2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
17 #ifndef CONFIG_NATIVE_WINDOWS
29 #include "ieee802_11.h"
30 #include "pmksa_cache.h"
31 #include "state_machine.h"
32 #include "wpa_auth_i.h"
33 #include "wpa_auth_ie.h"
35 #define STATE_MACHINE_DATA struct wpa_state_machine
36 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
37 #define STATE_MACHINE_ADDR sm->addr
40 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
41 static void wpa_sm_step(struct wpa_state_machine *sm);
42 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
43 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
44 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
45 struct wpa_group *group);
46 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
48 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
49 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
50 static const u32 eapol_key_timeout_first = 100; /* ms */
51 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
53 /* TODO: make these configurable */
54 static const int dot11RSNAConfigPMKLifetime = 43200;
55 static const int dot11RSNAConfigPMKReauthThreshold = 70;
56 static const int dot11RSNAConfigSATimeout = 60;
59 static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
67 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
79 if (wpa_auth->cb.get_eapol == NULL)
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
88 if (wpa_auth->cb.get_psk == NULL)
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
94 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
97 if (wpa_auth->cb.get_msk == NULL)
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
105 const char *alg, const u8 *addr, int idx,
106 u8 *key, size_t key_len)
108 if (wpa_auth->cb.set_key == NULL)
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
118 if (wpa_auth->cb.get_seqnum == NULL)
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
124 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
125 const u8 *addr, int idx, u8 *seq)
127 if (wpa_auth->cb.get_seqnum_igtk == NULL)
129 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
134 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
135 const u8 *data, size_t data_len, int encrypt)
137 if (wpa_auth->cb.send_eapol == NULL)
139 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
144 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
145 int (*cb)(struct wpa_state_machine *sm, void *ctx),
148 if (wpa_auth->cb.for_each_sta == NULL)
150 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
154 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
155 int (*cb)(struct wpa_authenticator *a, void *ctx),
158 if (wpa_auth->cb.for_each_auth == NULL)
160 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
164 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
165 logger_level level, const char *txt)
167 if (wpa_auth->cb.logger == NULL)
169 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
173 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
174 logger_level level, const char *fmt, ...)
180 if (wpa_auth->cb.logger == NULL)
183 maxlen = os_strlen(fmt) + 100;
184 format = os_malloc(maxlen);
189 vsnprintf(format, maxlen, fmt, ap);
192 wpa_auth_logger(wpa_auth, addr, level, format);
198 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
201 if (wpa_auth->cb.disconnect == NULL)
203 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
204 WLAN_REASON_PREV_AUTH_NOT_VALID);
208 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
211 #ifdef CONFIG_IEEE80211R
212 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
214 #endif /* CONFIG_IEEE80211R */
215 #ifdef CONFIG_IEEE80211W
216 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
218 #endif /* CONFIG_IEEE80211W */
223 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
225 struct wpa_authenticator *wpa_auth = eloop_ctx;
227 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
228 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
231 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
234 if (wpa_auth->conf.wpa_gmk_rekey) {
235 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
236 wpa_rekey_gmk, wpa_auth, NULL);
241 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
243 struct wpa_authenticator *wpa_auth = eloop_ctx;
244 struct wpa_group *group;
246 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
247 for (group = wpa_auth->group; group; group = group->next) {
248 group->GTKReKey = TRUE;
250 group->changed = FALSE;
251 wpa_group_sm_step(wpa_auth, group);
252 } while (group->changed);
255 if (wpa_auth->conf.wpa_group_rekey) {
256 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
257 0, wpa_rekey_gtk, wpa_auth, NULL);
262 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
264 struct wpa_authenticator *wpa_auth = eloop_ctx;
265 struct wpa_state_machine *sm = timeout_ctx;
267 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
268 wpa_request_new_ptk(sm);
273 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
275 if (sm->pmksa == ctx)
281 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
284 struct wpa_authenticator *wpa_auth = ctx;
285 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
289 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
292 struct wpa_group *group;
293 u8 buf[ETH_ALEN + 8 + sizeof(group)];
296 group = os_zalloc(sizeof(struct wpa_group));
300 group->GTKAuthenticator = TRUE;
301 group->vlan_id = vlan_id;
303 switch (wpa_auth->conf.wpa_group) {
304 case WPA_CIPHER_CCMP:
307 case WPA_CIPHER_TKIP:
310 case WPA_CIPHER_WEP104:
313 case WPA_CIPHER_WEP40:
318 /* Counter = PRF-256(Random number, "Init Counter",
319 * Local MAC Address || Time)
321 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
322 wpa_get_ntp_timestamp(buf + ETH_ALEN);
323 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
324 if (os_get_random(rkey, sizeof(rkey)) ||
325 os_get_random(group->GMK, WPA_GMK_LEN)) {
326 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
332 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
333 group->Counter, WPA_NONCE_LEN);
336 wpa_group_sm_step(wpa_auth, group);
337 group->GInit = FALSE;
338 wpa_group_sm_step(wpa_auth, group);
345 * wpa_init - Initialize WPA authenticator
346 * @addr: Authenticator address
347 * @conf: Configuration for WPA authenticator
348 * Returns: Pointer to WPA authenticator data or %NULL on failure
350 struct wpa_authenticator * wpa_init(const u8 *addr,
351 struct wpa_auth_config *conf,
352 struct wpa_auth_callbacks *cb)
354 struct wpa_authenticator *wpa_auth;
356 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
357 if (wpa_auth == NULL)
359 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
360 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
361 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
363 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
364 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
369 wpa_auth->group = wpa_group_init(wpa_auth, 0);
370 if (wpa_auth->group == NULL) {
371 os_free(wpa_auth->wpa_ie);
376 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
377 if (wpa_auth->pmksa == NULL) {
378 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
379 os_free(wpa_auth->wpa_ie);
384 #ifdef CONFIG_IEEE80211R
385 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
386 if (wpa_auth->ft_pmk_cache == NULL) {
387 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
388 os_free(wpa_auth->wpa_ie);
389 pmksa_cache_deinit(wpa_auth->pmksa);
393 #endif /* CONFIG_IEEE80211R */
395 if (wpa_auth->conf.wpa_gmk_rekey) {
396 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
397 wpa_rekey_gmk, wpa_auth, NULL);
400 if (wpa_auth->conf.wpa_group_rekey) {
401 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
402 wpa_rekey_gtk, wpa_auth, NULL);
410 * wpa_deinit - Deinitialize WPA authenticator
411 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
413 void wpa_deinit(struct wpa_authenticator *wpa_auth)
415 struct wpa_group *group, *prev;
417 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
418 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
420 #ifdef CONFIG_PEERKEY
421 while (wpa_auth->stsl_negotiations)
422 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
423 #endif /* CONFIG_PEERKEY */
425 pmksa_cache_deinit(wpa_auth->pmksa);
427 #ifdef CONFIG_IEEE80211R
428 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
429 wpa_auth->ft_pmk_cache = NULL;
430 #endif /* CONFIG_IEEE80211R */
432 os_free(wpa_auth->wpa_ie);
434 group = wpa_auth->group;
446 * wpa_reconfig - Update WPA authenticator configuration
447 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
448 * @conf: Configuration for WPA authenticator
450 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
451 struct wpa_auth_config *conf)
453 if (wpa_auth == NULL)
456 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
457 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
458 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
466 struct wpa_state_machine *
467 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
469 struct wpa_state_machine *sm;
471 sm = os_zalloc(sizeof(struct wpa_state_machine));
474 os_memcpy(sm->addr, addr, ETH_ALEN);
476 sm->wpa_auth = wpa_auth;
477 sm->group = wpa_auth->group;
483 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
484 struct wpa_state_machine *sm)
486 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
489 #ifdef CONFIG_IEEE80211R
490 if (sm->ft_completed) {
491 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
492 "FT authentication already completed - do not "
493 "start 4-way handshake");
496 #endif /* CONFIG_IEEE80211R */
499 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
500 sm->ReAuthenticationRequest = TRUE;
505 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
506 "start authentication");
512 sm->AuthenticationRequest = TRUE;
517 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
519 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
520 * reassociates back to the same AP while the previous entry for the
521 * STA has not yet been removed. */
525 sm->wpa_key_mgmt = 0;
529 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
531 os_free(sm->last_rx_eapol_key);
537 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
542 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
543 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
544 "strict rekeying - force GTK rekey since STA "
546 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
547 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
551 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
552 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
553 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
554 if (sm->in_step_loop) {
555 /* Must not free state machine while wpa_sm_step() is running.
556 * Freeing will be completed in the end of wpa_sm_step(). */
557 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
558 "machine deinit for " MACSTR, MAC2STR(sm->addr));
559 sm->pending_deinit = 1;
565 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
570 sm->PTKRequest = TRUE;
575 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
576 const u8 *replay_counter)
579 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
580 if (!sm->key_replay[i].valid)
582 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
583 WPA_REPLAY_COUNTER_LEN) == 0)
590 void wpa_receive(struct wpa_authenticator *wpa_auth,
591 struct wpa_state_machine *sm,
592 u8 *data, size_t data_len)
594 struct ieee802_1x_hdr *hdr;
595 struct wpa_eapol_key *key;
596 u16 key_info, key_data_length;
597 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
598 SMK_M1, SMK_M3, SMK_ERROR } msg;
600 struct wpa_eapol_ie_parse kde;
602 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
605 if (data_len < sizeof(*hdr) + sizeof(*key))
608 hdr = (struct ieee802_1x_hdr *) data;
609 key = (struct wpa_eapol_key *) (hdr + 1);
610 key_info = WPA_GET_BE16(key->key_info);
611 key_data_length = WPA_GET_BE16(key->key_data_length);
612 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
613 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
614 "key_data overflow (%d > %lu)",
616 (unsigned long) (data_len - sizeof(*hdr) -
621 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
624 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
625 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
626 if (key_info & WPA_KEY_INFO_ERROR) {
628 msgtxt = "SMK Error";
633 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
636 } else if (key_info & WPA_KEY_INFO_REQUEST) {
639 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
641 msgtxt = "2/2 Group";
642 } else if (key_data_length == 0) {
644 msgtxt = "4/4 Pairwise";
647 msgtxt = "2/4 Pairwise";
650 /* TODO: key_info type validation for PeerKey */
651 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
653 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
654 if (sm->pairwise == WPA_CIPHER_CCMP) {
655 if (wpa_use_aes_cmac(sm) &&
656 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
657 wpa_auth_logger(wpa_auth, sm->addr,
659 "advertised support for "
660 "AES-128-CMAC, but did not "
665 if (!wpa_use_aes_cmac(sm) &&
666 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
667 wpa_auth_logger(wpa_auth, sm->addr,
669 "did not use HMAC-SHA1-AES "
676 if (key_info & WPA_KEY_INFO_REQUEST) {
677 if (sm->req_replay_counter_used &&
678 os_memcmp(key->replay_counter, sm->req_replay_counter,
679 WPA_REPLAY_COUNTER_LEN) <= 0) {
680 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
681 "received EAPOL-Key request with "
687 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
688 !wpa_replay_counter_valid(sm, key->replay_counter)) {
690 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
691 "received EAPOL-Key %s with unexpected "
692 "replay counter", msgtxt);
693 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
694 if (!sm->key_replay[i].valid)
696 wpa_hexdump(MSG_DEBUG, "pending replay counter",
697 sm->key_replay[i].counter,
698 WPA_REPLAY_COUNTER_LEN);
700 wpa_hexdump(MSG_DEBUG, "received replay counter",
701 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
707 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
708 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
709 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
710 "received EAPOL-Key msg 2/4 in "
711 "invalid state (%d) - dropped",
715 if (sm->wpa_ie == NULL ||
716 sm->wpa_ie_len != key_data_length ||
717 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
718 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
719 "WPA IE from (Re)AssocReq did not "
720 "match with msg 2/4");
722 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
723 sm->wpa_ie, sm->wpa_ie_len);
725 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
726 (u8 *) (key + 1), key_data_length);
727 /* MLME-DEAUTHENTICATE.request */
728 wpa_sta_disconnect(wpa_auth, sm->addr);
733 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
735 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
736 "received EAPOL-Key msg 4/4 in "
737 "invalid state (%d) - dropped",
743 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
745 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
746 "received EAPOL-Key msg 2/2 in "
747 "invalid state (%d) - dropped",
748 sm->wpa_ptk_group_state);
752 #ifdef CONFIG_PEERKEY
756 if (!wpa_auth->conf.peerkey) {
757 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
758 "PeerKey use disabled - ignoring message");
761 if (!sm->PTK_valid) {
762 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
763 "received EAPOL-Key msg SMK in "
764 "invalid state - dropped");
768 #else /* CONFIG_PEERKEY */
772 return; /* STSL disabled - ignore SMK messages */
773 #endif /* CONFIG_PEERKEY */
778 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
779 "received EAPOL-Key frame (%s)", msgtxt);
781 if (key_info & WPA_KEY_INFO_ACK) {
782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
783 "received invalid EAPOL-Key: Key Ack set");
787 if (!(key_info & WPA_KEY_INFO_MIC)) {
788 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
789 "received invalid EAPOL-Key: Key MIC not set");
793 sm->MICVerified = FALSE;
795 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
796 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
797 "received EAPOL-Key with invalid MIC");
800 sm->MICVerified = TRUE;
801 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
804 if (key_info & WPA_KEY_INFO_REQUEST) {
805 if (sm->MICVerified) {
806 sm->req_replay_counter_used = 1;
807 os_memcpy(sm->req_replay_counter, key->replay_counter,
808 WPA_REPLAY_COUNTER_LEN);
810 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
811 "received EAPOL-Key request with "
817 * TODO: should decrypt key data field if encryption was used;
818 * even though MAC address KDE is not normally encrypted,
819 * supplicant is allowed to encrypt it.
821 if (msg == SMK_ERROR) {
822 #ifdef CONFIG_PEERKEY
823 wpa_smk_error(wpa_auth, sm, key);
824 #endif /* CONFIG_PEERKEY */
826 } else if (key_info & WPA_KEY_INFO_ERROR) {
827 /* Supplicant reported a Michael MIC error */
828 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
829 "received EAPOL-Key Error Request "
830 "(STA detected Michael MIC failure)");
831 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
832 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
833 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
834 /* Error report is not a request for a new key
835 * handshake, but since Authenticator may do it, let's
836 * change the keys now anyway. */
837 wpa_request_new_ptk(sm);
838 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
839 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
840 "received EAPOL-Key Request for new "
842 wpa_request_new_ptk(sm);
843 #ifdef CONFIG_PEERKEY
844 } else if (msg == SMK_M1) {
845 wpa_smk_m1(wpa_auth, sm, key);
846 #endif /* CONFIG_PEERKEY */
847 } else if (key_data_length > 0 &&
848 wpa_parse_kde_ies((const u8 *) (key + 1),
849 key_data_length, &kde) == 0 &&
852 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
853 "received EAPOL-Key Request for GTK "
855 /* FIX: why was this triggering PTK rekeying for the
856 * STA that requested Group Key rekeying?? */
857 /* wpa_request_new_ptk(sta->wpa_sm); */
858 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
859 wpa_rekey_gtk(wpa_auth, NULL);
862 /* Do not allow the same key replay counter to be reused. This
863 * does also invalidate all other pending replay counters if
864 * retransmissions were used, i.e., we will only process one of
865 * the pending replies and ignore rest if more than one is
867 sm->key_replay[0].valid = FALSE;
870 #ifdef CONFIG_PEERKEY
872 wpa_smk_m3(wpa_auth, sm, key);
875 #endif /* CONFIG_PEERKEY */
877 os_free(sm->last_rx_eapol_key);
878 sm->last_rx_eapol_key = os_malloc(data_len);
879 if (sm->last_rx_eapol_key == NULL)
881 os_memcpy(sm->last_rx_eapol_key, data, data_len);
882 sm->last_rx_eapol_key_len = data_len;
884 sm->EAPOLKeyReceived = TRUE;
885 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
886 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
887 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
892 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
893 u8 *gtk, size_t gtk_len)
895 u8 data[ETH_ALEN + WPA_NONCE_LEN];
897 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
898 os_memcpy(data, addr, ETH_ALEN);
899 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
901 #ifdef CONFIG_IEEE80211W
902 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
903 data, sizeof(data), gtk, gtk_len);
904 #else /* CONFIG_IEEE80211W */
905 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
906 data, sizeof(data), gtk, gtk_len);
907 #endif /* CONFIG_IEEE80211W */
909 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
910 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
914 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
916 struct wpa_authenticator *wpa_auth = eloop_ctx;
917 struct wpa_state_machine *sm = timeout_ctx;
919 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
920 sm->TimeoutEvt = TRUE;
925 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
926 struct wpa_state_machine *sm, int key_info,
927 const u8 *key_rsc, const u8 *nonce,
928 const u8 *kde, size_t kde_len,
929 int keyidx, int encr, int force_version)
931 struct ieee802_1x_hdr *hdr;
932 struct wpa_eapol_key *key;
935 int key_data_len, pad_len = 0;
937 int version, pairwise;
940 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
943 version = force_version;
944 else if (wpa_use_aes_cmac(sm))
945 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
946 else if (sm->pairwise == WPA_CIPHER_CCMP)
947 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
949 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
951 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
953 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
954 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
957 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
958 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
959 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
960 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
961 pairwise, (unsigned long) kde_len, keyidx, encr);
963 key_data_len = kde_len;
965 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
966 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
967 pad_len = key_data_len % 8;
969 pad_len = 8 - pad_len;
970 key_data_len += pad_len + 8;
975 hdr = os_zalloc(len);
978 hdr->version = wpa_auth->conf.eapol_version;
979 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
980 hdr->length = host_to_be16(len - sizeof(*hdr));
981 key = (struct wpa_eapol_key *) (hdr + 1);
983 key->type = sm->wpa == WPA_VERSION_WPA2 ?
984 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
986 if (encr && sm->wpa == WPA_VERSION_WPA2)
987 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
988 if (sm->wpa != WPA_VERSION_WPA2)
989 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
990 WPA_PUT_BE16(key->key_info, key_info);
992 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
994 case WPA_CIPHER_CCMP:
995 WPA_PUT_BE16(key->key_length, 16);
997 case WPA_CIPHER_TKIP:
998 WPA_PUT_BE16(key->key_length, 32);
1000 case WPA_CIPHER_WEP40:
1001 WPA_PUT_BE16(key->key_length, 5);
1003 case WPA_CIPHER_WEP104:
1004 WPA_PUT_BE16(key->key_length, 13);
1007 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1008 WPA_PUT_BE16(key->key_length, 0);
1010 /* FIX: STSL: what to use as key_replay_counter? */
1011 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1012 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1013 os_memcpy(sm->key_replay[i].counter,
1014 sm->key_replay[i - 1].counter,
1015 WPA_REPLAY_COUNTER_LEN);
1017 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1018 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1019 WPA_REPLAY_COUNTER_LEN);
1020 sm->key_replay[0].valid = TRUE;
1023 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1026 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1029 os_memcpy(key + 1, kde, kde_len);
1030 WPA_PUT_BE16(key->key_data_length, kde_len);
1031 } else if (encr && kde) {
1032 buf = os_zalloc(key_data_len);
1038 os_memcpy(pos, kde, kde_len);
1044 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1046 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1047 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1048 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1049 (u8 *) (key + 1))) {
1054 WPA_PUT_BE16(key->key_data_length, key_data_len);
1057 os_memcpy(key->key_iv,
1058 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1059 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1060 os_memcpy(ek, key->key_iv, 16);
1061 os_memcpy(ek + 16, sm->PTK.kek, 16);
1062 os_memcpy(key + 1, buf, key_data_len);
1063 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1064 WPA_PUT_BE16(key->key_data_length, key_data_len);
1069 if (key_info & WPA_KEY_INFO_MIC) {
1070 if (!sm->PTK_valid) {
1071 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1072 "PTK not valid when sending EAPOL-Key "
1077 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1081 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1083 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1089 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1090 struct wpa_state_machine *sm, int key_info,
1091 const u8 *key_rsc, const u8 *nonce,
1092 const u8 *kde, size_t kde_len,
1093 int keyidx, int encr)
1096 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1102 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1105 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1107 timeout_ms = eapol_key_timeout_first;
1109 timeout_ms = eapol_key_timeout_subseq;
1110 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1111 wpa_send_eapol_timeout, wpa_auth, sm);
1115 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1117 struct ieee802_1x_hdr *hdr;
1118 struct wpa_eapol_key *key;
1123 if (data_len < sizeof(*hdr) + sizeof(*key))
1126 hdr = (struct ieee802_1x_hdr *) data;
1127 key = (struct wpa_eapol_key *) (hdr + 1);
1128 key_info = WPA_GET_BE16(key->key_info);
1129 os_memcpy(mic, key->key_mic, 16);
1130 os_memset(key->key_mic, 0, 16);
1131 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1132 data, data_len, key->key_mic) ||
1133 os_memcmp(mic, key->key_mic, 16) != 0)
1135 os_memcpy(key->key_mic, mic, 16);
1140 void wpa_remove_ptk(struct wpa_state_machine *sm)
1142 sm->PTK_valid = FALSE;
1143 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1144 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
1145 sm->pairwise_set = FALSE;
1146 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1150 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1157 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1158 "event %d notification", event);
1166 sm->DeauthenticationRequest = TRUE;
1169 case WPA_REAUTH_EAPOL:
1170 if (sm->GUpdateStationKeys) {
1172 * Reauthentication cancels the pending group key
1173 * update for this STA.
1175 sm->group->GKeyDoneStations--;
1176 sm->GUpdateStationKeys = FALSE;
1177 sm->PtkGroupInit = TRUE;
1179 sm->ReAuthenticationRequest = TRUE;
1182 #ifdef CONFIG_IEEE80211R
1183 /* Using FT protocol, not WPA auth state machine */
1184 sm->ft_completed = 1;
1186 #else /* CONFIG_IEEE80211R */
1188 #endif /* CONFIG_IEEE80211R */
1191 #ifdef CONFIG_IEEE80211R
1192 sm->ft_completed = 0;
1193 #endif /* CONFIG_IEEE80211R */
1195 #ifdef CONFIG_IEEE80211W
1196 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1198 #endif /* CONFIG_IEEE80211W */
1201 sm->PTK_valid = FALSE;
1202 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1204 if (event != WPA_REAUTH_EAPOL)
1212 static const char * wpa_alg_txt(int alg)
1215 case WPA_CIPHER_CCMP:
1217 case WPA_CIPHER_TKIP:
1219 case WPA_CIPHER_WEP104:
1220 case WPA_CIPHER_WEP40:
1228 SM_STATE(WPA_PTK, INITIALIZE)
1230 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1232 /* Init flag is not cleared here, so avoid busy
1233 * loop by claiming nothing changed. */
1234 sm->changed = FALSE;
1238 if (sm->GUpdateStationKeys)
1239 sm->group->GKeyDoneStations--;
1240 sm->GUpdateStationKeys = FALSE;
1241 if (sm->wpa == WPA_VERSION_WPA)
1242 sm->PInitAKeys = FALSE;
1243 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1244 * Local AA > Remote AA)) */) {
1247 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1249 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1251 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1252 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1253 WPA_EAPOL_authorized, 0);
1258 SM_STATE(WPA_PTK, DISCONNECT)
1260 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1261 sm->Disconnect = FALSE;
1262 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1266 SM_STATE(WPA_PTK, DISCONNECTED)
1268 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1269 sm->DeauthenticationRequest = FALSE;
1273 SM_STATE(WPA_PTK, AUTHENTICATION)
1275 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1276 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1277 sm->PTK_valid = FALSE;
1278 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1280 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1281 sm->AuthenticationRequest = FALSE;
1285 SM_STATE(WPA_PTK, AUTHENTICATION2)
1287 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1288 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1289 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1290 sm->ReAuthenticationRequest = FALSE;
1291 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1292 * logical place than INITIALIZE since AUTHENTICATION2 can be
1293 * re-entered on ReAuthenticationRequest without going through
1299 SM_STATE(WPA_PTK, INITPMK)
1301 u8 msk[2 * PMK_LEN];
1302 size_t len = 2 * PMK_LEN;
1304 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1305 #ifdef CONFIG_IEEE80211R
1307 #endif /* CONFIG_IEEE80211R */
1309 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1310 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1311 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1312 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1313 "(len=%lu)", (unsigned long) len);
1314 os_memcpy(sm->PMK, msk, PMK_LEN);
1315 #ifdef CONFIG_IEEE80211R
1316 if (len >= 2 * PMK_LEN) {
1317 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1318 sm->xxkey_len = PMK_LEN;
1320 #endif /* CONFIG_IEEE80211R */
1322 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1325 sm->req_replay_counter_used = 0;
1326 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1327 * will break reauthentication since EAPOL state machines may not be
1328 * get into AUTHENTICATING state that clears keyRun before WPA state
1329 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1330 * state and takes PMK from the previously used AAA Key. This will
1331 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1332 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1333 * be good workaround for this issue. */
1334 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1338 SM_STATE(WPA_PTK, INITPSK)
1341 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1342 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1344 os_memcpy(sm->PMK, psk, PMK_LEN);
1345 #ifdef CONFIG_IEEE80211R
1346 os_memcpy(sm->xxkey, psk, PMK_LEN);
1347 sm->xxkey_len = PMK_LEN;
1348 #endif /* CONFIG_IEEE80211R */
1350 sm->req_replay_counter_used = 0;
1354 SM_STATE(WPA_PTK, PTKSTART)
1356 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1357 size_t pmkid_len = 0;
1359 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1360 sm->PTKRequest = FALSE;
1361 sm->TimeoutEvt = FALSE;
1364 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1365 /* No point in sending the EAPOL-Key - we will disconnect
1366 * immediately following this. */
1370 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1371 "sending 1/4 msg of 4-Way Handshake");
1373 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1374 * one possible PSK for this STA.
1376 if (sm->wpa == WPA_VERSION_WPA2 &&
1377 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
1379 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1380 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1381 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1382 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1384 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1385 sm->pmksa->pmkid, PMKID_LEN);
1388 * Calculate PMKID since no PMKSA cache entry was
1389 * available with pre-calculated PMKID.
1391 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1392 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1393 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1396 wpa_send_eapol(sm->wpa_auth, sm,
1397 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1398 sm->ANonce, pmkid, pmkid_len, 0, 0);
1402 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1403 struct wpa_ptk *ptk)
1405 #ifdef CONFIG_IEEE80211R
1406 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1407 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
1408 #endif /* CONFIG_IEEE80211R */
1410 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1411 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1412 (u8 *) ptk, sizeof(*ptk),
1413 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1419 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1423 const u8 *pmk = NULL;
1425 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1426 sm->EAPOLKeyReceived = FALSE;
1428 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1429 * WPA-PSK: iterate through possible PSKs and select the one matching
1432 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1433 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1439 wpa_derive_ptk(sm, pmk, &PTK);
1441 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1442 sm->last_rx_eapol_key_len) == 0) {
1447 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1452 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1453 "invalid MIC in msg 2/4 of 4-Way Handshake");
1457 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1459 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1460 /* PSK may have changed from the previous choice, so update
1461 * state machine data based on whatever PSK was selected here.
1463 os_memcpy(sm->PMK, pmk, PMK_LEN);
1466 sm->MICVerified = TRUE;
1468 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1469 sm->PTK_valid = TRUE;
1473 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1475 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1480 #ifdef CONFIG_IEEE80211W
1482 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1484 if (sm->mgmt_frame_prot) {
1485 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1492 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1494 struct wpa_igtk_kde igtk;
1495 struct wpa_group *gsm = sm->group;
1497 if (!sm->mgmt_frame_prot)
1500 igtk.keyid[0] = gsm->GN_igtk;
1502 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn)
1504 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1505 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1506 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1507 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1512 #else /* CONFIG_IEEE80211W */
1514 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1520 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1525 #endif /* CONFIG_IEEE80211W */
1528 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1530 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1531 size_t gtk_len, kde_len;
1532 struct wpa_group *gsm = sm->group;
1534 int wpa_ie_len, secure, keyidx, encr = 0;
1536 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1537 sm->TimeoutEvt = FALSE;
1540 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1541 /* No point in sending the EAPOL-Key - we will disconnect
1542 * immediately following this. */
1546 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1548 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1549 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1550 wpa_ie = sm->wpa_auth->wpa_ie;
1551 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1552 if (sm->wpa == WPA_VERSION_WPA &&
1553 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1554 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1555 /* WPA-only STA, remove RSN IE */
1556 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1557 wpa_ie_len = wpa_ie[1] + 2;
1559 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1560 "sending 3/4 msg of 4-Way Handshake");
1561 if (sm->wpa == WPA_VERSION_WPA2) {
1562 /* WPA2 send GTK in the 4-way handshake */
1564 gtk = gsm->GTK[gsm->GN - 1];
1565 gtk_len = gsm->GTK_len;
1570 /* WPA does not include GTK in msg 3/4 */
1578 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1580 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1581 kde = os_malloc(kde_len);
1586 os_memcpy(pos, wpa_ie, wpa_ie_len);
1590 hdr[0] = keyidx & 0x03;
1592 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1595 pos = ieee80211w_kde_add(sm, pos);
1597 wpa_send_eapol(sm->wpa_auth, sm,
1598 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1599 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1600 WPA_KEY_INFO_KEY_TYPE,
1601 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1606 SM_STATE(WPA_PTK, PTKINITDONE)
1608 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1609 sm->EAPOLKeyReceived = FALSE;
1613 if (sm->pairwise == WPA_CIPHER_TKIP) {
1620 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1621 sm->PTK.tk1, klen)) {
1622 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1625 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1626 sm->pairwise_set = TRUE;
1628 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1629 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1630 eloop_register_timeout(sm->wpa_auth->conf.
1631 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1635 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1636 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1637 WPA_EAPOL_authorized, 1);
1641 if (0 /* IBSS == TRUE */) {
1643 if (sm->keycount == 2) {
1644 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1645 WPA_EAPOL_portValid, 1);
1648 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1651 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1652 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1653 if (sm->wpa == WPA_VERSION_WPA)
1654 sm->PInitAKeys = TRUE;
1657 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1658 "pairwise key handshake completed (%s)",
1659 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1661 #ifdef CONFIG_IEEE80211R
1662 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1663 #endif /* CONFIG_IEEE80211R */
1669 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1672 SM_ENTER(WPA_PTK, INITIALIZE);
1673 else if (sm->Disconnect
1674 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1675 SM_ENTER(WPA_PTK, DISCONNECT);
1676 else if (sm->DeauthenticationRequest)
1677 SM_ENTER(WPA_PTK, DISCONNECTED);
1678 else if (sm->AuthenticationRequest)
1679 SM_ENTER(WPA_PTK, AUTHENTICATION);
1680 else if (sm->ReAuthenticationRequest)
1681 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1682 else if (sm->PTKRequest)
1683 SM_ENTER(WPA_PTK, PTKSTART);
1684 else switch (sm->wpa_ptk_state) {
1685 case WPA_PTK_INITIALIZE:
1687 case WPA_PTK_DISCONNECT:
1688 SM_ENTER(WPA_PTK, DISCONNECTED);
1690 case WPA_PTK_DISCONNECTED:
1691 SM_ENTER(WPA_PTK, INITIALIZE);
1693 case WPA_PTK_AUTHENTICATION:
1694 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1696 case WPA_PTK_AUTHENTICATION2:
1697 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1698 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1699 WPA_EAPOL_keyRun) > 0)
1700 SM_ENTER(WPA_PTK, INITPMK);
1701 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
1702 /* FIX: && 802.1X::keyRun */)
1703 SM_ENTER(WPA_PTK, INITPSK);
1705 case WPA_PTK_INITPMK:
1706 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1707 WPA_EAPOL_keyAvailable) > 0)
1708 SM_ENTER(WPA_PTK, PTKSTART);
1710 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1711 SM_ENTER(WPA_PTK, DISCONNECT);
1714 case WPA_PTK_INITPSK:
1715 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1716 SM_ENTER(WPA_PTK, PTKSTART);
1718 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1719 "no PSK configured for the STA");
1720 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1721 SM_ENTER(WPA_PTK, DISCONNECT);
1724 case WPA_PTK_PTKSTART:
1725 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1726 sm->EAPOLKeyPairwise)
1727 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1728 else if (sm->TimeoutCtr >
1729 (int) dot11RSNAConfigPairwiseUpdateCount) {
1730 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1731 SM_ENTER(WPA_PTK, DISCONNECT);
1732 } else if (sm->TimeoutEvt)
1733 SM_ENTER(WPA_PTK, PTKSTART);
1735 case WPA_PTK_PTKCALCNEGOTIATING:
1736 if (sm->MICVerified)
1737 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1738 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1739 sm->EAPOLKeyPairwise)
1740 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1741 else if (sm->TimeoutEvt)
1742 SM_ENTER(WPA_PTK, PTKSTART);
1744 case WPA_PTK_PTKCALCNEGOTIATING2:
1745 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1747 case WPA_PTK_PTKINITNEGOTIATING:
1748 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1749 sm->EAPOLKeyPairwise && sm->MICVerified)
1750 SM_ENTER(WPA_PTK, PTKINITDONE);
1751 else if (sm->TimeoutCtr >
1752 (int) dot11RSNAConfigPairwiseUpdateCount) {
1753 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1754 SM_ENTER(WPA_PTK, DISCONNECT);
1755 } else if (sm->TimeoutEvt)
1756 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1758 case WPA_PTK_PTKINITDONE:
1764 SM_STATE(WPA_PTK_GROUP, IDLE)
1766 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1768 /* Init flag is not cleared here, so avoid busy
1769 * loop by claiming nothing changed. */
1770 sm->changed = FALSE;
1772 sm->GTimeoutCtr = 0;
1776 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1778 u8 rsc[WPA_KEY_RSC_LEN];
1779 struct wpa_group *gsm = sm->group;
1780 u8 *kde, *pos, hdr[2];
1783 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
1786 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
1787 /* No point in sending the EAPOL-Key - we will disconnect
1788 * immediately following this. */
1792 if (sm->wpa == WPA_VERSION_WPA)
1793 sm->PInitAKeys = FALSE;
1794 sm->TimeoutEvt = FALSE;
1795 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1796 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1797 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1798 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1799 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1800 "sending 1/2 msg of Group Key Handshake");
1802 if (sm->wpa == WPA_VERSION_WPA2) {
1803 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1804 ieee80211w_kde_len(sm);
1805 kde = os_malloc(kde_len);
1810 hdr[0] = gsm->GN & 0x03;
1812 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1813 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1814 pos = ieee80211w_kde_add(sm, pos);
1816 kde = gsm->GTK[gsm->GN - 1];
1817 pos = kde + gsm->GTK_len;
1820 wpa_send_eapol(sm->wpa_auth, sm,
1821 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1823 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1824 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1825 if (sm->wpa == WPA_VERSION_WPA2)
1830 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1832 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1833 sm->EAPOLKeyReceived = FALSE;
1834 if (sm->GUpdateStationKeys)
1835 sm->group->GKeyDoneStations--;
1836 sm->GUpdateStationKeys = FALSE;
1837 sm->GTimeoutCtr = 0;
1838 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1839 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1840 "group key handshake completed (%s)",
1841 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1846 SM_STATE(WPA_PTK_GROUP, KEYERROR)
1848 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1849 if (sm->GUpdateStationKeys)
1850 sm->group->GKeyDoneStations--;
1851 sm->GUpdateStationKeys = FALSE;
1852 sm->Disconnect = TRUE;
1856 SM_STEP(WPA_PTK_GROUP)
1858 if (sm->Init || sm->PtkGroupInit) {
1859 SM_ENTER(WPA_PTK_GROUP, IDLE);
1860 sm->PtkGroupInit = FALSE;
1861 } else switch (sm->wpa_ptk_group_state) {
1862 case WPA_PTK_GROUP_IDLE:
1863 if (sm->GUpdateStationKeys ||
1864 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1865 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1867 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1868 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1869 !sm->EAPOLKeyPairwise && sm->MICVerified)
1870 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1871 else if (sm->GTimeoutCtr >
1872 (int) dot11RSNAConfigGroupUpdateCount)
1873 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1874 else if (sm->TimeoutEvt)
1875 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1877 case WPA_PTK_GROUP_KEYERROR:
1878 SM_ENTER(WPA_PTK_GROUP, IDLE);
1880 case WPA_PTK_GROUP_REKEYESTABLISHED:
1881 SM_ENTER(WPA_PTK_GROUP, IDLE);
1887 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1888 struct wpa_group *group)
1892 /* FIX: is this the correct way of getting GNonce? */
1893 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1894 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1895 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1896 group->GTK[group->GN - 1], group->GTK_len);
1898 #ifdef CONFIG_IEEE80211W
1899 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1900 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1901 WPA_IGTK_LEN) < 0) {
1902 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1906 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1907 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1909 #endif /* CONFIG_IEEE80211W */
1915 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1916 struct wpa_group *group)
1918 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1919 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1920 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1921 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1924 os_memset(group->GTK, 0, sizeof(group->GTK));
1927 #ifdef CONFIG_IEEE80211W
1930 #endif /* CONFIG_IEEE80211W */
1931 /* GTK[GN] = CalcGTK() */
1932 wpa_gtk_update(wpa_auth, group);
1936 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1938 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1939 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1940 "Not in PTKINITDONE; skip Group Key update");
1943 if (sm->GUpdateStationKeys) {
1945 * This should not really happen, but just in case, make sure
1946 * we do not count the same STA twice in GKeyDoneStations.
1948 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1949 "GUpdateStationKeys already set - do not "
1950 "increment GKeyDoneStations");
1952 sm->group->GKeyDoneStations++;
1953 sm->GUpdateStationKeys = TRUE;
1960 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1961 struct wpa_group *group)
1965 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1966 "SETKEYS (VLAN-ID %d)", group->vlan_id);
1967 group->changed = TRUE;
1968 group->wpa_group_state = WPA_GROUP_SETKEYS;
1969 group->GTKReKey = FALSE;
1971 group->GM = group->GN;
1973 #ifdef CONFIG_IEEE80211W
1974 tmp = group->GM_igtk;
1975 group->GM_igtk = group->GN_igtk;
1976 group->GN_igtk = tmp;
1977 #endif /* CONFIG_IEEE80211W */
1978 /* "GKeyDoneStations = GNoStations" is done in more robust way by
1979 * counting the STAs that are marked with GUpdateStationKeys instead of
1980 * including all STAs that could be in not-yet-completed state. */
1981 wpa_gtk_update(wpa_auth, group);
1983 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
1984 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
1985 group->GKeyDoneStations);
1989 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
1990 struct wpa_group *group)
1992 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1993 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
1994 group->changed = TRUE;
1995 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
1996 wpa_auth_set_key(wpa_auth, group->vlan_id,
1997 wpa_alg_txt(wpa_auth->conf.wpa_group),
1998 NULL, group->GN, group->GTK[group->GN - 1],
2001 #ifdef CONFIG_IEEE80211W
2002 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
2003 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
2004 NULL, group->GN_igtk,
2005 group->IGTK[group->GN_igtk - 4],
2008 #endif /* CONFIG_IEEE80211W */
2012 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2013 struct wpa_group *group)
2016 wpa_group_gtk_init(wpa_auth, group);
2017 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2018 group->GTKAuthenticator) {
2019 wpa_group_setkeysdone(wpa_auth, group);
2020 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2022 wpa_group_setkeys(wpa_auth, group);
2023 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2024 if (group->GKeyDoneStations == 0)
2025 wpa_group_setkeysdone(wpa_auth, group);
2026 else if (group->GTKReKey)
2027 wpa_group_setkeys(wpa_auth, group);
2032 static void wpa_sm_step(struct wpa_state_machine *sm)
2037 if (sm->in_step_loop) {
2038 /* This should not happen, but if it does, make sure we do not
2039 * end up freeing the state machine too early by exiting the
2040 * recursive call. */
2041 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2045 sm->in_step_loop = 1;
2047 if (sm->pending_deinit)
2050 sm->changed = FALSE;
2051 sm->wpa_auth->group->changed = FALSE;
2053 SM_STEP_RUN(WPA_PTK);
2054 if (sm->pending_deinit)
2056 SM_STEP_RUN(WPA_PTK_GROUP);
2057 if (sm->pending_deinit)
2059 wpa_group_sm_step(sm->wpa_auth, sm->group);
2060 } while (sm->changed || sm->wpa_auth->group->changed);
2061 sm->in_step_loop = 0;
2063 if (sm->pending_deinit) {
2064 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2065 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2066 wpa_free_sta_sm(sm);
2071 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2073 struct wpa_state_machine *sm = eloop_ctx;
2078 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2082 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2086 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2089 struct wpa_group *group;
2091 if (wpa_auth == NULL)
2094 group = wpa_auth->group;
2096 for (i = 0; i < 2; i++) {
2098 group->GM = group->GN;
2100 #ifdef CONFIG_IEEE80211W
2101 tmp = group->GM_igtk;
2102 group->GM_igtk = group->GN_igtk;
2103 group->GN_igtk = tmp;
2104 #endif /* CONFIG_IEEE80211W */
2105 wpa_gtk_update(wpa_auth, group);
2110 static const char * wpa_bool_txt(int bool)
2112 return bool ? "TRUE" : "FALSE";
2116 static int wpa_cipher_bits(int cipher)
2119 case WPA_CIPHER_CCMP:
2121 case WPA_CIPHER_TKIP:
2123 case WPA_CIPHER_WEP104:
2125 case WPA_CIPHER_WEP40:
2133 #define RSN_SUITE "%02x-%02x-%02x-%d"
2134 #define RSN_SUITE_ARG(s) \
2135 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2137 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2140 char pmkid_txt[PMKID_LEN * 2 + 1];
2142 if (wpa_auth == NULL)
2145 ret = os_snprintf(buf + len, buflen - len,
2146 "dot11RSNAOptionImplemented=TRUE\n"
2147 #ifdef CONFIG_RSN_PREAUTH
2148 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2149 #else /* CONFIG_RSN_PREAUTH */
2150 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2151 #endif /* CONFIG_RSN_PREAUTH */
2152 "dot11RSNAEnabled=%s\n"
2153 "dot11RSNAPreauthenticationEnabled=%s\n",
2154 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2155 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2156 if (ret < 0 || (size_t) ret >= buflen - len)
2160 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2161 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2164 buf + len, buflen - len,
2165 "dot11RSNAConfigVersion=%u\n"
2166 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2167 /* FIX: dot11RSNAConfigGroupCipher */
2168 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2169 /* FIX: dot11RSNAConfigGroupRekeyTime */
2170 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2171 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2172 "dot11RSNAConfigGroupUpdateCount=%u\n"
2173 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2174 "dot11RSNAConfigGroupCipherSize=%u\n"
2175 "dot11RSNAConfigPMKLifetime=%u\n"
2176 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2177 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2178 "dot11RSNAConfigSATimeout=%u\n"
2179 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2180 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2181 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2182 "dot11RSNAPMKIDUsed=%s\n"
2183 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2184 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2185 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2186 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2187 "dot11RSNA4WayHandshakeFailures=%u\n"
2188 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2190 !!wpa_auth->conf.wpa_strict_rekey,
2191 dot11RSNAConfigGroupUpdateCount,
2192 dot11RSNAConfigPairwiseUpdateCount,
2193 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2194 dot11RSNAConfigPMKLifetime,
2195 dot11RSNAConfigPMKReauthThreshold,
2196 dot11RSNAConfigSATimeout,
2197 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2198 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2199 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2201 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2202 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2203 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2204 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2205 wpa_auth->dot11RSNA4WayHandshakeFailures);
2206 if (ret < 0 || (size_t) ret >= buflen - len)
2210 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2211 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2214 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2215 wpa_auth->group->wpa_group_state);
2216 if (ret < 0 || (size_t) ret >= buflen - len)
2224 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2232 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2234 /* dot11RSNAStatsEntry */
2236 if (sm->wpa == WPA_VERSION_WPA) {
2237 if (sm->pairwise == WPA_CIPHER_CCMP)
2238 pairwise = WPA_CIPHER_SUITE_CCMP;
2239 else if (sm->pairwise == WPA_CIPHER_TKIP)
2240 pairwise = WPA_CIPHER_SUITE_TKIP;
2241 else if (sm->pairwise == WPA_CIPHER_WEP104)
2242 pairwise = WPA_CIPHER_SUITE_WEP104;
2243 else if (sm->pairwise == WPA_CIPHER_WEP40)
2244 pairwise = WPA_CIPHER_SUITE_WEP40;
2245 else if (sm->pairwise == WPA_CIPHER_NONE)
2246 pairwise = WPA_CIPHER_SUITE_NONE;
2247 } else if (sm->wpa == WPA_VERSION_WPA2) {
2248 if (sm->pairwise == WPA_CIPHER_CCMP)
2249 pairwise = RSN_CIPHER_SUITE_CCMP;
2250 else if (sm->pairwise == WPA_CIPHER_TKIP)
2251 pairwise = RSN_CIPHER_SUITE_TKIP;
2252 else if (sm->pairwise == WPA_CIPHER_WEP104)
2253 pairwise = RSN_CIPHER_SUITE_WEP104;
2254 else if (sm->pairwise == WPA_CIPHER_WEP40)
2255 pairwise = RSN_CIPHER_SUITE_WEP40;
2256 else if (sm->pairwise == WPA_CIPHER_NONE)
2257 pairwise = RSN_CIPHER_SUITE_NONE;
2262 buf + len, buflen - len,
2263 /* TODO: dot11RSNAStatsIndex */
2264 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2265 "dot11RSNAStatsVersion=1\n"
2266 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2267 /* TODO: dot11RSNAStatsTKIPICVErrors */
2268 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2269 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2270 /* TODO: dot11RSNAStatsCCMPReplays */
2271 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2272 /* TODO: dot11RSNAStatsTKIPReplays */,
2274 RSN_SUITE_ARG(pairwise),
2275 sm->dot11RSNAStatsTKIPLocalMICFailures,
2276 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2277 if (ret < 0 || (size_t) ret >= buflen - len)
2282 ret = os_snprintf(buf + len, buflen - len,
2283 "hostapdWPAPTKState=%d\n"
2284 "hostapdWPAPTKGroupState=%d\n",
2286 sm->wpa_ptk_group_state);
2287 if (ret < 0 || (size_t) ret >= buflen - len)
2295 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2298 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2302 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2304 return sm && sm->pairwise_set;
2308 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2310 return sm->pairwise;
2314 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2318 return sm->wpa_key_mgmt;
2322 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2330 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2331 struct rsn_pmksa_cache_entry *entry)
2333 if (sm == NULL || sm->pmksa != entry)
2340 struct rsn_pmksa_cache_entry *
2341 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2343 return sm ? sm->pmksa : NULL;
2347 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2350 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2354 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2356 if (wpa_auth == NULL)
2358 *len = wpa_auth->wpa_ie_len;
2359 return wpa_auth->wpa_ie;
2363 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2364 int session_timeout, struct eapol_state_machine *eapol)
2366 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2369 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2370 sm->wpa_auth->addr, sm->addr, session_timeout,
2371 eapol, sm->wpa_key_mgmt))
2378 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2379 const u8 *pmk, size_t len, const u8 *sta_addr,
2380 int session_timeout,
2381 struct eapol_state_machine *eapol)
2383 if (wpa_auth == NULL)
2386 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2387 sta_addr, session_timeout, eapol,
2388 WPA_KEY_MGMT_IEEE8021X))
2395 static struct wpa_group *
2396 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2398 struct wpa_group *group;
2400 if (wpa_auth == NULL || wpa_auth->group == NULL)
2403 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2405 group = wpa_group_init(wpa_auth, vlan_id);
2409 group->next = wpa_auth->group->next;
2410 wpa_auth->group->next = group;
2416 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2418 struct wpa_group *group;
2420 if (sm == NULL || sm->wpa_auth == NULL)
2423 group = sm->wpa_auth->group;
2425 if (group->vlan_id == vlan_id)
2427 group = group->next;
2430 if (group == NULL) {
2431 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2436 if (sm->group == group)
2439 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2440 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2446 #endif /* CONFIG_NATIVE_WINDOWS */