2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
17 #ifndef CONFIG_NATIVE_WINDOWS
21 #include "crypto/aes_wrap.h"
22 #include "crypto/crypto.h"
23 #include "crypto/sha1.h"
24 #include "crypto/sha256.h"
25 #include "eapol_auth/eapol_auth_sm.h"
28 #include "ieee802_11.h"
29 #include "pmksa_cache.h"
30 #include "state_machine.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40 static void wpa_sm_step(struct wpa_state_machine *sm);
41 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
45 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
46 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
47 struct wpa_group *group);
49 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
50 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
51 static const u32 eapol_key_timeout_first = 100; /* ms */
52 static const u32 eapol_key_timeout_subseq = 1000; /* ms */
54 /* TODO: make these configurable */
55 static const int dot11RSNAConfigPMKLifetime = 43200;
56 static const int dot11RSNAConfigPMKReauthThreshold = 70;
57 static const int dot11RSNAConfigSATimeout = 60;
60 static inline void wpa_auth_mic_failure_report(
61 struct wpa_authenticator *wpa_auth, const u8 *addr)
63 if (wpa_auth->cb.mic_failure_report)
64 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
68 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
69 const u8 *addr, wpa_eapol_variable var,
72 if (wpa_auth->cb.set_eapol)
73 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
77 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
78 const u8 *addr, wpa_eapol_variable var)
80 if (wpa_auth->cb.get_eapol == NULL)
82 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
86 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
87 const u8 *addr, const u8 *prev_psk)
89 if (wpa_auth->cb.get_psk == NULL)
91 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
95 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
96 const u8 *addr, u8 *msk, size_t *len)
98 if (wpa_auth->cb.get_msk == NULL)
100 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
104 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
106 wpa_alg alg, const u8 *addr, int idx,
107 u8 *key, size_t key_len)
109 if (wpa_auth->cb.set_key == NULL)
111 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
116 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
117 const u8 *addr, int idx, u8 *seq)
119 if (wpa_auth->cb.get_seqnum == NULL)
121 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
126 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
127 const u8 *data, size_t data_len, int encrypt)
129 if (wpa_auth->cb.send_eapol == NULL)
131 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
136 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
137 int (*cb)(struct wpa_state_machine *sm, void *ctx),
140 if (wpa_auth->cb.for_each_sta == NULL)
142 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
146 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
147 int (*cb)(struct wpa_authenticator *a, void *ctx),
150 if (wpa_auth->cb.for_each_auth == NULL)
152 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
156 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
157 logger_level level, const char *txt)
159 if (wpa_auth->cb.logger == NULL)
161 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
165 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
166 logger_level level, const char *fmt, ...)
172 if (wpa_auth->cb.logger == NULL)
175 maxlen = os_strlen(fmt) + 100;
176 format = os_malloc(maxlen);
181 vsnprintf(format, maxlen, fmt, ap);
184 wpa_auth_logger(wpa_auth, addr, level, format);
190 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
193 if (wpa_auth->cb.disconnect == NULL)
195 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
196 WLAN_REASON_PREV_AUTH_NOT_VALID);
200 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
203 #ifdef CONFIG_IEEE80211R
204 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
206 #endif /* CONFIG_IEEE80211R */
207 #ifdef CONFIG_IEEE80211W
208 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
210 #endif /* CONFIG_IEEE80211W */
215 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
217 struct wpa_authenticator *wpa_auth = eloop_ctx;
219 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
220 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
223 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
226 if (wpa_auth->conf.wpa_gmk_rekey) {
227 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
228 wpa_rekey_gmk, wpa_auth, NULL);
233 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
235 struct wpa_authenticator *wpa_auth = eloop_ctx;
236 struct wpa_group *group;
238 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
239 for (group = wpa_auth->group; group; group = group->next) {
240 group->GTKReKey = TRUE;
242 group->changed = FALSE;
243 wpa_group_sm_step(wpa_auth, group);
244 } while (group->changed);
247 if (wpa_auth->conf.wpa_group_rekey) {
248 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
249 0, wpa_rekey_gtk, wpa_auth, NULL);
254 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
256 struct wpa_authenticator *wpa_auth = eloop_ctx;
257 struct wpa_state_machine *sm = timeout_ctx;
259 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
260 wpa_request_new_ptk(sm);
265 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
267 if (sm->pmksa == ctx)
273 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
276 struct wpa_authenticator *wpa_auth = ctx;
277 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
281 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
284 case WPA_CIPHER_CCMP:
287 case WPA_CIPHER_TKIP:
290 case WPA_CIPHER_WEP104:
293 case WPA_CIPHER_WEP40:
300 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
303 struct wpa_group *group;
304 u8 buf[ETH_ALEN + 8 + sizeof(group)];
307 group = os_zalloc(sizeof(struct wpa_group));
311 group->GTKAuthenticator = TRUE;
312 group->vlan_id = vlan_id;
314 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
316 /* Counter = PRF-256(Random number, "Init Counter",
317 * Local MAC Address || Time)
319 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
320 wpa_get_ntp_timestamp(buf + ETH_ALEN);
321 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
322 if (os_get_random(rkey, sizeof(rkey)) ||
323 os_get_random(group->GMK, WPA_GMK_LEN)) {
324 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
330 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
331 group->Counter, WPA_NONCE_LEN);
334 wpa_group_sm_step(wpa_auth, group);
335 group->GInit = FALSE;
336 wpa_group_sm_step(wpa_auth, group);
343 * wpa_init - Initialize WPA authenticator
344 * @addr: Authenticator address
345 * @conf: Configuration for WPA authenticator
346 * @cb: Callback functions for WPA authenticator
347 * Returns: Pointer to WPA authenticator data or %NULL on failure
349 struct wpa_authenticator * wpa_init(const u8 *addr,
350 struct wpa_auth_config *conf,
351 struct wpa_auth_callbacks *cb)
353 struct wpa_authenticator *wpa_auth;
355 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
356 if (wpa_auth == NULL)
358 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
359 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
360 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
362 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
363 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
368 wpa_auth->group = wpa_group_init(wpa_auth, 0);
369 if (wpa_auth->group == NULL) {
370 os_free(wpa_auth->wpa_ie);
375 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
377 if (wpa_auth->pmksa == NULL) {
378 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
379 os_free(wpa_auth->wpa_ie);
384 #ifdef CONFIG_IEEE80211R
385 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
386 if (wpa_auth->ft_pmk_cache == NULL) {
387 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
388 os_free(wpa_auth->wpa_ie);
389 pmksa_cache_auth_deinit(wpa_auth->pmksa);
393 #endif /* CONFIG_IEEE80211R */
395 if (wpa_auth->conf.wpa_gmk_rekey) {
396 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
397 wpa_rekey_gmk, wpa_auth, NULL);
400 if (wpa_auth->conf.wpa_group_rekey) {
401 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
402 wpa_rekey_gtk, wpa_auth, NULL);
410 * wpa_deinit - Deinitialize WPA authenticator
411 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
413 void wpa_deinit(struct wpa_authenticator *wpa_auth)
415 struct wpa_group *group, *prev;
417 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
418 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
420 #ifdef CONFIG_PEERKEY
421 while (wpa_auth->stsl_negotiations)
422 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
423 #endif /* CONFIG_PEERKEY */
425 pmksa_cache_auth_deinit(wpa_auth->pmksa);
427 #ifdef CONFIG_IEEE80211R
428 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
429 wpa_auth->ft_pmk_cache = NULL;
430 #endif /* CONFIG_IEEE80211R */
432 os_free(wpa_auth->wpa_ie);
434 group = wpa_auth->group;
446 * wpa_reconfig - Update WPA authenticator configuration
447 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
448 * @conf: Configuration for WPA authenticator
450 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
451 struct wpa_auth_config *conf)
453 struct wpa_group *group;
454 if (wpa_auth == NULL)
457 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
458 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
459 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
464 * Reinitialize GTK to make sure it is suitable for the new
467 group = wpa_auth->group;
468 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
470 wpa_group_sm_step(wpa_auth, group);
471 group->GInit = FALSE;
472 wpa_group_sm_step(wpa_auth, group);
478 struct wpa_state_machine *
479 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
481 struct wpa_state_machine *sm;
483 sm = os_zalloc(sizeof(struct wpa_state_machine));
486 os_memcpy(sm->addr, addr, ETH_ALEN);
488 sm->wpa_auth = wpa_auth;
489 sm->group = wpa_auth->group;
495 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
496 struct wpa_state_machine *sm)
498 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
501 #ifdef CONFIG_IEEE80211R
502 if (sm->ft_completed) {
503 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
504 "FT authentication already completed - do not "
505 "start 4-way handshake");
508 #endif /* CONFIG_IEEE80211R */
511 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
512 sm->ReAuthenticationRequest = TRUE;
517 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
518 "start authentication");
524 sm->AuthenticationRequest = TRUE;
529 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
531 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
532 * reassociates back to the same AP while the previous entry for the
533 * STA has not yet been removed. */
537 sm->wpa_key_mgmt = 0;
541 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
543 os_free(sm->last_rx_eapol_key);
549 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
554 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
555 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
556 "strict rekeying - force GTK rekey since STA "
558 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
559 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
563 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
564 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
565 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
566 if (sm->in_step_loop) {
567 /* Must not free state machine while wpa_sm_step() is running.
568 * Freeing will be completed in the end of wpa_sm_step(). */
569 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
570 "machine deinit for " MACSTR, MAC2STR(sm->addr));
571 sm->pending_deinit = 1;
577 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
582 sm->PTKRequest = TRUE;
587 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
588 const u8 *replay_counter)
591 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
592 if (!sm->key_replay[i].valid)
594 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
595 WPA_REPLAY_COUNTER_LEN) == 0)
602 void wpa_receive(struct wpa_authenticator *wpa_auth,
603 struct wpa_state_machine *sm,
604 u8 *data, size_t data_len)
606 struct ieee802_1x_hdr *hdr;
607 struct wpa_eapol_key *key;
608 u16 key_info, key_data_length;
609 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
610 SMK_M1, SMK_M3, SMK_ERROR } msg;
612 struct wpa_eapol_ie_parse kde;
614 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
617 if (data_len < sizeof(*hdr) + sizeof(*key))
620 hdr = (struct ieee802_1x_hdr *) data;
621 key = (struct wpa_eapol_key *) (hdr + 1);
622 key_info = WPA_GET_BE16(key->key_info);
623 key_data_length = WPA_GET_BE16(key->key_data_length);
624 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
625 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
626 "key_data overflow (%d > %lu)",
628 (unsigned long) (data_len - sizeof(*hdr) -
633 if (sm->wpa == WPA_VERSION_WPA2) {
634 if (key->type != EAPOL_KEY_TYPE_RSN) {
635 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
636 "unexpected type %d in RSN mode",
641 if (key->type != EAPOL_KEY_TYPE_WPA) {
642 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
643 "unexpected type %d in WPA mode",
649 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
652 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
653 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
654 if (key_info & WPA_KEY_INFO_ERROR) {
656 msgtxt = "SMK Error";
661 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
664 } else if (key_info & WPA_KEY_INFO_REQUEST) {
667 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
669 msgtxt = "2/2 Group";
670 } else if (key_data_length == 0) {
672 msgtxt = "4/4 Pairwise";
675 msgtxt = "2/4 Pairwise";
678 /* TODO: key_info type validation for PeerKey */
679 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
681 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
682 if (sm->pairwise == WPA_CIPHER_CCMP) {
683 if (wpa_use_aes_cmac(sm) &&
684 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
685 wpa_auth_logger(wpa_auth, sm->addr,
687 "advertised support for "
688 "AES-128-CMAC, but did not "
693 if (!wpa_use_aes_cmac(sm) &&
694 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
695 wpa_auth_logger(wpa_auth, sm->addr,
697 "did not use HMAC-SHA1-AES "
704 if (key_info & WPA_KEY_INFO_REQUEST) {
705 if (sm->req_replay_counter_used &&
706 os_memcmp(key->replay_counter, sm->req_replay_counter,
707 WPA_REPLAY_COUNTER_LEN) <= 0) {
708 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
709 "received EAPOL-Key request with "
715 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
716 !wpa_replay_counter_valid(sm, key->replay_counter)) {
718 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
719 "received EAPOL-Key %s with unexpected "
720 "replay counter", msgtxt);
721 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
722 if (!sm->key_replay[i].valid)
724 wpa_hexdump(MSG_DEBUG, "pending replay counter",
725 sm->key_replay[i].counter,
726 WPA_REPLAY_COUNTER_LEN);
728 wpa_hexdump(MSG_DEBUG, "received replay counter",
729 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
735 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
736 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
737 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
738 "received EAPOL-Key msg 2/4 in "
739 "invalid state (%d) - dropped",
743 if (sm->wpa_ie == NULL ||
744 sm->wpa_ie_len != key_data_length ||
745 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
746 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
747 "WPA IE from (Re)AssocReq did not "
748 "match with msg 2/4");
750 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
751 sm->wpa_ie, sm->wpa_ie_len);
753 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
754 (u8 *) (key + 1), key_data_length);
755 /* MLME-DEAUTHENTICATE.request */
756 wpa_sta_disconnect(wpa_auth, sm->addr);
761 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
763 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
764 "received EAPOL-Key msg 4/4 in "
765 "invalid state (%d) - dropped",
771 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
773 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
774 "received EAPOL-Key msg 2/2 in "
775 "invalid state (%d) - dropped",
776 sm->wpa_ptk_group_state);
780 #ifdef CONFIG_PEERKEY
784 if (!wpa_auth->conf.peerkey) {
785 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
786 "PeerKey use disabled - ignoring message");
789 if (!sm->PTK_valid) {
790 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
791 "received EAPOL-Key msg SMK in "
792 "invalid state - dropped");
796 #else /* CONFIG_PEERKEY */
800 return; /* STSL disabled - ignore SMK messages */
801 #endif /* CONFIG_PEERKEY */
806 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
807 "received EAPOL-Key frame (%s)", msgtxt);
809 if (key_info & WPA_KEY_INFO_ACK) {
810 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
811 "received invalid EAPOL-Key: Key Ack set");
815 if (!(key_info & WPA_KEY_INFO_MIC)) {
816 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
817 "received invalid EAPOL-Key: Key MIC not set");
821 sm->MICVerified = FALSE;
823 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
824 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
825 "received EAPOL-Key with invalid MIC");
828 sm->MICVerified = TRUE;
829 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
832 if (key_info & WPA_KEY_INFO_REQUEST) {
833 if (sm->MICVerified) {
834 sm->req_replay_counter_used = 1;
835 os_memcpy(sm->req_replay_counter, key->replay_counter,
836 WPA_REPLAY_COUNTER_LEN);
838 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
839 "received EAPOL-Key request with "
845 * TODO: should decrypt key data field if encryption was used;
846 * even though MAC address KDE is not normally encrypted,
847 * supplicant is allowed to encrypt it.
849 if (msg == SMK_ERROR) {
850 #ifdef CONFIG_PEERKEY
851 wpa_smk_error(wpa_auth, sm, key);
852 #endif /* CONFIG_PEERKEY */
854 } else if (key_info & WPA_KEY_INFO_ERROR) {
855 /* Supplicant reported a Michael MIC error */
856 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
857 "received EAPOL-Key Error Request "
858 "(STA detected Michael MIC failure)");
859 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
860 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
861 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
862 /* Error report is not a request for a new key
863 * handshake, but since Authenticator may do it, let's
864 * change the keys now anyway. */
865 wpa_request_new_ptk(sm);
866 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
867 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
868 "received EAPOL-Key Request for new "
870 wpa_request_new_ptk(sm);
871 #ifdef CONFIG_PEERKEY
872 } else if (msg == SMK_M1) {
873 wpa_smk_m1(wpa_auth, sm, key);
874 #endif /* CONFIG_PEERKEY */
875 } else if (key_data_length > 0 &&
876 wpa_parse_kde_ies((const u8 *) (key + 1),
877 key_data_length, &kde) == 0 &&
880 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
881 "received EAPOL-Key Request for GTK "
883 /* FIX: why was this triggering PTK rekeying for the
884 * STA that requested Group Key rekeying?? */
885 /* wpa_request_new_ptk(sta->wpa_sm); */
886 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
887 wpa_rekey_gtk(wpa_auth, NULL);
890 /* Do not allow the same key replay counter to be reused. This
891 * does also invalidate all other pending replay counters if
892 * retransmissions were used, i.e., we will only process one of
893 * the pending replies and ignore rest if more than one is
895 sm->key_replay[0].valid = FALSE;
898 #ifdef CONFIG_PEERKEY
900 wpa_smk_m3(wpa_auth, sm, key);
903 #endif /* CONFIG_PEERKEY */
905 os_free(sm->last_rx_eapol_key);
906 sm->last_rx_eapol_key = os_malloc(data_len);
907 if (sm->last_rx_eapol_key == NULL)
909 os_memcpy(sm->last_rx_eapol_key, data, data_len);
910 sm->last_rx_eapol_key_len = data_len;
912 sm->EAPOLKeyReceived = TRUE;
913 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
914 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
915 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
920 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
921 u8 *gtk, size_t gtk_len)
923 u8 data[ETH_ALEN + WPA_NONCE_LEN];
925 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
926 os_memcpy(data, addr, ETH_ALEN);
927 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
929 #ifdef CONFIG_IEEE80211W
930 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
931 data, sizeof(data), gtk, gtk_len);
932 #else /* CONFIG_IEEE80211W */
933 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
934 data, sizeof(data), gtk, gtk_len);
935 #endif /* CONFIG_IEEE80211W */
937 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
938 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
942 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
944 struct wpa_authenticator *wpa_auth = eloop_ctx;
945 struct wpa_state_machine *sm = timeout_ctx;
947 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
948 sm->TimeoutEvt = TRUE;
953 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
954 struct wpa_state_machine *sm, int key_info,
955 const u8 *key_rsc, const u8 *nonce,
956 const u8 *kde, size_t kde_len,
957 int keyidx, int encr, int force_version)
959 struct ieee802_1x_hdr *hdr;
960 struct wpa_eapol_key *key;
963 int key_data_len, pad_len = 0;
965 int version, pairwise;
968 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
971 version = force_version;
972 else if (wpa_use_aes_cmac(sm))
973 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
974 else if (sm->pairwise == WPA_CIPHER_CCMP)
975 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
977 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
979 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
981 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
982 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
985 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
986 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
987 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
988 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
989 pairwise, (unsigned long) kde_len, keyidx, encr);
991 key_data_len = kde_len;
993 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
994 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
995 pad_len = key_data_len % 8;
997 pad_len = 8 - pad_len;
998 key_data_len += pad_len + 8;
1001 len += key_data_len;
1003 hdr = os_zalloc(len);
1006 hdr->version = wpa_auth->conf.eapol_version;
1007 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
1008 hdr->length = host_to_be16(len - sizeof(*hdr));
1009 key = (struct wpa_eapol_key *) (hdr + 1);
1011 key->type = sm->wpa == WPA_VERSION_WPA2 ?
1012 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
1013 key_info |= version;
1014 if (encr && sm->wpa == WPA_VERSION_WPA2)
1015 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
1016 if (sm->wpa != WPA_VERSION_WPA2)
1017 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
1018 WPA_PUT_BE16(key->key_info, key_info);
1020 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1022 case WPA_CIPHER_CCMP:
1023 WPA_PUT_BE16(key->key_length, 16);
1025 case WPA_CIPHER_TKIP:
1026 WPA_PUT_BE16(key->key_length, 32);
1028 case WPA_CIPHER_WEP40:
1029 WPA_PUT_BE16(key->key_length, 5);
1031 case WPA_CIPHER_WEP104:
1032 WPA_PUT_BE16(key->key_length, 13);
1035 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1036 WPA_PUT_BE16(key->key_length, 0);
1038 /* FIX: STSL: what to use as key_replay_counter? */
1039 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
1040 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
1041 os_memcpy(sm->key_replay[i].counter,
1042 sm->key_replay[i - 1].counter,
1043 WPA_REPLAY_COUNTER_LEN);
1045 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
1046 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
1047 WPA_REPLAY_COUNTER_LEN);
1048 sm->key_replay[0].valid = TRUE;
1051 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
1054 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
1057 os_memcpy(key + 1, kde, kde_len);
1058 WPA_PUT_BE16(key->key_data_length, kde_len);
1059 } else if (encr && kde) {
1060 buf = os_zalloc(key_data_len);
1066 os_memcpy(pos, kde, kde_len);
1072 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
1074 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
1075 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1076 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
1077 (u8 *) (key + 1))) {
1082 WPA_PUT_BE16(key->key_data_length, key_data_len);
1085 os_memcpy(key->key_iv,
1086 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
1087 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1088 os_memcpy(ek, key->key_iv, 16);
1089 os_memcpy(ek + 16, sm->PTK.kek, 16);
1090 os_memcpy(key + 1, buf, key_data_len);
1091 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
1092 WPA_PUT_BE16(key->key_data_length, key_data_len);
1097 if (key_info & WPA_KEY_INFO_MIC) {
1098 if (!sm->PTK_valid) {
1099 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1100 "PTK not valid when sending EAPOL-Key "
1105 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1109 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1111 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1117 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1118 struct wpa_state_machine *sm, int key_info,
1119 const u8 *key_rsc, const u8 *nonce,
1120 const u8 *kde, size_t kde_len,
1121 int keyidx, int encr)
1124 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1130 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1133 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
1135 timeout_ms = eapol_key_timeout_first;
1137 timeout_ms = eapol_key_timeout_subseq;
1138 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1139 wpa_send_eapol_timeout, wpa_auth, sm);
1143 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1145 struct ieee802_1x_hdr *hdr;
1146 struct wpa_eapol_key *key;
1151 if (data_len < sizeof(*hdr) + sizeof(*key))
1154 hdr = (struct ieee802_1x_hdr *) data;
1155 key = (struct wpa_eapol_key *) (hdr + 1);
1156 key_info = WPA_GET_BE16(key->key_info);
1157 os_memcpy(mic, key->key_mic, 16);
1158 os_memset(key->key_mic, 0, 16);
1159 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1160 data, data_len, key->key_mic) ||
1161 os_memcmp(mic, key->key_mic, 16) != 0)
1163 os_memcpy(key->key_mic, mic, 16);
1168 void wpa_remove_ptk(struct wpa_state_machine *sm)
1170 sm->PTK_valid = FALSE;
1171 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1172 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
1174 sm->pairwise_set = FALSE;
1175 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1179 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1186 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1187 "event %d notification", event);
1195 sm->DeauthenticationRequest = TRUE;
1198 case WPA_REAUTH_EAPOL:
1199 if (sm->GUpdateStationKeys) {
1201 * Reauthentication cancels the pending group key
1202 * update for this STA.
1204 sm->group->GKeyDoneStations--;
1205 sm->GUpdateStationKeys = FALSE;
1206 sm->PtkGroupInit = TRUE;
1208 sm->ReAuthenticationRequest = TRUE;
1211 #ifdef CONFIG_IEEE80211R
1212 /* Using FT protocol, not WPA auth state machine */
1213 sm->ft_completed = 1;
1215 #else /* CONFIG_IEEE80211R */
1217 #endif /* CONFIG_IEEE80211R */
1220 #ifdef CONFIG_IEEE80211R
1221 sm->ft_completed = 0;
1222 #endif /* CONFIG_IEEE80211R */
1224 #ifdef CONFIG_IEEE80211W
1225 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1227 #endif /* CONFIG_IEEE80211W */
1230 sm->PTK_valid = FALSE;
1231 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1233 if (event != WPA_REAUTH_EAPOL)
1241 static wpa_alg wpa_alg_enum(int alg)
1244 case WPA_CIPHER_CCMP:
1245 return WPA_ALG_CCMP;
1246 case WPA_CIPHER_TKIP:
1247 return WPA_ALG_TKIP;
1248 case WPA_CIPHER_WEP104:
1249 case WPA_CIPHER_WEP40:
1252 return WPA_ALG_NONE;
1257 SM_STATE(WPA_PTK, INITIALIZE)
1259 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1261 /* Init flag is not cleared here, so avoid busy
1262 * loop by claiming nothing changed. */
1263 sm->changed = FALSE;
1267 if (sm->GUpdateStationKeys)
1268 sm->group->GKeyDoneStations--;
1269 sm->GUpdateStationKeys = FALSE;
1270 if (sm->wpa == WPA_VERSION_WPA)
1271 sm->PInitAKeys = FALSE;
1272 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1273 * Local AA > Remote AA)) */) {
1276 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1278 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1280 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1281 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1282 WPA_EAPOL_authorized, 0);
1287 SM_STATE(WPA_PTK, DISCONNECT)
1289 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1290 sm->Disconnect = FALSE;
1291 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1295 SM_STATE(WPA_PTK, DISCONNECTED)
1297 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1298 sm->DeauthenticationRequest = FALSE;
1302 SM_STATE(WPA_PTK, AUTHENTICATION)
1304 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1305 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1306 sm->PTK_valid = FALSE;
1307 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1309 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1310 sm->AuthenticationRequest = FALSE;
1314 SM_STATE(WPA_PTK, AUTHENTICATION2)
1316 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1317 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1318 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1319 sm->ReAuthenticationRequest = FALSE;
1320 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1321 * logical place than INITIALIZE since AUTHENTICATION2 can be
1322 * re-entered on ReAuthenticationRequest without going through
1328 SM_STATE(WPA_PTK, INITPMK)
1330 u8 msk[2 * PMK_LEN];
1331 size_t len = 2 * PMK_LEN;
1333 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1334 #ifdef CONFIG_IEEE80211R
1336 #endif /* CONFIG_IEEE80211R */
1338 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1339 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1340 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1341 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1342 "(len=%lu)", (unsigned long) len);
1343 os_memcpy(sm->PMK, msk, PMK_LEN);
1344 #ifdef CONFIG_IEEE80211R
1345 if (len >= 2 * PMK_LEN) {
1346 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1347 sm->xxkey_len = PMK_LEN;
1349 #endif /* CONFIG_IEEE80211R */
1351 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1354 sm->req_replay_counter_used = 0;
1355 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1356 * will break reauthentication since EAPOL state machines may not be
1357 * get into AUTHENTICATING state that clears keyRun before WPA state
1358 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1359 * state and takes PMK from the previously used AAA Key. This will
1360 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1361 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1362 * be good workaround for this issue. */
1363 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1367 SM_STATE(WPA_PTK, INITPSK)
1370 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1371 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1373 os_memcpy(sm->PMK, psk, PMK_LEN);
1374 #ifdef CONFIG_IEEE80211R
1375 os_memcpy(sm->xxkey, psk, PMK_LEN);
1376 sm->xxkey_len = PMK_LEN;
1377 #endif /* CONFIG_IEEE80211R */
1379 sm->req_replay_counter_used = 0;
1383 SM_STATE(WPA_PTK, PTKSTART)
1385 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1386 size_t pmkid_len = 0;
1388 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1389 sm->PTKRequest = FALSE;
1390 sm->TimeoutEvt = FALSE;
1393 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1394 /* No point in sending the EAPOL-Key - we will disconnect
1395 * immediately following this. */
1399 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1400 "sending 1/4 msg of 4-Way Handshake");
1402 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1403 * one possible PSK for this STA.
1405 if (sm->wpa == WPA_VERSION_WPA2 &&
1406 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
1408 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1409 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1410 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1411 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1413 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1414 sm->pmksa->pmkid, PMKID_LEN);
1417 * Calculate PMKID since no PMKSA cache entry was
1418 * available with pre-calculated PMKID.
1420 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1421 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
1422 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1425 wpa_send_eapol(sm->wpa_auth, sm,
1426 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1427 sm->ANonce, pmkid, pmkid_len, 0, 0);
1431 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1432 struct wpa_ptk *ptk)
1434 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
1435 #ifdef CONFIG_IEEE80211R
1436 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
1437 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
1438 #endif /* CONFIG_IEEE80211R */
1440 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1441 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1442 (u8 *) ptk, ptk_len,
1443 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
1449 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1453 const u8 *pmk = NULL;
1455 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1456 sm->EAPOLKeyReceived = FALSE;
1458 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1459 * WPA-PSK: iterate through possible PSKs and select the one matching
1462 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1463 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1469 wpa_derive_ptk(sm, pmk, &PTK);
1471 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1472 sm->last_rx_eapol_key_len) == 0) {
1477 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
1482 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1483 "invalid MIC in msg 2/4 of 4-Way Handshake");
1487 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1489 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1490 /* PSK may have changed from the previous choice, so update
1491 * state machine data based on whatever PSK was selected here.
1493 os_memcpy(sm->PMK, pmk, PMK_LEN);
1496 sm->MICVerified = TRUE;
1498 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1499 sm->PTK_valid = TRUE;
1503 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1505 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1510 #ifdef CONFIG_IEEE80211W
1512 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1514 if (sm->mgmt_frame_prot) {
1515 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1522 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1524 struct wpa_igtk_kde igtk;
1525 struct wpa_group *gsm = sm->group;
1527 if (!sm->mgmt_frame_prot)
1530 igtk.keyid[0] = gsm->GN_igtk;
1532 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
1533 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1534 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1535 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1536 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1541 #else /* CONFIG_IEEE80211W */
1543 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1549 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1554 #endif /* CONFIG_IEEE80211W */
1557 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1559 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1560 size_t gtk_len, kde_len;
1561 struct wpa_group *gsm = sm->group;
1563 int wpa_ie_len, secure, keyidx, encr = 0;
1565 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1566 sm->TimeoutEvt = FALSE;
1569 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
1570 /* No point in sending the EAPOL-Key - we will disconnect
1571 * immediately following this. */
1575 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1577 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1578 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1579 wpa_ie = sm->wpa_auth->wpa_ie;
1580 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1581 if (sm->wpa == WPA_VERSION_WPA &&
1582 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1583 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1584 /* WPA-only STA, remove RSN IE */
1585 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1586 wpa_ie_len = wpa_ie[1] + 2;
1588 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1589 "sending 3/4 msg of 4-Way Handshake");
1590 if (sm->wpa == WPA_VERSION_WPA2) {
1591 /* WPA2 send GTK in the 4-way handshake */
1593 gtk = gsm->GTK[gsm->GN - 1];
1594 gtk_len = gsm->GTK_len;
1599 /* WPA does not include GTK in msg 3/4 */
1607 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1609 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1610 kde = os_malloc(kde_len);
1615 os_memcpy(pos, wpa_ie, wpa_ie_len);
1619 hdr[0] = keyidx & 0x03;
1621 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1624 pos = ieee80211w_kde_add(sm, pos);
1626 wpa_send_eapol(sm->wpa_auth, sm,
1627 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1628 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1629 WPA_KEY_INFO_KEY_TYPE,
1630 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1635 SM_STATE(WPA_PTK, PTKINITDONE)
1637 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1638 sm->EAPOLKeyReceived = FALSE;
1642 if (sm->pairwise == WPA_CIPHER_TKIP) {
1649 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1650 sm->PTK.tk1, klen)) {
1651 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1654 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1655 sm->pairwise_set = TRUE;
1657 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
1658 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1659 eloop_register_timeout(sm->wpa_auth->conf.
1660 wpa_ptk_rekey, 0, wpa_rekey_ptk,
1664 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
1665 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1666 WPA_EAPOL_authorized, 1);
1670 if (0 /* IBSS == TRUE */) {
1672 if (sm->keycount == 2) {
1673 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1674 WPA_EAPOL_portValid, 1);
1677 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1680 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1681 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1682 if (sm->wpa == WPA_VERSION_WPA)
1683 sm->PInitAKeys = TRUE;
1686 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1687 "pairwise key handshake completed (%s)",
1688 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1690 #ifdef CONFIG_IEEE80211R
1691 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1692 #endif /* CONFIG_IEEE80211R */
1698 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1701 SM_ENTER(WPA_PTK, INITIALIZE);
1702 else if (sm->Disconnect
1703 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1704 SM_ENTER(WPA_PTK, DISCONNECT);
1705 else if (sm->DeauthenticationRequest)
1706 SM_ENTER(WPA_PTK, DISCONNECTED);
1707 else if (sm->AuthenticationRequest)
1708 SM_ENTER(WPA_PTK, AUTHENTICATION);
1709 else if (sm->ReAuthenticationRequest)
1710 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1711 else if (sm->PTKRequest)
1712 SM_ENTER(WPA_PTK, PTKSTART);
1713 else switch (sm->wpa_ptk_state) {
1714 case WPA_PTK_INITIALIZE:
1716 case WPA_PTK_DISCONNECT:
1717 SM_ENTER(WPA_PTK, DISCONNECTED);
1719 case WPA_PTK_DISCONNECTED:
1720 SM_ENTER(WPA_PTK, INITIALIZE);
1722 case WPA_PTK_AUTHENTICATION:
1723 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1725 case WPA_PTK_AUTHENTICATION2:
1726 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
1727 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1728 WPA_EAPOL_keyRun) > 0)
1729 SM_ENTER(WPA_PTK, INITPMK);
1730 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
1731 /* FIX: && 802.1X::keyRun */)
1732 SM_ENTER(WPA_PTK, INITPSK);
1734 case WPA_PTK_INITPMK:
1735 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1736 WPA_EAPOL_keyAvailable) > 0)
1737 SM_ENTER(WPA_PTK, PTKSTART);
1739 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1740 SM_ENTER(WPA_PTK, DISCONNECT);
1743 case WPA_PTK_INITPSK:
1744 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1745 SM_ENTER(WPA_PTK, PTKSTART);
1747 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1748 "no PSK configured for the STA");
1749 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1750 SM_ENTER(WPA_PTK, DISCONNECT);
1753 case WPA_PTK_PTKSTART:
1754 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1755 sm->EAPOLKeyPairwise)
1756 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1757 else if (sm->TimeoutCtr >
1758 (int) dot11RSNAConfigPairwiseUpdateCount) {
1759 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1760 SM_ENTER(WPA_PTK, DISCONNECT);
1761 } else if (sm->TimeoutEvt)
1762 SM_ENTER(WPA_PTK, PTKSTART);
1764 case WPA_PTK_PTKCALCNEGOTIATING:
1765 if (sm->MICVerified)
1766 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1767 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1768 sm->EAPOLKeyPairwise)
1769 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1770 else if (sm->TimeoutEvt)
1771 SM_ENTER(WPA_PTK, PTKSTART);
1773 case WPA_PTK_PTKCALCNEGOTIATING2:
1774 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1776 case WPA_PTK_PTKINITNEGOTIATING:
1777 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1778 sm->EAPOLKeyPairwise && sm->MICVerified)
1779 SM_ENTER(WPA_PTK, PTKINITDONE);
1780 else if (sm->TimeoutCtr >
1781 (int) dot11RSNAConfigPairwiseUpdateCount) {
1782 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1783 SM_ENTER(WPA_PTK, DISCONNECT);
1784 } else if (sm->TimeoutEvt)
1785 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1787 case WPA_PTK_PTKINITDONE:
1793 SM_STATE(WPA_PTK_GROUP, IDLE)
1795 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1797 /* Init flag is not cleared here, so avoid busy
1798 * loop by claiming nothing changed. */
1799 sm->changed = FALSE;
1801 sm->GTimeoutCtr = 0;
1805 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1807 u8 rsc[WPA_KEY_RSC_LEN];
1808 struct wpa_group *gsm = sm->group;
1809 u8 *kde, *pos, hdr[2];
1812 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
1815 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
1816 /* No point in sending the EAPOL-Key - we will disconnect
1817 * immediately following this. */
1821 if (sm->wpa == WPA_VERSION_WPA)
1822 sm->PInitAKeys = FALSE;
1823 sm->TimeoutEvt = FALSE;
1824 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1825 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1826 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1827 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1828 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1829 "sending 1/2 msg of Group Key Handshake");
1831 if (sm->wpa == WPA_VERSION_WPA2) {
1832 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1833 ieee80211w_kde_len(sm);
1834 kde = os_malloc(kde_len);
1839 hdr[0] = gsm->GN & 0x03;
1841 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1842 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1843 pos = ieee80211w_kde_add(sm, pos);
1845 kde = gsm->GTK[gsm->GN - 1];
1846 pos = kde + gsm->GTK_len;
1849 wpa_send_eapol(sm->wpa_auth, sm,
1850 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1852 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1853 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1854 if (sm->wpa == WPA_VERSION_WPA2)
1859 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1861 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1862 sm->EAPOLKeyReceived = FALSE;
1863 if (sm->GUpdateStationKeys)
1864 sm->group->GKeyDoneStations--;
1865 sm->GUpdateStationKeys = FALSE;
1866 sm->GTimeoutCtr = 0;
1867 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1868 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1869 "group key handshake completed (%s)",
1870 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1875 SM_STATE(WPA_PTK_GROUP, KEYERROR)
1877 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1878 if (sm->GUpdateStationKeys)
1879 sm->group->GKeyDoneStations--;
1880 sm->GUpdateStationKeys = FALSE;
1881 sm->Disconnect = TRUE;
1885 SM_STEP(WPA_PTK_GROUP)
1887 if (sm->Init || sm->PtkGroupInit) {
1888 SM_ENTER(WPA_PTK_GROUP, IDLE);
1889 sm->PtkGroupInit = FALSE;
1890 } else switch (sm->wpa_ptk_group_state) {
1891 case WPA_PTK_GROUP_IDLE:
1892 if (sm->GUpdateStationKeys ||
1893 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1894 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1896 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1897 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1898 !sm->EAPOLKeyPairwise && sm->MICVerified)
1899 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1900 else if (sm->GTimeoutCtr >
1901 (int) dot11RSNAConfigGroupUpdateCount)
1902 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1903 else if (sm->TimeoutEvt)
1904 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1906 case WPA_PTK_GROUP_KEYERROR:
1907 SM_ENTER(WPA_PTK_GROUP, IDLE);
1909 case WPA_PTK_GROUP_REKEYESTABLISHED:
1910 SM_ENTER(WPA_PTK_GROUP, IDLE);
1916 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1917 struct wpa_group *group)
1921 /* FIX: is this the correct way of getting GNonce? */
1922 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1923 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1924 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1925 group->GTK[group->GN - 1], group->GTK_len);
1927 #ifdef CONFIG_IEEE80211W
1928 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1929 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1930 WPA_IGTK_LEN) < 0) {
1931 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1935 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1936 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1938 #endif /* CONFIG_IEEE80211W */
1944 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1945 struct wpa_group *group)
1947 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1948 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1949 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1950 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1953 os_memset(group->GTK, 0, sizeof(group->GTK));
1956 #ifdef CONFIG_IEEE80211W
1959 #endif /* CONFIG_IEEE80211W */
1960 /* GTK[GN] = CalcGTK() */
1961 wpa_gtk_update(wpa_auth, group);
1965 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1967 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1968 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1969 "Not in PTKINITDONE; skip Group Key update");
1972 if (sm->GUpdateStationKeys) {
1974 * This should not really happen, but just in case, make sure
1975 * we do not count the same STA twice in GKeyDoneStations.
1977 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1978 "GUpdateStationKeys already set - do not "
1979 "increment GKeyDoneStations");
1981 sm->group->GKeyDoneStations++;
1982 sm->GUpdateStationKeys = TRUE;
1989 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1990 struct wpa_group *group)
1994 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1995 "SETKEYS (VLAN-ID %d)", group->vlan_id);
1996 group->changed = TRUE;
1997 group->wpa_group_state = WPA_GROUP_SETKEYS;
1998 group->GTKReKey = FALSE;
2000 group->GM = group->GN;
2002 #ifdef CONFIG_IEEE80211W
2003 tmp = group->GM_igtk;
2004 group->GM_igtk = group->GN_igtk;
2005 group->GN_igtk = tmp;
2006 #endif /* CONFIG_IEEE80211W */
2007 /* "GKeyDoneStations = GNoStations" is done in more robust way by
2008 * counting the STAs that are marked with GUpdateStationKeys instead of
2009 * including all STAs that could be in not-yet-completed state. */
2010 wpa_gtk_update(wpa_auth, group);
2012 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
2013 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
2014 group->GKeyDoneStations);
2018 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
2019 struct wpa_group *group)
2021 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
2022 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
2023 group->changed = TRUE;
2024 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
2025 wpa_auth_set_key(wpa_auth, group->vlan_id,
2026 wpa_alg_enum(wpa_auth->conf.wpa_group),
2027 NULL, group->GN, group->GTK[group->GN - 1],
2030 #ifdef CONFIG_IEEE80211W
2031 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
2032 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
2033 NULL, group->GN_igtk,
2034 group->IGTK[group->GN_igtk - 4],
2037 #endif /* CONFIG_IEEE80211W */
2041 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
2042 struct wpa_group *group)
2045 wpa_group_gtk_init(wpa_auth, group);
2046 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
2047 group->GTKAuthenticator) {
2048 wpa_group_setkeysdone(wpa_auth, group);
2049 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
2051 wpa_group_setkeys(wpa_auth, group);
2052 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
2053 if (group->GKeyDoneStations == 0)
2054 wpa_group_setkeysdone(wpa_auth, group);
2055 else if (group->GTKReKey)
2056 wpa_group_setkeys(wpa_auth, group);
2061 static void wpa_sm_step(struct wpa_state_machine *sm)
2066 if (sm->in_step_loop) {
2067 /* This should not happen, but if it does, make sure we do not
2068 * end up freeing the state machine too early by exiting the
2069 * recursive call. */
2070 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
2074 sm->in_step_loop = 1;
2076 if (sm->pending_deinit)
2079 sm->changed = FALSE;
2080 sm->wpa_auth->group->changed = FALSE;
2082 SM_STEP_RUN(WPA_PTK);
2083 if (sm->pending_deinit)
2085 SM_STEP_RUN(WPA_PTK_GROUP);
2086 if (sm->pending_deinit)
2088 wpa_group_sm_step(sm->wpa_auth, sm->group);
2089 } while (sm->changed || sm->wpa_auth->group->changed);
2090 sm->in_step_loop = 0;
2092 if (sm->pending_deinit) {
2093 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
2094 "machine deinit for " MACSTR, MAC2STR(sm->addr));
2095 wpa_free_sta_sm(sm);
2100 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
2102 struct wpa_state_machine *sm = eloop_ctx;
2107 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
2111 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
2115 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
2118 struct wpa_group *group;
2120 if (wpa_auth == NULL)
2123 group = wpa_auth->group;
2125 for (i = 0; i < 2; i++) {
2127 group->GM = group->GN;
2129 #ifdef CONFIG_IEEE80211W
2130 tmp = group->GM_igtk;
2131 group->GM_igtk = group->GN_igtk;
2132 group->GN_igtk = tmp;
2133 #endif /* CONFIG_IEEE80211W */
2134 wpa_gtk_update(wpa_auth, group);
2139 static const char * wpa_bool_txt(int bool)
2141 return bool ? "TRUE" : "FALSE";
2145 static int wpa_cipher_bits(int cipher)
2148 case WPA_CIPHER_CCMP:
2150 case WPA_CIPHER_TKIP:
2152 case WPA_CIPHER_WEP104:
2154 case WPA_CIPHER_WEP40:
2162 #define RSN_SUITE "%02x-%02x-%02x-%d"
2163 #define RSN_SUITE_ARG(s) \
2164 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2166 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2169 char pmkid_txt[PMKID_LEN * 2 + 1];
2171 if (wpa_auth == NULL)
2174 ret = os_snprintf(buf + len, buflen - len,
2175 "dot11RSNAOptionImplemented=TRUE\n"
2176 #ifdef CONFIG_RSN_PREAUTH
2177 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2178 #else /* CONFIG_RSN_PREAUTH */
2179 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2180 #endif /* CONFIG_RSN_PREAUTH */
2181 "dot11RSNAEnabled=%s\n"
2182 "dot11RSNAPreauthenticationEnabled=%s\n",
2183 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2184 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2185 if (ret < 0 || (size_t) ret >= buflen - len)
2189 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2190 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2193 buf + len, buflen - len,
2194 "dot11RSNAConfigVersion=%u\n"
2195 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2196 /* FIX: dot11RSNAConfigGroupCipher */
2197 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2198 /* FIX: dot11RSNAConfigGroupRekeyTime */
2199 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2200 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2201 "dot11RSNAConfigGroupUpdateCount=%u\n"
2202 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2203 "dot11RSNAConfigGroupCipherSize=%u\n"
2204 "dot11RSNAConfigPMKLifetime=%u\n"
2205 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2206 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2207 "dot11RSNAConfigSATimeout=%u\n"
2208 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2209 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2210 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2211 "dot11RSNAPMKIDUsed=%s\n"
2212 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2213 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2214 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2215 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2216 "dot11RSNA4WayHandshakeFailures=%u\n"
2217 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2219 !!wpa_auth->conf.wpa_strict_rekey,
2220 dot11RSNAConfigGroupUpdateCount,
2221 dot11RSNAConfigPairwiseUpdateCount,
2222 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2223 dot11RSNAConfigPMKLifetime,
2224 dot11RSNAConfigPMKReauthThreshold,
2225 dot11RSNAConfigSATimeout,
2226 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2227 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2228 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2230 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2231 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2232 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2233 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2234 wpa_auth->dot11RSNA4WayHandshakeFailures);
2235 if (ret < 0 || (size_t) ret >= buflen - len)
2239 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2240 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2243 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2244 wpa_auth->group->wpa_group_state);
2245 if (ret < 0 || (size_t) ret >= buflen - len)
2253 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2261 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2263 /* dot11RSNAStatsEntry */
2265 if (sm->wpa == WPA_VERSION_WPA) {
2266 if (sm->pairwise == WPA_CIPHER_CCMP)
2267 pairwise = WPA_CIPHER_SUITE_CCMP;
2268 else if (sm->pairwise == WPA_CIPHER_TKIP)
2269 pairwise = WPA_CIPHER_SUITE_TKIP;
2270 else if (sm->pairwise == WPA_CIPHER_WEP104)
2271 pairwise = WPA_CIPHER_SUITE_WEP104;
2272 else if (sm->pairwise == WPA_CIPHER_WEP40)
2273 pairwise = WPA_CIPHER_SUITE_WEP40;
2274 else if (sm->pairwise == WPA_CIPHER_NONE)
2275 pairwise = WPA_CIPHER_SUITE_NONE;
2276 } else if (sm->wpa == WPA_VERSION_WPA2) {
2277 if (sm->pairwise == WPA_CIPHER_CCMP)
2278 pairwise = RSN_CIPHER_SUITE_CCMP;
2279 else if (sm->pairwise == WPA_CIPHER_TKIP)
2280 pairwise = RSN_CIPHER_SUITE_TKIP;
2281 else if (sm->pairwise == WPA_CIPHER_WEP104)
2282 pairwise = RSN_CIPHER_SUITE_WEP104;
2283 else if (sm->pairwise == WPA_CIPHER_WEP40)
2284 pairwise = RSN_CIPHER_SUITE_WEP40;
2285 else if (sm->pairwise == WPA_CIPHER_NONE)
2286 pairwise = RSN_CIPHER_SUITE_NONE;
2291 buf + len, buflen - len,
2292 /* TODO: dot11RSNAStatsIndex */
2293 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2294 "dot11RSNAStatsVersion=1\n"
2295 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2296 /* TODO: dot11RSNAStatsTKIPICVErrors */
2297 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2298 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2299 /* TODO: dot11RSNAStatsCCMPReplays */
2300 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2301 /* TODO: dot11RSNAStatsTKIPReplays */,
2303 RSN_SUITE_ARG(pairwise),
2304 sm->dot11RSNAStatsTKIPLocalMICFailures,
2305 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2306 if (ret < 0 || (size_t) ret >= buflen - len)
2311 ret = os_snprintf(buf + len, buflen - len,
2312 "hostapdWPAPTKState=%d\n"
2313 "hostapdWPAPTKGroupState=%d\n",
2315 sm->wpa_ptk_group_state);
2316 if (ret < 0 || (size_t) ret >= buflen - len)
2324 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2327 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2331 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2333 return sm && sm->pairwise_set;
2337 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
2339 return sm->pairwise;
2343 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2347 return sm->wpa_key_mgmt;
2351 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2359 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2360 struct rsn_pmksa_cache_entry *entry)
2362 if (sm == NULL || sm->pmksa != entry)
2369 struct rsn_pmksa_cache_entry *
2370 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2372 return sm ? sm->pmksa : NULL;
2376 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2379 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2383 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2385 if (wpa_auth == NULL)
2387 *len = wpa_auth->wpa_ie_len;
2388 return wpa_auth->wpa_ie;
2392 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2393 int session_timeout, struct eapol_state_machine *eapol)
2395 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2398 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2399 sm->wpa_auth->addr, sm->addr, session_timeout,
2400 eapol, sm->wpa_key_mgmt))
2407 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2408 const u8 *pmk, size_t len, const u8 *sta_addr,
2409 int session_timeout,
2410 struct eapol_state_machine *eapol)
2412 if (wpa_auth == NULL)
2415 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2416 sta_addr, session_timeout, eapol,
2417 WPA_KEY_MGMT_IEEE8021X))
2424 static struct wpa_group *
2425 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2427 struct wpa_group *group;
2429 if (wpa_auth == NULL || wpa_auth->group == NULL)
2432 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2434 group = wpa_group_init(wpa_auth, vlan_id);
2438 group->next = wpa_auth->group->next;
2439 wpa_auth->group->next = group;
2445 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2447 struct wpa_group *group;
2449 if (sm == NULL || sm->wpa_auth == NULL)
2452 group = sm->wpa_auth->group;
2454 if (group->vlan_id == vlan_id)
2456 group = group->next;
2459 if (group == NULL) {
2460 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2465 if (sm->group == group)
2468 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2469 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2475 #endif /* CONFIG_NATIVE_WINDOWS */