88
89
static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
89
90
static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
90
#ifdef CONFIG_IEEE80211W
91
static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
92
#endif /* CONFIG_IEEE80211W */
94
92
/* EAPOL-Key Key Data Encapsulation
95
* GroupKey and PeerKey require encryption, otherwise, encryption is optional.
93
* GroupKey and STAKey require encryption, otherwise, encryption is optional.
97
95
static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
99
96
static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
101
97
static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
102
98
static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
103
99
#ifdef CONFIG_PEERKEY
105
101
static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
106
102
static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
107
103
static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
108
#endif /* CONFIG_PEERKEY */
109
#ifdef CONFIG_IEEE80211W
110
/* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
111
* already taken by 802.11ma (PeerKey). Need to update the values here once
112
* IEEE 802.11w fixes these. */
113
static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
114
static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
115
#endif /* CONFIG_IEEE80211W */
117
#ifdef CONFIG_PEERKEY
119
106
STK_MUI_4WAY_STA_AP = 1,
120
107
STK_MUI_4WAY_STAT_STA = 2,
278
252
static int wpa_selector_to_bitfield(const u8 *s)
280
if (os_memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
254
if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
281
255
return WPA_CIPHER_NONE;
282
if (os_memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
256
if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
283
257
return WPA_CIPHER_WEP40;
284
if (os_memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
258
if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
285
259
return WPA_CIPHER_TKIP;
286
if (os_memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
260
if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
287
261
return WPA_CIPHER_CCMP;
288
if (os_memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
262
if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
289
263
return WPA_CIPHER_WEP104;
294
268
static int wpa_key_mgmt_to_bitfield(const u8 *s)
296
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) ==
270
if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0)
271
return WPA_KEY_MGMT_IEEE8021X;
272
if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) ==
298
return WPA_KEY_MGMT_IEEE8021X;
299
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN)
301
274
return WPA_KEY_MGMT_PSK;
302
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
275
if (memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
303
276
return WPA_KEY_MGMT_WPA_NONE;
308
281
#ifndef CONFIG_NO_WPA2
309
282
static int rsn_selector_to_bitfield(const u8 *s)
311
if (os_memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
284
if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
312
285
return WPA_CIPHER_NONE;
313
if (os_memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
286
if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
314
287
return WPA_CIPHER_WEP40;
315
if (os_memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
288
if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
316
289
return WPA_CIPHER_TKIP;
317
if (os_memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
290
if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
318
291
return WPA_CIPHER_CCMP;
319
if (os_memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
292
if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
320
293
return WPA_CIPHER_WEP104;
321
#ifdef CONFIG_IEEE80211W
322
if (os_memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
323
return WPA_CIPHER_AES_128_CMAC;
324
#endif /* CONFIG_IEEE80211W */
329
298
static int rsn_key_mgmt_to_bitfield(const u8 *s)
331
if (os_memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) ==
300
if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0)
301
return WPA_KEY_MGMT_IEEE8021X;
302
if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) ==
333
return WPA_KEY_MGMT_IEEE8021X;
334
if (os_memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN)
336
304
return WPA_KEY_MGMT_PSK;
342
310
#ifdef CONFIG_PEERKEY
343
311
static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
345
os_memcpy(pos, ie, ie_len);
313
memcpy(pos, ie, ie_len);
346
314
return pos + ie_len;
316
#endif /* CONFIG_PEERKEY */
319
#if defined(CONFIG_STAKEY) || defined(CONFIG_PEERKEY)
350
320
static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
353
323
*pos++ = GENERIC_INFO_ELEM;
354
324
*pos++ = RSN_SELECTOR_LEN + data_len;
355
os_memcpy(pos, kde, RSN_SELECTOR_LEN);
325
memcpy(pos, kde, RSN_SELECTOR_LEN);
356
326
pos += RSN_SELECTOR_LEN;
357
os_memcpy(pos, data, data_len);
327
memcpy(pos, data, data_len);
361
#endif /* CONFIG_PEERKEY */
331
#endif /* CONFIG_STAKEY || CONFIG_PEERKEY */
364
334
static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
664
599
hdr = (struct wpa_ie_hdr *) wpa_ie;
665
600
hdr->elem_id = GENERIC_INFO_ELEM;
666
os_memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
601
memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
667
602
WPA_PUT_LE16(hdr->version, WPA_VERSION);
668
603
pos = (u8 *) (hdr + 1);
670
605
if (group_cipher == WPA_CIPHER_CCMP) {
671
os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
606
memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
672
607
} else if (group_cipher == WPA_CIPHER_TKIP) {
673
os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
608
memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
674
609
} else if (group_cipher == WPA_CIPHER_WEP104) {
675
os_memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
610
memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
676
611
} else if (group_cipher == WPA_CIPHER_WEP40) {
677
os_memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
612
memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
679
614
wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
687
622
if (pairwise_cipher == WPA_CIPHER_CCMP) {
688
os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
623
memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
689
624
} else if (pairwise_cipher == WPA_CIPHER_TKIP) {
690
os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
625
memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
691
626
} else if (pairwise_cipher == WPA_CIPHER_NONE) {
692
os_memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
627
memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
694
629
wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
695
630
pairwise_cipher);
702
637
if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
703
os_memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X,
638
memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN);
705
639
} else if (key_mgmt == WPA_KEY_MGMT_PSK) {
706
os_memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
640
memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
708
642
} else if (key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
709
os_memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
643
memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
711
645
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
745
677
pos = (u8 *) (hdr + 1);
747
679
if (group_cipher == WPA_CIPHER_CCMP) {
748
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
680
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
749
681
} else if (group_cipher == WPA_CIPHER_TKIP) {
750
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
682
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
751
683
} else if (group_cipher == WPA_CIPHER_WEP104) {
752
os_memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
684
memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
753
685
} else if (group_cipher == WPA_CIPHER_WEP40) {
754
os_memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
686
memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
756
688
wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
764
696
if (pairwise_cipher == WPA_CIPHER_CCMP) {
765
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
697
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
766
698
} else if (pairwise_cipher == WPA_CIPHER_TKIP) {
767
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
699
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
768
700
} else if (pairwise_cipher == WPA_CIPHER_NONE) {
769
os_memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
701
memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
771
703
wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
772
704
pairwise_cipher);
790
721
pos += RSN_SELECTOR_LEN;
792
723
/* RSN Capabilities */
794
#ifdef CONFIG_IEEE80211W
795
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
796
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
797
#endif /* CONFIG_IEEE80211W */
798
WPA_PUT_LE16(pos, capab);
801
727
if (sm->cur_pmksa) {
802
728
/* PMKID Count (2 octets, little endian) */
806
os_memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
732
memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
807
733
pos += PMKID_LEN;
810
#ifdef CONFIG_IEEE80211W
811
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
812
if (!sm->cur_pmksa) {
814
WPA_PUT_LE16(pos, 0);
817
/* Management Group Cipher Suite */
818
memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC,
820
pos += RSN_SELECTOR_LEN;
823
#endif /* CONFIG_IEEE80211W */
825
736
hdr->len = (pos - rsn_ie) - 2;
827
738
WPA_ASSERT((size_t) (pos - rsn_ie) <= rsn_ie_len);
886
796
u8 data[2 * ETH_ALEN + 2 * 32];
888
if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
889
os_memcpy(data, addr1, ETH_ALEN);
890
os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
892
os_memcpy(data, addr2, ETH_ALEN);
893
os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
896
if (os_memcmp(nonce1, nonce2, 32) < 0) {
897
os_memcpy(data + 2 * ETH_ALEN, nonce1, 32);
898
os_memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
900
os_memcpy(data + 2 * ETH_ALEN, nonce2, 32);
901
os_memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
904
sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len);
798
if (memcmp(addr1, addr2, ETH_ALEN) < 0) {
799
memcpy(data, addr1, ETH_ALEN);
800
memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
802
memcpy(data, addr2, ETH_ALEN);
803
memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
806
if (memcmp(nonce1, nonce2, 32) < 0) {
807
memcpy(data + 2 * ETH_ALEN, nonce1, 32);
808
memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
810
memcpy(data + 2 * ETH_ALEN, nonce2, 32);
811
memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
814
sha1_prf(pmk, pmk_len, "Pairwise key expansion", data, sizeof(data),
906
817
wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
907
818
wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
942
853
int ver, const u8 *dest, u16 proto,
943
854
u8 *msg, size_t msg_len, u8 *key_mic)
945
if (os_memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
946
os_memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
856
if (memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
857
memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
948
859
* Association event was not yet received; try to fetch
949
860
* BSSID from the driver.
943
* wpa_sm_stakey_request - Send EAPOL-Key Request for STAKey handshake
944
* @sm: Pointer to WPA state machine data from wpa_sm_init()
945
* @peer: MAC address of the peer STA
946
* Returns: 0 on success, or -1 on failure
948
* Send an EAPOL-Key Request to the current authenticator to start STAKey
949
* handeshake with the peer.
951
int wpa_sm_stakey_request(struct wpa_sm *sm, const u8 *peer)
954
size_t rlen, kde_len;
955
struct wpa_eapol_key *reply;
956
int key_info, ver, alg;
957
u8 bssid[ETH_ALEN], *rbuf, *pos;
958
struct wpa_ssid *ssid = sm->cur_ssid;
960
if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set ||
961
ssid == NULL || !ssid->stakey)
964
/* TODO: how to select which cipher to use? */
965
alg = sm->pairwise_cipher;
967
if (alg == WPA_CIPHER_CCMP)
968
ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
970
ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
972
if (wpa_sm_get_bssid(sm, bssid) < 0) {
973
wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
978
kde_len = 2 + sizeof(RSN_KEY_DATA_MAC_ADDR) + ETH_ALEN;
980
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
981
sizeof(*reply) + kde_len, &rlen,
986
reply->type = EAPOL_KEY_TYPE_RSN;
987
key_info = WPA_KEY_INFO_REQUEST | WPA_KEY_INFO_SECURE |
988
WPA_KEY_INFO_MIC | ver;
989
WPA_PUT_BE16(reply->key_info, key_info);
990
WPA_PUT_BE16(reply->key_length, 0);
991
memcpy(reply->replay_counter, sm->request_counter,
992
WPA_REPLAY_COUNTER_LEN);
993
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
995
/* MAC address KDE */
996
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
997
pos = (u8 *) (reply + 1);
998
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1000
wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key STAKey Request (peer "
1001
MACSTR ")", MAC2STR(peer));
1002
wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1003
rbuf, rlen, reply->key_mic);
1007
#else /* CONFIG_STAKEY */
1011
#endif /* CONFIG_STAKEY */
1032
1016
* wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
1033
1017
* @sm: Pointer to WPA state machine data from wpa_sm_init()
1034
1018
* @peer: MAC address of the peer STA
1075
1059
/* TODO: find existing entry and if found, use that instead of adding
1077
peerkey = os_malloc(sizeof(*peerkey));
1061
peerkey = malloc(sizeof(*peerkey));
1078
1062
if (peerkey == NULL)
1080
os_memset(peerkey, 0, sizeof(*peerkey));
1064
memset(peerkey, 0, sizeof(*peerkey));
1081
1065
peerkey->initiator = 1;
1082
os_memcpy(peerkey->addr, peer, ETH_ALEN);
1066
memcpy(peerkey->addr, peer, ETH_ALEN);
1085
1069
* EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1092
1076
pos = (u8 *) (hdr + 1);
1093
1077
/* Group Suite can be anything for SMK RSN IE; receiver will just
1094
1078
* ignore it. */
1095
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1079
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1096
1080
pos += RSN_SELECTOR_LEN;
1097
1081
count_pos = pos;
1101
1085
if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) {
1102
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1086
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1103
1087
pos += RSN_SELECTOR_LEN;
1106
1090
if (ssid->pairwise_cipher & WPA_CIPHER_TKIP) {
1107
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
1091
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
1108
1092
pos += RSN_SELECTOR_LEN;
1130
1114
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1131
1115
WPA_PUT_BE16(req->key_info, key_info);
1132
1116
WPA_PUT_BE16(req->key_length, 0);
1133
os_memcpy(req->replay_counter, sm->request_counter,
1134
WPA_REPLAY_COUNTER_LEN);
1117
memcpy(req->replay_counter, sm->request_counter,
1118
WPA_REPLAY_COUNTER_LEN);
1135
1119
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1137
1121
if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
1138
1122
wpa_msg(sm->ctx->ctx, MSG_WARNING,
1139
1123
"WPA: Failed to get random data for INonce");
1141
1125
wpa_supplicant_peerkey_free(sm, peerkey);
1144
os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1128
memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1145
1129
wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1146
1130
req->key_nonce, WPA_NONCE_LEN);
1225
1205
if (pos + 1 + RSN_SELECTOR_LEN < end &&
1226
1206
pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1227
os_memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1207
memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1228
1208
ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1232
1212
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1233
os_memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1213
memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1234
1214
ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1235
1215
ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1239
1219
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1240
os_memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1220
memcmp(pos + 2, RSN_KEY_DATA_STAKEY, RSN_SELECTOR_LEN) == 0) {
1221
ie->stakey = pos + 2 + RSN_SELECTOR_LEN;
1222
ie->stakey_len = pos[1] - RSN_SELECTOR_LEN;
1226
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1227
memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1241
1228
ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1242
1229
ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1246
1233
#ifdef CONFIG_PEERKEY
1247
1234
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1248
os_memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1235
memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1249
1236
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
1250
1237
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
1254
1241
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1255
os_memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1242
memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1256
1243
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
1257
1244
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
1261
1248
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1262
os_memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1249
memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1263
1250
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
1264
1251
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
1268
1255
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1269
os_memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1256
memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1270
1257
ie->error = pos + 2 + RSN_SELECTOR_LEN;
1271
1258
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
1274
1261
#endif /* CONFIG_PEERKEY */
1276
#ifdef CONFIG_IEEE80211W
1277
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1278
os_memcmp(pos + 2, RSN_KEY_DATA_DHV, RSN_SELECTOR_LEN) == 0) {
1279
ie->dhv = pos + 2 + RSN_SELECTOR_LEN;
1280
ie->dhv_len = pos[1] - RSN_SELECTOR_LEN;
1284
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1285
os_memcmp(pos + 2, RSN_KEY_DATA_IGTK, RSN_SELECTOR_LEN) == 0) {
1286
ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
1287
ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
1290
#endif /* CONFIG_IEEE80211W */
1466
1437
if (sm->proto == WPA_PROTO_RSN)
1467
1438
WPA_PUT_BE16(reply->key_length, 0);
1469
os_memcpy(reply->key_length, key->key_length, 2);
1470
os_memcpy(reply->replay_counter, key->replay_counter,
1471
WPA_REPLAY_COUNTER_LEN);
1440
memcpy(reply->key_length, key->key_length, 2);
1441
memcpy(reply->replay_counter, key->replay_counter,
1442
WPA_REPLAY_COUNTER_LEN);
1473
1444
WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
1474
os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
1445
memcpy(reply + 1, wpa_ie, wpa_ie_len);
1476
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1447
memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1478
1449
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
1479
1450
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1502
1473
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
1503
1474
MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1505
os_memset(&ie, 0, sizeof(ie));
1476
memset(&ie, 0, sizeof(ie));
1507
1478
#ifndef CONFIG_NO_WPA2
1508
1479
if (sm->proto == WPA_PROTO_RSN) {
1509
1480
/* RSN: msg 1/4 should contain PMKID for the selected PMK */
1510
const u8 *_buf = (const u8 *) (key + 1);
1481
const u8 *buf = (const u8 *) (key + 1);
1511
1482
size_t len = WPA_GET_BE16(key->key_data_length);
1512
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
1513
wpa_supplicant_parse_ies(_buf, len, &ie);
1483
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", buf, len);
1484
wpa_supplicant_parse_ies(buf, len, &ie);
1514
1485
if (ie.pmkid) {
1515
1486
wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
1516
1487
"Authenticator", ie.pmkid, PMKID_LEN);
1539
1510
sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
1540
1511
(u8 *) ptk, sizeof(*ptk));
1541
1512
/* Supplicant: swap tx/rx Mic keys */
1542
os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1543
os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
1544
os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1513
memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1514
memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
1515
memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1545
1516
sm->tptk_set = 1;
1547
1518
if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
1720
1689
wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
1721
1690
if (sm->group_cipher == WPA_CIPHER_TKIP) {
1722
1691
/* Swap Tx/Rx keys for Michael MIC */
1723
os_memcpy(gtk_buf, gd->gtk, 16);
1724
os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1725
os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1692
memcpy(gtk_buf, gd->gtk, 16);
1693
memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1694
memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1726
1695
_gtk = gtk_buf;
1728
1697
if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1816
static int ieee80211w_set_keys(struct wpa_sm *sm,
1817
struct wpa_eapol_ie_parse *ie)
1819
#ifdef CONFIG_IEEE80211W
1820
if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
1824
const struct wpa_igtk_kde *igtk;
1826
if (ie->igtk_len != sizeof(*igtk))
1828
igtk = (const struct wpa_igtk_kde *) ie->igtk;
1829
keyidx = WPA_GET_LE16(igtk->keyid);
1830
wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
1831
"pn %02x%02x%02x%02x%02x%02x",
1832
keyidx, MAC2STR(igtk->pn));
1833
wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
1834
igtk->igtk, WPA_IGTK_LEN);
1835
if (keyidx > 4095) {
1836
wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
1840
if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
1841
(u8 *) "\xff\xff\xff\xff\xff\xff",
1842
keyidx, 0, igtk->pn, sizeof(igtk->pn),
1843
igtk->igtk, WPA_IGTK_LEN) < 0) {
1844
wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
1851
const struct wpa_dhv_kde *dhv;
1852
if (ie->dhv_len != sizeof(*dhv))
1854
dhv = (const struct wpa_dhv_kde *) ie->dhv;
1855
wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv->dhv, WPA_DHV_LEN);
1856
if (wpa_sm_set_key(sm, WPA_ALG_DHV,
1857
(u8 *) "\xff\xff\xff\xff\xff\xff", 0, 0,
1858
NULL, 0, dhv->dhv, WPA_DHV_LEN) < 0) {
1859
wpa_printf(MSG_WARNING, "WPA: Failed to configure DHV "
1866
#else /* CONFIG_IEEE80211W */
1868
#endif /* CONFIG_IEEE80211W */
1872
1785
static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1873
1786
const char *reason, const u8 *src_addr,
1874
1787
const u8 *wpa_ie, size_t wpa_ie_len,
1938
1851
if ((ie->wpa_ie && sm->ap_wpa_ie &&
1939
1852
(ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1940
os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1853
memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1941
1854
(ie->rsn_ie && sm->ap_rsn_ie &&
1942
1855
(ie->rsn_ie_len != sm->ap_rsn_ie_len ||
1943
os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
1856
memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
1944
1857
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1945
1858
"with IE in Beacon/ProbeResp",
1946
1859
src_addr, ie->wpa_ie, ie->wpa_ie_len,
1992
1905
if (sm->proto == WPA_PROTO_RSN)
1993
1906
WPA_PUT_BE16(reply->key_length, 0);
1995
os_memcpy(reply->key_length, key->key_length, 2);
1996
os_memcpy(reply->replay_counter, key->replay_counter,
1997
WPA_REPLAY_COUNTER_LEN);
1908
memcpy(reply->key_length, key->key_length, 2);
1909
memcpy(reply->replay_counter, key->replay_counter,
1910
WPA_REPLAY_COUNTER_LEN);
1999
1912
WPA_PUT_BE16(reply->key_data_length, kde_len);
2001
os_memcpy(reply + 1, kde, kde_len);
1914
memcpy(reply + 1, kde, kde_len);
2003
1916
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
2004
1917
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
2030
1943
wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
2033
#ifdef CONFIG_IEEE80211W
2034
if ((ie.dhv || ie.igtk) && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2035
wpa_printf(MSG_WARNING, "WPA: DHV/IGTK KDE in unencrypted key "
2040
if (ie.dhv && ie.dhv_len != sizeof(struct wpa_dhv_kde)) {
2041
wpa_printf(MSG_WARNING, "WPA: Invalid DHV KDE length %lu",
2042
(unsigned long) ie.dhv_len);
2046
if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
2047
wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
2048
(unsigned long) ie.igtk_len);
2051
#endif /* CONFIG_IEEE80211W */
2053
1947
if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2056
if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1950
if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2057
1951
wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
2058
1952
"Handshake differs from 3 of 4-Way Handshake - drop"
2059
1953
" packet (src=" MACSTR ")", MAC2STR(sm->bssid));
2106
2000
ie.gtk, ie.gtk_len, key_info) < 0) {
2107
2001
wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
2110
if (ieee80211w_set_keys(sm, &ie) < 0)
2111
wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
2006
#ifdef CONFIG_STAKEY
2007
static int wpa_supplicant_send_stakey_2_of_2(struct wpa_sm *sm,
2008
const unsigned char *src_addr,
2009
const struct wpa_eapol_key *key,
2010
int ver, u16 key_info,
2014
struct wpa_eapol_key *reply;
2018
kde_len = 2 + sizeof(RSN_KEY_DATA_MAC_ADDR) + ETH_ALEN;
2020
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2021
sizeof(*reply) + kde_len, &rlen,
2026
reply->type = EAPOL_KEY_TYPE_RSN;
2027
key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
2028
key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
2029
WPA_PUT_BE16(reply->key_info, key_info);
2030
WPA_PUT_BE16(reply->key_length, 0);
2031
memcpy(reply->replay_counter, key->replay_counter,
2032
WPA_REPLAY_COUNTER_LEN);
2034
/* MAC address KDE */
2035
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
2036
pos = (u8 *) (reply + 1);
2037
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
2039
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STAKey 2/2 for " MACSTR,
2041
wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
2042
rbuf, rlen, reply->key_mic);
2048
static int wpa_supplicant_process_stakey_1_of_2(
2049
struct wpa_sm *sm, const unsigned char *src_addr,
2050
const struct wpa_eapol_key *key, u16 key_info,
2051
const u8 *stakey, size_t stakey_len)
2053
struct wpa_ssid *ssid = sm->cur_ssid;
2058
u8 key_buf[32], rsc[6];
2060
wpa_printf(MSG_DEBUG, "RSN: Received STAKey msg 1/2");
2061
if (ssid == NULL || !ssid->stakey || sm->proto != WPA_PROTO_RSN) {
2062
wpa_printf(MSG_DEBUG, "RSN: STAKey negotiation not allowed for"
2063
" the current network");
2067
/* STAKey KDE: Reserved(2 octets) PeerSTA Addr(6 octets) STAKey */
2069
ver = key_info & WPA_KEY_INFO_TYPE_MASK;
2070
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
2071
cipher = WPA_CIPHER_TKIP;
2073
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
2074
cipher = WPA_CIPHER_CCMP;
2077
wpa_printf(MSG_DEBUG, "RSN: Invalid STAKey key_info version "
2082
if (stakey_len < 8 + keylen) {
2083
wpa_printf(MSG_DEBUG, "RSN: Too short STAKey KDE");
2087
wpa_printf(MSG_DEBUG, "RSN: STAKey for peer STA " MACSTR,
2088
MAC2STR(stakey + 2));
2089
wpa_hexdump_key(MSG_DEBUG, "RSN: STAKey", stakey + 8, keylen);
2091
if (cipher == WPA_CIPHER_TKIP) {
2092
/* Swap Tx/Rx keys for Michael MIC */
2093
memcpy(key_buf, stakey + 2, 16);
2094
memcpy(key_buf + 16, stakey + 2 + 24, 8);
2095
memcpy(key_buf + 24, stakey + 2 + 16, 8);
2101
if (wpa_sm_set_key(sm, cipher, stakey + 2, 0, 0, rsc, sizeof(rsc),
2102
_key, keylen) < 0) {
2103
wpa_printf(MSG_WARNING, "RSN: Failed to set STAKey to "
2108
wpa_supplicant_send_stakey_2_of_2(sm, src_addr, key, ver, key_info,
2113
#endif /* CONFIG_STAKEY */
2115
2116
#ifdef CONFIG_PEERKEY
2177
2178
pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
2178
2179
(u8 *) &error, sizeof(error));
2181
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
2182
MACSTR " mui %d error_type %d)",
2183
MAC2STR(peer), mui, error_type);
2185
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
2186
"(mui %d error_type %d)", mui, error_type);
2181
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
2182
MACSTR " mui %d error_type %d)",
2183
MAC2STR(peer), mui, error_type);
2189
2185
wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
2190
2186
rbuf, rlen, err->key_mic);
2223
2219
WPA_KEY_INFO_SECURE;
2224
2220
WPA_PUT_BE16(reply->key_info, key_info);
2225
2221
WPA_PUT_BE16(reply->key_length, 0);
2226
os_memcpy(reply->replay_counter, key->replay_counter,
2227
WPA_REPLAY_COUNTER_LEN);
2222
memcpy(reply->replay_counter, key->replay_counter,
2223
WPA_REPLAY_COUNTER_LEN);
2229
os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
2225
memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
2231
2227
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
2232
2228
pos = (u8 *) (reply + 1);
2314
2310
/* TODO: find existing entry and if found, use that instead of adding
2315
2311
* a new one; how to handle the case where both ends initiate at the
2316
2312
* same time? */
2317
peerkey = os_malloc(sizeof(*peerkey));
2313
peerkey = malloc(sizeof(*peerkey));
2318
2314
if (peerkey == NULL)
2320
os_memset(peerkey, 0, sizeof(*peerkey));
2321
os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
2322
os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2323
os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2316
memset(peerkey, 0, sizeof(*peerkey));
2317
memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
2318
memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2319
memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2324
2320
peerkey->rsnie_i_len = kde.rsn_ie_len;
2325
2321
peerkey->cipher = cipher;
2337
2333
pos = (u8 *) (hdr + 1);
2338
2334
/* Group Suite can be anything for SMK RSN IE; receiver will just
2339
2335
* ignore it. */
2340
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2336
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2341
2337
pos += RSN_SELECTOR_LEN;
2342
2338
/* Include only the selected cipher in pairwise cipher suite */
2343
2339
WPA_PUT_LE16(pos, 1);
2345
2341
if (cipher == WPA_CIPHER_CCMP)
2346
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2342
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2347
2343
else if (cipher == WPA_CIPHER_TKIP)
2348
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
2344
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
2349
2345
pos += RSN_SELECTOR_LEN;
2351
2347
hdr->len = (pos - peerkey->rsnie_p) - 2;
2436
2432
if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
2437
2433
wpa_msg(sm->ctx->ctx, MSG_WARNING,
2438
2434
"RSN: Failed to get random data for INonce (STK)");
2442
2438
wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
2443
2439
peerkey->inonce, WPA_NONCE_LEN);
2444
os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2440
memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2446
2442
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
2447
2443
MAC2STR(peerkey->addr));
2566
if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN)
2562
if (memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) !=
2568
2564
wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
2569
2565
"not match with INonce used in SMK M1");
2573
if (os_memcmp(kde.smk + PMK_LEN, peerkey->inonce,
2574
WPA_NONCE_LEN) != 0) {
2569
if (memcmp(kde.smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN)
2575
2571
wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
2576
2572
"match with the one used in SMK M1");
2580
os_memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2576
memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2581
2577
peerkey->rsnie_p_len = kde.rsn_ie_len;
2582
os_memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
2578
memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
2584
2580
cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
2585
2581
if (cipher & WPA_CIPHER_CCMP) {
2602
2598
wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator "
2603
2599
MACSTR ")", MAC2STR(kde.mac_addr));
2605
if (os_memcmp(kde.smk + PMK_LEN, peerkey->pnonce,
2606
WPA_NONCE_LEN) != 0) {
2601
if (memcmp(kde.smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN)
2607
2603
wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
2608
2604
"match with the one used in SMK M3");
2612
if (os_memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0)
2608
if (memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
2614
2609
wpa_printf(MSG_INFO, "RSN: INonce in SMK M5 did not "
2615
2610
"match with the one received in SMK M2");
2620
os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
2615
memcpy(peerkey->smk, kde.smk, PMK_LEN);
2621
2616
peerkey->smk_complete = 1;
2622
2617
wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
2623
2618
lifetime = WPA_GET_BE32(kde.lifetime);
2752
2746
peerkey->pnonce, key->key_nonce,
2753
2747
(u8 *) stk, sizeof(*stk));
2754
2748
/* Supplicant: swap tx/rx Mic keys */
2755
os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
2756
os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
2757
os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
2749
memcpy(buf, stk->u.auth.tx_mic_key, 8);
2750
memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
2751
memcpy(stk->u.auth.rx_mic_key, buf, 8);
2758
2752
peerkey->tstk_set = 1;
2760
2754
kde_buf_len = peerkey->rsnie_p_len +
2761
2755
2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
2762
2756
2 + RSN_SELECTOR_LEN + PMKID_LEN;
2763
kde_buf = os_malloc(kde_buf_len);
2757
kde_buf = malloc(kde_buf_len);
2764
2758
if (kde_buf == NULL)
2842
if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2836
if (memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2843
2837
wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
2844
2838
kde.pmkid, PMKID_LEN);
2848
2842
if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
2849
os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
2843
memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
2850
2844
wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
2851
2845
"handshakes did not match");
2852
2846
wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
2921
2915
_key = (u8 *) peerkey->stk.tk1;
2922
2916
if (peerkey->cipher == WPA_CIPHER_TKIP) {
2923
2917
/* Swap Tx/Rx keys for Michael MIC */
2924
os_memcpy(key_buf, _key, 16);
2925
os_memcpy(key_buf + 16, _key + 24, 8);
2926
os_memcpy(key_buf + 24, _key + 16, 8);
2918
memcpy(key_buf, _key, 16);
2919
memcpy(key_buf + 16, _key + 24, 8);
2920
memcpy(key_buf + 24, _key + 16, 8);
2927
2921
_key = key_buf;
2932
os_memset(rsc, 0, 6);
2933
2927
if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
2934
2928
rsc, sizeof(rsc), _key, key_len) < 0) {
2935
2929
wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
3041
3049
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3042
3050
WPA_KEY_INFO_KEY_INDEX_SHIFT;
3043
3051
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3044
os_memcpy(ek, key->key_iv, 16);
3045
os_memcpy(ek + 16, sm->ptk.kek, 16);
3052
memcpy(ek, key->key_iv, 16);
3053
memcpy(ek + 16, sm->ptk.kek, 16);
3046
3054
if (keydatalen > sizeof(gd->gtk)) {
3047
3055
wpa_printf(MSG_WARNING, "WPA: RC4 key data "
3048
3056
"too long (%lu)",
3049
3057
(unsigned long) keydatalen);
3052
os_memcpy(gd->gtk, key + 1, keydatalen);
3060
memcpy(gd->gtk, key + 1, keydatalen);
3053
3061
rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
3054
3062
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3055
3063
if (keydatalen % 8) {
3121
3129
int rekey, ret;
3122
3130
struct wpa_gtk_data gd;
3124
os_memset(&gd, 0, sizeof(gd));
3132
memset(&gd, 0, sizeof(gd));
3126
3134
rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
3127
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
3128
MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
3135
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key or STAKey "
3136
"Handshake from " MACSTR " (ver=%d)",
3137
MAC2STR(src_addr), ver);
3130
3139
key_info = WPA_GET_BE16(key->key_info);
3131
3140
keydatalen = WPA_GET_BE16(key->key_data_length);
3133
3142
if (sm->proto == WPA_PROTO_RSN) {
3134
ret = wpa_supplicant_process_1_of_2_rsn(sm,
3143
ret = wpa_supplicant_process_1_of_2_rsn(sm, src_addr, key,
3135
3144
(const u8 *) (key + 1),
3136
3145
keydatalen, key_info,
3174
os_memcpy(mic, key->key_mic, 16);
3188
memcpy(mic, key->key_mic, 16);
3175
3189
if (sm->tptk_set) {
3176
os_memset(key->key_mic, 0, 16);
3190
memset(key->key_mic, 0, 16);
3177
3191
wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
3179
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3193
if (memcmp(mic, key->key_mic, 16) != 0) {
3180
3194
wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3181
3195
"when using TPTK - ignoring TPTK");
3184
3198
sm->tptk_set = 0;
3185
3199
sm->ptk_set = 1;
3186
os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3200
memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3190
3204
if (!ok && sm->ptk_set) {
3191
os_memset(key->key_mic, 0, 16);
3205
memset(key->key_mic, 0, 16);
3192
3206
wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
3194
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3208
if (memcmp(mic, key->key_mic, 16) != 0) {
3195
3209
wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3196
3210
"- dropping packet");
3228
3242
peerkey->stk_set = 1;
3231
os_memcpy(mic, key->key_mic, 16);
3245
memcpy(mic, key->key_mic, 16);
3232
3246
if (peerkey->tstk_set) {
3233
os_memset(key->key_mic, 0, 16);
3247
memset(key->key_mic, 0, 16);
3234
3248
wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
3236
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3250
if (memcmp(mic, key->key_mic, 16) != 0) {
3237
3251
wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3238
3252
"when using TSTK - ignoring TSTK");
3241
3255
peerkey->tstk_set = 0;
3242
3256
peerkey->stk_set = 1;
3243
os_memcpy(&peerkey->stk, &peerkey->tstk,
3244
sizeof(peerkey->stk));
3257
memcpy(&peerkey->stk, &peerkey->tstk,
3258
sizeof(peerkey->stk));
3248
3262
if (!ok && peerkey->stk_set) {
3249
os_memset(key->key_mic, 0, 16);
3263
memset(key->key_mic, 0, 16);
3250
3264
wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
3252
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3266
if (memcmp(mic, key->key_mic, 16) != 0) {
3253
3267
wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3254
3268
"- dropping packet");
3289
3303
* to be implemented separately for each message type. */
3290
3304
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3292
os_memcpy(ek, key->key_iv, 16);
3293
os_memcpy(ek + 16, sm->ptk.kek, 16);
3306
memcpy(ek, key->key_iv, 16);
3307
memcpy(ek + 16, sm->ptk.kek, 16);
3294
3308
rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
3295
3309
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3309
3323
if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
3310
3324
(u8 *) (key + 1), buf)) {
3312
3326
wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
3313
3327
"could not decrypt EAPOL-Key key data");
3316
os_memcpy(key + 1, buf, keydatalen);
3330
memcpy(key + 1, buf, keydatalen);
3318
3332
WPA_PUT_BE16(key->key_data_length, keydatalen);
3320
3334
wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
3478
3492
#ifdef CONFIG_PEERKEY
3479
3493
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
3480
if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3494
if (memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3484
3498
if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
3485
3499
if (!peerkey->initiator && peerkey->replay_counter_set &&
3486
os_memcmp(key->replay_counter, peerkey->replay_counter,
3487
WPA_REPLAY_COUNTER_LEN) <= 0) {
3500
memcmp(key->replay_counter, peerkey->replay_counter,
3501
WPA_REPLAY_COUNTER_LEN) <= 0) {
3488
3502
wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
3489
3503
"Counter did not increase (STK) - dropping "
3492
3506
} else if (peerkey->initiator) {
3493
u8 _tmp[WPA_REPLAY_COUNTER_LEN];
3494
os_memcpy(_tmp, key->replay_counter,
3495
WPA_REPLAY_COUNTER_LEN);
3496
inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
3497
if (os_memcmp(_tmp, peerkey->replay_counter,
3498
WPA_REPLAY_COUNTER_LEN) != 0) {
3507
u8 tmp[WPA_REPLAY_COUNTER_LEN];
3508
memcpy(tmp, key->replay_counter,
3509
WPA_REPLAY_COUNTER_LEN);
3510
inc_byte_array(tmp, WPA_REPLAY_COUNTER_LEN);
3511
if (memcmp(tmp, peerkey->replay_counter,
3512
WPA_REPLAY_COUNTER_LEN) != 0) {
3499
3513
wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
3500
3514
"Counter did not match (STK) - "
3501
3515
"dropping packet");
3730
ret = os_snprintf(buf, buflen,
3731
"dot11RSNAOptionImplemented=TRUE\n"
3732
"dot11RSNAPreauthenticationImplemented=TRUE\n"
3733
"dot11RSNAEnabled=%s\n"
3734
"dot11RSNAPreauthenticationEnabled=%s\n"
3735
"dot11RSNAConfigVersion=%d\n"
3736
"dot11RSNAConfigPairwiseKeysSupported=5\n"
3737
"dot11RSNAConfigGroupCipherSize=%d\n"
3738
"dot11RSNAConfigPMKLifetime=%d\n"
3739
"dot11RSNAConfigPMKReauthThreshold=%d\n"
3740
"dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
3741
"dot11RSNAConfigSATimeout=%d\n",
3742
rsna ? "TRUE" : "FALSE",
3743
rsna ? "TRUE" : "FALSE",
3745
wpa_cipher_bits(sm->group_cipher),
3746
sm->dot11RSNAConfigPMKLifetime,
3747
sm->dot11RSNAConfigPMKReauthThreshold,
3748
sm->dot11RSNAConfigSATimeout);
3744
ret = snprintf(buf, buflen,
3745
"dot11RSNAOptionImplemented=TRUE\n"
3746
"dot11RSNAPreauthenticationImplemented=TRUE\n"
3747
"dot11RSNAEnabled=%s\n"
3748
"dot11RSNAPreauthenticationEnabled=%s\n"
3749
"dot11RSNAConfigVersion=%d\n"
3750
"dot11RSNAConfigPairwiseKeysSupported=5\n"
3751
"dot11RSNAConfigGroupCipherSize=%d\n"
3752
"dot11RSNAConfigPMKLifetime=%d\n"
3753
"dot11RSNAConfigPMKReauthThreshold=%d\n"
3754
"dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
3755
"dot11RSNAConfigSATimeout=%d\n",
3756
rsna ? "TRUE" : "FALSE",
3757
rsna ? "TRUE" : "FALSE",
3759
wpa_cipher_bits(sm->group_cipher),
3760
sm->dot11RSNAConfigPMKLifetime,
3761
sm->dot11RSNAConfigPMKReauthThreshold,
3762
sm->dot11RSNAConfigSATimeout);
3749
3763
if (ret < 0 || (size_t) ret >= buflen)
3754
buf + len, buflen - len,
3755
"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3756
"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3757
"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3758
"dot11RSNAPMKIDUsed=%s\n"
3759
"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3760
"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3761
"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3762
"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
3763
"dot11RSNA4WayHandshakeFailures=%u\n",
3764
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3765
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3766
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3768
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3769
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3770
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3771
sm->dot11RSNA4WayHandshakeFailures);
3767
ret = snprintf(buf + len, buflen - len,
3768
"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3769
"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3770
"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3771
"dot11RSNAPMKIDUsed=%s\n"
3772
"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3773
"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3774
"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3775
"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
3776
"dot11RSNA4WayHandshakeFailures=%u\n",
3777
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3778
RSN_SUITE_ARG(wpa_cipher_suite(sm,
3779
sm->pairwise_cipher)),
3780
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3782
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3783
RSN_SUITE_ARG(wpa_cipher_suite(sm,
3784
sm->pairwise_cipher)),
3785
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3786
sm->dot11RSNA4WayHandshakeFailures);
3772
3787
if (ret >= 0 && (size_t) ret < buflen)
3881
3896
wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
3882
os_memcpy(sm->bssid, bssid, ETH_ALEN);
3883
os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
3897
memcpy(sm->bssid, bssid, ETH_ALEN);
3898
memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
3884
3899
sm->rx_replay_counter_set = 0;
3885
3900
sm->renew_snonce = 1;
3886
if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
3901
if (memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
3887
3902
rsn_preauth_deinit(sm);
4141
4145
char *pos = buf, *end = buf + buflen;
4144
ret = os_snprintf(pos, end - pos,
4145
"pairwise_cipher=%s\n"
4148
wpa_cipher_txt(sm->pairwise_cipher),
4149
wpa_cipher_txt(sm->group_cipher),
4150
wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4148
ret = snprintf(pos, end - pos,
4149
"pairwise_cipher=%s\n"
4152
wpa_cipher_txt(sm->pairwise_cipher),
4153
wpa_cipher_txt(sm->group_cipher),
4154
wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4151
4155
if (ret < 0 || ret >= end - pos)
4152
4156
return pos - buf;
4216
4220
if (sm == NULL)
4219
os_free(sm->assoc_wpa_ie);
4223
free(sm->assoc_wpa_ie);
4220
4224
if (ie == NULL || len == 0) {
4221
4225
wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
4222
4226
sm->assoc_wpa_ie = NULL;
4223
4227
sm->assoc_wpa_ie_len = 0;
4225
4229
wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
4226
sm->assoc_wpa_ie = os_malloc(len);
4230
sm->assoc_wpa_ie = malloc(len);
4227
4231
if (sm->assoc_wpa_ie == NULL)
4230
os_memcpy(sm->assoc_wpa_ie, ie, len);
4234
memcpy(sm->assoc_wpa_ie, ie, len);
4231
4235
sm->assoc_wpa_ie_len = len;