2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
18 #include "utils/eloop.h"
19 #include "utils/state_machine.h"
20 #include "common/ieee802_11_defs.h"
21 #include "crypto/aes_wrap.h"
22 #include "crypto/crypto.h"
23 #include "crypto/sha1.h"
24 #include "crypto/sha256.h"
25 #include "crypto/random.h"
26 #include "eapol_auth/eapol_auth_sm.h"
27 #include "ap_config.h"
28 #include "ieee802_11.h"
30 #include "pmksa_cache_auth.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40 static int wpa_sm_step(struct wpa_state_machine *sm);
41 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
45 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
46 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
47 struct wpa_group *group);
48 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
49 struct wpa_group *group);
51 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
52 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
53 static const u32 eapol_key_timeout_first = 100; /* ms */
54 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
56 /* TODO: make these configurable */
57 static const int dot11RSNAConfigPMKLifetime = 43200;
58 static const int dot11RSNAConfigPMKReauthThreshold = 70;
59 static const int dot11RSNAConfigSATimeout = 60;
62 static inline void wpa_auth_mic_failure_report(
63 struct wpa_authenticator *wpa_auth, const u8 *addr)
65 if (wpa_auth->cb.mic_failure_report)
66 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
70 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
71 const u8 *addr, wpa_eapol_variable var,
74 if (wpa_auth->cb.set_eapol)
75 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
79 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
80 const u8 *addr, wpa_eapol_variable var)
82 if (wpa_auth->cb.get_eapol == NULL)
84 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
88 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
89 const u8 *addr, const u8 *prev_psk)
91 if (wpa_auth->cb.get_psk == NULL)
93 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
97 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
98 const u8 *addr, u8 *msk, size_t *len)
100 if (wpa_auth->cb.get_msk == NULL)
102 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
106 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
108 enum wpa_alg alg, const u8 *addr, int idx,
109 u8 *key, size_t key_len)
111 if (wpa_auth->cb.set_key == NULL)
113 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
118 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
119 const u8 *addr, int idx, u8 *seq)
121 if (wpa_auth->cb.get_seqnum == NULL)
123 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
128 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
129 const u8 *data, size_t data_len, int encrypt)
131 if (wpa_auth->cb.send_eapol == NULL)
133 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
138 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
139 int (*cb)(struct wpa_state_machine *sm, void *ctx),
142 if (wpa_auth->cb.for_each_sta == NULL)
144 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
148 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
149 int (*cb)(struct wpa_authenticator *a, void *ctx),
152 if (wpa_auth->cb.for_each_auth == NULL)
154 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
158 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
159 logger_level level, const char *txt)
161 if (wpa_auth->cb.logger == NULL)
163 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
167 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
168 logger_level level, const char *fmt, ...)
174 if (wpa_auth->cb.logger == NULL)
177 maxlen = os_strlen(fmt) + 100;
178 format = os_malloc(maxlen);
183 vsnprintf(format, maxlen, fmt, ap);
186 wpa_auth_logger(wpa_auth, addr, level, format);
192 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
195 if (wpa_auth->cb.disconnect == NULL)
197 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
198 WLAN_REASON_PREV_AUTH_NOT_VALID);
202 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
205 #ifdef CONFIG_IEEE80211R
206 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
208 #endif /* CONFIG_IEEE80211R */
209 #ifdef CONFIG_IEEE80211W
210 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
212 #endif /* CONFIG_IEEE80211W */
217 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
219 struct wpa_authenticator *wpa_auth = eloop_ctx;
221 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
222 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
225 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
226 wpa_hexdump_key(MSG_DEBUG, "GMK",
227 wpa_auth->group->GMK, WPA_GMK_LEN);
230 if (wpa_auth->conf.wpa_gmk_rekey) {
231 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
232 wpa_rekey_gmk, wpa_auth, NULL);
237 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
239 struct wpa_authenticator *wpa_auth = eloop_ctx;
240 struct wpa_group *group;
242 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
243 for (group = wpa_auth->group; group; group = group->next) {
244 group->GTKReKey = TRUE;
246 group->changed = FALSE;
247 wpa_group_sm_step(wpa_auth, group);
248 } while (group->changed);
251 if (wpa_auth->conf.wpa_group_rekey) {
252 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
253 0, wpa_rekey_gtk, wpa_auth, NULL);
258 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
260 struct wpa_authenticator *wpa_auth = eloop_ctx;
261 struct wpa_state_machine *sm = timeout_ctx;
263 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
264 wpa_request_new_ptk(sm);
269 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
271 if (sm->pmksa == ctx)
277 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
280 struct wpa_authenticator *wpa_auth = ctx;
281 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
285 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
288 case WPA_CIPHER_CCMP:
291 case WPA_CIPHER_TKIP:
294 case WPA_CIPHER_WEP104:
297 case WPA_CIPHER_WEP40:
304 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
305 struct wpa_group *group)
307 u8 buf[ETH_ALEN + 8 + sizeof(group)];
310 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0)
312 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
315 * Counter = PRF-256(Random number, "Init Counter",
316 * Local MAC Address || Time)
318 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
319 wpa_get_ntp_timestamp(buf + ETH_ALEN);
320 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
321 if (random_get_bytes(rkey, sizeof(rkey)) < 0)
324 if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
325 group->Counter, WPA_NONCE_LEN) < 0)
327 wpa_hexdump_key(MSG_DEBUG, "Key Counter",
328 group->Counter, WPA_NONCE_LEN);
334 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
337 struct wpa_group *group;
339 group = os_zalloc(sizeof(struct wpa_group));
343 group->GTKAuthenticator = TRUE;
344 group->vlan_id = vlan_id;
346 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
348 if (random_pool_ready() != 1) {
349 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
350 "for secure operations - update keys later when "
351 "the first station connects");
355 * Set initial GMK/Counter value here. The actual values that will be
356 * used in negotiations will be set once the first station tries to
357 * connect. This allows more time for collecting additional randomness
358 * on embedded devices.
360 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
361 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
368 wpa_group_sm_step(wpa_auth, group);
369 group->GInit = FALSE;
370 wpa_group_sm_step(wpa_auth, group);
377 * wpa_init - Initialize WPA authenticator
378 * @addr: Authenticator address
379 * @conf: Configuration for WPA authenticator
380 * @cb: Callback functions for WPA authenticator
381 * Returns: Pointer to WPA authenticator data or %NULL on failure
383 struct wpa_authenticator * wpa_init(const u8 *addr,
384 struct wpa_auth_config *conf,
385 struct wpa_auth_callbacks *cb)
387 struct wpa_authenticator *wpa_auth;
389 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
390 if (wpa_auth == NULL)
392 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
393 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
394 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
396 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
397 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
402 wpa_auth->group = wpa_group_init(wpa_auth, 0);
403 if (wpa_auth->group == NULL) {
404 os_free(wpa_auth->wpa_ie);
409 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
411 if (wpa_auth->pmksa == NULL) {
412 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
413 os_free(wpa_auth->wpa_ie);
418 #ifdef CONFIG_IEEE80211R
419 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
420 if (wpa_auth->ft_pmk_cache == NULL) {
421 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
422 os_free(wpa_auth->wpa_ie);
423 pmksa_cache_auth_deinit(wpa_auth->pmksa);
427 #endif /* CONFIG_IEEE80211R */
429 if (wpa_auth->conf.wpa_gmk_rekey) {
430 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
431 wpa_rekey_gmk, wpa_auth, NULL);
434 if (wpa_auth->conf.wpa_group_rekey) {
435 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
436 wpa_rekey_gtk, wpa_auth, NULL);
444 * wpa_deinit - Deinitialize WPA authenticator
445 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
447 void wpa_deinit(struct wpa_authenticator *wpa_auth)
449 struct wpa_group *group, *prev;
451 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
452 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
454 #ifdef CONFIG_PEERKEY
455 while (wpa_auth->stsl_negotiations)
456 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
457 #endif /* CONFIG_PEERKEY */
459 pmksa_cache_auth_deinit(wpa_auth->pmksa);
461 #ifdef CONFIG_IEEE80211R
462 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
463 wpa_auth->ft_pmk_cache = NULL;
464 #endif /* CONFIG_IEEE80211R */
466 os_free(wpa_auth->wpa_ie);
468 group = wpa_auth->group;
480 * wpa_reconfig - Update WPA authenticator configuration
481 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
482 * @conf: Configuration for WPA authenticator
484 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
485 struct wpa_auth_config *conf)
487 struct wpa_group *group;
488 if (wpa_auth == NULL)
491 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
492 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
493 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
498 * Reinitialize GTK to make sure it is suitable for the new
501 group = wpa_auth->group;
502 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
504 wpa_group_sm_step(wpa_auth, group);
505 group->GInit = FALSE;
506 wpa_group_sm_step(wpa_auth, group);
512 struct wpa_state_machine *
513 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
515 struct wpa_state_machine *sm;
517 sm = os_zalloc(sizeof(struct wpa_state_machine));
520 os_memcpy(sm->addr, addr, ETH_ALEN);
522 sm->wpa_auth = wpa_auth;
523 sm->group = wpa_auth->group;
529 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
530 struct wpa_state_machine *sm)
532 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
535 #ifdef CONFIG_IEEE80211R
536 if (sm->ft_completed) {
537 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
538 "FT authentication already completed - do not "
539 "start 4-way handshake");
542 #endif /* CONFIG_IEEE80211R */
545 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
546 sm->ReAuthenticationRequest = TRUE;
547 return wpa_sm_step(sm);
550 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
551 "start authentication");
555 if (wpa_sm_step(sm) == 1)
556 return 1; /* should not really happen */
558 sm->AuthenticationRequest = TRUE;
559 return wpa_sm_step(sm);
563 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
565 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
566 * reassociates back to the same AP while the previous entry for the
567 * STA has not yet been removed. */
571 sm->wpa_key_mgmt = 0;
575 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
577 #ifdef CONFIG_IEEE80211R
578 os_free(sm->assoc_resp_ftie);
579 #endif /* CONFIG_IEEE80211R */
580 os_free(sm->last_rx_eapol_key);
586 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
591 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
592 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
593 "strict rekeying - force GTK rekey since STA "
595 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
596 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
600 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
601 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
602 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
603 if (sm->in_step_loop) {
604 /* Must not free state machine while wpa_sm_step() is running.
605 * Freeing will be completed in the end of wpa_sm_step(). */
606 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
607 "machine deinit for " MACSTR, MAC2STR(sm->addr));
608 sm->pending_deinit = 1;
614 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
619 sm->PTKRequest = TRUE;
624 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
625 const u8 *replay_counter)
628 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
629 if (!sm->key_replay[i].valid)
631 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
632 WPA_REPLAY_COUNTER_LEN) == 0)
639 #ifdef CONFIG_IEEE80211R
640 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
641 struct wpa_state_machine *sm,
642 struct wpa_eapol_ie_parse *kde)
644 struct wpa_ie_data ie;
645 struct rsn_mdie *mdie;
647 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
648 ie.num_pmkid != 1 || ie.pmkid == NULL) {
649 wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in "
650 "FT 4-way handshake message 2/4");
654 os_memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
655 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
656 sm->sup_pmk_r1_name, PMKID_LEN);
658 if (!kde->mdie || !kde->ftie) {
659 wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake "
660 "message 2/4", kde->mdie ? "FTIE" : "MDIE");
664 mdie = (struct rsn_mdie *) (kde->mdie + 2);
665 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
666 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
667 MOBILITY_DOMAIN_ID_LEN) != 0) {
668 wpa_printf(MSG_DEBUG, "FT: MDIE mismatch");
672 if (sm->assoc_resp_ftie &&
673 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
674 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
675 2 + sm->assoc_resp_ftie[1]) != 0)) {
676 wpa_printf(MSG_DEBUG, "FT: FTIE mismatch");
677 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
678 kde->ftie, kde->ftie_len);
679 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
680 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
686 #endif /* CONFIG_IEEE80211R */
689 void wpa_receive(struct wpa_authenticator *wpa_auth,
690 struct wpa_state_machine *sm,
691 u8 *data, size_t data_len)
693 struct ieee802_1x_hdr *hdr;
694 struct wpa_eapol_key *key;
695 u16 key_info, key_data_length;
696 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
697 SMK_M1, SMK_M3, SMK_ERROR } msg;
699 struct wpa_eapol_ie_parse kde;
701 const u8 *eapol_key_ie;
702 size_t eapol_key_ie_len;
704 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
707 if (data_len < sizeof(*hdr) + sizeof(*key))
710 hdr = (struct ieee802_1x_hdr *) data;
711 key = (struct wpa_eapol_key *) (hdr + 1);
712 key_info = WPA_GET_BE16(key->key_info);
713 key_data_length = WPA_GET_BE16(key->key_data_length);
714 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
715 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
716 "key_data overflow (%d > %lu)",
718 (unsigned long) (data_len - sizeof(*hdr) -
723 if (sm->wpa == WPA_VERSION_WPA2) {
724 if (key->type != EAPOL_KEY_TYPE_RSN) {
725 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
726 "unexpected type %d in RSN mode",
731 if (key->type != EAPOL_KEY_TYPE_WPA) {
732 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
733 "unexpected type %d in WPA mode",
739 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
742 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
743 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
744 if (key_info & WPA_KEY_INFO_ERROR) {
746 msgtxt = "SMK Error";
751 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
754 } else if (key_info & WPA_KEY_INFO_REQUEST) {
757 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
759 msgtxt = "2/2 Group";
760 } else if (key_data_length == 0) {
762 msgtxt = "4/4 Pairwise";
765 msgtxt = "2/4 Pairwise";
768 /* TODO: key_info type validation for PeerKey */
769 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
771 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
772 if (sm->pairwise == WPA_CIPHER_CCMP) {
773 if (wpa_use_aes_cmac(sm) &&
774 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
775 wpa_auth_logger(wpa_auth, sm->addr,
777 "advertised support for "
778 "AES-128-CMAC, but did not "
783 if (!wpa_use_aes_cmac(sm) &&
784 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
785 wpa_auth_logger(wpa_auth, sm->addr,
787 "did not use HMAC-SHA1-AES "
794 if (key_info & WPA_KEY_INFO_REQUEST) {
795 if (sm->req_replay_counter_used &&
796 os_memcmp(key->replay_counter, sm->req_replay_counter,
797 WPA_REPLAY_COUNTER_LEN) <= 0) {
798 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
799 "received EAPOL-Key request with "
805 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
806 !wpa_replay_counter_valid(sm, key->replay_counter)) {
808 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
809 "received EAPOL-Key %s with unexpected "
810 "replay counter", msgtxt);
811 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
812 if (!sm->key_replay[i].valid)
814 wpa_hexdump(MSG_DEBUG, "pending replay counter",
815 sm->key_replay[i].counter,
816 WPA_REPLAY_COUNTER_LEN);
818 wpa_hexdump(MSG_DEBUG, "received replay counter",
819 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
825 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
826 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
827 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
828 "received EAPOL-Key msg 2/4 in "
829 "invalid state (%d) - dropped",
833 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
834 if (sm->group->reject_4way_hs_for_entropy) {
836 * The system did not have enough entropy to generate
837 * strong random numbers. Reject the first 4-way
838 * handshake(s) and collect some entropy based on the
839 * information from it. Once enough entropy is
840 * available, the next atempt will trigger GMK/Key
841 * Counter update and the station will be allowed to
844 wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
845 "collect more entropy for random number "
847 sm->group->reject_4way_hs_for_entropy = FALSE;
848 random_mark_pool_ready();
849 sm->group->first_sta_seen = FALSE;
850 wpa_sta_disconnect(wpa_auth, sm->addr);
853 if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
855 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
856 "received EAPOL-Key msg 2/4 with "
857 "invalid Key Data contents");
861 eapol_key_ie = kde.rsn_ie;
862 eapol_key_ie_len = kde.rsn_ie_len;
864 eapol_key_ie = kde.wpa_ie;
865 eapol_key_ie_len = kde.wpa_ie_len;
867 ft = sm->wpa == WPA_VERSION_WPA2 &&
868 wpa_key_mgmt_ft(sm->wpa_key_mgmt);
869 if (sm->wpa_ie == NULL ||
870 wpa_compare_rsn_ie(ft,
871 sm->wpa_ie, sm->wpa_ie_len,
872 eapol_key_ie, eapol_key_ie_len)) {
873 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
874 "WPA IE from (Re)AssocReq did not "
875 "match with msg 2/4");
877 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
878 sm->wpa_ie, sm->wpa_ie_len);
880 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
881 eapol_key_ie, eapol_key_ie_len);
882 /* MLME-DEAUTHENTICATE.request */
883 wpa_sta_disconnect(wpa_auth, sm->addr);
886 #ifdef CONFIG_IEEE80211R
887 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
888 wpa_sta_disconnect(wpa_auth, sm->addr);
891 #endif /* CONFIG_IEEE80211R */
894 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
896 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
897 "received EAPOL-Key msg 4/4 in "
898 "invalid state (%d) - dropped",
904 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
906 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
907 "received EAPOL-Key msg 2/2 in "
908 "invalid state (%d) - dropped",
909 sm->wpa_ptk_group_state);
913 #ifdef CONFIG_PEERKEY
917 if (!wpa_auth->conf.peerkey) {
918 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
919 "PeerKey use disabled - ignoring message");
922 if (!sm->PTK_valid) {
923 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
924 "received EAPOL-Key msg SMK in "
925 "invalid state - dropped");
929 #else /* CONFIG_PEERKEY */
933 return; /* STSL disabled - ignore SMK messages */
934 #endif /* CONFIG_PEERKEY */
939 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
940 "received EAPOL-Key frame (%s)", msgtxt);
942 if (key_info & WPA_KEY_INFO_ACK) {
943 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
944 "received invalid EAPOL-Key: Key Ack set");
948 if (!(key_info & WPA_KEY_INFO_MIC)) {
949 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
950 "received invalid EAPOL-Key: Key MIC not set");
954 sm->MICVerified = FALSE;
956 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
957 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
958 "received EAPOL-Key with invalid MIC");
961 sm->MICVerified = TRUE;
962 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
965 if (key_info & WPA_KEY_INFO_REQUEST) {
966 if (sm->MICVerified) {
967 sm->req_replay_counter_used = 1;
968 os_memcpy(sm->req_replay_counter, key->replay_counter,
969 WPA_REPLAY_COUNTER_LEN);
971 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
972 "received EAPOL-Key request with "
978 * TODO: should decrypt key data field if encryption was used;
979 * even though MAC address KDE is not normally encrypted,
980 * supplicant is allowed to encrypt it.
982 if (msg == SMK_ERROR) {
983 #ifdef CONFIG_PEERKEY
984 wpa_smk_error(wpa_auth, sm, key);
985 #endif /* CONFIG_PEERKEY */
987 } else if (key_info & WPA_KEY_INFO_ERROR) {
988 /* Supplicant reported a Michael MIC error */
989 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
990 "received EAPOL-Key Error Request "
991 "(STA detected Michael MIC failure)");
992 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
993 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
994 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
995 /* Error report is not a request for a new key
996 * handshake, but since Authenticator may do it, let's
997 * change the keys now anyway. */
998 wpa_request_new_ptk(sm);
999 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1000 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1001 "received EAPOL-Key Request for new "
1003 wpa_request_new_ptk(sm);
1004 #ifdef CONFIG_PEERKEY
1005 } else if (msg == SMK_M1) {
1006 wpa_smk_m1(wpa_auth, sm, key);
1007 #endif /* CONFIG_PEERKEY */
1008 } else if (key_data_length > 0 &&
1009 wpa_parse_kde_ies((const u8 *) (key + 1),
1010 key_data_length, &kde) == 0 &&
1013 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1014 "received EAPOL-Key Request for GTK "
1016 /* FIX: why was this triggering PTK rekeying for the
1017 * STA that requested Group Key rekeying?? */
1018 /* wpa_request_new_ptk(sta->wpa_sm); */
1019 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1020 wpa_rekey_gtk(wpa_auth, NULL);
1023 /* Do not allow the same key replay counter to be reused. This
1024 * does also invalidate all other pending replay counters if
1025 * retransmissions were used, i.e., we will only process one of
1026 * the pending replies and ignore rest if more than one is
1028 sm->key_replay[0].valid = FALSE;
1031 #ifdef CONFIG_PEERKEY
1032 if (msg == SMK_M3) {
1033 wpa_smk_m3(wpa_auth, sm, key);
1036 #endif /* CONFIG_PEERKEY */
1038 os_free(sm->last_rx_eapol_key);
1039 sm->last_rx_eapol_key = os_malloc(data_len);
1040 if (sm->last_rx_eapol_key == NULL)
1042 os_memcpy(sm->last_rx_eapol_key, data, data_len);
1043 sm->last_rx_eapol_key_len = data_len;
1045 sm->EAPOLKeyReceived = TRUE;
1046 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1047 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1048 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1053 static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
1054 const u8 *gnonce, u8 *gtk, size_t gtk_len)
1056 u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
1060 /* GTK = PRF-X(GMK, "Group key expansion",
1061 * AA || GNonce || Time || random data)
1062 * The example described in the IEEE 802.11 standard uses only AA and
1063 * GNonce as inputs here. Add some more entropy since this derivation
1064 * is done only at the Authenticator and as such, does not need to be
1067 os_memcpy(data, addr, ETH_ALEN);
1068 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
1069 pos = data + ETH_ALEN + WPA_NONCE_LEN;
1070 wpa_get_ntp_timestamp(pos);
1072 if (random_get_bytes(pos, 16) < 0)
1075 #ifdef CONFIG_IEEE80211W
1076 sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
1077 #else /* CONFIG_IEEE80211W */
1078 if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len)
1081 #endif /* CONFIG_IEEE80211W */
1087 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
1089 struct wpa_authenticator *wpa_auth = eloop_ctx;
1090 struct wpa_state_machine *sm = timeout_ctx;
1092 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1093 sm->TimeoutEvt = TRUE;
1098 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1099 struct wpa_state_machine *sm, int key_info,
1100 const u8 *key_rsc, const u8 *nonce,
1101 const u8 *kde, size_t kde_len,
1102 int keyidx, int encr, int force_version)
1104 struct ieee802_1x_hdr *hdr;
1105 struct wpa_eapol_key *key;
1108 int key_data_len, pad_len = 0;
1110 int version, pairwise;
1113 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
1116 version = force_version;
1117 else if (wpa_use_aes_cmac(sm))
1118 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
1119 else if (sm->pairwise == WPA_CIPHER_CCMP)
1120 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1122 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1124 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1126 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
1127 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
1130 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
1131 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
1132 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
1133 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
1134 pairwise, (unsigned long) kde_len, keyidx, encr);
1136 key_data_len = kde_len;
1138 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1139 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
1140 pad_len = key_data_len % 8;
1142 pad_len = 8 - pad_len;
1143 key_data_len += pad_len + 8;
1146 len += key_data_len;
1148 hdr = os_zalloc(len);
1151 hdr->version = wpa_auth->conf.eapol_version;
1152 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1153 hdr->length = host_to_be16(len - sizeof(*hdr));
1154 key = (struct wpa_eapol_key *) (hdr + 1);
1156 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1157 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1158 key_info |= version;
1159 if (encr && sm->wpa == WPA_VERSION_WPA2)
1160 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1161 if (sm->wpa != WPA_VERSION_WPA2)
1162 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1163 WPA_PUT_BE16(key->key_info, key_info);
1165 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1167 case WPA_CIPHER_CCMP:
1168 WPA_PUT_BE16(key->key_length, 16);
1170 case WPA_CIPHER_TKIP:
1171 WPA_PUT_BE16(key->key_length, 32);
1173 case WPA_CIPHER_WEP40:
1174 WPA_PUT_BE16(key->key_length, 5);
1176 case WPA_CIPHER_WEP104:
1177 WPA_PUT_BE16(key->key_length, 13);
1180 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1181 WPA_PUT_BE16(key->key_length, 0);
1183 /* FIX: STSL: what to use as key_replay_counter? */
1184 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1185 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1186 os_memcpy(sm->key_replay[i].counter,
1187 sm->key_replay[i - 1].counter,
1188 WPA_REPLAY_COUNTER_LEN);
1190 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1191 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1192 WPA_REPLAY_COUNTER_LEN);
1193 sm->key_replay[0].valid = TRUE;
1196 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1199 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1202 os_memcpy(key + 1, kde, kde_len);
1203 WPA_PUT_BE16(key->key_data_length, kde_len);
1204 } else if (encr && kde) {
1205 buf = os_zalloc(key_data_len);
1211 os_memcpy(pos, kde, kde_len);
1217 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1219 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1220 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1221 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1222 (u8 *) (key + 1))) {
1227 WPA_PUT_BE16(key->key_data_length, key_data_len);
1230 os_memcpy(key->key_iv,
1231 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1232 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1233 os_memcpy(ek, key->key_iv, 16);
1234 os_memcpy(ek + 16, sm->PTK.kek, 16);
1235 os_memcpy(key + 1, buf, key_data_len);
1236 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1237 WPA_PUT_BE16(key->key_data_length, key_data_len);
1242 if (key_info & WPA_KEY_INFO_MIC) {
1243 if (!sm->PTK_valid) {
1244 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1245 "PTK not valid when sending EAPOL-Key "
1250 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1254 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1256 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1262 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1263 struct wpa_state_machine *sm, int key_info,
1264 const u8 *key_rsc, const u8 *nonce,
1265 const u8 *kde, size_t kde_len,
1266 int keyidx, int encr)
1269 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1275 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1278 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1280 timeout_ms = eapol_key_timeout_first;
1282 timeout_ms = eapol_key_timeout_subseq;
1283 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1284 wpa_send_eapol_timeout, wpa_auth, sm);
1288 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1290 struct ieee802_1x_hdr *hdr;
1291 struct wpa_eapol_key *key;
1296 if (data_len < sizeof(*hdr) + sizeof(*key))
1299 hdr = (struct ieee802_1x_hdr *) data;
1300 key = (struct wpa_eapol_key *) (hdr + 1);
1301 key_info = WPA_GET_BE16(key->key_info);
1302 os_memcpy(mic, key->key_mic, 16);
1303 os_memset(key->key_mic, 0, 16);
1304 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1305 data, data_len, key->key_mic) ||
1306 os_memcmp(mic, key->key_mic, 16) != 0)
1308 os_memcpy(key->key_mic, mic, 16);
1313 void wpa_remove_ptk(struct wpa_state_machine *sm)
1315 sm->PTK_valid = FALSE;
1316 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1317 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
1318 sm->pairwise_set = FALSE;
1319 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1323 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1330 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1331 "event %d notification", event);
1339 sm->DeauthenticationRequest = TRUE;
1342 case WPA_REAUTH_EAPOL:
1345 * When using WPS, we may end up here if the STA
1346 * manages to re-associate without the previous STA
1347 * entry getting removed. Consequently, we need to make
1348 * sure that the WPA state machines gets initialized
1349 * properly at this point.
1351 wpa_printf(MSG_DEBUG, "WPA state machine had not been "
1352 "started - initialize now");
1355 if (wpa_sm_step(sm) == 1)
1356 return 1; /* should not really happen */
1358 sm->AuthenticationRequest = TRUE;
1361 if (sm->GUpdateStationKeys) {
1363 * Reauthentication cancels the pending group key
1364 * update for this STA.
1366 sm->group->GKeyDoneStations--;
1367 sm->GUpdateStationKeys = FALSE;
1368 sm->PtkGroupInit = TRUE;
1370 sm->ReAuthenticationRequest = TRUE;
1373 #ifdef CONFIG_IEEE80211R
1374 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1375 "after association");
1376 wpa_ft_install_ptk(sm);
1378 /* Using FT protocol, not WPA auth state machine */
1379 sm->ft_completed = 1;
1381 #else /* CONFIG_IEEE80211R */
1383 #endif /* CONFIG_IEEE80211R */
1386 #ifdef CONFIG_IEEE80211R
1387 sm->ft_completed = 0;
1388 #endif /* CONFIG_IEEE80211R */
1390 #ifdef CONFIG_IEEE80211W
1391 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1393 #endif /* CONFIG_IEEE80211W */
1396 sm->PTK_valid = FALSE;
1397 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1399 if (event != WPA_REAUTH_EAPOL)
1403 return wpa_sm_step(sm);
1407 static enum wpa_alg wpa_alg_enum(int alg)
1410 case WPA_CIPHER_CCMP:
1411 return WPA_ALG_CCMP;
1412 case WPA_CIPHER_TKIP:
1413 return WPA_ALG_TKIP;
1414 case WPA_CIPHER_WEP104:
1415 case WPA_CIPHER_WEP40:
1418 return WPA_ALG_NONE;
1423 SM_STATE(WPA_PTK, INITIALIZE)
1425 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1427 /* Init flag is not cleared here, so avoid busy
1428 * loop by claiming nothing changed. */
1429 sm->changed = FALSE;
1433 if (sm->GUpdateStationKeys)
1434 sm->group->GKeyDoneStations--;
1435 sm->GUpdateStationKeys = FALSE;
1436 if (sm->wpa == WPA_VERSION_WPA)
1437 sm->PInitAKeys = FALSE;
1438 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1439 * Local AA > Remote AA)) */) {
1442 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1444 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1446 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1447 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1448 WPA_EAPOL_authorized, 0);
1453 SM_STATE(WPA_PTK, DISCONNECT)
1455 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1456 sm->Disconnect = FALSE;
1457 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1461 SM_STATE(WPA_PTK, DISCONNECTED)
1463 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1464 sm->DeauthenticationRequest = FALSE;
1468 SM_STATE(WPA_PTK, AUTHENTICATION)
1470 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1471 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1472 sm->PTK_valid = FALSE;
1473 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1475 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1476 sm->AuthenticationRequest = FALSE;
1480 static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
1481 struct wpa_group *group)
1484 * System has run bit further than at the time hostapd was started
1485 * potentially very early during boot up. This provides better chances
1486 * of collecting more randomness on embedded systems. Re-initialize the
1487 * GMK and Counter here to improve their strength if there was not
1488 * enough entropy available immediately after system startup.
1490 wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
1492 if (random_pool_ready() != 1) {
1493 wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
1494 "to proceed - reject first 4-way handshake");
1495 group->reject_4way_hs_for_entropy = TRUE;
1497 wpa_group_init_gmk_and_counter(wpa_auth, group);
1498 wpa_gtk_update(wpa_auth, group);
1499 wpa_group_config_group_keys(wpa_auth, group);
1503 SM_STATE(WPA_PTK, AUTHENTICATION2)
1505 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1507 if (!sm->group->first_sta_seen) {
1508 wpa_group_first_station(sm->wpa_auth, sm->group);
1509 sm->group->first_sta_seen = TRUE;
1512 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1513 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1514 sm->ReAuthenticationRequest = FALSE;
1515 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1516 * logical place than INITIALIZE since AUTHENTICATION2 can be
1517 * re-entered on ReAuthenticationRequest without going through
1523 SM_STATE(WPA_PTK, INITPMK)
1525 u8 msk[2 * PMK_LEN];
1526 size_t len = 2 * PMK_LEN;
1528 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1529 #ifdef CONFIG_IEEE80211R
1531 #endif /* CONFIG_IEEE80211R */
1533 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1534 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1535 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1536 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1537 "(len=%lu)", (unsigned long) len);
1538 os_memcpy(sm->PMK, msk, PMK_LEN);
1539 #ifdef CONFIG_IEEE80211R
1540 if (len >= 2 * PMK_LEN) {
1541 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1542 sm->xxkey_len = PMK_LEN;
1544 #endif /* CONFIG_IEEE80211R */
1546 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1549 sm->req_replay_counter_used = 0;
1550 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1551 * will break reauthentication since EAPOL state machines may not be
1552 * get into AUTHENTICATING state that clears keyRun before WPA state
1553 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1554 * state and takes PMK from the previously used AAA Key. This will
1555 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1556 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1557 * be good workaround for this issue. */
1558 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1562 SM_STATE(WPA_PTK, INITPSK)
1565 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1566 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1568 os_memcpy(sm->PMK, psk, PMK_LEN);
1569 #ifdef CONFIG_IEEE80211R
1570 os_memcpy(sm->xxkey, psk, PMK_LEN);
1571 sm->xxkey_len = PMK_LEN;
1572 #endif /* CONFIG_IEEE80211R */
1574 sm->req_replay_counter_used = 0;
1578 SM_STATE(WPA_PTK, PTKSTART)
1580 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1581 size_t pmkid_len = 0;
1583 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1584 sm->PTKRequest = FALSE;
1585 sm->TimeoutEvt = FALSE;
1588 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1589 /* No point in sending the EAPOL-Key - we will disconnect
1590 * immediately following this. */
1594 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1595 "sending 1/4 msg of 4-Way Handshake");
1597 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1598 * one possible PSK for this STA.
1600 if (sm->wpa == WPA_VERSION_WPA2 &&
1601 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
1603 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1604 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1605 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1606 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1608 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1609 sm->pmksa->pmkid, PMKID_LEN);
1612 * Calculate PMKID since no PMKSA cache entry was
1613 * available with pre-calculated PMKID.
1615 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1616 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1617 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1620 wpa_send_eapol(sm->wpa_auth, sm,
1621 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1622 sm->ANonce, pmkid, pmkid_len, 0, 0);
1626 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1627 struct wpa_ptk *ptk)
1629 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
1630 #ifdef CONFIG_IEEE80211R
1631 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1632 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
1633 #endif /* CONFIG_IEEE80211R */
1635 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1636 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1637 (u8 *) ptk, ptk_len,
1638 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1644 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1648 const u8 *pmk = NULL;
1650 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1651 sm->EAPOLKeyReceived = FALSE;
1653 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1654 * WPA-PSK: iterate through possible PSKs and select the one matching
1657 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1658 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1664 wpa_derive_ptk(sm, pmk, &PTK);
1666 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1667 sm->last_rx_eapol_key_len) == 0) {
1672 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1677 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1678 "invalid MIC in msg 2/4 of 4-Way Handshake");
1682 #ifdef CONFIG_IEEE80211R
1683 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1685 * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
1686 * with the value we derived.
1688 if (os_memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
1689 WPA_PMK_NAME_LEN) != 0) {
1690 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1691 "PMKR1Name mismatch in FT 4-way "
1693 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
1695 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
1696 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
1697 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1701 #endif /* CONFIG_IEEE80211R */
1703 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1705 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1706 /* PSK may have changed from the previous choice, so update
1707 * state machine data based on whatever PSK was selected here.
1709 os_memcpy(sm->PMK, pmk, PMK_LEN);
1712 sm->MICVerified = TRUE;
1714 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1715 sm->PTK_valid = TRUE;
1719 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1721 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1726 #ifdef CONFIG_IEEE80211W
1728 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1730 if (sm->mgmt_frame_prot) {
1731 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1738 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1740 struct wpa_igtk_kde igtk;
1741 struct wpa_group *gsm = sm->group;
1743 if (!sm->mgmt_frame_prot)
1746 igtk.keyid[0] = gsm->GN_igtk;
1748 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
1749 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
1750 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1751 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1752 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1753 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1758 #else /* CONFIG_IEEE80211W */
1760 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1766 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1771 #endif /* CONFIG_IEEE80211W */
1774 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1776 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1777 size_t gtk_len, kde_len;
1778 struct wpa_group *gsm = sm->group;
1780 int wpa_ie_len, secure, keyidx, encr = 0;
1782 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1783 sm->TimeoutEvt = FALSE;
1786 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1787 /* No point in sending the EAPOL-Key - we will disconnect
1788 * immediately following this. */
1792 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
1793 GTK[GN], IGTK, [FTIE], [TIE * 2])
1795 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1796 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1797 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
1798 wpa_ie = sm->wpa_auth->wpa_ie;
1799 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1800 if (sm->wpa == WPA_VERSION_WPA &&
1801 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1802 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1803 /* WPA-only STA, remove RSN IE */
1804 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1805 wpa_ie_len = wpa_ie[1] + 2;
1807 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1808 "sending 3/4 msg of 4-Way Handshake");
1809 if (sm->wpa == WPA_VERSION_WPA2) {
1810 /* WPA2 send GTK in the 4-way handshake */
1812 gtk = gsm->GTK[gsm->GN - 1];
1813 gtk_len = gsm->GTK_len;
1818 /* WPA does not include GTK in msg 3/4 */
1826 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1828 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1829 #ifdef CONFIG_IEEE80211R
1830 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1831 kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
1832 kde_len += 300; /* FTIE + 2 * TIE */
1834 #endif /* CONFIG_IEEE80211R */
1835 kde = os_malloc(kde_len);
1840 os_memcpy(pos, wpa_ie, wpa_ie_len);
1842 #ifdef CONFIG_IEEE80211R
1843 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1844 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
1846 wpa_printf(MSG_ERROR, "FT: Failed to insert "
1847 "PMKR1Name into RSN IE in EAPOL-Key data");
1853 #endif /* CONFIG_IEEE80211R */
1856 hdr[0] = keyidx & 0x03;
1858 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1861 pos = ieee80211w_kde_add(sm, pos);
1863 #ifdef CONFIG_IEEE80211R
1864 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1866 struct wpa_auth_config *conf;
1868 conf = &sm->wpa_auth->conf;
1869 res = wpa_write_ftie(conf, conf->r0_key_holder,
1870 conf->r0_key_holder_len,
1871 NULL, NULL, pos, kde + kde_len - pos,
1874 wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE "
1875 "into EAPOL-Key Key Data");
1881 /* TIE[ReassociationDeadline] (TU) */
1882 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1884 *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
1885 WPA_PUT_LE32(pos, conf->reassociation_deadline);
1888 /* TIE[KeyLifetime] (seconds) */
1889 *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
1891 *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
1892 WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
1895 #endif /* CONFIG_IEEE80211R */
1897 wpa_send_eapol(sm->wpa_auth, sm,
1898 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1899 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1900 WPA_KEY_INFO_KEY_TYPE,
1901 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1906 SM_STATE(WPA_PTK, PTKINITDONE)
1908 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1909 sm->EAPOLKeyReceived = FALSE;
1913 if (sm->pairwise == WPA_CIPHER_TKIP) {
1920 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1921 sm->PTK.tk1, klen)) {
1922 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1925 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1926 sm->pairwise_set = TRUE;
1928 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1929 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1930 eloop_register_timeout(sm->wpa_auth->conf.
1931 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1935 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1936 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1937 WPA_EAPOL_authorized, 1);
1941 if (0 /* IBSS == TRUE */) {
1943 if (sm->keycount == 2) {
1944 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1945 WPA_EAPOL_portValid, 1);
1948 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1951 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1952 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1953 if (sm->wpa == WPA_VERSION_WPA)
1954 sm->PInitAKeys = TRUE;
1957 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1958 "pairwise key handshake completed (%s)",
1959 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1961 #ifdef CONFIG_IEEE80211R
1962 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1963 #endif /* CONFIG_IEEE80211R */
1969 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1972 SM_ENTER(WPA_PTK, INITIALIZE);
1973 else if (sm->Disconnect
1974 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1975 SM_ENTER(WPA_PTK, DISCONNECT);
1976 else if (sm->DeauthenticationRequest)
1977 SM_ENTER(WPA_PTK, DISCONNECTED);
1978 else if (sm->AuthenticationRequest)
1979 SM_ENTER(WPA_PTK, AUTHENTICATION);
1980 else if (sm->ReAuthenticationRequest)
1981 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1982 else if (sm->PTKRequest)
1983 SM_ENTER(WPA_PTK, PTKSTART);
1984 else switch (sm->wpa_ptk_state) {
1985 case WPA_PTK_INITIALIZE:
1987 case WPA_PTK_DISCONNECT:
1988 SM_ENTER(WPA_PTK, DISCONNECTED);
1990 case WPA_PTK_DISCONNECTED:
1991 SM_ENTER(WPA_PTK, INITIALIZE);
1993 case WPA_PTK_AUTHENTICATION:
1994 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1996 case WPA_PTK_AUTHENTICATION2:
1997 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1998 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1999 WPA_EAPOL_keyRun) > 0)
2000 SM_ENTER(WPA_PTK, INITPMK);
2001 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
2002 /* FIX: && 802.1X::keyRun */)
2003 SM_ENTER(WPA_PTK, INITPSK);
2005 case WPA_PTK_INITPMK:
2006 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
2007 WPA_EAPOL_keyAvailable) > 0)
2008 SM_ENTER(WPA_PTK, PTKSTART);
2010 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2011 SM_ENTER(WPA_PTK, DISCONNECT);
2014 case WPA_PTK_INITPSK:
2015 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
2016 SM_ENTER(WPA_PTK, PTKSTART);
2018 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2019 "no PSK configured for the STA");
2020 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2021 SM_ENTER(WPA_PTK, DISCONNECT);
2024 case WPA_PTK_PTKSTART:
2025 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2026 sm->EAPOLKeyPairwise)
2027 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2028 else if (sm->TimeoutCtr >
2029 (int) dot11RSNAConfigPairwiseUpdateCount) {
2030 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2031 SM_ENTER(WPA_PTK, DISCONNECT);
2032 } else if (sm->TimeoutEvt)
2033 SM_ENTER(WPA_PTK, PTKSTART);
2035 case WPA_PTK_PTKCALCNEGOTIATING:
2036 if (sm->MICVerified)
2037 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
2038 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2039 sm->EAPOLKeyPairwise)
2040 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
2041 else if (sm->TimeoutEvt)
2042 SM_ENTER(WPA_PTK, PTKSTART);
2044 case WPA_PTK_PTKCALCNEGOTIATING2:
2045 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2047 case WPA_PTK_PTKINITNEGOTIATING:
2048 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2049 sm->EAPOLKeyPairwise && sm->MICVerified)
2050 SM_ENTER(WPA_PTK, PTKINITDONE);
2051 else if (sm->TimeoutCtr >
2052 (int) dot11RSNAConfigPairwiseUpdateCount) {
2053 wpa_auth->dot11RSNA4WayHandshakeFailures++;
2054 SM_ENTER(WPA_PTK, DISCONNECT);
2055 } else if (sm->TimeoutEvt)
2056 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
2058 case WPA_PTK_PTKINITDONE:
2064 SM_STATE(WPA_PTK_GROUP, IDLE)
2066 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
2068 /* Init flag is not cleared here, so avoid busy
2069 * loop by claiming nothing changed. */
2070 sm->changed = FALSE;
2072 sm->GTimeoutCtr = 0;
2076 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
2078 u8 rsc[WPA_KEY_RSC_LEN];
2079 struct wpa_group *gsm = sm->group;
2080 u8 *kde, *pos, hdr[2];
2083 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
2086 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
2087 /* No point in sending the EAPOL-Key - we will disconnect
2088 * immediately following this. */
2092 if (sm->wpa == WPA_VERSION_WPA)
2093 sm->PInitAKeys = FALSE;
2094 sm->TimeoutEvt = FALSE;
2095 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
2096 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
2097 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
2098 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
2099 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2100 "sending 1/2 msg of Group Key Handshake");
2102 if (sm->wpa == WPA_VERSION_WPA2) {
2103 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
2104 ieee80211w_kde_len(sm);
2105 kde = os_malloc(kde_len);
2110 hdr[0] = gsm->GN & 0x03;
2112 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
2113 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
2114 pos = ieee80211w_kde_add(sm, pos);
2116 kde = gsm->GTK[gsm->GN - 1];
2117 pos = kde + gsm->GTK_len;
2120 wpa_send_eapol(sm->wpa_auth, sm,
2121 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
2123 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
2124 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
2125 if (sm->wpa == WPA_VERSION_WPA2)
2130 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
2132 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
2133 sm->EAPOLKeyReceived = FALSE;
2134 if (sm->GUpdateStationKeys)
2135 sm->group->GKeyDoneStations--;
2136 sm->GUpdateStationKeys = FALSE;
2137 sm->GTimeoutCtr = 0;
2138 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
2139 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2140 "group key handshake completed (%s)",
2141 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
2146 SM_STATE(WPA_PTK_GROUP, KEYERROR)
2148 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
2149 if (sm->GUpdateStationKeys)
2150 sm->group->GKeyDoneStations--;
2151 sm->GUpdateStationKeys = FALSE;
2152 sm->Disconnect = TRUE;
2156 SM_STEP(WPA_PTK_GROUP)
2158 if (sm->Init || sm->PtkGroupInit) {
2159 SM_ENTER(WPA_PTK_GROUP, IDLE);
2160 sm->PtkGroupInit = FALSE;
2161 } else switch (sm->wpa_ptk_group_state) {
2162 case WPA_PTK_GROUP_IDLE:
2163 if (sm->GUpdateStationKeys ||
2164 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
2165 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2167 case WPA_PTK_GROUP_REKEYNEGOTIATING:
2168 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
2169 !sm->EAPOLKeyPairwise && sm->MICVerified)
2170 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
2171 else if (sm->GTimeoutCtr >
2172 (int) dot11RSNAConfigGroupUpdateCount)
2173 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
2174 else if (sm->TimeoutEvt)
2175 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
2177 case WPA_PTK_GROUP_KEYERROR:
2178 SM_ENTER(WPA_PTK_GROUP, IDLE);
2180 case WPA_PTK_GROUP_REKEYESTABLISHED:
2181 SM_ENTER(WPA_PTK_GROUP, IDLE);
2187 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
2188 struct wpa_group *group)
2192 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2193 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2194 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
2195 wpa_auth->addr, group->GNonce,
2196 group->GTK[group->GN - 1], group->GTK_len) < 0)
2198 wpa_hexdump_key(MSG_DEBUG, "GTK",
2199 group->GTK[group->GN - 1], group->GTK_len);
2201 #ifdef CONFIG_IEEE80211W
2202 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2203 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
2204 inc_byte_array(group->Counter, WPA_NONCE_LEN);
2205 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
2206 wpa_auth->addr, group->GNonce,
2207 group->IGTK[group->GN_igtk - 4],
2210 wpa_hexdump_key(MSG_DEBUG, "IGTK",
2211 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
2213 #endif /* CONFIG_IEEE80211W */
2219 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
2220 struct wpa_group *group)
2222 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2223 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
2224 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
2225 group->wpa_group_state = WPA_GROUP_GTK_INIT;
2228 os_memset(group->GTK, 0, sizeof(group->GTK));
2231 #ifdef CONFIG_IEEE80211W
2234 #endif /* CONFIG_IEEE80211W */
2235 /* GTK[GN] = CalcGTK() */
2236 wpa_gtk_update(wpa_auth, group);
2240 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
2242 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
2243 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2244 "Not in PTKINITDONE; skip Group Key update");
2247 if (sm->GUpdateStationKeys) {
2249 * This should not really happen, but just in case, make sure
2250 * we do not count the same STA twice in GKeyDoneStations.
2252 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2253 "GUpdateStationKeys already set - do not "
2254 "increment GKeyDoneStations");
2256 sm->group->GKeyDoneStations++;
2257 sm->GUpdateStationKeys = TRUE;
2264 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
2265 struct wpa_group *group)
2269 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2270 "SETKEYS (VLAN-ID %d)", group->vlan_id);
2271 group->changed = TRUE;
2272 group->wpa_group_state = WPA_GROUP_SETKEYS;
2273 group->GTKReKey = FALSE;
2275 group->GM = group->GN;
2277 #ifdef CONFIG_IEEE80211W
2278 tmp = group->GM_igtk;
2279 group->GM_igtk = group->GN_igtk;
2280 group->GN_igtk = tmp;
2281 #endif /* CONFIG_IEEE80211W */
2282 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2283 * counting the STAs that are marked with GUpdateStationKeys instead of
2284 * including all STAs that could be in not-yet-completed state. */
2285 wpa_gtk_update(wpa_auth, group);
2287 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2288 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2289 group->GKeyDoneStations);
2293 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
2294 struct wpa_group *group)
2298 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
2299 wpa_alg_enum(wpa_auth->conf.wpa_group),
2300 broadcast_ether_addr, group->GN,
2301 group->GTK[group->GN - 1], group->GTK_len) < 0)
2304 #ifdef CONFIG_IEEE80211W
2305 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
2306 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
2307 broadcast_ether_addr, group->GN_igtk,
2308 group->IGTK[group->GN_igtk - 4],
2311 #endif /* CONFIG_IEEE80211W */
2317 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2318 struct wpa_group *group)
2320 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2321 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2322 group->changed = TRUE;
2323 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2325 if (wpa_group_config_group_keys(wpa_auth, group) < 0)
2332 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2333 struct wpa_group *group)
2336 wpa_group_gtk_init(wpa_auth, group);
2337 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2338 group->GTKAuthenticator) {
2339 wpa_group_setkeysdone(wpa_auth, group);
2340 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2342 wpa_group_setkeys(wpa_auth, group);
2343 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2344 if (group->GKeyDoneStations == 0)
2345 wpa_group_setkeysdone(wpa_auth, group);
2346 else if (group->GTKReKey)
2347 wpa_group_setkeys(wpa_auth, group);
2352 static int wpa_sm_step(struct wpa_state_machine *sm)
2357 if (sm->in_step_loop) {
2358 /* This should not happen, but if it does, make sure we do not
2359 * end up freeing the state machine too early by exiting the
2360 * recursive call. */
2361 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2365 sm->in_step_loop = 1;
2367 if (sm->pending_deinit)
2370 sm->changed = FALSE;
2371 sm->wpa_auth->group->changed = FALSE;
2373 SM_STEP_RUN(WPA_PTK);
2374 if (sm->pending_deinit)
2376 SM_STEP_RUN(WPA_PTK_GROUP);
2377 if (sm->pending_deinit)
2379 wpa_group_sm_step(sm->wpa_auth, sm->group);
2380 } while (sm->changed || sm->wpa_auth->group->changed);
2381 sm->in_step_loop = 0;
2383 if (sm->pending_deinit) {
2384 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2385 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2386 wpa_free_sta_sm(sm);
2393 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2395 struct wpa_state_machine *sm = eloop_ctx;
2400 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2404 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2408 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2411 struct wpa_group *group;
2413 if (wpa_auth == NULL)
2416 group = wpa_auth->group;
2418 for (i = 0; i < 2; i++) {
2420 group->GM = group->GN;
2422 #ifdef CONFIG_IEEE80211W
2423 tmp = group->GM_igtk;
2424 group->GM_igtk = group->GN_igtk;
2425 group->GN_igtk = tmp;
2426 #endif /* CONFIG_IEEE80211W */
2427 wpa_gtk_update(wpa_auth, group);
2432 static const char * wpa_bool_txt(int bool)
2434 return bool ? "TRUE" : "FALSE";
2438 static int wpa_cipher_bits(int cipher)
2441 case WPA_CIPHER_CCMP:
2443 case WPA_CIPHER_TKIP:
2445 case WPA_CIPHER_WEP104:
2447 case WPA_CIPHER_WEP40:
2455 #define RSN_SUITE "%02x-%02x-%02x-%d"
2456 #define RSN_SUITE_ARG(s) \
2457 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2459 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2462 char pmkid_txt[PMKID_LEN * 2 + 1];
2464 if (wpa_auth == NULL)
2467 ret = os_snprintf(buf + len, buflen - len,
2468 "dot11RSNAOptionImplemented=TRUE\n"
2469 #ifdef CONFIG_RSN_PREAUTH
2470 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2471 #else /* CONFIG_RSN_PREAUTH */
2472 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2473 #endif /* CONFIG_RSN_PREAUTH */
2474 "dot11RSNAEnabled=%s\n"
2475 "dot11RSNAPreauthenticationEnabled=%s\n",
2476 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2477 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2478 if (ret < 0 || (size_t) ret >= buflen - len)
2482 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2483 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2486 buf + len, buflen - len,
2487 "dot11RSNAConfigVersion=%u\n"
2488 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2489 /* FIX: dot11RSNAConfigGroupCipher */
2490 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2491 /* FIX: dot11RSNAConfigGroupRekeyTime */
2492 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2493 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2494 "dot11RSNAConfigGroupUpdateCount=%u\n"
2495 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2496 "dot11RSNAConfigGroupCipherSize=%u\n"
2497 "dot11RSNAConfigPMKLifetime=%u\n"
2498 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2499 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2500 "dot11RSNAConfigSATimeout=%u\n"
2501 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2502 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2503 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2504 "dot11RSNAPMKIDUsed=%s\n"
2505 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2506 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2507 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2508 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2509 "dot11RSNA4WayHandshakeFailures=%u\n"
2510 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2512 !!wpa_auth->conf.wpa_strict_rekey,
2513 dot11RSNAConfigGroupUpdateCount,
2514 dot11RSNAConfigPairwiseUpdateCount,
2515 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2516 dot11RSNAConfigPMKLifetime,
2517 dot11RSNAConfigPMKReauthThreshold,
2518 dot11RSNAConfigSATimeout,
2519 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2520 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2521 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2523 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2524 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2525 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2526 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2527 wpa_auth->dot11RSNA4WayHandshakeFailures);
2528 if (ret < 0 || (size_t) ret >= buflen - len)
2532 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2533 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2536 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2537 wpa_auth->group->wpa_group_state);
2538 if (ret < 0 || (size_t) ret >= buflen - len)
2546 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2554 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2556 /* dot11RSNAStatsEntry */
2558 if (sm->wpa == WPA_VERSION_WPA) {
2559 if (sm->pairwise == WPA_CIPHER_CCMP)
2560 pairwise = WPA_CIPHER_SUITE_CCMP;
2561 else if (sm->pairwise == WPA_CIPHER_TKIP)
2562 pairwise = WPA_CIPHER_SUITE_TKIP;
2563 else if (sm->pairwise == WPA_CIPHER_WEP104)
2564 pairwise = WPA_CIPHER_SUITE_WEP104;
2565 else if (sm->pairwise == WPA_CIPHER_WEP40)
2566 pairwise = WPA_CIPHER_SUITE_WEP40;
2567 else if (sm->pairwise == WPA_CIPHER_NONE)
2568 pairwise = WPA_CIPHER_SUITE_NONE;
2569 } else if (sm->wpa == WPA_VERSION_WPA2) {
2570 if (sm->pairwise == WPA_CIPHER_CCMP)
2571 pairwise = RSN_CIPHER_SUITE_CCMP;
2572 else if (sm->pairwise == WPA_CIPHER_TKIP)
2573 pairwise = RSN_CIPHER_SUITE_TKIP;
2574 else if (sm->pairwise == WPA_CIPHER_WEP104)
2575 pairwise = RSN_CIPHER_SUITE_WEP104;
2576 else if (sm->pairwise == WPA_CIPHER_WEP40)
2577 pairwise = RSN_CIPHER_SUITE_WEP40;
2578 else if (sm->pairwise == WPA_CIPHER_NONE)
2579 pairwise = RSN_CIPHER_SUITE_NONE;
2584 buf + len, buflen - len,
2585 /* TODO: dot11RSNAStatsIndex */
2586 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2587 "dot11RSNAStatsVersion=1\n"
2588 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2589 /* TODO: dot11RSNAStatsTKIPICVErrors */
2590 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2591 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2592 /* TODO: dot11RSNAStatsCCMPReplays */
2593 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2594 /* TODO: dot11RSNAStatsTKIPReplays */,
2596 RSN_SUITE_ARG(pairwise),
2597 sm->dot11RSNAStatsTKIPLocalMICFailures,
2598 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2599 if (ret < 0 || (size_t) ret >= buflen - len)
2604 ret = os_snprintf(buf + len, buflen - len,
2605 "hostapdWPAPTKState=%d\n"
2606 "hostapdWPAPTKGroupState=%d\n",
2608 sm->wpa_ptk_group_state);
2609 if (ret < 0 || (size_t) ret >= buflen - len)
2617 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2620 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2624 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2626 return sm && sm->pairwise_set;
2630 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2632 return sm->pairwise;
2636 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2640 return sm->wpa_key_mgmt;
2644 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2652 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2653 struct rsn_pmksa_cache_entry *entry)
2655 if (sm == NULL || sm->pmksa != entry)
2662 struct rsn_pmksa_cache_entry *
2663 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2665 return sm ? sm->pmksa : NULL;
2669 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2672 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2676 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2678 if (wpa_auth == NULL)
2680 *len = wpa_auth->wpa_ie_len;
2681 return wpa_auth->wpa_ie;
2685 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2686 int session_timeout, struct eapol_state_machine *eapol)
2688 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2691 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2692 sm->wpa_auth->addr, sm->addr, session_timeout,
2693 eapol, sm->wpa_key_mgmt))
2700 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2701 const u8 *pmk, size_t len, const u8 *sta_addr,
2702 int session_timeout,
2703 struct eapol_state_machine *eapol)
2705 if (wpa_auth == NULL)
2708 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2709 sta_addr, session_timeout, eapol,
2710 WPA_KEY_MGMT_IEEE8021X))
2717 static struct wpa_group *
2718 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2720 struct wpa_group *group;
2722 if (wpa_auth == NULL || wpa_auth->group == NULL)
2725 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2727 group = wpa_group_init(wpa_auth, vlan_id);
2731 group->next = wpa_auth->group->next;
2732 wpa_auth->group->next = group;
2738 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2740 struct wpa_group *group;
2742 if (sm == NULL || sm->wpa_auth == NULL)
2745 group = sm->wpa_auth->group;
2747 if (group->vlan_id == vlan_id)
2749 group = group->next;
2752 if (group == NULL) {
2753 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2758 if (sm->group == group)
2761 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2762 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);