00001
00016 #include "includes.h"
00017
00018 #ifndef CONFIG_NATIVE_WINDOWS
00019
00020 #include "common.h"
00021 #include "config.h"
00022 #include "eapol_sm.h"
00023 #include "wpa.h"
00024 #include "sha1.h"
00025 #include "sha256.h"
00026 #include "aes_wrap.h"
00027 #include "crypto.h"
00028 #include "eloop.h"
00029 #include "ieee802_11.h"
00030 #include "pmksa_cache.h"
00031 #include "state_machine.h"
00032 #include "wpa_auth_i.h"
00033 #include "wpa_auth_ie.h"
00034
00035 #define STATE_MACHINE_DATA struct wpa_state_machine
00036 #define STATE_MACHINE_DEBUG_PREFIX "WPA"
00037 #define STATE_MACHINE_ADDR sm->addr
00038
00039
00040 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
00041 static void wpa_sm_step(struct wpa_state_machine *sm);
00042 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
00043 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
00044 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
00045 struct wpa_group *group);
00046 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
00047 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
00048 struct wpa_group *group);
00049
00050 static const u32 dot11RSNAConfigGroupUpdateCount = 4;
00051 static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
00052 static const u32 eapol_key_timeout_first = 100;
00053 static const u32 eapol_key_timeout_subseq = 1000;
00054
00055
00056 static const int dot11RSNAConfigPMKLifetime = 43200;
00057 static const int dot11RSNAConfigPMKReauthThreshold = 70;
00058 static const int dot11RSNAConfigSATimeout = 60;
00059
00060
00061 static inline void wpa_auth_mic_failure_report(
00062 struct wpa_authenticator *wpa_auth, const u8 *addr)
00063 {
00064 if (wpa_auth->cb.mic_failure_report)
00065 wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr);
00066 }
00067
00068
00069 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
00070 const u8 *addr, wpa_eapol_variable var,
00071 int value)
00072 {
00073 if (wpa_auth->cb.set_eapol)
00074 wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value);
00075 }
00076
00077
00078 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
00079 const u8 *addr, wpa_eapol_variable var)
00080 {
00081 if (wpa_auth->cb.get_eapol == NULL)
00082 return -1;
00083 return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var);
00084 }
00085
00086
00087 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
00088 const u8 *addr, const u8 *prev_psk)
00089 {
00090 if (wpa_auth->cb.get_psk == NULL)
00091 return NULL;
00092 return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk);
00093 }
00094
00095
00096 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
00097 const u8 *addr, u8 *msk, size_t *len)
00098 {
00099 if (wpa_auth->cb.get_msk == NULL)
00100 return -1;
00101 return wpa_auth->cb.get_msk(wpa_auth->cb.ctx, addr, msk, len);
00102 }
00103
00104
00105 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
00106 int vlan_id,
00107 wpa_alg alg, const u8 *addr, int idx,
00108 u8 *key, size_t key_len)
00109 {
00110 if (wpa_auth->cb.set_key == NULL)
00111 return -1;
00112 return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx,
00113 key, key_len);
00114 }
00115
00116
00117 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
00118 const u8 *addr, int idx, u8 *seq)
00119 {
00120 if (wpa_auth->cb.get_seqnum == NULL)
00121 return -1;
00122 return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq);
00123 }
00124
00125
00126 static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth,
00127 const u8 *addr, int idx, u8 *seq)
00128 {
00129 if (wpa_auth->cb.get_seqnum_igtk == NULL)
00130 return -1;
00131 return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq);
00132 }
00133
00134
00135 static inline int
00136 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
00137 const u8 *data, size_t data_len, int encrypt)
00138 {
00139 if (wpa_auth->cb.send_eapol == NULL)
00140 return -1;
00141 return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len,
00142 encrypt);
00143 }
00144
00145
00146 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
00147 int (*cb)(struct wpa_state_machine *sm, void *ctx),
00148 void *cb_ctx)
00149 {
00150 if (wpa_auth->cb.for_each_sta == NULL)
00151 return 0;
00152 return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx);
00153 }
00154
00155
00156 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
00157 int (*cb)(struct wpa_authenticator *a, void *ctx),
00158 void *cb_ctx)
00159 {
00160 if (wpa_auth->cb.for_each_auth == NULL)
00161 return 0;
00162 return wpa_auth->cb.for_each_auth(wpa_auth->cb.ctx, cb, cb_ctx);
00163 }
00164
00165
00166 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
00167 logger_level level, const char *txt)
00168 {
00169 if (wpa_auth->cb.logger == NULL)
00170 return;
00171 wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt);
00172 }
00173
00174
00175 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
00176 logger_level level, const char *fmt, ...)
00177 {
00178 char *format;
00179 int maxlen;
00180 va_list ap;
00181
00182 if (wpa_auth->cb.logger == NULL)
00183 return;
00184
00185 maxlen = os_strlen(fmt) + 100;
00186 format = os_malloc(maxlen);
00187 if (!format)
00188 return;
00189
00190 va_start(ap, fmt);
00191 vsnprintf(format, maxlen, fmt, ap);
00192 va_end(ap);
00193
00194 wpa_auth_logger(wpa_auth, addr, level, format);
00195
00196 os_free(format);
00197 }
00198
00199
00200 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
00201 const u8 *addr)
00202 {
00203 if (wpa_auth->cb.disconnect == NULL)
00204 return;
00205 wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr,
00206 WLAN_REASON_PREV_AUTH_NOT_VALID);
00207 }
00208
00209
00210 static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
00211 {
00212 int ret = 0;
00213 #ifdef CONFIG_IEEE80211R
00214 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
00215 ret = 1;
00216 #endif
00217 #ifdef CONFIG_IEEE80211W
00218 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
00219 ret = 1;
00220 #endif
00221 return ret;
00222 }
00223
00224
00225 static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
00226 {
00227 struct wpa_authenticator *wpa_auth = eloop_ctx;
00228
00229 if (os_get_random(wpa_auth->group->GMK, WPA_GMK_LEN)) {
00230 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
00231 "initialization.");
00232 } else {
00233 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
00234 }
00235
00236 if (wpa_auth->conf.wpa_gmk_rekey) {
00237 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
00238 wpa_rekey_gmk, wpa_auth, NULL);
00239 }
00240 }
00241
00242
00243 static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
00244 {
00245 struct wpa_authenticator *wpa_auth = eloop_ctx;
00246 struct wpa_group *group;
00247
00248 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
00249 for (group = wpa_auth->group; group; group = group->next) {
00250 group->GTKReKey = TRUE;
00251 do {
00252 group->changed = FALSE;
00253 wpa_group_sm_step(wpa_auth, group);
00254 } while (group->changed);
00255 }
00256
00257 if (wpa_auth->conf.wpa_group_rekey) {
00258 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
00259 0, wpa_rekey_gtk, wpa_auth, NULL);
00260 }
00261 }
00262
00263
00264 static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
00265 {
00266 struct wpa_authenticator *wpa_auth = eloop_ctx;
00267 struct wpa_state_machine *sm = timeout_ctx;
00268
00269 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
00270 wpa_request_new_ptk(sm);
00271 wpa_sm_step(sm);
00272 }
00273
00274
00275 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx)
00276 {
00277 if (sm->pmksa == ctx)
00278 sm->pmksa = NULL;
00279 return 0;
00280 }
00281
00282
00283 static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
00284 void *ctx)
00285 {
00286 struct wpa_authenticator *wpa_auth = ctx;
00287 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
00288 }
00289
00290
00291 static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
00292 {
00293 switch (cipher) {
00294 case WPA_CIPHER_CCMP:
00295 group->GTK_len = 16;
00296 break;
00297 case WPA_CIPHER_TKIP:
00298 group->GTK_len = 32;
00299 break;
00300 case WPA_CIPHER_WEP104:
00301 group->GTK_len = 13;
00302 break;
00303 case WPA_CIPHER_WEP40:
00304 group->GTK_len = 5;
00305 break;
00306 }
00307 }
00308
00309
00310 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
00311 int vlan_id)
00312 {
00313 struct wpa_group *group;
00314 u8 buf[ETH_ALEN + 8 + sizeof(group)];
00315 u8 rkey[32];
00316
00317 group = os_zalloc(sizeof(struct wpa_group));
00318 if (group == NULL)
00319 return NULL;
00320
00321 group->GTKAuthenticator = TRUE;
00322 group->vlan_id = vlan_id;
00323
00324 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
00325
00326
00327
00328
00329 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
00330 wpa_get_ntp_timestamp(buf + ETH_ALEN);
00331 os_memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
00332 if (os_get_random(rkey, sizeof(rkey)) ||
00333 os_get_random(group->GMK, WPA_GMK_LEN)) {
00334 wpa_printf(MSG_ERROR, "Failed to get random data for WPA "
00335 "initialization.");
00336 os_free(group);
00337 return NULL;
00338 }
00339
00340 sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
00341 group->Counter, WPA_NONCE_LEN);
00342
00343 group->GInit = TRUE;
00344 wpa_group_sm_step(wpa_auth, group);
00345 group->GInit = FALSE;
00346 wpa_group_sm_step(wpa_auth, group);
00347
00348 return group;
00349 }
00350
00351
00360 struct wpa_authenticator * wpa_init(const u8 *addr,
00361 struct wpa_auth_config *conf,
00362 struct wpa_auth_callbacks *cb)
00363 {
00364 struct wpa_authenticator *wpa_auth;
00365
00366 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
00367 if (wpa_auth == NULL)
00368 return NULL;
00369 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
00370 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
00371 os_memcpy(&wpa_auth->cb, cb, sizeof(*cb));
00372
00373 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
00374 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
00375 os_free(wpa_auth);
00376 return NULL;
00377 }
00378
00379 wpa_auth->group = wpa_group_init(wpa_auth, 0);
00380 if (wpa_auth->group == NULL) {
00381 os_free(wpa_auth->wpa_ie);
00382 os_free(wpa_auth);
00383 return NULL;
00384 }
00385
00386 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
00387 wpa_auth);
00388 if (wpa_auth->pmksa == NULL) {
00389 wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
00390 os_free(wpa_auth->wpa_ie);
00391 os_free(wpa_auth);
00392 return NULL;
00393 }
00394
00395 #ifdef CONFIG_IEEE80211R
00396 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
00397 if (wpa_auth->ft_pmk_cache == NULL) {
00398 wpa_printf(MSG_ERROR, "FT PMK cache initialization failed.");
00399 os_free(wpa_auth->wpa_ie);
00400 pmksa_cache_auth_deinit(wpa_auth->pmksa);
00401 os_free(wpa_auth);
00402 return NULL;
00403 }
00404 #endif
00405
00406 if (wpa_auth->conf.wpa_gmk_rekey) {
00407 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
00408 wpa_rekey_gmk, wpa_auth, NULL);
00409 }
00410
00411 if (wpa_auth->conf.wpa_group_rekey) {
00412 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
00413 wpa_rekey_gtk, wpa_auth, NULL);
00414 }
00415
00416 return wpa_auth;
00417 }
00418
00419
00425 void wpa_deinit(struct wpa_authenticator *wpa_auth)
00426 {
00427 struct wpa_group *group, *prev;
00428
00429 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
00430 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
00431
00432 #ifdef CONFIG_PEERKEY
00433 while (wpa_auth->stsl_negotiations)
00434 wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations);
00435 #endif
00436
00437 pmksa_cache_auth_deinit(wpa_auth->pmksa);
00438
00439 #ifdef CONFIG_IEEE80211R
00440 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
00441 wpa_auth->ft_pmk_cache = NULL;
00442 #endif
00443
00444 os_free(wpa_auth->wpa_ie);
00445
00446 group = wpa_auth->group;
00447 while (group) {
00448 prev = group;
00449 group = group->next;
00450 os_free(prev);
00451 }
00452
00453 os_free(wpa_auth);
00454 }
00455
00456
00463 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
00464 struct wpa_auth_config *conf)
00465 {
00466 struct wpa_group *group;
00467 if (wpa_auth == NULL)
00468 return 0;
00469
00470 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
00471 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
00472 wpa_printf(MSG_ERROR, "Could not generate WPA IE.");
00473 return -1;
00474 }
00475
00476
00477
00478
00479
00480 group = wpa_auth->group;
00481 wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
00482 group->GInit = TRUE;
00483 wpa_group_sm_step(wpa_auth, group);
00484 group->GInit = FALSE;
00485 wpa_group_sm_step(wpa_auth, group);
00486
00487 return 0;
00488 }
00489
00490
00491 struct wpa_state_machine *
00492 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
00493 {
00494 struct wpa_state_machine *sm;
00495
00496 sm = os_zalloc(sizeof(struct wpa_state_machine));
00497 if (sm == NULL)
00498 return NULL;
00499 os_memcpy(sm->addr, addr, ETH_ALEN);
00500
00501 sm->wpa_auth = wpa_auth;
00502 sm->group = wpa_auth->group;
00503
00504 return sm;
00505 }
00506
00507
00508 void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
00509 struct wpa_state_machine *sm)
00510 {
00511 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
00512 return;
00513
00514 #ifdef CONFIG_IEEE80211R
00515 if (sm->ft_completed) {
00516 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
00517 "FT authentication already completed - do not "
00518 "start 4-way handshake");
00519 return;
00520 }
00521 #endif
00522
00523 if (sm->started) {
00524 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
00525 sm->ReAuthenticationRequest = TRUE;
00526 wpa_sm_step(sm);
00527 return;
00528 }
00529
00530 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
00531 "start authentication");
00532 sm->started = 1;
00533
00534 sm->Init = TRUE;
00535 wpa_sm_step(sm);
00536 sm->Init = FALSE;
00537 sm->AuthenticationRequest = TRUE;
00538 wpa_sm_step(sm);
00539 }
00540
00541
00542 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
00543 {
00544
00545
00546
00547 if (sm == NULL)
00548 return;
00549
00550 sm->wpa_key_mgmt = 0;
00551 }
00552
00553
00554 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
00555 {
00556 os_free(sm->last_rx_eapol_key);
00557 os_free(sm->wpa_ie);
00558 os_free(sm);
00559 }
00560
00561
00562 void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
00563 {
00564 if (sm == NULL)
00565 return;
00566
00567 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
00568 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
00569 "strict rekeying - force GTK rekey since STA "
00570 "is leaving");
00571 eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL);
00572 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
00573 NULL);
00574 }
00575
00576 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
00577 eloop_cancel_timeout(wpa_sm_call_step, sm, NULL);
00578 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
00579 if (sm->in_step_loop) {
00580
00581
00582 wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state "
00583 "machine deinit for " MACSTR, MAC2STR(sm->addr));
00584 sm->pending_deinit = 1;
00585 } else
00586 wpa_free_sta_sm(sm);
00587 }
00588
00589
00590 static void wpa_request_new_ptk(struct wpa_state_machine *sm)
00591 {
00592 if (sm == NULL)
00593 return;
00594
00595 sm->PTKRequest = TRUE;
00596 sm->PTK_valid = 0;
00597 }
00598
00599
00600 static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
00601 const u8 *replay_counter)
00602 {
00603 int i;
00604 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
00605 if (!sm->key_replay[i].valid)
00606 break;
00607 if (os_memcmp(replay_counter, sm->key_replay[i].counter,
00608 WPA_REPLAY_COUNTER_LEN) == 0)
00609 return 1;
00610 }
00611 return 0;
00612 }
00613
00614
00615 void wpa_receive(struct wpa_authenticator *wpa_auth,
00616 struct wpa_state_machine *sm,
00617 u8 *data, size_t data_len)
00618 {
00619 struct ieee802_1x_hdr *hdr;
00620 struct wpa_eapol_key *key;
00621 u16 key_info, key_data_length;
00622 enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
00623 SMK_M1, SMK_M3, SMK_ERROR } msg;
00624 char *msgtxt;
00625 struct wpa_eapol_ie_parse kde;
00626
00627 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
00628 return;
00629
00630 if (data_len < sizeof(*hdr) + sizeof(*key))
00631 return;
00632
00633 hdr = (struct ieee802_1x_hdr *) data;
00634 key = (struct wpa_eapol_key *) (hdr + 1);
00635 key_info = WPA_GET_BE16(key->key_info);
00636 key_data_length = WPA_GET_BE16(key->key_data_length);
00637 if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
00638 wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
00639 "key_data overflow (%d > %lu)",
00640 key_data_length,
00641 (unsigned long) (data_len - sizeof(*hdr) -
00642 sizeof(*key)));
00643 return;
00644 }
00645
00646 if (sm->wpa == WPA_VERSION_WPA2) {
00647 if (key->type != EAPOL_KEY_TYPE_RSN) {
00648 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
00649 "unexpected type %d in RSN mode",
00650 key->type);
00651 return;
00652 }
00653 } else {
00654 if (key->type != EAPOL_KEY_TYPE_WPA) {
00655 wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
00656 "unexpected type %d in WPA mode",
00657 key->type);
00658 return;
00659 }
00660 }
00661
00662
00663
00664
00665 if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
00666 (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
00667 if (key_info & WPA_KEY_INFO_ERROR) {
00668 msg = SMK_ERROR;
00669 msgtxt = "SMK Error";
00670 } else {
00671 msg = SMK_M1;
00672 msgtxt = "SMK M1";
00673 }
00674 } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
00675 msg = SMK_M3;
00676 msgtxt = "SMK M3";
00677 } else if (key_info & WPA_KEY_INFO_REQUEST) {
00678 msg = REQUEST;
00679 msgtxt = "Request";
00680 } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
00681 msg = GROUP_2;
00682 msgtxt = "2/2 Group";
00683 } else if (key_data_length == 0) {
00684 msg = PAIRWISE_4;
00685 msgtxt = "4/4 Pairwise";
00686 } else {
00687 msg = PAIRWISE_2;
00688 msgtxt = "2/4 Pairwise";
00689 }
00690
00691
00692 if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
00693 msg == GROUP_2) {
00694 u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
00695 if (sm->pairwise == WPA_CIPHER_CCMP) {
00696 if (wpa_use_aes_cmac(sm) &&
00697 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
00698 wpa_auth_logger(wpa_auth, sm->addr,
00699 LOGGER_WARNING,
00700 "advertised support for "
00701 "AES-128-CMAC, but did not "
00702 "use it");
00703 return;
00704 }
00705
00706 if (!wpa_use_aes_cmac(sm) &&
00707 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
00708 wpa_auth_logger(wpa_auth, sm->addr,
00709 LOGGER_WARNING,
00710 "did not use HMAC-SHA1-AES "
00711 "with CCMP");
00712 return;
00713 }
00714 }
00715 }
00716
00717 if (key_info & WPA_KEY_INFO_REQUEST) {
00718 if (sm->req_replay_counter_used &&
00719 os_memcmp(key->replay_counter, sm->req_replay_counter,
00720 WPA_REPLAY_COUNTER_LEN) <= 0) {
00721 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
00722 "received EAPOL-Key request with "
00723 "replayed counter");
00724 return;
00725 }
00726 }
00727
00728 if (!(key_info & WPA_KEY_INFO_REQUEST) &&
00729 !wpa_replay_counter_valid(sm, key->replay_counter)) {
00730 int i;
00731 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00732 "received EAPOL-Key %s with unexpected "
00733 "replay counter", msgtxt);
00734 for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
00735 if (!sm->key_replay[i].valid)
00736 break;
00737 wpa_hexdump(MSG_DEBUG, "pending replay counter",
00738 sm->key_replay[i].counter,
00739 WPA_REPLAY_COUNTER_LEN);
00740 }
00741 wpa_hexdump(MSG_DEBUG, "received replay counter",
00742 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
00743 return;
00744 }
00745
00746 switch (msg) {
00747 case PAIRWISE_2:
00748 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
00749 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
00750 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00751 "received EAPOL-Key msg 2/4 in "
00752 "invalid state (%d) - dropped",
00753 sm->wpa_ptk_state);
00754 return;
00755 }
00756 if (sm->wpa_ie == NULL ||
00757 sm->wpa_ie_len != key_data_length ||
00758 os_memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) {
00759 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00760 "WPA IE from (Re)AssocReq did not "
00761 "match with msg 2/4");
00762 if (sm->wpa_ie) {
00763 wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
00764 sm->wpa_ie, sm->wpa_ie_len);
00765 }
00766 wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
00767 (u8 *) (key + 1), key_data_length);
00768
00769 wpa_sta_disconnect(wpa_auth, sm->addr);
00770 return;
00771 }
00772 break;
00773 case PAIRWISE_4:
00774 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
00775 !sm->PTK_valid) {
00776 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00777 "received EAPOL-Key msg 4/4 in "
00778 "invalid state (%d) - dropped",
00779 sm->wpa_ptk_state);
00780 return;
00781 }
00782 break;
00783 case GROUP_2:
00784 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
00785 || !sm->PTK_valid) {
00786 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
00787 "received EAPOL-Key msg 2/2 in "
00788 "invalid state (%d) - dropped",
00789 sm->wpa_ptk_group_state);
00790 return;
00791 }
00792 break;
00793 #ifdef CONFIG_PEERKEY
00794 case SMK_M1:
00795 case SMK_M3:
00796 case SMK_ERROR:
00797 if (!wpa_auth->conf.peerkey) {
00798 wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
00799 "PeerKey use disabled - ignoring message");
00800 return;
00801 }
00802 if (!sm->PTK_valid) {
00803 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00804 "received EAPOL-Key msg SMK in "
00805 "invalid state - dropped");
00806 return;
00807 }
00808 break;
00809 #else
00810 case SMK_M1:
00811 case SMK_M3:
00812 case SMK_ERROR:
00813 return;
00814 #endif
00815 case REQUEST:
00816 break;
00817 }
00818
00819 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00820 "received EAPOL-Key frame (%s)", msgtxt);
00821
00822 if (key_info & WPA_KEY_INFO_ACK) {
00823 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00824 "received invalid EAPOL-Key: Key Ack set");
00825 return;
00826 }
00827
00828 if (!(key_info & WPA_KEY_INFO_MIC)) {
00829 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00830 "received invalid EAPOL-Key: Key MIC not set");
00831 return;
00832 }
00833
00834 sm->MICVerified = FALSE;
00835 if (sm->PTK_valid) {
00836 if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
00837 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00838 "received EAPOL-Key with invalid MIC");
00839 return;
00840 }
00841 sm->MICVerified = TRUE;
00842 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
00843 }
00844
00845 if (key_info & WPA_KEY_INFO_REQUEST) {
00846 if (sm->MICVerified) {
00847 sm->req_replay_counter_used = 1;
00848 os_memcpy(sm->req_replay_counter, key->replay_counter,
00849 WPA_REPLAY_COUNTER_LEN);
00850 } else {
00851 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00852 "received EAPOL-Key request with "
00853 "invalid MIC");
00854 return;
00855 }
00856
00857
00858
00859
00860
00861
00862 if (msg == SMK_ERROR) {
00863 #ifdef CONFIG_PEERKEY
00864 wpa_smk_error(wpa_auth, sm, key);
00865 #endif
00866 return;
00867 } else if (key_info & WPA_KEY_INFO_ERROR) {
00868
00869 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00870 "received EAPOL-Key Error Request "
00871 "(STA detected Michael MIC failure)");
00872 wpa_auth_mic_failure_report(wpa_auth, sm->addr);
00873 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
00874 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
00875
00876
00877
00878 wpa_request_new_ptk(sm);
00879 } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
00880 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00881 "received EAPOL-Key Request for new "
00882 "4-Way Handshake");
00883 wpa_request_new_ptk(sm);
00884 #ifdef CONFIG_PEERKEY
00885 } else if (msg == SMK_M1) {
00886 wpa_smk_m1(wpa_auth, sm, key);
00887 #endif
00888 } else if (key_data_length > 0 &&
00889 wpa_parse_kde_ies((const u8 *) (key + 1),
00890 key_data_length, &kde) == 0 &&
00891 kde.mac_addr) {
00892 } else {
00893 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
00894 "received EAPOL-Key Request for GTK "
00895 "rekeying");
00896
00897
00898
00899 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
00900 wpa_rekey_gtk(wpa_auth, NULL);
00901 }
00902 } else {
00903
00904
00905
00906
00907
00908 sm->key_replay[0].valid = FALSE;
00909 }
00910
00911 #ifdef CONFIG_PEERKEY
00912 if (msg == SMK_M3) {
00913 wpa_smk_m3(wpa_auth, sm, key);
00914 return;
00915 }
00916 #endif
00917
00918 os_free(sm->last_rx_eapol_key);
00919 sm->last_rx_eapol_key = os_malloc(data_len);
00920 if (sm->last_rx_eapol_key == NULL)
00921 return;
00922 os_memcpy(sm->last_rx_eapol_key, data, data_len);
00923 sm->last_rx_eapol_key_len = data_len;
00924
00925 sm->EAPOLKeyReceived = TRUE;
00926 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
00927 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
00928 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
00929 wpa_sm_step(sm);
00930 }
00931
00932
00933 static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce,
00934 u8 *gtk, size_t gtk_len)
00935 {
00936 u8 data[ETH_ALEN + WPA_NONCE_LEN];
00937
00938
00939 os_memcpy(data, addr, ETH_ALEN);
00940 os_memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
00941
00942 #ifdef CONFIG_IEEE80211W
00943 sha256_prf(gmk, WPA_GMK_LEN, "Group key expansion",
00944 data, sizeof(data), gtk, gtk_len);
00945 #else
00946 sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion",
00947 data, sizeof(data), gtk, gtk_len);
00948 #endif
00949
00950 wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN);
00951 wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len);
00952 }
00953
00954
00955 static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
00956 {
00957 struct wpa_authenticator *wpa_auth = eloop_ctx;
00958 struct wpa_state_machine *sm = timeout_ctx;
00959
00960 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
00961 sm->TimeoutEvt = TRUE;
00962 wpa_sm_step(sm);
00963 }
00964
00965
00966 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
00967 struct wpa_state_machine *sm, int key_info,
00968 const u8 *key_rsc, const u8 *nonce,
00969 const u8 *kde, size_t kde_len,
00970 int keyidx, int encr, int force_version)
00971 {
00972 struct ieee802_1x_hdr *hdr;
00973 struct wpa_eapol_key *key;
00974 size_t len;
00975 int alg;
00976 int key_data_len, pad_len = 0;
00977 u8 *buf, *pos;
00978 int version, pairwise;
00979 int i;
00980
00981 len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
00982
00983 if (force_version)
00984 version = force_version;
00985 else if (wpa_use_aes_cmac(sm))
00986 version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
00987 else if (sm->pairwise == WPA_CIPHER_CCMP)
00988 version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
00989 else
00990 version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
00991
00992 pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
00993
00994 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
00995 "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
00996 "encr=%d)",
00997 version,
00998 (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
00999 (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
01000 (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
01001 (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
01002 pairwise, (unsigned long) kde_len, keyidx, encr);
01003
01004 key_data_len = kde_len;
01005
01006 if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
01007 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
01008 pad_len = key_data_len % 8;
01009 if (pad_len)
01010 pad_len = 8 - pad_len;
01011 key_data_len += pad_len + 8;
01012 }
01013
01014 len += key_data_len;
01015
01016 hdr = os_zalloc(len);
01017 if (hdr == NULL)
01018 return;
01019 hdr->version = wpa_auth->conf.eapol_version;
01020 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
01021 hdr->length = host_to_be16(len - sizeof(*hdr));
01022 key = (struct wpa_eapol_key *) (hdr + 1);
01023
01024 key->type = sm->wpa == WPA_VERSION_WPA2 ?
01025 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
01026 key_info |= version;
01027 if (encr && sm->wpa == WPA_VERSION_WPA2)
01028 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
01029 if (sm->wpa != WPA_VERSION_WPA2)
01030 key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
01031 WPA_PUT_BE16(key->key_info, key_info);
01032
01033 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
01034 switch (alg) {
01035 case WPA_CIPHER_CCMP:
01036 WPA_PUT_BE16(key->key_length, 16);
01037 break;
01038 case WPA_CIPHER_TKIP:
01039 WPA_PUT_BE16(key->key_length, 32);
01040 break;
01041 case WPA_CIPHER_WEP40:
01042 WPA_PUT_BE16(key->key_length, 5);
01043 break;
01044 case WPA_CIPHER_WEP104:
01045 WPA_PUT_BE16(key->key_length, 13);
01046 break;
01047 }
01048 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
01049 WPA_PUT_BE16(key->key_length, 0);
01050
01051
01052 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
01053 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
01054 os_memcpy(sm->key_replay[i].counter,
01055 sm->key_replay[i - 1].counter,
01056 WPA_REPLAY_COUNTER_LEN);
01057 }
01058 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
01059 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
01060 WPA_REPLAY_COUNTER_LEN);
01061 sm->key_replay[0].valid = TRUE;
01062
01063 if (nonce)
01064 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
01065
01066 if (key_rsc)
01067 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
01068
01069 if (kde && !encr) {
01070 os_memcpy(key + 1, kde, kde_len);
01071 WPA_PUT_BE16(key->key_data_length, kde_len);
01072 } else if (encr && kde) {
01073 buf = os_zalloc(key_data_len);
01074 if (buf == NULL) {
01075 os_free(hdr);
01076 return;
01077 }
01078 pos = buf;
01079 os_memcpy(pos, kde, kde_len);
01080 pos += kde_len;
01081
01082 if (pad_len)
01083 *pos++ = 0xdd;
01084
01085 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
01086 buf, key_data_len);
01087 if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
01088 version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
01089 if (aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
01090 (u8 *) (key + 1))) {
01091 os_free(hdr);
01092 os_free(buf);
01093 return;
01094 }
01095 WPA_PUT_BE16(key->key_data_length, key_data_len);
01096 } else {
01097 u8 ek[32];
01098 os_memcpy(key->key_iv,
01099 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
01100 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
01101 os_memcpy(ek, key->key_iv, 16);
01102 os_memcpy(ek + 16, sm->PTK.kek, 16);
01103 os_memcpy(key + 1, buf, key_data_len);
01104 rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
01105 WPA_PUT_BE16(key->key_data_length, key_data_len);
01106 }
01107 os_free(buf);
01108 }
01109
01110 if (key_info & WPA_KEY_INFO_MIC) {
01111 if (!sm->PTK_valid) {
01112 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
01113 "PTK not valid when sending EAPOL-Key "
01114 "frame");
01115 os_free(hdr);
01116 return;
01117 }
01118 wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
01119 key->key_mic);
01120 }
01121
01122 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
01123 1);
01124 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
01125 sm->pairwise_set);
01126 os_free(hdr);
01127 }
01128
01129
01130 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
01131 struct wpa_state_machine *sm, int key_info,
01132 const u8 *key_rsc, const u8 *nonce,
01133 const u8 *kde, size_t kde_len,
01134 int keyidx, int encr)
01135 {
01136 int timeout_ms;
01137 int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
01138 int ctr;
01139
01140 if (sm == NULL)
01141 return;
01142
01143 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
01144 keyidx, encr, 0);
01145
01146 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
01147 if (ctr == 1)
01148 timeout_ms = eapol_key_timeout_first;
01149 else
01150 timeout_ms = eapol_key_timeout_subseq;
01151 eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
01152 wpa_send_eapol_timeout, wpa_auth, sm);
01153 }
01154
01155
01156 static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
01157 {
01158 struct ieee802_1x_hdr *hdr;
01159 struct wpa_eapol_key *key;
01160 u16 key_info;
01161 int ret = 0;
01162 u8 mic[16];
01163
01164 if (data_len < sizeof(*hdr) + sizeof(*key))
01165 return -1;
01166
01167 hdr = (struct ieee802_1x_hdr *) data;
01168 key = (struct wpa_eapol_key *) (hdr + 1);
01169 key_info = WPA_GET_BE16(key->key_info);
01170 os_memcpy(mic, key->key_mic, 16);
01171 os_memset(key->key_mic, 0, 16);
01172 if (wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK,
01173 data, data_len, key->key_mic) ||
01174 os_memcmp(mic, key->key_mic, 16) != 0)
01175 ret = -1;
01176 os_memcpy(key->key_mic, mic, 16);
01177 return ret;
01178 }
01179
01180
01181 void wpa_remove_ptk(struct wpa_state_machine *sm)
01182 {
01183 sm->PTK_valid = FALSE;
01184 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01185 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, (u8 *) "",
01186 0);
01187 sm->pairwise_set = FALSE;
01188 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
01189 }
01190
01191
01192 void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
01193 {
01194 int remove_ptk = 1;
01195
01196 if (sm == NULL)
01197 return;
01198
01199 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01200 "event %d notification", event);
01201
01202 switch (event) {
01203 case WPA_AUTH:
01204 case WPA_ASSOC:
01205 break;
01206 case WPA_DEAUTH:
01207 case WPA_DISASSOC:
01208 sm->DeauthenticationRequest = TRUE;
01209 break;
01210 case WPA_REAUTH:
01211 case WPA_REAUTH_EAPOL:
01212 if (sm->GUpdateStationKeys) {
01213
01214
01215
01216
01217 sm->group->GKeyDoneStations--;
01218 sm->GUpdateStationKeys = FALSE;
01219 sm->PtkGroupInit = TRUE;
01220 }
01221 sm->ReAuthenticationRequest = TRUE;
01222 break;
01223 case WPA_ASSOC_FT:
01224 #ifdef CONFIG_IEEE80211R
01225
01226 sm->ft_completed = 1;
01227 return;
01228 #else
01229 break;
01230 #endif
01231 }
01232
01233 #ifdef CONFIG_IEEE80211R
01234 sm->ft_completed = 0;
01235 #endif
01236
01237 #ifdef CONFIG_IEEE80211W
01238 if (sm->mgmt_frame_prot && event == WPA_AUTH)
01239 remove_ptk = 0;
01240 #endif
01241
01242 if (remove_ptk) {
01243 sm->PTK_valid = FALSE;
01244 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01245
01246 if (event != WPA_REAUTH_EAPOL)
01247 wpa_remove_ptk(sm);
01248 }
01249
01250 wpa_sm_step(sm);
01251 }
01252
01253
01254 static wpa_alg wpa_alg_enum(int alg)
01255 {
01256 switch (alg) {
01257 case WPA_CIPHER_CCMP:
01258 return WPA_ALG_CCMP;
01259 case WPA_CIPHER_TKIP:
01260 return WPA_ALG_TKIP;
01261 case WPA_CIPHER_WEP104:
01262 case WPA_CIPHER_WEP40:
01263 return WPA_ALG_WEP;
01264 default:
01265 return WPA_ALG_NONE;
01266 }
01267 }
01268
01269
01270 SM_STATE(WPA_PTK, INITIALIZE)
01271 {
01272 SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
01273 if (sm->Init) {
01274
01275
01276 sm->changed = FALSE;
01277 }
01278
01279 sm->keycount = 0;
01280 if (sm->GUpdateStationKeys)
01281 sm->group->GKeyDoneStations--;
01282 sm->GUpdateStationKeys = FALSE;
01283 if (sm->wpa == WPA_VERSION_WPA)
01284 sm->PInitAKeys = FALSE;
01285 if (1
01286 ) {
01287 sm->Pair = TRUE;
01288 }
01289 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
01290 wpa_remove_ptk(sm);
01291 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
01292 sm->TimeoutCtr = 0;
01293 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01294 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01295 WPA_EAPOL_authorized, 0);
01296 }
01297 }
01298
01299
01300 SM_STATE(WPA_PTK, DISCONNECT)
01301 {
01302 SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
01303 sm->Disconnect = FALSE;
01304 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
01305 }
01306
01307
01308 SM_STATE(WPA_PTK, DISCONNECTED)
01309 {
01310 SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
01311 sm->DeauthenticationRequest = FALSE;
01312 }
01313
01314
01315 SM_STATE(WPA_PTK, AUTHENTICATION)
01316 {
01317 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
01318 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
01319 sm->PTK_valid = FALSE;
01320 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
01321 1);
01322 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
01323 sm->AuthenticationRequest = FALSE;
01324 }
01325
01326
01327 SM_STATE(WPA_PTK, AUTHENTICATION2)
01328 {
01329 SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
01330 os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
01331 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
01332 sm->ReAuthenticationRequest = FALSE;
01333
01334
01335
01336
01337 sm->TimeoutCtr = 0;
01338 }
01339
01340
01341 SM_STATE(WPA_PTK, INITPMK)
01342 {
01343 u8 msk[2 * PMK_LEN];
01344 size_t len = 2 * PMK_LEN;
01345
01346 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
01347 #ifdef CONFIG_IEEE80211R
01348 sm->xxkey_len = 0;
01349 #endif
01350 if (sm->pmksa) {
01351 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
01352 os_memcpy(sm->PMK, sm->pmksa->pmk, PMK_LEN);
01353 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
01354 wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine "
01355 "(len=%lu)", (unsigned long) len);
01356 os_memcpy(sm->PMK, msk, PMK_LEN);
01357 #ifdef CONFIG_IEEE80211R
01358 if (len >= 2 * PMK_LEN) {
01359 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
01360 sm->xxkey_len = PMK_LEN;
01361 }
01362 #endif
01363 } else {
01364 wpa_printf(MSG_DEBUG, "WPA: Could not get PMK");
01365 }
01366
01367 sm->req_replay_counter_used = 0;
01368
01369
01370
01371
01372
01373
01374
01375
01376 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
01377 }
01378
01379
01380 SM_STATE(WPA_PTK, INITPSK)
01381 {
01382 const u8 *psk;
01383 SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
01384 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
01385 if (psk) {
01386 os_memcpy(sm->PMK, psk, PMK_LEN);
01387 #ifdef CONFIG_IEEE80211R
01388 os_memcpy(sm->xxkey, psk, PMK_LEN);
01389 sm->xxkey_len = PMK_LEN;
01390 #endif
01391 }
01392 sm->req_replay_counter_used = 0;
01393 }
01394
01395
01396 SM_STATE(WPA_PTK, PTKSTART)
01397 {
01398 u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
01399 size_t pmkid_len = 0;
01400
01401 SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
01402 sm->PTKRequest = FALSE;
01403 sm->TimeoutEvt = FALSE;
01404
01405 sm->TimeoutCtr++;
01406 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
01407
01408
01409 return;
01410 }
01411
01412 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01413 "sending 1/4 msg of 4-Way Handshake");
01414
01415
01416
01417
01418 if (sm->wpa == WPA_VERSION_WPA2 &&
01419 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
01420 pmkid = buf;
01421 pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
01422 pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
01423 pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
01424 RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
01425 if (sm->pmksa)
01426 os_memcpy(&pmkid[2 + RSN_SELECTOR_LEN],
01427 sm->pmksa->pmkid, PMKID_LEN);
01428 else {
01429
01430
01431
01432
01433 rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
01434 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
01435 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
01436 }
01437 }
01438 wpa_send_eapol(sm->wpa_auth, sm,
01439 WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
01440 sm->ANonce, pmkid, pmkid_len, 0, 0);
01441 }
01442
01443
01444 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
01445 struct wpa_ptk *ptk)
01446 {
01447 size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
01448 #ifdef CONFIG_IEEE80211R
01449 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
01450 return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
01451 #endif
01452
01453 wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
01454 sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
01455 (u8 *) ptk, ptk_len,
01456 wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
01457
01458 return 0;
01459 }
01460
01461
01462 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
01463 {
01464 struct wpa_ptk PTK;
01465 int ok = 0;
01466 const u8 *pmk = NULL;
01467
01468 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
01469 sm->EAPOLKeyReceived = FALSE;
01470
01471
01472
01473
01474 for (;;) {
01475 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01476 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
01477 if (pmk == NULL)
01478 break;
01479 } else
01480 pmk = sm->PMK;
01481
01482 wpa_derive_ptk(sm, pmk, &PTK);
01483
01484 if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
01485 sm->last_rx_eapol_key_len) == 0) {
01486 ok = 1;
01487 break;
01488 }
01489
01490 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
01491 break;
01492 }
01493
01494 if (!ok) {
01495 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01496 "invalid MIC in msg 2/4 of 4-Way Handshake");
01497 return;
01498 }
01499
01500 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
01501
01502 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01503
01504
01505
01506 os_memcpy(sm->PMK, pmk, PMK_LEN);
01507 }
01508
01509 sm->MICVerified = TRUE;
01510
01511 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
01512 sm->PTK_valid = TRUE;
01513 }
01514
01515
01516 SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
01517 {
01518 SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
01519 sm->TimeoutCtr = 0;
01520 }
01521
01522
01523 #ifdef CONFIG_IEEE80211W
01524
01525 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
01526 {
01527 if (sm->mgmt_frame_prot) {
01528 return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
01529 }
01530
01531 return 0;
01532 }
01533
01534
01535 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
01536 {
01537 struct wpa_igtk_kde igtk;
01538 struct wpa_group *gsm = sm->group;
01539
01540 if (!sm->mgmt_frame_prot)
01541 return pos;
01542
01543 igtk.keyid[0] = gsm->GN_igtk;
01544 igtk.keyid[1] = 0;
01545 if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn)
01546 < 0)
01547 os_memset(igtk.pn, 0, sizeof(igtk.pn));
01548 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
01549 pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
01550 (const u8 *) &igtk, sizeof(igtk), NULL, 0);
01551
01552 return pos;
01553 }
01554
01555 #else
01556
01557 static int ieee80211w_kde_len(struct wpa_state_machine *sm)
01558 {
01559 return 0;
01560 }
01561
01562
01563 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
01564 {
01565 return pos;
01566 }
01567
01568 #endif
01569
01570
01571 SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
01572 {
01573 u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos;
01574 size_t gtk_len, kde_len;
01575 struct wpa_group *gsm = sm->group;
01576 u8 *wpa_ie;
01577 int wpa_ie_len, secure, keyidx, encr = 0;
01578
01579 SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
01580 sm->TimeoutEvt = FALSE;
01581
01582 sm->TimeoutCtr++;
01583 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
01584
01585
01586 return;
01587 }
01588
01589
01590
01591 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
01592 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
01593 wpa_ie = sm->wpa_auth->wpa_ie;
01594 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
01595 if (sm->wpa == WPA_VERSION_WPA &&
01596 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
01597 wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
01598
01599 wpa_ie = wpa_ie + wpa_ie[1] + 2;
01600 wpa_ie_len = wpa_ie[1] + 2;
01601 }
01602 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01603 "sending 3/4 msg of 4-Way Handshake");
01604 if (sm->wpa == WPA_VERSION_WPA2) {
01605
01606 secure = 1;
01607 gtk = gsm->GTK[gsm->GN - 1];
01608 gtk_len = gsm->GTK_len;
01609 keyidx = gsm->GN;
01610 _rsc = rsc;
01611 encr = 1;
01612 } else {
01613
01614 secure = 0;
01615 gtk = NULL;
01616 gtk_len = 0;
01617 keyidx = 0;
01618 _rsc = NULL;
01619 }
01620
01621 kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
01622 if (gtk)
01623 kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
01624 kde = os_malloc(kde_len);
01625 if (kde == NULL)
01626 return;
01627
01628 pos = kde;
01629 os_memcpy(pos, wpa_ie, wpa_ie_len);
01630 pos += wpa_ie_len;
01631 if (gtk) {
01632 u8 hdr[2];
01633 hdr[0] = keyidx & 0x03;
01634 hdr[1] = 0;
01635 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
01636 gtk, gtk_len);
01637 }
01638 pos = ieee80211w_kde_add(sm, pos);
01639
01640 wpa_send_eapol(sm->wpa_auth, sm,
01641 (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
01642 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
01643 WPA_KEY_INFO_KEY_TYPE,
01644 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
01645 os_free(kde);
01646 }
01647
01648
01649 SM_STATE(WPA_PTK, PTKINITDONE)
01650 {
01651 SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
01652 sm->EAPOLKeyReceived = FALSE;
01653 if (sm->Pair) {
01654 wpa_alg alg;
01655 int klen;
01656 if (sm->pairwise == WPA_CIPHER_TKIP) {
01657 alg = WPA_ALG_TKIP;
01658 klen = 32;
01659 } else {
01660 alg = WPA_ALG_CCMP;
01661 klen = 16;
01662 }
01663 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
01664 sm->PTK.tk1, klen)) {
01665 wpa_sta_disconnect(sm->wpa_auth, sm->addr);
01666 return;
01667 }
01668
01669 sm->pairwise_set = TRUE;
01670
01671 if (sm->wpa_auth->conf.wpa_ptk_rekey) {
01672 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
01673 eloop_register_timeout(sm->wpa_auth->conf.
01674 wpa_ptk_rekey, 0, wpa_rekey_ptk,
01675 sm->wpa_auth, sm);
01676 }
01677
01678 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
01679 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01680 WPA_EAPOL_authorized, 1);
01681 }
01682 }
01683
01684 if (0 ) {
01685 sm->keycount++;
01686 if (sm->keycount == 2) {
01687 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
01688 WPA_EAPOL_portValid, 1);
01689 }
01690 } else {
01691 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
01692 1);
01693 }
01694 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
01695 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
01696 if (sm->wpa == WPA_VERSION_WPA)
01697 sm->PInitAKeys = TRUE;
01698 else
01699 sm->has_GTK = TRUE;
01700 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
01701 "pairwise key handshake completed (%s)",
01702 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
01703
01704 #ifdef CONFIG_IEEE80211R
01705 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
01706 #endif
01707 }
01708
01709
01710 SM_STEP(WPA_PTK)
01711 {
01712 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
01713
01714 if (sm->Init)
01715 SM_ENTER(WPA_PTK, INITIALIZE);
01716 else if (sm->Disconnect
01717 )
01718 SM_ENTER(WPA_PTK, DISCONNECT);
01719 else if (sm->DeauthenticationRequest)
01720 SM_ENTER(WPA_PTK, DISCONNECTED);
01721 else if (sm->AuthenticationRequest)
01722 SM_ENTER(WPA_PTK, AUTHENTICATION);
01723 else if (sm->ReAuthenticationRequest)
01724 SM_ENTER(WPA_PTK, AUTHENTICATION2);
01725 else if (sm->PTKRequest)
01726 SM_ENTER(WPA_PTK, PTKSTART);
01727 else switch (sm->wpa_ptk_state) {
01728 case WPA_PTK_INITIALIZE:
01729 break;
01730 case WPA_PTK_DISCONNECT:
01731 SM_ENTER(WPA_PTK, DISCONNECTED);
01732 break;
01733 case WPA_PTK_DISCONNECTED:
01734 SM_ENTER(WPA_PTK, INITIALIZE);
01735 break;
01736 case WPA_PTK_AUTHENTICATION:
01737 SM_ENTER(WPA_PTK, AUTHENTICATION2);
01738 break;
01739 case WPA_PTK_AUTHENTICATION2:
01740 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
01741 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
01742 WPA_EAPOL_keyRun) > 0)
01743 SM_ENTER(WPA_PTK, INITPMK);
01744 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
01745 )
01746 SM_ENTER(WPA_PTK, INITPSK);
01747 break;
01748 case WPA_PTK_INITPMK:
01749 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
01750 WPA_EAPOL_keyAvailable) > 0)
01751 SM_ENTER(WPA_PTK, PTKSTART);
01752 else {
01753 wpa_auth->dot11RSNA4WayHandshakeFailures++;
01754 SM_ENTER(WPA_PTK, DISCONNECT);
01755 }
01756 break;
01757 case WPA_PTK_INITPSK:
01758 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
01759 SM_ENTER(WPA_PTK, PTKSTART);
01760 else {
01761 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
01762 "no PSK configured for the STA");
01763 wpa_auth->dot11RSNA4WayHandshakeFailures++;
01764 SM_ENTER(WPA_PTK, DISCONNECT);
01765 }
01766 break;
01767 case WPA_PTK_PTKSTART:
01768 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01769 sm->EAPOLKeyPairwise)
01770 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
01771 else if (sm->TimeoutCtr >
01772 (int) dot11RSNAConfigPairwiseUpdateCount) {
01773 wpa_auth->dot11RSNA4WayHandshakeFailures++;
01774 SM_ENTER(WPA_PTK, DISCONNECT);
01775 } else if (sm->TimeoutEvt)
01776 SM_ENTER(WPA_PTK, PTKSTART);
01777 break;
01778 case WPA_PTK_PTKCALCNEGOTIATING:
01779 if (sm->MICVerified)
01780 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
01781 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01782 sm->EAPOLKeyPairwise)
01783 SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
01784 else if (sm->TimeoutEvt)
01785 SM_ENTER(WPA_PTK, PTKSTART);
01786 break;
01787 case WPA_PTK_PTKCALCNEGOTIATING2:
01788 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
01789 break;
01790 case WPA_PTK_PTKINITNEGOTIATING:
01791 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01792 sm->EAPOLKeyPairwise && sm->MICVerified)
01793 SM_ENTER(WPA_PTK, PTKINITDONE);
01794 else if (sm->TimeoutCtr >
01795 (int) dot11RSNAConfigPairwiseUpdateCount) {
01796 wpa_auth->dot11RSNA4WayHandshakeFailures++;
01797 SM_ENTER(WPA_PTK, DISCONNECT);
01798 } else if (sm->TimeoutEvt)
01799 SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
01800 break;
01801 case WPA_PTK_PTKINITDONE:
01802 break;
01803 }
01804 }
01805
01806
01807 SM_STATE(WPA_PTK_GROUP, IDLE)
01808 {
01809 SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
01810 if (sm->Init) {
01811
01812
01813 sm->changed = FALSE;
01814 }
01815 sm->GTimeoutCtr = 0;
01816 }
01817
01818
01819 SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
01820 {
01821 u8 rsc[WPA_KEY_RSC_LEN];
01822 struct wpa_group *gsm = sm->group;
01823 u8 *kde, *pos, hdr[2];
01824 size_t kde_len;
01825
01826 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
01827
01828 sm->GTimeoutCtr++;
01829 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
01830
01831
01832 return;
01833 }
01834
01835 if (sm->wpa == WPA_VERSION_WPA)
01836 sm->PInitAKeys = FALSE;
01837 sm->TimeoutEvt = FALSE;
01838
01839 os_memset(rsc, 0, WPA_KEY_RSC_LEN);
01840 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
01841 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
01842 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01843 "sending 1/2 msg of Group Key Handshake");
01844
01845 if (sm->wpa == WPA_VERSION_WPA2) {
01846 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
01847 ieee80211w_kde_len(sm);
01848 kde = os_malloc(kde_len);
01849 if (kde == NULL)
01850 return;
01851
01852 pos = kde;
01853 hdr[0] = gsm->GN & 0x03;
01854 hdr[1] = 0;
01855 pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
01856 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
01857 pos = ieee80211w_kde_add(sm, pos);
01858 } else {
01859 kde = gsm->GTK[gsm->GN - 1];
01860 pos = kde + gsm->GTK_len;
01861 }
01862
01863 wpa_send_eapol(sm->wpa_auth, sm,
01864 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
01865 WPA_KEY_INFO_ACK |
01866 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
01867 rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
01868 if (sm->wpa == WPA_VERSION_WPA2)
01869 os_free(kde);
01870 }
01871
01872
01873 SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
01874 {
01875 SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
01876 sm->EAPOLKeyReceived = FALSE;
01877 if (sm->GUpdateStationKeys)
01878 sm->group->GKeyDoneStations--;
01879 sm->GUpdateStationKeys = FALSE;
01880 sm->GTimeoutCtr = 0;
01881
01882 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
01883 "group key handshake completed (%s)",
01884 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
01885 sm->has_GTK = TRUE;
01886 }
01887
01888
01889 SM_STATE(WPA_PTK_GROUP, KEYERROR)
01890 {
01891 SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
01892 if (sm->GUpdateStationKeys)
01893 sm->group->GKeyDoneStations--;
01894 sm->GUpdateStationKeys = FALSE;
01895 sm->Disconnect = TRUE;
01896 }
01897
01898
01899 SM_STEP(WPA_PTK_GROUP)
01900 {
01901 if (sm->Init || sm->PtkGroupInit) {
01902 SM_ENTER(WPA_PTK_GROUP, IDLE);
01903 sm->PtkGroupInit = FALSE;
01904 } else switch (sm->wpa_ptk_group_state) {
01905 case WPA_PTK_GROUP_IDLE:
01906 if (sm->GUpdateStationKeys ||
01907 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
01908 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
01909 break;
01910 case WPA_PTK_GROUP_REKEYNEGOTIATING:
01911 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
01912 !sm->EAPOLKeyPairwise && sm->MICVerified)
01913 SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
01914 else if (sm->GTimeoutCtr >
01915 (int) dot11RSNAConfigGroupUpdateCount)
01916 SM_ENTER(WPA_PTK_GROUP, KEYERROR);
01917 else if (sm->TimeoutEvt)
01918 SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
01919 break;
01920 case WPA_PTK_GROUP_KEYERROR:
01921 SM_ENTER(WPA_PTK_GROUP, IDLE);
01922 break;
01923 case WPA_PTK_GROUP_REKEYESTABLISHED:
01924 SM_ENTER(WPA_PTK_GROUP, IDLE);
01925 break;
01926 }
01927 }
01928
01929
01930 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
01931 struct wpa_group *group)
01932 {
01933 int ret = 0;
01934
01935
01936 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
01937 inc_byte_array(group->Counter, WPA_NONCE_LEN);
01938 wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce,
01939 group->GTK[group->GN - 1], group->GTK_len);
01940
01941 #ifdef CONFIG_IEEE80211W
01942 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
01943 if (os_get_random(group->IGTK[group->GN_igtk - 4],
01944 WPA_IGTK_LEN) < 0) {
01945 wpa_printf(MSG_INFO, "RSN: Failed to get new random "
01946 "IGTK");
01947 ret = -1;
01948 }
01949 wpa_hexdump_key(MSG_DEBUG, "IGTK",
01950 group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
01951 }
01952 #endif
01953
01954 return ret;
01955 }
01956
01957
01958 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
01959 struct wpa_group *group)
01960 {
01961 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
01962 "GTK_INIT (VLAN-ID %d)", group->vlan_id);
01963 group->changed = FALSE;
01964 group->wpa_group_state = WPA_GROUP_GTK_INIT;
01965
01966
01967 os_memset(group->GTK, 0, sizeof(group->GTK));
01968 group->GN = 1;
01969 group->GM = 2;
01970 #ifdef CONFIG_IEEE80211W
01971 group->GN_igtk = 4;
01972 group->GM_igtk = 5;
01973 #endif
01974
01975 wpa_gtk_update(wpa_auth, group);
01976 }
01977
01978
01979 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
01980 {
01981 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
01982 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01983 "Not in PTKINITDONE; skip Group Key update");
01984 return 0;
01985 }
01986 if (sm->GUpdateStationKeys) {
01987
01988
01989
01990
01991 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
01992 "GUpdateStationKeys already set - do not "
01993 "increment GKeyDoneStations");
01994 } else {
01995 sm->group->GKeyDoneStations++;
01996 sm->GUpdateStationKeys = TRUE;
01997 }
01998 wpa_sm_step(sm);
01999 return 0;
02000 }
02001
02002
02003 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
02004 struct wpa_group *group)
02005 {
02006 int tmp;
02007
02008 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
02009 "SETKEYS (VLAN-ID %d)", group->vlan_id);
02010 group->changed = TRUE;
02011 group->wpa_group_state = WPA_GROUP_SETKEYS;
02012 group->GTKReKey = FALSE;
02013 tmp = group->GM;
02014 group->GM = group->GN;
02015 group->GN = tmp;
02016 #ifdef CONFIG_IEEE80211W
02017 tmp = group->GM_igtk;
02018 group->GM_igtk = group->GN_igtk;
02019 group->GN_igtk = tmp;
02020 #endif
02021
02022
02023
02024 wpa_gtk_update(wpa_auth, group);
02025
02026 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
02027 wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
02028 group->GKeyDoneStations);
02029 }
02030
02031
02032 static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
02033 struct wpa_group *group)
02034 {
02035 wpa_printf(MSG_DEBUG, "WPA: group state machine entering state "
02036 "SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
02037 group->changed = TRUE;
02038 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
02039 wpa_auth_set_key(wpa_auth, group->vlan_id,
02040 wpa_alg_enum(wpa_auth->conf.wpa_group),
02041 NULL, group->GN, group->GTK[group->GN - 1],
02042 group->GTK_len);
02043
02044 #ifdef CONFIG_IEEE80211W
02045 if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) {
02046 wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
02047 NULL, group->GN_igtk,
02048 group->IGTK[group->GN_igtk - 4],
02049 WPA_IGTK_LEN);
02050 }
02051 #endif
02052 }
02053
02054
02055 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
02056 struct wpa_group *group)
02057 {
02058 if (group->GInit) {
02059 wpa_group_gtk_init(wpa_auth, group);
02060 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
02061 group->GTKAuthenticator) {
02062 wpa_group_setkeysdone(wpa_auth, group);
02063 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
02064 group->GTKReKey) {
02065 wpa_group_setkeys(wpa_auth, group);
02066 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
02067 if (group->GKeyDoneStations == 0)
02068 wpa_group_setkeysdone(wpa_auth, group);
02069 else if (group->GTKReKey)
02070 wpa_group_setkeys(wpa_auth, group);
02071 }
02072 }
02073
02074
02075 static void wpa_sm_step(struct wpa_state_machine *sm)
02076 {
02077 if (sm == NULL)
02078 return;
02079
02080 if (sm->in_step_loop) {
02081
02082
02083
02084 wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively");
02085 return;
02086 }
02087
02088 sm->in_step_loop = 1;
02089 do {
02090 if (sm->pending_deinit)
02091 break;
02092
02093 sm->changed = FALSE;
02094 sm->wpa_auth->group->changed = FALSE;
02095
02096 SM_STEP_RUN(WPA_PTK);
02097 if (sm->pending_deinit)
02098 break;
02099 SM_STEP_RUN(WPA_PTK_GROUP);
02100 if (sm->pending_deinit)
02101 break;
02102 wpa_group_sm_step(sm->wpa_auth, sm->group);
02103 } while (sm->changed || sm->wpa_auth->group->changed);
02104 sm->in_step_loop = 0;
02105
02106 if (sm->pending_deinit) {
02107 wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state "
02108 "machine deinit for " MACSTR, MAC2STR(sm->addr));
02109 wpa_free_sta_sm(sm);
02110 }
02111 }
02112
02113
02114 static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx)
02115 {
02116 struct wpa_state_machine *sm = eloop_ctx;
02117 wpa_sm_step(sm);
02118 }
02119
02120
02121 void wpa_auth_sm_notify(struct wpa_state_machine *sm)
02122 {
02123 if (sm == NULL)
02124 return;
02125 eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL);
02126 }
02127
02128
02129 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
02130 {
02131 int tmp, i;
02132 struct wpa_group *group;
02133
02134 if (wpa_auth == NULL)
02135 return;
02136
02137 group = wpa_auth->group;
02138
02139 for (i = 0; i < 2; i++) {
02140 tmp = group->GM;
02141 group->GM = group->GN;
02142 group->GN = tmp;
02143 #ifdef CONFIG_IEEE80211W
02144 tmp = group->GM_igtk;
02145 group->GM_igtk = group->GN_igtk;
02146 group->GN_igtk = tmp;
02147 #endif
02148 wpa_gtk_update(wpa_auth, group);
02149 }
02150 }
02151
02152
02153 static const char * wpa_bool_txt(int bool)
02154 {
02155 return bool ? "TRUE" : "FALSE";
02156 }
02157
02158
02159 static int wpa_cipher_bits(int cipher)
02160 {
02161 switch (cipher) {
02162 case WPA_CIPHER_CCMP:
02163 return 128;
02164 case WPA_CIPHER_TKIP:
02165 return 256;
02166 case WPA_CIPHER_WEP104:
02167 return 104;
02168 case WPA_CIPHER_WEP40:
02169 return 40;
02170 default:
02171 return 0;
02172 }
02173 }
02174
02175
02176 #define RSN_SUITE "%02x-%02x-%02x-%d"
02177 #define RSN_SUITE_ARG(s) \
02178 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
02179
02180 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
02181 {
02182 int len = 0, ret;
02183 char pmkid_txt[PMKID_LEN * 2 + 1];
02184
02185 if (wpa_auth == NULL)
02186 return len;
02187
02188 ret = os_snprintf(buf + len, buflen - len,
02189 "dot11RSNAOptionImplemented=TRUE\n"
02190 #ifdef CONFIG_RSN_PREAUTH
02191 "dot11RSNAPreauthenticationImplemented=TRUE\n"
02192 #else
02193 "dot11RSNAPreauthenticationImplemented=FALSE\n"
02194 #endif
02195 "dot11RSNAEnabled=%s\n"
02196 "dot11RSNAPreauthenticationEnabled=%s\n",
02197 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
02198 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
02199 if (ret < 0 || (size_t) ret >= buflen - len)
02200 return len;
02201 len += ret;
02202
02203 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
02204 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
02205
02206 ret = os_snprintf(
02207 buf + len, buflen - len,
02208 "dot11RSNAConfigVersion=%u\n"
02209 "dot11RSNAConfigPairwiseKeysSupported=9999\n"
02210
02211
02212
02213
02214 "dot11RSNAConfigGroupRekeyStrict=%u\n"
02215 "dot11RSNAConfigGroupUpdateCount=%u\n"
02216 "dot11RSNAConfigPairwiseUpdateCount=%u\n"
02217 "dot11RSNAConfigGroupCipherSize=%u\n"
02218 "dot11RSNAConfigPMKLifetime=%u\n"
02219 "dot11RSNAConfigPMKReauthThreshold=%u\n"
02220 "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n"
02221 "dot11RSNAConfigSATimeout=%u\n"
02222 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
02223 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
02224 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
02225 "dot11RSNAPMKIDUsed=%s\n"
02226 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
02227 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
02228 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
02229 "dot11RSNATKIPCounterMeasuresInvoked=%u\n"
02230 "dot11RSNA4WayHandshakeFailures=%u\n"
02231 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n",
02232 RSN_VERSION,
02233 !!wpa_auth->conf.wpa_strict_rekey,
02234 dot11RSNAConfigGroupUpdateCount,
02235 dot11RSNAConfigPairwiseUpdateCount,
02236 wpa_cipher_bits(wpa_auth->conf.wpa_group),
02237 dot11RSNAConfigPMKLifetime,
02238 dot11RSNAConfigPMKReauthThreshold,
02239 dot11RSNAConfigSATimeout,
02240 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
02241 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
02242 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
02243 pmkid_txt,
02244 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
02245 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
02246 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
02247 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
02248 wpa_auth->dot11RSNA4WayHandshakeFailures);
02249 if (ret < 0 || (size_t) ret >= buflen - len)
02250 return len;
02251 len += ret;
02252
02253
02254
02255
02256
02257 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
02258 wpa_auth->group->wpa_group_state);
02259 if (ret < 0 || (size_t) ret >= buflen - len)
02260 return len;
02261 len += ret;
02262
02263 return len;
02264 }
02265
02266
02267 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
02268 {
02269 int len = 0, ret;
02270 u32 pairwise = 0;
02271
02272 if (sm == NULL)
02273 return 0;
02274
02275
02276
02277
02278
02279 if (sm->wpa == WPA_VERSION_WPA) {
02280 if (sm->pairwise == WPA_CIPHER_CCMP)
02281 pairwise = WPA_CIPHER_SUITE_CCMP;
02282 else if (sm->pairwise == WPA_CIPHER_TKIP)
02283 pairwise = WPA_CIPHER_SUITE_TKIP;
02284 else if (sm->pairwise == WPA_CIPHER_WEP104)
02285 pairwise = WPA_CIPHER_SUITE_WEP104;
02286 else if (sm->pairwise == WPA_CIPHER_WEP40)
02287 pairwise = WPA_CIPHER_SUITE_WEP40;
02288 else if (sm->pairwise == WPA_CIPHER_NONE)
02289 pairwise = WPA_CIPHER_SUITE_NONE;
02290 } else if (sm->wpa == WPA_VERSION_WPA2) {
02291 if (sm->pairwise == WPA_CIPHER_CCMP)
02292 pairwise = RSN_CIPHER_SUITE_CCMP;
02293 else if (sm->pairwise == WPA_CIPHER_TKIP)
02294 pairwise = RSN_CIPHER_SUITE_TKIP;
02295 else if (sm->pairwise == WPA_CIPHER_WEP104)
02296 pairwise = RSN_CIPHER_SUITE_WEP104;
02297 else if (sm->pairwise == WPA_CIPHER_WEP40)
02298 pairwise = RSN_CIPHER_SUITE_WEP40;
02299 else if (sm->pairwise == WPA_CIPHER_NONE)
02300 pairwise = RSN_CIPHER_SUITE_NONE;
02301 } else
02302 return 0;
02303
02304 ret = os_snprintf(
02305 buf + len, buflen - len,
02306
02307 "dot11RSNAStatsSTAAddress=" MACSTR "\n"
02308 "dot11RSNAStatsVersion=1\n"
02309 "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n"
02310
02311 "dot11RSNAStatsTKIPLocalMICFailures=%u\n"
02312 "dot11RSNAStatsTKIPRemoveMICFailures=%u\n"
02313
02314
02315 ,
02316 MAC2STR(sm->addr),
02317 RSN_SUITE_ARG(pairwise),
02318 sm->dot11RSNAStatsTKIPLocalMICFailures,
02319 sm->dot11RSNAStatsTKIPRemoteMICFailures);
02320 if (ret < 0 || (size_t) ret >= buflen - len)
02321 return len;
02322 len += ret;
02323
02324
02325 ret = os_snprintf(buf + len, buflen - len,
02326 "hostapdWPAPTKState=%d\n"
02327 "hostapdWPAPTKGroupState=%d\n",
02328 sm->wpa_ptk_state,
02329 sm->wpa_ptk_group_state);
02330 if (ret < 0 || (size_t) ret >= buflen - len)
02331 return len;
02332 len += ret;
02333
02334 return len;
02335 }
02336
02337
02338 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
02339 {
02340 if (wpa_auth)
02341 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
02342 }
02343
02344
02345 int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
02346 {
02347 return sm && sm->pairwise_set;
02348 }
02349
02350
02351 int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
02352 {
02353 return sm->pairwise;
02354 }
02355
02356
02357 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
02358 {
02359 if (sm == NULL)
02360 return -1;
02361 return sm->wpa_key_mgmt;
02362 }
02363
02364
02365 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
02366 {
02367 if (sm == NULL)
02368 return 0;
02369 return sm->wpa;
02370 }
02371
02372
02373 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
02374 struct rsn_pmksa_cache_entry *entry)
02375 {
02376 if (sm == NULL || sm->pmksa != entry)
02377 return -1;
02378 sm->pmksa = NULL;
02379 return 0;
02380 }
02381
02382
02383 struct rsn_pmksa_cache_entry *
02384 wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
02385 {
02386 return sm ? sm->pmksa : NULL;
02387 }
02388
02389
02390 void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm)
02391 {
02392 if (sm)
02393 sm->dot11RSNAStatsTKIPLocalMICFailures++;
02394 }
02395
02396
02397 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
02398 {
02399 if (wpa_auth == NULL)
02400 return NULL;
02401 *len = wpa_auth->wpa_ie_len;
02402 return wpa_auth->wpa_ie;
02403 }
02404
02405
02406 int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
02407 int session_timeout, struct eapol_state_machine *eapol)
02408 {
02409 if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
02410 return -1;
02411
02412 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, PMK_LEN,
02413 sm->wpa_auth->addr, sm->addr, session_timeout,
02414 eapol, sm->wpa_key_mgmt))
02415 return 0;
02416
02417 return -1;
02418 }
02419
02420
02421 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
02422 const u8 *pmk, size_t len, const u8 *sta_addr,
02423 int session_timeout,
02424 struct eapol_state_machine *eapol)
02425 {
02426 if (wpa_auth == NULL)
02427 return -1;
02428
02429 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr,
02430 sta_addr, session_timeout, eapol,
02431 WPA_KEY_MGMT_IEEE8021X))
02432 return 0;
02433
02434 return -1;
02435 }
02436
02437
02438 static struct wpa_group *
02439 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
02440 {
02441 struct wpa_group *group;
02442
02443 if (wpa_auth == NULL || wpa_auth->group == NULL)
02444 return NULL;
02445
02446 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
02447 vlan_id);
02448 group = wpa_group_init(wpa_auth, vlan_id);
02449 if (group == NULL)
02450 return NULL;
02451
02452 group->next = wpa_auth->group->next;
02453 wpa_auth->group->next = group;
02454
02455 return group;
02456 }
02457
02458
02459 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
02460 {
02461 struct wpa_group *group;
02462
02463 if (sm == NULL || sm->wpa_auth == NULL)
02464 return 0;
02465
02466 group = sm->wpa_auth->group;
02467 while (group) {
02468 if (group->vlan_id == vlan_id)
02469 break;
02470 group = group->next;
02471 }
02472
02473 if (group == NULL) {
02474 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
02475 if (group == NULL)
02476 return -1;
02477 }
02478
02479 if (sm->group == group)
02480 return 0;
02481
02482 wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state "
02483 "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id);
02484
02485 sm->group = group;
02486 return 0;
02487 }
02488
02489 #endif
02490
1.6.1
