2 * hostapd - IEEE 802.11i-2004 / WPA Authenticator
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
17 #ifndef CONFIG_NATIVE_WINDOWS
28 #include "ieee802_11.h"
29 #include "pmksa_cache.h"
30 #include "state_machine.h"
31 #include "wpa_auth_i.h"
32 #include "wpa_auth_ie.h"
34 #define STATE_MACHINE_DATA struct wpa_state_machine
35 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
36 #define STATE_MACHINE_ADDR sm->addr
39 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
40 static void wpa_sm_step(struct wpa_state_machine *sm);
41 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
42 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
43 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
44 struct wpa_group *group);
46 /* Default timeouts are 100 ms, but this seems to be a bit too fast for most
47 * WPA Supplicants, so use a bit longer timeout. */
48 static const u32 dot11RSNAConfigGroupUpdateTimeOut = 1000; /* ms */
49 static const u32 dot11RSNAConfigGroupUpdateCount = 3;
50 static const u32 dot11RSNAConfigPairwiseUpdateTimeOut = 1000; /* ms */
51 static const u32 dot11RSNAConfigPairwiseUpdateCount = 3;
53 /* TODO: make these configurable */
54 static const int dot11RSNAConfigPMKLifetime = 43200;
55 static const int dot11RSNAConfigPMKReauthThreshold = 70;
56 static const int dot11RSNAConfigSATimeout = 60;
59 static inline void wpa_auth_mic_failure_report(
60 struct wpa_authenticator *wpa_auth, const u8 *addr)
62 if (wpa_auth->cb.mic_failure_report)
63 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
67 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
68 const u8 *addr, wpa_eapol_variable var,
71 if (wpa_auth->cb.set_eapol)
72 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
76 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
77 const u8 *addr, wpa_eapol_variable var)
79 if (wpa_auth->cb.get_eapol == NULL)
81 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
85 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
86 const u8 *addr, const u8 *prev_psk)
88 if (wpa_auth->cb.get_psk == NULL)
90 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
94 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
95 const u8 *addr, u8 *msk, size_t *len)
97 if (wpa_auth->cb.get_msk == NULL)
99 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
103 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
105 const char *alg, const u8 *addr, int idx,
106 u8 *key, size_t key_len)
108 if (wpa_auth->cb.set_key == NULL)
110 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
115 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
116 const u8 *addr, int idx, u8 *seq)
118 if (wpa_auth->cb.get_seqnum == NULL)
120 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
124 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
125 const u8 *addr, int idx, u8 *seq)
127 if (wpa_auth->cb.get_seqnum_igtk == NULL)
129 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
134 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
135 const u8 *data, size_t data_len, int encrypt)
137 if (wpa_auth->cb.send_eapol == NULL)
139 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
144 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
145 int (*cb)(struct wpa_state_machine *sm, void *ctx),
148 if (wpa_auth->cb.for_each_sta == NULL)
150 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
154 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
155 logger_level level, const char *txt)
157 if (wpa_auth->cb.logger == NULL)
159 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
163 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
164 logger_level level, const char *fmt, ...)
170 if (wpa_auth->cb.logger == NULL)
173 maxlen = os_strlen(fmt) + 100;
174 format = os_malloc(maxlen);
179 vsnprintf(format, maxlen, fmt, ap);
182 wpa_auth_logger(wpa_auth, addr, level, format);
188 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
191 if (wpa_auth->cb.disconnect == NULL)
193 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
194 WLAN_REASON_PREV_AUTH_NOT_VALID);
198 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
200 #ifdef CONFIG_IEEE80211R
201 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
202 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK;
203 #else /* CONFIG_IEEE80211R */
205 #endif /* CONFIG_IEEE80211R */
209 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
211 struct wpa_authenticator *wpa_auth = eloop_ctx;
213 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
214 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
217 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
220 if (wpa_auth->conf.wpa_gmk_rekey) {
221 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
222 wpa_rekey_gmk, wpa_auth, NULL);
227 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
229 struct wpa_authenticator *wpa_auth = eloop_ctx;
230 struct wpa_group *group;
232 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
233 for (group = wpa_auth->group; group; group = group->next) {
234 group->GTKReKey = TRUE;
236 group->changed = FALSE;
237 wpa_group_sm_step(wpa_auth, group);
238 } while (group->changed);
241 if (wpa_auth->conf.wpa_group_rekey) {
242 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
243 0, wpa_rekey_gtk, wpa_auth, NULL);
248 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
250 if (sm->pmksa == ctx)
256 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
259 struct wpa_authenticator *wpa_auth = ctx;
260 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
264 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
267 struct wpa_group *group;
268 u8 buf[ETH_ALEN + 8 + sizeof(group)];
271 group = os_zalloc(sizeof(struct wpa_group));
275 group->GTKAuthenticator = TRUE;
276 group->vlan_id = vlan_id;
278 switch (wpa_auth->conf.wpa_group) {
279 case WPA_CIPHER_CCMP:
282 case WPA_CIPHER_TKIP:
285 case WPA_CIPHER_WEP104:
288 case WPA_CIPHER_WEP40:
293 /* Counter = PRF-256(Random number, "Init Counter",
294 * Local MAC Address || Time)
296 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
297 wpa_get_ntp_timestamp(buf + ETH_ALEN);
298 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
299 if (os_get_random(rkey, sizeof(rkey)) ||
300 os_get_random(group->GMK, WPA_GMK_LEN)) {
301 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
307 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
308 group->Counter, WPA_NONCE_LEN);
311 wpa_group_sm_step(wpa_auth, group);
312 group->GInit = FALSE;
313 wpa_group_sm_step(wpa_auth, group);
320 * wpa_init - Initialize WPA authenticator
321 * @addr: Authenticator address
322 * @conf: Configuration for WPA authenticator
323 * Returns: Pointer to WPA authenticator data or %NULL on failure
325 struct wpa_authenticator * wpa_init(const u8 *addr,
326 struct wpa_auth_config *conf,
327 struct wpa_auth_callbacks *cb)
329 struct wpa_authenticator *wpa_auth;
331 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
332 if (wpa_auth == NULL)
334 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
335 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
336 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
338 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
339 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
344 wpa_auth->group = wpa_group_init(wpa_auth, 0);
345 if (wpa_auth->group == NULL) {
346 os_free(wpa_auth->wpa_ie);
351 wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
352 if (wpa_auth->pmksa == NULL) {
353 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
354 os_free(wpa_auth->wpa_ie);
359 #ifdef CONFIG_IEEE80211R
360 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
361 if (wpa_auth->ft_pmk_cache == NULL) {
362 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
363 os_free(wpa_auth->wpa_ie);
364 pmksa_cache_deinit(wpa_auth->pmksa);
368 #endif /* CONFIG_IEEE80211R */
370 if (wpa_auth->conf.wpa_gmk_rekey) {
371 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
372 wpa_rekey_gmk, wpa_auth, NULL);
375 if (wpa_auth->conf.wpa_group_rekey) {
376 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
377 wpa_rekey_gtk, wpa_auth, NULL);
385 * wpa_deinit - Deinitialize WPA authenticator
386 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
388 void wpa_deinit(struct wpa_authenticator *wpa_auth)
390 struct wpa_group *group, *prev;
392 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
393 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
395 #ifdef CONFIG_PEERKEY
396 while (wpa_auth->stsl_negotiations)
397 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
398 #endif /* CONFIG_PEERKEY */
400 pmksa_cache_deinit(wpa_auth->pmksa);
402 #ifdef CONFIG_IEEE80211R
403 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
404 wpa_auth->ft_pmk_cache = NULL;
405 #endif /* CONFIG_IEEE80211R */
407 os_free(wpa_auth->wpa_ie);
409 group = wpa_auth->group;
421 * wpa_reconfig - Update WPA authenticator configuration
422 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
423 * @conf: Configuration for WPA authenticator
425 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
426 struct wpa_auth_config *conf)
428 if (wpa_auth == NULL)
431 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
434 * Disassociate stations if configuration changed
441 struct wpa_state_machine *
442 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
444 struct wpa_state_machine *sm;
446 sm = os_zalloc(sizeof(struct wpa_state_machine));
449 os_memcpy(sm->addr, addr, ETH_ALEN);
451 sm->wpa_auth = wpa_auth;
452 sm->group = wpa_auth->group;
458 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
459 struct wpa_state_machine *sm)
461 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
464 #ifdef CONFIG_IEEE80211R
465 if (sm->ft_completed) {
466 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
467 "FT authentication already completed - do not "
468 "start 4-way handshake");
471 #endif /* CONFIG_IEEE80211R */
474 os_memset(sm->key_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
475 sm->ReAuthenticationRequest = TRUE;
480 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
481 "start authentication");
487 sm->AuthenticationRequest = TRUE;
492 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
494 os_free(sm->last_rx_eapol_key);
500 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
505 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
506 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
507 "strict rekeying - force GTK rekey since STA "
509 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
510 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
514 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
515 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
516 if (sm->in_step_loop) {
517 /* Must not free state machine while wpa_sm_step() is running.
518 * Freeing will be completed in the end of wpa_sm_step(). */
519 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
520 "machine deinit for " MACSTR, MAC2STR(sm->addr));
521 sm->pending_deinit = 1;
527 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
532 sm->PTKRequest = TRUE;
537 void wpa_receive(struct wpa_authenticator *wpa_auth,
538 struct wpa_state_machine *sm,
539 u8 *data, size_t data_len)
541 struct ieee802_1x_hdr *hdr;
542 struct wpa_eapol_key *key;
543 u16 key_info, key_data_length;
544 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
545 SMK_M1, SMK_M3, SMK_ERROR } msg;
547 struct wpa_eapol_ie_parse kde;
549 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
552 if (data_len < sizeof(*hdr) + sizeof(*key))
555 hdr = (struct ieee802_1x_hdr *) data;
556 key = (struct wpa_eapol_key *) (hdr + 1);
557 key_info = WPA_GET_BE16(key->key_info);
558 key_data_length = WPA_GET_BE16(key->key_data_length);
559 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
560 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
561 "key_data overflow (%d > %lu)",
563 (unsigned long) (data_len - sizeof(*hdr) -
568 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
571 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
572 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
573 if (key_info & WPA_KEY_INFO_ERROR) {
575 msgtxt = "SMK Error";
580 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
583 } else if (key_info & WPA_KEY_INFO_REQUEST) {
586 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
588 msgtxt = "2/2 Group";
589 } else if (key_data_length == 0) {
591 msgtxt = "4/4 Pairwise";
594 msgtxt = "2/4 Pairwise";
597 /* TODO: key_info type validation for PeerKey */
598 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
600 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
601 if (sm->pairwise == WPA_CIPHER_CCMP) {
602 if (wpa_use_aes_cmac(sm) &&
603 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
604 wpa_auth_logger(wpa_auth, sm->addr,
606 "advertised support for "
607 "AES-128-CMAC, but did not "
612 if (!wpa_use_aes_cmac(sm) &&
613 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
614 wpa_auth_logger(wpa_auth, sm->addr,
616 "did not use HMAC-SHA1-AES "
623 if (key_info & WPA_KEY_INFO_REQUEST) {
624 if (sm->req_replay_counter_used &&
625 os_memcmp(key->replay_counter, sm->req_replay_counter,
626 WPA_REPLAY_COUNTER_LEN) <= 0) {
627 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
628 "received EAPOL-Key request with "
634 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
635 (!sm->key_replay_counter_valid ||
636 os_memcmp(key->replay_counter, sm->key_replay_counter,
637 WPA_REPLAY_COUNTER_LEN) != 0)) {
638 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
639 "received EAPOL-Key %s with unexpected "
640 "replay counter", msgtxt);
641 wpa_hexdump(MSG_DEBUG, "expected replay counter",
642 sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
643 wpa_hexdump(MSG_DEBUG, "received replay counter",
644 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
650 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
651 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
652 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
653 "received EAPOL-Key msg 2/4 in "
654 "invalid state (%d) - dropped",
658 if (sm->wpa_ie == NULL ||
659 sm->wpa_ie_len != key_data_length ||
660 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
661 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
662 "WPA IE from (Re)AssocReq did not "
663 "match with msg 2/4");
665 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
666 sm->wpa_ie, sm->wpa_ie_len);
668 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
669 (u8 *) (key + 1), key_data_length);
670 /* MLME-DEAUTHENTICATE.request */
671 wpa_sta_disconnect(wpa_auth, sm->addr);
676 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
678 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
679 "received EAPOL-Key msg 4/4 in "
680 "invalid state (%d) - dropped",
686 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
688 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
689 "received EAPOL-Key msg 2/2 in "
690 "invalid state (%d) - dropped",
691 sm->wpa_ptk_group_state);
695 #ifdef CONFIG_PEERKEY
699 if (!wpa_auth->conf.peerkey) {
700 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
701 "PeerKey use disabled - ignoring message");
704 if (!sm->PTK_valid) {
705 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
706 "received EAPOL-Key msg SMK in "
707 "invalid state - dropped");
711 #else /* CONFIG_PEERKEY */
715 return; /* STSL disabled - ignore SMK messages */
716 #endif /* CONFIG_PEERKEY */
721 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
722 "received EAPOL-Key frame (%s)", msgtxt);
724 if (key_info & WPA_KEY_INFO_ACK) {
725 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
726 "received invalid EAPOL-Key: Key Ack set");
730 if (!(key_info & WPA_KEY_INFO_MIC)) {
731 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
732 "received invalid EAPOL-Key: Key MIC not set");
736 sm->MICVerified = FALSE;
738 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
739 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
740 "received EAPOL-Key with invalid MIC");
743 sm->MICVerified = TRUE;
744 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
747 if (key_info & WPA_KEY_INFO_REQUEST) {
748 if (sm->MICVerified) {
749 sm->req_replay_counter_used = 1;
750 os_memcpy(sm->req_replay_counter, key->replay_counter,
751 WPA_REPLAY_COUNTER_LEN);
753 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
754 "received EAPOL-Key request with "
760 * TODO: should decrypt key data field if encryption was used;
761 * even though MAC address KDE is not normally encrypted,
762 * supplicant is allowed to encrypt it.
764 if (msg == SMK_ERROR) {
765 #ifdef CONFIG_PEERKEY
766 wpa_smk_error(wpa_auth, sm, key);
767 #endif /* CONFIG_PEERKEY */
769 } else if (key_info & WPA_KEY_INFO_ERROR) {
770 /* Supplicant reported a Michael MIC error */
771 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
772 "received EAPOL-Key Error Request "
773 "(STA detected Michael MIC failure)");
774 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
775 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
776 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
777 /* Error report is not a request for a new key
778 * handshake, but since Authenticator may do it, let's
779 * change the keys now anyway. */
780 wpa_request_new_ptk(sm);
781 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
782 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
783 "received EAPOL-Key Request for new "
785 wpa_request_new_ptk(sm);
786 #ifdef CONFIG_PEERKEY
787 } else if (msg == SMK_M1) {
788 wpa_smk_m1(wpa_auth, sm, key);
789 #endif /* CONFIG_PEERKEY */
790 } else if (key_data_length > 0 &&
791 wpa_parse_kde_ies((const u8 *) (key + 1),
792 key_data_length, &kde) == 0 &&
795 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
796 "received EAPOL-Key Request for GTK "
798 /* FIX: why was this triggering PTK rekeying for the
799 * STA that requested Group Key rekeying?? */
800 /* wpa_request_new_ptk(sta->wpa_sm); */
801 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
802 wpa_rekey_gtk(wpa_auth, NULL);
805 /* Do not allow the same key replay counter to be reused. */
806 sm->key_replay_counter_valid = FALSE;
809 #ifdef CONFIG_PEERKEY
811 wpa_smk_m3(wpa_auth, sm, key);
814 #endif /* CONFIG_PEERKEY */
816 os_free(sm->last_rx_eapol_key);
817 sm->last_rx_eapol_key = os_malloc(data_len);
818 if (sm->last_rx_eapol_key == NULL)
820 os_memcpy(sm->last_rx_eapol_key, data, data_len);
821 sm->last_rx_eapol_key_len = data_len;
823 sm->EAPOLKeyReceived = TRUE;
824 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
825 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
826 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
831 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
832 u8 *gtk, size_t gtk_len)
834 u8 data[ETH_ALEN + WPA_NONCE_LEN];
836 /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */
837 os_memcpy(data, addr, ETH_ALEN);
838 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
840 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
841 data, sizeof(data), gtk, gtk_len);
843 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
844 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
848 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
850 struct wpa_authenticator *wpa_auth = eloop_ctx;
851 struct wpa_state_machine *sm = timeout_ctx;
853 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
854 sm->TimeoutEvt = TRUE;
859 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
860 struct wpa_state_machine *sm, int key_info,
861 const u8 *key_rsc, const u8 *nonce,
862 const u8 *kde, size_t kde_len,
863 int keyidx, int encr, int force_version)
865 struct ieee802_1x_hdr *hdr;
866 struct wpa_eapol_key *key;
869 int key_data_len, pad_len = 0;
871 int version, pairwise;
873 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
876 version = force_version;
877 else if (wpa_use_aes_cmac(sm))
878 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
879 else if (sm->pairwise == WPA_CIPHER_CCMP)
880 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
882 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
884 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
886 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
887 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
890 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
891 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
892 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
893 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
894 pairwise, (unsigned long) kde_len, keyidx, encr);
896 key_data_len = kde_len;
898 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
899 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
900 pad_len = key_data_len % 8;
902 pad_len = 8 - pad_len;
903 key_data_len += pad_len + 8;
908 hdr = os_zalloc(len);
911 hdr->version = wpa_auth->conf.eapol_version;
912 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
913 hdr->length = host_to_be16(len - sizeof(*hdr));
914 key = (struct wpa_eapol_key *) (hdr + 1);
916 key->type = sm->wpa == WPA_VERSION_WPA2 ?
917 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
919 if (encr && sm->wpa == WPA_VERSION_WPA2)
920 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
921 if (sm->wpa != WPA_VERSION_WPA2)
922 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
923 WPA_PUT_BE16(key->key_info, key_info);
925 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
927 case WPA_CIPHER_CCMP:
928 WPA_PUT_BE16(key->key_length, 16);
930 case WPA_CIPHER_TKIP:
931 WPA_PUT_BE16(key->key_length, 32);
933 case WPA_CIPHER_WEP40:
934 WPA_PUT_BE16(key->key_length, 5);
936 case WPA_CIPHER_WEP104:
937 WPA_PUT_BE16(key->key_length, 13);
940 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
941 WPA_PUT_BE16(key->key_length, 0);
943 /* FIX: STSL: what to use as key_replay_counter? */
944 inc_byte_array(sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN);
945 os_memcpy(key->replay_counter, sm->key_replay_counter,
946 WPA_REPLAY_COUNTER_LEN);
947 sm->key_replay_counter_valid = TRUE;
950 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
953 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
956 os_memcpy(key + 1, kde, kde_len);
957 WPA_PUT_BE16(key->key_data_length, kde_len);
958 } else if (encr && kde) {
959 buf = os_zalloc(key_data_len);
965 os_memcpy(pos, kde, kde_len);
971 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
973 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
974 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
975 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
981 WPA_PUT_BE16(key->key_data_length, key_data_len);
984 os_memcpy(key->key_iv,
985 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
986 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
987 os_memcpy(ek, key->key_iv, 16);
988 os_memcpy(ek + 16, sm->PTK.kek, 16);
989 os_memcpy(key + 1, buf, key_data_len);
990 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
991 WPA_PUT_BE16(key->key_data_length, key_data_len);
996 if (key_info & WPA_KEY_INFO_MIC) {
997 if (!sm->PTK_valid) {
998 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
999 "PTK not valid when sending EAPOL-Key "
1004 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
1008 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1010 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1016 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1017 struct wpa_state_machine *sm, int key_info,
1018 const u8 *key_rsc, const u8 *nonce,
1019 const u8 *kde, size_t kde_len,
1020 int keyidx, int encr)
1023 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
1028 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1031 timeout_ms = pairwise ? dot11RSNAConfigPairwiseUpdateTimeOut :
1032 dot11RSNAConfigGroupUpdateTimeOut;
1033 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
1034 wpa_send_eapol_timeout, wpa_auth, sm);
1038 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
1040 struct ieee802_1x_hdr *hdr;
1041 struct wpa_eapol_key *key;
1046 if (data_len < sizeof(*hdr) + sizeof(*key))
1049 hdr = (struct ieee802_1x_hdr *) data;
1050 key = (struct wpa_eapol_key *) (hdr + 1);
1051 key_info = WPA_GET_BE16(key->key_info);
1052 os_memcpy(mic, key->key_mic, 16);
1053 os_memset(key->key_mic, 0, 16);
1054 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
1055 data, data_len, key->key_mic) ||
1056 os_memcmp(mic, key->key_mic, 16) != 0)
1058 os_memcpy(key->key_mic, mic, 16);
1063 void wpa_remove_ptk(struct wpa_state_machine *sm)
1065 sm->PTK_valid = FALSE;
1066 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1067 wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0);
1068 sm->pairwise_set = FALSE;
1072 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
1077 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1078 "event %d notification", event);
1086 sm->DeauthenticationRequest = TRUE;
1089 case WPA_REAUTH_EAPOL:
1090 sm->ReAuthenticationRequest = TRUE;
1093 #ifdef CONFIG_IEEE80211R
1094 /* Using FT protocol, not WPA auth state machine */
1095 sm->ft_completed = 1;
1097 #else /* CONFIG_IEEE80211R */
1099 #endif /* CONFIG_IEEE80211R */
1102 #ifdef CONFIG_IEEE80211R
1103 sm->ft_completed = 0;
1104 #endif /* CONFIG_IEEE80211R */
1106 sm->PTK_valid = FALSE;
1107 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1109 if (event != WPA_REAUTH_EAPOL)
1116 static const char * wpa_alg_txt(int alg)
1119 case WPA_CIPHER_CCMP:
1121 case WPA_CIPHER_TKIP:
1123 case WPA_CIPHER_WEP104:
1124 case WPA_CIPHER_WEP40:
1132 SM_STATE(WPA_PTK, INITIALIZE)
1134 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
1136 /* Init flag is not cleared here, so avoid busy
1137 * loop by claiming nothing changed. */
1138 sm->changed = FALSE;
1142 if (sm->GUpdateStationKeys)
1143 sm->group->GKeyDoneStations--;
1144 sm->GUpdateStationKeys = FALSE;
1145 if (sm->wpa == WPA_VERSION_WPA)
1146 sm->PInitAKeys = FALSE;
1147 if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
1148 * Local AA > Remote AA)) */) {
1151 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1153 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1155 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1156 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1157 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1158 WPA_EAPOL_authorized, 0);
1163 SM_STATE(WPA_PTK, DISCONNECT)
1165 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
1166 sm->Disconnect = FALSE;
1167 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1171 SM_STATE(WPA_PTK, DISCONNECTED)
1173 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
1174 sm->DeauthenticationRequest = FALSE;
1178 SM_STATE(WPA_PTK, AUTHENTICATION)
1180 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
1181 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
1182 sm->PTK_valid = FALSE;
1183 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1185 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1186 sm->AuthenticationRequest = FALSE;
1190 SM_STATE(WPA_PTK, AUTHENTICATION2)
1192 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
1193 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
1194 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
1195 sm->ReAuthenticationRequest = FALSE;
1196 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1197 * logical place than INITIALIZE since AUTHENTICATION2 can be
1198 * re-entered on ReAuthenticationRequest without going through
1204 SM_STATE(WPA_PTK, INITPMK)
1206 u8 msk[2 * PMK_LEN];
1207 size_t len = 2 * PMK_LEN;
1209 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1210 #ifdef CONFIG_IEEE80211R
1212 #endif /* CONFIG_IEEE80211R */
1214 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1215 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
1216 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
1217 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
1218 "(len=%lu)", (unsigned long) len);
1219 os_memcpy(sm->PMK, msk, PMK_LEN);
1220 #ifdef CONFIG_IEEE80211R
1221 if (len >= 2 * PMK_LEN) {
1222 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
1223 sm->xxkey_len = PMK_LEN;
1225 #endif /* CONFIG_IEEE80211R */
1227 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
1230 sm->req_replay_counter_used = 0;
1231 /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
1232 * will break reauthentication since EAPOL state machines may not be
1233 * get into AUTHENTICATING state that clears keyRun before WPA state
1234 * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
1235 * state and takes PMK from the previously used AAA Key. This will
1236 * eventually fail in 4-Way Handshake because Supplicant uses PMK
1237 * derived from the new AAA Key. Setting keyRun = FALSE here seems to
1238 * be good workaround for this issue. */
1239 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
1243 SM_STATE(WPA_PTK, INITPSK)
1246 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
1247 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
1249 os_memcpy(sm->PMK, psk, PMK_LEN);
1250 #ifdef CONFIG_IEEE80211R
1251 os_memcpy(sm->xxkey, psk, PMK_LEN);
1252 sm->xxkey_len = PMK_LEN;
1253 #endif /* CONFIG_IEEE80211R */
1255 sm->req_replay_counter_used = 0;
1259 SM_STATE(WPA_PTK, PTKSTART)
1261 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
1262 size_t pmkid_len = 0;
1264 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
1265 sm->PTKRequest = FALSE;
1266 sm->TimeoutEvt = FALSE;
1267 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1268 "sending 1/4 msg of 4-Way Handshake");
1270 * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
1271 * one possible PSK for this STA.
1273 if (sm->wpa == WPA_VERSION_WPA2 &&
1274 sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) {
1276 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
1277 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
1278 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
1279 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
1281 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
1282 sm->pmksa->pmkid, PMKID_LEN);
1285 * Calculate PMKID since no PMKSA cache entry was
1286 * available with pre-calculated PMKID.
1288 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
1289 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN]);
1292 wpa_send_eapol(sm->wpa_auth, sm,
1293 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
1294 sm->ANonce, pmkid, pmkid_len, 0, 0);
1299 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
1300 struct wpa_ptk *ptk)
1302 #ifdef CONFIG_IEEE80211R
1303 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
1304 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK)
1305 return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
1306 #endif /* CONFIG_IEEE80211R */
1308 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
1309 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
1310 (u8 *) ptk, sizeof(*ptk));
1316 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
1320 const u8 *pmk = NULL;
1322 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
1323 sm->EAPOLKeyReceived = FALSE;
1325 /* WPA with IEEE 802.1X: use the derived PMK from EAP
1326 * WPA-PSK: iterate through possible PSKs and select the one matching
1329 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1330 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1331 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
1337 wpa_derive_ptk(sm, pmk, &PTK);
1339 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
1340 sm->last_rx_eapol_key_len) == 0) {
1345 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK &&
1346 sm->wpa_key_mgmt != WPA_KEY_MGMT_FT_PSK)
1351 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1352 "invalid MIC in msg 2/4 of 4-Way Handshake");
1356 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
1358 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1359 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1360 /* PSK may have changed from the previous choice, so update
1361 * state machine data based on whatever PSK was selected here.
1363 os_memcpy(sm->PMK, pmk, PMK_LEN);
1366 sm->MICVerified = TRUE;
1368 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1369 sm->PTK_valid = TRUE;
1373 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
1375 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
1380 #ifdef CONFIG_IEEE80211W
1382 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1384 if (sm->mgmt_frame_prot) {
1385 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
1392 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1394 struct wpa_igtk_kde igtk;
1395 struct wpa_group *gsm = sm->group;
1397 if (!sm->mgmt_frame_prot)
1400 igtk.keyid[0] = gsm->GN_igtk;
1402 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn)
1404 os_memset(igtk.pn, 0, sizeof(igtk.pn));
1405 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
1406 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
1407 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
1412 #else /* CONFIG_IEEE80211W */
1414 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
1420 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
1425 #endif /* CONFIG_IEEE80211W */
1428 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
1430 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
1431 size_t gtk_len, kde_len;
1432 struct wpa_group *gsm = sm->group;
1434 int wpa_ie_len, secure, keyidx, encr = 0;
1436 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
1437 sm->TimeoutEvt = FALSE;
1438 /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN])
1440 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1441 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1442 wpa_ie = sm->wpa_auth->wpa_ie;
1443 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
1444 if (sm->wpa == WPA_VERSION_WPA &&
1445 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
1446 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
1447 /* WPA-only STA, remove RSN IE */
1448 wpa_ie = wpa_ie + wpa_ie[1] + 2;
1449 wpa_ie_len = wpa_ie[1] + 2;
1451 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1452 "sending 3/4 msg of 4-Way Handshake");
1453 if (sm->wpa == WPA_VERSION_WPA2) {
1454 /* WPA2 send GTK in the 4-way handshake */
1456 gtk = gsm->GTK[gsm->GN - 1];
1457 gtk_len = gsm->GTK_len;
1462 /* WPA does not include GTK in msg 3/4 */
1470 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
1472 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
1473 kde = os_malloc(kde_len);
1478 os_memcpy(pos, wpa_ie, wpa_ie_len);
1482 hdr[0] = keyidx & 0x03;
1484 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1487 pos = ieee80211w_kde_add(sm, pos);
1489 wpa_send_eapol(sm->wpa_auth, sm,
1490 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
1491 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
1492 WPA_KEY_INFO_KEY_TYPE,
1493 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
1499 SM_STATE(WPA_PTK, PTKINITDONE)
1501 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
1502 sm->EAPOLKeyReceived = FALSE;
1506 if (sm->pairwise == WPA_CIPHER_TKIP) {
1513 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
1514 sm->PTK.tk1, klen)) {
1515 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
1518 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
1519 sm->pairwise_set = TRUE;
1521 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1522 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
1523 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1524 WPA_EAPOL_authorized, 1);
1528 if (0 /* IBSS == TRUE */) {
1530 if (sm->keycount == 2) {
1531 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1532 WPA_EAPOL_portValid, 1);
1535 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
1538 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
1539 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
1540 if (sm->wpa == WPA_VERSION_WPA)
1541 sm->PInitAKeys = TRUE;
1544 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1545 "pairwise key handshake completed (%s)",
1546 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1548 #ifdef CONFIG_IEEE80211R
1549 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
1550 #endif /* CONFIG_IEEE80211R */
1556 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
1559 SM_ENTER(WPA_PTK, INITIALIZE);
1560 else if (sm->Disconnect
1561 /* || FIX: dot11RSNAConfigSALifetime timeout */)
1562 SM_ENTER(WPA_PTK, DISCONNECT);
1563 else if (sm->DeauthenticationRequest)
1564 SM_ENTER(WPA_PTK, DISCONNECTED);
1565 else if (sm->AuthenticationRequest)
1566 SM_ENTER(WPA_PTK, AUTHENTICATION);
1567 else if (sm->ReAuthenticationRequest)
1568 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1569 else if (sm->PTKRequest)
1570 SM_ENTER(WPA_PTK, PTKSTART);
1571 else switch (sm->wpa_ptk_state) {
1572 case WPA_PTK_INITIALIZE:
1574 case WPA_PTK_DISCONNECT:
1575 SM_ENTER(WPA_PTK, DISCONNECTED);
1577 case WPA_PTK_DISCONNECTED:
1578 SM_ENTER(WPA_PTK, INITIALIZE);
1580 case WPA_PTK_AUTHENTICATION:
1581 SM_ENTER(WPA_PTK, AUTHENTICATION2);
1583 case WPA_PTK_AUTHENTICATION2:
1584 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1585 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) &&
1586 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1587 WPA_EAPOL_keyRun) > 0)
1588 SM_ENTER(WPA_PTK, INITPMK);
1589 else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK ||
1590 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK)
1591 /* FIX: && 802.1X::keyRun */)
1592 SM_ENTER(WPA_PTK, INITPSK);
1594 case WPA_PTK_INITPMK:
1595 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
1596 WPA_EAPOL_keyAvailable) > 0)
1597 SM_ENTER(WPA_PTK, PTKSTART);
1599 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1600 SM_ENTER(WPA_PTK, DISCONNECT);
1603 case WPA_PTK_INITPSK:
1604 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
1605 SM_ENTER(WPA_PTK, PTKSTART);
1607 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1608 "no PSK configured for the STA");
1609 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1610 SM_ENTER(WPA_PTK, DISCONNECT);
1613 case WPA_PTK_PTKSTART:
1614 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1615 sm->EAPOLKeyPairwise)
1616 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1617 else if (sm->TimeoutCtr >
1618 (int) dot11RSNAConfigPairwiseUpdateCount) {
1619 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1620 SM_ENTER(WPA_PTK, DISCONNECT);
1621 } else if (sm->TimeoutEvt)
1622 SM_ENTER(WPA_PTK, PTKSTART);
1624 case WPA_PTK_PTKCALCNEGOTIATING:
1625 if (sm->MICVerified)
1626 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
1627 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1628 sm->EAPOLKeyPairwise)
1629 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
1630 else if (sm->TimeoutEvt)
1631 SM_ENTER(WPA_PTK, PTKSTART);
1633 case WPA_PTK_PTKCALCNEGOTIATING2:
1634 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1636 case WPA_PTK_PTKINITNEGOTIATING:
1637 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1638 sm->EAPOLKeyPairwise && sm->MICVerified)
1639 SM_ENTER(WPA_PTK, PTKINITDONE);
1640 else if (sm->TimeoutCtr >
1641 (int) dot11RSNAConfigPairwiseUpdateCount) {
1642 wpa_auth->dot11RSNA4WayHandshakeFailures++;
1643 SM_ENTER(WPA_PTK, DISCONNECT);
1644 } else if (sm->TimeoutEvt)
1645 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
1647 case WPA_PTK_PTKINITDONE:
1653 SM_STATE(WPA_PTK_GROUP, IDLE)
1655 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
1657 /* Init flag is not cleared here, so avoid busy
1658 * loop by claiming nothing changed. */
1659 sm->changed = FALSE;
1661 sm->GTimeoutCtr = 0;
1665 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
1667 u8 rsc[WPA_KEY_RSC_LEN];
1668 struct wpa_group *gsm = sm->group;
1669 u8 *kde, *pos, hdr[2];
1672 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
1673 if (sm->wpa == WPA_VERSION_WPA)
1674 sm->PInitAKeys = FALSE;
1675 sm->TimeoutEvt = FALSE;
1676 /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
1677 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
1678 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
1679 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
1680 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1681 "sending 1/2 msg of Group Key Handshake");
1683 if (sm->wpa == WPA_VERSION_WPA2) {
1684 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
1685 ieee80211w_kde_len(sm);
1686 kde = os_malloc(kde_len);
1691 hdr[0] = gsm->GN & 0x03;
1693 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
1694 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
1695 pos = ieee80211w_kde_add(sm, pos);
1697 kde = gsm->GTK[gsm->GN - 1];
1698 pos = kde + gsm->GTK_len;
1701 wpa_send_eapol(sm->wpa_auth, sm,
1702 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1704 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
1705 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
1706 if (sm->wpa == WPA_VERSION_WPA2)
1712 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
1714 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
1715 sm->EAPOLKeyReceived = FALSE;
1716 if (sm->GUpdateStationKeys)
1717 sm->group->GKeyDoneStations--;
1718 sm->GUpdateStationKeys = FALSE;
1719 sm->GTimeoutCtr = 0;
1720 /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
1721 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
1722 "group key handshake completed (%s)",
1723 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
1728 SM_STATE(WPA_PTK_GROUP, KEYERROR)
1730 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
1731 if (sm->GUpdateStationKeys)
1732 sm->group->GKeyDoneStations--;
1733 sm->GUpdateStationKeys = FALSE;
1734 sm->Disconnect = TRUE;
1738 SM_STEP(WPA_PTK_GROUP)
1741 SM_ENTER(WPA_PTK_GROUP, IDLE);
1742 else switch (sm->wpa_ptk_group_state) {
1743 case WPA_PTK_GROUP_IDLE:
1744 if (sm->GUpdateStationKeys ||
1745 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
1746 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1748 case WPA_PTK_GROUP_REKEYNEGOTIATING:
1749 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
1750 !sm->EAPOLKeyPairwise && sm->MICVerified)
1751 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
1752 else if (sm->GTimeoutCtr >
1753 (int) dot11RSNAConfigGroupUpdateCount)
1754 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
1755 else if (sm->TimeoutEvt)
1756 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
1758 case WPA_PTK_GROUP_KEYERROR:
1759 SM_ENTER(WPA_PTK_GROUP, IDLE);
1761 case WPA_PTK_GROUP_REKEYESTABLISHED:
1762 SM_ENTER(WPA_PTK_GROUP, IDLE);
1768 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
1769 struct wpa_group *group)
1773 /* FIX: is this the correct way of getting GNonce? */
1774 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
1775 inc_byte_array(group->Counter, WPA_NONCE_LEN);
1776 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
1777 group->GTK[group->GN - 1], group->GTK_len);
1779 #ifdef CONFIG_IEEE80211W
1780 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1781 if (os_get_random(group->IGTK[group->GN_igtk - 4],
1782 WPA_IGTK_LEN) < 0) {
1783 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
1787 wpa_hexdump_key(MSG_DEBUG, "IGTK",
1788 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
1790 #endif /* CONFIG_IEEE80211W */
1796 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
1797 struct wpa_group *group)
1799 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1800 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
1801 group->changed = FALSE; /* GInit is not cleared here; avoid loop */
1802 group->wpa_group_state = WPA_GROUP_GTK_INIT;
1805 os_memset(group->GTK, 0, sizeof(group->GTK));
1808 #ifdef CONFIG_IEEE80211W
1811 #endif /* CONFIG_IEEE80211W */
1812 /* GTK[GN] = CalcGTK() */
1813 wpa_gtk_update(wpa_auth, group);
1817 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
1819 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
1820 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1821 "Not in PTKINITDONE; skip Group Key update");
1824 sm->group->GKeyDoneStations++;
1825 sm->GUpdateStationKeys = TRUE;
1831 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
1832 struct wpa_group *group)
1836 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1837 "SETKEYS (VLAN-ID %d)", group->vlan_id);
1838 group->changed = TRUE;
1839 group->wpa_group_state = WPA_GROUP_SETKEYS;
1840 group->GTKReKey = FALSE;
1842 group->GM = group->GN;
1844 #ifdef CONFIG_IEEE80211W
1845 tmp = group->GM_igtk;
1846 group->GM_igtk = group->GN_igtk;
1847 group->GN_igtk = tmp;
1848 #endif /* CONFIG_IEEE80211W */
1849 /* "GKeyDoneStations = GNoStations" is done in more robust way by
1850 * counting the STAs that are marked with GUpdateStationKeys instead of
1851 * including all STAs that could be in not-yet-completed state. */
1852 wpa_gtk_update(wpa_auth, group);
1854 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
1855 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
1856 group->GKeyDoneStations);
1860 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
1861 struct wpa_group *group)
1863 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
1864 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
1865 group->changed = TRUE;
1866 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
1867 wpa_auth_set_key(wpa_auth, group->vlan_id,
1868 wpa_alg_txt(wpa_auth->conf.wpa_group),
1869 NULL, group->GN, group->GTK[group->GN - 1],
1872 #ifdef CONFIG_IEEE80211W
1873 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
1874 wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK",
1875 NULL, group->GN_igtk,
1876 group->IGTK[group->GN_igtk - 4],
1879 #endif /* CONFIG_IEEE80211W */
1883 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
1884 struct wpa_group *group)
1887 wpa_group_gtk_init(wpa_auth, group);
1888 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
1889 group->GTKAuthenticator) {
1890 wpa_group_setkeysdone(wpa_auth, group);
1891 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
1893 wpa_group_setkeys(wpa_auth, group);
1894 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
1895 if (group->GKeyDoneStations == 0)
1896 wpa_group_setkeysdone(wpa_auth, group);
1897 else if (group->GTKReKey)
1898 wpa_group_setkeys(wpa_auth, group);
1903 static void wpa_sm_step(struct wpa_state_machine *sm)
1908 if (sm->in_step_loop) {
1909 /* This should not happen, but if it does, make sure we do not
1910 * end up freeing the state machine too early by exiting the
1911 * recursive call. */
1912 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
1916 sm->in_step_loop = 1;
1918 if (sm->pending_deinit)
1921 sm->changed = FALSE;
1922 sm->wpa_auth->group->changed = FALSE;
1924 SM_STEP_RUN(WPA_PTK);
1925 if (sm->pending_deinit)
1927 SM_STEP_RUN(WPA_PTK_GROUP);
1928 if (sm->pending_deinit)
1930 wpa_group_sm_step(sm->wpa_auth, sm->group);
1931 } while (sm->changed || sm->wpa_auth->group->changed);
1932 sm->in_step_loop = 0;
1934 if (sm->pending_deinit) {
1935 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
1936 "machine deinit for " MACSTR, MAC2STR(sm->addr));
1937 wpa_free_sta_sm(sm);
1942 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
1944 struct wpa_state_machine *sm = eloop_ctx;
1949 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
1953 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
1957 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
1960 struct wpa_group *group;
1962 if (wpa_auth == NULL)
1965 group = wpa_auth->group;
1967 for (i = 0; i < 2; i++) {
1969 group->GM = group->GN;
1971 #ifdef CONFIG_IEEE80211W
1972 tmp = group->GM_igtk;
1973 group->GM_igtk = group->GN_igtk;
1974 group->GN_igtk = tmp;
1975 #endif /* CONFIG_IEEE80211W */
1976 wpa_gtk_update(wpa_auth, group);
1981 static const char * wpa_bool_txt(int bool)
1983 return bool ? "TRUE" : "FALSE";
1987 static int wpa_cipher_bits(int cipher)
1990 case WPA_CIPHER_CCMP:
1992 case WPA_CIPHER_TKIP:
1994 case WPA_CIPHER_WEP104:
1996 case WPA_CIPHER_WEP40:
2004 #define RSN_SUITE "%02x-%02x-%02x-%d"
2005 #define RSN_SUITE_ARG(s) \
2006 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
2008 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
2011 char pmkid_txt[PMKID_LEN * 2 + 1];
2013 if (wpa_auth == NULL)
2016 ret = os_snprintf(buf + len, buflen - len,
2017 "dot11RSNAOptionImplemented=TRUE\n"
2018 #ifdef CONFIG_RSN_PREAUTH
2019 "dot11RSNAPreauthenticationImplemented=TRUE\n"
2020 #else /* CONFIG_RSN_PREAUTH */
2021 "dot11RSNAPreauthenticationImplemented=FALSE\n"
2022 #endif /* CONFIG_RSN_PREAUTH */
2023 "dot11RSNAEnabled=%s\n"
2024 "dot11RSNAPreauthenticationEnabled=%s\n",
2025 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
2026 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
2027 if (ret < 0 || (size_t) ret >= buflen - len)
2031 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
2032 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
2035 buf + len, buflen - len,
2036 "dot11RSNAConfigVersion=%u\n"
2037 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
2038 /* FIX: dot11RSNAConfigGroupCipher */
2039 /* FIX: dot11RSNAConfigGroupRekeyMethod */
2040 /* FIX: dot11RSNAConfigGroupRekeyTime */
2041 /* FIX: dot11RSNAConfigGroupRekeyPackets */
2042 "dot11RSNAConfigGroupRekeyStrict=%u\n"
2043 "dot11RSNAConfigGroupUpdateCount=%u\n"
2044 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
2045 "dot11RSNAConfigGroupCipherSize=%u\n"
2046 "dot11RSNAConfigPMKLifetime=%u\n"
2047 "dot11RSNAConfigPMKReauthThreshold=%u\n"
2048 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
2049 "dot11RSNAConfigSATimeout=%u\n"
2050 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
2051 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
2052 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
2053 "dot11RSNAPMKIDUsed=%s\n"
2054 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
2055 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
2056 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
2057 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
2058 "dot11RSNA4WayHandshakeFailures=%u\n"
2059 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
2061 !!wpa_auth->conf.wpa_strict_rekey,
2062 dot11RSNAConfigGroupUpdateCount,
2063 dot11RSNAConfigPairwiseUpdateCount,
2064 wpa_cipher_bits(wpa_auth->conf.wpa_group),
2065 dot11RSNAConfigPMKLifetime,
2066 dot11RSNAConfigPMKReauthThreshold,
2067 dot11RSNAConfigSATimeout,
2068 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
2069 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
2070 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
2072 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
2073 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
2074 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
2075 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
2076 wpa_auth->dot11RSNA4WayHandshakeFailures);
2077 if (ret < 0 || (size_t) ret >= buflen - len)
2081 /* TODO: dot11RSNAConfigPairwiseCiphersTable */
2082 /* TODO: dot11RSNAConfigAuthenticationSuitesTable */
2085 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
2086 wpa_auth->group->wpa_group_state);
2087 if (ret < 0 || (size_t) ret >= buflen - len)
2095 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
2103 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
2105 /* dot11RSNAStatsEntry */
2107 if (sm->wpa == WPA_VERSION_WPA) {
2108 if (sm->pairwise == WPA_CIPHER_CCMP)
2109 pairwise = WPA_CIPHER_SUITE_CCMP;
2110 else if (sm->pairwise == WPA_CIPHER_TKIP)
2111 pairwise = WPA_CIPHER_SUITE_TKIP;
2112 else if (sm->pairwise == WPA_CIPHER_WEP104)
2113 pairwise = WPA_CIPHER_SUITE_WEP104;
2114 else if (sm->pairwise == WPA_CIPHER_WEP40)
2115 pairwise = WPA_CIPHER_SUITE_WEP40;
2116 else if (sm->pairwise == WPA_CIPHER_NONE)
2117 pairwise = WPA_CIPHER_SUITE_NONE;
2118 } else if (sm->wpa == WPA_VERSION_WPA2) {
2119 if (sm->pairwise == WPA_CIPHER_CCMP)
2120 pairwise = RSN_CIPHER_SUITE_CCMP;
2121 else if (sm->pairwise == WPA_CIPHER_TKIP)
2122 pairwise = RSN_CIPHER_SUITE_TKIP;
2123 else if (sm->pairwise == WPA_CIPHER_WEP104)
2124 pairwise = RSN_CIPHER_SUITE_WEP104;
2125 else if (sm->pairwise == WPA_CIPHER_WEP40)
2126 pairwise = RSN_CIPHER_SUITE_WEP40;
2127 else if (sm->pairwise == WPA_CIPHER_NONE)
2128 pairwise = RSN_CIPHER_SUITE_NONE;
2133 buf + len, buflen - len,
2134 /* TODO: dot11RSNAStatsIndex */
2135 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
2136 "dot11RSNAStatsVersion=1\n"
2137 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
2138 /* TODO: dot11RSNAStatsTKIPICVErrors */
2139 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
2140 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
2141 /* TODO: dot11RSNAStatsCCMPReplays */
2142 /* TODO: dot11RSNAStatsCCMPDecryptErrors */
2143 /* TODO: dot11RSNAStatsTKIPReplays */,
2145 RSN_SUITE_ARG(pairwise),
2146 sm->dot11RSNAStatsTKIPLocalMICFailures,
2147 sm->dot11RSNAStatsTKIPRemoteMICFailures);
2148 if (ret < 0 || (size_t) ret >= buflen - len)
2153 ret = os_snprintf(buf + len, buflen - len,
2154 "hostapdWPAPTKState=%d\n"
2155 "hostapdWPAPTKGroupState=%d\n",
2157 sm->wpa_ptk_group_state);
2158 if (ret < 0 || (size_t) ret >= buflen - len)
2166 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
2169 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
2173 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
2175 return sm && sm->pairwise_set;
2179 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
2183 return sm->wpa_key_mgmt;
2187 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
2195 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
2196 struct rsn_pmksa_cache_entry *entry)
2198 if (sm == NULL || sm->pmksa != entry)
2205 struct rsn_pmksa_cache_entry *
2206 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
2208 return sm ? sm->pmksa : NULL;
2212 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
2215 sm->dot11RSNAStatsTKIPLocalMICFailures++;
2219 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
2221 if (wpa_auth == NULL)
2223 *len = wpa_auth->wpa_ie_len;
2224 return wpa_auth->wpa_ie;
2228 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
2229 int session_timeout, struct eapol_state_machine *eapol)
2231 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
2234 if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
2235 sm->wpa_auth->addr, sm->addr, session_timeout,
2243 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
2244 const u8 *pmk, size_t len, const u8 *sta_addr,
2245 int session_timeout,
2246 struct eapol_state_machine *eapol)
2248 if (wpa_auth == NULL)
2251 if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
2252 sta_addr, session_timeout, eapol))
2259 static struct wpa_group *
2260 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
2262 struct wpa_group *group;
2264 if (wpa_auth == NULL || wpa_auth->group == NULL)
2267 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
2269 group = wpa_group_init(wpa_auth, vlan_id);
2273 group->next = wpa_auth->group->next;
2274 wpa_auth->group->next = group;
2280 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
2282 struct wpa_group *group;
2284 if (sm == NULL || sm->wpa_auth == NULL)
2287 group = sm->wpa_auth->group;
2289 if (group->vlan_id == vlan_id)
2291 group = group->next;
2294 if (group == NULL) {
2295 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
2300 if (sm->group == group)
2303 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
2304 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
2310 #endif /* CONFIG_NATIVE_WINDOWS */