d keylen=%d bssid=" MACSTR ")",
656 			alg, keylen, MAC2STR(sm->bssid));
657 		return -1;
658 	}
659 
660 	/* TK is not needed anymore in supplicant */
661 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
662 	sm->tk_to_set = 0;
663 
664 	if (sm->wpa_ptk_rekey) {
665 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
666 		eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
667 				       sm, NULL);
668 	}
669 
670 	return 0;
671 }
672 
673 
wpa_supplicant_check_group_cipher(struct wpa_sm * sm,int group_cipher,int keylen,int maxkeylen,int * key_rsc_len,enum wpa_alg * alg)674 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
675 					     int group_cipher,
676 					     int keylen, int maxkeylen,
677 					     int *key_rsc_len,
678 					     enum wpa_alg *alg)
679 {
680 	int klen;
681 
682 	*alg = wpa_cipher_to_alg(group_cipher);
683 	if (*alg == WPA_ALG_NONE) {
684 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
685 			"WPA: Unsupported Group Cipher %d",
686 			group_cipher);
687 		return -1;
688 	}
689 	*key_rsc_len = wpa_cipher_rsc_len(group_cipher);
690 
691 	klen = wpa_cipher_key_len(group_cipher);
692 	if (keylen != klen || maxkeylen < klen) {
693 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
694 			"WPA: Unsupported %s Group Cipher key length %d (%d)",
695 			wpa_cipher_txt(group_cipher), keylen, maxkeylen);
696 		return -1;
697 	}
698 	return 0;
699 }
700 
701 
702 struct wpa_gtk_data {
703 	enum wpa_alg alg;
704 	int tx, key_rsc_len, keyidx;
705 	u8 gtk[32];
706 	int gtk_len;
707 };
708 
709 
wpa_supplicant_install_gtk(struct wpa_sm * sm,const struct wpa_gtk_data * gd,const u8 * key_rsc)710 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
711 				      const struct wpa_gtk_data *gd,
712 				      const u8 *key_rsc)
713 {
714 	const u8 *_gtk = gd->gtk;
715 	u8 gtk_buf[32];
716 
717 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
718 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
719 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
720 		gd->keyidx, gd->tx, gd->gtk_len);
721 	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
722 	if (sm->group_cipher == WPA_CIPHER_TKIP) {
723 		/* Swap Tx/Rx keys for Michael MIC */
724 		os_memcpy(gtk_buf, gd->gtk, 16);
725 		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
726 		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
727 		_gtk = gtk_buf;
728 	}
729 	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
730 		if (wpa_sm_set_key(sm, gd->alg, NULL,
731 				   gd->keyidx, 1, key_rsc, gd->key_rsc_len,
732 				   _gtk, gd->gtk_len) < 0) {
733 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
734 				"WPA: Failed to set GTK to the driver "
735 				"(Group only)");
736 			os_memset(gtk_buf, 0, sizeof(gtk_buf));
737 			return -1;
738 		}
739 	} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
740 				  gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
741 				  _gtk, gd->gtk_len) < 0) {
742 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
743 			"WPA: Failed to set GTK to "
744 			"the driver (alg=%d keylen=%d keyidx=%d)",
745 			gd->alg, gd->gtk_len, gd->keyidx);
746 		os_memset(gtk_buf, 0, sizeof(gtk_buf));
747 		return -1;
748 	}
749 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
750 
751 	return 0;
752 }
753 
754 
wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm * sm,int tx)755 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
756 						int tx)
757 {
758 	if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
759 		/* Ignore Tx bit for GTK if a pairwise key is used. One AP
760 		 * seemed to set this bit (incorrectly, since Tx is only when
761 		 * doing Group Key only APs) and without this workaround, the
762 		 * data connection does not work because wpa_supplicant
763 		 * configured non-zero keyidx to be used for unicast. */
764 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
765 			"WPA: Tx bit set for GTK, but pairwise "
766 			"keys are used - ignore Tx bit");
767 		return 0;
768 	}
769 	return tx;
770 }
771 
772 
wpa_supplicant_rsc_relaxation(const struct wpa_sm * sm,const u8 * rsc)773 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
774 					 const u8 *rsc)
775 {
776 	int rsclen;
777 
778 	if (!sm->wpa_rsc_relaxation)
779 		return 0;
780 
781 	rsclen = wpa_cipher_rsc_len(sm->group_cipher);
782 
783 	/*
784 	 * Try to detect RSC (endian) corruption issue where the AP sends
785 	 * the RSC bytes in EAPOL-Key message in the wrong order, both if
786 	 * it's actually a 6-byte field (as it should be) and if it treats
787 	 * it as an 8-byte field.
788 	 * An AP model known to have this bug is the Sapido RB-1632.
789 	 */
790 	if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) {
791 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
792 			"RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0",
793 			rsc[0], rsc[1], rsc[2], rsc[3],
794 			rsc[4], rsc[5], rsc[6], rsc[7]);
795 
796 		return 1;
797 	}
798 
799 	return 0;
800 }
801 
802 
wpa_supplicant_pairwise_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,const u8 * gtk,size_t gtk_len,int key_info)803 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
804 				       const struct wpa_eapol_key *key,
805 				       const u8 *gtk, size_t gtk_len,
806 				       int key_info)
807 {
808 	struct wpa_gtk_data gd;
809 	const u8 *key_rsc;
810 
811 	/*
812 	 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
813 	 * GTK KDE format:
814 	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
815 	 * Reserved [bits 0-7]
816 	 * GTK
817 	 */
818 
819 	os_memset(&gd, 0, sizeof(gd));
820 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
821 			gtk, gtk_len);
822 
823 	if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
824 		return -1;
825 
826 	gd.keyidx = gtk[0] & 0x3;
827 	gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
828 						     !!(gtk[0] & BIT(2)));
829 	gtk += 2;
830 	gtk_len -= 2;
831 
832 	os_memcpy(gd.gtk, gtk, gtk_len);
833 	gd.gtk_len = gtk_len;
834 
835 	key_rsc = key->key_rsc;
836 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
837 		key_rsc = null_rsc;
838 
839 	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
840 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
841 					       gtk_len, gtk_len,
842 					       &gd.key_rsc_len, &gd.alg) ||
843 	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
844 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
845 			"RSN: Failed to install GTK");
846 		os_memset(&gd, 0, sizeof(gd));
847 		return -1;
848 	}
849 	os_memset(&gd, 0, sizeof(gd));
850 
851 	wpa_supplicant_key_neg_complete(sm, sm->bssid,
852 					key_info & WPA_KEY_INFO_SECURE);
853 	return 0;
854 }
855 
856 
ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)857 static int ieee80211w_set_keys(struct wpa_sm *sm,
858 			       struct wpa_eapol_ie_parse *ie)
859 {
860 #ifdef CONFIG_IEEE80211W
861 	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
862 		return 0;
863 
864 	if (ie->igtk) {
865 		size_t len;
866 		const struct wpa_igtk_kde *igtk;
867 		u16 keyidx;
868 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
869 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
870 			return -1;
871 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
872 		keyidx = WPA_GET_LE16(igtk->keyid);
873 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
874 			"pn %02x%02x%02x%02x%02x%02x",
875 			keyidx, MAC2STR(igtk->pn));
876 		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
877 				igtk->igtk, len);
878 		if (keyidx > 4095) {
879 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
880 				"WPA: Invalid IGTK KeyID %d", keyidx);
881 			return -1;
882 		}
883 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
884 				   broadcast_ether_addr,
885 				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
886 				   igtk->igtk, len) < 0) {
887 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
888 				"WPA: Failed to configure IGTK to the driver");
889 			return -1;
890 		}
891 	}
892 
893 	return 0;
894 #else /* CONFIG_IEEE80211W */
895 	return 0;
896 #endif /* CONFIG_IEEE80211W */
897 }
898 
899 
wpa_report_ie_mismatch(struct wpa_sm * sm,const char * reason,const u8 * src_addr,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsn_ie,size_t rsn_ie_len)900 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
901 				   const char *reason, const u8 *src_addr,
902 				   const u8 *wpa_ie, size_t wpa_ie_len,
903 				   const u8 *rsn_ie, size_t rsn_ie_len)
904 {
905 	wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
906 		reason, MAC2STR(src_addr));
907 
908 	if (sm->ap_wpa_ie) {
909 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
910 			    sm->ap_wpa_ie, sm->ap_wpa_ie_len);
911 	}
912 	if (wpa_ie) {
913 		if (!sm->ap_wpa_ie) {
914 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
915 				"WPA: No WPA IE in Beacon/ProbeResp");
916 		}
917 		wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
918 			    wpa_ie, wpa_ie_len);
919 	}
920 
921 	if (sm->ap_rsn_ie) {
922 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
923 			    sm->ap_rsn_ie, sm->ap_rsn_ie_len);
924 	}
925 	if (rsn_ie) {
926 		if (!sm->ap_rsn_ie) {
927 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
928 				"WPA: No RSN IE in Beacon/ProbeResp");
929 		}
930 		wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
931 			    rsn_ie, rsn_ie_len);
932 	}
933 
934 	wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
935 }
936 
937 
938 #ifdef CONFIG_IEEE80211R
939 
ft_validate_mdie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_mdie)940 static int ft_validate_mdie(struct wpa_sm *sm,
941 			    const unsigned char *src_addr,
942 			    struct wpa_eapol_ie_parse *ie,
943 			    const u8 *assoc_resp_mdie)
944 {
945 	struct rsn_mdie *mdie;
946 
947 	mdie = (struct rsn_mdie *) (ie->mdie + 2);
948 	if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
949 	    os_memcmp(mdie->mobility_domain, sm->mobility_domain,
950 		      MOBILITY_DOMAIN_ID_LEN) != 0) {
951 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
952 			"not match with the current mobility domain");
953 		return -1;
954 	}
955 
956 	if (assoc_resp_mdie &&
957 	    (assoc_resp_mdie[1] != ie->mdie[1] ||
958 	     os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
959 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
960 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
961 			    ie->mdie, 2 + ie->mdie[1]);
962 		wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
963 			    assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
964 		return -1;
965 	}
966 
967 	return 0;
968 }
969 
970 
ft_validate_ftie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_ftie)971 static int ft_validate_ftie(struct wpa_sm *sm,
972 			    const unsigned char *src_addr,
973 			    struct wpa_eapol_ie_parse *ie,
974 			    const u8 *assoc_resp_ftie)
975 {
976 	if (ie->ftie == NULL) {
977 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
978 			"FT: No FTIE in EAPOL-Key msg 3/4");
979 		return -1;
980 	}
981 
982 	if (assoc_resp_ftie == NULL)
983 		return 0;
984 
985 	if (assoc_resp_ftie[1] != ie->ftie[1] ||
986 	    os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
987 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
988 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
989 			    ie->ftie, 2 + ie->ftie[1]);
990 		wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
991 			    assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
992 		return -1;
993 	}
994 
995 	return 0;
996 }
997 
998 
ft_validate_rsnie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)999 static int ft_validate_rsnie(struct wpa_sm *sm,
1000 			     const unsigned char *src_addr,
1001 			     struct wpa_eapol_ie_parse *ie)
1002 {
1003 	struct wpa_ie_data rsn;
1004 
1005 	if (!ie->rsn_ie)
1006 		return 0;
1007 
1008 	/*
1009 	 * Verify that PMKR1Name from EAPOL-Key message 3/4
1010 	 * matches with the value we derived.
1011 	 */
1012 	if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
1013 	    rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
1014 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
1015 			"FT 4-way handshake message 3/4");
1016 		return -1;
1017 	}
1018 
1019 	if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
1020 	{
1021 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1022 			"FT: PMKR1Name mismatch in "
1023 			"FT 4-way handshake message 3/4");
1024 		wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
1025 			    rsn.pmkid, WPA_PMK_NAME_LEN);
1026 		wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1027 			    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1028 		return -1;
1029 	}
1030 
1031 	return 0;
1032 }
1033 
1034 
wpa_supplicant_validate_ie_ft(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)1035 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
1036 					 const unsigned char *src_addr,
1037 					 struct wpa_eapol_ie_parse *ie)
1038 {
1039 	const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
1040 
1041 	if (sm->assoc_resp_ies) {
1042 		pos = sm->assoc_resp_ies;
1043 		end = pos + sm->assoc_resp_ies_len;
1044 		while (end - pos > 2) {
1045 			if (2 + pos[1] > end - pos)
1046 				break;
1047 			switch (*pos) {
1048 			case WLAN_EID_MOBILITY_DOMAIN:
1049 				mdie = pos;
1050 				break;
1051 			case WLAN_EID_FAST_BSS_TRANSITION:
1052 				ftie = pos;
1053 				break;
1054 			}
1055 			pos += 2 + pos[1];
1056 		}
1057 	}
1058 
1059 	if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
1060 	    ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
1061 	    ft_validate_rsnie(sm, src_addr, ie) < 0)
1062 		return -1;
1063 
1064 	return 0;
1065 }
1066 
1067 #endif /* CONFIG_IEEE80211R */
1068 
1069 
wpa_supplicant_validate_ie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)1070 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
1071 				      const unsigned char *src_addr,
1072 				      struct wpa_eapol_ie_parse *ie)
1073 {
1074 	if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
1075 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1076 			"WPA: No WPA/RSN IE for this AP known. "
1077 			"Trying to get from scan results");
1078 		if (wpa_sm_get_beacon_ie(sm) < 0) {
1079 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1080 				"WPA: Could not find AP from "
1081 				"the scan results");
1082 		} else {
1083 			wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
1084 				"WPA: Found the current AP from "
1085 				"updated scan results");
1086 		}
1087 	}
1088 
1089 	if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
1090 	    (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
1091 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1092 				       "with IE in Beacon/ProbeResp (no IE?)",
1093 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1094 				       ie->rsn_ie, ie->rsn_ie_len);
1095 		return -1;
1096 	}
1097 
1098 	if ((ie->wpa_ie && sm->ap_wpa_ie &&
1099 	     (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1100 	      os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1101 	    (ie->rsn_ie && sm->ap_rsn_ie &&
1102 	     wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
1103 				sm->ap_rsn_ie, sm->ap_rsn_ie_len,
1104 				ie->rsn_ie, ie->rsn_ie_len))) {
1105 		wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1106 				       "with IE in Beacon/ProbeResp",
1107 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1108 				       ie->rsn_ie, ie->rsn_ie_len);
1109 		return -1;
1110 	}
1111 
1112 	if (sm->proto == WPA_PROTO_WPA &&
1113 	    ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
1114 		wpa_report_ie_mismatch(sm, "Possible downgrade attack "
1115 				       "detected - RSN was enabled and RSN IE "
1116 				       "was in msg 3/4, but not in "
1117 				       "Beacon/ProbeResp",
1118 				       src_addr, ie->wpa_ie, ie->wpa_ie_len,
1119 				       ie->rsn_ie, ie->rsn_ie_len);
1120 		return -1;
1121 	}
1122 
1123 #ifdef CONFIG_IEEE80211R
1124 	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
1125 	    wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
1126 		return -1;
1127 #endif /* CONFIG_IEEE80211R */
1128 
1129 	return 0;
1130 }
1131 
1132 
1133 /**
1134  * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
1135  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1136  * @dst: Destination address for the frame
1137  * @key: Pointer to the EAPOL-Key frame header
1138  * @ver: Version bits from EAPOL-Key Key Info
1139  * @key_info: Key Info
1140  * @ptk: PTK to use for keyed hash and encryption
1141  * Returns: >= 0 on success, < 0 on failure
1142  */
wpa_supplicant_send_4_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,u16 ver,u16 key_info,struct wpa_ptk * ptk)1143 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
1144 			       const struct wpa_eapol_key *key,
1145 			       u16 ver, u16 key_info,
1146 			       struct wpa_ptk *ptk)
1147 {
1148 	size_t mic_len, hdrlen, rlen;
1149 	struct wpa_eapol_key *reply;
1150 	struct wpa_eapol_key_192 *reply192;
1151 	u8 *rbuf, *key_mic;
1152 
1153 	mic_len = wpa_mic_len(sm->key_mgmt);
1154 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1155 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1156 				  hdrlen, &rlen, (void *) &reply);
1157 	if (rbuf == NULL)
1158 		return -1;
1159 	reply192 = (struct wpa_eapol_key_192 *) reply;
1160 
1161 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1162 		       sm->proto == WPA_PROTO_OSEN) ?
1163 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1164 	key_info &= WPA_KEY_INFO_SECURE;
1165 	key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
1166 	WPA_PUT_BE16(reply->key_info, key_info);
1167 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1168 		WPA_PUT_BE16(reply->key_length, 0);
1169 	else
1170 		os_memcpy(reply->key_length, key->key_length, 2);
1171 	os_memcpy(reply->replay_counter, key->replay_counter,
1172 		  WPA_REPLAY_COUNTER_LEN);
1173 
1174 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1175 	if (mic_len == 24)
1176 		WPA_PUT_BE16(reply192->key_data_length, 0);
1177 	else
1178 		WPA_PUT_BE16(reply->key_data_length, 0);
1179 
1180 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1181 	return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
1182 				  ETH_P_EAPOL, rbuf, rlen, key_mic);
1183 }
1184 
1185 
wpa_supplicant_process_3_of_4(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)1186 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1187 					  const struct wpa_eapol_key *key,
1188 					  u16 ver, const u8 *key_data,
1189 					  size_t key_data_len)
1190 {
1191 	u16 key_info, keylen;
1192 	struct wpa_eapol_ie_parse ie;
1193 
1194 	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1195 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
1196 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1197 
1198 	key_info = WPA_GET_BE16(key->key_info);
1199 
1200 	wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
1201 	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
1202 		goto failed;
1203 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1204 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1205 			"WPA: GTK IE in unencrypted key data");
1206 		goto failed;
1207 	}
1208 #ifdef CONFIG_IEEE80211W
1209 	if (ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1210 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1211 			"WPA: IGTK KDE in unencrypted key data");
1212 		goto failed;
1213 	}
1214 
1215 	if (ie.igtk &&
1216 	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
1217 	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
1218 	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
1219 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1220 			"WPA: Invalid IGTK KDE length %lu",
1221 			(unsigned long) ie.igtk_len);
1222 		goto failed;
1223 	}
1224 #endif /* CONFIG_IEEE80211W */
1225 
1226 	if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1227 		goto failed;
1228 
1229 	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1230 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1231 			"WPA: ANonce from message 1 of 4-Way Handshake "
1232 			"differs from 3 of 4-Way Handshake - drop packet (src="
1233 			MACSTR ")", MAC2STR(sm->bssid));
1234 		goto failed;
1235 	}
1236 
1237 	keylen = WPA_GET_BE16(key->key_length);
1238 	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
1239 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1240 			"WPA: Invalid %s key length %d (src=" MACSTR
1241 			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
1242 			MAC2STR(sm->bssid));
1243 		goto failed;
1244 	}
1245 
1246 #ifdef CONFIG_P2P
1247 	if (ie.ip_addr_alloc) {
1248 		os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
1249 		wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
1250 			    sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
1251 	}
1252 #endif /* CONFIG_P2P */
1253 
1254 	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1255 				       &sm->ptk) < 0) {
1256 		goto failed;
1257 	}
1258 
1259 	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
1260 	 * for the next 4-Way Handshake. If msg 3 is received again, the old
1261 	 * SNonce will still be used to avoid changing PTK. */
1262 	sm->renew_snonce = 1;
1263 
1264 	if (key_info & WPA_KEY_INFO_INSTALL) {
1265 		if (wpa_supplicant_install_ptk(sm, key))
1266 			goto failed;
1267 	}
1268 
1269 	if (key_info & WPA_KEY_INFO_SECURE) {
1270 		wpa_sm_mlme_setprotection(
1271 			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1272 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1273 		eapol_sm_notify_portValid(sm->eapol, TRUE);
1274 	}
1275 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1276 
1277 	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
1278 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1279 						key_info & WPA_KEY_INFO_SECURE);
1280 	} else if (ie.gtk &&
1281 	    wpa_supplicant_pairwise_gtk(sm, key,
1282 					ie.gtk, ie.gtk_len, key_info) < 0) {
1283 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1284 			"RSN: Failed to configure GTK");
1285 		goto failed;
1286 	}
1287 
1288 	if (ieee80211w_set_keys(sm, &ie) < 0) {
1289 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1290 			"RSN: Failed to configure IGTK");
1291 		goto failed;
1292 	}
1293 
1294 	if (ie.gtk)
1295 		wpa_sm_set_rekey_offload(sm);
1296 
1297 	if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1298 		struct rsn_pmksa_cache_entry *sa;
1299 
1300 		sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
1301 				     sm->ptk.kck, sm->ptk.kck_len,
1302 				     sm->bssid, sm->own_addr,
1303 				     sm->network_ctx, sm->key_mgmt);
1304 		if (!sm->cur_pmksa)
1305 			sm->cur_pmksa = sa;
1306 	}
1307 
1308 	sm->msg_3_of_4_ok = 1;
1309 	return;
1310 
1311 failed:
1312 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1313 }
1314 
1315 
wpa_supplicant_process_1_of_2_rsn(struct wpa_sm * sm,const u8 * keydata,size_t keydatalen,u16 key_info,struct wpa_gtk_data * gd)1316 static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
1317 					     const u8 *keydata,
1318 					     size_t keydatalen,
1319 					     u16 key_info,
1320 					     struct wpa_gtk_data *gd)
1321 {
1322 	int maxkeylen;
1323 	struct wpa_eapol_ie_parse ie;
1324 
1325 	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
1326 	if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
1327 		return -1;
1328 	if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1329 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1330 			"WPA: GTK IE in unencrypted key data");
1331 		return -1;
1332 	}
1333 	if (ie.gtk == NULL) {
1334 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1335 			"WPA: No GTK IE in Group Key msg 1/2");
1336 		return -1;
1337 	}
1338 	maxkeylen = gd->gtk_len = ie.gtk_len - 2;
1339 
1340 	if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1341 					      gd->gtk_len, maxkeylen,
1342 					      &gd->key_rsc_len, &gd->alg))
1343 		return -1;
1344 
1345 	wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
1346 			ie.gtk, ie.gtk_len);
1347 	gd->keyidx = ie.gtk[0] & 0x3;
1348 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1349 						      !!(ie.gtk[0] & BIT(2)));
1350 	if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
1351 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1352 			"RSN: Too long GTK in GTK IE (len=%lu)",
1353 			(unsigned long) ie.gtk_len - 2);
1354 		return -1;
1355 	}
1356 	os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
1357 
1358 	if (ieee80211w_set_keys(sm, &ie) < 0)
1359 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1360 			"RSN: Failed to configure IGTK");
1361 
1362 	return 0;
1363 }
1364 
1365 
wpa_supplicant_process_1_of_2_wpa(struct wpa_sm * sm,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 key_info,u16 ver,struct wpa_gtk_data * gd)1366 static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
1367 					     const struct wpa_eapol_key *key,
1368 					     const u8 *key_data,
1369 					     size_t key_data_len, u16 key_info,
1370 					     u16 ver, struct wpa_gtk_data *gd)
1371 {
1372 	size_t maxkeylen;
1373 	u16 gtk_len;
1374 
1375 	gtk_len = WPA_GET_BE16(key->key_length);
1376 	maxkeylen = key_data_len;
1377 	if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1378 		if (maxkeylen < 8) {
1379 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1380 				"WPA: Too short maxkeylen (%lu)",
1381 				(unsigned long) maxkeylen);
1382 			return -1;
1383 		}
1384 		maxkeylen -= 8;
1385 	}
1386 
1387 	if (gtk_len > maxkeylen ||
1388 	    wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1389 					      gtk_len, maxkeylen,
1390 					      &gd->key_rsc_len, &gd->alg))
1391 		return -1;
1392 
1393 	gd->gtk_len = gtk_len;
1394 	gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1395 		WPA_KEY_INFO_KEY_INDEX_SHIFT;
1396 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1397 #ifdef CONFIG_NO_RC4
1398 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1399 			"WPA: RC4 not supported in the build");
1400 		return -1;
1401 #else /* CONFIG_NO_RC4 */
1402 		u8 ek[32];
1403 		if (key_data_len > sizeof(gd->gtk)) {
1404 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1405 				"WPA: RC4 key data too long (%lu)",
1406 				(unsigned long) key_data_len);
1407 			return -1;
1408 		}
1409 		os_memcpy(ek, key->key_iv, 16);
1410 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1411 		os_memcpy(gd->gtk, key_data, key_data_len);
1412 		if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
1413 			os_memset(ek, 0, sizeof(ek));
1414 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1415 				"WPA: RC4 failed");
1416 			return -1;
1417 		}
1418 		os_memset(ek, 0, sizeof(ek));
1419 #endif /* CONFIG_NO_RC4 */
1420 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1421 		if (maxkeylen % 8) {
1422 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1423 				"WPA: Unsupported AES-WRAP len %lu",
1424 				(unsigned long) maxkeylen);
1425 			return -1;
1426 		}
1427 		if (maxkeylen > sizeof(gd->gtk)) {
1428 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1429 				"WPA: AES-WRAP key data "
1430 				"too long (keydatalen=%lu maxkeylen=%lu)",
1431 				(unsigned long) key_data_len,
1432 				(unsigned long) maxkeylen);
1433 			return -1;
1434 		}
1435 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
1436 			       key_data, gd->gtk)) {
1437 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1438 				"WPA: AES unwrap failed - could not decrypt "
1439 				"GTK");
1440 			return -1;
1441 		}
1442 	} else {
1443 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1444 			"WPA: Unsupported key_info type %d", ver);
1445 		return -1;
1446 	}
1447 	gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
1448 		sm, !!(key_info & WPA_KEY_INFO_TXRX));
1449 	return 0;
1450 }
1451 
1452 
wpa_supplicant_send_2_of_2(struct wpa_sm * sm,const struct wpa_eapol_key * key,int ver,u16 key_info)1453 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
1454 				      const struct wpa_eapol_key *key,
1455 				      int ver, u16 key_info)
1456 {
1457 	size_t mic_len, hdrlen, rlen;
1458 	struct wpa_eapol_key *reply;
1459 	struct wpa_eapol_key_192 *reply192;
1460 	u8 *rbuf, *key_mic;
1461 
1462 	mic_len = wpa_mic_len(sm->key_mgmt);
1463 	hdrlen = mic_len == 24 ? sizeof(*reply192) : sizeof(*reply);
1464 	rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1465 				  hdrlen, &rlen, (void *) &reply);
1466 	if (rbuf == NULL)
1467 		return -1;
1468 	reply192 = (struct wpa_eapol_key_192 *) reply;
1469 
1470 	reply->type = (sm->proto == WPA_PROTO_RSN ||
1471 		       sm->proto == WPA_PROTO_OSEN) ?
1472 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1473 	key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
1474 	key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
1475 	WPA_PUT_BE16(reply->key_info, key_info);
1476 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
1477 		WPA_PUT_BE16(reply->key_length, 0);
1478 	else
1479 		os_memcpy(reply->key_length, key->key_length, 2);
1480 	os_memcpy(reply->replay_counter, key->replay_counter,
1481 		  WPA_REPLAY_COUNTER_LEN);
1482 
1483 	key_mic = reply192->key_mic; /* same offset for reply and reply192 */
1484 	if (mic_len == 24)
1485 		WPA_PUT_BE16(reply192->key_data_length, 0);
1486 	else
1487 		WPA_PUT_BE16(reply->key_data_length, 0);
1488 
1489 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
1490 	return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver,
1491 				  sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic);
1492 }
1493 
1494 
wpa_supplicant_process_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)1495 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
1496 					  const unsigned char *src_addr,
1497 					  const struct wpa_eapol_key *key,
1498 					  const u8 *key_data,
1499 					  size_t key_data_len, u16 ver)
1500 {
1501 	u16 key_info;
1502 	int rekey, ret;
1503 	struct wpa_gtk_data gd;
1504 	const u8 *key_rsc;
1505 
1506 	if (!sm->msg_3_of_4_ok) {
1507 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1508 			"WPA: Group Key Handshake started prior to completion of 4-way handshake");
1509 		goto failed;
1510 	}
1511 
1512 	os_memset(&gd, 0, sizeof(gd));
1513 
1514 	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
1515 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of Group Key "
1516 		"Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1517 
1518 	key_info = WPA_GET_BE16(key->key_info);
1519 
1520 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
1521 		ret = wpa_supplicant_process_1_of_2_rsn(sm, key_data,
1522 							key_data_len, key_info,
1523 							&gd);
1524 	} else {
1525 		ret = wpa_supplicant_process_1_of_2_wpa(sm, key, key_data,
1526 							key_data_len,
1527 							key_info, ver, &gd);
1528 	}
1529 
1530 	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1531 
1532 	if (ret)
1533 		goto failed;
1534 
1535 	key_rsc = key->key_rsc;
1536 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1537 		key_rsc = null_rsc;
1538 
1539 	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
1540 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
1541 		goto failed;
1542 	os_memset(&gd, 0, sizeof(gd));
1543 
1544 	if (rekey) {
1545 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1546 			"completed with " MACSTR " [GTK=%s]",
1547 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1548 		wpa_sm_cancel_auth_timeout(sm);
1549 		wpa_sm_set_state(sm, WPA_COMPLETED);
1550 	} else {
1551 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
1552 						key_info &
1553 						WPA_KEY_INFO_SECURE);
1554 	}
1555 
1556 	wpa_sm_set_rekey_offload(sm);
1557 
1558 	return;
1559 
1560 failed:
1561 	os_memset(&gd, 0, sizeof(gd));
1562 	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1563 }
1564 
1565 
wpa_supplicant_verify_eapol_key_mic(struct wpa_sm * sm,struct wpa_eapol_key_192 * key,u16 ver,const u8 * buf,size_t len)1566 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
1567 					       struct wpa_eapol_key_192 *key,
1568 					       u16 ver,
1569 					       const u8 *buf, size_t len)
1570 {
1571 	u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
1572 	int ok = 0;
1573 	size_t mic_len = wpa_mic_len(sm->key_mgmt);
1574 
1575 	os_memcpy(mic, key->key_mic, mic_len);
1576 	if (sm->tptk_set) {
1577 		os_memset(key->key_mic, 0, mic_len);
1578 		wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
1579 				  ver, buf, len, key->key_mic);
1580 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1581 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1582 				"WPA: Invalid EAPOL-Key MIC "
1583 				"when using TPTK - ignoring TPTK");
1584 		} else {
1585 			ok = 1;
1586 			sm->tptk_set = 0;
1587 			sm->ptk_set = 1;
1588 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
1589 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
1590 		}
1591 	}
1592 
1593 	if (!ok && sm->ptk_set) {
1594 		os_memset(key->key_mic, 0, mic_len);
1595 		wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
1596 				  ver, buf, len, key->key_mic);
1597 		if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
1598 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1599 				"WPA: Invalid EAPOL-Key MIC - "
1600 				"dropping packet");
1601 			return -1;
1602 		}
1603 		ok = 1;
1604 	}
1605 
1606 	if (!ok) {
1607 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1608 			"WPA: Could not verify EAPOL-Key MIC - "
1609 			"dropping packet");
1610 		return -1;
1611 	}
1612 
1613 	os_memcpy(sm->rx_replay_counter, key->replay_counter,
1614 		  WPA_REPLAY_COUNTER_LEN);
1615 	sm->rx_replay_counter_set = 1;
1616 	return 0;
1617 }
1618 
1619 
1620 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
wpa_supplicant_decrypt_key_data(struct wpa_sm * sm,struct wpa_eapol_key * key,u16 ver,u8 * key_data,size_t * key_data_len)1621 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
1622 					   struct wpa_eapol_key *key, u16 ver,
1623 					   u8 *key_data, size_t *key_data_len)
1624 {
1625 	wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
1626 		    key_data, *key_data_len);
1627 	if (!sm->ptk_set) {
1628 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1629 			"WPA: PTK not available, cannot decrypt EAPOL-Key Key "
1630 			"Data");
1631 		return -1;
1632 	}
1633 
1634 	/* Decrypt key data here so that this operation does not need
1635 	 * to be implemented separately for each message type. */
1636 	if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
1637 #ifdef CONFIG_NO_RC4
1638 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1639 			"WPA: RC4 not supported in the build");
1640 		return -1;
1641 #else /* CONFIG_NO_RC4 */
1642 		u8 ek[32];
1643 		os_memcpy(ek, key->key_iv, 16);
1644 		os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
1645 		if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
1646 			os_memset(ek, 0, sizeof(ek));
1647 			wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1648 				"WPA: RC4 failed");
1649 			return -1;
1650 		}
1651 		os_memset(ek, 0, sizeof(ek));
1652 #endif /* CONFIG_NO_RC4 */
1653 	} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1654 		   ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
1655 		   sm->key_mgmt == WPA_KEY_MGMT_OSEN ||
1656 		   wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1657 		u8 *buf;
1658 		if (*key_data_len < 8 || *key_data_len % 8) {
1659 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1660 				"WPA: Unsupported AES-WRAP len %u",
1661 				(unsigned int) *key_data_len);
1662 			return -1;
1663 		}
1664 		*key_data_len -= 8; /* AES-WRAP adds 8 bytes */
1665 		buf = os_malloc(*key_data_len);
1666 		if (buf == NULL) {
1667 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1668 				"WPA: No memory for AES-UNWRAP buffer");
1669 			return -1;
1670 		}
1671 		if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
1672 			       key_data, buf)) {
1673 			bin_clear_free(buf, *key_data_len);
1674 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1675 				"WPA: AES unwrap failed - "
1676 				"could not decrypt EAPOL-Key key data");
1677 			return -1;
1678 		}
1679 		os_memcpy(key_data, buf, *key_data_len);
1680 		bin_clear_free(buf, *key_data_len);
1681 		WPA_PUT_BE16(key->key_data_length, *key_data_len);
1682 	} else {
1683 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1684 			"WPA: Unsupported key_info type %d", ver);
1685 		return -1;
1686 	}
1687 	wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
1688 			key_data, *key_data_len);
1689 	return 0;
1690 }
1691 
1692 
1693 /**
1694  * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
1695  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1696  */
wpa_sm_aborted_cached(struct wpa_sm * sm)1697 void wpa_sm_aborted_cached(struct wpa_sm *sm)
1698 {
1699 	if (sm && sm->cur_pmksa) {
1700 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1701 			"RSN: Cancelling PMKSA caching attempt");
1702 		sm->cur_pmksa = NULL;
1703 	}
1704 }
1705 
1706 
wpa_eapol_key_dump(struct wpa_sm * sm,const struct wpa_eapol_key * key,unsigned int key_data_len,const u8 * mic,unsigned int mic_len)1707 static void wpa_eapol_key_dump(struct wpa_sm *sm,
1708 			       const struct wpa_eapol_key *key,
1709 			       unsigned int key_data_len,
1710 			       const u8 *mic, unsigned int mic_len)
1711 {
1712 #ifndef CONFIG_NO_STDOUT_DEBUG
1713 	u16 key_info = WPA_GET_BE16(key->key_info);
1714 
1715 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "  EAPOL-Key type=%d", key->type);
1716 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1717 		"  key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
1718 		key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
1719 		(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1720 		WPA_KEY_INFO_KEY_INDEX_SHIFT,
1721 		(key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
1722 		key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
1723 		key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
1724 		key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
1725 		key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
1726 		key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
1727 		key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
1728 		key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
1729 		key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
1730 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1731 		"  key_length=%u key_data_length=%u",
1732 		WPA_GET_BE16(key->key_length), key_data_len);
1733 	wpa_hexdump(MSG_DEBUG, "  replay_counter",
1734 		    key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1735 	wpa_hexdump(MSG_DEBUG, "  key_nonce", key->key_nonce, WPA_NONCE_LEN);
1736 	wpa_hexdump(MSG_DEBUG, "  key_iv", key->key_iv, 16);
1737 	wpa_hexdump(MSG_DEBUG, "  key_rsc", key->key_rsc, 8);
1738 	wpa_hexdump(MSG_DEBUG, "  key_id (reserved)", key->key_id, 8);
1739 	wpa_hexdump(MSG_DEBUG, "  key_mic", mic, mic_len);
1740 #endif /* CONFIG_NO_STDOUT_DEBUG */
1741 }
1742 
1743 
1744 /**
1745  * wpa_sm_rx_eapol - Process received WPA EAPOL frames
1746  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1747  * @src_addr: Source MAC address of the EAPOL packet
1748  * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
1749  * @len: Length of the EAPOL frame
1750  * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure
1751  *
1752  * This function is called for each received EAPOL frame. Other than EAPOL-Key
1753  * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
1754  * only processing WPA and WPA2 EAPOL-Key frames.
1755  *
1756  * The received EAPOL-Key packets are validated and valid packets are replied
1757  * to. In addition, key material (PTK, GTK) is configured at the end of a
1758  * successful key handshake.
1759  */
wpa_sm_rx_eapol(struct wpa_sm * sm,const u8 * src_addr,const u8 * buf,size_t len)1760 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
1761 		    const u8 *buf, size_t len)
1762 {
1763 	size_t plen, data_len, key_data_len;
1764 	const struct ieee802_1x_hdr *hdr;
1765 	struct wpa_eapol_key *key;
1766 	struct wpa_eapol_key_192 *key192;
1767 	u16 key_info, ver;
1768 	u8 *tmp = NULL;
1769 	int ret = -1;
1770 	struct wpa_peerkey *peerkey = NULL;
1771 	u8 *key_data;
1772 	size_t mic_len, keyhdrlen;
1773 
1774 #ifdef CONFIG_IEEE80211R
1775 	sm->ft_completed = 0;
1776 #endif /* CONFIG_IEEE80211R */
1777 
1778 	mic_len = wpa_mic_len(sm->key_mgmt);
1779 	keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
1780 
1781 	if (len < sizeof(*hdr) + keyhdrlen) {
1782 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1783 			"WPA: EAPOL frame too short to be a WPA "
1784 			"EAPOL-Key (len %lu, expecting at least %lu)",
1785 			(unsigned long) len,
1786 			(unsigned long) sizeof(*hdr) + keyhdrlen);
1787 		return 0;
1788 	}
1789 
1790 	hdr = (const struct ieee802_1x_hdr *) buf;
1791 	plen = be_to_host16(hdr->length);
1792 	data_len = plen + sizeof(*hdr);
1793 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1794 		"IEEE 802.1X RX: version=%d type=%d length=%lu",
1795 		hdr->version, hdr->type, (unsigned long) plen);
1796 
1797 	if (hdr->version < EAPOL_VERSION) {
1798 		/* TODO: backwards compatibility */
1799 	}
1800 	if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
1801 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1802 			"WPA: EAPOL frame (type %u) discarded, "
1803 			"not a Key frame", hdr->type);
1804 		ret = 0;
1805 		goto out;
1806 	}
1807 	wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
1808 	if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
1809 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1810 			"WPA: EAPOL frame payload size %lu "
1811 			"invalid (frame size %lu)",
1812 			(unsigned long) plen, (unsigned long) len);
1813 		ret = 0;
1814 		goto out;
1815 	}
1816 	if (data_len < len) {
1817 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1818 			"WPA: ignoring %lu bytes after the IEEE 802.1X data",
1819 			(unsigned long) len - data_len);
1820 	}
1821 
1822 	/*
1823 	 * Make a copy of the frame since we need to modify the buffer during
1824 	 * MAC validation and Key Data decryption.
1825 	 */
1826 	tmp = os_malloc(data_len);
1827 	if (tmp == NULL)
1828 		goto out;
1829 	os_memcpy(tmp, buf, data_len);
1830 	key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
1831 	key192 = (struct wpa_eapol_key_192 *)
1832 		(tmp + sizeof(struct ieee802_1x_hdr));
1833 	if (mic_len == 24)
1834 		key_data = (u8 *) (key192 + 1);
1835 	else
1836 		key_data = (u8 *) (key + 1);
1837 
1838 	if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
1839 	{
1840 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1841 			"WPA: EAPOL-Key type (%d) unknown, discarded",
1842 			key->type);
1843 		ret = 0;
1844 		goto out;
1845 	}
1846 
1847 	if (mic_len == 24)
1848 		key_data_len = WPA_GET_BE16(key192->key_data_length);
1849 	else
1850 		key_data_len = WPA_GET_BE16(key->key_data_length);
1851 	wpa_eapol_key_dump(sm, key, key_data_len, key192->key_mic, mic_len);
1852 
1853 	if (key_data_len > plen - keyhdrlen) {
1854 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
1855 			"frame - key_data overflow (%u > %u)",
1856 			(unsigned int) key_data_len,
1857 			(unsigned int) (plen - keyhdrlen));
1858 		goto out;
1859 	}
1860 
1861 	eapol_sm_notify_lower_layer_success(sm->eapol, 0);
1862 	key_info = WPA_GET_BE16(key->key_info);
1863 	ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1864 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1865 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1866 	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1867 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1868 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1869 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1870 	    sm->key_mgmt != WPA_KEY_MGMT_OSEN) {
1871 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1872 			"WPA: Unsupported EAPOL-Key descriptor version %d",
1873 			ver);
1874 		goto out;
1875 	}
1876 
1877 	if (sm->key_mgmt == WPA_KEY_MGMT_OSEN &&
1878 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1879 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1880 			"OSEN: Unsupported EAPOL-Key descriptor version %d",
1881 			ver);
1882 		goto out;
1883 	}
1884 
1885 	if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1886 	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1887 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1888 			"RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
1889 			ver);
1890 		goto out;
1891 	}
1892 
1893 #ifdef CONFIG_IEEE80211R
1894 	if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1895 		/* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1896 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1897 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1898 				"FT: AP did not use AES-128-CMAC");
1899 			goto out;
1900 		}
1901 	} else
1902 #endif /* CONFIG_IEEE80211R */
1903 #ifdef CONFIG_IEEE80211W
1904 	if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
1905 		if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1906 		    sm->key_mgmt != WPA_KEY_MGMT_OSEN &&
1907 		    !wpa_key_mgmt_suite_b(sm->key_mgmt)) {
1908 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1909 				"WPA: AP did not use the "
1910 				"negotiated AES-128-CMAC");
1911 			goto out;
1912 		}
1913 	} else
1914 #endif /* CONFIG_IEEE80211W */
1915 	if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1916 	    !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1917 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1918 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1919 			"WPA: CCMP is used, but EAPOL-Key "
1920 			"descriptor version (%d) is not 2", ver);
1921 		if (sm->group_cipher != WPA_CIPHER_CCMP &&
1922 		    !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
1923 			/* Earlier versions of IEEE 802.11i did not explicitly
1924 			 * require version 2 descriptor for all EAPOL-Key
1925 			 * packets, so allow group keys to use version 1 if
1926 			 * CCMP is not used for them. */
1927 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1928 				"WPA: Backwards compatibility: allow invalid "
1929 				"version for non-CCMP group keys");
1930 		} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1931 			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1932 				"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
1933 		} else
1934 			goto out;
1935 	} else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
1936 		   !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
1937 		   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1938 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1939 			"WPA: GCMP is used, but EAPOL-Key "
1940 			"descriptor version (%d) is not 2", ver);
1941 		goto out;
1942 	}
1943 
1944 #ifdef CONFIG_PEERKEY
1945 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
1946 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
1947 			break;
1948 	}
1949 
1950 	if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
1951 		if (!peerkey->initiator && peerkey->replay_counter_set &&
1952 		    os_memcmp(key->replay_counter, peerkey->replay_counter,
1953 			      WPA_REPLAY_COUNTER_LEN) <= 0) {
1954 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1955 				"RSN: EAPOL-Key Replay Counter did not "
1956 				"increase (STK) - dropping packet");
1957 			goto out;
1958 		} else if (peerkey->initiator) {
1959 			u8 _tmp[WPA_REPLAY_COUNTER_LEN];
1960 			os_memcpy(_tmp, key->replay_counter,
1961 				  WPA_REPLAY_COUNTER_LEN);
1962 			inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
1963 			if (os_memcmp(_tmp, peerkey->replay_counter,
1964 				      WPA_REPLAY_COUNTER_LEN) != 0) {
1965 				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1966 					"RSN: EAPOL-Key Replay "
1967 					"Counter did not match (STK) - "
1968 					"dropping packet");
1969 				goto out;
1970 			}
1971 		}
1972 	}
1973 
1974 	if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
1975 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1976 			"RSN: Ack bit in key_info from STK peer");
1977 		goto out;
1978 	}
1979 #endif /* CONFIG_PEERKEY */
1980 
1981 	if (!peerkey && sm->rx_replay_counter_set &&
1982 	    os_memcmp(key->replay_counter, sm->rx_replay_counter,
1983 		      WPA_REPLAY_COUNTER_LEN) <= 0) {
1984 		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1985 			"WPA: EAPOL-Key Replay Counter did not increase - "
1986 			"dropping packet");
1987 		goto out;
1988 	}
1989 
1990 	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
1991 #ifdef CONFIG_PEERKEY
1992 	    && (peerkey == NULL || !peerkey->initiator)
1993 #endif /* CONFIG_PEERKEY */
1994 		) {
1995 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1996 			"WPA: No Ack bit in key_info");
1997 		goto out;
1998 	}
1999 
2000 	if (key_info & WPA_KEY_INFO_REQUEST) {
2001 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2002 			"WPA: EAPOL-Key with Request bit - dropped");
2003 		goto out;
2004 	}
2005 
2006 	if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
2007 	    wpa_supplicant_verify_eapol_key_mic(sm, key192, ver, tmp, data_len))
2008 		goto out;
2009 
2010 #ifdef CONFIG_PEERKEY
2011 	if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
2012 	    peerkey_verify_eapol_key_mic(sm, peerkey, key192, ver, tmp,
2013 					 data_len))
2014 		goto out;
2015 #endif /* CONFIG_PEERKEY */
2016 
2017 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
2018 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2019 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
2020 						    &key_data_len))
2021 			goto out;
2022 	}
2023 
2024 	if (key_info & WPA_KEY_INFO_KEY_TYPE) {
2025 		if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
2026 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2027 				"WPA: Ignored EAPOL-Key (Pairwise) with "
2028 				"non-zero key index");
2029 			goto out;
2030 		}
2031 		if (peerkey) {
2032 			/* PeerKey 4-Way Handshake */
2033 			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
2034 					      key_data, key_data_len);
2035 		} else if (key_info & WPA_KEY_INFO_MIC) {
2036 			/* 3/4 4-Way Handshake */
2037 			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
2038 						      key_data_len);
2039 		} else {
2040 			/* 1/4 4-Way Handshake */
2041 			wpa_supplicant_process_1_of_4(sm, src_addr, key,
2042 						      ver, key_data,
2043 						      key_data_len);
2044 		}
2045 	} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
2046 		/* PeerKey SMK Handshake */
2047 		peerkey_rx_eapol_smk(sm, src_addr, key, key_data_len, key_info,
2048 				     ver);
2049 	} else {
2050 		if (key_info & WPA_KEY_INFO_MIC) {
2051 			/* 1/2 Group Key Handshake */
2052 			wpa_supplicant_process_1_of_2(sm, src_addr, key,
2053 						      key_data, key_data_len,
2054 						      ver);
2055 		} else {
2056 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2057 				"WPA: EAPOL-Key (Group) without Mic bit - "
2058 				"dropped");
2059 		}
2060 	}
2061 
2062 	ret = 1;
2063 
2064 out:
2065 	bin_clear_free(tmp, data_len);
2066 	return ret;
2067 }
2068 
2069 
2070 #ifdef CONFIG_CTRL_IFACE
wpa_key_mgmt_suite(struct wpa_sm * sm)2071 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
2072 {
2073 	switch (sm->key_mgmt) {
2074 	case WPA_KEY_MGMT_IEEE8021X:
2075 		return ((sm->proto == WPA_PROTO_RSN ||
2076 			 sm->proto == WPA_PROTO_OSEN) ?
2077 			RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
2078 			WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
2079 	case WPA_KEY_MGMT_PSK:
2080 		return (sm->proto == WPA_PROTO_RSN ?
2081 			RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
2082 			WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
2083 #ifdef CONFIG_IEEE80211R
2084 	case WPA_KEY_MGMT_FT_IEEE8021X:
2085 		return RSN_AUTH_KEY_MGMT_FT_802_1X;
2086 	case WPA_KEY_MGMT_FT_PSK:
2087 		return RSN_AUTH_KEY_MGMT_FT_PSK;
2088 #endif /* CONFIG_IEEE80211R */
2089 #ifdef CONFIG_IEEE80211W
2090 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
2091 		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2092 	case WPA_KEY_MGMT_PSK_SHA256:
2093 		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2094 #endif /* CONFIG_IEEE80211W */
2095 	case WPA_KEY_MGMT_CCKM:
2096 		return (sm->proto == WPA_PROTO_RSN ?
2097 			RSN_AUTH_KEY_MGMT_CCKM:
2098 			WPA_AUTH_KEY_MGMT_CCKM);
2099 	case WPA_KEY_MGMT_WPA_NONE:
2100 		return WPA_AUTH_KEY_MGMT_NONE;
2101 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
2102 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2103 	case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
2104 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2105 	default:
2106 		return 0;
2107 	}
2108 }
2109 
2110 
2111 #define RSN_SUITE "%02x-%02x-%02x-%d"
2112 #define RSN_SUITE_ARG(s) \
2113 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2114 
2115 /**
2116  * wpa_sm_get_mib - Dump text list of MIB entries
2117  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2118  * @buf: Buffer for the list
2119  * @buflen: Length of the buffer
2120  * Returns: Number of bytes written to buffer
2121  *
2122  * This function is used fetch dot11 MIB variables.
2123  */
wpa_sm_get_mib(struct wpa_sm * sm,char * buf,size_t buflen)2124 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
2125 {
2126 	char pmkid_txt[PMKID_LEN * 2 + 1];
2127 	int rsna, ret;
2128 	size_t len;
2129 
2130 	if (sm->cur_pmksa) {
2131 		wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2132 				 sm->cur_pmksa->pmkid, PMKID_LEN);
2133 	} else
2134 		pmkid_txt[0] = '\0';
2135 
2136 	if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
2137 	     wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
2138 	    sm->proto == WPA_PROTO_RSN)
2139 		rsna = 1;
2140 	else
2141 		rsna = 0;
2142 
2143 	ret = os_snprintf(buf, buflen,
2144 			  "dot11RSNAOptionImplemented=TRUE\n"
2145 			  "dot11RSNAPreauthenticationImplemented=TRUE\n"
2146 			  "dot11RSNAEnabled=%s\n"
2147 			  "dot11RSNAPreauthenticationEnabled=%s\n"
2148 			  "dot11RSNAConfigVersion=%d\n"
2149 			  "dot11RSNAConfigPairwiseKeysSupported=5\n"
2150 			  "dot11RSNAConfigGroupCipherSize=%d\n"
2151 			  "dot11RSNAConfigPMKLifetime=%d\n"
2152 			  "dot11RSNAConfigPMKReauthThreshold=%d\n"
2153 			  "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
2154 			  "dot11RSNAConfigSATimeout=%d\n",
2155 			  rsna ? "TRUE" : "FALSE",
2156 			  rsna ? "TRUE" : "FALSE",
2157 			  RSN_VERSION,
2158 			  wpa_cipher_key_len(sm->group_cipher) * 8,
2159 			  sm->dot11RSNAConfigPMKLifetime,
2160 			  sm->dot11RSNAConfigPMKReauthThreshold,
2161 			  sm->dot11RSNAConfigSATimeout);
2162 	if (os_snprintf_error(buflen, ret))
2163 		return 0;
2164 	len = ret;
2165 
2166 	ret = os_snprintf(
2167 		buf + len, buflen - len,
2168 		"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2169 		"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2170 		"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2171 		"dot11RSNAPMKIDUsed=%s\n"
2172 		"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2173 		"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2174 		"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2175 		"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
2176 		"dot11RSNA4WayHandshakeFailures=%u\n",
2177 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2178 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2179 						  sm->pairwise_cipher)),
2180 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2181 						  sm->group_cipher)),
2182 		pmkid_txt,
2183 		RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
2184 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2185 						  sm->pairwise_cipher)),
2186 		RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
2187 						  sm->group_cipher)),
2188 		sm->dot11RSNA4WayHandshakeFailures);
2189 	if (!os_snprintf_error(buflen - len, ret))
2190 		len += ret;
2191 
2192 	return (int) len;
2193 }
2194 #endif /* CONFIG_CTRL_IFACE */
2195 
2196 
wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry * entry,void * ctx,enum pmksa_free_reason reason)2197 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
2198 				 void *ctx, enum pmksa_free_reason reason)
2199 {
2200 	struct wpa_sm *sm = ctx;
2201 	int deauth = 0;
2202 
2203 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
2204 		MACSTR " reason=%d", MAC2STR(entry->aa), reason);
2205 
2206 	if (sm->cur_pmksa == entry) {
2207 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2208 			"RSN: %s current PMKSA entry",
2209 			reason == PMKSA_REPLACE ? "replaced" : "removed");
2210 		pmksa_cache_clear_current(sm);
2211 
2212 		/*
2213 		 * If an entry is simply being replaced, there's no need to
2214 		 * deauthenticate because it will be immediately re-added.
2215 		 * This happens when EAP authentication is completed again
2216 		 * (reauth or failed PMKSA caching attempt).
2217 		 */
2218 		if (reason != PMKSA_REPLACE)
2219 			deauth = 1;
2220 	}
2221 
2222 	if (reason == PMKSA_EXPIRE &&
2223 	    (sm->pmk_len == entry->pmk_len &&
2224 	     os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
2225 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2226 			"RSN: deauthenticating due to expired PMK");
2227 		pmksa_cache_clear_current(sm);
2228 		deauth = 1;
2229 	}
2230 
2231 	if (deauth) {
2232 		os_memset(sm->pmk, 0, sizeof(sm->pmk));
2233 		wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2234 	}
2235 }
2236 
2237 
2238 /**
2239  * wpa_sm_init - Initialize WPA state machine
2240  * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
2241  * Returns: Pointer to the allocated WPA state machine data
2242  *
2243  * This function is used to allocate a new WPA state machine and the returned
2244  * value is passed to all WPA state machine calls.
2245  */
wpa_sm_init(struct wpa_sm_ctx * ctx)2246 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
2247 {
2248 	struct wpa_sm *sm;
2249 
2250 	sm = os_zalloc(sizeof(*sm));
2251 	if (sm == NULL)
2252 		return NULL;
2253 	dl_list_init(&sm->pmksa_candidates);
2254 	sm->renew_snonce = 1;
2255 	sm->ctx = ctx;
2256 
2257 	sm->dot11RSNAConfigPMKLifetime = 43200;
2258 	sm->dot11RSNAConfigPMKReauthThreshold = 70;
2259 	sm->dot11RSNAConfigSATimeout = 60;
2260 
2261 	sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb, sm, sm);
2262 	if (sm->pmksa == NULL) {
2263 		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2264 			"RSN: PMKSA cache initialization failed");
2265 		os_free(sm);
2266 		return NULL;
2267 	}
2268 
2269 	return sm;
2270 }
2271 
2272 
2273 /**
2274  * wpa_sm_deinit - Deinitialize WPA state machine
2275  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2276  */
wpa_sm_deinit(struct wpa_sm * sm)2277 void wpa_sm_deinit(struct wpa_sm *sm)
2278 {
2279 	if (sm == NULL)
2280 		return;
2281 	pmksa_cache_deinit(sm->pmksa);
2282 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2283 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2284 	os_free(sm->assoc_wpa_ie);
2285 	os_free(sm->ap_wpa_ie);
2286 	os_free(sm->ap_rsn_ie);
2287 	wpa_sm_drop_sa(sm);
2288 	os_free(sm->ctx);
2289 	peerkey_deinit(sm);
2290 #ifdef CONFIG_IEEE80211R
2291 	os_free(sm->assoc_resp_ies);
2292 #endif /* CONFIG_IEEE80211R */
2293 #ifdef CONFIG_TESTING_OPTIONS
2294 	wpabuf_free(sm->test_assoc_ie);
2295 #endif /* CONFIG_TESTING_OPTIONS */
2296 	os_free(sm);
2297 }
2298 
2299 
2300 /**
2301  * wpa_sm_notify_assoc - Notify WPA state machine about association
2302  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2303  * @bssid: The BSSID of the new association
2304  *
2305  * This function is called to let WPA state machine know that the connection
2306  * was established.
2307  */
wpa_sm_notify_assoc(struct wpa_sm * sm,const u8 * bssid)2308 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2309 {
2310 	int clear_ptk = 1;
2311 
2312 	if (sm == NULL)
2313 		return;
2314 
2315 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2316 		"WPA: Association event - clear replay counter");
2317 	os_memcpy(sm->bssid, bssid, ETH_ALEN);
2318 	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2319 	sm->rx_replay_counter_set = 0;
2320 	sm->renew_snonce = 1;
2321 	if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2322 		rsn_preauth_deinit(sm);
2323 
2324 #ifdef CONFIG_IEEE80211R
2325 	if (wpa_ft_is_completed(sm)) {
2326 		/*
2327 		 * Clear portValid to kick EAPOL state machine to re-enter
2328 		 * AUTHENTICATED state to get the EAPOL port Authorized.
2329 		 */
2330 		eapol_sm_notify_portValid(sm->eapol, FALSE);
2331 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2332 
2333 		/* Prepare for the next transition */
2334 		wpa_ft_prepare_auth_request(sm, NULL);
2335 
2336 		clear_ptk = 0;
2337 	}
2338 #endif /* CONFIG_IEEE80211R */
2339 
2340 	if (clear_ptk) {
2341 		/*
2342 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2343 		 * this is not part of a Fast BSS Transition.
2344 		 */
2345 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2346 		sm->ptk_set = 0;
2347 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2348 		sm->tptk_set = 0;
2349 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2350 	}
2351 
2352 #ifdef CONFIG_TDLS
2353 	wpa_tdls_assoc(sm);
2354 #endif /* CONFIG_TDLS */
2355 
2356 #ifdef CONFIG_P2P
2357 	os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2358 #endif /* CONFIG_P2P */
2359 }
2360 
2361 
2362 /**
2363  * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
2364  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2365  *
2366  * This function is called to let WPA state machine know that the connection
2367  * was lost. This will abort any existing pre-authentication session.
2368  */
wpa_sm_notify_disassoc(struct wpa_sm * sm)2369 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2370 {
2371 	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2372 	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2373 	peerkey_deinit(sm);
2374 	rsn_preauth_deinit(sm);
2375 	pmksa_cache_clear_current(sm);
2376 	if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2377 		sm->dot11RSNA4WayHandshakeFailures++;
2378 #ifdef CONFIG_TDLS
2379 	wpa_tdls_disassoc(sm);
2380 #endif /* CONFIG_TDLS */
2381 
2382 	/* Keys are not needed in the WPA state machine anymore */
2383 	wpa_sm_drop_sa(sm);
2384 
2385 	sm->msg_3_of_4_ok = 0;
2386 }
2387 
2388 
2389 /**
2390  * wpa_sm_set_pmk - Set PMK
2391  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2392  * @pmk: The new PMK
2393  * @pmk_len: The length of the new PMK in bytes
2394  * @pmkid: Calculated PMKID
2395  * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
2396  *
2397  * Configure the PMK for WPA state machine.
2398  */
wpa_sm_set_pmk(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * bssid)2399 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
2400 		    const u8 *pmkid, const u8 *bssid)
2401 {
2402 	if (sm == NULL)
2403 		return;
2404 
2405 	sm->pmk_len = pmk_len;
2406 	os_memcpy(sm->pmk, pmk, pmk_len);
2407 
2408 #ifdef CONFIG_IEEE80211R
2409 	/* Set XXKey to be PSK for FT key derivation */
2410 	sm->xxkey_len = pmk_len;
2411 	os_memcpy(sm->xxkey, pmk, pmk_len);
2412 #endif /* CONFIG_IEEE80211R */
2413 
2414 	if (bssid) {
2415 		pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
2416 				bssid, sm->own_addr,
2417 				sm->network_ctx, sm->key_mgmt);
2418 	}
2419 }
2420 
2421 
2422 /**
2423  * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
2424  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2425  *
2426  * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
2427  * will be cleared.
2428  */
wpa_sm_set_pmk_from_pmksa(struct wpa_sm * sm)2429 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
2430 {
2431 	if (sm == NULL)
2432 		return;
2433 
2434 	if (sm->cur_pmksa) {
2435 		sm->pmk_len = sm->cur_pmksa->pmk_len;
2436 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
2437 	} else {
2438 		sm->pmk_len = PMK_LEN;
2439 		os_memset(sm->pmk, 0, PMK_LEN);
2440 	}
2441 }
2442 
2443 
2444 /**
2445  * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
2446  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2447  * @fast_reauth: Whether fast reauthentication (EAP) is allowed
2448  */
wpa_sm_set_fast_reauth(struct wpa_sm * sm,int fast_reauth)2449 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
2450 {
2451 	if (sm)
2452 		sm->fast_reauth = fast_reauth;
2453 }
2454 
2455 
2456 /**
2457  * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
2458  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2459  * @scard_ctx: Context pointer for smartcard related callback functions
2460  */
wpa_sm_set_scard_ctx(struct wpa_sm * sm,void * scard_ctx)2461 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
2462 {
2463 	if (sm == NULL)
2464 		return;
2465 	sm->scard_ctx = scard_ctx;
2466 	if (sm->preauth_eapol)
2467 		eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
2468 }
2469 
2470 
2471 /**
2472  * wpa_sm_set_config - Notification of current configration change
2473  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2474  * @config: Pointer to current network configuration
2475  *
2476  * Notify WPA state machine that configuration has changed. config will be
2477  * stored as a backpointer to network configuration. This can be %NULL to clear
2478  * the stored pointed.
2479  */
wpa_sm_set_config(struct wpa_sm * sm,struct rsn_supp_config * config)2480 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
2481 {
2482 	if (!sm)
2483 		return;
2484 
2485 	if (config) {
2486 		sm->network_ctx = config->network_ctx;
2487 		sm->peerkey_enabled = config->peerkey_enabled;
2488 		sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
2489 		sm->proactive_key_caching = config->proactive_key_caching;
2490 		sm->eap_workaround = config->eap_workaround;
2491 		sm->eap_conf_ctx = config->eap_conf_ctx;
2492 		if (config->ssid) {
2493 			os_memcpy(sm->ssid, config->ssid, config->ssid_len);
2494 			sm->ssid_len = config->ssid_len;
2495 		} else
2496 			sm->ssid_len = 0;
2497 		sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2498 		sm->p2p = config->p2p;
2499 		sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
2500 	} else {
2501 		sm->network_ctx = NULL;
2502 		sm->peerkey_enabled = 0;
2503 		sm->allowed_pairwise_cipher = 0;
2504 		sm->proactive_key_caching = 0;
2505 		sm->eap_workaround = 0;
2506 		sm->eap_conf_ctx = NULL;
2507 		sm->ssid_len = 0;
2508 		sm->wpa_ptk_rekey = 0;
2509 		sm->p2p = 0;
2510 		sm->wpa_rsc_relaxation = 0;
2511 	}
2512 }
2513 
2514 
2515 /**
2516  * wpa_sm_set_own_addr - Set own MAC address
2517  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2518  * @addr: Own MAC address
2519  */
wpa_sm_set_own_addr(struct wpa_sm * sm,const u8 * addr)2520 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
2521 {
2522 	if (sm)
2523 		os_memcpy(sm->own_addr, addr, ETH_ALEN);
2524 }
2525 
2526 
2527 /**
2528  * wpa_sm_set_ifname - Set network interface name
2529  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2530  * @ifname: Interface name
2531  * @bridge_ifname: Optional bridge interface name (for pre-auth)
2532  */
wpa_sm_set_ifname(struct wpa_sm * sm,const char * ifname,const char * bridge_ifname)2533 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
2534 		       const char *bridge_ifname)
2535 {
2536 	if (sm) {
2537 		sm->ifname = ifname;
2538 		sm->bridge_ifname = bridge_ifname;
2539 	}
2540 }
2541 
2542 
2543 /**
2544  * wpa_sm_set_eapol - Set EAPOL state machine pointer
2545  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2546  * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
2547  */
wpa_sm_set_eapol(struct wpa_sm * sm,struct eapol_sm * eapol)2548 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
2549 {
2550 	if (sm)
2551 		sm->eapol = eapol;
2552 }
2553 
2554 
2555 /**
2556  * wpa_sm_set_param - Set WPA state machine parameters
2557  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2558  * @param: Parameter field
2559  * @value: Parameter value
2560  * Returns: 0 on success, -1 on failure
2561  */
wpa_sm_set_param(struct wpa_sm * sm,enum wpa_sm_conf_params param,unsigned int value)2562 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
2563 		     unsigned int value)
2564 {
2565 	int ret = 0;
2566 
2567 	if (sm == NULL)
2568 		return -1;
2569 
2570 	switch (param) {
2571 	case RSNA_PMK_LIFETIME:
2572 		if (value > 0)
2573 			sm->dot11RSNAConfigPMKLifetime = value;
2574 		else
2575 			ret = -1;
2576 		break;
2577 	case RSNA_PMK_REAUTH_THRESHOLD:
2578 		if (value > 0 && value <= 100)
2579 			sm->dot11RSNAConfigPMKReauthThreshold = value;
2580 		else
2581 			ret = -1;
2582 		break;
2583 	case RSNA_SA_TIMEOUT:
2584 		if (value > 0)
2585 			sm->dot11RSNAConfigSATimeout = value;
2586 		else
2587 			ret = -1;
2588 		break;
2589 	case WPA_PARAM_PROTO:
2590 		sm->proto = value;
2591 		break;
2592 	case WPA_PARAM_PAIRWISE:
2593 		sm->pairwise_cipher = value;
2594 		break;
2595 	case WPA_PARAM_GROUP:
2596 		sm->group_cipher = value;
2597 		break;
2598 	case WPA_PARAM_KEY_MGMT:
2599 		sm->key_mgmt = value;
2600 		break;
2601 #ifdef CONFIG_IEEE80211W
2602 	case WPA_PARAM_MGMT_GROUP:
2603 		sm->mgmt_group_cipher = value;
2604 		break;
2605 #endif /* CONFIG_IEEE80211W */
2606 	case WPA_PARAM_RSN_ENABLED:
2607 		sm->rsn_enabled = value;
2608 		break;
2609 	case WPA_PARAM_MFP:
2610 		sm->mfp = value;
2611 		break;
2612 	default:
2613 		break;
2614 	}
2615 
2616 	return ret;
2617 }
2618 
2619 
2620 /**
2621  * wpa_sm_get_status - Get WPA state machine
2622  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2623  * @buf: Buffer for status information
2624  * @buflen: Maximum buffer length
2625  * @verbose: Whether to include verbose status information
2626  * Returns: Number of bytes written to buf.
2627  *
2628  * Query WPA state machine for status information. This function fills in
2629  * a text area with current status information. If the buffer (buf) is not
2630  * large enough, status information will be truncated to fit the buffer.
2631  */
wpa_sm_get_status(struct wpa_sm * sm,char * buf,size_t buflen,int verbose)2632 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
2633 		      int verbose)
2634 {
2635 	char *pos = buf, *end = buf + buflen;
2636 	int ret;
2637 
2638 	ret = os_snprintf(pos, end - pos,
2639 			  "pairwise_cipher=%s\n"
2640 			  "group_cipher=%s\n"
2641 			  "key_mgmt=%s\n",
2642 			  wpa_cipher_txt(sm->pairwise_cipher),
2643 			  wpa_cipher_txt(sm->group_cipher),
2644 			  wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
2645 	if (os_snprintf_error(end - pos, ret))
2646 		return pos - buf;
2647 	pos += ret;
2648 
2649 	if (sm->mfp != NO_MGMT_FRAME_PROTECTION && sm->ap_rsn_ie) {
2650 		struct wpa_ie_data rsn;
2651 		if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn)
2652 		    >= 0 &&
2653 		    rsn.capabilities & (WPA_CAPABILITY_MFPR |
2654 					WPA_CAPABILITY_MFPC)) {
2655 			ret = os_snprintf(pos, end - pos, "pmf=%d\n",
2656 					  (rsn.capabilities &
2657 					   WPA_CAPABILITY_MFPR) ? 2 : 1);
2658 			if (os_snprintf_error(end - pos, ret))
2659 				return pos - buf;
2660 			pos += ret;
2661 		}
2662 	}
2663 
2664 	return pos - buf;
2665 }
2666 
2667 
wpa_sm_pmf_enabled(struct wpa_sm * sm)2668 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
2669 {
2670 	struct wpa_ie_data rsn;
2671 
2672 	if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !sm->ap_rsn_ie)
2673 		return 0;
2674 
2675 	if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 &&
2676 	    rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
2677 		return 1;
2678 
2679 	return 0;
2680 }
2681 
2682 
2683 /**
2684  * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
2685  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2686  * @wpa_ie: Pointer to buffer for WPA/RSN IE
2687  * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
2688  * Returns: 0 on success, -1 on failure
2689  */
wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm * sm,u8 * wpa_ie,size_t * wpa_ie_len)2690 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
2691 				    size_t *wpa_ie_len)
2692 {
2693 	int res;
2694 
2695 	if (sm == NULL)
2696 		return -1;
2697 
2698 #ifdef CONFIG_TESTING_OPTIONS
2699 	if (sm->test_assoc_ie) {
2700 		wpa_printf(MSG_DEBUG,
2701 			   "TESTING: Replace association WPA/RSN IE");
2702 		if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie))
2703 			return -1;
2704 		os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie),
2705 			  wpabuf_len(sm->test_assoc_ie));
2706 		res = wpabuf_len(sm->test_assoc_ie);
2707 	} else
2708 #endif /* CONFIG_TESTING_OPTIONS */
2709 	res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
2710 	if (res < 0)
2711 		return -1;
2712 	*wpa_ie_len = res;
2713 
2714 	wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
2715 		    wpa_ie, *wpa_ie_len);
2716 
2717 	if (sm->assoc_wpa_ie == NULL) {
2718 		/*
2719 		 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
2720 		 * the correct version of the IE even if PMKSA caching is
2721 		 * aborted (which would remove PMKID from IE generation).
2722 		 */
2723 		sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
2724 		if (sm->assoc_wpa_ie == NULL)
2725 			return -1;
2726 
2727 		os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
2728 		sm->assoc_wpa_ie_len = *wpa_ie_len;
2729 	}
2730 
2731 	return 0;
2732 }
2733 
2734 
2735 /**
2736  * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
2737  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2738  * @ie: Pointer to IE data (starting from id)
2739  * @len: IE length
2740  * Returns: 0 on success, -1 on failure
2741  *
2742  * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
2743  * Request frame. The IE will be used to override the default value generated
2744  * with wpa_sm_set_assoc_wpa_ie_default().
2745  */
wpa_sm_set_assoc_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2746 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2747 {
2748 	if (sm == NULL)
2749 		return -1;
2750 
2751 	os_free(sm->assoc_wpa_ie);
2752 	if (ie == NULL || len == 0) {
2753 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2754 			"WPA: clearing own WPA/RSN IE");
2755 		sm->assoc_wpa_ie = NULL;
2756 		sm->assoc_wpa_ie_len = 0;
2757 	} else {
2758 		wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
2759 		sm->assoc_wpa_ie = os_malloc(len);
2760 		if (sm->assoc_wpa_ie == NULL)
2761 			return -1;
2762 
2763 		os_memcpy(sm->assoc_wpa_ie, ie, len);
2764 		sm->assoc_wpa_ie_len = len;
2765 	}
2766 
2767 	return 0;
2768 }
2769 
2770 
2771 /**
2772  * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
2773  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2774  * @ie: Pointer to IE data (starting from id)
2775  * @len: IE length
2776  * Returns: 0 on success, -1 on failure
2777  *
2778  * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
2779  * frame.
2780  */
wpa_sm_set_ap_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2781 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2782 {
2783 	if (sm == NULL)
2784 		return -1;
2785 
2786 	os_free(sm->ap_wpa_ie);
2787 	if (ie == NULL || len == 0) {
2788 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2789 			"WPA: clearing AP WPA IE");
2790 		sm->ap_wpa_ie = NULL;
2791 		sm->ap_wpa_ie_len = 0;
2792 	} else {
2793 		wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
2794 		sm->ap_wpa_ie = os_malloc(len);
2795 		if (sm->ap_wpa_ie == NULL)
2796 			return -1;
2797 
2798 		os_memcpy(sm->ap_wpa_ie, ie, len);
2799 		sm->ap_wpa_ie_len = len;
2800 	}
2801 
2802 	return 0;
2803 }
2804 
2805 
2806 /**
2807  * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
2808  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2809  * @ie: Pointer to IE data (starting from id)
2810  * @len: IE length
2811  * Returns: 0 on success, -1 on failure
2812  *
2813  * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
2814  * frame.
2815  */
wpa_sm_set_ap_rsn_ie(struct wpa_sm * sm,const u8 * ie,size_t len)2816 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
2817 {
2818 	if (sm == NULL)
2819 		return -1;
2820 
2821 	os_free(sm->ap_rsn_ie);
2822 	if (ie == NULL || len == 0) {
2823 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2824 			"WPA: clearing AP RSN IE");
2825 		sm->ap_rsn_ie = NULL;
2826 		sm->ap_rsn_ie_len = 0;
2827 	} else {
2828 		wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
2829 		sm->ap_rsn_ie = os_malloc(len);
2830 		if (sm->ap_rsn_ie == NULL)
2831 			return -1;
2832 
2833 		os_memcpy(sm->ap_rsn_ie, ie, len);
2834 		sm->ap_rsn_ie_len = len;
2835 	}
2836 
2837 	return 0;
2838 }
2839 
2840 
2841 /**
2842  * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
2843  * @sm: Pointer to WPA state machine data from wpa_sm_init()
2844  * @data: Pointer to data area for parsing results
2845  * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
2846  *
2847  * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
2848  * parsed data into data.
2849  */
wpa_sm_parse_own_wpa_ie(struct wpa_sm * sm,struct wpa_ie_data * data)2850 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
2851 {
2852 	if (sm == NULL)
2853 		return -1;
2854 
2855 	if (sm->assoc_wpa_ie == NULL) {
2856 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2857 			"WPA: No WPA/RSN IE available from association info");
2858 		return -1;
2859 	}
2860 	if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
2861 		return -2;
2862 	return 0;
2863 }
2864 
2865 
wpa_sm_pmksa_cache_list(struct wpa_sm * sm,char * buf,size_t len)2866 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
2867 {
2868 	return pmksa_cache_list(sm->pmksa, buf, len);
2869 }
2870 
2871 
wpa_sm_drop_sa(struct wpa_sm * sm)2872 void wpa_sm_drop_sa(struct wpa_sm *sm)
2873 {
2874 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2875 	sm->ptk_set = 0;
2876 	sm->tptk_set = 0;
2877 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
2878 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2879 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
2880 #ifdef CONFIG_IEEE80211R
2881 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2882 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2883 	os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2884 #endif /* CONFIG_IEEE80211R */
2885 }
2886 
2887 
wpa_sm_has_ptk(struct wpa_sm * sm)2888 int wpa_sm_has_ptk(struct wpa_sm *sm)
2889 {
2890 	if (sm == NULL)
2891 		return 0;
2892 	return sm->ptk_set;
2893 }
2894 
2895 
wpa_sm_update_replay_ctr(struct wpa_sm * sm,const u8 * replay_ctr)2896 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
2897 {
2898 	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
2899 }
2900 
2901 
wpa_sm_pmksa_cache_flush(struct wpa_sm * sm,void * network_ctx)2902 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
2903 {
2904 	pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
2905 }
2906 
2907 
2908 #ifdef CONFIG_WNM
wpa_wnmsleep_install_key(struct wpa_sm * sm,u8 subelem_id,u8 * buf)2909 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
2910 {
2911 	u16 keyinfo;
2912 	u8 keylen;  /* plaintext key len */
2913 	u8 *key_rsc;
2914 
2915 	if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
2916 		struct wpa_gtk_data gd;
2917 
2918 		os_memset(&gd, 0, sizeof(gd));
2919 		keylen = wpa_cipher_key_len(sm->group_cipher);
2920 		gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
2921 		gd.alg = wpa_cipher_to_alg(sm->group_cipher);
2922 		if (gd.alg == WPA_ALG_NONE) {
2923 			wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
2924 			return -1;
2925 		}
2926 
2927 		key_rsc = buf + 5;
2928 		keyinfo = WPA_GET_LE16(buf + 2);
2929 		gd.gtk_len = keylen;
2930 		if (gd.gtk_len != buf[4]) {
2931 			wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2932 				   gd.gtk_len, buf[4]);
2933 			return -1;
2934 		}
2935 		gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2936 		gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2937 		         sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2938 
2939 		os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2940 
2941 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2942 				gd.gtk, gd.gtk_len);
2943 		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
2944 			os_memset(&gd, 0, sizeof(gd));
2945 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2946 				   "WNM mode");
2947 			return -1;
2948 		}
2949 		os_memset(&gd, 0, sizeof(gd));
2950 #ifdef CONFIG_IEEE80211W
2951 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2952 		struct wpa_igtk_kde igd;
2953 		u16 keyidx;
2954 
2955 		os_memset(&igd, 0, sizeof(igd));
2956 		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
2957 		os_memcpy(igd.keyid, buf + 2, 2);
2958 		os_memcpy(igd.pn, buf + 4, 6);
2959 
2960 		keyidx = WPA_GET_LE16(igd.keyid);
2961 		os_memcpy(igd.igtk, buf + 10, keylen);
2962 
2963 		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
2964 				igd.igtk, keylen);
2965 		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
2966 				   broadcast_ether_addr,
2967 				   keyidx, 0, igd.pn, sizeof(igd.pn),
2968 				   igd.igtk, keylen) < 0) {
2969 			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
2970 				   "WNM mode");
2971 			os_memset(&igd, 0, sizeof(igd));
2972 			return -1;
2973 		}
2974 		os_memset(&igd, 0, sizeof(igd));
2975 #endif /* CONFIG_IEEE80211W */
2976 	} else {
2977 		wpa_printf(MSG_DEBUG, "Unknown element id");
2978 		return -1;
2979 	}
2980 
2981 	return 0;
2982 }
2983 #endif /* CONFIG_WNM */
2984 
2985 
2986 #ifdef CONFIG_PEERKEY
wpa_sm_rx_eapol_peerkey(struct wpa_sm * sm,const u8 * src_addr,const u8 * buf,size_t len)2987 int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
2988 			    const u8 *buf, size_t len)
2989 {
2990 	struct wpa_peerkey *peerkey;
2991 
2992 	for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2993 		if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
2994 			break;
2995 	}
2996 
2997 	if (!peerkey)
2998 		return 0;
2999 
3000 	wpa_sm_rx_eapol(sm, src_addr, buf, len);
3001 
3002 	return 1;
3003 }
3004 #endif /* CONFIG_PEERKEY */
3005 
3006 
3007 #ifdef CONFIG_P2P
3008 
wpa_sm_get_p2p_ip_addr(struct wpa_sm * sm,u8 * buf)3009 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
3010 {
3011 	if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
3012 		return -1;
3013 	os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
3014 	return 0;
3015 }
3016 
3017 #endif /* CONFIG_P2P */
3018 
3019 
wpa_sm_set_rx_replay_ctr(struct wpa_sm * sm,const u8 * rx_replay_counter)3020 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
3021 {
3022 	if (rx_replay_counter == NULL)
3023 		return;
3024 
3025 	os_memcpy(sm->rx_replay_counter, rx_replay_counter,
3026 		  WPA_REPLAY_COUNTER_LEN);
3027 	sm->rx_replay_counter_set = 1;
3028 	wpa_printf(MSG_DEBUG, "Updated key replay counter");
3029 }
3030 
3031 
wpa_sm_set_ptk_kck_kek(struct wpa_sm * sm,const u8 * ptk_kck,size_t ptk_kck_len,const u8 * ptk_kek,size_t ptk_kek_len)3032 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
3033 			    const u8 *ptk_kck, size_t ptk_kck_len,
3034 			    const u8 *ptk_kek, size_t ptk_kek_len)
3035 {
3036 	if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
3037 		os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
3038 		sm->ptk.kck_len = ptk_kck_len;
3039 		wpa_printf(MSG_DEBUG, "Updated PTK KCK");
3040 	}
3041 	if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
3042 		os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
3043 		sm->ptk.kek_len = ptk_kek_len;
3044 		wpa_printf(MSG_DEBUG, "Updated PTK KEK");
3045 	}
3046 	sm->ptk_set = 1;
3047 }
3048 
3049 
3050 #ifdef CONFIG_TESTING_OPTIONS
wpa_sm_set_test_assoc_ie(struct wpa_sm * sm,struct wpabuf * buf)3051 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
3052 {
3053 	wpabuf_free(sm->test_assoc_ie);
3054 	sm->test_assoc_ie = buf;
3055 }
3056 #endif /* CONFIG_TESTING_OPTIONS */
3057