« back to all changes in this revision
Viewing changes to wpa.c
- browse files at revision 21
- compare with another revision
- download diff
- download tarball
- view history from revision 21
- Committer: Bazaar Package Importer
- Author(s): Reinhard Tartler
- Date: 2007-04-01 10:53:37 UTC
- Revision ID: james.westby@ubuntu.com-20070401105337-3dd89n3g8ecdhjsl
Tags: 0.5.7-0ubuntu2
Apply patch from upstream after private email discussion:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=33673d3f43da6f5ec0f0aa5a8245a1617b6eb2fd#patch1
Fixes LP: #98895, #98925
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=33673d3f43da6f5ec0f0aa5a8245a1617b6eb2fd#patch1
Fixes LP: #98895, #98925
- files modified:
- ChangeLog
added
removed
wpa.c
21
21
#include "aes_wrap.h"
22
22
#include "wpa.h"
23
23
#include "eloop.h"
24
#include "wpa_supplicant.h"
24
25
#include "config.h"
25
26
#include "l2_packet.h"
26
27
#include "eapol_sm.h"
87
88
#endif
88
89
static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 };
89
90
static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 };
90
#ifdef CONFIG_IEEE80211W
91
static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 };
92
#endif /* CONFIG_IEEE80211W */
93
91
94
92
/* EAPOL-Key Key Data Encapsulation
95
* GroupKey and PeerKey require encryption, otherwise, encryption is optional.
93
* GroupKey and STAKey require encryption, otherwise, encryption is optional.
96
94
*/
97
95
static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 };
98
#if 0
99
96
static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 };
100
#endif
101
97
static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 };
102
98
static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 };
103
99
#ifdef CONFIG_PEERKEY
105
101
static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 };
106
102
static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 };
107
103
static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 };
108
#endif /* CONFIG_PEERKEY */
109
#ifdef CONFIG_IEEE80211W
110
/* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were
111
* already taken by 802.11ma (PeerKey). Need to update the values here once
112
* IEEE 802.11w fixes these. */
113
static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 };
114
static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 };
115
#endif /* CONFIG_IEEE80211W */
116
104
117
#ifdef CONFIG_PEERKEY
118
105
enum {
119
106
STK_MUI_4WAY_STA_AP = 1,
120
107
STK_MUI_4WAY_STAT_STA = 2,
151
138
* RSN Capabilities (2 octets, little endian) (default: 0)
152
139
* PMKID Count (2 octets) (default: 0)
153
140
* PMKID List (16 * n octets)
154
* Management Group Cipher Suite (4 octets) (default: AES-128-CMAC)
155
141
*/
156
142
157
143
#ifdef _MSC_VER
186
172
u16 error_type;
187
173
} STRUCT_PACKED;
188
174
189
#ifdef CONFIG_IEEE80211W
190
struct wpa_dhv_kde {
191
u8 dhv[WPA_DHV_LEN];
192
} STRUCT_PACKED;
193
194
struct wpa_igtk_kde {
195
u8 keyid[2];
196
u8 pn[6];
197
u8 igtk[WPA_IGTK_LEN];
198
} STRUCT_PACKED;
199
#endif /* CONFIG_IEEE80211W */
200
201
175
#ifdef _MSC_VER
202
176
#pragma pack(pop)
203
177
#endif /* _MSC_VER */
277
251
278
252
static int wpa_selector_to_bitfield(const u8 *s)
279
253
{
280
if (os_memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
254
if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0)
281
255
return WPA_CIPHER_NONE;
282
if (os_memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
256
if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0)
283
257
return WPA_CIPHER_WEP40;
284
if (os_memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
258
if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0)
285
259
return WPA_CIPHER_TKIP;
286
if (os_memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
260
if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0)
287
261
return WPA_CIPHER_CCMP;
288
if (os_memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
262
if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0)
289
263
return WPA_CIPHER_WEP104;
290
264
return 0;
291
265
}
293
267
294
268
static int wpa_key_mgmt_to_bitfield(const u8 *s)
295
269
{
296
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) ==
270
if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0)
271
return WPA_KEY_MGMT_IEEE8021X;
272
if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) ==
297
273
0)
298
return WPA_KEY_MGMT_IEEE8021X;
299
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN)
300
== 0)
301
274
return WPA_KEY_MGMT_PSK;
302
if (os_memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
275
if (memcmp(s, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN) == 0)
303
276
return WPA_KEY_MGMT_WPA_NONE;
304
277
return 0;
305
278
}
308
281
#ifndef CONFIG_NO_WPA2
309
282
static int rsn_selector_to_bitfield(const u8 *s)
310
283
{
311
if (os_memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
284
if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0)
312
285
return WPA_CIPHER_NONE;
313
if (os_memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
286
if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0)
314
287
return WPA_CIPHER_WEP40;
315
if (os_memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
288
if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0)
316
289
return WPA_CIPHER_TKIP;
317
if (os_memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
290
if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0)
318
291
return WPA_CIPHER_CCMP;
319
if (os_memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
292
if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0)
320
293
return WPA_CIPHER_WEP104;
321
#ifdef CONFIG_IEEE80211W
322
if (os_memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0)
323
return WPA_CIPHER_AES_128_CMAC;
324
#endif /* CONFIG_IEEE80211W */
325
294
return 0;
326
295
}
327
296
328
297
329
298
static int rsn_key_mgmt_to_bitfield(const u8 *s)
330
299
{
331
if (os_memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) ==
300
if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0)
301
return WPA_KEY_MGMT_IEEE8021X;
302
if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) ==
332
303
0)
333
return WPA_KEY_MGMT_IEEE8021X;
334
if (os_memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN)
335
== 0)
336
304
return WPA_KEY_MGMT_PSK;
337
305
return 0;
338
306
}
342
310
#ifdef CONFIG_PEERKEY
343
311
static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
344
312
{
345
os_memcpy(pos, ie, ie_len);
313
memcpy(pos, ie, ie_len);
346
314
return pos + ie_len;
347
315
}
348
349
316
#endif /* CONFIG_PEERKEY */
317
318
319
#if defined(CONFIG_STAKEY) || defined(CONFIG_PEERKEY)
350
320
static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data,
351
321
size_t data_len)
352
322
{
353
323
*pos++ = GENERIC_INFO_ELEM;
354
324
*pos++ = RSN_SELECTOR_LEN + data_len;
355
os_memcpy(pos, kde, RSN_SELECTOR_LEN);
325
memcpy(pos, kde, RSN_SELECTOR_LEN);
356
326
pos += RSN_SELECTOR_LEN;
357
os_memcpy(pos, data, data_len);
327
memcpy(pos, data, data_len);
358
328
pos += data_len;
359
329
return pos;
360
330
}
361
#endif /* CONFIG_PEERKEY */
331
#endif /* CONFIG_STAKEY || CONFIG_PEERKEY */
362
332
363
333
364
334
static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
376
346
data->capabilities = 0;
377
347
data->pmkid = NULL;
378
348
data->num_pmkid = 0;
379
data->mgmt_group_cipher = 0;
380
349
381
350
if (wpa_ie_len == 0) {
382
351
/* No WPA IE - fail silently */
393
362
394
363
if (hdr->elem_id != GENERIC_INFO_ELEM ||
395
364
hdr->len != wpa_ie_len - 2 ||
396
os_memcmp(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
365
memcmp(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 ||
397
366
WPA_GET_LE16(hdr->version) != WPA_VERSION) {
398
367
wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
399
368
__func__);
486
455
data->capabilities = 0;
487
456
data->pmkid = NULL;
488
457
data->num_pmkid = 0;
489
#ifdef CONFIG_IEEE80211W
490
data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
491
#else /* CONFIG_IEEE80211W */
492
data->mgmt_group_cipher = 0;
493
#endif /* CONFIG_IEEE80211W */
494
495
458
496
459
if (rsn_ie_len == 0) {
497
460
/* No RSN IE - fail silently */
519
482
520
483
if (left >= RSN_SELECTOR_LEN) {
521
484
data->group_cipher = rsn_selector_to_bitfield(pos);
522
#ifdef CONFIG_IEEE80211W
523
if (data->group_cipher == WPA_CIPHER_AES_128_CMAC) {
524
wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as group "
525
"cipher", __func__);
526
return -1;
527
}
528
#endif /* CONFIG_IEEE80211W */
529
485
pos += RSN_SELECTOR_LEN;
530
486
left -= RSN_SELECTOR_LEN;
531
487
} else if (left > 0) {
549
505
pos += RSN_SELECTOR_LEN;
550
506
left -= RSN_SELECTOR_LEN;
551
507
}
552
#ifdef CONFIG_IEEE80211W
553
if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
554
wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
555
"pairwise cipher", __func__);
556
return -1;
557
}
558
#endif /* CONFIG_IEEE80211W */
559
508
} else if (left == 1) {
560
509
wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
561
510
__func__);
605
554
}
606
555
}
607
556
608
#ifdef CONFIG_IEEE80211W
609
if (left >= 4) {
610
data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
611
if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
612
wpa_printf(MSG_DEBUG, "%s: Unsupported management "
613
"group cipher 0x%x", __func__,
614
data->mgmt_group_cipher);
615
return -1;
616
}
617
pos += RSN_SELECTOR_LEN;
618
left -= RSN_SELECTOR_LEN;
619
}
620
#endif /* CONFIG_IEEE80211W */
621
622
557
if (left > 0) {
623
558
wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
624
559
__func__, left);
663
598
664
599
hdr = (struct wpa_ie_hdr *) wpa_ie;
665
600
hdr->elem_id = GENERIC_INFO_ELEM;
666
os_memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
601
memcpy(hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN);
667
602
WPA_PUT_LE16(hdr->version, WPA_VERSION);
668
603
pos = (u8 *) (hdr + 1);
669
604
670
605
if (group_cipher == WPA_CIPHER_CCMP) {
671
os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
606
memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
672
607
} else if (group_cipher == WPA_CIPHER_TKIP) {
673
os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
608
memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
674
609
} else if (group_cipher == WPA_CIPHER_WEP104) {
675
os_memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
610
memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN);
676
611
} else if (group_cipher == WPA_CIPHER_WEP40) {
677
os_memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
612
memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN);
678
613
} else {
679
614
wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
680
615
group_cipher);
685
620
*pos++ = 1;
686
621
*pos++ = 0;
687
622
if (pairwise_cipher == WPA_CIPHER_CCMP) {
688
os_memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
623
memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN);
689
624
} else if (pairwise_cipher == WPA_CIPHER_TKIP) {
690
os_memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
625
memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN);
691
626
} else if (pairwise_cipher == WPA_CIPHER_NONE) {
692
os_memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
627
memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN);
693
628
} else {
694
629
wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
695
630
pairwise_cipher);
700
635
*pos++ = 1;
701
636
*pos++ = 0;
702
637
if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
703
os_memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X,
704
WPA_SELECTOR_LEN);
638
memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN);
705
639
} else if (key_mgmt == WPA_KEY_MGMT_PSK) {
706
os_memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
707
WPA_SELECTOR_LEN);
640
memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X,
641
WPA_SELECTOR_LEN);
708
642
} else if (key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
709
os_memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
643
memcpy(pos, WPA_AUTH_KEY_MGMT_NONE, WPA_SELECTOR_LEN);
710
644
} else {
711
645
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
712
646
key_mgmt);
726
660
727
661
static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
728
662
int pairwise_cipher, int group_cipher,
729
int key_mgmt, int mgmt_group_cipher,
730
struct wpa_sm *sm)
663
int key_mgmt, struct wpa_sm *sm)
731
664
{
732
665
#ifndef CONFIG_NO_WPA2
733
666
u8 *pos;
734
667
struct rsn_ie_hdr *hdr;
735
u16 capab;
736
668
737
669
if (rsn_ie_len < sizeof(*hdr) + RSN_SELECTOR_LEN +
738
670
2 + RSN_SELECTOR_LEN + 2 + RSN_SELECTOR_LEN + 2 +
745
677
pos = (u8 *) (hdr + 1);
746
678
747
679
if (group_cipher == WPA_CIPHER_CCMP) {
748
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
680
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
749
681
} else if (group_cipher == WPA_CIPHER_TKIP) {
750
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
682
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
751
683
} else if (group_cipher == WPA_CIPHER_WEP104) {
752
os_memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
684
memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN);
753
685
} else if (group_cipher == WPA_CIPHER_WEP40) {
754
os_memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
686
memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN);
755
687
} else {
756
688
wpa_printf(MSG_WARNING, "Invalid group cipher (%d).",
757
689
group_cipher);
762
694
*pos++ = 1;
763
695
*pos++ = 0;
764
696
if (pairwise_cipher == WPA_CIPHER_CCMP) {
765
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
697
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
766
698
} else if (pairwise_cipher == WPA_CIPHER_TKIP) {
767
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
699
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
768
700
} else if (pairwise_cipher == WPA_CIPHER_NONE) {
769
os_memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
701
memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN);
770
702
} else {
771
703
wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).",
772
704
pairwise_cipher);
777
709
*pos++ = 1;
778
710
*pos++ = 0;
779
711
if (key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
780
os_memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X,
781
RSN_SELECTOR_LEN);
712
memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN);
782
713
} else if (key_mgmt == WPA_KEY_MGMT_PSK) {
783
os_memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
784
RSN_SELECTOR_LEN);
714
memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X,
715
RSN_SELECTOR_LEN);
785
716
} else {
786
717
wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
787
718
key_mgmt);
790
721
pos += RSN_SELECTOR_LEN;
791
722
792
723
/* RSN Capabilities */
793
capab = 0;
794
#ifdef CONFIG_IEEE80211W
795
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
796
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
797
#endif /* CONFIG_IEEE80211W */
798
WPA_PUT_LE16(pos, capab);
799
pos += 2;
724
*pos++ = 0;
725
*pos++ = 0;
800
726
801
727
if (sm->cur_pmksa) {
802
728
/* PMKID Count (2 octets, little endian) */
803
729
*pos++ = 1;
804
730
*pos++ = 0;
805
731
/* PMKID */
806
os_memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
732
memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
807
733
pos += PMKID_LEN;
808
734
}
809
735
810
#ifdef CONFIG_IEEE80211W
811
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
812
if (!sm->cur_pmksa) {
813
/* PMKID Count */
814
WPA_PUT_LE16(pos, 0);
815
pos += 2;
816
817
/* Management Group Cipher Suite */
818
memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC,
819
RSN_SELECTOR_LEN);
820
pos += RSN_SELECTOR_LEN;
821
}
822
}
823
#endif /* CONFIG_IEEE80211W */
824
825
736
hdr->len = (pos - rsn_ie) - 2;
826
737
827
738
WPA_ASSERT((size_t) (pos - rsn_ie) <= rsn_ie_len);
846
757
return wpa_gen_wpa_ie_rsn(wpa_ie, wpa_ie_len,
847
758
sm->pairwise_cipher,
848
759
sm->group_cipher,
849
sm->key_mgmt, sm->mgmt_group_cipher,
850
sm);
760
sm->key_mgmt, sm);
851
761
else
852
762
return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
853
763
sm->pairwise_cipher,
885
795
{
886
796
u8 data[2 * ETH_ALEN + 2 * 32];
887
797
888
if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
889
os_memcpy(data, addr1, ETH_ALEN);
890
os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
891
} else {
892
os_memcpy(data, addr2, ETH_ALEN);
893
os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
894
}
895
896
if (os_memcmp(nonce1, nonce2, 32) < 0) {
897
os_memcpy(data + 2 * ETH_ALEN, nonce1, 32);
898
os_memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
899
} else {
900
os_memcpy(data + 2 * ETH_ALEN, nonce2, 32);
901
os_memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
902
}
903
904
sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len);
798
if (memcmp(addr1, addr2, ETH_ALEN) < 0) {
799
memcpy(data, addr1, ETH_ALEN);
800
memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
801
} else {
802
memcpy(data, addr2, ETH_ALEN);
803
memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
804
}
805
806
if (memcmp(nonce1, nonce2, 32) < 0) {
807
memcpy(data + 2 * ETH_ALEN, nonce1, 32);
808
memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
809
} else {
810
memcpy(data + 2 * ETH_ALEN, nonce2, 32);
811
memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
812
}
813
814
sha1_prf(pmk, pmk_len, "Pairwise key expansion", data, sizeof(data),
815
ptk, ptk_len);
905
816
906
817
wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
907
818
wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
933
844
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
934
845
u8 hash[SHA1_MAC_LEN];
935
846
hmac_sha1(key, 16, buf, len, hash);
936
os_memcpy(mic, hash, MD5_MAC_LEN);
847
memcpy(mic, hash, MD5_MAC_LEN);
937
848
}
938
849
}
939
850
942
853
int ver, const u8 *dest, u16 proto,
943
854
u8 *msg, size_t msg_len, u8 *key_mic)
944
855
{
945
if (os_memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
946
os_memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
856
if (memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
857
memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
947
858
/*
948
859
* Association event was not yet received; try to fetch
949
860
* BSSID from the driver.
964
875
wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
965
876
wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
966
877
eapol_sm_notify_tx_eapol_key(sm->eapol);
967
os_free(msg);
878
free(msg);
968
879
}
969
880
970
881
1013
924
key_info |= WPA_KEY_INFO_KEY_TYPE;
1014
925
WPA_PUT_BE16(reply->key_info, key_info);
1015
926
WPA_PUT_BE16(reply->key_length, 0);
1016
os_memcpy(reply->replay_counter, sm->request_counter,
1017
WPA_REPLAY_COUNTER_LEN);
927
memcpy(reply->replay_counter, sm->request_counter,
928
WPA_REPLAY_COUNTER_LEN);
1018
929
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1019
930
1020
931
WPA_PUT_BE16(reply->key_data_length, 0);
1029
940
1030
941
1031
942
/**
943
* wpa_sm_stakey_request - Send EAPOL-Key Request for STAKey handshake
944
* @sm: Pointer to WPA state machine data from wpa_sm_init()
945
* @peer: MAC address of the peer STA
946
* Returns: 0 on success, or -1 on failure
947
*
948
* Send an EAPOL-Key Request to the current authenticator to start STAKey
949
* handeshake with the peer.
950
*/
951
int wpa_sm_stakey_request(struct wpa_sm *sm, const u8 *peer)
952
{
953
#ifdef CONFIG_STAKEY
954
size_t rlen, kde_len;
955
struct wpa_eapol_key *reply;
956
int key_info, ver, alg;
957
u8 bssid[ETH_ALEN], *rbuf, *pos;
958
struct wpa_ssid *ssid = sm->cur_ssid;
959
960
if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set ||
961
ssid == NULL || !ssid->stakey)
962
return -1;
963
964
/* TODO: how to select which cipher to use? */
965
alg = sm->pairwise_cipher;
966
967
if (alg == WPA_CIPHER_CCMP)
968
ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
969
else
970
ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
971
972
if (wpa_sm_get_bssid(sm, bssid) < 0) {
973
wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
974
"STAKey Request");
975
return -1;
976
}
977
978
kde_len = 2 + sizeof(RSN_KEY_DATA_MAC_ADDR) + ETH_ALEN;
979
980
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
981
sizeof(*reply) + kde_len, &rlen,
982
(void *) &reply);
983
if (rbuf == NULL)
984
return -1;
985
986
reply->type = EAPOL_KEY_TYPE_RSN;
987
key_info = WPA_KEY_INFO_REQUEST | WPA_KEY_INFO_SECURE |
988
WPA_KEY_INFO_MIC | ver;
989
WPA_PUT_BE16(reply->key_info, key_info);
990
WPA_PUT_BE16(reply->key_length, 0);
991
memcpy(reply->replay_counter, sm->request_counter,
992
WPA_REPLAY_COUNTER_LEN);
993
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
994
995
/* MAC address KDE */
996
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
997
pos = (u8 *) (reply + 1);
998
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
999
1000
wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key STAKey Request (peer "
1001
MACSTR ")", MAC2STR(peer));
1002
wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1003
rbuf, rlen, reply->key_mic);
1004
1005
return 0;
1006
1007
#else /* CONFIG_STAKEY */
1008
1009
return -1;
1010
1011
#endif /* CONFIG_STAKEY */
1012
}
1013
1014
1015
/**
1032
1016
* wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
1033
1017
* @sm: Pointer to WPA state machine data from wpa_sm_init()
1034
1018
* @peer: MAC address of the peer STA
1074
1058
1075
1059
/* TODO: find existing entry and if found, use that instead of adding
1076
1060
* a new one */
1077
peerkey = os_malloc(sizeof(*peerkey));
1061
peerkey = malloc(sizeof(*peerkey));
1078
1062
if (peerkey == NULL)
1079
1063
return -1;
1080
os_memset(peerkey, 0, sizeof(*peerkey));
1064
memset(peerkey, 0, sizeof(*peerkey));
1081
1065
peerkey->initiator = 1;
1082
os_memcpy(peerkey->addr, peer, ETH_ALEN);
1066
memcpy(peerkey->addr, peer, ETH_ALEN);
1083
1067
1084
1068
/* SMK M1:
1085
1069
* EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1092
1076
pos = (u8 *) (hdr + 1);
1093
1077
/* Group Suite can be anything for SMK RSN IE; receiver will just
1094
1078
* ignore it. */
1095
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1079
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1096
1080
pos += RSN_SELECTOR_LEN;
1097
1081
count_pos = pos;
1098
1082
pos += 2;
1099
1083
1100
1084
count = 0;
1101
1085
if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) {
1102
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1086
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
1103
1087
pos += RSN_SELECTOR_LEN;
1104
1088
count++;
1105
1089
}
1106
1090
if (ssid->pairwise_cipher & WPA_CIPHER_TKIP) {
1107
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
1091
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
1108
1092
pos += RSN_SELECTOR_LEN;
1109
1093
count++;
1110
1094
}
1130
1114
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1131
1115
WPA_PUT_BE16(req->key_info, key_info);
1132
1116
WPA_PUT_BE16(req->key_length, 0);
1133
os_memcpy(req->replay_counter, sm->request_counter,
1134
WPA_REPLAY_COUNTER_LEN);
1117
memcpy(req->replay_counter, sm->request_counter,
1118
WPA_REPLAY_COUNTER_LEN);
1135
1119
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1136
1120
1137
1121
if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
1138
1122
wpa_msg(sm->ctx->ctx, MSG_WARNING,
1139
1123
"WPA: Failed to get random data for INonce");
1140
os_free(rbuf);
1124
free(rbuf);
1141
1125
wpa_supplicant_peerkey_free(sm, peerkey);
1142
1126
return -1;
1143
1127
}
1144
os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1128
memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1145
1129
wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1146
1130
req->key_nonce, WPA_NONCE_LEN);
1147
1131
1179
1163
const u8 *pmkid;
1180
1164
const u8 *gtk;
1181
1165
size_t gtk_len;
1166
const u8 *stakey;
1167
size_t stakey_len;
1182
1168
const u8 *mac_addr;
1183
1169
size_t mac_addr_len;
1184
1170
#ifdef CONFIG_PEERKEY
1191
1177
const u8 *error;
1192
1178
size_t error_len;
1193
1179
#endif /* CONFIG_PEERKEY */
1194
#ifdef CONFIG_IEEE80211W
1195
const u8 *dhv;
1196
size_t dhv_len;
1197
const u8 *igtk;
1198
size_t igtk_len;
1199
#endif /* CONFIG_IEEE80211W */
1200
1180
};
1201
1181
1202
1182
1214
1194
return 1;
1215
1195
1216
1196
if (pos[1] >= 6 &&
1217
os_memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
1197
memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 &&
1218
1198
pos[2 + WPA_SELECTOR_LEN] == 1 &&
1219
1199
pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
1220
1200
ie->wpa_ie = pos;
1224
1204
1225
1205
if (pos + 1 + RSN_SELECTOR_LEN < end &&
1226
1206
pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1227
os_memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1207
memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) {
1228
1208
ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1229
1209
return 0;
1230
1210
}
1231
1211
1232
1212
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1233
os_memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1213
memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) {
1234
1214
ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1235
1215
ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1236
1216
return 0;
1237
1217
}
1238
1218
1239
1219
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1240
os_memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1220
memcmp(pos + 2, RSN_KEY_DATA_STAKEY, RSN_SELECTOR_LEN) == 0) {
1221
ie->stakey = pos + 2 + RSN_SELECTOR_LEN;
1222
ie->stakey_len = pos[1] - RSN_SELECTOR_LEN;
1223
return 0;
1224
}
1225
1226
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1227
memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) {
1241
1228
ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1242
1229
ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1243
1230
return 0;
1245
1232
1246
1233
#ifdef CONFIG_PEERKEY
1247
1234
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1248
os_memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1235
memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) {
1249
1236
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
1250
1237
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
1251
1238
return 0;
1252
1239
}
1253
1240
1254
1241
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1255
os_memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1242
memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) {
1256
1243
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
1257
1244
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
1258
1245
return 0;
1259
1246
}
1260
1247
1261
1248
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1262
os_memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1249
memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) {
1263
1250
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
1264
1251
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
1265
1252
return 0;
1266
1253
}
1267
1254
1268
1255
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1269
os_memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1256
memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) {
1270
1257
ie->error = pos + 2 + RSN_SELECTOR_LEN;
1271
1258
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
1272
1259
return 0;
1273
1260
}
1274
1261
#endif /* CONFIG_PEERKEY */
1275
1262
1276
#ifdef CONFIG_IEEE80211W
1277
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1278
os_memcmp(pos + 2, RSN_KEY_DATA_DHV, RSN_SELECTOR_LEN) == 0) {
1279
ie->dhv = pos + 2 + RSN_SELECTOR_LEN;
1280
ie->dhv_len = pos[1] - RSN_SELECTOR_LEN;
1281
return 0;
1282
}
1283
1284
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1285
os_memcmp(pos + 2, RSN_KEY_DATA_IGTK, RSN_SELECTOR_LEN) == 0) {
1286
ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
1287
ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
1288
return 0;
1289
}
1290
#endif /* CONFIG_IEEE80211W */
1291
1292
1263
return 0;
1293
1264
}
1294
1265
1306
1277
const u8 *pos, *end;
1307
1278
int ret = 0;
1308
1279
1309
os_memset(ie, 0, sizeof(*ie));
1280
memset(ie, 0, sizeof(*ie));
1310
1281
for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
1311
1282
if (pos[0] == 0xdd &&
1312
1283
((pos == buf + len - 1) || pos[1] == 0)) {
1365
1336
}
1366
1337
1367
1338
if (pmkid && sm->cur_pmksa &&
1368
os_memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
1339
memcmp(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
1369
1340
wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
1370
1341
wpa_sm_set_pmk_from_pmksa(sm);
1371
1342
wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
1424
1395
if (buf) {
1425
1396
wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
1426
1397
buf, buflen);
1427
os_free(buf);
1398
free(buf);
1428
1399
}
1429
1400
1430
1401
return -1;
1466
1437
if (sm->proto == WPA_PROTO_RSN)
1467
1438
WPA_PUT_BE16(reply->key_length, 0);
1468
1439
else
1469
os_memcpy(reply->key_length, key->key_length, 2);
1470
os_memcpy(reply->replay_counter, key->replay_counter,
1471
WPA_REPLAY_COUNTER_LEN);
1440
memcpy(reply->key_length, key->key_length, 2);
1441
memcpy(reply->replay_counter, key->replay_counter,
1442
WPA_REPLAY_COUNTER_LEN);
1472
1443
1473
1444
WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
1474
os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
1445
memcpy(reply + 1, wpa_ie, wpa_ie_len);
1475
1446
1476
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1447
memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1477
1448
1478
1449
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
1479
1450
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1502
1473
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from "
1503
1474
MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
1504
1475
1505
os_memset(&ie, 0, sizeof(ie));
1476
memset(&ie, 0, sizeof(ie));
1506
1477
1507
1478
#ifndef CONFIG_NO_WPA2
1508
1479
if (sm->proto == WPA_PROTO_RSN) {
1509
1480
/* RSN: msg 1/4 should contain PMKID for the selected PMK */
1510
const u8 *_buf = (const u8 *) (key + 1);
1481
const u8 *buf = (const u8 *) (key + 1);
1511
1482
size_t len = WPA_GET_BE16(key->key_data_length);
1512
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
1513
wpa_supplicant_parse_ies(_buf, len, &ie);
1483
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", buf, len);
1484
wpa_supplicant_parse_ies(buf, len, &ie);
1514
1485
if (ie.pmkid) {
1515
1486
wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
1516
1487
"Authenticator", ie.pmkid, PMKID_LEN);
1539
1510
sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
1540
1511
(u8 *) ptk, sizeof(*ptk));
1541
1512
/* Supplicant: swap tx/rx Mic keys */
1542
os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1543
os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
1544
os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1513
memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1514
memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
1515
memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1545
1516
sm->tptk_set = 1;
1546
1517
1547
1518
if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
1549
1520
ptk))
1550
1521
return;
1551
1522
1552
os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
1523
memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
1553
1524
}
1554
1525
1555
1526
1599
1570
static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
1600
1571
const struct wpa_eapol_key *key)
1601
1572
{
1602
int keylen, rsclen;
1603
wpa_alg alg;
1573
int alg, keylen, rsclen;
1604
1574
const u8 *key_rsc;
1605
1575
u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
1606
1576
1646
1616
1647
1617
static int wpa_supplicant_check_group_cipher(int group_cipher,
1648
1618
int keylen, int maxkeylen,
1649
int *key_rsc_len, wpa_alg *alg)
1619
int *key_rsc_len, int *alg)
1650
1620
{
1651
1621
int ret = 0;
1652
1622
1700
1670
1701
1671
1702
1672
struct wpa_gtk_data {
1703
wpa_alg alg;
1704
int tx, key_rsc_len, keyidx;
1673
int alg, tx, key_rsc_len, keyidx;
1705
1674
u8 gtk[32];
1706
1675
int gtk_len;
1707
1676
};
1720
1689
wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
1721
1690
if (sm->group_cipher == WPA_CIPHER_TKIP) {
1722
1691
/* Swap Tx/Rx keys for Michael MIC */
1723
os_memcpy(gtk_buf, gd->gtk, 16);
1724
os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1725
os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1692
memcpy(gtk_buf, gd->gtk, 16);
1693
memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1694
memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1726
1695
_gtk = gtk_buf;
1727
1696
}
1728
1697
if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1780
1749
* GTK
1781
1750
*/
1782
1751
1783
os_memset(&gd, 0, sizeof(gd));
1752
memset(&gd, 0, sizeof(gd));
1784
1753
wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
1785
1754
gtk, gtk_len);
1786
1755
1793
1762
gtk += 2;
1794
1763
gtk_len -= 2;
1795
1764
1796
os_memcpy(gd.gtk, gtk, gtk_len);
1765
memcpy(gd.gtk, gtk, gtk_len);
1797
1766
gd.gtk_len = gtk_len;
1798
1767
1799
1768
if (wpa_supplicant_check_group_cipher(sm->group_cipher,
1813
1782
}
1814
1783
1815
1784
1816
static int ieee80211w_set_keys(struct wpa_sm *sm,
1817
struct wpa_eapol_ie_parse *ie)
1818
{
1819
#ifdef CONFIG_IEEE80211W
1820
if (sm->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC)
1821
return 0;
1822
1823
if (ie->igtk) {
1824
const struct wpa_igtk_kde *igtk;
1825
u16 keyidx;
1826
if (ie->igtk_len != sizeof(*igtk))
1827
return -1;
1828
igtk = (const struct wpa_igtk_kde *) ie->igtk;
1829
keyidx = WPA_GET_LE16(igtk->keyid);
1830
wpa_printf(MSG_DEBUG, "WPA: IGTK keyid %d "
1831
"pn %02x%02x%02x%02x%02x%02x",
1832
keyidx, MAC2STR(igtk->pn));
1833
wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
1834
igtk->igtk, WPA_IGTK_LEN);
1835
if (keyidx > 4095) {
1836
wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KeyID %d",
1837
keyidx);
1838
return -1;
1839
}
1840
if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
1841
(u8 *) "\xff\xff\xff\xff\xff\xff",
1842
keyidx, 0, igtk->pn, sizeof(igtk->pn),
1843
igtk->igtk, WPA_IGTK_LEN) < 0) {
1844
wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
1845
" to the driver");
1846
return -1;
1847
}
1848
}
1849
1850
if (ie->dhv) {
1851
const struct wpa_dhv_kde *dhv;
1852
if (ie->dhv_len != sizeof(*dhv))
1853
return -1;
1854
dhv = (const struct wpa_dhv_kde *) ie->dhv;
1855
wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv->dhv, WPA_DHV_LEN);
1856
if (wpa_sm_set_key(sm, WPA_ALG_DHV,
1857
(u8 *) "\xff\xff\xff\xff\xff\xff", 0, 0,
1858
NULL, 0, dhv->dhv, WPA_DHV_LEN) < 0) {
1859
wpa_printf(MSG_WARNING, "WPA: Failed to configure DHV "
1860
"to the driver");
1861
return -1;
1862
}
1863
}
1864
1865
return 0;
1866
#else /* CONFIG_IEEE80211W */
1867
return 0;
1868
#endif /* CONFIG_IEEE80211W */
1869
}
1870
1871
1872
1785
static void wpa_report_ie_mismatch(struct wpa_sm *sm,
1873
1786
const char *reason, const u8 *src_addr,
1874
1787
const u8 *wpa_ie, size_t wpa_ie_len,
1937
1850
1938
1851
if ((ie->wpa_ie && sm->ap_wpa_ie &&
1939
1852
(ie->wpa_ie_len != sm->ap_wpa_ie_len ||
1940
os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1853
memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
1941
1854
(ie->rsn_ie && sm->ap_rsn_ie &&
1942
1855
(ie->rsn_ie_len != sm->ap_rsn_ie_len ||
1943
os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
1856
memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0))) {
1944
1857
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
1945
1858
"with IE in Beacon/ProbeResp",
1946
1859
src_addr, ie->wpa_ie, ie->wpa_ie_len,
1992
1905
if (sm->proto == WPA_PROTO_RSN)
1993
1906
WPA_PUT_BE16(reply->key_length, 0);
1994
1907
else
1995
os_memcpy(reply->key_length, key->key_length, 2);
1996
os_memcpy(reply->replay_counter, key->replay_counter,
1997
WPA_REPLAY_COUNTER_LEN);
1908
memcpy(reply->key_length, key->key_length, 2);
1909
memcpy(reply->replay_counter, key->replay_counter,
1910
WPA_REPLAY_COUNTER_LEN);
1998
1911
1999
1912
WPA_PUT_BE16(reply->key_data_length, kde_len);
2000
1913
if (kde)
2001
os_memcpy(reply + 1, kde, kde_len);
1914
memcpy(reply + 1, kde, kde_len);
2002
1915
2003
1916
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
2004
1917
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
2030
1943
wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
2031
1944
return;
2032
1945
}
2033
#ifdef CONFIG_IEEE80211W
2034
if ((ie.dhv || ie.igtk) && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2035
wpa_printf(MSG_WARNING, "WPA: DHV/IGTK KDE in unencrypted key "
2036
"data");
2037
return;
2038
}
2039
2040
if (ie.dhv && ie.dhv_len != sizeof(struct wpa_dhv_kde)) {
2041
wpa_printf(MSG_WARNING, "WPA: Invalid DHV KDE length %lu",
2042
(unsigned long) ie.dhv_len);
2043
return;
2044
}
2045
2046
if (ie.igtk && ie.igtk_len != sizeof(struct wpa_igtk_kde)) {
2047
wpa_printf(MSG_WARNING, "WPA: Invalid IGTK KDE length %lu",
2048
(unsigned long) ie.igtk_len);
2049
return;
2050
}
2051
#endif /* CONFIG_IEEE80211W */
2052
1946
2053
1947
if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2054
1948
return;
2055
1949
2056
if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1950
if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2057
1951
wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
2058
1952
"Handshake differs from 3 of 4-Way Handshake - drop"
2059
1953
" packet (src=" MACSTR ")", MAC2STR(sm->bssid));
2106
2000
ie.gtk, ie.gtk_len, key_info) < 0) {
2107
2001
wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
2108
2002
}
2109
2110
if (ieee80211w_set_keys(sm, &ie) < 0)
2111
wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
2112
}
2003
}
2004
2005
2006
#ifdef CONFIG_STAKEY
2007
static int wpa_supplicant_send_stakey_2_of_2(struct wpa_sm *sm,
2008
const unsigned char *src_addr,
2009
const struct wpa_eapol_key *key,
2010
int ver, u16 key_info,
2011
const u8 *peer)
2012
{
2013
size_t rlen;
2014
struct wpa_eapol_key *reply;
2015
u8 *rbuf, *pos;
2016
size_t kde_len;
2017
2018
kde_len = 2 + sizeof(RSN_KEY_DATA_MAC_ADDR) + ETH_ALEN;
2019
2020
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2021
sizeof(*reply) + kde_len, &rlen,
2022
(void *) &reply);
2023
if (rbuf == NULL)
2024
return -1;
2025
2026
reply->type = EAPOL_KEY_TYPE_RSN;
2027
key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
2028
key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
2029
WPA_PUT_BE16(reply->key_info, key_info);
2030
WPA_PUT_BE16(reply->key_length, 0);
2031
memcpy(reply->replay_counter, key->replay_counter,
2032
WPA_REPLAY_COUNTER_LEN);
2033
2034
/* MAC address KDE */
2035
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
2036
pos = (u8 *) (reply + 1);
2037
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
2038
2039
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STAKey 2/2 for " MACSTR,
2040
MAC2STR(peer));
2041
wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
2042
rbuf, rlen, reply->key_mic);
2043
2044
return 0;
2045
}
2046
2047
2048
static int wpa_supplicant_process_stakey_1_of_2(
2049
struct wpa_sm *sm, const unsigned char *src_addr,
2050
const struct wpa_eapol_key *key, u16 key_info,
2051
const u8 *stakey, size_t stakey_len)
2052
{
2053
struct wpa_ssid *ssid = sm->cur_ssid;
2054
u16 ver;
2055
size_t keylen;
2056
int cipher;
2057
const u8 *_key;
2058
u8 key_buf[32], rsc[6];
2059
2060
wpa_printf(MSG_DEBUG, "RSN: Received STAKey msg 1/2");
2061
if (ssid == NULL || !ssid->stakey || sm->proto != WPA_PROTO_RSN) {
2062
wpa_printf(MSG_DEBUG, "RSN: STAKey negotiation not allowed for"
2063
" the current network");
2064
return -1;
2065
}
2066
2067
/* STAKey KDE: Reserved(2 octets) PeerSTA Addr(6 octets) STAKey */
2068
2069
ver = key_info & WPA_KEY_INFO_TYPE_MASK;
2070
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
2071
cipher = WPA_CIPHER_TKIP;
2072
keylen = 32;
2073
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
2074
cipher = WPA_CIPHER_CCMP;
2075
keylen = 16;
2076
} else {
2077
wpa_printf(MSG_DEBUG, "RSN: Invalid STAKey key_info version "
2078
"%d", ver);
2079
return -1;
2080
}
2081
2082
if (stakey_len < 8 + keylen) {
2083
wpa_printf(MSG_DEBUG, "RSN: Too short STAKey KDE");
2084
return -1;
2085
}
2086
2087
wpa_printf(MSG_DEBUG, "RSN: STAKey for peer STA " MACSTR,
2088
MAC2STR(stakey + 2));
2089
wpa_hexdump_key(MSG_DEBUG, "RSN: STAKey", stakey + 8, keylen);
2090
2091
if (cipher == WPA_CIPHER_TKIP) {
2092
/* Swap Tx/Rx keys for Michael MIC */
2093
memcpy(key_buf, stakey + 2, 16);
2094
memcpy(key_buf + 16, stakey + 2 + 24, 8);
2095
memcpy(key_buf + 24, stakey + 2 + 16, 8);
2096
_key = key_buf;
2097
} else
2098
_key = stakey + 8;
2099
2100
memset(rsc, 0, 6);
2101
if (wpa_sm_set_key(sm, cipher, stakey + 2, 0, 0, rsc, sizeof(rsc),
2102
_key, keylen) < 0) {
2103
wpa_printf(MSG_WARNING, "RSN: Failed to set STAKey to "
2104
"the driver.");
2105
return -1;
2106
}
2107
2108
wpa_supplicant_send_stakey_2_of_2(sm, src_addr, key, ver, key_info,
2109
stakey + 2);
2110
2111
return 0;
2112
}
2113
#endif /* CONFIG_STAKEY */
2113
2114
2114
2115
2115
2116
#ifdef CONFIG_PEERKEY
2127
2128
struct wpa_peerkey *peerkey)
2128
2129
{
2129
2130
eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
2130
os_free(peerkey);
2131
free(peerkey);
2131
2132
}
2132
2133
2133
2134
2159
2160
WPA_KEY_INFO_REQUEST;
2160
2161
WPA_PUT_BE16(err->key_info, key_info);
2161
2162
WPA_PUT_BE16(err->key_length, 0);
2162
os_memcpy(err->replay_counter, sm->request_counter,
2163
WPA_REPLAY_COUNTER_LEN);
2163
memcpy(err->replay_counter, sm->request_counter,
2164
WPA_REPLAY_COUNTER_LEN);
2164
2165
inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
2165
2166
2166
2167
WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
2177
2178
pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
2178
2179
(u8 *) &error, sizeof(error));
2179
2180
2180
if (peer) {
2181
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
2182
MACSTR " mui %d error_type %d)",
2183
MAC2STR(peer), mui, error_type);
2184
} else {
2185
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
2186
"(mui %d error_type %d)", mui, error_type);
2187
}
2181
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
2182
MACSTR " mui %d error_type %d)",
2183
MAC2STR(peer), mui, error_type);
2188
2184
2189
2185
wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
2190
2186
rbuf, rlen, err->key_mic);
2223
2219
WPA_KEY_INFO_SECURE;
2224
2220
WPA_PUT_BE16(reply->key_info, key_info);
2225
2221
WPA_PUT_BE16(reply->key_length, 0);
2226
os_memcpy(reply->replay_counter, key->replay_counter,
2227
WPA_REPLAY_COUNTER_LEN);
2222
memcpy(reply->replay_counter, key->replay_counter,
2223
WPA_REPLAY_COUNTER_LEN);
2228
2224
2229
os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
2225
memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
2230
2226
2231
2227
WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
2232
2228
pos = (u8 *) (reply + 1);
2314
2310
/* TODO: find existing entry and if found, use that instead of adding
2315
2311
* a new one; how to handle the case where both ends initiate at the
2316
2312
* same time? */
2317
peerkey = os_malloc(sizeof(*peerkey));
2313
peerkey = malloc(sizeof(*peerkey));
2318
2314
if (peerkey == NULL)
2319
2315
return -1;
2320
os_memset(peerkey, 0, sizeof(*peerkey));
2321
os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
2322
os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2323
os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2316
memset(peerkey, 0, sizeof(*peerkey));
2317
memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
2318
memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2319
memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2324
2320
peerkey->rsnie_i_len = kde.rsn_ie_len;
2325
2321
peerkey->cipher = cipher;
2326
2322
2337
2333
pos = (u8 *) (hdr + 1);
2338
2334
/* Group Suite can be anything for SMK RSN IE; receiver will just
2339
2335
* ignore it. */
2340
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2336
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2341
2337
pos += RSN_SELECTOR_LEN;
2342
2338
/* Include only the selected cipher in pairwise cipher suite */
2343
2339
WPA_PUT_LE16(pos, 1);
2344
2340
pos += 2;
2345
2341
if (cipher == WPA_CIPHER_CCMP)
2346
os_memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2342
memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN);
2347
2343
else if (cipher == WPA_CIPHER_TKIP)
2348
os_memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
2344
memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN);
2349
2345
pos += RSN_SELECTOR_LEN;
2350
2346
2351
2347
hdr->len = (pos - peerkey->rsnie_p) - 2;
2389
2385
addr[4] = mac_i;
2390
2386
2391
2387
hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
2392
os_memcpy(smkid, hash, PMKID_LEN);
2388
memcpy(smkid, hash, PMKID_LEN);
2393
2389
}
2394
2390
2395
2391
2425
2421
else
2426
2422
WPA_PUT_BE16(msg->key_length, 32);
2427
2423
2428
os_memcpy(msg->replay_counter, peerkey->replay_counter,
2429
WPA_REPLAY_COUNTER_LEN);
2424
memcpy(msg->replay_counter, peerkey->replay_counter,
2425
WPA_REPLAY_COUNTER_LEN);
2430
2426
inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
2431
2427
2432
2428
WPA_PUT_BE16(msg->key_data_length, kde_len);
2436
2432
if (hostapd_get_rand(peerkey->inonce, WPA_NONCE_LEN)) {
2437
2433
wpa_msg(sm->ctx->ctx, MSG_WARNING,
2438
2434
"RSN: Failed to get random data for INonce (STK)");
2439
os_free(mbuf);
2435
free(mbuf);
2440
2436
return;
2441
2437
}
2442
2438
wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
2443
2439
peerkey->inonce, WPA_NONCE_LEN);
2444
os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2440
memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2445
2441
2446
2442
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
2447
2443
MAC2STR(peerkey->addr));
2485
2481
else
2486
2482
WPA_PUT_BE16(msg->key_length, 32);
2487
2483
2488
os_memcpy(msg->replay_counter, peerkey->replay_counter,
2489
WPA_REPLAY_COUNTER_LEN);
2484
memcpy(msg->replay_counter, peerkey->replay_counter,
2485
WPA_REPLAY_COUNTER_LEN);
2490
2486
inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
2491
2487
2492
2488
WPA_PUT_BE16(msg->key_data_length, kde_len);
2496
2492
pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
2497
2493
(u8 *) &lifetime, sizeof(lifetime));
2498
2494
2499
os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2495
memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
2500
2496
2501
2497
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
2502
2498
MAC2STR(peerkey->addr));
2538
2534
}
2539
2535
2540
2536
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2541
if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
2542
os_memcmp(peerkey->initiator ? peerkey->inonce :
2537
if (memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
2538
memcmp(peerkey->initiator ? peerkey->inonce :
2543
2539
peerkey->pnonce,
2544
2540
key->key_nonce, WPA_NONCE_LEN) == 0)
2545
2541
break;
2563
2559
return -1;
2564
2560
}
2565
2561
2566
if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN)
2567
!= 0) {
2562
if (memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) !=
2563
0) {
2568
2564
wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
2569
2565
"not match with INonce used in SMK M1");
2570
2566
return -1;
2571
2567
}
2572
2568
2573
if (os_memcmp(kde.smk + PMK_LEN, peerkey->inonce,
2574
WPA_NONCE_LEN) != 0) {
2569
if (memcmp(kde.smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN)
2570
!= 0) {
2575
2571
wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
2576
2572
"match with the one used in SMK M1");
2577
2573
return -1;
2578
2574
}
2579
2575
2580
os_memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2576
memcpy(peerkey->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2581
2577
peerkey->rsnie_p_len = kde.rsn_ie_len;
2582
os_memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
2578
memcpy(peerkey->pnonce, kde.nonce, WPA_NONCE_LEN);
2583
2579
2584
2580
cipher = ie.pairwise_cipher & ssid->pairwise_cipher;
2585
2581
if (cipher & WPA_CIPHER_CCMP) {
2602
2598
wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator "
2603
2599
MACSTR ")", MAC2STR(kde.mac_addr));
2604
2600
2605
if (os_memcmp(kde.smk + PMK_LEN, peerkey->pnonce,
2606
WPA_NONCE_LEN) != 0) {
2601
if (memcmp(kde.smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN)
2602
!= 0) {
2607
2603
wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
2608
2604
"match with the one used in SMK M3");
2609
2605
return -1;
2610
2606
}
2611
2607
2612
if (os_memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0)
2613
{
2608
if (memcmp(kde.nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
2614
2609
wpa_printf(MSG_INFO, "RSN: INonce in SMK M5 did not "
2615
2610
"match with the one received in SMK M2");
2616
2611
return -1;
2617
2612
}
2618
2613
}
2619
2614
2620
os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
2615
memcpy(peerkey->smk, kde.smk, PMK_LEN);
2621
2616
peerkey->smk_complete = 1;
2622
2617
wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
2623
2618
lifetime = WPA_GET_BE32(kde.lifetime);
2674
2669
}
2675
2670
2676
2671
if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
2677
os_memcpy(peer, kde.mac_addr, ETH_ALEN);
2678
os_memcpy(&error, kde.error, sizeof(error));
2672
memcpy(peer, kde.mac_addr, ETH_ALEN);
2673
memcpy(&error, kde.error, sizeof(error));
2679
2674
error_type = be_to_host16(error.error_type);
2680
2675
wpa_msg(sm->ctx->ctx, MSG_INFO,
2681
2676
"RSN: SMK Error KDE received: MUI %d error_type %d peer "
2689
2684
struct wpa_peerkey *peerkey;
2690
2685
2691
2686
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
2692
if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
2693
0)
2687
if (memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0)
2694
2688
break;
2695
2689
}
2696
2690
if (peerkey == NULL) {
2720
2714
wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
2721
2715
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2722
2716
2723
os_memset(&ie, 0, sizeof(ie));
2717
memset(&ie, 0, sizeof(ie));
2724
2718
2725
2719
/* RSN: msg 1/4 should contain SMKID for the selected SMK */
2726
2720
kde = (const u8 *) (key + 1);
2730
2724
wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
2731
2725
return;
2732
2726
}
2733
if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2727
if (memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2734
2728
wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
2735
2729
ie.pmkid, PMKID_LEN);
2736
2730
return;
2752
2746
peerkey->pnonce, key->key_nonce,
2753
2747
(u8 *) stk, sizeof(*stk));
2754
2748
/* Supplicant: swap tx/rx Mic keys */
2755
os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
2756
os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
2757
os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
2749
memcpy(buf, stk->u.auth.tx_mic_key, 8);
2750
memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
2751
memcpy(stk->u.auth.rx_mic_key, buf, 8);
2758
2752
peerkey->tstk_set = 1;
2759
2753
2760
2754
kde_buf_len = peerkey->rsnie_p_len +
2761
2755
2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
2762
2756
2 + RSN_SELECTOR_LEN + PMKID_LEN;
2763
kde_buf = os_malloc(kde_buf_len);
2757
kde_buf = malloc(kde_buf_len);
2764
2758
if (kde_buf == NULL)
2765
2759
return;
2766
2760
pos = kde_buf;
2773
2767
if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
2774
2768
peerkey->pnonce, kde_buf, kde_buf_len,
2775
2769
stk)) {
2776
os_free(kde_buf);
2770
free(kde_buf);
2777
2771
return;
2778
2772
}
2779
os_free(kde_buf);
2773
free(kde_buf);
2780
2774
2781
os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2775
memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
2782
2776
}
2783
2777
2784
2778
2826
2820
wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
2827
2821
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2828
2822
2829
os_memset(&kde, 0, sizeof(kde));
2823
memset(&kde, 0, sizeof(kde));
2830
2824
2831
2825
/* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
2832
2826
* from the peer. It may also include Lifetime KDE. */
2839
2833
return;
2840
2834
}
2841
2835
2842
if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2836
if (memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
2843
2837
wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
2844
2838
kde.pmkid, PMKID_LEN);
2845
2839
return;
2846
2840
}
2847
2841
2848
2842
if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
2849
os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
2843
memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
2850
2844
wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
2851
2845
"handshakes did not match");
2852
2846
wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
2859
2853
wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
2860
2854
2861
2855
wpa_supplicant_send_stk_3_of_4(sm, peerkey);
2862
os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
2856
memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
2863
2857
}
2864
2858
2865
2859
2877
2871
wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
2878
2872
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2879
2873
2880
os_memset(&kde, 0, sizeof(kde));
2874
memset(&kde, 0, sizeof(kde));
2881
2875
2882
2876
/* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
2883
2877
* Lifetime KDE. */
2891
2885
}
2892
2886
2893
2887
if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
2894
os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
2888
memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
2895
2889
wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
2896
2890
"handshakes did not match");
2897
2891
wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
2903
2897
return;
2904
2898
}
2905
2899
2906
if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2900
if (memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2907
2901
wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
2908
2902
"4-Way Handshake differs from 3 of STK 4-Way "
2909
2903
"Handshake - drop packet (src=" MACSTR ")",
2921
2915
_key = (u8 *) peerkey->stk.tk1;
2922
2916
if (peerkey->cipher == WPA_CIPHER_TKIP) {
2923
2917
/* Swap Tx/Rx keys for Michael MIC */
2924
os_memcpy(key_buf, _key, 16);
2925
os_memcpy(key_buf + 16, _key + 24, 8);
2926
os_memcpy(key_buf + 24, _key + 16, 8);
2918
memcpy(key_buf, _key, 16);
2919
memcpy(key_buf + 16, _key + 24, 8);
2920
memcpy(key_buf + 24, _key + 16, 8);
2927
2921
_key = key_buf;
2928
2922
key_len = 32;
2929
2923
} else
2930
2924
key_len = 16;
2931
2925
2932
os_memset(rsc, 0, 6);
2926
memset(rsc, 0, 6);
2933
2927
if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
2934
2928
rsc, sizeof(rsc), _key, key_len) < 0) {
2935
2929
wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
2949
2943
wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
2950
2944
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
2951
2945
2952
os_memset(rsc, 0, 6);
2946
memset(rsc, 0, 6);
2953
2947
if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
2954
2948
rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
2955
2949
peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
2962
2956
2963
2957
2964
2958
static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
2959
const unsigned char *src_addr,
2960
const struct wpa_eapol_key *key,
2965
2961
const u8 *keydata,
2966
2962
size_t keydatalen,
2967
2963
u16 key_info,
2976
2972
wpa_printf(MSG_WARNING, "WPA: GTK IE in unencrypted key data");
2977
2973
return -1;
2978
2974
}
2975
if (ie.stakey) {
2976
#ifdef CONFIG_STAKEY
2977
if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2978
wpa_printf(MSG_WARNING, "WPA: STAKey KDE in "
2979
"unencrypted key data");
2980
return -1;
2981
}
2982
2983
wpa_supplicant_process_stakey_1_of_2(sm, src_addr, key,
2984
key_info, ie.stakey,
2985
ie.stakey_len);
2986
#endif /* CONFIG_STAKEY */
2987
/* Abort GTK processing since this was a STAKey message. */
2988
return 1;
2989
}
2979
2990
if (ie.gtk == NULL) {
2980
2991
wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key msg 1/2");
2981
2992
return -1;
2997
3008
"(len=%lu)", (unsigned long) ie.gtk_len - 2);
2998
3009
return -1;
2999
3010
}
3000
os_memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
3001
3002
if (ieee80211w_set_keys(sm, &ie) < 0)
3003
wpa_printf(MSG_INFO, "RSN: Failed to configure DHV/IGTK");
3011
memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
3004
3012
3005
3013
return 0;
3006
3014
}
3041
3049
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3042
3050
WPA_KEY_INFO_KEY_INDEX_SHIFT;
3043
3051
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3044
os_memcpy(ek, key->key_iv, 16);
3045
os_memcpy(ek + 16, sm->ptk.kek, 16);
3052
memcpy(ek, key->key_iv, 16);
3053
memcpy(ek + 16, sm->ptk.kek, 16);
3046
3054
if (keydatalen > sizeof(gd->gtk)) {
3047
3055
wpa_printf(MSG_WARNING, "WPA: RC4 key data "
3048
3056
"too long (%lu)",
3049
3057
(unsigned long) keydatalen);
3050
3058
return -1;
3051
3059
}
3052
os_memcpy(gd->gtk, key + 1, keydatalen);
3060
memcpy(gd->gtk, key + 1, keydatalen);
3053
3061
rc4_skip(ek, 32, 256, gd->gtk, keydatalen);
3054
3062
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3055
3063
if (keydatalen % 8) {
3098
3106
if (sm->proto == WPA_PROTO_RSN)
3099
3107
WPA_PUT_BE16(reply->key_length, 0);
3100
3108
else
3101
os_memcpy(reply->key_length, key->key_length, 2);
3102
os_memcpy(reply->replay_counter, key->replay_counter,
3103
WPA_REPLAY_COUNTER_LEN);
3109
memcpy(reply->key_length, key->key_length, 2);
3110
memcpy(reply->replay_counter, key->replay_counter,
3111
WPA_REPLAY_COUNTER_LEN);
3104
3112
3105
3113
WPA_PUT_BE16(reply->key_data_length, 0);
3106
3114
3121
3129
int rekey, ret;
3122
3130
struct wpa_gtk_data gd;
3123
3131
3124
os_memset(&gd, 0, sizeof(gd));
3132
memset(&gd, 0, sizeof(gd));
3125
3133
3126
3134
rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
3127
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
3128
MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
3135
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key or STAKey "
3136
"Handshake from " MACSTR " (ver=%d)",
3137
MAC2STR(src_addr), ver);
3129
3138
3130
3139
key_info = WPA_GET_BE16(key->key_info);
3131
3140
keydatalen = WPA_GET_BE16(key->key_data_length);
3132
3141
3133
3142
if (sm->proto == WPA_PROTO_RSN) {
3134
ret = wpa_supplicant_process_1_of_2_rsn(sm,
3143
ret = wpa_supplicant_process_1_of_2_rsn(sm, src_addr, key,
3135
3144
(const u8 *) (key + 1),
3136
3145
keydatalen, key_info,
3137
3146
&gd);
3141
3150
ver, &gd);
3142
3151
}
3143
3152
3153
if (ret == 1) {
3154
/* STAKey handshake - abort Group Key processing */
3155
return;
3156
}
3157
3144
3158
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3145
3159
3146
3160
if (ret)
3171
3185
u8 mic[16];
3172
3186
int ok = 0;
3173
3187
3174
os_memcpy(mic, key->key_mic, 16);
3188
memcpy(mic, key->key_mic, 16);
3175
3189
if (sm->tptk_set) {
3176
os_memset(key->key_mic, 0, 16);
3190
memset(key->key_mic, 0, 16);
3177
3191
wpa_eapol_key_mic(sm->tptk.kck, ver, buf, len,
3178
3192
key->key_mic);
3179
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3193
if (memcmp(mic, key->key_mic, 16) != 0) {
3180
3194
wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3181
3195
"when using TPTK - ignoring TPTK");
3182
3196
} else {
3183
3197
ok = 1;
3184
3198
sm->tptk_set = 0;
3185
3199
sm->ptk_set = 1;
3186
os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3200
memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3187
3201
}
3188
3202
}
3189
3203
3190
3204
if (!ok && sm->ptk_set) {
3191
os_memset(key->key_mic, 0, 16);
3205
memset(key->key_mic, 0, 16);
3192
3206
wpa_eapol_key_mic(sm->ptk.kck, ver, buf, len,
3193
3207
key->key_mic);
3194
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3208
if (memcmp(mic, key->key_mic, 16) != 0) {
3195
3209
wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC "
3196
3210
"- dropping packet");
3197
3211
return -1;
3205
3219
return -1;
3206
3220
}
3207
3221
3208
os_memcpy(sm->rx_replay_counter, key->replay_counter,
3209
WPA_REPLAY_COUNTER_LEN);
3222
memcpy(sm->rx_replay_counter, key->replay_counter,
3223
WPA_REPLAY_COUNTER_LEN);
3210
3224
sm->rx_replay_counter_set = 1;
3211
3225
return 0;
3212
3226
}
3228
3242
peerkey->stk_set = 1;
3229
3243
}
3230
3244
3231
os_memcpy(mic, key->key_mic, 16);
3245
memcpy(mic, key->key_mic, 16);
3232
3246
if (peerkey->tstk_set) {
3233
os_memset(key->key_mic, 0, 16);
3247
memset(key->key_mic, 0, 16);
3234
3248
wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
3235
3249
key->key_mic);
3236
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3250
if (memcmp(mic, key->key_mic, 16) != 0) {
3237
3251
wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3238
3252
"when using TSTK - ignoring TSTK");
3239
3253
} else {
3240
3254
ok = 1;
3241
3255
peerkey->tstk_set = 0;
3242
3256
peerkey->stk_set = 1;
3243
os_memcpy(&peerkey->stk, &peerkey->tstk,
3244
sizeof(peerkey->stk));
3257
memcpy(&peerkey->stk, &peerkey->tstk,
3258
sizeof(peerkey->stk));
3245
3259
}
3246
3260
}
3247
3261
3248
3262
if (!ok && peerkey->stk_set) {
3249
os_memset(key->key_mic, 0, 16);
3263
memset(key->key_mic, 0, 16);
3250
3264
wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
3251
3265
key->key_mic);
3252
if (os_memcmp(mic, key->key_mic, 16) != 0) {
3266
if (memcmp(mic, key->key_mic, 16) != 0) {
3253
3267
wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
3254
3268
"- dropping packet");
3255
3269
return -1;
3263
3277
return -1;
3264
3278
}
3265
3279
3266
os_memcpy(peerkey->replay_counter, key->replay_counter,
3267
WPA_REPLAY_COUNTER_LEN);
3280
memcpy(peerkey->replay_counter, key->replay_counter,
3281
WPA_REPLAY_COUNTER_LEN);
3268
3282
peerkey->replay_counter_set = 1;
3269
3283
return 0;
3270
3284
}
3289
3303
* to be implemented separately for each message type. */
3290
3304
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
3291
3305
u8 ek[32];
3292
os_memcpy(ek, key->key_iv, 16);
3293
os_memcpy(ek + 16, sm->ptk.kek, 16);
3306
memcpy(ek, key->key_iv, 16);
3307
memcpy(ek + 16, sm->ptk.kek, 16);
3294
3308
rc4_skip(ek, 32, 256, (u8 *) (key + 1), keydatalen);
3295
3309
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3296
3310
u8 *buf;
3300
3314
return -1;
3301
3315
}
3302
3316
keydatalen -= 8; /* AES-WRAP adds 8 bytes */
3303
buf = os_malloc(keydatalen);
3317
buf = malloc(keydatalen);
3304
3318
if (buf == NULL) {
3305
3319
wpa_printf(MSG_WARNING, "WPA: No memory for "
3306
3320
"AES-UNWRAP buffer");
3308
3322
}
3309
3323
if (aes_unwrap(sm->ptk.kek, keydatalen / 8,
3310
3324
(u8 *) (key + 1), buf)) {
3311
os_free(buf);
3325
free(buf);
3312
3326
wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - "
3313
3327
"could not decrypt EAPOL-Key key data");
3314
3328
return -1;
3315
3329
}
3316
os_memcpy(key + 1, buf, keydatalen);
3317
os_free(buf);
3330
memcpy(key + 1, buf, keydatalen);
3331
free(buf);
3318
3332
WPA_PUT_BE16(key->key_data_length, keydatalen);
3319
3333
}
3320
3334
wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
3405
3419
return 0;
3406
3420
}
3407
3421
3408
tmp = os_malloc(len);
3422
tmp = malloc(len);
3409
3423
if (tmp == NULL)
3410
3424
return -1;
3411
os_memcpy(tmp, buf, len);
3425
memcpy(tmp, buf, len);
3412
3426
3413
3427
hdr = (struct ieee802_1x_hdr *) tmp;
3414
3428
key = (struct wpa_eapol_key *) (hdr + 1);
3477
3491
3478
3492
#ifdef CONFIG_PEERKEY
3479
3493
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
3480
if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3494
if (memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
3481
3495
break;
3482
3496
}
3483
3497
3484
3498
if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
3485
3499
if (!peerkey->initiator && peerkey->replay_counter_set &&
3486
os_memcmp(key->replay_counter, peerkey->replay_counter,
3487
WPA_REPLAY_COUNTER_LEN) <= 0) {
3500
memcmp(key->replay_counter, peerkey->replay_counter,
3501
WPA_REPLAY_COUNTER_LEN) <= 0) {
3488
3502
wpa_printf(MSG_WARNING, "RSN: EAPOL-Key Replay "
3489
3503
"Counter did not increase (STK) - dropping "
3490
3504
"packet");
3491
3505
goto out;
3492
3506
} else if (peerkey->initiator) {
3493
u8 _tmp[WPA_REPLAY_COUNTER_LEN];
3494
os_memcpy(_tmp, key->replay_counter,
3495
WPA_REPLAY_COUNTER_LEN);
3496
inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
3497
if (os_memcmp(_tmp, peerkey->replay_counter,
3498
WPA_REPLAY_COUNTER_LEN) != 0) {
3507
u8 tmp[WPA_REPLAY_COUNTER_LEN];
3508
memcpy(tmp, key->replay_counter,
3509
WPA_REPLAY_COUNTER_LEN);
3510
inc_byte_array(tmp, WPA_REPLAY_COUNTER_LEN);
3511
if (memcmp(tmp, peerkey->replay_counter,
3512
WPA_REPLAY_COUNTER_LEN) != 0) {
3499
3513
wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key Replay "
3500
3514
"Counter did not match (STK) - "
3501
3515
"dropping packet");
3511
3525
#endif /* CONFIG_PEERKEY */
3512
3526
3513
3527
if (!peerkey && sm->rx_replay_counter_set &&
3514
os_memcmp(key->replay_counter, sm->rx_replay_counter,
3515
WPA_REPLAY_COUNTER_LEN) <= 0) {
3528
memcmp(key->replay_counter, sm->rx_replay_counter,
3529
WPA_REPLAY_COUNTER_LEN) <= 0) {
3516
3530
wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not"
3517
3531
" increase - dropping packet");
3518
3532
goto out;
3628
3642
ret = 1;
3629
3643
3630
3644
out:
3631
os_free(tmp);
3645
free(tmp);
3632
3646
return ret;
3633
3647
}
3634
3648
3727
3741
else
3728
3742
rsna = 0;
3729
3743
3730
ret = os_snprintf(buf, buflen,
3731
"dot11RSNAOptionImplemented=TRUE\n"
3732
"dot11RSNAPreauthenticationImplemented=TRUE\n"
3733
"dot11RSNAEnabled=%s\n"
3734
"dot11RSNAPreauthenticationEnabled=%s\n"
3735
"dot11RSNAConfigVersion=%d\n"
3736
"dot11RSNAConfigPairwiseKeysSupported=5\n"
3737
"dot11RSNAConfigGroupCipherSize=%d\n"
3738
"dot11RSNAConfigPMKLifetime=%d\n"
3739
"dot11RSNAConfigPMKReauthThreshold=%d\n"
3740
"dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
3741
"dot11RSNAConfigSATimeout=%d\n",
3742
rsna ? "TRUE" : "FALSE",
3743
rsna ? "TRUE" : "FALSE",
3744
RSN_VERSION,
3745
wpa_cipher_bits(sm->group_cipher),
3746
sm->dot11RSNAConfigPMKLifetime,
3747
sm->dot11RSNAConfigPMKReauthThreshold,
3748
sm->dot11RSNAConfigSATimeout);
3744
ret = snprintf(buf, buflen,
3745
"dot11RSNAOptionImplemented=TRUE\n"
3746
"dot11RSNAPreauthenticationImplemented=TRUE\n"
3747
"dot11RSNAEnabled=%s\n"
3748
"dot11RSNAPreauthenticationEnabled=%s\n"
3749
"dot11RSNAConfigVersion=%d\n"
3750
"dot11RSNAConfigPairwiseKeysSupported=5\n"
3751
"dot11RSNAConfigGroupCipherSize=%d\n"
3752
"dot11RSNAConfigPMKLifetime=%d\n"
3753
"dot11RSNAConfigPMKReauthThreshold=%d\n"
3754
"dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
3755
"dot11RSNAConfigSATimeout=%d\n",
3756
rsna ? "TRUE" : "FALSE",
3757
rsna ? "TRUE" : "FALSE",
3758
RSN_VERSION,
3759
wpa_cipher_bits(sm->group_cipher),
3760
sm->dot11RSNAConfigPMKLifetime,
3761
sm->dot11RSNAConfigPMKReauthThreshold,
3762
sm->dot11RSNAConfigSATimeout);
3749
3763
if (ret < 0 || (size_t) ret >= buflen)
3750
3764
return 0;
3751
3765
len = ret;
3752
3766
3753
ret = os_snprintf(
3754
buf + len, buflen - len,
3755
"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3756
"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3757
"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3758
"dot11RSNAPMKIDUsed=%s\n"
3759
"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3760
"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3761
"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3762
"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
3763
"dot11RSNA4WayHandshakeFailures=%u\n",
3764
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3765
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3766
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3767
pmkid_txt,
3768
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3769
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->pairwise_cipher)),
3770
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3771
sm->dot11RSNA4WayHandshakeFailures);
3767
ret = snprintf(buf + len, buflen - len,
3768
"dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3769
"dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3770
"dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3771
"dot11RSNAPMKIDUsed=%s\n"
3772
"dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
3773
"dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
3774
"dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
3775
"dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
3776
"dot11RSNA4WayHandshakeFailures=%u\n",
3777
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3778
RSN_SUITE_ARG(wpa_cipher_suite(sm,
3779
sm->pairwise_cipher)),
3780
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3781
pmkid_txt,
3782
RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
3783
RSN_SUITE_ARG(wpa_cipher_suite(sm,
3784
sm->pairwise_cipher)),
3785
RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3786
sm->dot11RSNA4WayHandshakeFailures);
3772
3787
if (ret >= 0 && (size_t) ret < buflen)
3773
3788
len += ret;
3774
3789
3784
3799
3785
3800
if (sm->cur_pmksa == entry ||
3786
3801
(sm->pmk_len == entry->pmk_len &&
3787
os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
3802
memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
3788
3803
wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
3789
3804
sm->cur_pmksa = NULL;
3790
3805
3796
3811
return;
3797
3812
}
3798
3813
3799
os_memset(sm->pmk, 0, sizeof(sm->pmk));
3814
memset(sm->pmk, 0, sizeof(sm->pmk));
3800
3815
wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED);
3801
3816
wpa_sm_req_scan(sm, 0, 0);
3802
3817
}
3815
3830
{
3816
3831
struct wpa_sm *sm;
3817
3832
3818
sm = os_zalloc(sizeof(*sm));
3833
sm = wpa_zalloc(sizeof(*sm));
3819
3834
if (sm == NULL)
3820
3835
return NULL;
3821
3836
sm->renew_snonce = 1;
3829
3844
if (sm->pmksa == NULL) {
3830
3845
wpa_printf(MSG_ERROR, "RSN: PMKSA cache initialization "
3831
3846
"failed");
3832
os_free(sm);
3847
free(sm);
3833
3848
return NULL;
3834
3849
}
3835
3850
3847
3862
return;
3848
3863
pmksa_cache_deinit(sm->pmksa);
3849
3864
eloop_cancel_timeout(wpa_sm_start_preauth, sm, 0);
3850
os_free(sm->assoc_wpa_ie);
3851
os_free(sm->ap_wpa_ie);
3852
os_free(sm->ap_rsn_ie);
3853
os_free(sm->ctx);
3865
free(sm->assoc_wpa_ie);
3866
free(sm->ap_wpa_ie);
3867
free(sm->ap_rsn_ie);
3868
free(sm->ctx);
3854
3869
#ifdef CONFIG_PEERKEY
3855
3870
{
3856
3871
struct wpa_peerkey *prev, *peerkey = sm->peerkey;
3857
3872
while (peerkey) {
3858
3873
prev = peerkey;
3859
3874
peerkey = peerkey->next;
3860
os_free(prev);
3875
free(prev);
3861
3876
}
3862
3877
}
3863
3878
#endif /* CONFIG_PEERKEY */
3864
os_free(sm);
3879
free(sm);
3865
3880
}
3866
3881
3867
3882
3879
3894
return;
3880
3895
3881
3896
wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
3882
os_memcpy(sm->bssid, bssid, ETH_ALEN);
3883
os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
3897
memcpy(sm->bssid, bssid, ETH_ALEN);
3898
memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
3884
3899
sm->rx_replay_counter_set = 0;
3885
3900
sm->renew_snonce = 1;
3886
if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
3901
if (memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
3887
3902
rsn_preauth_deinit(sm);
3888
3903
}
3889
3904
3917
3932
return;
3918
3933
3919
3934
sm->pmk_len = pmk_len;
3920
os_memcpy(sm->pmk, pmk, pmk_len);
3935
memcpy(sm->pmk, pmk, pmk_len);
3921
3936
}
3922
3937
3923
3938
3935
3950
3936
3951
if (sm->cur_pmksa) {
3937
3952
sm->pmk_len = sm->cur_pmksa->pmk_len;
3938
os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
3953
memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
3939
3954
} else {
3940
3955
sm->pmk_len = PMK_LEN;
3941
os_memset(sm->pmk, 0, PMK_LEN);
3956
memset(sm->pmk, 0, PMK_LEN);
3942
3957
}
3943
3958
}
3944
3959
3996
4011
void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
3997
4012
{
3998
4013
if (sm)
3999
os_memcpy(sm->own_addr, addr, ETH_ALEN);
4014
memcpy(sm->own_addr, addr, ETH_ALEN);
4000
4015
}
4001
4016
4002
4017
4074
4089
case WPA_PARAM_KEY_MGMT:
4075
4090
sm->key_mgmt = value;
4076
4091
break;
4077
#ifdef CONFIG_IEEE80211W
4078
case WPA_PARAM_MGMT_GROUP:
4079
sm->mgmt_group_cipher = value;
4080
break;
4081
#endif /* CONFIG_IEEE80211W */
4082
default:
4083
break;
4084
4092
}
4085
4093
4086
4094
return ret;
4113
4121
return sm->group_cipher;
4114
4122
case WPA_PARAM_KEY_MGMT:
4115
4123
return sm->key_mgmt;
4116
#ifdef CONFIG_IEEE80211W
4117
case WPA_PARAM_MGMT_GROUP:
4118
return sm->mgmt_group_cipher;
4119
#endif /* CONFIG_IEEE80211W */
4120
4124
default:
4121
4125
return 0;
4122
4126
}
4141
4145
char *pos = buf, *end = buf + buflen;
4142
4146
int ret;
4143
4147
4144
ret = os_snprintf(pos, end - pos,
4145
"pairwise_cipher=%s\n"
4146
"group_cipher=%s\n"
4147
"key_mgmt=%s\n",
4148
wpa_cipher_txt(sm->pairwise_cipher),
4149
wpa_cipher_txt(sm->group_cipher),
4150
wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4148
ret = snprintf(pos, end - pos,
4149
"pairwise_cipher=%s\n"
4150
"group_cipher=%s\n"
4151
"key_mgmt=%s\n",
4152
wpa_cipher_txt(sm->pairwise_cipher),
4153
wpa_cipher_txt(sm->group_cipher),
4154
wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
4151
4155
if (ret < 0 || ret >= end - pos)
4152
4156
return pos - buf;
4153
4157
pos += ret;
4188
4192
* the correct version of the IE even if PMKSA caching is
4189
4193
* aborted (which would remove PMKID from IE generation).
4190
4194
*/
4191
sm->assoc_wpa_ie = os_malloc(*wpa_ie_len);
4195
sm->assoc_wpa_ie = malloc(*wpa_ie_len);
4192
4196
if (sm->assoc_wpa_ie == NULL)
4193
4197
return -1;
4194
4198
4195
os_memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
4199
memcpy(sm->assoc_wpa_ie, wpa_ie, *wpa_ie_len);
4196
4200
sm->assoc_wpa_ie_len = *wpa_ie_len;
4197
4201
}
4198
4202
4216
4220
if (sm == NULL)
4217
4221
return -1;
4218
4222
4219
os_free(sm->assoc_wpa_ie);
4223
free(sm->assoc_wpa_ie);
4220
4224
if (ie == NULL || len == 0) {
4221
4225
wpa_printf(MSG_DEBUG, "WPA: clearing own WPA/RSN IE");
4222
4226
sm->assoc_wpa_ie = NULL;
4223
4227
sm->assoc_wpa_ie_len = 0;
4224
4228
} else {
4225
4229
wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
4226
sm->assoc_wpa_ie = os_malloc(len);
4230
sm->assoc_wpa_ie = malloc(len);
4227
4231
if (sm->assoc_wpa_ie == NULL)
4228
4232
return -1;
4229
4233
4230
os_memcpy(sm->assoc_wpa_ie, ie, len);
4234
memcpy(sm->assoc_wpa_ie, ie, len);
4231
4235
sm->assoc_wpa_ie_len = len;
4232
4236
}
4233
4237
4250
4254
if (sm == NULL)
4251
4255
return -1;
4252
4256
4253
os_free(sm->ap_wpa_ie);
4257
free(sm->ap_wpa_ie);
4254
4258
if (ie == NULL || len == 0) {
4255
4259
wpa_printf(MSG_DEBUG, "WPA: clearing AP WPA IE");
4256
4260
sm->ap_wpa_ie = NULL;
4257
4261
sm->ap_wpa_ie_len = 0;
4258
4262
} else {
4259
4263
wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
4260
sm->ap_wpa_ie = os_malloc(len);
4264
sm->ap_wpa_ie = malloc(len);
4261
4265
if (sm->ap_wpa_ie == NULL)
4262
4266
return -1;
4263
4267
4264
os_memcpy(sm->ap_wpa_ie, ie, len);
4268
memcpy(sm->ap_wpa_ie, ie, len);
4265
4269
sm->ap_wpa_ie_len = len;
4266
4270
}
4267
4271
4284
4288
if (sm == NULL)
4285
4289
return -1;
4286
4290
4287
os_free(sm->ap_rsn_ie);
4291
free(sm->ap_rsn_ie);
4288
4292
if (ie == NULL || len == 0) {
4289
4293
wpa_printf(MSG_DEBUG, "WPA: clearing AP RSN IE");
4290
4294
sm->ap_rsn_ie = NULL;
4291
4295
sm->ap_rsn_ie_len = 0;
4292
4296
} else {
4293
4297
wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
4294
sm->ap_rsn_ie = os_malloc(len);
4298
sm->ap_rsn_ie = malloc(len);
4295
4299
if (sm->ap_rsn_ie == NULL)
4296
4300
return -1;
4297
4301
4298
os_memcpy(sm->ap_rsn_ie, ie, len);
4302
memcpy(sm->ap_rsn_ie, ie, len);
4299
4303
sm->ap_rsn_ie_len = len;
4300
4304
}
4301
4305
Loggerhead is a web-based interface for Breezy
Version: 2.0.1