1 /*
2 * WPA Supplicant - WPA state machine and EAPOL-Key processing
3 * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
4 * Copyright(c) 2015 Intel Deutschland GmbH
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "includes.h"
11
12 #include "common.h"
13 #include "crypto/aes.h"
14 #include "crypto/aes_wrap.h"
15 #include "crypto/crypto.h"
16 #include "crypto/random.h"
17 #include "crypto/aes_siv.h"
18 #include "crypto/sha256.h"
19 #include "crypto/sha384.h"
20 #include "crypto/sha512.h"
21 #include "common/ieee802_11_defs.h"
22 #include "common/ieee802_11_common.h"
23 #include "common/ocv.h"
24 #include "common/dpp.h"
25 #include "common/wpa_ctrl.h"
26 #include "eap_common/eap_defs.h"
27 #include "eapol_supp/eapol_supp_sm.h"
28 #include "drivers/driver.h"
29 #include "wpa.h"
30 #include "eloop.h"
31 #include "preauth.h"
32 #include "pmksa_cache.h"
33 #include "wpa_i.h"
34 #include "wpa_ie.h"
35
36
37 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
38
39
_wpa_hexdump_link(int level,u8 link_id,const char * title,const void * buf,size_t len,bool key)40 static void _wpa_hexdump_link(int level, u8 link_id, const char *title,
41 const void *buf, size_t len, bool key)
42 {
43 char *link_title = NULL;
44
45 if (link_id >= MAX_NUM_MLD_LINKS)
46 goto out;
47
48 link_title = os_malloc(os_strlen(title) + 20);
49 if (!link_title)
50 goto out;
51
52 os_snprintf(link_title, os_strlen(title) + 20, "MLO link[%u]: %s",
53 link_id, title);
54
55 out:
56 if (key)
57 wpa_hexdump_key(level, link_title ? link_title : title, buf,
58 len);
59 else
60 wpa_hexdump(level, link_title ? link_title : title, buf, len);
61 os_free(link_title);
62 }
63
64
wpa_hexdump_link(int level,u8 link_id,const char * title,const void * buf,size_t len)65 static void wpa_hexdump_link(int level, u8 link_id, const char *title,
66 const void *buf, size_t len)
67 {
68 _wpa_hexdump_link(level, link_id, title, buf, len, false);
69 }
70
71
wpa_hexdump_link_key(int level,u8 link_id,const char * title,const void * buf,size_t len)72 static void wpa_hexdump_link_key(int level, u8 link_id, const char *title,
73 const void *buf, size_t len)
74 {
75 _wpa_hexdump_link(level, link_id, title, buf, len, true);
76 }
77
78
79 /**
80 * wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
81 * @sm: Pointer to WPA state machine data from wpa_sm_init()
82 * @ptk: PTK for Key Confirmation/Encryption Key
83 * @ver: Version field from Key Info
84 * @dest: Destination address for the frame
85 * @proto: Ethertype (usually ETH_P_EAPOL)
86 * @msg: EAPOL-Key message
87 * @msg_len: Length of message
88 * @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
89 * Returns: >= 0 on success, < 0 on failure
90 */
wpa_eapol_key_send(struct wpa_sm * sm,struct wpa_ptk * ptk,int ver,const u8 * dest,u16 proto,u8 * msg,size_t msg_len,u8 * key_mic)91 int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
92 int ver, const u8 *dest, u16 proto,
93 u8 *msg, size_t msg_len, u8 *key_mic)
94 {
95 int ret = -1;
96 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
97
98 wpa_printf(MSG_DEBUG, "WPA: Send EAPOL-Key frame to " MACSTR
99 " ver=%d mic_len=%d key_mgmt=0x%x",
100 MAC2STR(dest), ver, (int) mic_len, sm->key_mgmt);
101 if (is_zero_ether_addr(dest) && is_zero_ether_addr(sm->bssid)) {
102 /*
103 * Association event was not yet received; try to fetch
104 * BSSID from the driver.
105 */
106 if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
107 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
108 "WPA: Failed to read BSSID for "
109 "EAPOL-Key destination address");
110 } else {
111 dest = sm->bssid;
112 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
113 "WPA: Use BSSID (" MACSTR
114 ") as the destination for EAPOL-Key",
115 MAC2STR(dest));
116 }
117 }
118
119 if (mic_len) {
120 if (key_mic && (!ptk || !ptk->kck_len))
121 goto out;
122
123 if (key_mic &&
124 wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver,
125 msg, msg_len, key_mic)) {
126 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
127 "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
128 ver, sm->key_mgmt);
129 goto out;
130 }
131 if (ptk)
132 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK",
133 ptk->kck, ptk->kck_len);
134 wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC",
135 key_mic, mic_len);
136 } else {
137 #ifdef CONFIG_FILS
138 /* AEAD cipher - Key MIC field not used */
139 struct ieee802_1x_hdr *s_hdr, *hdr;
140 struct wpa_eapol_key *s_key, *key;
141 u8 *buf, *s_key_data, *key_data;
142 size_t buf_len = msg_len + AES_BLOCK_SIZE;
143 size_t key_data_len;
144 u16 eapol_len;
145 const u8 *aad[1];
146 size_t aad_len[1];
147
148 if (!ptk || !ptk->kek_len)
149 goto out;
150
151 key_data_len = msg_len - sizeof(struct ieee802_1x_hdr) -
152 sizeof(struct wpa_eapol_key) - 2;
153
154 buf = os_malloc(buf_len);
155 if (!buf)
156 goto out;
157
158 os_memcpy(buf, msg, msg_len);
159 hdr = (struct ieee802_1x_hdr *) buf;
160 key = (struct wpa_eapol_key *) (hdr + 1);
161 key_data = ((u8 *) (key + 1)) + 2;
162
163 /* Update EAPOL header to include AES-SIV overhead */
164 eapol_len = be_to_host16(hdr->length);
165 eapol_len += AES_BLOCK_SIZE;
166 hdr->length = host_to_be16(eapol_len);
167
168 /* Update Key Data Length field to include AES-SIV overhead */
169 WPA_PUT_BE16((u8 *) (key + 1), AES_BLOCK_SIZE + key_data_len);
170
171 s_hdr = (struct ieee802_1x_hdr *) msg;
172 s_key = (struct wpa_eapol_key *) (s_hdr + 1);
173 s_key_data = ((u8 *) (s_key + 1)) + 2;
174
175 wpa_hexdump_key(MSG_DEBUG, "WPA: Plaintext Key Data",
176 s_key_data, key_data_len);
177
178 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK", ptk->kek, ptk->kek_len);
179 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
180 * to Key Data (exclusive). */
181 aad[0] = buf;
182 aad_len[0] = key_data - buf;
183 if (aes_siv_encrypt(ptk->kek, ptk->kek_len,
184 s_key_data, key_data_len,
185 1, aad, aad_len, key_data) < 0) {
186 os_free(buf);
187 goto out;
188 }
189
190 wpa_hexdump(MSG_DEBUG, "WPA: Encrypted Key Data from SIV",
191 key_data, AES_BLOCK_SIZE + key_data_len);
192
193 os_free(msg);
194 msg = buf;
195 msg_len = buf_len;
196 #else /* CONFIG_FILS */
197 goto out;
198 #endif /* CONFIG_FILS */
199 }
200
201 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
202 ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
203 eapol_sm_notify_tx_eapol_key(sm->eapol);
204 out:
205 os_free(msg);
206 return ret;
207 }
208
209
210 /**
211 * wpa_sm_key_request - Send EAPOL-Key Request
212 * @sm: Pointer to WPA state machine data from wpa_sm_init()
213 * @error: Indicate whether this is an Michael MIC error report
214 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
215 *
216 * Send an EAPOL-Key Request to the current authenticator. This function is
217 * used to request rekeying and it is usually called when a local Michael MIC
218 * failure is detected.
219 */
wpa_sm_key_request(struct wpa_sm * sm,int error,int pairwise)220 void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
221 {
222 size_t mic_len, hdrlen, rlen;
223 struct wpa_eapol_key *reply;
224 int key_info, ver;
225 u8 *rbuf, *key_mic, *mic;
226
227 if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
228 wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
229 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
230 "WPA: PTK0 rekey not allowed, reconnecting");
231 wpa_sm_reconnect(sm);
232 return;
233 }
234
235 if (!sm->ptk_set) {
236 wpa_printf(MSG_INFO,
237 "WPA: No PTK derived yet - cannot send EAPOL-Key Request");
238 return;
239 }
240
241 if (wpa_use_akm_defined(sm->key_mgmt))
242 ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
243 else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
244 wpa_key_mgmt_sha256(sm->key_mgmt))
245 ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
246 else if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
247 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
248 else
249 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
250
251 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
252 hdrlen = sizeof(*reply) + mic_len + 2;
253 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
254 hdrlen, &rlen, (void *) &reply);
255 if (rbuf == NULL)
256 return;
257
258 reply->type = (sm->proto == WPA_PROTO_RSN) ?
259 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
260 key_info = WPA_KEY_INFO_REQUEST | ver;
261 key_info |= WPA_KEY_INFO_SECURE;
262 if (mic_len)
263 key_info |= WPA_KEY_INFO_MIC;
264 else
265 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
266 if (error)
267 key_info |= WPA_KEY_INFO_ERROR;
268 if (pairwise)
269 key_info |= WPA_KEY_INFO_KEY_TYPE;
270 WPA_PUT_BE16(reply->key_info, key_info);
271 WPA_PUT_BE16(reply->key_length, 0);
272 os_memcpy(reply->replay_counter, sm->request_counter,
273 WPA_REPLAY_COUNTER_LEN);
274 inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
275
276 mic = (u8 *) (reply + 1);
277 WPA_PUT_BE16(mic + mic_len, 0);
278 if (!(key_info & WPA_KEY_INFO_MIC))
279 key_mic = NULL;
280 else
281 key_mic = mic;
282
283 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
284 "WPA: Sending EAPOL-Key Request (error=%d "
285 "pairwise=%d ptk_set=%d len=%lu)",
286 error, pairwise, sm->ptk_set, (unsigned long) rlen);
287 wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm),
288 ETH_P_EAPOL, rbuf, rlen, key_mic);
289 }
290
291
wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm * sm)292 static void wpa_supplicant_key_mgmt_set_pmk(struct wpa_sm *sm)
293 {
294 #ifdef CONFIG_IEEE80211R
295 if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
296 if (wpa_sm_key_mgmt_set_pmk(sm, sm->xxkey, sm->xxkey_len))
297 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
298 "RSN: Cannot set low order 256 bits of MSK for key management offload");
299 } else {
300 #endif /* CONFIG_IEEE80211R */
301 if (wpa_sm_key_mgmt_set_pmk(sm, sm->pmk, sm->pmk_len))
302 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
303 "RSN: Cannot set PMK for key management offload");
304 #ifdef CONFIG_IEEE80211R
305 }
306 #endif /* CONFIG_IEEE80211R */
307 }
308
309
wpa_supplicant_get_pmk(struct wpa_sm * sm,const unsigned char * src_addr,const u8 * pmkid)310 static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
311 const unsigned char *src_addr,
312 const u8 *pmkid)
313 {
314 int abort_cached = 0;
315
316 if (pmkid && !sm->cur_pmksa) {
317 /* When using drivers that generate RSN IE, wpa_supplicant may
318 * not have enough time to get the association information
319 * event before receiving this 1/4 message, so try to find a
320 * matching PMKSA cache entry here. */
321 sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr,
322 sm->own_addr, pmkid,
323 NULL, 0);
324 if (sm->cur_pmksa) {
325 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
326 "RSN: found matching PMKID from PMKSA cache");
327 } else {
328 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
329 "RSN: no matching PMKID found");
330 abort_cached = 1;
331 }
332 }
333
334 if (pmkid && sm->cur_pmksa &&
335 os_memcmp_const(pmkid, sm->cur_pmksa->pmkid, PMKID_LEN) == 0) {
336 wpa_hexdump(MSG_DEBUG, "RSN: matched PMKID", pmkid, PMKID_LEN);
337 wpa_sm_set_pmk_from_pmksa(sm);
338 wpa_hexdump_key(MSG_DEBUG, "RSN: PMK from PMKSA cache",
339 sm->pmk, sm->pmk_len);
340 eapol_sm_notify_cached(sm->eapol);
341 #ifdef CONFIG_IEEE80211R
342 sm->xxkey_len = 0;
343 #ifdef CONFIG_SAE
344 if ((sm->key_mgmt == WPA_KEY_MGMT_FT_SAE ||
345 sm->key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY) &&
346 sm->pmk_len == PMK_LEN) {
347 /* Need to allow FT key derivation to proceed with
348 * PMK from SAE being used as the XXKey in cases where
349 * the PMKID in msg 1/4 matches the PMKSA entry that was
350 * just added based on SAE authentication for the
351 * initial mobility domain association. */
352 os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len);
353 sm->xxkey_len = sm->pmk_len;
354 }
355 #endif /* CONFIG_SAE */
356 #endif /* CONFIG_IEEE80211R */
357 } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
358 int res, pmk_len;
359 #ifdef CONFIG_IEEE80211R
360 u8 buf[2 * PMK_LEN];
361 #endif /* CONFIG_IEEE80211R */
362
363 if (wpa_key_mgmt_sha384(sm->key_mgmt))
364 pmk_len = PMK_LEN_SUITE_B_192;
365 else
366 pmk_len = PMK_LEN;
367 res = eapol_sm_get_key(sm->eapol, sm->pmk, pmk_len);
368 if (res) {
369 if (pmk_len == PMK_LEN) {
370 /*
371 * EAP-LEAP is an exception from other EAP
372 * methods: it uses only 16-byte PMK.
373 */
374 res = eapol_sm_get_key(sm->eapol, sm->pmk, 16);
375 pmk_len = 16;
376 }
377 }
378 #ifdef CONFIG_IEEE80211R
379 if (res == 0 &&
380 eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) {
381 if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
382 os_memcpy(sm->xxkey, buf, SHA384_MAC_LEN);
383 sm->xxkey_len = SHA384_MAC_LEN;
384 } else {
385 os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
386 sm->xxkey_len = PMK_LEN;
387 }
388 forced_memzero(buf, sizeof(buf));
389 if (sm->proto == WPA_PROTO_RSN &&
390 wpa_key_mgmt_ft(sm->key_mgmt)) {
391 struct rsn_pmksa_cache_entry *sa = NULL;
392 const u8 *fils_cache_id = NULL;
393
394 #ifdef CONFIG_FILS
395 if (sm->fils_cache_id_set)
396 fils_cache_id = sm->fils_cache_id;
397 #endif /* CONFIG_FILS */
398 wpa_hexdump_key(MSG_DEBUG,
399 "FT: Cache XXKey/MPMK",
400 sm->xxkey, sm->xxkey_len);
401 sa = pmksa_cache_add(sm->pmksa,
402 sm->xxkey, sm->xxkey_len,
403 NULL, NULL, 0,
404 src_addr, sm->own_addr,
405 sm->network_ctx,
406 sm->key_mgmt,
407 fils_cache_id);
408 if (!sm->cur_pmksa)
409 sm->cur_pmksa = sa;
410 }
411 }
412 #endif /* CONFIG_IEEE80211R */
413 if (res == 0) {
414 struct rsn_pmksa_cache_entry *sa = NULL;
415 const u8 *fils_cache_id = NULL;
416
417 #ifdef CONFIG_FILS
418 if (sm->fils_cache_id_set)
419 fils_cache_id = sm->fils_cache_id;
420 #endif /* CONFIG_FILS */
421
422 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
423 "machines", sm->pmk, pmk_len);
424 sm->pmk_len = pmk_len;
425 wpa_supplicant_key_mgmt_set_pmk(sm);
426 if (sm->proto == WPA_PROTO_RSN &&
427 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
428 !wpa_key_mgmt_ft(sm->key_mgmt)) {
429 sa = pmksa_cache_add(sm->pmksa,
430 sm->pmk, pmk_len, NULL,
431 NULL, 0,
432 src_addr, sm->own_addr,
433 sm->network_ctx,
434 sm->key_mgmt,
435 fils_cache_id);
436 }
437 if (!sm->cur_pmksa && pmkid &&
438 pmksa_cache_get(sm->pmksa, src_addr, sm->own_addr,
439 pmkid, NULL, 0)) {
440 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
441 "RSN: the new PMK matches with the "
442 "PMKID");
443 abort_cached = 0;
444 } else if (sa && !sm->cur_pmksa && pmkid) {
445 /*
446 * It looks like the authentication server
447 * derived mismatching MSK. This should not
448 * really happen, but bugs happen.. There is not
449 * much we can do here without knowing what
450 * exactly caused the server to misbehave.
451 */
452 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
453 "RSN: PMKID mismatch - authentication server may have derived different MSK?!");
454 return -1;
455 }
456
457 if (!sm->cur_pmksa)
458 sm->cur_pmksa = sa;
459 #ifdef CONFIG_IEEE80211R
460 } else if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->ft_protocol) {
461 wpa_printf(MSG_DEBUG,
462 "FT: Continue 4-way handshake without PMK/PMKID for association using FT protocol");
463 #endif /* CONFIG_IEEE80211R */
464 } else {
465 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
466 "WPA: Failed to get master session key from "
467 "EAPOL state machines - key handshake "
468 "aborted");
469 if (sm->cur_pmksa) {
470 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
471 "RSN: Cancelled PMKSA caching "
472 "attempt");
473 sm->cur_pmksa = NULL;
474 abort_cached = 1;
475 } else if (!abort_cached) {
476 return -1;
477 }
478 }
479 }
480
481 if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
482 !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
483 !wpa_key_mgmt_ft(sm->key_mgmt)) {
484 /* Send EAPOL-Start to trigger full EAP authentication. */
485 u8 *buf;
486 size_t buflen;
487
488 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
489 "RSN: no PMKSA entry found - trigger "
490 "full EAP authentication");
491 buf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_START,
492 NULL, 0, &buflen, NULL);
493 if (buf) {
494 /* Set and reset eapFail to allow EAP state machine to
495 * proceed with new authentication. */
496 eapol_sm_notify_eap_fail(sm->eapol, true);
497 eapol_sm_notify_eap_fail(sm->eapol, false);
498 wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
499 buf, buflen);
500 os_free(buf);
501 return -2;
502 }
503
504 return -1;
505 }
506
507 return 0;
508 }
509
510
511 /**
512 * wpa_supplicant_send_2_of_4 - Send message 2 of WPA/RSN 4-Way Handshake
513 * @sm: Pointer to WPA state machine data from wpa_sm_init()
514 * @dst: Destination address for the frame
515 * @key: Pointer to the EAPOL-Key frame header
516 * @ver: Version bits from EAPOL-Key Key Info
517 * @nonce: Nonce value for the EAPOL-Key frame
518 * @wpa_ie: WPA/RSN IE
519 * @wpa_ie_len: Length of the WPA/RSN IE
520 * @ptk: PTK to use for keyed hash and encryption
521 * Returns: >= 0 on success, < 0 on failure
522 */
wpa_supplicant_send_2_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,int ver,const u8 * nonce,const u8 * wpa_ie,size_t wpa_ie_len,struct wpa_ptk * ptk)523 int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
524 const struct wpa_eapol_key *key,
525 int ver, const u8 *nonce,
526 const u8 *wpa_ie, size_t wpa_ie_len,
527 struct wpa_ptk *ptk)
528 {
529 size_t mic_len, hdrlen, rlen, extra_len = 0;
530 struct wpa_eapol_key *reply;
531 u8 *rbuf, *key_mic;
532 u8 *rsn_ie_buf = NULL, *buf2 = NULL;
533 u16 key_info;
534 #ifdef CONFIG_TESTING_OPTIONS
535 size_t pad_len = 0;
536 #endif /* CONFIG_TESTING_OPTIONS */
537
538 if (wpa_ie == NULL) {
539 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
540 "cannot generate msg 2/4");
541 return -1;
542 }
543
544 #ifdef CONFIG_IEEE80211R
545 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
546 int res;
547
548 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE before FT processing",
549 wpa_ie, wpa_ie_len);
550 /*
551 * Add PMKR1Name into RSN IE (PMKID-List) and add MDIE and
552 * FTIE from (Re)Association Response.
553 */
554 rsn_ie_buf = os_malloc(wpa_ie_len + 2 + 2 + PMKID_LEN +
555 sm->assoc_resp_ies_len);
556 if (rsn_ie_buf == NULL)
557 return -1;
558 os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
559 res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len,
560 sm->pmk_r1_name, !sm->ft_prepend_pmkid);
561 if (res < 0) {
562 os_free(rsn_ie_buf);
563 return -1;
564 }
565 wpa_hexdump(MSG_DEBUG,
566 "WPA: WPA IE after PMKID[PMKR1Name] addition into RSNE",
567 rsn_ie_buf, wpa_ie_len);
568
569 if (sm->assoc_resp_ies) {
570 wpa_hexdump(MSG_DEBUG, "WPA: Add assoc_resp_ies",
571 sm->assoc_resp_ies,
572 sm->assoc_resp_ies_len);
573 os_memcpy(rsn_ie_buf + wpa_ie_len, sm->assoc_resp_ies,
574 sm->assoc_resp_ies_len);
575 wpa_ie_len += sm->assoc_resp_ies_len;
576 }
577
578 wpa_ie = rsn_ie_buf;
579 }
580 #endif /* CONFIG_IEEE80211R */
581
582 if (sm->rsn_override != RSN_OVERRIDE_NOT_USED) {
583 u8 *pos;
584
585 buf2 = os_malloc(wpa_ie_len + 2 + 4 + 1);
586 if (!buf2) {
587 os_free(rsn_ie_buf);
588 return -1;
589 }
590 os_memcpy(buf2, wpa_ie, wpa_ie_len);
591 pos = buf2 + wpa_ie_len;
592 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
593 *pos++ = 4 + 1;
594 WPA_PUT_BE32(pos, RSN_SELECTION_IE_VENDOR_TYPE);
595 pos += 4;
596 if (sm->rsn_override == RSN_OVERRIDE_RSNE) {
597 *pos++ = RSN_SELECTION_RSNE;
598 } else if (sm->rsn_override == RSN_OVERRIDE_RSNE_OVERRIDE) {
599 *pos++ = RSN_SELECTION_RSNE_OVERRIDE;
600 } else if (sm->rsn_override == RSN_OVERRIDE_RSNE_OVERRIDE_2) {
601 *pos++ = RSN_SELECTION_RSNE_OVERRIDE_2;
602 } else {
603 os_free(rsn_ie_buf);
604 os_free(buf2);
605 return -1;
606 }
607
608 wpa_ie = buf2;
609 wpa_ie_len += 2 + 4 + 1;
610
611 }
612
613 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
614
615 #ifdef CONFIG_TESTING_OPTIONS
616 if (sm->test_eapol_m2_elems)
617 extra_len = wpabuf_len(sm->test_eapol_m2_elems);
618 if (sm->encrypt_eapol_m2) {
619 pad_len = (wpa_ie_len + extra_len) % 8;
620 if (pad_len)
621 pad_len = 8 - pad_len;
622 extra_len += pad_len + 8;
623 }
624 #endif /* CONFIG_TESTING_OPTIONS */
625
626 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
627 hdrlen = sizeof(*reply) + mic_len + 2;
628 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
629 NULL, hdrlen + wpa_ie_len + extra_len,
630 &rlen, (void *) &reply);
631 if (rbuf == NULL) {
632 os_free(rsn_ie_buf);
633 os_free(buf2);
634 return -1;
635 }
636
637 reply->type = (sm->proto == WPA_PROTO_RSN) ?
638 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
639 key_info = ver | WPA_KEY_INFO_KEY_TYPE;
640 if (sm->ptk_set && sm->proto != WPA_PROTO_WPA)
641 key_info |= WPA_KEY_INFO_SECURE;
642 if (mic_len)
643 key_info |= WPA_KEY_INFO_MIC;
644 else
645 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
646 #ifdef CONFIG_TESTING_OPTIONS
647 if (sm->encrypt_eapol_m2)
648 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
649 if (sm->eapol_2_key_info_set_mask)
650 key_info |= sm->eapol_2_key_info_set_mask;
651 #endif /* CONFIG_TESTING_OPTIONS */
652 WPA_PUT_BE16(reply->key_info, key_info);
653 if (sm->proto == WPA_PROTO_RSN)
654 WPA_PUT_BE16(reply->key_length, 0);
655 else
656 os_memcpy(reply->key_length, key->key_length, 2);
657 os_memcpy(reply->replay_counter, key->replay_counter,
658 WPA_REPLAY_COUNTER_LEN);
659 wpa_hexdump(MSG_DEBUG, "WPA: Replay Counter", reply->replay_counter,
660 WPA_REPLAY_COUNTER_LEN);
661
662 key_mic = (u8 *) (reply + 1);
663 /* Key Data Length */
664 WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len + extra_len);
665 os_memcpy(key_mic + mic_len + 2, wpa_ie, wpa_ie_len); /* Key Data */
666 os_free(rsn_ie_buf);
667 os_free(buf2);
668 #ifdef CONFIG_TESTING_OPTIONS
669 if (sm->test_eapol_m2_elems) {
670 os_memcpy(key_mic + mic_len + 2 + wpa_ie_len,
671 wpabuf_head(sm->test_eapol_m2_elems),
672 wpabuf_len(sm->test_eapol_m2_elems));
673 }
674
675 if (sm->encrypt_eapol_m2) {
676 u8 *plain;
677 size_t plain_len;
678
679 if (sm->test_eapol_m2_elems)
680 extra_len = wpabuf_len(sm->test_eapol_m2_elems);
681 else
682 extra_len = 0;
683 plain_len = wpa_ie_len + extra_len + pad_len;
684 plain = os_memdup(key_mic + mic_len + 2, plain_len);
685 if (!plain) {
686 os_free(rbuf);
687 return -1;
688 }
689 if (pad_len)
690 plain[plain_len - pad_len] = 0xdd;
691
692 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
693 ptk->kek, ptk->kek_len);
694 if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
695 key_mic + mic_len + 2)) {
696 os_free(plain);
697 os_free(rbuf);
698 return -1;
699 }
700 wpa_hexdump(MSG_DEBUG,
701 "RSN: Encrypted Key Data from AES-WRAP",
702 key_mic + mic_len + 2, plain_len + 8);
703 os_free(plain);
704 }
705 #endif /* CONFIG_TESTING_OPTIONS */
706
707 os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
708
709 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
710 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
711 key_mic);
712 }
713
714
wpa_derive_ptk(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,struct wpa_ptk * ptk)715 static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
716 const struct wpa_eapol_key *key, struct wpa_ptk *ptk)
717 {
718 int ret;
719 const u8 *z = NULL;
720 size_t z_len = 0, kdk_len;
721 int akmp;
722
723 #ifdef CONFIG_IEEE80211R
724 if (wpa_key_mgmt_ft(sm->key_mgmt))
725 return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
726 #endif /* CONFIG_IEEE80211R */
727
728 #ifdef CONFIG_DPP2
729 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
730 z = wpabuf_head(sm->dpp_z);
731 z_len = wpabuf_len(sm->dpp_z);
732 }
733 #endif /* CONFIG_DPP2 */
734
735 akmp = sm->key_mgmt;
736 #ifdef CONFIG_OWE
737 if (sm->owe_ptk_workaround && akmp == WPA_KEY_MGMT_OWE &&
738 sm->pmk_len > 32) {
739 wpa_printf(MSG_DEBUG,
740 "OWE: Force SHA256 for PTK derivation");
741 akmp |= WPA_KEY_MGMT_PSK_SHA256;
742 }
743 #endif /* CONFIG_OWE */
744
745 if (sm->force_kdk_derivation ||
746 (sm->secure_ltf &&
747 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
748 kdk_len = WPA_KDK_MAX_LEN;
749 else
750 kdk_len = 0;
751
752 ret = wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
753 sm->own_addr, wpa_sm_get_auth_addr(sm), sm->snonce,
754 key->key_nonce, ptk, akmp,
755 sm->pairwise_cipher, z, z_len,
756 kdk_len);
757 if (ret) {
758 wpa_printf(MSG_ERROR, "WPA: PTK derivation failed");
759 return ret;
760 }
761
762 #ifdef CONFIG_PASN
763 if (sm->secure_ltf &&
764 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))
765 ret = wpa_ltf_keyseed(ptk, akmp, sm->pairwise_cipher);
766 #endif /* CONFIG_PASN */
767
768 return ret;
769 }
770
771
wpa_handle_ext_key_id(struct wpa_sm * sm,struct wpa_eapol_ie_parse * kde)772 static int wpa_handle_ext_key_id(struct wpa_sm *sm,
773 struct wpa_eapol_ie_parse *kde)
774 {
775 if (sm->ext_key_id) {
776 u16 key_id;
777
778 if (!kde->key_id) {
779 wpa_msg(sm->ctx->msg_ctx,
780 sm->use_ext_key_id ? MSG_INFO : MSG_DEBUG,
781 "RSN: No Key ID in Extended Key ID handshake");
782 sm->keyidx_active = 0;
783 return sm->use_ext_key_id ? -1 : 0;
784 }
785
786 key_id = kde->key_id[0] & 0x03;
787 if (key_id > 1) {
788 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
789 "RSN: Invalid Extended Key ID: %d", key_id);
790 return -1;
791 }
792 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
793 "RSN: Using Extended Key ID %d", key_id);
794 sm->keyidx_active = key_id;
795 sm->use_ext_key_id = 1;
796 } else {
797 if (kde->key_id && (kde->key_id[0] & 0x03)) {
798 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
799 "RSN: Non-zero Extended Key ID Key ID in PTK0 handshake");
800 return -1;
801 }
802
803 if (kde->key_id) {
804 /* This is not supposed to be included here, but ignore
805 * the case of matching Key ID 0 just in case. */
806 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
807 "RSN: Extended Key ID Key ID 0 in PTK0 handshake");
808 }
809 sm->keyidx_active = 0;
810 sm->use_ext_key_id = 0;
811 }
812
813 return 0;
814 }
815
816
rsn_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len)817 static u8 * rsn_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
818 {
819 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
820 *pos++ = RSN_SELECTOR_LEN + data_len;
821 RSN_SELECTOR_PUT(pos, kde);
822 pos += RSN_SELECTOR_LEN;
823 os_memcpy(pos, data, data_len);
824 pos += data_len;
825
826 return pos;
827 }
828
829
wpa_mlo_link_kde_len(struct wpa_sm * sm)830 static size_t wpa_mlo_link_kde_len(struct wpa_sm *sm)
831 {
832 int i;
833 unsigned int num_links = 0;
834
835 for_each_link(sm->mlo.req_links, i) {
836 if (sm->mlo.assoc_link_id != i)
837 num_links++;
838 }
839
840 return num_links * (RSN_SELECTOR_LEN + 1 + ETH_ALEN + 2);
841 }
842
843
wpa_mlo_link_kde(struct wpa_sm * sm,u8 * pos)844 static u8 * wpa_mlo_link_kde(struct wpa_sm *sm, u8 *pos)
845 {
846 int i;
847 u8 hdr[1 + ETH_ALEN];
848
849 for_each_link(sm->mlo.req_links, i) {
850 if (sm->mlo.assoc_link_id == i)
851 continue;
852
853 wpa_printf(MSG_DEBUG,
854 "MLO: Add MLO Link %d KDE in EAPOL-Key 2/4", i);
855 hdr[0] = i & 0xF; /* LinkID; no RSNE or RSNXE */
856 os_memcpy(&hdr[1], sm->mlo.links[i].addr, ETH_ALEN);
857 pos = rsn_add_kde(pos, RSN_KEY_DATA_MLO_LINK, hdr, sizeof(hdr));
858 }
859
860 return pos;
861 }
862
863
is_valid_ap_mld_mac_kde(struct wpa_sm * sm,const u8 * mac_kde)864 static bool is_valid_ap_mld_mac_kde(struct wpa_sm *sm, const u8 *mac_kde)
865 {
866 return mac_kde &&
867 ether_addr_equal(mac_kde, sm->mlo.ap_mld_addr);
868 }
869
870
wpas_swap_tkip_mic_keys(struct wpa_ptk * ptk)871 static void wpas_swap_tkip_mic_keys(struct wpa_ptk *ptk)
872 {
873 u8 buf[8];
874
875 /* Supplicant: swap tx/rx Mic keys */
876 os_memcpy(buf, &ptk->tk[16], 8);
877 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
878 os_memcpy(&ptk->tk[24], buf, 8);
879 forced_memzero(buf, sizeof(buf));
880 }
881
882
wpa_supplicant_process_1_of_4_wpa(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len,enum frame_encryption encrypted)883 static void wpa_supplicant_process_1_of_4_wpa(struct wpa_sm *sm,
884 const unsigned char *src_addr,
885 const struct wpa_eapol_key *key,
886 u16 ver, const u8 *key_data,
887 size_t key_data_len,
888 enum frame_encryption encrypted)
889 {
890 struct wpa_eapol_ie_parse ie;
891 struct wpa_ptk *ptk;
892 int res;
893
894 if (wpa_sm_get_network_ctx(sm) == NULL) {
895 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
896 "WPA: No SSID info found (msg 1 of 4)");
897 return;
898 }
899
900 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
901 "WPA: RX message 1 of 4-Way Handshake from " MACSTR
902 " (ver=%d)", MAC2STR(src_addr), ver);
903
904 os_memset(&ie, 0, sizeof(ie));
905
906 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
907 if (res == -2) {
908 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
909 "WPA: Do not reply to msg 1/4 - requesting full EAP authentication");
910 return;
911 }
912 if (res)
913 goto failed;
914
915 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
916
917 if (sm->renew_snonce) {
918 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
919 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
920 "WPA: Failed to get random data for SNonce");
921 goto failed;
922 }
923 sm->renew_snonce = 0;
924 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
925 sm->snonce, WPA_NONCE_LEN);
926 }
927
928 /* Calculate PTK which will be stored as a temporary PTK until it has
929 * been verified when processing message 3/4. */
930 ptk = &sm->tptk;
931 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
932 goto failed;
933 if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
934 wpas_swap_tkip_mic_keys(ptk);
935 sm->tptk_set = 1;
936
937 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
938 sm->snonce, sm->assoc_wpa_ie,
939 sm->assoc_wpa_ie_len, ptk) < 0)
940 goto failed;
941
942 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
943 return;
944
945 failed:
946 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
947 }
948
949
wpa_supplicant_process_1_of_4(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len,enum frame_encryption encrypted)950 static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
951 const unsigned char *src_addr,
952 const struct wpa_eapol_key *key,
953 u16 ver, const u8 *key_data,
954 size_t key_data_len,
955 enum frame_encryption encrypted)
956 {
957 struct wpa_eapol_ie_parse ie;
958 struct wpa_ptk *ptk;
959 int res;
960 u8 *kde, *kde_buf = NULL;
961 size_t kde_len;
962 size_t mlo_kde_len = 0;
963
964 if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set &&
965 wpa_sm_pmf_enabled(sm)) {
966 wpa_printf(MSG_DEBUG,
967 "RSN: Discard unencrypted EAPOL-Key msg 1/4 when TK is set and PMF is enabled");
968 return;
969 }
970
971 if (wpa_sm_get_network_ctx(sm) == NULL) {
972 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
973 "found (msg 1 of 4)");
974 return;
975 }
976
977 if (sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
978 wpa_sm_get_state(sm) == WPA_COMPLETED) {
979 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
980 "WPA: PTK0 rekey not allowed, reconnecting");
981 wpa_sm_reconnect(sm);
982 return;
983 }
984
985 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
986 "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
987
988 os_memset(&ie, 0, sizeof(ie));
989
990 /* RSN: msg 1/4 should contain PMKID for the selected PMK */
991 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len);
992 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
993 wpa_printf(MSG_DEBUG,
994 "RSN: Discard EAPOL-Key msg 1/4 with invalid IEs/KDEs");
995 return;
996 }
997 if (ie.pmkid) {
998 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from Authenticator",
999 ie.pmkid, PMKID_LEN);
1000 }
1001
1002 if (sm->mlo.valid_links && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) {
1003 wpa_printf(MSG_INFO,
1004 "RSN: Discard EAPOL-Key msg 1/4 with invalid AP MLD MAC address KDE");
1005 return;
1006 }
1007
1008 res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
1009 if (res == -2) {
1010 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
1011 "msg 1/4 - requesting full EAP authentication");
1012 return;
1013 }
1014 if (res)
1015 goto failed;
1016
1017 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1018
1019 if (sm->renew_snonce) {
1020 if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
1021 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1022 "WPA: Failed to get random data for SNonce");
1023 goto failed;
1024 }
1025 if (wpa_sm_rsn_overriding_supported(sm))
1026 rsn_set_snonce_cookie(sm->snonce);
1027 sm->renew_snonce = 0;
1028 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
1029 sm->snonce, WPA_NONCE_LEN);
1030 }
1031
1032 /* Calculate PTK which will be stored as a temporary PTK until it has
1033 * been verified when processing message 3/4. */
1034 ptk = &sm->tptk;
1035 if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
1036 goto failed;
1037 if (sm->pairwise_cipher == WPA_CIPHER_TKIP)
1038 wpas_swap_tkip_mic_keys(ptk);
1039 sm->tptk_set = 1;
1040
1041 /* Add MLO Link KDE and MAC KDE in M2 for ML connection */
1042 if (sm->mlo.valid_links)
1043 mlo_kde_len = wpa_mlo_link_kde_len(sm) +
1044 RSN_SELECTOR_LEN + ETH_ALEN + 2;
1045
1046 kde = sm->assoc_wpa_ie;
1047 kde_len = sm->assoc_wpa_ie_len;
1048 kde_buf = os_malloc(kde_len +
1049 2 + RSN_SELECTOR_LEN + 3 +
1050 sm->assoc_rsnxe_len +
1051 2 + RSN_SELECTOR_LEN + 1 +
1052 2 + RSN_SELECTOR_LEN + 2 + mlo_kde_len);
1053
1054 if (!kde_buf)
1055 goto failed;
1056 os_memcpy(kde_buf, kde, kde_len);
1057 kde = kde_buf;
1058
1059 #ifdef CONFIG_OCV
1060 if (wpa_sm_ocv_enabled(sm)) {
1061 struct wpa_channel_info ci;
1062 u8 *pos;
1063
1064 pos = kde + kde_len;
1065 if (wpa_sm_channel_info(sm, &ci) != 0) {
1066 wpa_printf(MSG_WARNING,
1067 "Failed to get channel info for OCI element in EAPOL-Key 2/4");
1068 goto failed;
1069 }
1070 #ifdef CONFIG_TESTING_OPTIONS
1071 if (sm->oci_freq_override_eapol) {
1072 wpa_printf(MSG_INFO,
1073 "TEST: Override OCI KDE frequency %d -> %d MHz",
1074 ci.frequency, sm->oci_freq_override_eapol);
1075 ci.frequency = sm->oci_freq_override_eapol;
1076 }
1077 #endif /* CONFIG_TESTING_OPTIONS */
1078
1079 if (ocv_insert_oci_kde(&ci, &pos) < 0)
1080 goto failed;
1081 kde_len = pos - kde;
1082 }
1083 #endif /* CONFIG_OCV */
1084
1085 if (sm->assoc_rsnxe && sm->assoc_rsnxe_len) {
1086 os_memcpy(kde + kde_len, sm->assoc_rsnxe, sm->assoc_rsnxe_len);
1087 kde_len += sm->assoc_rsnxe_len;
1088 }
1089
1090 #ifdef CONFIG_P2P
1091 if (sm->p2p) {
1092 u8 *pos;
1093
1094 wpa_printf(MSG_DEBUG,
1095 "P2P: Add IP Address Request KDE into EAPOL-Key 2/4");
1096 pos = kde + kde_len;
1097 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
1098 *pos++ = RSN_SELECTOR_LEN + 1;
1099 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_IP_ADDR_REQ);
1100 pos += RSN_SELECTOR_LEN;
1101 *pos++ = 0x01;
1102 kde_len = pos - kde;
1103 }
1104 #endif /* CONFIG_P2P */
1105
1106 #ifdef CONFIG_DPP2
1107 if (DPP_VERSION > 1 && sm->key_mgmt == WPA_KEY_MGMT_DPP) {
1108 u8 *pos;
1109
1110 wpa_printf(MSG_DEBUG, "DPP: Add DPP KDE into EAPOL-Key 2/4");
1111 pos = kde + kde_len;
1112 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
1113 *pos++ = RSN_SELECTOR_LEN + 2;
1114 RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_DPP);
1115 pos += RSN_SELECTOR_LEN;
1116 *pos++ = DPP_VERSION; /* Protocol Version */
1117 *pos = 0; /* Flags */
1118 if (sm->dpp_pfs == 0)
1119 *pos |= DPP_KDE_PFS_ALLOWED;
1120 else if (sm->dpp_pfs == 1)
1121 *pos |= DPP_KDE_PFS_ALLOWED | DPP_KDE_PFS_REQUIRED;
1122 pos++;
1123 kde_len = pos - kde;
1124 }
1125 #endif /* CONFIG_DPP2 */
1126
1127 if (sm->mlo.valid_links) {
1128 u8 *pos;
1129
1130 /* Add MAC KDE */
1131 wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 2/4");
1132 pos = kde + kde_len;
1133 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr,
1134 ETH_ALEN);
1135
1136 /* Add MLO Link KDE */
1137 wpa_printf(MSG_DEBUG, "Add MLO Link KDE(s) into EAPOL-Key 2/4");
1138 pos = wpa_mlo_link_kde(sm, pos);
1139 kde_len = pos - kde;
1140 }
1141
1142 if (wpa_supplicant_send_2_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
1143 sm->snonce, kde, kde_len, ptk) < 0)
1144 goto failed;
1145
1146 os_free(kde_buf);
1147 os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
1148 return;
1149
1150 failed:
1151 os_free(kde_buf);
1152 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
1153 }
1154
1155
wpa_sm_start_preauth(void * eloop_ctx,void * timeout_ctx)1156 static void wpa_sm_start_preauth(void *eloop_ctx, void *timeout_ctx)
1157 {
1158 struct wpa_sm *sm = eloop_ctx;
1159 rsn_preauth_candidate_process(sm);
1160 }
1161
1162
wpa_supplicant_key_neg_complete(struct wpa_sm * sm,const u8 * addr,int secure)1163 static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
1164 const u8 *addr, int secure)
1165 {
1166 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1167 "WPA: Key negotiation completed with "
1168 MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
1169 wpa_cipher_txt(sm->pairwise_cipher),
1170 wpa_cipher_txt(sm->group_cipher));
1171 wpa_sm_cancel_auth_timeout(sm);
1172 wpa_sm_set_state(sm, WPA_COMPLETED);
1173
1174 if (secure) {
1175 wpa_sm_mlme_setprotection(
1176 sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
1177 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1178 eapol_sm_notify_portValid(sm->eapol, true);
1179 if (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
1180 sm->key_mgmt == WPA_KEY_MGMT_DPP ||
1181 sm->key_mgmt == WPA_KEY_MGMT_OWE)
1182 eapol_sm_notify_eap_success(sm->eapol, true);
1183 /*
1184 * Start preauthentication after a short wait to avoid a
1185 * possible race condition between the data receive and key
1186 * configuration after the 4-Way Handshake. This increases the
1187 * likelihood of the first preauth EAPOL-Start frame getting to
1188 * the target AP.
1189 */
1190 if (!dl_list_empty(&sm->pmksa_candidates))
1191 eloop_register_timeout(1, 0, wpa_sm_start_preauth,
1192 sm, NULL);
1193 }
1194
1195 if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
1196 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1197 "RSN: Authenticator accepted "
1198 "opportunistic PMKSA entry - marking it valid");
1199 sm->cur_pmksa->opportunistic = 0;
1200 }
1201
1202 #ifdef CONFIG_IEEE80211R
1203 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1204 /* Prepare for the next transition */
1205 wpa_ft_prepare_auth_request(sm, NULL);
1206 }
1207 #endif /* CONFIG_IEEE80211R */
1208 }
1209
1210
wpa_sm_rekey_ptk(void * eloop_ctx,void * timeout_ctx)1211 static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
1212 {
1213 struct wpa_sm *sm = eloop_ctx;
1214 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
1215 wpa_sm_key_request(sm, 0, 1);
1216 }
1217
1218
wpa_supplicant_install_ptk(struct wpa_sm * sm,const struct wpa_eapol_key * key,enum key_flag key_flag)1219 static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
1220 const struct wpa_eapol_key *key,
1221 enum key_flag key_flag)
1222 {
1223 int keylen, rsclen;
1224 enum wpa_alg alg;
1225 const u8 *key_rsc;
1226
1227 if (sm->ptk.installed ||
1228 (sm->ptk.installed_rx && (key_flag & KEY_FLAG_NEXT))) {
1229 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1230 "WPA: Do not re-install same PTK to the driver");
1231 return 0;
1232 }
1233
1234 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1235 "WPA: Installing %sTK to the driver",
1236 (key_flag & KEY_FLAG_NEXT) ? "next " : "");
1237
1238 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1239 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
1240 "Suite: NONE - do not use pairwise keys");
1241 return 0;
1242 }
1243
1244 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
1245 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1246 "WPA: Unsupported pairwise cipher %d",
1247 sm->pairwise_cipher);
1248 return -1;
1249 }
1250
1251 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
1252 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
1253 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
1254 wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
1255 keylen, (long unsigned int) sm->ptk.tk_len);
1256 return -1;
1257 }
1258 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
1259
1260 if (sm->proto == WPA_PROTO_RSN) {
1261 key_rsc = null_rsc;
1262 } else {
1263 key_rsc = key->key_rsc;
1264 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
1265 }
1266
1267 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm),
1268 sm->keyidx_active, 1, key_rsc, rsclen, sm->ptk.tk,
1269 keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) {
1270 if (key_flag & KEY_FLAG_NEXT)
1271 return 0; /* Not all drivers support this, so do not
1272 * report failures on the RX-only set_key */
1273 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1274 "WPA: Failed to set PTK to the driver (alg=%d keylen=%d auth_addr="
1275 MACSTR " idx=%d key_flag=0x%x)",
1276 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm)),
1277 sm->keyidx_active, key_flag);
1278 return -1;
1279 }
1280
1281 #ifdef CONFIG_PASN
1282 if (sm->secure_ltf &&
1283 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
1284 wpa_sm_set_ltf_keyseed(sm, sm->own_addr, sm->bssid,
1285 sm->ptk.ltf_keyseed_len,
1286 sm->ptk.ltf_keyseed) < 0) {
1287 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1288 "WPA: Failed to set LTF keyseed to the driver (keylen=%zu bssid="
1289 MACSTR ")", sm->ptk.ltf_keyseed_len,
1290 MAC2STR(sm->bssid));
1291 return -1;
1292 }
1293 #endif /* CONFIG_PASN */
1294
1295 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher,
1296 sm->dot11RSNAConfigPMKLifetime, &sm->ptk);
1297
1298 if (key_flag & KEY_FLAG_NEXT) {
1299 sm->ptk.installed_rx = true;
1300 } else {
1301 /* TK is not needed anymore in supplicant */
1302 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
1303 sm->ptk.tk_len = 0;
1304 sm->ptk.installed = 1;
1305 sm->tk_set = true;
1306 }
1307
1308 if (sm->wpa_ptk_rekey) {
1309 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
1310 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
1311 sm, NULL);
1312 }
1313 return 0;
1314 }
1315
1316
wpa_supplicant_activate_ptk(struct wpa_sm * sm)1317 static int wpa_supplicant_activate_ptk(struct wpa_sm *sm)
1318 {
1319 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1320 "WPA: Activate PTK (idx=%d auth_addr=" MACSTR ")",
1321 sm->keyidx_active, MAC2STR(wpa_sm_get_auth_addr(sm)));
1322
1323 if (wpa_sm_set_key(sm, -1, 0, wpa_sm_get_auth_addr(sm),
1324 sm->keyidx_active, 0, NULL, 0, NULL, 0,
1325 KEY_FLAG_PAIRWISE_RX_TX_MODIFY) < 0) {
1326 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1327 "WPA: Failed to activate PTK for TX (idx=%d auth_addr="
1328 MACSTR ")", sm->keyidx_active,
1329 MAC2STR(wpa_sm_get_auth_addr(sm)));
1330 return -1;
1331 }
1332 return 0;
1333 }
1334
1335
wpa_supplicant_check_group_cipher(struct wpa_sm * sm,int group_cipher,int keylen,int maxkeylen,int * key_rsc_len,enum wpa_alg * alg)1336 static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
1337 int group_cipher,
1338 int keylen, int maxkeylen,
1339 int *key_rsc_len,
1340 enum wpa_alg *alg)
1341 {
1342 int klen;
1343
1344 *alg = wpa_cipher_to_alg(group_cipher);
1345 if (*alg == WPA_ALG_NONE) {
1346 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1347 "WPA: Unsupported Group Cipher %d",
1348 group_cipher);
1349 return -1;
1350 }
1351 *key_rsc_len = wpa_cipher_rsc_len(group_cipher);
1352
1353 klen = wpa_cipher_key_len(group_cipher);
1354 if (keylen != klen || maxkeylen < klen) {
1355 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1356 "WPA: Unsupported %s Group Cipher key length %d (%d)",
1357 wpa_cipher_txt(group_cipher), keylen, maxkeylen);
1358 return -1;
1359 }
1360 return 0;
1361 }
1362
1363
1364 struct wpa_gtk_data {
1365 enum wpa_alg alg;
1366 int tx, key_rsc_len, keyidx;
1367 u8 gtk[32];
1368 int gtk_len;
1369 };
1370
1371
wpa_supplicant_install_gtk(struct wpa_sm * sm,const struct wpa_gtk_data * gd,const u8 * key_rsc,int wnm_sleep)1372 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
1373 const struct wpa_gtk_data *gd,
1374 const u8 *key_rsc, int wnm_sleep)
1375 {
1376 const u8 *_gtk = gd->gtk;
1377 u8 gtk_buf[32];
1378
1379 /* Detect possible key reinstallation */
1380 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
1381 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
1382 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
1383 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
1384 sm->gtk_wnm_sleep.gtk_len) == 0)) {
1385 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1386 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
1387 gd->keyidx, gd->tx, gd->gtk_len);
1388 return 0;
1389 }
1390
1391 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
1392 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1393 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
1394 gd->keyidx, gd->tx, gd->gtk_len);
1395 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
1396 if (sm->group_cipher == WPA_CIPHER_TKIP) {
1397 /* Swap Tx/Rx keys for Michael MIC */
1398 os_memcpy(gtk_buf, gd->gtk, 16);
1399 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1400 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1401 _gtk = gtk_buf;
1402 }
1403 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
1404 if (wpa_sm_set_key(sm, -1, gd->alg, NULL,
1405 gd->keyidx, 1, key_rsc, gd->key_rsc_len,
1406 _gtk, gd->gtk_len,
1407 KEY_FLAG_GROUP_RX_TX_DEFAULT) < 0) {
1408 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1409 "WPA: Failed to set GTK to the driver "
1410 "(Group only)");
1411 forced_memzero(gtk_buf, sizeof(gtk_buf));
1412 return -1;
1413 }
1414 } else if (wpa_sm_set_key(sm, -1, gd->alg, broadcast_ether_addr,
1415 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
1416 _gtk, gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) {
1417 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1418 "WPA: Failed to set GTK to "
1419 "the driver (alg=%d keylen=%d keyidx=%d)",
1420 gd->alg, gd->gtk_len, gd->keyidx);
1421 forced_memzero(gtk_buf, sizeof(gtk_buf));
1422 return -1;
1423 }
1424 forced_memzero(gtk_buf, sizeof(gtk_buf));
1425
1426 if (wnm_sleep) {
1427 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
1428 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
1429 sm->gtk_wnm_sleep.gtk_len);
1430 } else {
1431 sm->gtk.gtk_len = gd->gtk_len;
1432 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
1433 }
1434
1435 return 0;
1436 }
1437
1438
wpa_supplicant_install_mlo_gtk(struct wpa_sm * sm,u8 link_id,const struct wpa_gtk_data * gd,const u8 * key_rsc,int wnm_sleep)1439 static int wpa_supplicant_install_mlo_gtk(struct wpa_sm *sm, u8 link_id,
1440 const struct wpa_gtk_data *gd,
1441 const u8 *key_rsc, int wnm_sleep)
1442 {
1443 const u8 *gtk = gd->gtk;
1444 u8 gtk_buf[32];
1445
1446 /* Detect possible key reinstallation */
1447 if ((sm->mlo.links[link_id].gtk.gtk_len == (size_t) gd->gtk_len &&
1448 os_memcmp(sm->mlo.links[link_id].gtk.gtk, gd->gtk,
1449 sm->mlo.links[link_id].gtk.gtk_len) == 0) ||
1450 (sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len ==
1451 (size_t) gd->gtk_len &&
1452 os_memcmp(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
1453 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len) == 0)) {
1454 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1455 "RSN: Not reinstalling already in-use GTK to the driver (link_id=%d keyidx=%d tx=%d len=%d)",
1456 link_id, gd->keyidx, gd->tx, gd->gtk_len);
1457 return 0;
1458 }
1459
1460 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: Group Key", gd->gtk,
1461 gd->gtk_len);
1462 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1463 "RSN: Installing GTK to the driver (link_id=%d keyidx=%d tx=%d len=%d)",
1464 link_id, gd->keyidx, gd->tx, gd->gtk_len);
1465 wpa_hexdump_link(MSG_DEBUG, link_id, "RSN: RSC",
1466 key_rsc, gd->key_rsc_len);
1467 if (sm->group_cipher == WPA_CIPHER_TKIP) {
1468 /* Swap Tx/Rx keys for Michael MIC */
1469 os_memcpy(gtk_buf, gd->gtk, 16);
1470 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
1471 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
1472 gtk = gtk_buf;
1473 }
1474 if (wpa_sm_set_key(sm, link_id, gd->alg, broadcast_ether_addr,
1475 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, gtk,
1476 gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) {
1477 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1478 "RSN: Failed to set GTK to the driver (link_id=%d alg=%d keylen=%d keyidx=%d)",
1479 link_id, gd->alg, gd->gtk_len, gd->keyidx);
1480 forced_memzero(gtk_buf, sizeof(gtk_buf));
1481 return -1;
1482 }
1483 forced_memzero(gtk_buf, sizeof(gtk_buf));
1484
1485 if (wnm_sleep) {
1486 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len = gd->gtk_len;
1487 os_memcpy(sm->mlo.links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
1488 sm->mlo.links[link_id].gtk_wnm_sleep.gtk_len);
1489 } else {
1490 sm->mlo.links[link_id].gtk.gtk_len = gd->gtk_len;
1491 os_memcpy(sm->mlo.links[link_id].gtk.gtk, gd->gtk,
1492 sm->mlo.links[link_id].gtk.gtk_len);
1493 }
1494
1495 return 0;
1496 }
1497
1498
wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm * sm,int tx)1499 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
1500 int tx)
1501 {
1502 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
1503 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
1504 * seemed to set this bit (incorrectly, since Tx is only when
1505 * doing Group Key only APs) and without this workaround, the
1506 * data connection does not work because wpa_supplicant
1507 * configured non-zero keyidx to be used for unicast. */
1508 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1509 "WPA: Tx bit set for GTK, but pairwise "
1510 "keys are used - ignore Tx bit");
1511 return 0;
1512 }
1513 return tx;
1514 }
1515
1516
wpa_supplicant_rsc_relaxation(const struct wpa_sm * sm,const u8 * rsc)1517 static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
1518 const u8 *rsc)
1519 {
1520 int rsclen;
1521
1522 if (!sm->wpa_rsc_relaxation)
1523 return 0;
1524
1525 rsclen = wpa_cipher_rsc_len(sm->group_cipher);
1526
1527 /*
1528 * Try to detect RSC (endian) corruption issue where the AP sends
1529 * the RSC bytes in EAPOL-Key message in the wrong order, both if
1530 * it's actually a 6-byte field (as it should be) and if it treats
1531 * it as an 8-byte field.
1532 * An AP model known to have this bug is the Sapido RB-1632.
1533 */
1534 if (rsclen == 6 && ((rsc[5] && !rsc[0]) || rsc[6] || rsc[7])) {
1535 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1536 "RSC %02x%02x%02x%02x%02x%02x%02x%02x is likely bogus, using 0",
1537 rsc[0], rsc[1], rsc[2], rsc[3],
1538 rsc[4], rsc[5], rsc[6], rsc[7]);
1539
1540 return 1;
1541 }
1542
1543 return 0;
1544 }
1545
1546
wpa_supplicant_mlo_gtk(struct wpa_sm * sm,u8 link_id,const u8 * gtk,size_t gtk_len,int key_info)1547 static int wpa_supplicant_mlo_gtk(struct wpa_sm *sm, u8 link_id, const u8 *gtk,
1548 size_t gtk_len, int key_info)
1549 {
1550 struct wpa_gtk_data gd;
1551 const u8 *key_rsc;
1552 int ret;
1553
1554 /*
1555 * MLO GTK KDE format:
1556 * KeyID[bits 0-1], Tx [bit 2], Reserved [bit 3], link id [4-7]
1557 * PN
1558 * GTK
1559 */
1560 os_memset(&gd, 0, sizeof(gd));
1561 wpa_hexdump_link_key(MSG_DEBUG, link_id,
1562 "RSN: received GTK in pairwise handshake",
1563 gtk, gtk_len);
1564
1565 if (gtk_len < RSN_MLO_GTK_KDE_PREFIX_LENGTH ||
1566 gtk_len - RSN_MLO_GTK_KDE_PREFIX_LENGTH > sizeof(gd.gtk))
1567 return -1;
1568
1569 gd.keyidx = gtk[0] & 0x3;
1570 gtk += 1;
1571 gtk_len -= 1;
1572
1573 key_rsc = gtk;
1574
1575 gtk += 6;
1576 gtk_len -= 6;
1577
1578 os_memcpy(gd.gtk, gtk, gtk_len);
1579 gd.gtk_len = gtk_len;
1580
1581 ret = 0;
1582 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, gtk_len,
1583 gtk_len, &gd.key_rsc_len,
1584 &gd.alg) ||
1585 wpa_supplicant_install_mlo_gtk(sm, link_id, &gd, key_rsc, 0)) {
1586 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1587 "RSN: Failed to install GTK for MLO Link ID %u",
1588 link_id);
1589 ret = -1;
1590 goto out;
1591 }
1592
1593 out:
1594 forced_memzero(&gd, sizeof(gd));
1595 return ret;
1596 }
1597
1598
wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,struct wpa_eapol_ie_parse * ie,int key_info)1599 static int wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm,
1600 const struct wpa_eapol_key *key,
1601 struct wpa_eapol_ie_parse *ie,
1602 int key_info)
1603 {
1604 u8 i;
1605
1606 for_each_link(sm->mlo.valid_links, i) {
1607 if (!ie->mlo_gtk[i]) {
1608 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
1609 "MLO RSN: GTK not found for link ID %u", i);
1610 return -1;
1611 }
1612
1613 if (wpa_supplicant_mlo_gtk(sm, i, ie->mlo_gtk[i],
1614 ie->mlo_gtk_len[i], key_info))
1615 return -1;
1616 }
1617
1618 return 0;
1619 }
1620
1621
wpa_supplicant_pairwise_gtk(struct wpa_sm * sm,const struct wpa_eapol_key * key,const u8 * gtk,size_t gtk_len,int key_info)1622 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
1623 const struct wpa_eapol_key *key,
1624 const u8 *gtk, size_t gtk_len,
1625 int key_info)
1626 {
1627 struct wpa_gtk_data gd;
1628 const u8 *key_rsc;
1629
1630 /*
1631 * IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames - Figure 43x
1632 * GTK KDE format:
1633 * KeyID[bits 0-1], Tx [bit 2], Reserved [bits 3-7]
1634 * Reserved [bits 0-7]
1635 * GTK
1636 */
1637
1638 os_memset(&gd, 0, sizeof(gd));
1639 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in pairwise handshake",
1640 gtk, gtk_len);
1641
1642 if (gtk_len < 2 || gtk_len - 2 > sizeof(gd.gtk))
1643 return -1;
1644
1645 gd.keyidx = gtk[0] & 0x3;
1646 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
1647 !!(gtk[0] & BIT(2)));
1648 gtk += 2;
1649 gtk_len -= 2;
1650
1651 os_memcpy(gd.gtk, gtk, gtk_len);
1652 gd.gtk_len = gtk_len;
1653
1654 key_rsc = key->key_rsc;
1655 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1656 key_rsc = null_rsc;
1657
1658 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
1659 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
1660 gtk_len, gtk_len,
1661 &gd.key_rsc_len, &gd.alg) ||
1662 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
1663 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1664 "RSN: Failed to install GTK");
1665 forced_memzero(&gd, sizeof(gd));
1666 return -1;
1667 }
1668 forced_memzero(&gd, sizeof(gd));
1669
1670 return 0;
1671 }
1672
1673
wpa_supplicant_install_igtk(struct wpa_sm * sm,const struct wpa_igtk_kde * igtk,int wnm_sleep)1674 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
1675 const struct wpa_igtk_kde *igtk,
1676 int wnm_sleep)
1677 {
1678 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1679 u16 keyidx = WPA_GET_LE16(igtk->keyid);
1680
1681 /* Detect possible key reinstallation */
1682 if ((sm->igtk.igtk_len == len &&
1683 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
1684 (sm->igtk_wnm_sleep.igtk_len == len &&
1685 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1686 sm->igtk_wnm_sleep.igtk_len) == 0)) {
1687 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1688 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
1689 keyidx);
1690 return 0;
1691 }
1692
1693 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1694 "WPA: IGTK keyid %d pn " COMPACT_MACSTR,
1695 keyidx, MAC2STR(igtk->pn));
1696 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
1697 if (keyidx > 4095) {
1698 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1699 "WPA: Invalid IGTK KeyID %d", keyidx);
1700 return -1;
1701 }
1702 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1703 broadcast_ether_addr,
1704 keyidx, 0, igtk->pn, sizeof(igtk->pn),
1705 igtk->igtk, len, KEY_FLAG_GROUP_RX) < 0) {
1706 if (keyidx == 0x0400 || keyidx == 0x0500) {
1707 /* Assume the AP has broken PMF implementation since it
1708 * seems to have swapped the KeyID bytes. The AP cannot
1709 * be trusted to implement BIP correctly or provide a
1710 * valid IGTK, so do not try to configure this key with
1711 * swapped KeyID bytes. Instead, continue without
1712 * configuring the IGTK so that the driver can drop any
1713 * received group-addressed robust management frames due
1714 * to missing keys.
1715 *
1716 * Normally, this error behavior would result in us
1717 * disconnecting, but there are number of deployed APs
1718 * with this broken behavior, so as an interoperability
1719 * workaround, allow the connection to proceed. */
1720 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
1721 "WPA: Ignore IGTK configuration error due to invalid IGTK KeyID byte order");
1722 } else {
1723 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1724 "WPA: Failed to configure IGTK to the driver");
1725 return -1;
1726 }
1727 }
1728
1729 if (wnm_sleep) {
1730 sm->igtk_wnm_sleep.igtk_len = len;
1731 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
1732 sm->igtk_wnm_sleep.igtk_len);
1733 } else {
1734 sm->igtk.igtk_len = len;
1735 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
1736 }
1737
1738 return 0;
1739 }
1740
1741
wpa_supplicant_install_bigtk(struct wpa_sm * sm,const struct wpa_bigtk_kde * bigtk,int wnm_sleep)1742 static int wpa_supplicant_install_bigtk(struct wpa_sm *sm,
1743 const struct wpa_bigtk_kde *bigtk,
1744 int wnm_sleep)
1745 {
1746 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1747 u16 keyidx = WPA_GET_LE16(bigtk->keyid);
1748
1749 /* Detect possible key reinstallation */
1750 if ((sm->bigtk.bigtk_len == len &&
1751 os_memcmp(sm->bigtk.bigtk, bigtk->bigtk,
1752 sm->bigtk.bigtk_len) == 0) ||
1753 (sm->bigtk_wnm_sleep.bigtk_len == len &&
1754 os_memcmp(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk,
1755 sm->bigtk_wnm_sleep.bigtk_len) == 0)) {
1756 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1757 "WPA: Not reinstalling already in-use BIGTK to the driver (keyidx=%d)",
1758 keyidx);
1759 return 0;
1760 }
1761
1762 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1763 "WPA: BIGTK keyid %d pn " COMPACT_MACSTR,
1764 keyidx, MAC2STR(bigtk->pn));
1765 wpa_hexdump_key(MSG_DEBUG, "WPA: BIGTK", bigtk->bigtk, len);
1766 if (keyidx < 6 || keyidx > 7) {
1767 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1768 "WPA: Invalid BIGTK KeyID %d", keyidx);
1769 return -1;
1770 }
1771 if (wpa_sm_set_key(sm, -1, wpa_cipher_to_alg(sm->mgmt_group_cipher),
1772 broadcast_ether_addr,
1773 keyidx, 0, bigtk->pn, sizeof(bigtk->pn),
1774 bigtk->bigtk, len, KEY_FLAG_GROUP_RX) < 0) {
1775 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1776 "WPA: Failed to configure BIGTK to the driver");
1777 return -1;
1778 }
1779
1780 if (wnm_sleep) {
1781 sm->bigtk_wnm_sleep.bigtk_len = len;
1782 os_memcpy(sm->bigtk_wnm_sleep.bigtk, bigtk->bigtk,
1783 sm->bigtk_wnm_sleep.bigtk_len);
1784 } else {
1785 sm->bigtk.bigtk_len = len;
1786 os_memcpy(sm->bigtk.bigtk, bigtk->bigtk, sm->bigtk.bigtk_len);
1787 }
1788
1789 return 0;
1790 }
1791
1792
wpa_supplicant_install_mlo_igtk(struct wpa_sm * sm,u8 link_id,const struct rsn_mlo_igtk_kde * igtk,int wnm_sleep)1793 static int wpa_supplicant_install_mlo_igtk(struct wpa_sm *sm, u8 link_id,
1794 const struct rsn_mlo_igtk_kde *igtk,
1795 int wnm_sleep)
1796 {
1797 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1798 u16 keyidx = WPA_GET_LE16(igtk->keyid);
1799
1800 /* Detect possible key reinstallation */
1801 if ((sm->mlo.links[link_id].igtk.igtk_len == len &&
1802 os_memcmp(sm->mlo.links[link_id].igtk.igtk, igtk->igtk,
1803 sm->mlo.links[link_id].igtk.igtk_len) == 0) ||
1804 (sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len == len &&
1805 os_memcmp(sm->mlo.links[link_id].igtk_wnm_sleep.igtk, igtk->igtk,
1806 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len) == 0)) {
1807 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1808 "RSN: Not reinstalling already in-use IGTK to the driver (link_id=%d keyidx=%d)",
1809 link_id, keyidx);
1810 return 0;
1811 }
1812
1813 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1814 "RSN: MLO Link %u IGTK keyid %d pn " COMPACT_MACSTR,
1815 link_id, keyidx, MAC2STR(igtk->pn));
1816 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: IGTK", igtk->igtk, len);
1817 if (keyidx > 4095) {
1818 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1819 "RSN: Invalid MLO Link %d IGTK KeyID %d", link_id,
1820 keyidx);
1821 return -1;
1822 }
1823 if (wpa_sm_set_key(sm, link_id,
1824 wpa_cipher_to_alg(sm->mgmt_group_cipher),
1825 broadcast_ether_addr, keyidx, 0, igtk->pn,
1826 sizeof(igtk->pn), igtk->igtk, len,
1827 KEY_FLAG_GROUP_RX) < 0) {
1828 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1829 "RSN: Failed to configure MLO Link %d IGTK to the driver",
1830 link_id);
1831 return -1;
1832 }
1833
1834 if (wnm_sleep) {
1835 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len = len;
1836 os_memcpy(sm->mlo.links[link_id].igtk_wnm_sleep.igtk,
1837 igtk->igtk,
1838 sm->mlo.links[link_id].igtk_wnm_sleep.igtk_len);
1839 } else {
1840 sm->mlo.links[link_id].igtk.igtk_len = len;
1841 os_memcpy(sm->mlo.links[link_id].igtk.igtk, igtk->igtk,
1842 sm->mlo.links[link_id].igtk.igtk_len);
1843 }
1844
1845 return 0;
1846 }
1847
1848
1849 static int
wpa_supplicant_install_mlo_bigtk(struct wpa_sm * sm,u8 link_id,const struct rsn_mlo_bigtk_kde * bigtk,int wnm_sleep)1850 wpa_supplicant_install_mlo_bigtk(struct wpa_sm *sm, u8 link_id,
1851 const struct rsn_mlo_bigtk_kde *bigtk,
1852 int wnm_sleep)
1853 {
1854 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1855 u16 keyidx = WPA_GET_LE16(bigtk->keyid);
1856
1857 /* Detect possible key reinstallation */
1858 if ((sm->mlo.links[link_id].bigtk.bigtk_len == len &&
1859 os_memcmp(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk,
1860 sm->mlo.links[link_id].bigtk.bigtk_len) == 0) ||
1861 (sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len == len &&
1862 os_memcmp(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk,
1863 bigtk->bigtk,
1864 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len) ==
1865 0)) {
1866 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1867 "RSN: Not reinstalling already in-use BIGTK to the driver (link_id=%d keyidx=%d)",
1868 link_id, keyidx);
1869 return 0;
1870 }
1871
1872 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
1873 "RSN: MLO Link %u BIGTK keyid %d pn " COMPACT_MACSTR,
1874 link_id, keyidx, MAC2STR(bigtk->pn));
1875 wpa_hexdump_link_key(MSG_DEBUG, link_id, "RSN: BIGTK", bigtk->bigtk,
1876 len);
1877 if (keyidx < 6 || keyidx > 7) {
1878 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1879 "RSN: Invalid MLO Link %d BIGTK KeyID %d", link_id,
1880 keyidx);
1881 return -1;
1882 }
1883 if (wpa_sm_set_key(sm, link_id,
1884 wpa_cipher_to_alg(sm->mgmt_group_cipher),
1885 broadcast_ether_addr, keyidx, 0, bigtk->pn,
1886 sizeof(bigtk->pn), bigtk->bigtk, len,
1887 KEY_FLAG_GROUP_RX) < 0) {
1888 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1889 "RSN: Failed to configure MLO Link %d BIGTK to the driver",
1890 link_id);
1891 return -1;
1892 }
1893
1894 if (wnm_sleep) {
1895 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len = len;
1896 os_memcpy(sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk,
1897 bigtk->bigtk,
1898 sm->mlo.links[link_id].bigtk_wnm_sleep.bigtk_len);
1899 } else {
1900 sm->mlo.links[link_id].bigtk.bigtk_len = len;
1901 os_memcpy(sm->mlo.links[link_id].bigtk.bigtk, bigtk->bigtk,
1902 sm->mlo.links[link_id].bigtk.bigtk_len);
1903 }
1904
1905 return 0;
1906 }
1907
1908
_mlo_ieee80211w_set_keys(struct wpa_sm * sm,u8 link_id,struct wpa_eapol_ie_parse * ie)1909 static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id,
1910 struct wpa_eapol_ie_parse *ie)
1911 {
1912 size_t len;
1913
1914 if (ie->mlo_igtk[link_id]) {
1915 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1916 if (ie->mlo_igtk_len[link_id] !=
1917 RSN_MLO_IGTK_KDE_PREFIX_LENGTH + len)
1918 return -1;
1919
1920 if (wpa_supplicant_install_mlo_igtk(
1921 sm, link_id,
1922 (const struct rsn_mlo_igtk_kde *)
1923 ie->mlo_igtk[link_id],
1924 0) < 0)
1925 return -1;
1926 }
1927
1928 if (ie->mlo_bigtk[link_id] && sm->beacon_prot) {
1929 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1930 if (ie->mlo_bigtk_len[link_id] !=
1931 RSN_MLO_BIGTK_KDE_PREFIX_LENGTH + len)
1932 return -1;
1933
1934 if (wpa_supplicant_install_mlo_bigtk(
1935 sm, link_id,
1936 (const struct rsn_mlo_bigtk_kde *)
1937 ie->mlo_bigtk[link_id],
1938 0) < 0)
1939 return -1;
1940 }
1941
1942 return 0;
1943 }
1944
1945
mlo_ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)1946 static int mlo_ieee80211w_set_keys(struct wpa_sm *sm,
1947 struct wpa_eapol_ie_parse *ie)
1948 {
1949 u8 i;
1950
1951 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
1952 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
1953 return 0;
1954
1955 for_each_link(sm->mlo.valid_links, i) {
1956 if (_mlo_ieee80211w_set_keys(sm, i, ie))
1957 return -1;
1958 }
1959
1960 return 0;
1961 }
1962
1963
ieee80211w_set_keys(struct wpa_sm * sm,struct wpa_eapol_ie_parse * ie)1964 static int ieee80211w_set_keys(struct wpa_sm *sm,
1965 struct wpa_eapol_ie_parse *ie)
1966 {
1967 size_t len;
1968
1969 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
1970 sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
1971 return 0;
1972
1973 if (ie->igtk) {
1974 const struct wpa_igtk_kde *igtk;
1975
1976 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1977 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
1978 return -1;
1979
1980 igtk = (const struct wpa_igtk_kde *) ie->igtk;
1981 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
1982 return -1;
1983 }
1984
1985 if (ie->bigtk && sm->beacon_prot) {
1986 const struct wpa_bigtk_kde *bigtk;
1987
1988 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
1989 if (ie->bigtk_len != WPA_BIGTK_KDE_PREFIX_LEN + len)
1990 return -1;
1991
1992 bigtk = (const struct wpa_bigtk_kde *) ie->bigtk;
1993 if (wpa_supplicant_install_bigtk(sm, bigtk, 0) < 0)
1994 return -1;
1995 }
1996
1997 return 0;
1998 }
1999
2000
wpa_report_ie_mismatch(struct wpa_sm * sm,const char * reason,const u8 * src_addr,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsn_ie,size_t rsn_ie_len)2001 static void wpa_report_ie_mismatch(struct wpa_sm *sm,
2002 const char *reason, const u8 *src_addr,
2003 const u8 *wpa_ie, size_t wpa_ie_len,
2004 const u8 *rsn_ie, size_t rsn_ie_len)
2005 {
2006 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: %s (src=" MACSTR ")",
2007 reason, MAC2STR(src_addr));
2008
2009 if (sm->ap_wpa_ie) {
2010 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
2011 sm->ap_wpa_ie, sm->ap_wpa_ie_len);
2012 }
2013 if (wpa_ie) {
2014 if (!sm->ap_wpa_ie) {
2015 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2016 "WPA: No WPA IE in Beacon/ProbeResp");
2017 }
2018 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
2019 wpa_ie, wpa_ie_len);
2020 }
2021
2022 if (sm->ap_rsn_ie) {
2023 wpa_hexdump(MSG_INFO, "WPA: RSN IE in Beacon/ProbeResp",
2024 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
2025 }
2026 if (rsn_ie) {
2027 if (!sm->ap_rsn_ie) {
2028 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2029 "WPA: No RSN IE in Beacon/ProbeResp");
2030 }
2031 wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
2032 rsn_ie, rsn_ie_len);
2033 }
2034
2035 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
2036 }
2037
2038
2039 #ifdef CONFIG_IEEE80211R
2040
ft_validate_mdie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_mdie)2041 static int ft_validate_mdie(struct wpa_sm *sm,
2042 const unsigned char *src_addr,
2043 struct wpa_eapol_ie_parse *ie,
2044 const u8 *assoc_resp_mdie)
2045 {
2046 struct rsn_mdie *mdie;
2047
2048 mdie = (struct rsn_mdie *) (ie->mdie + 2);
2049 if (ie->mdie == NULL || ie->mdie_len < 2 + sizeof(*mdie) ||
2050 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
2051 MOBILITY_DOMAIN_ID_LEN) != 0) {
2052 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE in msg 3/4 did "
2053 "not match with the current mobility domain");
2054 return -1;
2055 }
2056
2057 if (assoc_resp_mdie &&
2058 (assoc_resp_mdie[1] != ie->mdie[1] ||
2059 os_memcmp(assoc_resp_mdie, ie->mdie, 2 + ie->mdie[1]) != 0)) {
2060 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: MDIE mismatch");
2061 wpa_hexdump(MSG_DEBUG, "FT: MDIE in EAPOL-Key msg 3/4",
2062 ie->mdie, 2 + ie->mdie[1]);
2063 wpa_hexdump(MSG_DEBUG, "FT: MDIE in (Re)Association Response",
2064 assoc_resp_mdie, 2 + assoc_resp_mdie[1]);
2065 return -1;
2066 }
2067
2068 return 0;
2069 }
2070
2071
ft_validate_ftie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie,const u8 * assoc_resp_ftie)2072 static int ft_validate_ftie(struct wpa_sm *sm,
2073 const unsigned char *src_addr,
2074 struct wpa_eapol_ie_parse *ie,
2075 const u8 *assoc_resp_ftie)
2076 {
2077 if (ie->ftie == NULL) {
2078 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2079 "FT: No FTIE in EAPOL-Key msg 3/4");
2080 return -1;
2081 }
2082
2083 if (assoc_resp_ftie == NULL)
2084 return 0;
2085
2086 if (assoc_resp_ftie[1] != ie->ftie[1] ||
2087 os_memcmp(assoc_resp_ftie, ie->ftie, 2 + ie->ftie[1]) != 0) {
2088 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: FTIE mismatch");
2089 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 3/4",
2090 ie->ftie, 2 + ie->ftie[1]);
2091 wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)Association Response",
2092 assoc_resp_ftie, 2 + assoc_resp_ftie[1]);
2093 return -1;
2094 }
2095
2096 return 0;
2097 }
2098
2099
ft_validate_rsnie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2100 static int ft_validate_rsnie(struct wpa_sm *sm,
2101 const unsigned char *src_addr,
2102 struct wpa_eapol_ie_parse *ie)
2103 {
2104 struct wpa_ie_data rsn;
2105
2106 if (!ie->rsn_ie)
2107 return 0;
2108
2109 /*
2110 * Verify that PMKR1Name from EAPOL-Key message 3/4
2111 * matches with the value we derived.
2112 */
2113 if (wpa_parse_wpa_ie_rsn(ie->rsn_ie, ie->rsn_ie_len, &rsn) < 0 ||
2114 rsn.num_pmkid != 1 || rsn.pmkid == NULL) {
2115 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "FT: No PMKR1Name in "
2116 "FT 4-way handshake message 3/4");
2117 return -1;
2118 }
2119
2120 if (os_memcmp_const(rsn.pmkid, sm->pmk_r1_name, WPA_PMK_NAME_LEN) != 0)
2121 {
2122 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2123 "FT: PMKR1Name mismatch in "
2124 "FT 4-way handshake message 3/4");
2125 wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Authenticator",
2126 rsn.pmkid, WPA_PMK_NAME_LEN);
2127 wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
2128 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
2129 return -1;
2130 }
2131
2132 return 0;
2133 }
2134
2135
wpa_supplicant_validate_ie_ft(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2136 static int wpa_supplicant_validate_ie_ft(struct wpa_sm *sm,
2137 const unsigned char *src_addr,
2138 struct wpa_eapol_ie_parse *ie)
2139 {
2140 const u8 *pos, *end, *mdie = NULL, *ftie = NULL;
2141
2142 if (sm->assoc_resp_ies) {
2143 pos = sm->assoc_resp_ies;
2144 end = pos + sm->assoc_resp_ies_len;
2145 while (end - pos > 2) {
2146 if (2 + pos[1] > end - pos)
2147 break;
2148 switch (*pos) {
2149 case WLAN_EID_MOBILITY_DOMAIN:
2150 mdie = pos;
2151 break;
2152 case WLAN_EID_FAST_BSS_TRANSITION:
2153 ftie = pos;
2154 break;
2155 }
2156 pos += 2 + pos[1];
2157 }
2158 }
2159
2160 if (ft_validate_mdie(sm, src_addr, ie, mdie) < 0 ||
2161 ft_validate_ftie(sm, src_addr, ie, ftie) < 0 ||
2162 ft_validate_rsnie(sm, src_addr, ie) < 0)
2163 return -1;
2164
2165 return 0;
2166 }
2167
2168 #endif /* CONFIG_IEEE80211R */
2169
2170
wpa_supplicant_validate_ie(struct wpa_sm * sm,const unsigned char * src_addr,struct wpa_eapol_ie_parse * ie)2171 static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
2172 const unsigned char *src_addr,
2173 struct wpa_eapol_ie_parse *ie)
2174 {
2175 if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
2176 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2177 "WPA: No WPA/RSN IE for this AP known. "
2178 "Trying to get from scan results");
2179 if (wpa_sm_get_beacon_ie(sm) < 0) {
2180 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2181 "WPA: Could not find AP from "
2182 "the scan results");
2183 return -1;
2184 }
2185 wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG,
2186 "WPA: Found the current AP from updated scan results");
2187 }
2188
2189 if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
2190 (sm->ap_wpa_ie || sm->ap_rsn_ie)) {
2191 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
2192 "with IE in Beacon/ProbeResp (no IE?)",
2193 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2194 ie->rsn_ie, ie->rsn_ie_len);
2195 return -1;
2196 }
2197
2198 if ((ie->wpa_ie && sm->ap_wpa_ie &&
2199 (ie->wpa_ie_len != sm->ap_wpa_ie_len ||
2200 os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
2201 (ie->rsn_ie && sm->ap_rsn_ie &&
2202 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2203 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
2204 ie->rsn_ie, ie->rsn_ie_len))) {
2205 wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
2206 "with IE in Beacon/ProbeResp",
2207 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2208 ie->rsn_ie, ie->rsn_ie_len);
2209 return -1;
2210 }
2211
2212 if (sm->proto == WPA_PROTO_WPA &&
2213 ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
2214 wpa_report_ie_mismatch(sm, "Possible downgrade attack "
2215 "detected - RSN was enabled and RSN IE "
2216 "was in msg 3/4, but not in "
2217 "Beacon/ProbeResp",
2218 src_addr, ie->wpa_ie, ie->wpa_ie_len,
2219 ie->rsn_ie, ie->rsn_ie_len);
2220 return -1;
2221 }
2222
2223 if (sm->proto == WPA_PROTO_RSN &&
2224 ((sm->ap_rsnxe && !ie->rsnxe) ||
2225 (!sm->ap_rsnxe && ie->rsnxe) ||
2226 (sm->ap_rsnxe && ie->rsnxe &&
2227 (sm->ap_rsnxe_len != ie->rsnxe_len ||
2228 os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)))) {
2229 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2230 "WPA: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
2231 wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
2232 sm->ap_rsnxe, sm->ap_rsnxe_len);
2233 wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4",
2234 ie->rsnxe, ie->rsnxe_len);
2235 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
2236 return -1;
2237 }
2238
2239 if (sm->proto == WPA_PROTO_RSN && wpa_sm_rsn_overriding_supported(sm)) {
2240 if ((sm->ap_rsne_override && !ie->rsne_override) ||
2241 (!sm->ap_rsne_override && ie->rsne_override) ||
2242 (sm->ap_rsne_override && ie->rsne_override &&
2243 (sm->ap_rsne_override_len != ie->rsne_override_len ||
2244 os_memcmp(sm->ap_rsne_override, ie->rsne_override,
2245 sm->ap_rsne_override_len) != 0))) {
2246 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2247 "RSN: RSNE Override element mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
2248 wpa_hexdump(MSG_INFO,
2249 "RSNE Override element in Beacon/ProbeResp",
2250 sm->ap_rsne_override,
2251 sm->ap_rsne_override_len);
2252 wpa_hexdump(MSG_INFO,
2253 "RSNE Override element in EAPOL-Key msg 3/4",
2254 ie->rsne_override, ie->rsne_override_len);
2255 wpa_sm_deauthenticate(sm,
2256 WLAN_REASON_IE_IN_4WAY_DIFFERS);
2257 return -1;
2258 }
2259
2260 if ((sm->ap_rsne_override_2 && !ie->rsne_override_2) ||
2261 (!sm->ap_rsne_override_2 && ie->rsne_override_2) ||
2262 (sm->ap_rsne_override_2 && ie->rsne_override_2 &&
2263 (sm->ap_rsne_override_2_len != ie->rsne_override_2_len ||
2264 os_memcmp(sm->ap_rsne_override_2, ie->rsne_override_2,
2265 sm->ap_rsne_override_2_len) != 0))) {
2266 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2267 "RSN: RSNE Override 2 element mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
2268 wpa_hexdump(MSG_INFO,
2269 "RSNE Override 2 element in Beacon/ProbeResp",
2270 sm->ap_rsne_override_2,
2271 sm->ap_rsne_override_2_len);
2272 wpa_hexdump(MSG_INFO,
2273 "RSNE Override 2 element in EAPOL-Key msg 3/4",
2274 ie->rsne_override_2, ie->rsne_override_2_len);
2275 wpa_sm_deauthenticate(sm,
2276 WLAN_REASON_IE_IN_4WAY_DIFFERS);
2277 return -1;
2278 }
2279
2280 if ((sm->ap_rsnxe_override && !ie->rsnxe_override) ||
2281 (!sm->ap_rsnxe_override && ie->rsnxe_override) ||
2282 (sm->ap_rsnxe_override && ie->rsnxe_override &&
2283 (sm->ap_rsnxe_override_len != ie->rsnxe_override_len ||
2284 os_memcmp(sm->ap_rsnxe_override, ie->rsnxe_override,
2285 sm->ap_rsnxe_override_len) != 0))) {
2286 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2287 "RSN: RSNXE Override element mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
2288 wpa_hexdump(MSG_INFO,
2289 "RSNXE Override element in Beacon/ProbeResp",
2290 sm->ap_rsnxe_override,
2291 sm->ap_rsnxe_override_len);
2292 wpa_hexdump(MSG_INFO,
2293 "RSNXE Override element in EAPOL-Key msg 3/4",
2294 ie->rsnxe_override, ie->rsnxe_override_len);
2295 wpa_sm_deauthenticate(sm,
2296 WLAN_REASON_IE_IN_4WAY_DIFFERS);
2297 return -1;
2298 }
2299 }
2300
2301 #ifdef CONFIG_IEEE80211R
2302 if (wpa_key_mgmt_ft(sm->key_mgmt) &&
2303 wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
2304 return -1;
2305 #endif /* CONFIG_IEEE80211R */
2306
2307 return 0;
2308 }
2309
2310
2311 /**
2312 * wpa_supplicant_send_4_of_4 - Send message 4 of WPA/RSN 4-Way Handshake
2313 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2314 * @dst: Destination address for the frame
2315 * @key: Pointer to the EAPOL-Key frame header
2316 * @ver: Version bits from EAPOL-Key Key Info
2317 * @key_info: Key Info
2318 * @ptk: PTK to use for keyed hash and encryption
2319 * Returns: >= 0 on success, < 0 on failure
2320 */
wpa_supplicant_send_4_of_4(struct wpa_sm * sm,const unsigned char * dst,const struct wpa_eapol_key * key,u16 ver,u16 key_info,struct wpa_ptk * ptk)2321 int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
2322 const struct wpa_eapol_key *key,
2323 u16 ver, u16 key_info,
2324 struct wpa_ptk *ptk)
2325 {
2326 size_t mic_len, hdrlen, rlen;
2327 struct wpa_eapol_key *reply;
2328 u8 *rbuf, *key_mic;
2329 u8 *kde = NULL;
2330 size_t kde_len = 0, extra_len = 0;
2331 #ifdef CONFIG_TESTING_OPTIONS
2332 size_t pad_len = 0;
2333 #endif /* CONFIG_TESTING_OPTIONS */
2334
2335 if (sm->mlo.valid_links) {
2336 u8 *pos;
2337
2338 kde = os_malloc(RSN_SELECTOR_LEN + ETH_ALEN + 2);
2339 if (!kde)
2340 return -1;
2341
2342 /* Add MAC KDE */
2343 wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 4/4");
2344 pos = kde;
2345 pos = rsn_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr,
2346 ETH_ALEN);
2347 kde_len = pos - kde;
2348 }
2349
2350 #ifdef CONFIG_TESTING_OPTIONS
2351 if (sm->test_eapol_m4_elems)
2352 extra_len = wpabuf_len(sm->test_eapol_m4_elems);
2353 if (sm->encrypt_eapol_m4) {
2354 pad_len = (kde_len + extra_len) % 8;
2355 if (pad_len)
2356 pad_len = 8 - pad_len;
2357 extra_len += pad_len + 8;
2358 }
2359 #endif /* CONFIG_TESTING_OPTIONS */
2360
2361 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
2362 hdrlen = sizeof(*reply) + mic_len + 2;
2363 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
2364 hdrlen + kde_len + extra_len, &rlen,
2365 (void *) &reply);
2366 if (!rbuf) {
2367 os_free(kde);
2368 return -1;
2369 }
2370
2371 reply->type = (sm->proto == WPA_PROTO_RSN) ?
2372 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
2373 key_info &= WPA_KEY_INFO_SECURE;
2374 key_info |= ver | WPA_KEY_INFO_KEY_TYPE;
2375 if (mic_len)
2376 key_info |= WPA_KEY_INFO_MIC;
2377 else
2378 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2379 #ifdef CONFIG_TESTING_OPTIONS
2380 if (sm->encrypt_eapol_m4)
2381 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
2382 #endif /* CONFIG_TESTING_OPTIONS */
2383 WPA_PUT_BE16(reply->key_info, key_info);
2384 if (sm->proto == WPA_PROTO_RSN)
2385 WPA_PUT_BE16(reply->key_length, 0);
2386 else
2387 os_memcpy(reply->key_length, key->key_length, 2);
2388 os_memcpy(reply->replay_counter, key->replay_counter,
2389 WPA_REPLAY_COUNTER_LEN);
2390
2391 key_mic = (u8 *) (reply + 1);
2392 /* Key Data length */
2393 WPA_PUT_BE16(key_mic + mic_len, kde_len + extra_len);
2394 if (kde) {
2395 os_memcpy(key_mic + mic_len + 2, kde, kde_len); /* Key Data */
2396 os_free(kde);
2397 }
2398
2399 #ifdef CONFIG_TESTING_OPTIONS
2400 if (sm->test_eapol_m4_elems) {
2401 os_memcpy(key_mic + mic_len + 2 + kde_len,
2402 wpabuf_head(sm->test_eapol_m4_elems),
2403 wpabuf_len(sm->test_eapol_m4_elems));
2404 }
2405
2406 if (sm->encrypt_eapol_m4) {
2407 u8 *plain;
2408 size_t plain_len;
2409
2410 if (sm->test_eapol_m4_elems)
2411 extra_len = wpabuf_len(sm->test_eapol_m4_elems);
2412 else
2413 extra_len = 0;
2414 plain_len = kde_len + extra_len + pad_len;
2415 plain = os_memdup(key_mic + mic_len + 2, plain_len);
2416 if (!plain) {
2417 os_free(rbuf);
2418 return -1;
2419 }
2420 if (pad_len)
2421 plain[plain_len - pad_len] = 0xdd;
2422
2423 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
2424 ptk->kek, ptk->kek_len);
2425 if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
2426 key_mic + mic_len + 2)) {
2427 os_free(plain);
2428 os_free(rbuf);
2429 return -1;
2430 }
2431 wpa_hexdump(MSG_DEBUG,
2432 "RSN: Encrypted Key Data from AES-WRAP",
2433 key_mic + mic_len + 2, plain_len + 8);
2434 os_free(plain);
2435 }
2436 #endif /* CONFIG_TESTING_OPTIONS */
2437
2438 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
2439 return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
2440 key_mic);
2441 }
2442
2443
wpa_supplicant_validate_link_kde(struct wpa_sm * sm,u8 link_id,const u8 * link_kde,size_t link_kde_len,const u8 * rsn_override_link_kde,size_t rsn_override_link_kde_len)2444 static int wpa_supplicant_validate_link_kde(struct wpa_sm *sm, u8 link_id,
2445 const u8 *link_kde,
2446 size_t link_kde_len,
2447 const u8 *rsn_override_link_kde,
2448 size_t rsn_override_link_kde_len)
2449 {
2450 size_t rsne_len = 0, rsnxe_len = 0, rsnoe_len = 0, rsno2e_len = 0,
2451 rsnxoe_len = 0;
2452 const u8 *rsne = NULL, *rsnxe = NULL, *rsnoe = NULL, *rsno2e = NULL,
2453 *rsnxoe = NULL;
2454
2455 if (!link_kde ||
2456 link_kde_len < RSN_MLO_LINK_KDE_LINK_MAC_INDEX + ETH_ALEN) {
2457 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2458 "RSN: MLO Link KDE is not found for link ID %d",
2459 link_id);
2460 return -1;
2461 }
2462
2463 if (!ether_addr_equal(sm->mlo.links[link_id].bssid,
2464 &link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX])) {
2465 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2466 "RSN: MLO Link %u MAC address (" MACSTR
2467 ") not matching association response (" MACSTR ")",
2468 link_id,
2469 MAC2STR(&link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX]),
2470 MAC2STR(sm->mlo.links[link_id].bssid));
2471 return -1;
2472 }
2473
2474 if (link_kde[0] & RSN_MLO_LINK_KDE_LI_RSNE_INFO) {
2475 rsne = link_kde + RSN_MLO_LINK_KDE_FIXED_LENGTH;
2476 if (link_kde_len < RSN_MLO_LINK_KDE_FIXED_LENGTH + 2 ||
2477 link_kde_len <
2478 (size_t) (RSN_MLO_LINK_KDE_FIXED_LENGTH + 2 + rsne[1])) {
2479 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2480 "RSN: No room for link %u RSNE in MLO Link KDE",
2481 link_id);
2482 return -1;
2483 }
2484
2485 rsne_len = rsne[1] + 2;
2486 }
2487
2488 if (!rsne) {
2489 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2490 "RSN: RSNE not present in MLO Link %u KDE", link_id);
2491 return -1;
2492 }
2493
2494 if (link_kde[0] & RSN_MLO_LINK_KDE_LI_RSNXE_INFO) {
2495 rsnxe = link_kde + RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len;
2496 if (link_kde_len <
2497 (RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len + 2) ||
2498 link_kde_len <
2499 (RSN_MLO_LINK_KDE_FIXED_LENGTH + rsne_len + 2 + rsnxe[1])) {
2500 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2501 "RSN: No room for link %u RSNXE in MLO Link KDE",
2502 link_id);
2503 return -1;
2504 }
2505
2506 rsnxe_len = rsnxe[1] + 2;
2507 }
2508
2509 if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2510 sm->mlo.links[link_id].ap_rsne,
2511 sm->mlo.links[link_id].ap_rsne_len,
2512 rsne, rsne_len)) {
2513 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2514 "RSN MLO: RSNE in 3/4 msg does not match with IE in Beacon/ProbeResp for link ID %u",
2515 link_id);
2516 wpa_hexdump(MSG_INFO, "RSNE in Beacon/ProbeResp",
2517 sm->mlo.links[link_id].ap_rsne,
2518 sm->mlo.links[link_id].ap_rsne_len);
2519 wpa_hexdump(MSG_INFO, "RSNE in EAPOL-Key msg 3/4",
2520 rsne, rsne_len);
2521 goto fail;
2522 }
2523
2524 if ((sm->mlo.links[link_id].ap_rsnxe && !rsnxe) ||
2525 (!sm->mlo.links[link_id].ap_rsnxe && rsnxe) ||
2526 (sm->mlo.links[link_id].ap_rsnxe && rsnxe &&
2527 (sm->mlo.links[link_id].ap_rsnxe_len != rsnxe_len ||
2528 os_memcmp(sm->mlo.links[link_id].ap_rsnxe, rsnxe,
2529 sm->mlo.links[link_id].ap_rsnxe_len) != 0))) {
2530 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2531 "RSN MLO: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4 for link ID %u",
2532 link_id);
2533 wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
2534 sm->mlo.links[link_id].ap_rsnxe,
2535 sm->mlo.links[link_id].ap_rsnxe_len);
2536 wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4",
2537 rsnxe, rsnxe_len);
2538 goto fail;
2539 }
2540
2541 if (!wpa_sm_rsn_overriding_supported(sm))
2542 return 0;
2543
2544 if (rsn_override_link_kde) {
2545 rsnoe = get_vendor_ie(rsn_override_link_kde + 1,
2546 rsn_override_link_kde_len - 1,
2547 RSNE_OVERRIDE_IE_VENDOR_TYPE);
2548 if (rsnoe)
2549 rsnoe_len = 2 + rsnoe[1];
2550
2551 rsno2e = get_vendor_ie(rsn_override_link_kde + 1,
2552 rsn_override_link_kde_len - 1,
2553 RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
2554 if (rsno2e)
2555 rsno2e_len = 2 + rsno2e[1];
2556
2557 rsnxoe = get_vendor_ie(rsn_override_link_kde + 1,
2558 rsn_override_link_kde_len - 1,
2559 RSNXE_OVERRIDE_IE_VENDOR_TYPE);
2560 if (rsnxoe)
2561 rsnxoe_len = 2 + rsnxoe[1];
2562 }
2563
2564 if ((sm->mlo.links[link_id].ap_rsnoe && !rsnoe) ||
2565 (!sm->mlo.links[link_id].ap_rsnoe && rsnoe) ||
2566 (sm->mlo.links[link_id].ap_rsnoe && rsnoe &&
2567 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2568 sm->mlo.links[link_id].ap_rsnoe,
2569 sm->mlo.links[link_id].ap_rsnoe_len,
2570 rsnoe, rsnoe_len))) {
2571 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2572 "RSN MLO: RSNOE in 3/4 msg does not match with IE in Beacon/ProbeResp for link ID %u",
2573 link_id);
2574 wpa_hexdump(MSG_INFO, "RSNOE in Beacon/ProbeResp",
2575 sm->mlo.links[link_id].ap_rsnoe,
2576 sm->mlo.links[link_id].ap_rsnoe_len);
2577 wpa_hexdump(MSG_INFO, "RSNOE in EAPOL-Key msg 3/4",
2578 rsnoe, rsnoe_len);
2579 goto fail;
2580 }
2581
2582 if ((sm->mlo.links[link_id].ap_rsno2e && !rsno2e) ||
2583 (!sm->mlo.links[link_id].ap_rsno2e && rsno2e) ||
2584 (sm->mlo.links[link_id].ap_rsno2e && rsno2e &&
2585 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
2586 sm->mlo.links[link_id].ap_rsno2e,
2587 sm->mlo.links[link_id].ap_rsno2e_len,
2588 rsno2e, rsno2e_len))) {
2589 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2590 "RSN MLO: RSNO2E in 3/4 msg does not match with IE in Beacon/ProbeResp for link ID %u",
2591 link_id);
2592 wpa_hexdump(MSG_INFO, "RSNO2E in Beacon/ProbeResp",
2593 sm->mlo.links[link_id].ap_rsno2e,
2594 sm->mlo.links[link_id].ap_rsno2e_len);
2595 wpa_hexdump(MSG_INFO, "RSNOE in EAPOL-Key msg 3/4",
2596 rsno2e, rsno2e_len);
2597 goto fail;
2598 }
2599
2600 if ((sm->mlo.links[link_id].ap_rsnxoe && !rsnxoe) ||
2601 (!sm->mlo.links[link_id].ap_rsnxoe && rsnxoe) ||
2602 (sm->mlo.links[link_id].ap_rsnxoe && rsnxoe &&
2603 (sm->mlo.links[link_id].ap_rsnxoe_len != rsnxoe_len ||
2604 os_memcmp(sm->mlo.links[link_id].ap_rsnxoe, rsnxoe,
2605 sm->mlo.links[link_id].ap_rsnxoe_len) != 0))) {
2606 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2607 "RSN MLO: RSNXOE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4 for link ID %u",
2608 link_id);
2609 wpa_hexdump(MSG_INFO, "RSNXOE in Beacon/ProbeResp",
2610 sm->mlo.links[link_id].ap_rsnxoe,
2611 sm->mlo.links[link_id].ap_rsnxoe_len);
2612 wpa_hexdump(MSG_INFO, "RSNXOE in EAPOL-Key msg 3/4",
2613 rsnxoe, rsnxoe_len);
2614 goto fail;
2615 }
2616
2617 return 0;
2618 fail:
2619 wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
2620 return -1;
2621 }
2622
2623
wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm * sm,u8 link_id,struct wpa_eapol_ie_parse * ie)2624 static int wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm *sm,
2625 u8 link_id,
2626 struct wpa_eapol_ie_parse *ie)
2627 {
2628 if (ie->mlo_igtk[link_id] &&
2629 ie->mlo_igtk_len[link_id] != RSN_MLO_IGTK_KDE_PREFIX_LENGTH +
2630 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2631 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2632 "RSN MLO: Invalid IGTK KDE length %lu for link ID %u",
2633 (unsigned long) ie->mlo_igtk_len[link_id], link_id);
2634 return -1;
2635 }
2636
2637 if (!sm->beacon_prot)
2638 return 0;
2639
2640 if (ie->mlo_bigtk[link_id] &&
2641 ie->mlo_bigtk_len[link_id] != RSN_MLO_BIGTK_KDE_PREFIX_LENGTH +
2642 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2643 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2644 "RSN MLO: Invalid BIGTK KDE length %lu for link ID %u",
2645 (unsigned long) ie->mlo_bigtk_len[link_id], link_id);
2646 return -1;
2647 }
2648
2649 return 0;
2650 }
2651
2652
wpa_supplicant_process_3_of_4_wpa(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)2653 static void wpa_supplicant_process_3_of_4_wpa(struct wpa_sm *sm,
2654 const struct wpa_eapol_key *key,
2655 u16 ver, const u8 *key_data,
2656 size_t key_data_len)
2657 {
2658 u16 key_info, keylen;
2659 struct wpa_eapol_ie_parse ie;
2660
2661 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
2662 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2663 "WPA: RX message 3 of 4-Way Handshake from " MACSTR
2664 " (ver=%d)", MAC2STR(sm->bssid), ver);
2665
2666 key_info = WPA_GET_BE16(key->key_info);
2667
2668 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
2669 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
2670 goto failed;
2671
2672 if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2673 goto failed;
2674
2675 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2676 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2677 "WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet (src="
2678 MACSTR ")", MAC2STR(sm->bssid));
2679 goto failed;
2680 }
2681
2682 keylen = WPA_GET_BE16(key->key_length);
2683 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
2684 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2685 "WPA: Invalid %s key length %d (src=" MACSTR ")",
2686 wpa_cipher_txt(sm->pairwise_cipher), keylen,
2687 MAC2STR(sm->bssid));
2688 goto failed;
2689 }
2690
2691 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
2692 key_info, &sm->ptk) < 0)
2693 goto failed;
2694
2695 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
2696 * for the next 4-Way Handshake. If msg 3 is received again, the old
2697 * SNonce will still be used to avoid changing PTK. */
2698 sm->renew_snonce = 1;
2699
2700 if ((key_info & WPA_KEY_INFO_INSTALL) &&
2701 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX_TX))
2702 goto failed;
2703
2704 if (key_info & WPA_KEY_INFO_SECURE) {
2705 wpa_sm_mlme_setprotection(
2706 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
2707 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
2708 eapol_sm_notify_portValid(sm->eapol, true);
2709 }
2710 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2711
2712 sm->msg_3_of_4_ok = 1;
2713 return;
2714
2715 failed:
2716 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
2717 }
2718
2719
wpa_supplicant_process_3_of_4(struct wpa_sm * sm,const struct wpa_eapol_key * key,u16 ver,const u8 * key_data,size_t key_data_len)2720 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
2721 const struct wpa_eapol_key *key,
2722 u16 ver, const u8 *key_data,
2723 size_t key_data_len)
2724 {
2725 u16 key_info, keylen;
2726 struct wpa_eapol_ie_parse ie;
2727 bool mlo = sm->mlo.valid_links;
2728 int i;
2729
2730 wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
2731 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2732 "RSN: RX message 3 of 4-Way Handshake from " MACSTR
2733 " (ver=%d)%s", MAC2STR(sm->bssid), ver, mlo ? " (MLO)" : "");
2734
2735 key_info = WPA_GET_BE16(key->key_info);
2736
2737 wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
2738 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
2739 goto failed;
2740
2741 if (sm->ssid_protection) {
2742 if (!ie.ssid) {
2743 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2744 "RSN: No SSID included in EAPOL-Key msg 3/4");
2745 goto failed;
2746 }
2747
2748 if (ie.ssid_len != sm->ssid_len ||
2749 os_memcmp(ie.ssid, sm->ssid, sm->ssid_len) != 0) {
2750 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2751 "RSN: SSID mismatch in EAPOL-Key msg 3/4");
2752 wpa_hexdump_ascii(MSG_DEBUG, "RSN: Received SSID",
2753 ie.ssid, ie.ssid_len);
2754 wpa_hexdump_ascii(MSG_DEBUG, "RSN: Expected SSID",
2755 sm->ssid, sm->ssid_len);
2756 goto failed;
2757 }
2758
2759 wpa_sm_ssid_verified(sm);
2760 }
2761
2762 if (mlo && !ie.valid_mlo_gtks) {
2763 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2764 "MLO RSN: No GTK KDE included in EAPOL-Key msg 3/4");
2765 goto failed;
2766 }
2767 if (mlo &&
2768 (key_info &
2769 (WPA_KEY_INFO_ENCR_KEY_DATA | WPA_KEY_INFO_INSTALL |
2770 WPA_KEY_INFO_SECURE)) !=
2771 (WPA_KEY_INFO_ENCR_KEY_DATA | WPA_KEY_INFO_INSTALL |
2772 WPA_KEY_INFO_SECURE)) {
2773 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2774 "RSN MLO: Invalid key info (0x%x) in EAPOL-Key msg 3/4",
2775 key_info);
2776 goto failed;
2777 }
2778
2779 if (mlo && !is_valid_ap_mld_mac_kde(sm, ie.mac_addr)) {
2780 wpa_printf(MSG_DEBUG, "RSN: Invalid AP MLD MAC address KDE");
2781 goto failed;
2782 }
2783
2784 for (i = 0; mlo && i < MAX_NUM_MLD_LINKS; i++) {
2785 if (!(sm->mlo.req_links & BIT(i)))
2786 continue;
2787
2788 if (wpa_supplicant_validate_link_kde(
2789 sm, i, ie.mlo_link[i], ie.mlo_link_len[i],
2790 ie.rsn_override_link[i],
2791 ie.rsn_override_link_len[i]) < 0)
2792 goto failed;
2793
2794 if (!(sm->mlo.valid_links & BIT(i)))
2795 continue;
2796
2797 if (!ie.mlo_gtk[i]) {
2798 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
2799 "RSN: GTK not found for link ID %u", i);
2800 goto failed;
2801 }
2802
2803 if (sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
2804 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
2805 wpa_validate_mlo_ieee80211w_kdes(sm, i, &ie) < 0)
2806 goto failed;
2807 }
2808
2809 #ifdef CONFIG_IEEE80211R
2810 if (mlo && wpa_key_mgmt_ft(sm->key_mgmt) &&
2811 wpa_supplicant_validate_ie_ft(sm, sm->bssid, &ie) < 0)
2812 goto failed;
2813 #endif /* CONFIG_IEEE80211R */
2814
2815 if (!mlo && ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2816 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2817 "WPA: GTK IE in unencrypted key data");
2818 goto failed;
2819 }
2820 if (!mlo && ie.igtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
2821 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2822 "WPA: IGTK KDE in unencrypted key data");
2823 goto failed;
2824 }
2825
2826 if (!mlo && ie.igtk &&
2827 sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
2828 wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
2829 ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
2830 (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
2831 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2832 "WPA: Invalid IGTK KDE length %lu",
2833 (unsigned long) ie.igtk_len);
2834 goto failed;
2835 }
2836
2837 if (!mlo && wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
2838 goto failed;
2839
2840 if (wpa_handle_ext_key_id(sm, &ie))
2841 goto failed;
2842
2843 if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
2844 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2845 "WPA: ANonce from message 1 of 4-Way Handshake "
2846 "differs from 3 of 4-Way Handshake - drop packet (src="
2847 MACSTR ")", MAC2STR(sm->bssid));
2848 goto failed;
2849 }
2850
2851 keylen = WPA_GET_BE16(key->key_length);
2852 if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
2853 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2854 "WPA: Invalid %s key length %d (src=" MACSTR
2855 ")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
2856 MAC2STR(sm->bssid));
2857 goto failed;
2858 }
2859
2860 #ifdef CONFIG_P2P
2861 if (ie.ip_addr_alloc) {
2862 os_memcpy(sm->p2p_ip_addr, ie.ip_addr_alloc, 3 * 4);
2863 wpa_hexdump(MSG_DEBUG, "P2P: IP address info",
2864 sm->p2p_ip_addr, sizeof(sm->p2p_ip_addr));
2865 }
2866 #endif /* CONFIG_P2P */
2867
2868 #ifdef CONFIG_OCV
2869 if (wpa_sm_ocv_enabled(sm)) {
2870 struct wpa_channel_info ci;
2871
2872 if (wpa_sm_channel_info(sm, &ci) != 0) {
2873 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
2874 "Failed to get channel info to validate received OCI in EAPOL-Key 3/4");
2875 return;
2876 }
2877
2878 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
2879 channel_width_to_int(ci.chanwidth),
2880 ci.seg1_idx) != OCI_SUCCESS) {
2881 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
2882 "addr=" MACSTR " frame=eapol-key-m3 error=%s",
2883 MAC2STR(sm->bssid), ocv_errorstr);
2884 return;
2885 }
2886 }
2887 #endif /* CONFIG_OCV */
2888
2889 #ifdef CONFIG_DPP2
2890 if (DPP_VERSION > 1 && ie.dpp_kde) {
2891 wpa_printf(MSG_DEBUG,
2892 "DPP: peer Protocol Version %u Flags 0x%x",
2893 ie.dpp_kde[0], ie.dpp_kde[1]);
2894 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_pfs != 2 &&
2895 (ie.dpp_kde[1] & DPP_KDE_PFS_ALLOWED) && !sm->dpp_z) {
2896 wpa_printf(MSG_INFO,
2897 "DPP: Peer indicated it supports PFS and local configuration allows this, but PFS was not negotiated for the association");
2898 goto failed;
2899 }
2900 }
2901 #endif /* CONFIG_DPP2 */
2902
2903 if (sm->use_ext_key_id &&
2904 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX))
2905 goto failed;
2906
2907 if (!sm->use_ext_key_id &&
2908 wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX | KEY_FLAG_NEXT)) {
2909 /* Continue anyway since the many drivers do not support
2910 * configuration of the TK for RX-only purposes for cases where
2911 * multiple keys might be in use in parallel and this being an
2912 * optional optimization to avoid race condition during TK
2913 * changes that could result in some protected frames getting
2914 * discarded. */
2915 }
2916
2917 if (wpa_supplicant_send_4_of_4(sm, wpa_sm_get_auth_addr(sm), key, ver,
2918 key_info, &sm->ptk) < 0)
2919 goto failed;
2920
2921 /* SNonce was successfully used in msg 3/4, so mark it to be renewed
2922 * for the next 4-Way Handshake. If msg 3 is received again, the old
2923 * SNonce will still be used to avoid changing PTK. */
2924 sm->renew_snonce = 1;
2925
2926 if (key_info & WPA_KEY_INFO_INSTALL) {
2927 int res;
2928
2929 if (sm->use_ext_key_id)
2930 res = wpa_supplicant_activate_ptk(sm);
2931 else
2932 res = wpa_supplicant_install_ptk(sm, key,
2933 KEY_FLAG_RX_TX);
2934 if (res)
2935 goto failed;
2936 }
2937
2938 if (key_info & WPA_KEY_INFO_SECURE) {
2939 wpa_sm_mlme_setprotection(
2940 sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
2941 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
2942 eapol_sm_notify_portValid(sm->eapol, true);
2943 }
2944 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
2945
2946 if (mlo) {
2947 if (wpa_supplicant_pairwise_mlo_gtk(sm, key, &ie,
2948 key_info) < 0) {
2949 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2950 "MLO RSN: Failed to configure MLO GTKs");
2951 goto failed;
2952 }
2953 } else if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
2954 /* No GTK to be set to the driver */
2955 } else if (!ie.gtk && sm->proto == WPA_PROTO_RSN) {
2956 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2957 "RSN: No GTK KDE included in EAPOL-Key msg 3/4");
2958 goto failed;
2959 } else if (ie.gtk &&
2960 wpa_supplicant_pairwise_gtk(sm, key,
2961 ie.gtk, ie.gtk_len, key_info) < 0) {
2962 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2963 "RSN: Failed to configure GTK");
2964 goto failed;
2965 }
2966
2967 if ((mlo && mlo_ieee80211w_set_keys(sm, &ie) < 0) ||
2968 (!mlo && ieee80211w_set_keys(sm, &ie) < 0)) {
2969 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
2970 "RSN: Failed to configure IGTK");
2971 goto failed;
2972 }
2973
2974 if (mlo || sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.gtk)
2975 wpa_supplicant_key_neg_complete(sm, sm->bssid,
2976 key_info & WPA_KEY_INFO_SECURE);
2977
2978 if (mlo || ie.gtk)
2979 wpa_sm_set_rekey_offload(sm);
2980
2981 /* Add PMKSA cache entry for Suite B AKMs here since PMKID can be
2982 * calculated only after KCK has been derived. Though, do not replace an
2983 * existing PMKSA entry after each 4-way handshake (i.e., new KCK/PMKID)
2984 * to avoid unnecessary changes of PMKID while continuing to use the
2985 * same PMK. */
2986 if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) &&
2987 !sm->cur_pmksa) {
2988 struct rsn_pmksa_cache_entry *sa;
2989
2990 sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
2991 sm->ptk.kck, sm->ptk.kck_len,
2992 wpa_sm_get_auth_addr(sm), sm->own_addr,
2993 sm->network_ctx, sm->key_mgmt, NULL);
2994 if (!sm->cur_pmksa)
2995 sm->cur_pmksa = sa;
2996 }
2997
2998 if (ie.transition_disable)
2999 wpa_sm_transition_disable(sm, ie.transition_disable[0]);
3000 sm->msg_3_of_4_ok = 1;
3001 return;
3002
3003 failed:
3004 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3005 }
3006
3007
wpa_supplicant_send_2_of_2(struct wpa_sm * sm,const struct wpa_eapol_key * key,int ver,u16 key_info)3008 static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
3009 const struct wpa_eapol_key *key,
3010 int ver, u16 key_info)
3011 {
3012 size_t mic_len, hdrlen, rlen;
3013 struct wpa_eapol_key *reply;
3014 u8 *rbuf, *key_mic;
3015 size_t kde_len = 0;
3016
3017 #ifdef CONFIG_TESTING_OPTIONS
3018 if (sm->disable_eapol_g2_tx) {
3019 wpa_printf(MSG_INFO, "TEST: Disable sending EAPOL-Key 2/2");
3020 return 0;
3021 }
3022 #endif /* CONFIG_TESTING_OPTIONS */
3023
3024 #ifdef CONFIG_OCV
3025 if (wpa_sm_ocv_enabled(sm))
3026 kde_len = OCV_OCI_KDE_LEN;
3027 #endif /* CONFIG_OCV */
3028
3029 mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
3030 hdrlen = sizeof(*reply) + mic_len + 2;
3031 rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
3032 hdrlen + kde_len, &rlen, (void *) &reply);
3033 if (rbuf == NULL)
3034 return -1;
3035
3036 reply->type = (sm->proto == WPA_PROTO_RSN) ?
3037 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
3038 key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
3039 key_info |= ver | WPA_KEY_INFO_SECURE;
3040 if (mic_len)
3041 key_info |= WPA_KEY_INFO_MIC;
3042 else
3043 key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
3044 WPA_PUT_BE16(reply->key_info, key_info);
3045 if (sm->proto == WPA_PROTO_RSN)
3046 WPA_PUT_BE16(reply->key_length, 0);
3047 else
3048 os_memcpy(reply->key_length, key->key_length, 2);
3049 os_memcpy(reply->replay_counter, key->replay_counter,
3050 WPA_REPLAY_COUNTER_LEN);
3051
3052 key_mic = (u8 *) (reply + 1);
3053 WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data Length */
3054
3055 #ifdef CONFIG_OCV
3056 if (wpa_sm_ocv_enabled(sm)) {
3057 struct wpa_channel_info ci;
3058 u8 *pos;
3059
3060 if (wpa_sm_channel_info(sm, &ci) != 0) {
3061 wpa_printf(MSG_WARNING,
3062 "Failed to get channel info for OCI element in EAPOL-Key 2/2");
3063 os_free(rbuf);
3064 return -1;
3065 }
3066 #ifdef CONFIG_TESTING_OPTIONS
3067 if (sm->oci_freq_override_eapol_g2) {
3068 wpa_printf(MSG_INFO,
3069 "TEST: Override OCI KDE frequency %d -> %d MHz",
3070 ci.frequency,
3071 sm->oci_freq_override_eapol_g2);
3072 ci.frequency = sm->oci_freq_override_eapol_g2;
3073 }
3074 #endif /* CONFIG_TESTING_OPTIONS */
3075
3076 pos = key_mic + mic_len + 2; /* Key Data */
3077 if (ocv_insert_oci_kde(&ci, &pos) < 0) {
3078 os_free(rbuf);
3079 return -1;
3080 }
3081 }
3082 #endif /* CONFIG_OCV */
3083
3084 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
3085 return wpa_eapol_key_send(sm, &sm->ptk, ver, wpa_sm_get_auth_addr(sm),
3086 ETH_P_EAPOL, rbuf, rlen, key_mic);
3087 }
3088
3089
wpa_supplicant_process_mlo_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)3090 static void wpa_supplicant_process_mlo_1_of_2(struct wpa_sm *sm,
3091 const unsigned char *src_addr,
3092 const struct wpa_eapol_key *key,
3093 const u8 *key_data,
3094 size_t key_data_len, u16 ver)
3095 {
3096 u16 key_info;
3097 u8 i;
3098 struct wpa_eapol_ie_parse ie;
3099
3100 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
3101 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3102 "MLO RSN: Group Key Handshake started prior to completion of 4-way handshake");
3103 goto failed;
3104 }
3105
3106 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "MLO RSN: RX message 1 of Group "
3107 "Key Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr),
3108 ver);
3109
3110 key_info = WPA_GET_BE16(key->key_info);
3111
3112 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3113
3114 wpa_hexdump_key(MSG_DEBUG, "MLO RSN: msg 1/2 key data", key_data,
3115 key_data_len);
3116 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
3117 goto failed;
3118
3119 if (!ie.valid_mlo_gtks) {
3120 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3121 "MLO RSN: No MLO GTK KDE in Group Key msg 1/2");
3122 goto failed;
3123 }
3124
3125 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
3126 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3127 "MLO RSN: MLO GTK KDE in unencrypted key data");
3128 goto failed;
3129 }
3130
3131 #ifdef CONFIG_OCV
3132 if (wpa_sm_ocv_enabled(sm)) {
3133 struct wpa_channel_info ci;
3134
3135 if (wpa_sm_channel_info(sm, &ci) != 0) {
3136 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3137 "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
3138 goto failed;
3139 }
3140
3141 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
3142 channel_width_to_int(ci.chanwidth),
3143 ci.seg1_idx) != OCI_SUCCESS) {
3144 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
3145 "addr=" MACSTR " frame=eapol-key-g1 error=%s",
3146 MAC2STR(sm->bssid), ocv_errorstr);
3147 goto failed;
3148 }
3149 }
3150 #endif /* CONFIG_OCV */
3151
3152 if (mlo_ieee80211w_set_keys(sm, &ie) < 0)
3153 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3154 "MLO RSN: Failed to configure MLO IGTK");
3155
3156 for_each_link(sm->mlo.valid_links, i) {
3157 /*
3158 * AP may send group keys for subset of the all links during
3159 * rekey
3160 */
3161 if (!ie.mlo_gtk[i])
3162 continue;
3163
3164 if (wpa_supplicant_mlo_gtk(sm, i, ie.mlo_gtk[i],
3165 ie.mlo_gtk_len[i], key_info))
3166 goto failed;
3167 }
3168
3169 if (wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
3170 goto failed;
3171
3172 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "MLO RSN: Group rekeying completed "
3173 "with " MACSTR " [GTK=%s]", MAC2STR(sm->mlo.ap_mld_addr),
3174 wpa_cipher_txt(sm->group_cipher));
3175 wpa_sm_cancel_auth_timeout(sm);
3176 wpa_sm_set_state(sm, WPA_COMPLETED);
3177
3178 wpa_sm_set_rekey_offload(sm);
3179
3180 return;
3181
3182 failed:
3183 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3184 }
3185
3186
wpa_supplicant_process_1_of_2_wpa(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)3187 static void wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
3188 const unsigned char *src_addr,
3189 const struct wpa_eapol_key *key,
3190 const u8 *key_data,
3191 size_t key_data_len, u16 ver)
3192 {
3193 u16 key_info;
3194 int rekey;
3195 struct wpa_gtk_data gd;
3196 const u8 *key_rsc;
3197 size_t maxkeylen;
3198 u16 gtk_len;
3199
3200 if (!sm->msg_3_of_4_ok) {
3201 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3202 "WPA: Group Key Handshake started prior to completion of 4-way handshake");
3203 goto failed;
3204 }
3205
3206 os_memset(&gd, 0, sizeof(gd));
3207
3208 rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
3209 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3210 "WPA: RX message 1 of Group Key Handshake from " MACSTR
3211 " (ver=%d)", MAC2STR(src_addr), ver);
3212
3213 key_info = WPA_GET_BE16(key->key_info);
3214
3215 gtk_len = WPA_GET_BE16(key->key_length);
3216 maxkeylen = key_data_len;
3217 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3218 if (maxkeylen < 8) {
3219 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3220 "WPA: Too short maxkeylen (%lu)",
3221 (unsigned long) maxkeylen);
3222 goto failed;
3223 }
3224 maxkeylen -= 8;
3225 }
3226
3227 if (gtk_len > maxkeylen ||
3228 wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
3229 gtk_len, maxkeylen,
3230 &gd.key_rsc_len, &gd.alg))
3231 goto failed;
3232
3233 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3234
3235 gd.gtk_len = gtk_len;
3236 gd.keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3237 WPA_KEY_INFO_KEY_INDEX_SHIFT;
3238 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
3239 #if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
3240 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3241 "WPA: RC4 not supported in the build");
3242 goto failed;
3243 #else /* CONFIG_NO_RC4 || CONFIG_FIPS */
3244 u8 ek[32];
3245 if (key_data_len > sizeof(gd.gtk)) {
3246 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3247 "WPA: RC4 key data too long (%lu)",
3248 (unsigned long) key_data_len);
3249 goto failed;
3250 }
3251 os_memcpy(ek, key->key_iv, 16);
3252 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
3253 os_memcpy(gd.gtk, key_data, key_data_len);
3254 if (rc4_skip(ek, 32, 256, gd.gtk, key_data_len)) {
3255 forced_memzero(ek, sizeof(ek));
3256 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
3257 "WPA: RC4 failed");
3258 goto failed;
3259 }
3260 forced_memzero(ek, sizeof(ek));
3261 #endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
3262 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3263 if (maxkeylen % 8) {
3264 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3265 "WPA: Unsupported AES-WRAP len %lu",
3266 (unsigned long) maxkeylen);
3267 goto failed;
3268 }
3269 if (maxkeylen > sizeof(gd.gtk)) {
3270 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3271 "WPA: AES-WRAP key data "
3272 "too long (keydatalen=%lu maxkeylen=%lu)",
3273 (unsigned long) key_data_len,
3274 (unsigned long) maxkeylen);
3275 goto failed;
3276 }
3277 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8,
3278 key_data, gd.gtk)) {
3279 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3280 "WPA: AES unwrap failed - could not decrypt "
3281 "GTK");
3282 goto failed;
3283 }
3284 } else {
3285 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3286 "WPA: Unsupported key_info type %d", ver);
3287 goto failed;
3288 }
3289 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
3290 sm, !!(key_info & WPA_KEY_INFO_TXRX));
3291
3292 key_rsc = key->key_rsc;
3293 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
3294 key_rsc = null_rsc;
3295
3296 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
3297 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
3298 goto failed;
3299 forced_memzero(&gd, sizeof(gd));
3300
3301 if (rekey) {
3302 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3303 "WPA: Group rekeying completed with " MACSTR
3304 " [GTK=%s]",
3305 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3306 wpa_sm_cancel_auth_timeout(sm);
3307 wpa_sm_set_state(sm, WPA_COMPLETED);
3308 } else {
3309 wpa_supplicant_key_neg_complete(sm, sm->bssid,
3310 key_info & WPA_KEY_INFO_SECURE);
3311 }
3312
3313 wpa_sm_set_rekey_offload(sm);
3314
3315 return;
3316
3317 failed:
3318 forced_memzero(&gd, sizeof(gd));
3319 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3320 }
3321
3322
wpa_supplicant_process_1_of_2(struct wpa_sm * sm,const unsigned char * src_addr,const struct wpa_eapol_key * key,const u8 * key_data,size_t key_data_len,u16 ver)3323 static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
3324 const unsigned char *src_addr,
3325 const struct wpa_eapol_key *key,
3326 const u8 *key_data,
3327 size_t key_data_len, u16 ver)
3328 {
3329 u16 key_info;
3330 struct wpa_gtk_data gd;
3331 const u8 *key_rsc;
3332 int maxkeylen;
3333 struct wpa_eapol_ie_parse ie;
3334 u16 gtk_len;
3335
3336 if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
3337 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3338 "RSN: Group Key Handshake started prior to completion of 4-way handshake");
3339 goto failed;
3340 }
3341
3342 os_memset(&gd, 0, sizeof(gd));
3343
3344 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3345 "RSN: RX message 1 of Group Key Handshake from " MACSTR
3346 " (ver=%d)", MAC2STR(src_addr), ver);
3347
3348 key_info = WPA_GET_BE16(key->key_info);
3349
3350 wpa_hexdump_key(MSG_DEBUG, "RSN: msg 1/2 key data",
3351 key_data, key_data_len);
3352 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
3353 goto failed;
3354
3355 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
3356
3357 if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
3358 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3359 "RSN: GTK KDE in unencrypted key data");
3360 goto failed;
3361 }
3362 if (!ie.gtk) {
3363 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3364 "RSN: No GTK KDE in Group Key msg 1/2");
3365 goto failed;
3366 }
3367 gtk_len = ie.gtk_len;
3368 if (gtk_len < 2) {
3369 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3370 "RSN: Invalid GTK KDE length (%u) in Group Key msg 1/2",
3371 gtk_len);
3372 goto failed;
3373 }
3374 gtk_len -= 2;
3375 if (gtk_len > sizeof(gd.gtk)) {
3376 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3377 "RSN: Too long GTK in GTK KDE (len=%u)", gtk_len);
3378 goto failed;
3379 }
3380 maxkeylen = gd.gtk_len = gtk_len;
3381
3382 #ifdef CONFIG_OCV
3383 if (wpa_sm_ocv_enabled(sm)) {
3384 struct wpa_channel_info ci;
3385
3386 if (wpa_sm_channel_info(sm, &ci) != 0) {
3387 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3388 "Failed to get channel info to validate received OCI in EAPOL-Key group msg 1/2");
3389 goto failed;
3390 }
3391
3392 if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
3393 channel_width_to_int(ci.chanwidth),
3394 ci.seg1_idx) != OCI_SUCCESS) {
3395 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
3396 "addr=" MACSTR " frame=eapol-key-g1 error=%s",
3397 MAC2STR(sm->bssid), ocv_errorstr);
3398 goto failed;
3399 }
3400 }
3401 #endif /* CONFIG_OCV */
3402
3403 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
3404 gtk_len, maxkeylen,
3405 &gd.key_rsc_len, &gd.alg))
3406 goto failed;
3407
3408 wpa_hexdump_key(MSG_DEBUG, "RSN: received GTK in group key handshake",
3409 ie.gtk, 2 + gtk_len);
3410 gd.keyidx = ie.gtk[0] & 0x3;
3411 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
3412 !!(ie.gtk[0] & BIT(2)));
3413 os_memcpy(gd.gtk, ie.gtk + 2, gtk_len);
3414
3415 if (ieee80211w_set_keys(sm, &ie) < 0)
3416 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3417 "RSN: Failed to configure IGTK");
3418
3419 key_rsc = key->key_rsc;
3420 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
3421 key_rsc = null_rsc;
3422
3423 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
3424 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
3425 goto failed;
3426 forced_memzero(&gd, sizeof(gd));
3427
3428 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3429 "RSN: Group rekeying completed with " MACSTR " [GTK=%s]",
3430 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3431 wpa_sm_cancel_auth_timeout(sm);
3432 wpa_sm_set_state(sm, WPA_COMPLETED);
3433
3434 wpa_sm_set_rekey_offload(sm);
3435
3436 return;
3437
3438 failed:
3439 forced_memzero(&gd, sizeof(gd));
3440 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
3441 }
3442
3443
wpa_sm_tptk_to_ptk(struct wpa_sm * sm)3444 static void wpa_sm_tptk_to_ptk(struct wpa_sm *sm)
3445 {
3446 sm->tptk_set = 0;
3447 sm->ptk_set = 1;
3448 os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
3449 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
3450
3451 if (wpa_sm_pmf_enabled(sm)) {
3452 os_memcpy(sm->last_kck, sm->ptk.kck, sm->ptk.kck_len);
3453 sm->last_kck_len = sm->ptk.kck_len;
3454 sm->last_kck_pmk_len = sm->pmk_len;
3455 sm->last_kck_key_mgmt = sm->key_mgmt;
3456 sm->last_kck_eapol_key_ver = sm->last_eapol_key_ver;
3457 os_memcpy(sm->last_kck_aa, wpa_sm_get_auth_addr(sm), ETH_ALEN);
3458 } else {
3459 os_memset(sm->last_kck, 0, sizeof(sm->last_kck));
3460 sm->last_kck_len = 0;
3461 os_memset(sm->last_kck_aa, 0, ETH_ALEN);
3462 }
3463 }
3464
3465
wpa_supplicant_verify_eapol_key_mic(struct wpa_sm * sm,struct wpa_eapol_key * key,u16 ver,const u8 * buf,size_t len)3466 static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
3467 struct wpa_eapol_key *key,
3468 u16 ver,
3469 const u8 *buf, size_t len)
3470 {
3471 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
3472 int ok = 0;
3473 size_t mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
3474
3475 os_memcpy(mic, key + 1, mic_len);
3476 if (sm->tptk_set) {
3477 os_memset(key + 1, 0, mic_len);
3478 if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
3479 sm->key_mgmt,
3480 ver, buf, len, (u8 *) (key + 1)) < 0 ||
3481 os_memcmp_const(mic, key + 1, mic_len) != 0) {
3482 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3483 "WPA: Invalid EAPOL-Key MIC "
3484 "when using TPTK - ignoring TPTK");
3485 #ifdef TEST_FUZZ
3486 wpa_printf(MSG_INFO,
3487 "TEST: Ignore Key MIC failure for fuzz testing");
3488 goto continue_fuzz;
3489 #endif /* TEST_FUZZ */
3490 } else {
3491 #ifdef TEST_FUZZ
3492 continue_fuzz:
3493 #endif /* TEST_FUZZ */
3494 ok = 1;
3495 wpa_sm_tptk_to_ptk(sm);
3496 /*
3497 * This assures the same TPTK in sm->tptk can never be
3498 * copied twice to sm->ptk as the new PTK. In
3499 * combination with the installed flag in the wpa_ptk
3500 * struct, this assures the same PTK is only installed
3501 * once.
3502 */
3503 sm->renew_snonce = 1;
3504 }
3505 }
3506
3507 if (!ok && sm->ptk_set) {
3508 os_memset(key + 1, 0, mic_len);
3509 if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
3510 sm->key_mgmt,
3511 ver, buf, len, (u8 *) (key + 1)) < 0 ||
3512 os_memcmp_const(mic, key + 1, mic_len) != 0) {
3513 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3514 "WPA: Invalid EAPOL-Key MIC - "
3515 "dropping packet");
3516 #ifdef TEST_FUZZ
3517 wpa_printf(MSG_INFO,
3518 "TEST: Ignore Key MIC failure for fuzz testing");
3519 goto continue_fuzz2;
3520 #endif /* TEST_FUZZ */
3521 return -1;
3522 }
3523 #ifdef TEST_FUZZ
3524 continue_fuzz2:
3525 #endif /* TEST_FUZZ */
3526 ok = 1;
3527 }
3528
3529 if (!ok) {
3530 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3531 "WPA: Could not verify EAPOL-Key MIC - "
3532 "dropping packet");
3533 return -1;
3534 }
3535
3536 os_memcpy(sm->rx_replay_counter, key->replay_counter,
3537 WPA_REPLAY_COUNTER_LEN);
3538 sm->rx_replay_counter_set = 1;
3539 return 0;
3540 }
3541
3542
3543 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */
wpa_supplicant_decrypt_key_data(struct wpa_sm * sm,struct wpa_eapol_key * key,size_t mic_len,u16 ver,u8 * key_data,size_t * key_data_len)3544 static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
3545 struct wpa_eapol_key *key,
3546 size_t mic_len, u16 ver,
3547 u8 *key_data, size_t *key_data_len)
3548 {
3549 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
3550 key_data, *key_data_len);
3551 if (!sm->ptk_set) {
3552 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3553 "WPA: PTK not available, cannot decrypt EAPOL-Key Key "
3554 "Data");
3555 return -1;
3556 }
3557
3558 /* Decrypt key data here so that this operation does not need
3559 * to be implemented separately for each message type. */
3560 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && sm->ptk.kek_len == 16) {
3561 #if defined(CONFIG_NO_RC4) || defined(CONFIG_FIPS)
3562 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3563 "WPA: RC4 not supported in the build");
3564 return -1;
3565 #else /* CONFIG_NO_RC4 || CONFIG_FIPS */
3566 u8 ek[32];
3567
3568 wpa_printf(MSG_DEBUG, "WPA: Decrypt Key Data using RC4");
3569 os_memcpy(ek, key->key_iv, 16);
3570 os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
3571 if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
3572 forced_memzero(ek, sizeof(ek));
3573 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
3574 "WPA: RC4 failed");
3575 return -1;
3576 }
3577 forced_memzero(ek, sizeof(ek));
3578 #endif /* CONFIG_NO_RC4 || CONFIG_FIPS */
3579 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
3580 ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
3581 wpa_use_aes_key_wrap(sm->key_mgmt)) {
3582 u8 *buf;
3583
3584 wpa_printf(MSG_DEBUG,
3585 "WPA: Decrypt Key Data using AES-UNWRAP (KEK length %u)",
3586 (unsigned int) sm->ptk.kek_len);
3587 if (*key_data_len < 8 || *key_data_len % 8) {
3588 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3589 "WPA: Unsupported AES-WRAP len %u",
3590 (unsigned int) *key_data_len);
3591 return -1;
3592 }
3593 *key_data_len -= 8; /* AES-WRAP adds 8 bytes */
3594 buf = os_malloc(*key_data_len);
3595 if (buf == NULL) {
3596 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3597 "WPA: No memory for AES-UNWRAP buffer");
3598 return -1;
3599 }
3600 #ifdef TEST_FUZZ
3601 os_memset(buf, 0x11, *key_data_len);
3602 #endif /* TEST_FUZZ */
3603 if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
3604 key_data, buf)) {
3605 #ifdef TEST_FUZZ
3606 wpa_printf(MSG_INFO,
3607 "TEST: Ignore AES unwrap failure for fuzz testing");
3608 goto continue_fuzz;
3609 #endif /* TEST_FUZZ */
3610 bin_clear_free(buf, *key_data_len);
3611 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3612 "WPA: AES unwrap failed - "
3613 "could not decrypt EAPOL-Key key data");
3614 return -1;
3615 }
3616 #ifdef TEST_FUZZ
3617 continue_fuzz:
3618 #endif /* TEST_FUZZ */
3619 os_memcpy(key_data, buf, *key_data_len);
3620 bin_clear_free(buf, *key_data_len);
3621 WPA_PUT_BE16(((u8 *) (key + 1)) + mic_len, *key_data_len);
3622 } else {
3623 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3624 "WPA: Unsupported key_info type %d", ver);
3625 return -1;
3626 }
3627 wpa_hexdump_key(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
3628 key_data, *key_data_len);
3629 return 0;
3630 }
3631
3632
3633 /**
3634 * wpa_sm_aborted_cached - Notify WPA that PMKSA caching was aborted
3635 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3636 */
wpa_sm_aborted_cached(struct wpa_sm * sm)3637 void wpa_sm_aborted_cached(struct wpa_sm *sm)
3638 {
3639 if (sm && sm->cur_pmksa) {
3640 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3641 "RSN: Cancelling PMKSA caching attempt");
3642 sm->cur_pmksa = NULL;
3643 }
3644 }
3645
3646
wpa_sm_aborted_external_cached(struct wpa_sm * sm)3647 void wpa_sm_aborted_external_cached(struct wpa_sm *sm)
3648 {
3649 if (sm && sm->cur_pmksa && sm->cur_pmksa->external) {
3650 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3651 "RSN: Cancelling external PMKSA caching attempt");
3652 sm->cur_pmksa = NULL;
3653 }
3654 }
3655
3656
wpa_eapol_key_dump(struct wpa_sm * sm,const struct wpa_eapol_key * key,unsigned int key_data_len,const u8 * mic,unsigned int mic_len)3657 static void wpa_eapol_key_dump(struct wpa_sm *sm,
3658 const struct wpa_eapol_key *key,
3659 unsigned int key_data_len,
3660 const u8 *mic, unsigned int mic_len)
3661 {
3662 #ifndef CONFIG_NO_STDOUT_DEBUG
3663 u16 key_info = WPA_GET_BE16(key->key_info);
3664
3665 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, " EAPOL-Key type=%d", key->type);
3666 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3667 " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s%s%s%s%s%s%s%s)",
3668 key_info, key_info & WPA_KEY_INFO_TYPE_MASK,
3669 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
3670 WPA_KEY_INFO_KEY_INDEX_SHIFT,
3671 (key_info & (BIT(13) | BIT(14) | BIT(15))) >> 13,
3672 key_info & WPA_KEY_INFO_KEY_TYPE ? "Pairwise" : "Group",
3673 key_info & WPA_KEY_INFO_INSTALL ? " Install" : "",
3674 key_info & WPA_KEY_INFO_ACK ? " Ack" : "",
3675 key_info & WPA_KEY_INFO_MIC ? " MIC" : "",
3676 key_info & WPA_KEY_INFO_SECURE ? " Secure" : "",
3677 key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
3678 key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
3679 key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
3680 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3681 " key_length=%u key_data_length=%u",
3682 WPA_GET_BE16(key->key_length), key_data_len);
3683 wpa_hexdump(MSG_DEBUG, " replay_counter",
3684 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
3685 wpa_hexdump(MSG_DEBUG, " key_nonce", key->key_nonce, WPA_NONCE_LEN);
3686 wpa_hexdump(MSG_DEBUG, " key_iv", key->key_iv, 16);
3687 wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
3688 wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
3689 wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
3690 #endif /* CONFIG_NO_STDOUT_DEBUG */
3691 }
3692
3693
3694 #ifdef CONFIG_FILS
wpa_supp_aead_decrypt(struct wpa_sm * sm,u8 * buf,size_t buf_len,size_t * key_data_len)3695 static int wpa_supp_aead_decrypt(struct wpa_sm *sm, u8 *buf, size_t buf_len,
3696 size_t *key_data_len)
3697 {
3698 struct wpa_ptk *ptk;
3699 struct ieee802_1x_hdr *hdr;
3700 struct wpa_eapol_key *key;
3701 u8 *pos, *tmp;
3702 const u8 *aad[1];
3703 size_t aad_len[1];
3704
3705 if (*key_data_len < AES_BLOCK_SIZE) {
3706 wpa_printf(MSG_INFO, "No room for AES-SIV data in the frame");
3707 return -1;
3708 }
3709
3710 if (sm->tptk_set)
3711 ptk = &sm->tptk;
3712 else if (sm->ptk_set)
3713 ptk = &sm->ptk;
3714 else
3715 return -1;
3716
3717 hdr = (struct ieee802_1x_hdr *) buf;
3718 key = (struct wpa_eapol_key *) (hdr + 1);
3719 pos = (u8 *) (key + 1);
3720 pos += 2; /* Pointing at the Encrypted Key Data field */
3721
3722 tmp = os_malloc(*key_data_len);
3723 if (!tmp)
3724 return -1;
3725
3726 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
3727 * to Key Data (exclusive). */
3728 aad[0] = buf;
3729 aad_len[0] = pos - buf;
3730 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, *key_data_len,
3731 1, aad, aad_len, tmp) < 0) {
3732 wpa_printf(MSG_INFO, "Invalid AES-SIV data in the frame");
3733 bin_clear_free(tmp, *key_data_len);
3734 return -1;
3735 }
3736
3737 /* AEAD decryption and validation completed successfully */
3738 (*key_data_len) -= AES_BLOCK_SIZE;
3739 wpa_hexdump_key(MSG_DEBUG, "WPA: Decrypted Key Data",
3740 tmp, *key_data_len);
3741
3742 /* Replace Key Data field with the decrypted version */
3743 os_memcpy(pos, tmp, *key_data_len);
3744 pos -= 2; /* Key Data Length field */
3745 WPA_PUT_BE16(pos, *key_data_len);
3746 bin_clear_free(tmp, *key_data_len);
3747
3748 if (sm->tptk_set)
3749 wpa_sm_tptk_to_ptk(sm);
3750
3751 os_memcpy(sm->rx_replay_counter, key->replay_counter,
3752 WPA_REPLAY_COUNTER_LEN);
3753 sm->rx_replay_counter_set = 1;
3754
3755 return 0;
3756 }
3757 #endif /* CONFIG_FILS */
3758
3759
wpa_sm_rx_eapol_wpa(struct wpa_sm * sm,const u8 * src_addr,struct wpa_eapol_key * key,enum frame_encryption encrypted,const u8 * tmp,size_t data_len,u8 * key_data,size_t key_data_len)3760 static int wpa_sm_rx_eapol_wpa(struct wpa_sm *sm, const u8 *src_addr,
3761 struct wpa_eapol_key *key,
3762 enum frame_encryption encrypted,
3763 const u8 *tmp, size_t data_len,
3764 u8 *key_data, size_t key_data_len)
3765 {
3766 u16 key_info, ver;
3767
3768 key_info = WPA_GET_BE16(key->key_info);
3769
3770 if (key->type != EAPOL_KEY_TYPE_WPA) {
3771 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3772 "WPA: Unsupported EAPOL-Key type %d", key->type);
3773 return -1;
3774 }
3775
3776 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
3777 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
3778 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3779 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3780 "WPA: Unsupported EAPOL-Key descriptor version %d",
3781 ver);
3782 return -1;
3783 }
3784
3785 if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
3786 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
3787 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3788 "WPA: CCMP is used, but EAPOL-Key descriptor version (%d) is not 2",
3789 ver);
3790 if (sm->group_cipher != WPA_CIPHER_CCMP &&
3791 !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
3792 /* Earlier versions of IEEE 802.11i did not explicitly
3793 * require version 2 descriptor for all EAPOL-Key
3794 * packets, so allow group keys to use version 1 if
3795 * CCMP is not used for them. */
3796 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3797 "WPA: Backwards compatibility: allow invalid version for non-CCMP group keys");
3798 } else
3799 return -1;
3800 }
3801
3802 if ((key_info & WPA_KEY_INFO_MIC) &&
3803 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
3804 return -1;
3805
3806 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
3807 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
3808 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3809 "WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index");
3810 return -1;
3811 }
3812 if (key_info & (WPA_KEY_INFO_MIC |
3813 WPA_KEY_INFO_ENCR_KEY_DATA)) {
3814 /* 3/4 4-Way Handshake */
3815 wpa_supplicant_process_3_of_4_wpa(sm, key, ver,
3816 key_data,
3817 key_data_len);
3818 } else {
3819 /* 1/4 4-Way Handshake */
3820 wpa_supplicant_process_1_of_4_wpa(sm, src_addr, key,
3821 ver, key_data,
3822 key_data_len,
3823 encrypted);
3824 }
3825 } else {
3826 if (key_info & WPA_KEY_INFO_MIC) {
3827 /* 1/2 Group Key Handshake */
3828 wpa_supplicant_process_1_of_2_wpa(sm, src_addr, key,
3829 key_data,
3830 key_data_len,
3831 ver);
3832 } else {
3833 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3834 "WPA: EAPOL-Key (Group) without Mic/Encr bit - dropped");
3835 }
3836 }
3837
3838 return 1;
3839 }
3840
3841
3842 /**
3843 * wpa_sm_rx_eapol - Process received WPA EAPOL frames
3844 * @sm: Pointer to WPA state machine data from wpa_sm_init()
3845 * @src_addr: Source MAC address of the EAPOL packet
3846 * @buf: Pointer to the beginning of the EAPOL data (EAPOL header)
3847 * @len: Length of the EAPOL frame
3848 * @encrypted: Whether the frame was encrypted
3849 * Returns: 1 = WPA EAPOL-Key processed, 0 = not a WPA EAPOL-Key, -1 failure,
3850 * -2 = reply counter did not increase.
3851 *
3852 * This function is called for each received EAPOL frame. Other than EAPOL-Key
3853 * frames can be skipped if filtering is done elsewhere. wpa_sm_rx_eapol() is
3854 * only processing WPA and WPA2 EAPOL-Key frames.
3855 *
3856 * The received EAPOL-Key packets are validated and valid packets are replied
3857 * to. In addition, key material (PTK, GTK) is configured at the end of a
3858 * successful key handshake.
3859 */
wpa_sm_rx_eapol(struct wpa_sm * sm,const u8 * src_addr,const u8 * buf,size_t len,enum frame_encryption encrypted)3860 int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
3861 const u8 *buf, size_t len, enum frame_encryption encrypted)
3862 {
3863 size_t plen, data_len, key_data_len;
3864 const struct ieee802_1x_hdr *hdr;
3865 struct wpa_eapol_key *key;
3866 u16 key_info, ver;
3867 u8 *tmp = NULL;
3868 int ret = -1;
3869 u8 *mic, *key_data;
3870 size_t mic_len, keyhdrlen, pmk_len;
3871
3872 #ifdef CONFIG_IEEE80211R
3873 sm->ft_completed = 0;
3874 #endif /* CONFIG_IEEE80211R */
3875
3876 pmk_len = sm->pmk_len;
3877 if (!pmk_len && sm->cur_pmksa)
3878 pmk_len = sm->cur_pmksa->pmk_len;
3879 mic_len = wpa_mic_len(sm->key_mgmt, pmk_len);
3880 keyhdrlen = sizeof(*key) + mic_len + 2;
3881
3882 if (len < sizeof(*hdr) + keyhdrlen) {
3883 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3884 "WPA: EAPOL frame too short to be a WPA "
3885 "EAPOL-Key (len %lu, expecting at least %lu)",
3886 (unsigned long) len,
3887 (unsigned long) sizeof(*hdr) + keyhdrlen);
3888 return 0;
3889 }
3890
3891 hdr = (const struct ieee802_1x_hdr *) buf;
3892 plen = be_to_host16(hdr->length);
3893 data_len = plen + sizeof(*hdr);
3894 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3895 "IEEE 802.1X RX: version=%d type=%d length=%lu",
3896 hdr->version, hdr->type, (unsigned long) plen);
3897
3898 if (hdr->version < EAPOL_VERSION) {
3899 /* TODO: backwards compatibility */
3900 }
3901 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
3902 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3903 "WPA: EAPOL frame (type %u) discarded, "
3904 "not a Key frame", hdr->type);
3905 ret = 0;
3906 goto out;
3907 }
3908 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len);
3909 if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
3910 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3911 "WPA: EAPOL frame payload size %lu "
3912 "invalid (frame size %lu)",
3913 (unsigned long) plen, (unsigned long) len);
3914 ret = 0;
3915 goto out;
3916 }
3917 if (data_len < len) {
3918 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3919 "WPA: ignoring %lu bytes after the IEEE 802.1X data",
3920 (unsigned long) len - data_len);
3921 }
3922
3923 /*
3924 * Make a copy of the frame since we need to modify the buffer during
3925 * MAC validation and Key Data decryption.
3926 */
3927 tmp = os_memdup(buf, data_len);
3928 if (tmp == NULL)
3929 goto out;
3930 key = (struct wpa_eapol_key *) (tmp + sizeof(struct ieee802_1x_hdr));
3931 mic = (u8 *) (key + 1);
3932 key_data = mic + mic_len + 2;
3933
3934 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN)
3935 {
3936 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
3937 "WPA: EAPOL-Key type (%d) unknown, discarded",
3938 key->type);
3939 ret = 0;
3940 goto out;
3941 }
3942
3943 key_data_len = WPA_GET_BE16(mic + mic_len);
3944 wpa_eapol_key_dump(sm, key, key_data_len, mic, mic_len);
3945
3946 if (key_data_len > plen - keyhdrlen) {
3947 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Invalid EAPOL-Key "
3948 "frame - key_data overflow (%u > %u)",
3949 (unsigned int) key_data_len,
3950 (unsigned int) (plen - keyhdrlen));
3951 goto out;
3952 }
3953
3954 if (sm->rx_replay_counter_set &&
3955 os_memcmp(key->replay_counter, sm->rx_replay_counter,
3956 WPA_REPLAY_COUNTER_LEN) <= 0) {
3957 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
3958 "WPA: EAPOL-Key Replay Counter did not increase - dropping packet");
3959 ret = -2;
3960 goto out;
3961 }
3962
3963 eapol_sm_notify_lower_layer_success(sm->eapol, 0);
3964
3965 key_info = WPA_GET_BE16(key->key_info);
3966
3967 if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
3968 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3969 "WPA: Unsupported SMK bit in key_info");
3970 goto out;
3971 }
3972
3973 if (!(key_info & WPA_KEY_INFO_ACK)) {
3974 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3975 "WPA: No Ack bit in key_info");
3976 goto out;
3977 }
3978
3979 if (key_info & WPA_KEY_INFO_REQUEST) {
3980 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3981 "WPA: EAPOL-Key with Request bit - dropped");
3982 goto out;
3983 }
3984
3985 if (sm->proto == WPA_PROTO_WPA) {
3986 ret = wpa_sm_rx_eapol_wpa(sm, src_addr, key, encrypted,
3987 tmp, data_len,
3988 key_data, key_data_len);
3989 goto out;
3990 }
3991
3992 if (key->type != EAPOL_KEY_TYPE_RSN) {
3993 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
3994 "RSN: Unsupported EAPOL-Key type %d", key->type);
3995 goto out;
3996 }
3997
3998 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
3999 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
4000 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
4001 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
4002 !wpa_use_akm_defined(sm->key_mgmt)) {
4003 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4004 "RSN: Unsupported EAPOL-Key descriptor version %d",
4005 ver);
4006 goto out;
4007 }
4008
4009 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
4010 sm->pairwise_cipher != WPA_CIPHER_TKIP) {
4011 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4012 "RSN: EAPOL-Key descriptor version %d not allowed without TKIP as the pairwise cipher",
4013 ver);
4014 goto out;
4015 }
4016
4017 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
4018 (sm->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
4019 sm->key_mgmt != WPA_KEY_MGMT_PSK)) {
4020 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4021 "RSN: EAPOL-Key descriptor version %d not allowed due to negotiated AKM (0x%x)",
4022 ver, sm->key_mgmt);
4023 goto out;
4024 }
4025
4026 if (wpa_use_akm_defined(sm->key_mgmt) &&
4027 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
4028 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4029 "RSN: Unsupported EAPOL-Key descriptor version %d (expected AKM defined = 0)",
4030 ver);
4031 goto out;
4032 }
4033
4034 #ifdef CONFIG_IEEE80211R
4035 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
4036 /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
4037 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
4038 !wpa_use_akm_defined(sm->key_mgmt)) {
4039 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4040 "FT: AP did not use AES-128-CMAC");
4041 goto out;
4042 }
4043 } else
4044 #endif /* CONFIG_IEEE80211R */
4045 if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
4046 if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
4047 !wpa_use_akm_defined(sm->key_mgmt)) {
4048 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4049 "RSN: AP did not use the negotiated AES-128-CMAC");
4050 goto out;
4051 }
4052 } else if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
4053 !wpa_use_akm_defined(sm->key_mgmt) &&
4054 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
4055 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4056 "RSN: CCMP is used, but EAPOL-Key descriptor version (%d) is not 2", ver);
4057 if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
4058 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4059 "RSN: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
4060 } else {
4061 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4062 "RSN: Unexpected descriptor version %u", ver);
4063 goto out;
4064 }
4065 } else if (sm->pairwise_cipher == WPA_CIPHER_GCMP &&
4066 !wpa_use_akm_defined(sm->key_mgmt) &&
4067 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
4068 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
4069 "RSN: GCMP is used, but EAPOL-Key descriptor version (%d) is not 2",
4070 ver);
4071 goto out;
4072 }
4073
4074 sm->last_eapol_key_ver = ver;
4075
4076 if ((key_info & WPA_KEY_INFO_MIC) &&
4077 wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
4078 goto out;
4079
4080 #ifdef CONFIG_FILS
4081 if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
4082 if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
4083 goto out;
4084 }
4085 #endif /* CONFIG_FILS */
4086
4087 if (sm->proto == WPA_PROTO_RSN &&
4088 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) {
4089 /*
4090 * Only decrypt the Key Data field if the frame's authenticity
4091 * was verified. When using AES-SIV (FILS), the MIC flag is not
4092 * set, so this check should only be performed if mic_len != 0
4093 * which is the case in this code branch.
4094 */
4095 if (!(key_info & WPA_KEY_INFO_MIC)) {
4096 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
4097 "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
4098 goto out;
4099 }
4100 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len,
4101 ver, key_data,
4102 &key_data_len))
4103 goto out;
4104 }
4105
4106 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
4107 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
4108 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
4109 "RSN: Ignored EAPOL-Key (Pairwise) with non-zero key index");
4110 goto out;
4111 }
4112 if (key_info & (WPA_KEY_INFO_MIC |
4113 WPA_KEY_INFO_ENCR_KEY_DATA)) {
4114 /* 3/4 4-Way Handshake */
4115 wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
4116 key_data_len);
4117 } else {
4118 /* 1/4 4-Way Handshake */
4119 wpa_supplicant_process_1_of_4(sm, src_addr, key,
4120 ver, key_data,
4121 key_data_len,
4122 encrypted);
4123 }
4124 } else {
4125 if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
4126 (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
4127 /* 1/2 Group Key Handshake */
4128 if (sm->mlo.valid_links)
4129 wpa_supplicant_process_mlo_1_of_2(sm, src_addr,
4130 key, key_data,
4131 key_data_len,
4132 ver);
4133 else
4134 wpa_supplicant_process_1_of_2(sm, src_addr, key,
4135 key_data,
4136 key_data_len,
4137 ver);
4138 } else {
4139 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
4140 "RSN: EAPOL-Key (Group) without Mic/Encr bit - dropped");
4141 }
4142 }
4143
4144 ret = 1;
4145
4146 out:
4147 bin_clear_free(tmp, data_len);
4148 return ret;
4149 }
4150
4151
4152 #ifdef CONFIG_CTRL_IFACE
wpa_key_mgmt_suite(struct wpa_sm * sm)4153 static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
4154 {
4155 switch (sm->key_mgmt) {
4156 case WPA_KEY_MGMT_IEEE8021X:
4157 return ((sm->proto == WPA_PROTO_RSN) ?
4158 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X :
4159 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
4160 case WPA_KEY_MGMT_PSK:
4161 return (sm->proto == WPA_PROTO_RSN ?
4162 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X :
4163 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
4164 #ifdef CONFIG_IEEE80211R
4165 case WPA_KEY_MGMT_FT_IEEE8021X:
4166 return RSN_AUTH_KEY_MGMT_FT_802_1X;
4167 case WPA_KEY_MGMT_FT_PSK:
4168 return RSN_AUTH_KEY_MGMT_FT_PSK;
4169 #endif /* CONFIG_IEEE80211R */
4170 case WPA_KEY_MGMT_IEEE8021X_SHA256:
4171 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
4172 case WPA_KEY_MGMT_PSK_SHA256:
4173 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
4174 case WPA_KEY_MGMT_CCKM:
4175 return (sm->proto == WPA_PROTO_RSN ?
4176 RSN_AUTH_KEY_MGMT_CCKM:
4177 WPA_AUTH_KEY_MGMT_CCKM);
4178 case WPA_KEY_MGMT_WPA_NONE:
4179 return WPA_AUTH_KEY_MGMT_NONE;
4180 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
4181 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
4182 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
4183 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
4184 case WPA_KEY_MGMT_IEEE8021X_SHA384:
4185 return RSN_AUTH_KEY_MGMT_802_1X_SHA384;
4186 default:
4187 return 0;
4188 }
4189 }
4190
4191
4192 #define RSN_SUITE "%02x-%02x-%02x-%d"
4193 #define RSN_SUITE_ARG(s) \
4194 ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
4195
4196 /**
4197 * wpa_sm_get_mib - Dump text list of MIB entries
4198 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4199 * @buf: Buffer for the list
4200 * @buflen: Length of the buffer
4201 * Returns: Number of bytes written to buffer
4202 *
4203 * This function is used fetch dot11 MIB variables.
4204 */
wpa_sm_get_mib(struct wpa_sm * sm,char * buf,size_t buflen)4205 int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
4206 {
4207 char pmkid_txt[PMKID_LEN * 2 + 1];
4208 bool rsna;
4209 int ret;
4210 size_t len;
4211
4212 if (sm->cur_pmksa) {
4213 wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt),
4214 sm->cur_pmksa->pmkid, PMKID_LEN);
4215 } else
4216 pmkid_txt[0] = '\0';
4217
4218 rsna = (wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
4219 wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
4220 sm->proto == WPA_PROTO_RSN;
4221
4222 ret = os_snprintf(buf, buflen,
4223 "dot11RSNAOptionImplemented=TRUE\n"
4224 "dot11RSNAPreauthenticationImplemented=TRUE\n"
4225 "dot11RSNAEnabled=%s\n"
4226 "dot11RSNAPreauthenticationEnabled=%s\n"
4227 "dot11RSNAConfigVersion=%d\n"
4228 "dot11RSNAConfigPairwiseKeysSupported=5\n"
4229 "dot11RSNAConfigGroupCipherSize=%d\n"
4230 "dot11RSNAConfigPMKLifetime=%d\n"
4231 "dot11RSNAConfigPMKReauthThreshold=%d\n"
4232 "dot11RSNAConfigNumberOfPTKSAReplayCounters=1\n"
4233 "dot11RSNAConfigSATimeout=%d\n",
4234 rsna ? "TRUE" : "FALSE",
4235 rsna ? "TRUE" : "FALSE",
4236 RSN_VERSION,
4237 wpa_cipher_key_len(sm->group_cipher) * 8,
4238 sm->dot11RSNAConfigPMKLifetime,
4239 sm->dot11RSNAConfigPMKReauthThreshold,
4240 sm->dot11RSNAConfigSATimeout);
4241 if (os_snprintf_error(buflen, ret))
4242 return 0;
4243 len = ret;
4244
4245 ret = os_snprintf(
4246 buf + len, buflen - len,
4247 "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
4248 "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
4249 "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
4250 "dot11RSNAPMKIDUsed=%s\n"
4251 "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n"
4252 "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n"
4253 "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n"
4254 "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n"
4255 "dot11RSNA4WayHandshakeFailures=%u\n",
4256 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
4257 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4258 sm->pairwise_cipher)),
4259 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4260 sm->group_cipher)),
4261 pmkid_txt,
4262 RSN_SUITE_ARG(wpa_key_mgmt_suite(sm)),
4263 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4264 sm->pairwise_cipher)),
4265 RSN_SUITE_ARG(wpa_cipher_to_suite(sm->proto,
4266 sm->group_cipher)),
4267 sm->dot11RSNA4WayHandshakeFailures);
4268 if (!os_snprintf_error(buflen - len, ret))
4269 len += ret;
4270
4271 return (int) len;
4272 }
4273 #endif /* CONFIG_CTRL_IFACE */
4274
4275
wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry * entry,void * ctx,enum pmksa_free_reason reason)4276 static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
4277 void *ctx, enum pmksa_free_reason reason)
4278 {
4279 struct wpa_sm *sm = ctx;
4280 int deauth = 0;
4281
4282 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA cache entry free_cb: "
4283 MACSTR " reason=%d", MAC2STR(entry->aa), reason);
4284
4285 if (sm->cur_pmksa == entry) {
4286 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4287 "RSN: %s current PMKSA entry",
4288 reason == PMKSA_REPLACE ? "replaced" : "removed");
4289 pmksa_cache_clear_current(sm);
4290
4291 /*
4292 * If an entry is simply being replaced, there's no need to
4293 * deauthenticate because it will be immediately re-added.
4294 * This happens when EAP authentication is completed again
4295 * (reauth or failed PMKSA caching attempt).
4296 */
4297 if (reason != PMKSA_REPLACE)
4298 deauth = 1;
4299 }
4300
4301 if (reason == PMKSA_EXPIRE &&
4302 (sm->pmk_len == entry->pmk_len &&
4303 os_memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0)) {
4304 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4305 "RSN: deauthenticating due to expired PMK");
4306 pmksa_cache_clear_current(sm);
4307 deauth = 1;
4308 }
4309
4310 if (deauth) {
4311 sm->pmk_len = 0;
4312 os_memset(sm->pmk, 0, sizeof(sm->pmk));
4313 wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
4314 }
4315 }
4316
4317
wpa_sm_pmksa_is_current_cb(struct rsn_pmksa_cache_entry * entry,void * ctx)4318 static bool wpa_sm_pmksa_is_current_cb(struct rsn_pmksa_cache_entry *entry,
4319 void *ctx)
4320 {
4321 struct wpa_sm *sm = ctx;
4322
4323 return sm->cur_pmksa == entry;
4324 }
4325
4326
wpa_sm_pmksa_notify_cb(struct rsn_pmksa_cache_entry * entry,void * ctx)4327 static void wpa_sm_pmksa_notify_cb(struct rsn_pmksa_cache_entry *entry,
4328 void *ctx)
4329 {
4330 struct wpa_sm *sm = ctx;
4331
4332 wpa_sm_notify_pmksa_cache_entry(sm, entry);
4333 }
4334
4335
4336 /**
4337 * wpa_sm_init - Initialize WPA state machine
4338 * @ctx: Context pointer for callbacks; this needs to be an allocated buffer
4339 * Returns: Pointer to the allocated WPA state machine data
4340 *
4341 * This function is used to allocate a new WPA state machine and the returned
4342 * value is passed to all WPA state machine calls.
4343 */
wpa_sm_init(struct wpa_sm_ctx * ctx)4344 struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
4345 {
4346 struct wpa_sm *sm;
4347
4348 sm = os_zalloc(sizeof(*sm));
4349 if (sm == NULL)
4350 return NULL;
4351 dl_list_init(&sm->pmksa_candidates);
4352 sm->renew_snonce = 1;
4353 sm->ctx = ctx;
4354
4355 sm->dot11RSNAConfigPMKLifetime = 43200;
4356 sm->dot11RSNAConfigPMKReauthThreshold = 70;
4357 sm->dot11RSNAConfigSATimeout = 60;
4358
4359 sm->pmksa = pmksa_cache_init(wpa_sm_pmksa_free_cb,
4360 wpa_sm_pmksa_is_current_cb,
4361 wpa_sm_pmksa_notify_cb, sm, sm);
4362 if (sm->pmksa == NULL) {
4363 wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
4364 "RSN: PMKSA cache initialization failed");
4365 os_free(sm);
4366 return NULL;
4367 }
4368
4369 return sm;
4370 }
4371
4372
4373 /**
4374 * wpa_sm_deinit - Deinitialize WPA state machine
4375 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4376 */
wpa_sm_deinit(struct wpa_sm * sm)4377 void wpa_sm_deinit(struct wpa_sm *sm)
4378 {
4379 int i;
4380
4381 if (sm == NULL)
4382 return;
4383 pmksa_cache_deinit(sm->pmksa);
4384 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
4385 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
4386 os_free(sm->assoc_wpa_ie);
4387 os_free(sm->assoc_rsnxe);
4388 os_free(sm->ap_wpa_ie);
4389 os_free(sm->ap_rsn_ie);
4390 os_free(sm->ap_rsnxe);
4391 os_free(sm->ap_rsne_override);
4392 os_free(sm->ap_rsne_override_2);
4393 os_free(sm->ap_rsnxe_override);
4394 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4395 os_free(sm->mlo.links[i].ap_rsne);
4396 os_free(sm->mlo.links[i].ap_rsnxe);
4397 os_free(sm->mlo.links[i].ap_rsnoe);
4398 os_free(sm->mlo.links[i].ap_rsno2e);
4399 os_free(sm->mlo.links[i].ap_rsnxoe);
4400 }
4401 wpa_sm_drop_sa(sm);
4402 os_free(sm->ctx);
4403 #ifdef CONFIG_IEEE80211R
4404 os_free(sm->assoc_resp_ies);
4405 #endif /* CONFIG_IEEE80211R */
4406 #ifdef CONFIG_TESTING_OPTIONS
4407 wpabuf_free(sm->test_assoc_ie);
4408 wpabuf_free(sm->test_eapol_m2_elems);
4409 wpabuf_free(sm->test_eapol_m4_elems);
4410 wpabuf_free(sm->test_rsnxe_data);
4411 wpabuf_free(sm->test_rsnxe_mask);
4412 #endif /* CONFIG_TESTING_OPTIONS */
4413 #ifdef CONFIG_FILS_SK_PFS
4414 crypto_ecdh_deinit(sm->fils_ecdh);
4415 #endif /* CONFIG_FILS_SK_PFS */
4416 #ifdef CONFIG_FILS
4417 wpabuf_free(sm->fils_ft_ies);
4418 #endif /* CONFIG_FILS */
4419 #ifdef CONFIG_OWE
4420 crypto_ecdh_deinit(sm->owe_ecdh);
4421 #endif /* CONFIG_OWE */
4422 #ifdef CONFIG_DPP2
4423 wpabuf_clear_free(sm->dpp_z);
4424 #endif /* CONFIG_DPP2 */
4425 os_memset(sm->last_kck, 0, sizeof(sm->last_kck));
4426 os_free(sm);
4427 }
4428
4429
wpa_sm_clear_ptk(struct wpa_sm * sm)4430 static void wpa_sm_clear_ptk(struct wpa_sm *sm)
4431 {
4432 int i;
4433
4434 sm->ptk_set = 0;
4435 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
4436 sm->tptk_set = 0;
4437 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
4438 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
4439 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
4440 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
4441 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
4442 os_memset(&sm->bigtk, 0, sizeof(sm->bigtk));
4443 os_memset(&sm->bigtk_wnm_sleep, 0, sizeof(sm->bigtk_wnm_sleep));
4444 sm->tk_set = false;
4445 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4446 os_memset(&sm->mlo.links[i].gtk, 0,
4447 sizeof(sm->mlo.links[i].gtk));
4448 os_memset(&sm->mlo.links[i].gtk_wnm_sleep, 0,
4449 sizeof(sm->mlo.links[i].gtk_wnm_sleep));
4450 os_memset(&sm->mlo.links[i].igtk, 0,
4451 sizeof(sm->mlo.links[i].igtk));
4452 os_memset(&sm->mlo.links[i].igtk_wnm_sleep, 0,
4453 sizeof(sm->mlo.links[i].igtk_wnm_sleep));
4454 os_memset(&sm->mlo.links[i].bigtk, 0,
4455 sizeof(sm->mlo.links[i].bigtk));
4456 os_memset(&sm->mlo.links[i].bigtk_wnm_sleep, 0,
4457 sizeof(sm->mlo.links[i].bigtk_wnm_sleep));
4458 }
4459 }
4460
4461
4462 /**
4463 * wpa_sm_notify_assoc - Notify WPA state machine about association
4464 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4465 * @bssid: The BSSID of the new association
4466 *
4467 * This function is called to let WPA state machine know that the connection
4468 * was established.
4469 */
wpa_sm_notify_assoc(struct wpa_sm * sm,const u8 * bssid)4470 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
4471 {
4472 int clear_keys = 1;
4473
4474 if (sm == NULL)
4475 return;
4476
4477 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4478 "WPA: Association event - clear replay counter");
4479 os_memcpy(sm->bssid, bssid, ETH_ALEN);
4480 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
4481 sm->rx_replay_counter_set = 0;
4482 sm->renew_snonce = 1;
4483 if (ether_addr_equal(sm->preauth_bssid, bssid))
4484 rsn_preauth_deinit(sm);
4485
4486 #ifdef CONFIG_IEEE80211R
4487 if (wpa_ft_is_completed(sm)) {
4488 /*
4489 * Clear portValid to kick EAPOL state machine to re-enter
4490 * AUTHENTICATED state to get the EAPOL port Authorized.
4491 */
4492 eapol_sm_notify_portValid(sm->eapol, false);
4493 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
4494
4495 /* Prepare for the next transition */
4496 wpa_ft_prepare_auth_request(sm, NULL);
4497
4498 clear_keys = 0;
4499 sm->ft_protocol = 1;
4500 } else {
4501 sm->ft_protocol = 0;
4502 }
4503 #endif /* CONFIG_IEEE80211R */
4504 #ifdef CONFIG_FILS
4505 if (sm->fils_completed) {
4506 /*
4507 * Clear portValid to kick EAPOL state machine to re-enter
4508 * AUTHENTICATED state to get the EAPOL port Authorized.
4509 */
4510 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
4511 clear_keys = 0;
4512 }
4513 #endif /* CONFIG_FILS */
4514
4515 if (clear_keys) {
4516 /*
4517 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
4518 * this is not part of a Fast BSS Transition.
4519 */
4520 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
4521 wpa_sm_clear_ptk(sm);
4522 }
4523
4524 #ifdef CONFIG_TDLS
4525 wpa_tdls_assoc(sm);
4526 #endif /* CONFIG_TDLS */
4527
4528 #ifdef CONFIG_P2P
4529 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
4530 #endif /* CONFIG_P2P */
4531
4532 sm->keyidx_active = 0;
4533 }
4534
4535
4536 /**
4537 * wpa_sm_notify_disassoc - Notify WPA state machine about disassociation
4538 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4539 *
4540 * This function is called to let WPA state machine know that the connection
4541 * was lost. This will abort any existing pre-authentication session.
4542 */
wpa_sm_notify_disassoc(struct wpa_sm * sm)4543 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
4544 {
4545 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
4546 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
4547 rsn_preauth_deinit(sm);
4548 pmksa_cache_clear_current(sm);
4549 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
4550 sm->dot11RSNA4WayHandshakeFailures++;
4551 #ifdef CONFIG_TDLS
4552 wpa_tdls_disassoc(sm);
4553 #endif /* CONFIG_TDLS */
4554 #ifdef CONFIG_FILS
4555 sm->fils_completed = 0;
4556 #endif /* CONFIG_FILS */
4557 #ifdef CONFIG_IEEE80211R
4558 sm->ft_reassoc_completed = 0;
4559 sm->ft_protocol = 0;
4560 #endif /* CONFIG_IEEE80211R */
4561
4562 /* Keys are not needed in the WPA state machine anymore */
4563 wpa_sm_drop_sa(sm);
4564 sm->keyidx_active = 0;
4565
4566 sm->msg_3_of_4_ok = 0;
4567 os_memset(sm->bssid, 0, ETH_ALEN);
4568 }
4569
4570
4571 /**
4572 * wpa_sm_set_pmk - Set PMK
4573 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4574 * @pmk: The new PMK
4575 * @pmk_len: The length of the new PMK in bytes
4576 * @pmkid: Calculated PMKID
4577 * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
4578 *
4579 * Configure the PMK for WPA state machine.
4580 */
wpa_sm_set_pmk(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * bssid)4581 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
4582 const u8 *pmkid, const u8 *bssid)
4583 {
4584 if (sm == NULL)
4585 return;
4586
4587 wpa_hexdump_key(MSG_DEBUG, "WPA: Set PMK based on external data",
4588 pmk, pmk_len);
4589 sm->pmk_len = pmk_len;
4590 os_memcpy(sm->pmk, pmk, pmk_len);
4591
4592 #ifdef CONFIG_IEEE80211R
4593 /* Set XXKey to be PSK for FT key derivation */
4594 sm->xxkey_len = pmk_len;
4595 os_memcpy(sm->xxkey, pmk, pmk_len);
4596 #endif /* CONFIG_IEEE80211R */
4597
4598 if (bssid) {
4599 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len,
4600 pmkid, NULL, 0, bssid,
4601 sm->own_addr,
4602 sm->network_ctx, sm->key_mgmt,
4603 NULL);
4604 }
4605 }
4606
4607
4608 /**
4609 * wpa_sm_set_pmk_from_pmksa - Set PMK based on the current PMKSA
4610 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4611 *
4612 * Take the PMK from the current PMKSA into use. If no PMKSA is active, the PMK
4613 * will be cleared.
4614 */
wpa_sm_set_pmk_from_pmksa(struct wpa_sm * sm)4615 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
4616 {
4617 if (sm == NULL)
4618 return;
4619
4620 if (sm->cur_pmksa) {
4621 wpa_hexdump_key(MSG_DEBUG,
4622 "WPA: Set PMK based on current PMKSA",
4623 sm->cur_pmksa->pmk, sm->cur_pmksa->pmk_len);
4624 sm->pmk_len = sm->cur_pmksa->pmk_len;
4625 os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
4626 } else {
4627 wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
4628 sm->pmk_len = 0;
4629 os_memset(sm->pmk, 0, PMK_LEN_MAX);
4630 }
4631 }
4632
4633
4634 /**
4635 * wpa_sm_set_fast_reauth - Set fast reauthentication (EAP) enabled/disabled
4636 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4637 * @fast_reauth: Whether fast reauthentication (EAP) is allowed
4638 */
wpa_sm_set_fast_reauth(struct wpa_sm * sm,int fast_reauth)4639 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth)
4640 {
4641 if (sm)
4642 sm->fast_reauth = fast_reauth;
4643 }
4644
4645
4646 /**
4647 * wpa_sm_set_scard_ctx - Set context pointer for smartcard callbacks
4648 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4649 * @scard_ctx: Context pointer for smartcard related callback functions
4650 */
wpa_sm_set_scard_ctx(struct wpa_sm * sm,void * scard_ctx)4651 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx)
4652 {
4653 if (sm == NULL)
4654 return;
4655 sm->scard_ctx = scard_ctx;
4656 if (sm->preauth_eapol)
4657 eapol_sm_register_scard_ctx(sm->preauth_eapol, scard_ctx);
4658 }
4659
4660
4661 /**
4662 * wpa_sm_set_config - Notification of current configuration change
4663 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4664 * @config: Pointer to current network configuration
4665 *
4666 * Notify WPA state machine that configuration has changed. config will be
4667 * stored as a backpointer to network configuration. This can be %NULL to clear
4668 * the stored pointed.
4669 */
wpa_sm_set_config(struct wpa_sm * sm,struct rsn_supp_config * config)4670 void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
4671 {
4672 if (!sm)
4673 return;
4674
4675 if (config) {
4676 sm->network_ctx = config->network_ctx;
4677 sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
4678 sm->proactive_key_caching = config->proactive_key_caching;
4679 sm->eap_workaround = config->eap_workaround;
4680 sm->eap_conf_ctx = config->eap_conf_ctx;
4681 if (config->ssid) {
4682 os_memcpy(sm->ssid, config->ssid, config->ssid_len);
4683 sm->ssid_len = config->ssid_len;
4684 } else
4685 sm->ssid_len = 0;
4686 sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
4687 sm->p2p = config->p2p;
4688 sm->wpa_rsc_relaxation = config->wpa_rsc_relaxation;
4689 sm->owe_ptk_workaround = config->owe_ptk_workaround;
4690 sm->force_kdk_derivation = config->force_kdk_derivation;
4691 #ifdef CONFIG_FILS
4692 if (config->fils_cache_id) {
4693 sm->fils_cache_id_set = 1;
4694 os_memcpy(sm->fils_cache_id, config->fils_cache_id,
4695 FILS_CACHE_ID_LEN);
4696 } else {
4697 sm->fils_cache_id_set = 0;
4698 }
4699 #endif /* CONFIG_FILS */
4700 sm->beacon_prot = config->beacon_prot;
4701 } else {
4702 sm->network_ctx = NULL;
4703 sm->allowed_pairwise_cipher = 0;
4704 sm->proactive_key_caching = 0;
4705 sm->eap_workaround = 0;
4706 sm->eap_conf_ctx = NULL;
4707 sm->ssid_len = 0;
4708 sm->wpa_ptk_rekey = 0;
4709 sm->p2p = 0;
4710 sm->wpa_rsc_relaxation = 0;
4711 sm->owe_ptk_workaround = 0;
4712 sm->beacon_prot = 0;
4713 sm->force_kdk_derivation = false;
4714 }
4715 }
4716
4717
wpa_sm_set_ssid(struct wpa_sm * sm,const u8 * ssid,size_t ssid_len)4718 void wpa_sm_set_ssid(struct wpa_sm *sm, const u8 *ssid, size_t ssid_len)
4719 {
4720 if (!sm)
4721 return;
4722
4723 if (ssid) {
4724 os_memcpy(sm->ssid, ssid, ssid_len);
4725 sm->ssid_len = ssid_len;
4726 } else {
4727 sm->ssid_len = 0;
4728 }
4729 }
4730
4731
wpa_sm_set_mlo_params(struct wpa_sm * sm,const struct wpa_sm_mlo * mlo)4732 int wpa_sm_set_mlo_params(struct wpa_sm *sm, const struct wpa_sm_mlo *mlo)
4733 {
4734 int i;
4735
4736 if (!sm)
4737 return -1;
4738
4739 os_memcpy(sm->mlo.ap_mld_addr, mlo->ap_mld_addr, ETH_ALEN);
4740 sm->mlo.assoc_link_id = mlo->assoc_link_id;
4741 sm->mlo.valid_links = mlo->valid_links;
4742 sm->mlo.req_links = mlo->req_links;
4743
4744 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
4745 const u8 *ie;
4746 size_t len;
4747
4748 if (sm->mlo.req_links & BIT(i)) {
4749 if (!mlo->links[i].ap_rsne ||
4750 mlo->links[i].ap_rsne_len == 0) {
4751 wpa_dbg(sm->ctx->msg_ctx, MSG_INFO,
4752 "RSN: No RSNE for AP MLO link %d with BSSID "
4753 MACSTR,
4754 i, MAC2STR(mlo->links[i].bssid));
4755 return -1;
4756
4757 }
4758 os_memcpy(sm->mlo.links[i].addr, mlo->links[i].addr,
4759 ETH_ALEN);
4760 os_memcpy(sm->mlo.links[i].bssid, mlo->links[i].bssid,
4761 ETH_ALEN);
4762 }
4763
4764 ie = mlo->links[i].ap_rsne;
4765 len = mlo->links[i].ap_rsne_len;
4766 os_free(sm->mlo.links[i].ap_rsne);
4767 if (!ie || len == 0) {
4768 if (sm->mlo.links[i].ap_rsne)
4769 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4770 "RSN: Clearing MLO link[%u] AP RSNE",
4771 i);
4772 sm->mlo.links[i].ap_rsne = NULL;
4773 sm->mlo.links[i].ap_rsne_len = 0;
4774 } else {
4775 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNE",
4776 ie, len);
4777 sm->mlo.links[i].ap_rsne = os_memdup(ie, len);
4778 if (!sm->mlo.links[i].ap_rsne) {
4779 sm->mlo.links[i].ap_rsne_len = 0;
4780 return -1;
4781 }
4782 sm->mlo.links[i].ap_rsne_len = len;
4783 }
4784
4785 ie = mlo->links[i].ap_rsnxe;
4786 len = mlo->links[i].ap_rsnxe_len;
4787 os_free(sm->mlo.links[i].ap_rsnxe);
4788 if (!ie || len == 0) {
4789 if (sm->mlo.links[i].ap_rsnxe)
4790 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4791 "RSN: Clearing MLO link[%u] AP RSNXE",
4792 i);
4793 sm->mlo.links[i].ap_rsnxe = NULL;
4794 sm->mlo.links[i].ap_rsnxe_len = 0;
4795 } else {
4796 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNXE", ie,
4797 len);
4798 sm->mlo.links[i].ap_rsnxe = os_memdup(ie, len);
4799 if (!sm->mlo.links[i].ap_rsnxe) {
4800 sm->mlo.links[i].ap_rsnxe_len = 0;
4801 return -1;
4802 }
4803 sm->mlo.links[i].ap_rsnxe_len = len;
4804 }
4805
4806 ie = mlo->links[i].ap_rsnoe;
4807 len = mlo->links[i].ap_rsnoe_len;
4808 os_free(sm->mlo.links[i].ap_rsnoe);
4809 if (!ie || len == 0) {
4810 if (sm->mlo.links[i].ap_rsnoe)
4811 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4812 "RSN: Clearing MLO link[%u] AP RSNOE",
4813 i);
4814 sm->mlo.links[i].ap_rsnoe = NULL;
4815 sm->mlo.links[i].ap_rsnoe_len = 0;
4816 } else {
4817 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNOE",
4818 ie, len);
4819 sm->mlo.links[i].ap_rsnoe = os_memdup(ie, len);
4820 if (!sm->mlo.links[i].ap_rsnoe) {
4821 sm->mlo.links[i].ap_rsnoe_len = 0;
4822 return -1;
4823 }
4824 sm->mlo.links[i].ap_rsnoe_len = len;
4825 }
4826
4827 ie = mlo->links[i].ap_rsno2e;
4828 len = mlo->links[i].ap_rsno2e_len;
4829 os_free(sm->mlo.links[i].ap_rsno2e);
4830 if (!ie || len == 0) {
4831 if (sm->mlo.links[i].ap_rsno2e)
4832 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4833 "RSN: Clearing MLO link[%u] AP RSNO2E",
4834 i);
4835 sm->mlo.links[i].ap_rsno2e = NULL;
4836 sm->mlo.links[i].ap_rsno2e_len = 0;
4837 } else {
4838 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNO2E",
4839 ie, len);
4840 sm->mlo.links[i].ap_rsno2e = os_memdup(ie, len);
4841 if (!sm->mlo.links[i].ap_rsno2e) {
4842 sm->mlo.links[i].ap_rsno2e_len = 0;
4843 return -1;
4844 }
4845 sm->mlo.links[i].ap_rsno2e_len = len;
4846 }
4847
4848 ie = mlo->links[i].ap_rsnxoe;
4849 len = mlo->links[i].ap_rsnxoe_len;
4850 os_free(sm->mlo.links[i].ap_rsnxoe);
4851 if (!ie || len == 0) {
4852 if (sm->mlo.links[i].ap_rsnxoe)
4853 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
4854 "RSN: Clearing MLO link[%u] AP RSNXOE",
4855 i);
4856 sm->mlo.links[i].ap_rsnxoe = NULL;
4857 sm->mlo.links[i].ap_rsnxoe_len = 0;
4858 } else {
4859 wpa_hexdump_link(MSG_DEBUG, i, "RSN: Set AP RSNXOE",
4860 ie, len);
4861 sm->mlo.links[i].ap_rsnxoe = os_memdup(ie, len);
4862 if (!sm->mlo.links[i].ap_rsnxoe) {
4863 sm->mlo.links[i].ap_rsnxoe_len = 0;
4864 return -1;
4865 }
4866 sm->mlo.links[i].ap_rsnxoe_len = len;
4867 }
4868 }
4869
4870 return 0;
4871 }
4872
4873
4874 /**
4875 * wpa_sm_set_own_addr - Set own MAC address
4876 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4877 * @addr: Own MAC address
4878 */
wpa_sm_set_own_addr(struct wpa_sm * sm,const u8 * addr)4879 void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr)
4880 {
4881 if (sm)
4882 os_memcpy(sm->own_addr, addr, ETH_ALEN);
4883 }
4884
4885
4886 /**
4887 * wpa_sm_set_ifname - Set network interface name
4888 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4889 * @ifname: Interface name
4890 * @bridge_ifname: Optional bridge interface name (for pre-auth)
4891 */
wpa_sm_set_ifname(struct wpa_sm * sm,const char * ifname,const char * bridge_ifname)4892 void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname,
4893 const char *bridge_ifname)
4894 {
4895 if (sm) {
4896 sm->ifname = ifname;
4897 sm->bridge_ifname = bridge_ifname;
4898 }
4899 }
4900
4901
4902 /**
4903 * wpa_sm_set_eapol - Set EAPOL state machine pointer
4904 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4905 * @eapol: Pointer to EAPOL state machine allocated with eapol_sm_init()
4906 */
wpa_sm_set_eapol(struct wpa_sm * sm,struct eapol_sm * eapol)4907 void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol)
4908 {
4909 if (sm)
4910 sm->eapol = eapol;
4911 }
4912
4913
4914 /**
4915 * wpa_sm_set_param - Set WPA state machine parameters
4916 * @sm: Pointer to WPA state machine data from wpa_sm_init()
4917 * @param: Parameter field
4918 * @value: Parameter value
4919 * Returns: 0 on success, -1 on failure
4920 */
wpa_sm_set_param(struct wpa_sm * sm,enum wpa_sm_conf_params param,unsigned int value)4921 int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
4922 unsigned int value)
4923 {
4924 int ret = 0;
4925
4926 if (sm == NULL)
4927 return -1;
4928
4929 switch (param) {
4930 case RSNA_PMK_LIFETIME:
4931 if (value > 0)
4932 sm->dot11RSNAConfigPMKLifetime = value;
4933 else
4934 ret = -1;
4935 break;
4936 case RSNA_PMK_REAUTH_THRESHOLD:
4937 if (value > 0 && value <= 100)
4938 sm->dot11RSNAConfigPMKReauthThreshold = value;
4939 else
4940 ret = -1;
4941 break;
4942 case RSNA_SA_TIMEOUT:
4943 if (value > 0)
4944 sm->dot11RSNAConfigSATimeout = value;
4945 else
4946 ret = -1;
4947 break;
4948 case WPA_PARAM_PROTO:
4949 sm->proto = value;
4950 break;
4951 case WPA_PARAM_PAIRWISE:
4952 sm->pairwise_cipher = value;
4953 break;
4954 case WPA_PARAM_GROUP:
4955 sm->group_cipher = value;
4956 break;
4957 case WPA_PARAM_KEY_MGMT:
4958 sm->key_mgmt = value;
4959 break;
4960 case WPA_PARAM_MGMT_GROUP:
4961 sm->mgmt_group_cipher = value;
4962 break;
4963 case WPA_PARAM_RSN_ENABLED:
4964 sm->rsn_enabled = value;
4965 break;
4966 case WPA_PARAM_MFP:
4967 sm->mfp = value;
4968 break;
4969 case WPA_PARAM_OCV:
4970 sm->ocv = value;
4971 break;
4972 case WPA_PARAM_SAE_PWE:
4973 sm->sae_pwe = value;
4974 break;
4975 case WPA_PARAM_SAE_PK:
4976 sm->sae_pk = value;
4977 break;
4978 case WPA_PARAM_DENY_PTK0_REKEY:
4979 sm->wpa_deny_ptk0_rekey = value;
4980 break;
4981 case WPA_PARAM_EXT_KEY_ID:
4982 sm->ext_key_id = value;
4983 break;
4984 case WPA_PARAM_USE_EXT_KEY_ID:
4985 sm->use_ext_key_id = value;
4986 break;
4987 case WPA_PARAM_SPP_AMSDU:
4988 sm->spp_amsdu = !!value;
4989 break;
4990 #ifdef CONFIG_TESTING_OPTIONS
4991 case WPA_PARAM_FT_RSNXE_USED:
4992 sm->ft_rsnxe_used = value;
4993 break;
4994 case WPA_PARAM_OCI_FREQ_EAPOL:
4995 sm->oci_freq_override_eapol = value;
4996 break;
4997 case WPA_PARAM_OCI_FREQ_EAPOL_G2:
4998 sm->oci_freq_override_eapol_g2 = value;
4999 break;
5000 case WPA_PARAM_OCI_FREQ_FT_ASSOC:
5001 sm->oci_freq_override_ft_assoc = value;
5002 break;
5003 case WPA_PARAM_OCI_FREQ_FILS_ASSOC:
5004 sm->oci_freq_override_fils_assoc = value;
5005 break;
5006 case WPA_PARAM_DISABLE_EAPOL_G2_TX:
5007 sm->disable_eapol_g2_tx = value;
5008 break;
5009 case WPA_PARAM_ENCRYPT_EAPOL_M2:
5010 sm->encrypt_eapol_m2 = value;
5011 break;
5012 case WPA_PARAM_ENCRYPT_EAPOL_M4:
5013 sm->encrypt_eapol_m4 = value;
5014 break;
5015 case WPA_PARAM_EAPOL_2_KEY_INFO_SET_MASK:
5016 sm->eapol_2_key_info_set_mask = value;
5017 break;
5018 #endif /* CONFIG_TESTING_OPTIONS */
5019 #ifdef CONFIG_DPP2
5020 case WPA_PARAM_DPP_PFS:
5021 sm->dpp_pfs = value;
5022 break;
5023 #endif /* CONFIG_DPP2 */
5024 case WPA_PARAM_WMM_ENABLED:
5025 sm->wmm_enabled = value;
5026 break;
5027 case WPA_PARAM_FT_PREPEND_PMKID:
5028 sm->ft_prepend_pmkid = value;
5029 break;
5030 case WPA_PARAM_SSID_PROTECTION:
5031 sm->ssid_protection = value;
5032 break;
5033 case WPA_PARAM_RSN_OVERRIDE:
5034 sm->rsn_override = value;
5035 break;
5036 case WPA_PARAM_RSN_OVERRIDE_SUPPORT:
5037 sm->rsn_override_support = value;
5038 break;
5039 default:
5040 break;
5041 }
5042
5043 return ret;
5044 }
5045
5046
wpa_sm_get_ap_rsne(struct wpa_sm * sm,size_t * len)5047 static const u8 * wpa_sm_get_ap_rsne(struct wpa_sm *sm, size_t *len)
5048 {
5049 if (sm->rsn_override == RSN_OVERRIDE_RSNE_OVERRIDE) {
5050 *len = sm->ap_rsne_override_len;
5051 return sm->ap_rsne_override;
5052 }
5053
5054 if (sm->rsn_override == RSN_OVERRIDE_RSNE_OVERRIDE_2) {
5055 *len = sm->ap_rsne_override_2_len;
5056 return sm->ap_rsne_override_2;
5057 }
5058
5059 *len = sm->ap_rsn_ie_len;
5060 return sm->ap_rsn_ie;
5061 }
5062
5063
5064 /**
5065 * wpa_sm_get_status - Get WPA state machine
5066 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5067 * @buf: Buffer for status information
5068 * @buflen: Maximum buffer length
5069 * @verbose: Whether to include verbose status information
5070 * Returns: Number of bytes written to buf.
5071 *
5072 * Query WPA state machine for status information. This function fills in
5073 * a text area with current status information. If the buffer (buf) is not
5074 * large enough, status information will be truncated to fit the buffer.
5075 */
wpa_sm_get_status(struct wpa_sm * sm,char * buf,size_t buflen,int verbose)5076 int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen,
5077 int verbose)
5078 {
5079 char *pos = buf, *end = buf + buflen;
5080 int ret;
5081 const u8 *rsne;
5082 size_t rsne_len;
5083
5084 rsne = wpa_sm_get_ap_rsne(sm, &rsne_len);
5085
5086 ret = os_snprintf(pos, end - pos,
5087 "pairwise_cipher=%s\n"
5088 "group_cipher=%s\n"
5089 "key_mgmt=%s\n",
5090 wpa_cipher_txt(sm->pairwise_cipher),
5091 wpa_cipher_txt(sm->group_cipher),
5092 wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
5093 if (os_snprintf_error(end - pos, ret))
5094 return pos - buf;
5095 pos += ret;
5096
5097 #ifdef CONFIG_DPP2
5098 if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
5099 ret = os_snprintf(pos, end - pos, "dpp_pfs=1\n");
5100 if (os_snprintf_error(end - pos, ret))
5101 return pos - buf;
5102 pos += ret;
5103 }
5104 #endif /* CONFIG_DPP2 */
5105
5106 if (sm->mfp != NO_MGMT_FRAME_PROTECTION && rsne) {
5107 struct wpa_ie_data rsn;
5108
5109 if (wpa_parse_wpa_ie_rsn(rsne, rsne_len, &rsn) >= 0 &&
5110 rsn.capabilities & (WPA_CAPABILITY_MFPR |
5111 WPA_CAPABILITY_MFPC)) {
5112 ret = os_snprintf(pos, end - pos, "pmf=%d\n"
5113 "mgmt_group_cipher=%s\n",
5114 (rsn.capabilities &
5115 WPA_CAPABILITY_MFPR) ? 2 : 1,
5116 wpa_cipher_txt(
5117 sm->mgmt_group_cipher));
5118 if (os_snprintf_error(end - pos, ret))
5119 return pos - buf;
5120 pos += ret;
5121 }
5122 }
5123
5124 return pos - buf;
5125 }
5126
5127
wpa_sm_pmf_enabled(struct wpa_sm * sm)5128 int wpa_sm_pmf_enabled(struct wpa_sm *sm)
5129 {
5130 struct wpa_ie_data rsn;
5131 const u8 *rsne;
5132 size_t rsne_len;
5133
5134 rsne = wpa_sm_get_ap_rsne(sm, &rsne_len);
5135
5136 if (sm->mfp == NO_MGMT_FRAME_PROTECTION || !rsne)
5137 return 0;
5138
5139 if (wpa_parse_wpa_ie_rsn(rsne, rsne_len, &rsn) >= 0 &&
5140 rsn.capabilities & (WPA_CAPABILITY_MFPR | WPA_CAPABILITY_MFPC))
5141 return 1;
5142
5143 return 0;
5144 }
5145
5146
wpa_sm_rsn_overriding_supported(struct wpa_sm * sm)5147 bool wpa_sm_rsn_overriding_supported(struct wpa_sm *sm)
5148 {
5149 const u8 *rsne;
5150 size_t rsne_len;
5151
5152 rsne = wpa_sm_get_ap_rsne(sm, &rsne_len);
5153
5154 return sm->rsn_override_support && rsne;
5155 }
5156
5157
wpa_sm_ext_key_id(struct wpa_sm * sm)5158 int wpa_sm_ext_key_id(struct wpa_sm *sm)
5159 {
5160 return sm ? sm->ext_key_id : 0;
5161 }
5162
5163
wpa_sm_ext_key_id_active(struct wpa_sm * sm)5164 int wpa_sm_ext_key_id_active(struct wpa_sm *sm)
5165 {
5166 return sm ? sm->use_ext_key_id : 0;
5167 }
5168
5169
wpa_sm_ocv_enabled(struct wpa_sm * sm)5170 int wpa_sm_ocv_enabled(struct wpa_sm *sm)
5171 {
5172 struct wpa_ie_data rsn;
5173 const u8 *rsne;
5174 size_t rsne_len;
5175
5176 rsne = wpa_sm_get_ap_rsne(sm, &rsne_len);
5177 if (!sm->ocv || !rsne)
5178 return 0;
5179
5180 return wpa_parse_wpa_ie_rsn(rsne, rsne_len, &rsn) >= 0 &&
5181 (rsn.capabilities & WPA_CAPABILITY_OCVC);
5182 }
5183
5184
5185 /**
5186 * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration
5187 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5188 * @wpa_ie: Pointer to buffer for WPA/RSN IE
5189 * @wpa_ie_len: Pointer to the length of the wpa_ie buffer
5190 * Returns: 0 on success, -1 on failure
5191 */
wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm * sm,u8 * wpa_ie,size_t * wpa_ie_len)5192 int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
5193 size_t *wpa_ie_len)
5194 {
5195 int res;
5196
5197 if (sm == NULL)
5198 return -1;
5199
5200 #ifdef CONFIG_TESTING_OPTIONS
5201 if (sm->test_assoc_ie) {
5202 wpa_printf(MSG_DEBUG,
5203 "TESTING: Replace association WPA/RSN IE");
5204 if (*wpa_ie_len < wpabuf_len(sm->test_assoc_ie))
5205 return -1;
5206 os_memcpy(wpa_ie, wpabuf_head(sm->test_assoc_ie),
5207 wpabuf_len(sm->test_assoc_ie));
5208 res = wpabuf_len(sm->test_assoc_ie);
5209 } else
5210 #endif /* CONFIG_TESTING_OPTIONS */
5211 res = wpa_gen_wpa_ie(sm, wpa_ie, *wpa_ie_len);
5212 if (res < 0)
5213 return -1;
5214 *wpa_ie_len = res;
5215
5216 wpa_hexdump(MSG_DEBUG, "WPA: Set own WPA IE default",
5217 wpa_ie, *wpa_ie_len);
5218
5219 if (sm->assoc_wpa_ie == NULL) {
5220 /*
5221 * Make a copy of the WPA/RSN IE so that 4-Way Handshake gets
5222 * the correct version of the IE even if PMKSA caching is
5223 * aborted (which would remove PMKID from IE generation).
5224 */
5225 sm->assoc_wpa_ie = os_memdup(wpa_ie, *wpa_ie_len);
5226 if (sm->assoc_wpa_ie == NULL)
5227 return -1;
5228
5229 sm->assoc_wpa_ie_len = *wpa_ie_len;
5230 } else {
5231 wpa_hexdump(MSG_DEBUG,
5232 "WPA: Leave previously set WPA IE default",
5233 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
5234 }
5235
5236 return 0;
5237 }
5238
5239
5240 /**
5241 * wpa_sm_set_assoc_wpa_ie - Set own WPA/RSN IE from (Re)AssocReq
5242 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5243 * @ie: Pointer to IE data (starting from id)
5244 * @len: IE length
5245 * Returns: 0 on success, -1 on failure
5246 *
5247 * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
5248 * Request frame. The IE will be used to override the default value generated
5249 * with wpa_sm_set_assoc_wpa_ie_default().
5250 */
wpa_sm_set_assoc_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)5251 int wpa_sm_set_assoc_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
5252 {
5253 if (sm == NULL)
5254 return -1;
5255
5256 os_free(sm->assoc_wpa_ie);
5257 if (ie == NULL || len == 0) {
5258 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5259 "WPA: clearing own WPA/RSN IE");
5260 sm->assoc_wpa_ie = NULL;
5261 sm->assoc_wpa_ie_len = 0;
5262 } else {
5263 wpa_hexdump(MSG_DEBUG, "WPA: set own WPA/RSN IE", ie, len);
5264 sm->assoc_wpa_ie = os_memdup(ie, len);
5265 if (sm->assoc_wpa_ie == NULL)
5266 return -1;
5267
5268 sm->assoc_wpa_ie_len = len;
5269 }
5270
5271 return 0;
5272 }
5273
5274
5275 #ifdef CONFIG_TESTING_OPTIONS
5276
wpa_sm_set_test_rsnxe_data(struct wpa_sm * sm,struct wpabuf * data,struct wpabuf * mask)5277 int wpa_sm_set_test_rsnxe_data(struct wpa_sm *sm, struct wpabuf *data,
5278 struct wpabuf *mask)
5279 {
5280 size_t data_len = 0, mask_len = 0;
5281
5282 wpabuf_free(sm->test_rsnxe_data);
5283 sm->test_rsnxe_data = NULL;
5284 wpabuf_free(sm->test_rsnxe_mask);
5285 sm->test_rsnxe_mask = NULL;
5286
5287 if (!data && !mask)
5288 return 0;
5289
5290 if (data)
5291 data_len = wpabuf_len(data);
5292 if (mask)
5293 mask_len = wpabuf_len(mask);
5294
5295 if (data_len != mask_len || data_len > 255)
5296 return -1;
5297
5298 sm->test_rsnxe_data = data;
5299 sm->test_rsnxe_mask = mask;
5300
5301 return 0;
5302 }
5303
5304
wpa_set_test_rsnxe_data(struct wpa_sm * sm,u8 * rsnxe,size_t orig_len,size_t max_len)5305 static int wpa_set_test_rsnxe_data(struct wpa_sm *sm, u8 *rsnxe,
5306 size_t orig_len, size_t max_len)
5307 {
5308 const u8 *data, *mask;
5309 size_t i, data_len;
5310
5311 if (!sm->test_rsnxe_data || !sm->test_rsnxe_mask)
5312 return orig_len;
5313
5314 mask = wpabuf_head(sm->test_rsnxe_mask);
5315 data = wpabuf_head(sm->test_rsnxe_data);
5316 data_len = wpabuf_len(sm->test_rsnxe_data);
5317 if (max_len < data_len + 2) {
5318 wpa_printf(MSG_ERROR, "Couldn't fit RSNXE test data");
5319 return -1;
5320 }
5321
5322 /* Set data after original RSNXE to zero */
5323 if (orig_len < data_len + 2)
5324 os_memset(&rsnxe[orig_len], 0, data_len + 2 - orig_len);
5325
5326 /* Set EID and length fields */
5327 *rsnxe++ = WLAN_EID_RSNX;
5328 *rsnxe++ = data_len;
5329
5330 /* Preserve original RSNXE bit value when mask bit is zero */
5331 for (i = 0; i < data_len; i++) {
5332 if (!mask[i])
5333 continue;
5334
5335 rsnxe[i] &= ~mask[i];
5336 rsnxe[i] |= data[i] & mask[i];
5337 }
5338
5339 return data_len + 2;
5340 }
5341
5342 #endif /* CONFIG_TESTING_OPTIONS */
5343
5344
5345 /**
5346 * wpa_sm_set_assoc_rsnxe_default - Generate own RSNXE from configuration
5347 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5348 * @rsnxe: Pointer to buffer for RSNXE
5349 * @rsnxe_len: Pointer to the length of the rsne buffer
5350 * Returns: 0 on success, -1 on failure
5351 */
wpa_sm_set_assoc_rsnxe_default(struct wpa_sm * sm,u8 * rsnxe,size_t * rsnxe_len)5352 int wpa_sm_set_assoc_rsnxe_default(struct wpa_sm *sm, u8 *rsnxe,
5353 size_t *rsnxe_len)
5354 {
5355 int res;
5356
5357 if (!sm)
5358 return -1;
5359
5360 res = wpa_gen_rsnxe(sm, rsnxe, *rsnxe_len);
5361 if (res < 0)
5362 return -1;
5363 #ifdef CONFIG_TESTING_OPTIONS
5364 res = wpa_set_test_rsnxe_data(sm, rsnxe, res, *rsnxe_len);
5365 if (res < 0)
5366 return -1;
5367 #endif /* CONFIG_TESTING_OPTIONS */
5368 *rsnxe_len = res;
5369
5370 wpa_hexdump(MSG_DEBUG, "RSN: Set own RSNXE default", rsnxe, *rsnxe_len);
5371
5372 if (sm->assoc_rsnxe) {
5373 wpa_hexdump(MSG_DEBUG,
5374 "RSN: Leave previously set RSNXE default",
5375 sm->assoc_rsnxe, sm->assoc_rsnxe_len);
5376 } else if (*rsnxe_len > 0) {
5377 /*
5378 * Make a copy of the RSNXE so that 4-Way Handshake gets the
5379 * correct version of the IE even if it gets changed.
5380 */
5381 sm->assoc_rsnxe = os_memdup(rsnxe, *rsnxe_len);
5382 if (!sm->assoc_rsnxe)
5383 return -1;
5384
5385 sm->assoc_rsnxe_len = *rsnxe_len;
5386 }
5387
5388 return 0;
5389 }
5390
5391
5392 /**
5393 * wpa_sm_set_assoc_rsnxe - Set own RSNXE from (Re)AssocReq
5394 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5395 * @ie: Pointer to IE data (starting from id)
5396 * @len: IE length
5397 * Returns: 0 on success, -1 on failure
5398 *
5399 * Inform WPA state machine about the RSNXE used in (Re)Association Request
5400 * frame. The IE will be used to override the default value generated
5401 * with wpa_sm_set_assoc_rsnxe_default().
5402 */
wpa_sm_set_assoc_rsnxe(struct wpa_sm * sm,const u8 * ie,size_t len)5403 int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
5404 {
5405 if (!sm)
5406 return -1;
5407
5408 os_free(sm->assoc_rsnxe);
5409 if (!ie || len == 0) {
5410 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5411 "RSN: clearing own RSNXE");
5412 sm->assoc_rsnxe = NULL;
5413 sm->assoc_rsnxe_len = 0;
5414 } else {
5415 wpa_hexdump(MSG_DEBUG, "RSN: set own RSNXE", ie, len);
5416 sm->assoc_rsnxe = os_memdup(ie, len);
5417 if (!sm->assoc_rsnxe)
5418 return -1;
5419
5420 sm->assoc_rsnxe_len = len;
5421 }
5422
5423 if (sm->ssid_protection &&
5424 !ieee802_11_rsnx_capab(sm->assoc_rsnxe,
5425 WLAN_RSNX_CAPAB_SSID_PROTECTION)) {
5426 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5427 "RSN: Disabling SSID protection based on own RSNXE update");
5428 sm->ssid_protection = 0;
5429 }
5430
5431 return 0;
5432 }
5433
5434
5435 /**
5436 * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp
5437 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5438 * @ie: Pointer to IE data (starting from id)
5439 * @len: IE length
5440 * Returns: 0 on success, -1 on failure
5441 *
5442 * Inform WPA state machine about the WPA IE used in Beacon / Probe Response
5443 * frame.
5444 */
wpa_sm_set_ap_wpa_ie(struct wpa_sm * sm,const u8 * ie,size_t len)5445 int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
5446 {
5447 if (sm == NULL)
5448 return -1;
5449
5450 os_free(sm->ap_wpa_ie);
5451 if (ie == NULL || len == 0) {
5452 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5453 "WPA: clearing AP WPA IE");
5454 sm->ap_wpa_ie = NULL;
5455 sm->ap_wpa_ie_len = 0;
5456 } else {
5457 wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len);
5458 sm->ap_wpa_ie = os_memdup(ie, len);
5459 if (sm->ap_wpa_ie == NULL)
5460 return -1;
5461
5462 sm->ap_wpa_ie_len = len;
5463 }
5464
5465 return 0;
5466 }
5467
5468
5469 /**
5470 * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp
5471 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5472 * @ie: Pointer to IE data (starting from id)
5473 * @len: IE length
5474 * Returns: 0 on success, -1 on failure
5475 *
5476 * Inform WPA state machine about the RSN IE used in Beacon / Probe Response
5477 * frame.
5478 */
wpa_sm_set_ap_rsn_ie(struct wpa_sm * sm,const u8 * ie,size_t len)5479 int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len)
5480 {
5481 if (sm == NULL)
5482 return -1;
5483
5484 os_free(sm->ap_rsn_ie);
5485 if (ie == NULL || len == 0) {
5486 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5487 "WPA: clearing AP RSN IE");
5488 sm->ap_rsn_ie = NULL;
5489 sm->ap_rsn_ie_len = 0;
5490 } else {
5491 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len);
5492 sm->ap_rsn_ie = os_memdup(ie, len);
5493 if (sm->ap_rsn_ie == NULL)
5494 return -1;
5495
5496 sm->ap_rsn_ie_len = len;
5497 }
5498
5499 return 0;
5500 }
5501
5502
5503 /**
5504 * wpa_sm_set_ap_rsnxe - Set AP RSNXE from Beacon/ProbeResp
5505 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5506 * @ie: Pointer to IE data (starting from id)
5507 * @len: IE length
5508 * Returns: 0 on success, -1 on failure
5509 *
5510 * Inform WPA state machine about the RSNXE used in Beacon / Probe Response
5511 * frame.
5512 */
wpa_sm_set_ap_rsnxe(struct wpa_sm * sm,const u8 * ie,size_t len)5513 int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
5514 {
5515 if (!sm)
5516 return -1;
5517
5518 os_free(sm->ap_rsnxe);
5519 if (!ie || len == 0) {
5520 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSNXE");
5521 sm->ap_rsnxe = NULL;
5522 sm->ap_rsnxe_len = 0;
5523 } else {
5524 wpa_hexdump(MSG_DEBUG, "WPA: set AP RSNXE", ie, len);
5525 sm->ap_rsnxe = os_memdup(ie, len);
5526 if (!sm->ap_rsnxe)
5527 return -1;
5528
5529 sm->ap_rsnxe_len = len;
5530 }
5531
5532 return 0;
5533 }
5534
5535
wpa_sm_set_ap_rsne_override(struct wpa_sm * sm,const u8 * ie,size_t len)5536 int wpa_sm_set_ap_rsne_override(struct wpa_sm *sm, const u8 *ie, size_t len)
5537 {
5538 if (!sm)
5539 return -1;
5540
5541 os_free(sm->ap_rsne_override);
5542 if (!ie || len == 0) {
5543 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5544 "RSN: Clearing AP RSNE Override element");
5545 sm->ap_rsne_override = NULL;
5546 sm->ap_rsne_override_len = 0;
5547 } else {
5548 wpa_hexdump(MSG_DEBUG, "RSN: Set AP RSNE Override element",
5549 ie, len);
5550 sm->ap_rsne_override = os_memdup(ie, len);
5551 if (!sm->ap_rsne_override)
5552 return -1;
5553
5554 sm->ap_rsne_override_len = len;
5555 }
5556
5557 return 0;
5558 }
5559
5560
wpa_sm_set_ap_rsne_override_2(struct wpa_sm * sm,const u8 * ie,size_t len)5561 int wpa_sm_set_ap_rsne_override_2(struct wpa_sm *sm, const u8 *ie, size_t len)
5562 {
5563 if (!sm)
5564 return -1;
5565
5566 os_free(sm->ap_rsne_override_2);
5567 if (!ie || len == 0) {
5568 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5569 "RSN: Clearing AP RSNE Override 2 element");
5570 sm->ap_rsne_override_2 = NULL;
5571 sm->ap_rsne_override_2_len = 0;
5572 } else {
5573 wpa_hexdump(MSG_DEBUG, "RSN: Set AP RSNE Override 2 element",
5574 ie, len);
5575 sm->ap_rsne_override_2 = os_memdup(ie, len);
5576 if (!sm->ap_rsne_override_2)
5577 return -1;
5578
5579 sm->ap_rsne_override_2_len = len;
5580 }
5581
5582 return 0;
5583 }
5584
5585
wpa_sm_set_ap_rsnxe_override(struct wpa_sm * sm,const u8 * ie,size_t len)5586 int wpa_sm_set_ap_rsnxe_override(struct wpa_sm *sm, const u8 *ie, size_t len)
5587 {
5588 if (!sm)
5589 return -1;
5590
5591 os_free(sm->ap_rsnxe_override);
5592 if (!ie || len == 0) {
5593 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5594 "RSN: Clearing AP RSNXE Override element");
5595 sm->ap_rsnxe_override = NULL;
5596 sm->ap_rsnxe_override_len = 0;
5597 } else {
5598 wpa_hexdump(MSG_DEBUG, "RSN: Set AP RSNXE Override element",
5599 ie, len);
5600 sm->ap_rsnxe_override = os_memdup(ie, len);
5601 if (!sm->ap_rsnxe_override)
5602 return -1;
5603
5604 sm->ap_rsnxe_override_len = len;
5605 }
5606
5607 return 0;
5608 }
5609
5610
5611 /**
5612 * wpa_sm_parse_own_wpa_ie - Parse own WPA/RSN IE
5613 * @sm: Pointer to WPA state machine data from wpa_sm_init()
5614 * @data: Pointer to data area for parsing results
5615 * Returns: 0 on success, -1 if IE is not known, or -2 on parsing failure
5616 *
5617 * Parse the contents of the own WPA or RSN IE from (Re)AssocReq and write the
5618 * parsed data into data.
5619 */
wpa_sm_parse_own_wpa_ie(struct wpa_sm * sm,struct wpa_ie_data * data)5620 int wpa_sm_parse_own_wpa_ie(struct wpa_sm *sm, struct wpa_ie_data *data)
5621 {
5622 if (sm == NULL)
5623 return -1;
5624
5625 if (sm->assoc_wpa_ie == NULL) {
5626 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
5627 "WPA: No WPA/RSN IE available from association info");
5628 return -1;
5629 }
5630 if (wpa_parse_wpa_ie(sm->assoc_wpa_ie, sm->assoc_wpa_ie_len, data))
5631 return -2;
5632 return 0;
5633 }
5634
5635
wpa_sm_pmksa_cache_list(struct wpa_sm * sm,char * buf,size_t len)5636 int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
5637 {
5638 return pmksa_cache_list(sm->pmksa, buf, len);
5639 }
5640
5641
wpa_sm_pmksa_cache_head(struct wpa_sm * sm)5642 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm)
5643 {
5644 return pmksa_cache_head(sm->pmksa);
5645 }
5646
5647
5648 struct rsn_pmksa_cache_entry *
wpa_sm_pmksa_cache_add_entry(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)5649 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
5650 struct rsn_pmksa_cache_entry * entry)
5651 {
5652 return pmksa_cache_add_entry(sm->pmksa, entry);
5653 }
5654
5655
wpa_sm_pmksa_cache_add(struct wpa_sm * sm,const u8 * pmk,size_t pmk_len,const u8 * pmkid,const u8 * bssid,const u8 * fils_cache_id)5656 void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
5657 const u8 *pmkid, const u8 *bssid,
5658 const u8 *fils_cache_id)
5659 {
5660 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
5661 bssid, sm->own_addr, sm->network_ctx,
5662 sm->key_mgmt, fils_cache_id);
5663 }
5664
5665
wpa_sm_pmksa_exists(struct wpa_sm * sm,const u8 * bssid,const u8 * own_addr,const void * network_ctx)5666 int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid, const u8 *own_addr,
5667 const void *network_ctx)
5668 {
5669 return pmksa_cache_get(sm->pmksa, bssid, own_addr, NULL, network_ctx,
5670 0) != NULL;
5671 }
5672
5673
wpa_sm_pmksa_cache_get(struct wpa_sm * sm,const u8 * aa,const u8 * pmkid,const void * network_ctx,int akmp)5674 struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_get(struct wpa_sm *sm,
5675 const u8 *aa,
5676 const u8 *pmkid,
5677 const void *network_ctx,
5678 int akmp)
5679 {
5680 return pmksa_cache_get(sm->pmksa, aa, sm->own_addr, pmkid, network_ctx,
5681 akmp);
5682 }
5683
5684
wpa_sm_pmksa_get_pmk(struct wpa_sm * sm,const u8 * aa,const u8 ** pmk,size_t * pmk_len,const u8 ** pmkid)5685 int wpa_sm_pmksa_get_pmk(struct wpa_sm *sm, const u8 *aa, const u8 **pmk,
5686 size_t *pmk_len, const u8 **pmkid)
5687 {
5688 struct rsn_pmksa_cache_entry *pmksa;
5689
5690 pmksa = wpa_sm_pmksa_cache_get(sm, aa, NULL, NULL, 0);
5691 if (!pmksa) {
5692 wpa_printf(MSG_DEBUG, "RSN: Failed to get PMKSA for " MACSTR,
5693 MAC2STR(aa));
5694 return -1;
5695 }
5696
5697 *pmk = pmksa->pmk;
5698 *pmk_len = pmksa->pmk_len;
5699 *pmkid = pmksa->pmkid;
5700 return 0;
5701 }
5702
5703
wpa_sm_pmksa_cache_remove(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)5704 void wpa_sm_pmksa_cache_remove(struct wpa_sm *sm,
5705 struct rsn_pmksa_cache_entry *entry)
5706 {
5707 if (sm && sm->pmksa)
5708 pmksa_cache_remove(sm->pmksa, entry);
5709 }
5710
5711
wpa_sm_drop_sa(struct wpa_sm * sm)5712 void wpa_sm_drop_sa(struct wpa_sm *sm)
5713 {
5714 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
5715 wpa_sm_clear_ptk(sm);
5716 sm->pmk_len = 0;
5717 os_memset(sm->pmk, 0, sizeof(sm->pmk));
5718 #ifdef CONFIG_IEEE80211R
5719 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
5720 sm->xxkey_len = 0;
5721 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
5722 sm->pmk_r0_len = 0;
5723 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
5724 sm->pmk_r1_len = 0;
5725 #ifdef CONFIG_PASN
5726 os_free(sm->pasn_r1kh);
5727 sm->pasn_r1kh = NULL;
5728 sm->n_pasn_r1kh = 0;
5729 #endif /* CONFIG_PASN */
5730 #endif /* CONFIG_IEEE80211R */
5731 }
5732
5733
5734 #ifdef CONFIG_IEEE80211R
wpa_sm_has_ft_keys(struct wpa_sm * sm,const u8 * md)5735 bool wpa_sm_has_ft_keys(struct wpa_sm *sm, const u8 *md)
5736 {
5737 if (!sm)
5738 return false;
5739 if (!wpa_key_mgmt_ft(sm->key_mgmt) ||
5740 os_memcmp(md, sm->key_mobility_domain,
5741 MOBILITY_DOMAIN_ID_LEN) != 0) {
5742 /* Do not allow FT protocol to be used even if we were to have
5743 * an PTK since the mobility domain has changed. */
5744 return false;
5745 }
5746 return sm->ptk_set;
5747 }
5748 #endif /* CONFIG_IEEE80211R */
5749
5750
wpa_sm_has_ptk_installed(struct wpa_sm * sm)5751 int wpa_sm_has_ptk_installed(struct wpa_sm *sm)
5752 {
5753 if (!sm)
5754 return 0;
5755 return sm->tk_set || sm->ptk.installed;
5756 }
5757
5758
wpa_sm_update_replay_ctr(struct wpa_sm * sm,const u8 * replay_ctr)5759 void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
5760 {
5761 os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
5762 }
5763
5764
wpa_sm_pmksa_cache_flush(struct wpa_sm * sm,void * network_ctx)5765 void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
5766 {
5767 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, false);
5768 }
5769
5770
wpa_sm_external_pmksa_cache_flush(struct wpa_sm * sm,void * network_ctx)5771 void wpa_sm_external_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
5772 {
5773 pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0, true);
5774 }
5775
5776
5777 #ifdef CONFIG_WNM
wpa_wnmsleep_install_key(struct wpa_sm * sm,u8 subelem_id,u8 * buf)5778 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
5779 {
5780 u16 keyinfo;
5781 u8 keylen; /* plaintext key len */
5782 u8 *key_rsc;
5783
5784 if (subelem_id == WNM_SLEEP_SUBELEM_GTK) {
5785 struct wpa_gtk_data gd;
5786
5787 os_memset(&gd, 0, sizeof(gd));
5788 keylen = wpa_cipher_key_len(sm->group_cipher);
5789 gd.key_rsc_len = wpa_cipher_rsc_len(sm->group_cipher);
5790 gd.alg = wpa_cipher_to_alg(sm->group_cipher);
5791 if (gd.alg == WPA_ALG_NONE) {
5792 wpa_printf(MSG_DEBUG, "Unsupported group cipher suite");
5793 return -1;
5794 }
5795
5796 key_rsc = buf + 5;
5797 keyinfo = WPA_GET_LE16(buf + 2);
5798 gd.gtk_len = keylen;
5799 if (gd.gtk_len != buf[4]) {
5800 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
5801 gd.gtk_len, buf[4]);
5802 return -1;
5803 }
5804 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
5805 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
5806 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
5807
5808 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
5809
5810 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
5811 gd.gtk, gd.gtk_len);
5812 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
5813 forced_memzero(&gd, sizeof(gd));
5814 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
5815 "WNM mode");
5816 return -1;
5817 }
5818 forced_memzero(&gd, sizeof(gd));
5819 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
5820 const struct wpa_igtk_kde *igtk;
5821
5822 igtk = (const struct wpa_igtk_kde *) (buf + 2);
5823 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
5824 return -1;
5825 } else if (subelem_id == WNM_SLEEP_SUBELEM_BIGTK) {
5826 const struct wpa_bigtk_kde *bigtk;
5827
5828 bigtk = (const struct wpa_bigtk_kde *) (buf + 2);
5829 if (sm->beacon_prot &&
5830 wpa_supplicant_install_bigtk(sm, bigtk, 1) < 0)
5831 return -1;
5832 } else {
5833 wpa_printf(MSG_DEBUG, "Unknown element id");
5834 return -1;
5835 }
5836
5837 return 0;
5838 }
5839 #endif /* CONFIG_WNM */
5840
5841
5842 #ifdef CONFIG_P2P
5843
wpa_sm_get_p2p_ip_addr(struct wpa_sm * sm,u8 * buf)5844 int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
5845 {
5846 if (sm == NULL || WPA_GET_BE32(sm->p2p_ip_addr) == 0)
5847 return -1;
5848 os_memcpy(buf, sm->p2p_ip_addr, 3 * 4);
5849 return 0;
5850 }
5851
5852 #endif /* CONFIG_P2P */
5853
5854
wpa_sm_set_rx_replay_ctr(struct wpa_sm * sm,const u8 * rx_replay_counter)5855 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter)
5856 {
5857 if (rx_replay_counter == NULL)
5858 return;
5859
5860 os_memcpy(sm->rx_replay_counter, rx_replay_counter,
5861 WPA_REPLAY_COUNTER_LEN);
5862 sm->rx_replay_counter_set = 1;
5863 wpa_printf(MSG_DEBUG, "Updated key replay counter");
5864 }
5865
5866
wpa_sm_set_ptk_kck_kek(struct wpa_sm * sm,const u8 * ptk_kck,size_t ptk_kck_len,const u8 * ptk_kek,size_t ptk_kek_len)5867 void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
5868 const u8 *ptk_kck, size_t ptk_kck_len,
5869 const u8 *ptk_kek, size_t ptk_kek_len)
5870 {
5871 if (ptk_kck && ptk_kck_len <= WPA_KCK_MAX_LEN) {
5872 os_memcpy(sm->ptk.kck, ptk_kck, ptk_kck_len);
5873 sm->ptk.kck_len = ptk_kck_len;
5874 wpa_printf(MSG_DEBUG, "Updated PTK KCK");
5875 }
5876 if (ptk_kek && ptk_kek_len <= WPA_KEK_MAX_LEN) {
5877 os_memcpy(sm->ptk.kek, ptk_kek, ptk_kek_len);
5878 sm->ptk.kek_len = ptk_kek_len;
5879 wpa_printf(MSG_DEBUG, "Updated PTK KEK");
5880 }
5881 sm->ptk_set = 1;
5882 }
5883
5884
5885 #ifdef CONFIG_TESTING_OPTIONS
5886
wpa_sm_set_test_assoc_ie(struct wpa_sm * sm,struct wpabuf * buf)5887 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
5888 {
5889 wpabuf_free(sm->test_assoc_ie);
5890 sm->test_assoc_ie = buf;
5891 }
5892
5893
wpa_sm_set_test_eapol_m2_elems(struct wpa_sm * sm,struct wpabuf * buf)5894 void wpa_sm_set_test_eapol_m2_elems(struct wpa_sm *sm, struct wpabuf *buf)
5895 {
5896 wpabuf_free(sm->test_eapol_m2_elems);
5897 sm->test_eapol_m2_elems = buf;
5898 }
5899
5900
wpa_sm_set_test_eapol_m4_elems(struct wpa_sm * sm,struct wpabuf * buf)5901 void wpa_sm_set_test_eapol_m4_elems(struct wpa_sm *sm, struct wpabuf *buf)
5902 {
5903 wpabuf_free(sm->test_eapol_m4_elems);
5904 sm->test_eapol_m4_elems = buf;
5905 }
5906
5907
wpa_sm_get_anonce(struct wpa_sm * sm)5908 const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
5909 {
5910 return sm->anonce;
5911 }
5912
5913 #endif /* CONFIG_TESTING_OPTIONS */
5914
5915
wpa_sm_get_key_mgmt(struct wpa_sm * sm)5916 unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm)
5917 {
5918 return sm->key_mgmt;
5919 }
5920
5921
wpa_sm_get_auth_addr(struct wpa_sm * sm)5922 const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm)
5923 {
5924 return sm->mlo.valid_links ? sm->mlo.ap_mld_addr : sm->bssid;
5925 }
5926
5927
5928 #ifdef CONFIG_FILS
5929
fils_build_auth(struct wpa_sm * sm,int dh_group,const u8 * md)5930 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
5931 {
5932 struct wpabuf *buf = NULL;
5933 struct wpabuf *erp_msg;
5934 struct wpabuf *pub = NULL;
5935
5936 erp_msg = eapol_sm_build_erp_reauth_start(sm->eapol);
5937 if (!erp_msg && !sm->cur_pmksa) {
5938 wpa_printf(MSG_DEBUG,
5939 "FILS: Neither ERP EAP-Initiate/Re-auth nor PMKSA cache entry is available - skip FILS");
5940 goto fail;
5941 }
5942
5943 wpa_printf(MSG_DEBUG, "FILS: Try to use FILS (erp=%d pmksa_cache=%d)",
5944 erp_msg != NULL, sm->cur_pmksa != NULL);
5945
5946 sm->fils_completed = 0;
5947
5948 if (!sm->assoc_wpa_ie) {
5949 wpa_printf(MSG_INFO, "FILS: No own RSN IE set for FILS");
5950 goto fail;
5951 }
5952
5953 if (random_get_bytes(sm->fils_nonce, FILS_NONCE_LEN) < 0 ||
5954 random_get_bytes(sm->fils_session, FILS_SESSION_LEN) < 0)
5955 goto fail;
5956
5957 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Nonce",
5958 sm->fils_nonce, FILS_NONCE_LEN);
5959 wpa_hexdump(MSG_DEBUG, "FILS: Generated FILS Session",
5960 sm->fils_session, FILS_SESSION_LEN);
5961
5962 #ifdef CONFIG_FILS_SK_PFS
5963 sm->fils_dh_group = dh_group;
5964 if (dh_group) {
5965 crypto_ecdh_deinit(sm->fils_ecdh);
5966 sm->fils_ecdh = crypto_ecdh_init(dh_group);
5967 if (!sm->fils_ecdh) {
5968 wpa_printf(MSG_INFO,
5969 "FILS: Could not initialize ECDH with group %d",
5970 dh_group);
5971 goto fail;
5972 }
5973 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
5974 if (!pub)
5975 goto fail;
5976 wpa_hexdump_buf(MSG_DEBUG, "FILS: Element (DH public key)",
5977 pub);
5978 sm->fils_dh_elem_len = wpabuf_len(pub);
5979 }
5980 #endif /* CONFIG_FILS_SK_PFS */
5981
5982 buf = wpabuf_alloc(1000 + sm->assoc_wpa_ie_len +
5983 (pub ? wpabuf_len(pub) : 0));
5984 if (!buf)
5985 goto fail;
5986
5987 /* Fields following the Authentication algorithm number field */
5988
5989 /* Authentication Transaction seq# */
5990 wpabuf_put_le16(buf, 1);
5991
5992 /* Status Code */
5993 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
5994
5995 /* TODO: FILS PK */
5996 #ifdef CONFIG_FILS_SK_PFS
5997 if (dh_group) {
5998 /* Finite Cyclic Group */
5999 wpabuf_put_le16(buf, dh_group);
6000 /* Element */
6001 wpabuf_put_buf(buf, pub);
6002 }
6003 #endif /* CONFIG_FILS_SK_PFS */
6004
6005 /* RSNE */
6006 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in FILS Authentication frame",
6007 sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
6008 wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
6009
6010 if (md) {
6011 /* MDE when using FILS for FT initial association */
6012 struct rsn_mdie *mdie;
6013
6014 wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
6015 wpabuf_put_u8(buf, sizeof(*mdie));
6016 mdie = wpabuf_put(buf, sizeof(*mdie));
6017 os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
6018 mdie->ft_capab = 0;
6019 }
6020
6021 /* FILS Nonce */
6022 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6023 wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN); /* Length */
6024 /* Element ID Extension */
6025 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE);
6026 wpabuf_put_data(buf, sm->fils_nonce, FILS_NONCE_LEN);
6027
6028 /* FILS Session */
6029 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6030 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */
6031 /* Element ID Extension */
6032 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
6033 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
6034
6035 /* Wrapped Data */
6036 sm->fils_erp_pmkid_set = 0;
6037 if (erp_msg) {
6038 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6039 wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg)); /* Length */
6040 /* Element ID Extension */
6041 wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA);
6042 wpabuf_put_buf(buf, erp_msg);
6043 /* Calculate pending PMKID here so that we do not need to
6044 * maintain a copy of the EAP-Initiate/Reauth message. */
6045 if (fils_pmkid_erp(sm->key_mgmt, wpabuf_head(erp_msg),
6046 wpabuf_len(erp_msg),
6047 sm->fils_erp_pmkid) == 0)
6048 sm->fils_erp_pmkid_set = 1;
6049 }
6050
6051 wpa_hexdump_buf(MSG_DEBUG, "RSN: FILS fields for Authentication frame",
6052 buf);
6053
6054 fail:
6055 wpabuf_free(erp_msg);
6056 wpabuf_free(pub);
6057 return buf;
6058 }
6059
6060
fils_process_auth(struct wpa_sm * sm,const u8 * bssid,const u8 * data,size_t len)6061 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
6062 size_t len)
6063 {
6064 const u8 *pos, *end;
6065 struct ieee802_11_elems elems;
6066 struct wpa_ie_data rsn;
6067 int pmkid_match = 0;
6068 u8 ick[FILS_ICK_MAX_LEN];
6069 size_t ick_len;
6070 int res;
6071 struct wpabuf *dh_ss = NULL;
6072 const u8 *g_sta = NULL;
6073 size_t g_sta_len = 0;
6074 const u8 *g_ap = NULL;
6075 size_t g_ap_len = 0, kdk_len;
6076 struct wpabuf *pub = NULL;
6077 #ifdef CONFIG_IEEE80211R
6078 struct wpa_ft_ies parse;
6079
6080 os_memset(&parse, 0, sizeof(parse));
6081 #endif /* CONFIG_IEEE80211R */
6082
6083 os_memcpy(sm->bssid, bssid, ETH_ALEN);
6084
6085 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
6086 data, len);
6087 pos = data;
6088 end = data + len;
6089
6090 /* TODO: FILS PK */
6091 #ifdef CONFIG_FILS_SK_PFS
6092 if (sm->fils_dh_group) {
6093 u16 group;
6094
6095 /* Using FILS PFS */
6096
6097 /* Finite Cyclic Group */
6098 if (end - pos < 2) {
6099 wpa_printf(MSG_DEBUG,
6100 "FILS: No room for Finite Cyclic Group");
6101 goto fail;
6102 }
6103 group = WPA_GET_LE16(pos);
6104 pos += 2;
6105 if (group != sm->fils_dh_group) {
6106 wpa_printf(MSG_DEBUG,
6107 "FILS: Unexpected change in Finite Cyclic Group: %u (expected %u)",
6108 group, sm->fils_dh_group);
6109 goto fail;
6110 }
6111
6112 /* Element */
6113 if ((size_t) (end - pos) < sm->fils_dh_elem_len) {
6114 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
6115 goto fail;
6116 }
6117
6118 if (!sm->fils_ecdh) {
6119 wpa_printf(MSG_DEBUG, "FILS: No ECDH state available");
6120 goto fail;
6121 }
6122 dh_ss = crypto_ecdh_set_peerkey(sm->fils_ecdh, 1, pos,
6123 sm->fils_dh_elem_len);
6124 if (!dh_ss) {
6125 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
6126 goto fail;
6127 }
6128 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", dh_ss);
6129 g_ap = pos;
6130 g_ap_len = sm->fils_dh_elem_len;
6131 pos += sm->fils_dh_elem_len;
6132 }
6133 #endif /* CONFIG_FILS_SK_PFS */
6134
6135 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
6136 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
6137 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
6138 goto fail;
6139 }
6140
6141 /* RSNE */
6142 wpa_hexdump(MSG_DEBUG, "FILS: RSN element", elems.rsn_ie,
6143 elems.rsn_ie_len);
6144 if (!elems.rsn_ie ||
6145 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
6146 &rsn) < 0) {
6147 wpa_printf(MSG_DEBUG, "FILS: No RSN element");
6148 goto fail;
6149 }
6150
6151 if (!elems.fils_nonce) {
6152 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
6153 goto fail;
6154 }
6155 os_memcpy(sm->fils_anonce, elems.fils_nonce, FILS_NONCE_LEN);
6156 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", sm->fils_anonce, FILS_NONCE_LEN);
6157
6158 #ifdef CONFIG_IEEE80211R
6159 if (wpa_key_mgmt_ft(sm->key_mgmt)) {
6160 if (!elems.mdie || !elems.ftie) {
6161 wpa_printf(MSG_DEBUG, "FILS+FT: No MDE or FTE");
6162 goto fail;
6163 }
6164
6165 if (wpa_ft_parse_ies(pos, end - pos, &parse,
6166 sm->key_mgmt, false) < 0) {
6167 wpa_printf(MSG_DEBUG, "FILS+FT: Failed to parse IEs");
6168 goto fail;
6169 }
6170
6171 if (!parse.r0kh_id) {
6172 wpa_printf(MSG_DEBUG,
6173 "FILS+FT: No R0KH-ID subelem in FTE");
6174 goto fail;
6175 }
6176 os_memcpy(sm->r0kh_id, parse.r0kh_id, parse.r0kh_id_len);
6177 sm->r0kh_id_len = parse.r0kh_id_len;
6178 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
6179 sm->r0kh_id, sm->r0kh_id_len);
6180
6181 if (!parse.r1kh_id) {
6182 wpa_printf(MSG_DEBUG,
6183 "FILS+FT: No R1KH-ID subelem in FTE");
6184 goto fail;
6185 }
6186 os_memcpy(sm->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
6187 wpa_hexdump(MSG_DEBUG, "FILS+FT: R1KH-ID",
6188 sm->r1kh_id, FT_R1KH_ID_LEN);
6189
6190 /* TODO: Check MDE and FTE payload */
6191
6192 wpabuf_free(sm->fils_ft_ies);
6193 sm->fils_ft_ies = wpabuf_alloc(2 + elems.mdie_len +
6194 2 + elems.ftie_len);
6195 if (!sm->fils_ft_ies)
6196 goto fail;
6197 wpabuf_put_data(sm->fils_ft_ies, elems.mdie - 2,
6198 2 + elems.mdie_len);
6199 wpabuf_put_data(sm->fils_ft_ies, elems.ftie - 2,
6200 2 + elems.ftie_len);
6201 } else {
6202 wpabuf_free(sm->fils_ft_ies);
6203 sm->fils_ft_ies = NULL;
6204 }
6205 #endif /* CONFIG_IEEE80211R */
6206
6207 /* PMKID List */
6208 if (rsn.pmkid && rsn.num_pmkid > 0) {
6209 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
6210 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
6211
6212 if (rsn.num_pmkid != 1) {
6213 wpa_printf(MSG_DEBUG, "FILS: Invalid PMKID selection");
6214 goto fail;
6215 }
6216 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", rsn.pmkid, PMKID_LEN);
6217 if (os_memcmp(sm->cur_pmksa->pmkid, rsn.pmkid, PMKID_LEN) != 0)
6218 {
6219 wpa_printf(MSG_DEBUG, "FILS: PMKID mismatch");
6220 wpa_hexdump(MSG_DEBUG, "FILS: Expected PMKID",
6221 sm->cur_pmksa->pmkid, PMKID_LEN);
6222 goto fail;
6223 }
6224 wpa_printf(MSG_DEBUG,
6225 "FILS: Matching PMKID - continue using PMKSA caching");
6226 pmkid_match = 1;
6227 }
6228 if (!pmkid_match && sm->cur_pmksa) {
6229 wpa_printf(MSG_DEBUG,
6230 "FILS: No PMKID match - cannot use cached PMKSA entry");
6231 sm->cur_pmksa = NULL;
6232 }
6233
6234 /* FILS Session */
6235 if (!elems.fils_session) {
6236 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
6237 goto fail;
6238 }
6239 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
6240 FILS_SESSION_LEN);
6241 if (os_memcmp(sm->fils_session, elems.fils_session, FILS_SESSION_LEN)
6242 != 0) {
6243 wpa_printf(MSG_DEBUG, "FILS: Session mismatch");
6244 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
6245 sm->fils_session, FILS_SESSION_LEN);
6246 goto fail;
6247 }
6248
6249 /* Wrapped Data */
6250 if (!sm->cur_pmksa && elems.wrapped_data) {
6251 u8 rmsk[ERP_MAX_KEY_LEN];
6252 size_t rmsk_len;
6253
6254 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
6255 elems.wrapped_data,
6256 elems.wrapped_data_len);
6257 eapol_sm_process_erp_finish(sm->eapol, elems.wrapped_data,
6258 elems.wrapped_data_len);
6259 if (eapol_sm_failed(sm->eapol))
6260 goto fail;
6261
6262 rmsk_len = ERP_MAX_KEY_LEN;
6263 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
6264 if (res == PMK_LEN) {
6265 rmsk_len = PMK_LEN;
6266 res = eapol_sm_get_key(sm->eapol, rmsk, rmsk_len);
6267 }
6268 if (res)
6269 goto fail;
6270
6271 res = fils_rmsk_to_pmk(sm->key_mgmt, rmsk, rmsk_len,
6272 sm->fils_nonce, sm->fils_anonce,
6273 dh_ss ? wpabuf_head(dh_ss) : NULL,
6274 dh_ss ? wpabuf_len(dh_ss) : 0,
6275 sm->pmk, &sm->pmk_len);
6276 forced_memzero(rmsk, sizeof(rmsk));
6277
6278 /* Don't use DHss in PTK derivation if PMKSA caching is not
6279 * used. */
6280 wpabuf_clear_free(dh_ss);
6281 dh_ss = NULL;
6282
6283 if (res)
6284 goto fail;
6285
6286 if (!sm->fils_erp_pmkid_set) {
6287 wpa_printf(MSG_DEBUG, "FILS: PMKID not available");
6288 goto fail;
6289 }
6290 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", sm->fils_erp_pmkid,
6291 PMKID_LEN);
6292 wpa_printf(MSG_DEBUG, "FILS: ERP processing succeeded - add PMKSA cache entry for the result");
6293 sm->cur_pmksa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len,
6294 sm->fils_erp_pmkid, NULL, 0,
6295 sm->bssid, sm->own_addr,
6296 sm->network_ctx, sm->key_mgmt,
6297 NULL);
6298 }
6299
6300 if (!sm->cur_pmksa) {
6301 wpa_printf(MSG_DEBUG,
6302 "FILS: No remaining options to continue FILS authentication");
6303 goto fail;
6304 }
6305
6306 if (sm->force_kdk_derivation ||
6307 (sm->secure_ltf &&
6308 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
6309 kdk_len = WPA_KDK_MAX_LEN;
6310 else
6311 kdk_len = 0;
6312
6313 if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr,
6314 wpa_sm_get_auth_addr(sm),
6315 sm->fils_nonce, sm->fils_anonce,
6316 dh_ss ? wpabuf_head(dh_ss) : NULL,
6317 dh_ss ? wpabuf_len(dh_ss) : 0,
6318 &sm->ptk, ick, &ick_len,
6319 sm->key_mgmt, sm->pairwise_cipher,
6320 sm->fils_ft, &sm->fils_ft_len,
6321 kdk_len) < 0) {
6322 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PTK");
6323 goto fail;
6324 }
6325
6326 #ifdef CONFIG_PASN
6327 if (sm->secure_ltf &&
6328 ieee802_11_rsnx_capab(sm->ap_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
6329 wpa_ltf_keyseed(&sm->ptk, sm->key_mgmt, sm->pairwise_cipher)) {
6330 wpa_printf(MSG_DEBUG, "FILS: Failed to derive LTF keyseed");
6331 goto fail;
6332 }
6333 #endif /* CONFIG_PASN */
6334
6335 wpabuf_clear_free(dh_ss);
6336 dh_ss = NULL;
6337
6338 sm->ptk_set = 1;
6339 sm->tptk_set = 0;
6340 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
6341
6342 #ifdef CONFIG_FILS_SK_PFS
6343 if (sm->fils_dh_group) {
6344 if (!sm->fils_ecdh) {
6345 wpa_printf(MSG_INFO, "FILS: ECDH not initialized");
6346 goto fail;
6347 }
6348 pub = crypto_ecdh_get_pubkey(sm->fils_ecdh, 1);
6349 if (!pub)
6350 goto fail;
6351 wpa_hexdump_buf(MSG_DEBUG, "FILS: gSTA", pub);
6352 g_sta = wpabuf_head(pub);
6353 g_sta_len = wpabuf_len(pub);
6354 if (!g_ap) {
6355 wpa_printf(MSG_INFO, "FILS: gAP not available");
6356 goto fail;
6357 }
6358 wpa_hexdump(MSG_DEBUG, "FILS: gAP", g_ap, g_ap_len);
6359 }
6360 #endif /* CONFIG_FILS_SK_PFS */
6361
6362 res = fils_key_auth_sk(ick, ick_len, sm->fils_nonce,
6363 sm->fils_anonce, sm->own_addr, sm->bssid,
6364 g_sta, g_sta_len, g_ap, g_ap_len,
6365 sm->key_mgmt, sm->fils_key_auth_sta,
6366 sm->fils_key_auth_ap,
6367 &sm->fils_key_auth_len);
6368 wpabuf_free(pub);
6369 forced_memzero(ick, sizeof(ick));
6370 #ifdef CONFIG_IEEE80211R
6371 wpa_ft_parse_ies_free(&parse);
6372 #endif /* CONFIG_IEEE80211R */
6373 return res;
6374 fail:
6375 wpabuf_free(pub);
6376 wpabuf_clear_free(dh_ss);
6377 #ifdef CONFIG_IEEE80211R
6378 wpa_ft_parse_ies_free(&parse);
6379 #endif /* CONFIG_IEEE80211R */
6380 return -1;
6381 }
6382
6383
6384 #ifdef CONFIG_IEEE80211R
fils_ft_build_assoc_req_rsne(struct wpa_sm * sm,struct wpabuf * buf)6385 static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf)
6386 {
6387 struct rsn_ie_hdr *rsnie;
6388 u16 capab;
6389 u8 *pos;
6390 int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
6391
6392 /* RSNIE[PMKR0Name/PMKR1Name] */
6393 rsnie = wpabuf_put(buf, sizeof(*rsnie));
6394 rsnie->elem_id = WLAN_EID_RSN;
6395 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
6396
6397 /* Group Suite Selector */
6398 if (!wpa_cipher_valid_group(sm->group_cipher)) {
6399 wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
6400 sm->group_cipher);
6401 return -1;
6402 }
6403 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
6404 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
6405 sm->group_cipher));
6406
6407 /* Pairwise Suite Count */
6408 wpabuf_put_le16(buf, 1);
6409
6410 /* Pairwise Suite List */
6411 if (!wpa_cipher_valid_pairwise(sm->pairwise_cipher)) {
6412 wpa_printf(MSG_WARNING, "FT: Invalid pairwise cipher (%d)",
6413 sm->pairwise_cipher);
6414 return -1;
6415 }
6416 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
6417 RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
6418 sm->pairwise_cipher));
6419
6420 /* Authenticated Key Management Suite Count */
6421 wpabuf_put_le16(buf, 1);
6422
6423 /* Authenticated Key Management Suite List */
6424 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
6425 if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
6426 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
6427 else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
6428 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
6429 else {
6430 wpa_printf(MSG_WARNING,
6431 "FILS+FT: Invalid key management type (%d)",
6432 sm->key_mgmt);
6433 return -1;
6434 }
6435
6436 /* RSN Capabilities */
6437 capab = 0;
6438 if (sm->mfp)
6439 capab |= WPA_CAPABILITY_MFPC;
6440 if (sm->mfp == 2)
6441 capab |= WPA_CAPABILITY_MFPR;
6442 if (sm->ocv)
6443 capab |= WPA_CAPABILITY_OCVC;
6444 if (sm->ext_key_id)
6445 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
6446 wpabuf_put_le16(buf, capab);
6447
6448 /* PMKID Count */
6449 wpabuf_put_le16(buf, 1);
6450
6451 /* PMKID List [PMKR1Name] */
6452 wpa_hexdump_key(MSG_DEBUG, "FILS+FT: XXKey (FILS-FT)",
6453 sm->fils_ft, sm->fils_ft_len);
6454 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: SSID", sm->ssid, sm->ssid_len);
6455 wpa_hexdump(MSG_DEBUG, "FILS+FT: MDID",
6456 sm->mobility_domain, MOBILITY_DOMAIN_ID_LEN);
6457 wpa_hexdump_ascii(MSG_DEBUG, "FILS+FT: R0KH-ID",
6458 sm->r0kh_id, sm->r0kh_id_len);
6459 if (wpa_derive_pmk_r0(sm->fils_ft, sm->fils_ft_len, sm->ssid,
6460 sm->ssid_len, sm->mobility_domain,
6461 sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
6462 sm->pmk_r0, sm->pmk_r0_name, sm->key_mgmt) < 0) {
6463 wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMK-R0");
6464 return -1;
6465 }
6466 if (wpa_key_mgmt_sae_ext_key(sm->key_mgmt))
6467 sm->pmk_r0_len = sm->fils_ft_len;
6468 else
6469 sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
6470 wpa_printf(MSG_DEBUG, "FILS+FT: R1KH-ID: " MACSTR,
6471 MAC2STR(sm->r1kh_id));
6472 pos = wpabuf_put(buf, WPA_PMK_NAME_LEN);
6473 if (wpa_derive_pmk_r1_name(sm->pmk_r0_name, sm->r1kh_id, sm->own_addr,
6474 sm->pmk_r1_name, sm->fils_ft_len) < 0) {
6475 wpa_printf(MSG_WARNING, "FILS+FT: Could not derive PMKR1Name");
6476 return -1;
6477 }
6478 os_memcpy(pos, sm->pmk_r1_name, WPA_PMK_NAME_LEN);
6479
6480 os_memcpy(sm->key_mobility_domain, sm->mobility_domain,
6481 MOBILITY_DOMAIN_ID_LEN);
6482
6483 if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) {
6484 /* Management Group Cipher Suite */
6485 pos = wpabuf_put(buf, RSN_SELECTOR_LEN);
6486 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
6487 }
6488
6489 rsnie->len = ((u8 *) wpabuf_put(buf, 0) - (u8 *) rsnie) - 2;
6490 return 0;
6491 }
6492 #endif /* CONFIG_IEEE80211R */
6493
6494
fils_build_assoc_req(struct wpa_sm * sm,const u8 ** kek,size_t * kek_len,const u8 ** snonce,const u8 ** anonce,const struct wpabuf ** hlp,unsigned int num_hlp)6495 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
6496 size_t *kek_len, const u8 **snonce,
6497 const u8 **anonce,
6498 const struct wpabuf **hlp,
6499 unsigned int num_hlp)
6500 {
6501 struct wpabuf *buf;
6502 size_t len;
6503 unsigned int i;
6504
6505 len = 1000;
6506 #ifdef CONFIG_IEEE80211R
6507 if (sm->fils_ft_ies)
6508 len += wpabuf_len(sm->fils_ft_ies);
6509 if (wpa_key_mgmt_ft(sm->key_mgmt))
6510 len += 256;
6511 #endif /* CONFIG_IEEE80211R */
6512 for (i = 0; hlp && i < num_hlp; i++)
6513 len += 10 + wpabuf_len(hlp[i]);
6514 buf = wpabuf_alloc(len);
6515 if (!buf)
6516 return NULL;
6517
6518 #ifdef CONFIG_IEEE80211R
6519 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
6520 /* MDE and FTE when using FILS+FT */
6521 wpabuf_put_buf(buf, sm->fils_ft_ies);
6522 /* RSNE with PMKR1Name in PMKID field */
6523 if (fils_ft_build_assoc_req_rsne(sm, buf) < 0) {
6524 wpabuf_free(buf);
6525 return NULL;
6526 }
6527 }
6528 #endif /* CONFIG_IEEE80211R */
6529
6530 /* FILS Session */
6531 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6532 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); /* Length */
6533 /* Element ID Extension */
6534 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
6535 wpabuf_put_data(buf, sm->fils_session, FILS_SESSION_LEN);
6536
6537 /* Everything after FILS Session element gets encrypted in the driver
6538 * with KEK. The buffer returned from here is the plaintext version. */
6539
6540 /* TODO: FILS Public Key */
6541
6542 /* FILS Key Confirm */
6543 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6544 wpabuf_put_u8(buf, 1 + sm->fils_key_auth_len); /* Length */
6545 /* Element ID Extension */
6546 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_KEY_CONFIRM);
6547 wpabuf_put_data(buf, sm->fils_key_auth_sta, sm->fils_key_auth_len);
6548
6549 /* FILS HLP Container */
6550 for (i = 0; hlp && i < num_hlp; i++) {
6551 const u8 *pos = wpabuf_head(hlp[i]);
6552 size_t left = wpabuf_len(hlp[i]);
6553
6554 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
6555 if (left <= 254)
6556 len = 1 + left;
6557 else
6558 len = 255;
6559 wpabuf_put_u8(buf, len); /* Length */
6560 /* Element ID Extension */
6561 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_HLP_CONTAINER);
6562 /* Destination MAC Address, Source MAC Address, HLP Packet.
6563 * HLP Packet is in MSDU format (i.e., included the LLC/SNAP
6564 * header when LPD is used). */
6565 wpabuf_put_data(buf, pos, len - 1);
6566 pos += len - 1;
6567 left -= len - 1;
6568 while (left) {
6569 wpabuf_put_u8(buf, WLAN_EID_FRAGMENT);
6570 len = left > 255 ? 255 : left;
6571 wpabuf_put_u8(buf, len);
6572 wpabuf_put_data(buf, pos, len);
6573 pos += len;
6574 left -= len;
6575 }
6576 }
6577
6578 /* TODO: FILS IP Address Assignment */
6579
6580 #ifdef CONFIG_OCV
6581 if (wpa_sm_ocv_enabled(sm)) {
6582 struct wpa_channel_info ci;
6583 u8 *pos;
6584
6585 if (wpa_sm_channel_info(sm, &ci) != 0) {
6586 wpa_printf(MSG_WARNING,
6587 "FILS: Failed to get channel info for OCI element");
6588 wpabuf_free(buf);
6589 return NULL;
6590 }
6591 #ifdef CONFIG_TESTING_OPTIONS
6592 if (sm->oci_freq_override_fils_assoc) {
6593 wpa_printf(MSG_INFO,
6594 "TEST: Override OCI KDE frequency %d -> %d MHz",
6595 ci.frequency,
6596 sm->oci_freq_override_fils_assoc);
6597 ci.frequency = sm->oci_freq_override_fils_assoc;
6598 }
6599 #endif /* CONFIG_TESTING_OPTIONS */
6600
6601 pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN);
6602 if (ocv_insert_extended_oci(&ci, pos) < 0) {
6603 wpabuf_free(buf);
6604 return NULL;
6605 }
6606 }
6607 #endif /* CONFIG_OCV */
6608
6609 wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf);
6610
6611 *kek = sm->ptk.kek;
6612 *kek_len = sm->ptk.kek_len;
6613 wpa_hexdump_key(MSG_DEBUG, "FILS: KEK for AEAD", *kek, *kek_len);
6614 *snonce = sm->fils_nonce;
6615 wpa_hexdump(MSG_DEBUG, "FILS: SNonce for AEAD AAD",
6616 *snonce, FILS_NONCE_LEN);
6617 *anonce = sm->fils_anonce;
6618 wpa_hexdump(MSG_DEBUG, "FILS: ANonce for AEAD AAD",
6619 *anonce, FILS_NONCE_LEN);
6620
6621 return buf;
6622 }
6623
6624
fils_process_hlp_resp(struct wpa_sm * sm,const u8 * resp,size_t len)6625 static void fils_process_hlp_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
6626 {
6627 const u8 *pos, *end;
6628
6629 wpa_hexdump(MSG_MSGDUMP, "FILS: HLP response", resp, len);
6630 if (len < 2 * ETH_ALEN)
6631 return;
6632 pos = resp + 2 * ETH_ALEN;
6633 end = resp + len;
6634 if (end - pos >= 6 &&
6635 os_memcmp(pos, "\xaa\xaa\x03\x00\x00\x00", 6) == 0)
6636 pos += 6; /* Remove SNAP/LLC header */
6637 wpa_sm_fils_hlp_rx(sm, resp, resp + ETH_ALEN, pos, end - pos);
6638 }
6639
6640
fils_process_hlp_container(struct wpa_sm * sm,const u8 * pos,size_t len)6641 static void fils_process_hlp_container(struct wpa_sm *sm, const u8 *pos,
6642 size_t len)
6643 {
6644 const u8 *end = pos + len;
6645 u8 *tmp, *tmp_pos;
6646
6647 /* Check if there are any FILS HLP Container elements */
6648 while (end - pos >= 2) {
6649 if (2 + pos[1] > end - pos)
6650 return;
6651 if (pos[0] == WLAN_EID_EXTENSION &&
6652 pos[1] >= 1 + 2 * ETH_ALEN &&
6653 pos[2] == WLAN_EID_EXT_FILS_HLP_CONTAINER)
6654 break;
6655 pos += 2 + pos[1];
6656 }
6657 if (end - pos < 2)
6658 return; /* No FILS HLP Container elements */
6659
6660 tmp = os_malloc(end - pos);
6661 if (!tmp)
6662 return;
6663
6664 while (end - pos >= 2) {
6665 if (2 + pos[1] > end - pos ||
6666 pos[0] != WLAN_EID_EXTENSION ||
6667 pos[1] < 1 + 2 * ETH_ALEN ||
6668 pos[2] != WLAN_EID_EXT_FILS_HLP_CONTAINER)
6669 break;
6670 tmp_pos = tmp;
6671 os_memcpy(tmp_pos, pos + 3, pos[1] - 1);
6672 tmp_pos += pos[1] - 1;
6673 pos += 2 + pos[1];
6674
6675 /* Add possible fragments */
6676 while (end - pos >= 2 && pos[0] == WLAN_EID_FRAGMENT &&
6677 2 + pos[1] <= end - pos) {
6678 os_memcpy(tmp_pos, pos + 2, pos[1]);
6679 tmp_pos += pos[1];
6680 pos += 2 + pos[1];
6681 }
6682
6683 fils_process_hlp_resp(sm, tmp, tmp_pos - tmp);
6684 }
6685
6686 os_free(tmp);
6687 }
6688
6689
fils_process_assoc_resp(struct wpa_sm * sm,const u8 * resp,size_t len)6690 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
6691 {
6692 const struct ieee80211_mgmt *mgmt;
6693 const u8 *end, *ie_start;
6694 struct ieee802_11_elems elems;
6695 int keylen, rsclen;
6696 enum wpa_alg alg;
6697 struct wpa_gtk_data gd;
6698 int maxkeylen;
6699 struct wpa_eapol_ie_parse kde;
6700
6701 if (!sm || !sm->ptk_set) {
6702 wpa_printf(MSG_DEBUG, "FILS: No KEK available");
6703 return -1;
6704 }
6705
6706 if (!wpa_key_mgmt_fils(sm->key_mgmt)) {
6707 wpa_printf(MSG_DEBUG, "FILS: Not a FILS AKM");
6708 return -1;
6709 }
6710
6711 if (sm->fils_completed) {
6712 wpa_printf(MSG_DEBUG,
6713 "FILS: Association has already been completed for this FILS authentication - ignore unexpected retransmission");
6714 return -1;
6715 }
6716
6717 wpa_hexdump(MSG_DEBUG, "FILS: (Re)Association Response frame",
6718 resp, len);
6719
6720 mgmt = (const struct ieee80211_mgmt *) resp;
6721 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp))
6722 return -1;
6723
6724 end = resp + len;
6725 /* Same offset for Association Response and Reassociation Response */
6726 ie_start = mgmt->u.assoc_resp.variable;
6727
6728 if (ieee802_11_parse_elems(ie_start, end - ie_start, &elems, 1) ==
6729 ParseFailed) {
6730 wpa_printf(MSG_DEBUG,
6731 "FILS: Failed to parse decrypted elements");
6732 goto fail;
6733 }
6734
6735 if (!elems.fils_session) {
6736 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
6737 return -1;
6738 }
6739 if (os_memcmp(elems.fils_session, sm->fils_session,
6740 FILS_SESSION_LEN) != 0) {
6741 wpa_printf(MSG_DEBUG, "FILS: FILS Session mismatch");
6742 wpa_hexdump(MSG_DEBUG, "FILS: Received FILS Session",
6743 elems.fils_session, FILS_SESSION_LEN);
6744 wpa_hexdump(MSG_DEBUG, "FILS: Expected FILS Session",
6745 sm->fils_session, FILS_SESSION_LEN);
6746 }
6747
6748 if (!elems.rsn_ie) {
6749 wpa_printf(MSG_DEBUG,
6750 "FILS: No RSNE in (Re)Association Response");
6751 /* As an interop workaround, allow this for now since IEEE Std
6752 * 802.11ai-2016 did not include all the needed changes to make
6753 * a FILS AP include RSNE in the frame. This workaround might
6754 * eventually be removed and replaced with rejection (goto fail)
6755 * to follow a strict interpretation of the standard. */
6756 } else if (wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
6757 sm->ap_rsn_ie, sm->ap_rsn_ie_len,
6758 elems.rsn_ie - 2, elems.rsn_ie_len + 2)) {
6759 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
6760 "FILS: RSNE mismatch between Beacon/Probe Response and (Re)Association Response");
6761 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in Beacon/Probe Response",
6762 sm->ap_rsn_ie, sm->ap_rsn_ie_len);
6763 wpa_hexdump(MSG_DEBUG, "FILS: RSNE in (Re)Association Response",
6764 elems.rsn_ie, elems.rsn_ie_len);
6765 goto fail;
6766 }
6767
6768 if ((sm->ap_rsnxe && !elems.rsnxe) ||
6769 (!sm->ap_rsnxe && elems.rsnxe) ||
6770 (sm->ap_rsnxe && elems.rsnxe && sm->ap_rsnxe_len >= 2 &&
6771 (sm->ap_rsnxe_len != 2U + elems.rsnxe_len ||
6772 os_memcmp(sm->ap_rsnxe + 2, elems.rsnxe, sm->ap_rsnxe_len - 2) !=
6773 0))) {
6774 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
6775 "FILS: RSNXE mismatch between Beacon/Probe Response and (Re)Association Response");
6776 wpa_hexdump(MSG_INFO, "FILS: RSNXE in Beacon/Probe Response",
6777 sm->ap_rsnxe, sm->ap_rsnxe_len);
6778 wpa_hexdump(MSG_INFO, "RSNXE in (Re)Association Response",
6779 elems.rsnxe, elems.rsnxe_len);
6780 /* As an interop workaround, allow this for now if we did not
6781 * include the RSNXE in (Re)Association Request frame since
6782 * IEEE Std 802.11-2020 does not say anything about verifying
6783 * the RSNXE in FILS cases and there have been hostapd releases
6784 * that might omit the RSNXE in cases where the STA did not
6785 * include it in the Association Request frame. This workaround
6786 * might eventually be removed. */
6787 if (sm->assoc_rsnxe && sm->assoc_rsnxe_len)
6788 goto fail;
6789 }
6790
6791 /* TODO: FILS Public Key */
6792
6793 if (!elems.fils_key_confirm) {
6794 wpa_printf(MSG_DEBUG, "FILS: No FILS Key Confirm element");
6795 goto fail;
6796 }
6797 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
6798 wpa_printf(MSG_DEBUG,
6799 "FILS: Unexpected Key-Auth length %d (expected %d)",
6800 elems.fils_key_confirm_len,
6801 (int) sm->fils_key_auth_len);
6802 goto fail;
6803 }
6804 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_ap,
6805 sm->fils_key_auth_len) != 0) {
6806 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
6807 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
6808 elems.fils_key_confirm,
6809 elems.fils_key_confirm_len);
6810 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
6811 sm->fils_key_auth_ap, sm->fils_key_auth_len);
6812 goto fail;
6813 }
6814
6815 #ifdef CONFIG_OCV
6816 if (wpa_sm_ocv_enabled(sm)) {
6817 struct wpa_channel_info ci;
6818
6819 if (wpa_sm_channel_info(sm, &ci) != 0) {
6820 wpa_printf(MSG_WARNING,
6821 "Failed to get channel info to validate received OCI in FILS (Re)Association Response frame");
6822 goto fail;
6823 }
6824
6825 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
6826 channel_width_to_int(ci.chanwidth),
6827 ci.seg1_idx) != OCI_SUCCESS) {
6828 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
6829 "addr=" MACSTR " frame=fils-assoc error=%s",
6830 MAC2STR(sm->bssid), ocv_errorstr);
6831 goto fail;
6832 }
6833 }
6834 #endif /* CONFIG_OCV */
6835
6836 #ifdef CONFIG_IEEE80211R
6837 if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
6838 struct wpa_ie_data rsn;
6839
6840 /* Check that PMKR1Name derived by the AP matches */
6841 if (!elems.rsn_ie ||
6842 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
6843 &rsn) < 0 ||
6844 !rsn.pmkid || rsn.num_pmkid != 1 ||
6845 os_memcmp(rsn.pmkid, sm->pmk_r1_name,
6846 WPA_PMK_NAME_LEN) != 0) {
6847 wpa_printf(MSG_DEBUG,
6848 "FILS+FT: No RSNE[PMKR1Name] match in AssocResp");
6849 goto fail;
6850 }
6851 }
6852 #endif /* CONFIG_IEEE80211R */
6853
6854 /* Key Delivery */
6855 if (!elems.key_delivery) {
6856 wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element");
6857 goto fail;
6858 }
6859
6860 /* Parse GTK and set the key to the driver */
6861 os_memset(&gd, 0, sizeof(gd));
6862 if (wpa_supplicant_parse_ies(elems.key_delivery + WPA_KEY_RSC_LEN,
6863 elems.key_delivery_len - WPA_KEY_RSC_LEN,
6864 &kde) < 0) {
6865 wpa_printf(MSG_DEBUG, "FILS: Failed to parse KDEs");
6866 goto fail;
6867 }
6868 if (!kde.gtk) {
6869 wpa_printf(MSG_DEBUG, "FILS: No GTK KDE");
6870 goto fail;
6871 }
6872 maxkeylen = gd.gtk_len = kde.gtk_len - 2;
6873 if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
6874 gd.gtk_len, maxkeylen,
6875 &gd.key_rsc_len, &gd.alg))
6876 goto fail;
6877
6878 wpa_hexdump_key(MSG_DEBUG, "FILS: Received GTK", kde.gtk, kde.gtk_len);
6879 gd.keyidx = kde.gtk[0] & 0x3;
6880 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
6881 !!(kde.gtk[0] & BIT(2)));
6882 if (kde.gtk_len - 2 > sizeof(gd.gtk)) {
6883 wpa_printf(MSG_DEBUG, "FILS: Too long GTK in GTK KDE (len=%lu)",
6884 (unsigned long) kde.gtk_len - 2);
6885 goto fail;
6886 }
6887 os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
6888
6889 wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
6890 if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
6891 wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
6892 goto fail;
6893 }
6894
6895 if (ieee80211w_set_keys(sm, &kde) < 0) {
6896 wpa_printf(MSG_DEBUG, "FILS: Failed to set IGTK");
6897 goto fail;
6898 }
6899
6900 alg = wpa_cipher_to_alg(sm->pairwise_cipher);
6901 keylen = wpa_cipher_key_len(sm->pairwise_cipher);
6902 if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
6903 wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
6904 keylen, (long unsigned int) sm->ptk.tk_len);
6905 goto fail;
6906 }
6907
6908 rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
6909 wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
6910 sm->ptk.tk, keylen);
6911 if (wpa_sm_set_key(sm, -1, alg, wpa_sm_get_auth_addr(sm), 0, 1,
6912 null_rsc, rsclen,
6913 sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE_RX_TX) < 0) {
6914 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
6915 "FILS: Failed to set PTK to the driver (alg=%d keylen=%d auth_addr="
6916 MACSTR ")",
6917 alg, keylen, MAC2STR(wpa_sm_get_auth_addr(sm)));
6918 goto fail;
6919 }
6920
6921 wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher,
6922 sm->dot11RSNAConfigPMKLifetime, &sm->ptk);
6923
6924 /* TODO: TK could be cleared after auth frame exchange now that driver
6925 * takes care of association frame encryption/decryption. */
6926 /* TK is not needed anymore in supplicant */
6927 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
6928 sm->ptk.tk_len = 0;
6929 sm->ptk.installed = 1;
6930 sm->tk_set = true;
6931
6932 /* FILS HLP Container */
6933 fils_process_hlp_container(sm, ie_start, end - ie_start);
6934
6935 /* TODO: FILS IP Address Assignment */
6936
6937 wpa_printf(MSG_DEBUG, "FILS: Auth+Assoc completed successfully");
6938 sm->fils_completed = 1;
6939 forced_memzero(&gd, sizeof(gd));
6940
6941 if (kde.transition_disable)
6942 wpa_sm_transition_disable(sm, kde.transition_disable[0]);
6943
6944 return 0;
6945 fail:
6946 forced_memzero(&gd, sizeof(gd));
6947 return -1;
6948 }
6949
6950
wpa_sm_set_reset_fils_completed(struct wpa_sm * sm,int set)6951 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set)
6952 {
6953 if (sm)
6954 sm->fils_completed = !!set;
6955 }
6956
6957 #endif /* CONFIG_FILS */
6958
6959
wpa_fils_is_completed(struct wpa_sm * sm)6960 int wpa_fils_is_completed(struct wpa_sm *sm)
6961 {
6962 #ifdef CONFIG_FILS
6963 return sm && sm->fils_completed;
6964 #else /* CONFIG_FILS */
6965 return 0;
6966 #endif /* CONFIG_FILS */
6967 }
6968
6969
6970 #ifdef CONFIG_OWE
6971
owe_build_assoc_req(struct wpa_sm * sm,u16 group)6972 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group)
6973 {
6974 struct wpabuf *ie = NULL, *pub = NULL;
6975 size_t prime_len;
6976
6977 if (group == 19)
6978 prime_len = 32;
6979 else if (group == 20)
6980 prime_len = 48;
6981 else if (group == 21)
6982 prime_len = 66;
6983 else
6984 return NULL;
6985
6986 crypto_ecdh_deinit(sm->owe_ecdh);
6987 sm->owe_ecdh = crypto_ecdh_init(group);
6988 if (!sm->owe_ecdh)
6989 goto fail;
6990 sm->owe_group = group;
6991 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
6992 pub = wpabuf_zeropad(pub, prime_len);
6993 if (!pub)
6994 goto fail;
6995
6996 ie = wpabuf_alloc(5 + wpabuf_len(pub));
6997 if (!ie)
6998 goto fail;
6999 wpabuf_put_u8(ie, WLAN_EID_EXTENSION);
7000 wpabuf_put_u8(ie, 1 + 2 + wpabuf_len(pub));
7001 wpabuf_put_u8(ie, WLAN_EID_EXT_OWE_DH_PARAM);
7002 wpabuf_put_le16(ie, group);
7003 wpabuf_put_buf(ie, pub);
7004 wpabuf_free(pub);
7005 wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element",
7006 ie);
7007
7008 return ie;
7009 fail:
7010 wpabuf_free(pub);
7011 crypto_ecdh_deinit(sm->owe_ecdh);
7012 sm->owe_ecdh = NULL;
7013 return NULL;
7014 }
7015
7016
owe_process_assoc_resp(struct wpa_sm * sm,const u8 * bssid,const u8 * resp_ies,size_t resp_ies_len)7017 int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
7018 const u8 *resp_ies, size_t resp_ies_len)
7019 {
7020 struct ieee802_11_elems elems;
7021 u16 group;
7022 struct wpabuf *secret, *pub, *hkey;
7023 int res;
7024 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
7025 const char *info = "OWE Key Generation";
7026 const u8 *addr[2];
7027 size_t len[2];
7028 size_t hash_len, prime_len;
7029 struct wpa_ie_data data;
7030
7031 if (!resp_ies ||
7032 ieee802_11_parse_elems(resp_ies, resp_ies_len, &elems, 1) ==
7033 ParseFailed) {
7034 wpa_printf(MSG_INFO,
7035 "OWE: Could not parse Association Response frame elements");
7036 return -1;
7037 }
7038
7039 if (sm->cur_pmksa && elems.rsn_ie &&
7040 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, 2 + elems.rsn_ie_len,
7041 &data) == 0 &&
7042 data.num_pmkid == 1 && data.pmkid &&
7043 os_memcmp(sm->cur_pmksa->pmkid, data.pmkid, PMKID_LEN) == 0) {
7044 wpa_printf(MSG_DEBUG, "OWE: Use PMKSA caching");
7045 wpa_sm_set_pmk_from_pmksa(sm);
7046 return 0;
7047 }
7048
7049 if (!elems.owe_dh) {
7050 wpa_printf(MSG_INFO,
7051 "OWE: No Diffie-Hellman Parameter element found in Association Response frame");
7052 return -1;
7053 }
7054
7055 group = WPA_GET_LE16(elems.owe_dh);
7056 if (group != sm->owe_group) {
7057 wpa_printf(MSG_INFO,
7058 "OWE: Unexpected Diffie-Hellman group in response: %u",
7059 group);
7060 return -1;
7061 }
7062
7063 if (!sm->owe_ecdh) {
7064 wpa_printf(MSG_INFO, "OWE: No ECDH state available");
7065 return -1;
7066 }
7067
7068 if (group == 19)
7069 prime_len = 32;
7070 else if (group == 20)
7071 prime_len = 48;
7072 else if (group == 21)
7073 prime_len = 66;
7074 else
7075 return -1;
7076
7077 secret = crypto_ecdh_set_peerkey(sm->owe_ecdh, 0,
7078 elems.owe_dh + 2,
7079 elems.owe_dh_len - 2);
7080 secret = wpabuf_zeropad(secret, prime_len);
7081 if (!secret) {
7082 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
7083 return -1;
7084 }
7085 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
7086
7087 /* prk = HKDF-extract(C | A | group, z) */
7088
7089 pub = crypto_ecdh_get_pubkey(sm->owe_ecdh, 0);
7090 if (!pub) {
7091 wpabuf_clear_free(secret);
7092 return -1;
7093 }
7094
7095 /* PMKID = Truncate-128(Hash(C | A)) */
7096 addr[0] = wpabuf_head(pub);
7097 len[0] = wpabuf_len(pub);
7098 addr[1] = elems.owe_dh + 2;
7099 len[1] = elems.owe_dh_len - 2;
7100 if (group == 19) {
7101 res = sha256_vector(2, addr, len, pmkid);
7102 hash_len = SHA256_MAC_LEN;
7103 } else if (group == 20) {
7104 res = sha384_vector(2, addr, len, pmkid);
7105 hash_len = SHA384_MAC_LEN;
7106 } else if (group == 21) {
7107 res = sha512_vector(2, addr, len, pmkid);
7108 hash_len = SHA512_MAC_LEN;
7109 } else {
7110 res = -1;
7111 hash_len = 0;
7112 }
7113 pub = wpabuf_zeropad(pub, prime_len);
7114 if (res < 0 || !pub) {
7115 wpabuf_free(pub);
7116 wpabuf_clear_free(secret);
7117 return -1;
7118 }
7119
7120 hkey = wpabuf_alloc(wpabuf_len(pub) + elems.owe_dh_len - 2 + 2);
7121 if (!hkey) {
7122 wpabuf_free(pub);
7123 wpabuf_clear_free(secret);
7124 return -1;
7125 }
7126
7127 wpabuf_put_buf(hkey, pub); /* C */
7128 wpabuf_free(pub);
7129 wpabuf_put_data(hkey, elems.owe_dh + 2, elems.owe_dh_len - 2); /* A */
7130 wpabuf_put_le16(hkey, sm->owe_group); /* group */
7131 if (group == 19)
7132 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
7133 wpabuf_head(secret), wpabuf_len(secret), prk);
7134 else if (group == 20)
7135 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
7136 wpabuf_head(secret), wpabuf_len(secret), prk);
7137 else if (group == 21)
7138 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
7139 wpabuf_head(secret), wpabuf_len(secret), prk);
7140 wpabuf_clear_free(hkey);
7141 wpabuf_clear_free(secret);
7142 if (res < 0)
7143 return -1;
7144
7145 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
7146
7147 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
7148
7149 if (group == 19)
7150 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
7151 os_strlen(info), sm->pmk, hash_len);
7152 else if (group == 20)
7153 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
7154 os_strlen(info), sm->pmk, hash_len);
7155 else if (group == 21)
7156 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
7157 os_strlen(info), sm->pmk, hash_len);
7158 forced_memzero(prk, SHA512_MAC_LEN);
7159 if (res < 0) {
7160 sm->pmk_len = 0;
7161 return -1;
7162 }
7163 sm->pmk_len = hash_len;
7164
7165 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
7166 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
7167 pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
7168 bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
7169 NULL);
7170
7171 return 0;
7172 }
7173
7174 #endif /* CONFIG_OWE */
7175
7176
wpa_sm_set_fils_cache_id(struct wpa_sm * sm,const u8 * fils_cache_id)7177 void wpa_sm_set_fils_cache_id(struct wpa_sm *sm, const u8 *fils_cache_id)
7178 {
7179 #ifdef CONFIG_FILS
7180 if (sm && fils_cache_id) {
7181 sm->fils_cache_id_set = 1;
7182 os_memcpy(sm->fils_cache_id, fils_cache_id, FILS_CACHE_ID_LEN);
7183 }
7184 #endif /* CONFIG_FILS */
7185 }
7186
7187
7188 #ifdef CONFIG_DPP2
wpa_sm_set_dpp_z(struct wpa_sm * sm,const struct wpabuf * z)7189 void wpa_sm_set_dpp_z(struct wpa_sm *sm, const struct wpabuf *z)
7190 {
7191 if (sm) {
7192 wpabuf_clear_free(sm->dpp_z);
7193 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
7194 }
7195 }
7196 #endif /* CONFIG_DPP2 */
7197
7198
7199 #ifdef CONFIG_PASN
7200
wpa_pasn_sm_set_caps(struct wpa_sm * sm,unsigned int flags2)7201 void wpa_pasn_sm_set_caps(struct wpa_sm *sm, unsigned int flags2)
7202 {
7203 if (flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
7204 sm->secure_ltf = 1;
7205 if (flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
7206 sm->secure_rtt = 1;
7207 if (flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
7208 sm->prot_range_neg = 1;
7209 }
7210
7211 #endif /* CONFIG_PASN */
7212
7213
wpa_sm_pmksa_cache_reconfig(struct wpa_sm * sm)7214 void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm)
7215 {
7216 if (sm)
7217 pmksa_cache_reconfig(sm->pmksa);
7218 }
7219
7220
wpa_sm_uses_spp_amsdu(struct wpa_sm * sm)7221 bool wpa_sm_uses_spp_amsdu(struct wpa_sm *sm)
7222 {
7223 return sm ? sm->spp_amsdu : false;
7224 }
7225
7226
wpa_sm_get_pmksa_cache(struct wpa_sm * sm)7227 struct rsn_pmksa_cache * wpa_sm_get_pmksa_cache(struct wpa_sm *sm)
7228 {
7229 return sm ? sm->pmksa : NULL;
7230 }
7231
7232
wpa_sm_set_cur_pmksa(struct wpa_sm * sm,struct rsn_pmksa_cache_entry * entry)7233 void wpa_sm_set_cur_pmksa(struct wpa_sm *sm,
7234 struct rsn_pmksa_cache_entry *entry)
7235 {
7236 if (sm)
7237 sm->cur_pmksa = entry;
7238 }
7239
7240
wpa_sm_set_driver_bss_selection(struct wpa_sm * sm,bool driver_bss_selection)7241 void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm,
7242 bool driver_bss_selection)
7243 {
7244 if (sm)
7245 sm->driver_bss_selection = driver_bss_selection;
7246 }
7247
7248
wpa_sm_known_sta_identification(struct wpa_sm * sm,const u8 * aa,u64 timestamp)7249 struct wpabuf * wpa_sm_known_sta_identification(struct wpa_sm *sm, const u8 *aa,
7250 u64 timestamp)
7251 {
7252 struct wpabuf *ie;
7253 unsigned int mic_len;
7254 const u8 *start;
7255 u8 *mic;
7256
7257 if (!sm || sm->last_kck_len == 0)
7258 return NULL;
7259
7260 if (!ether_addr_equal(aa, sm->last_kck_aa))
7261 return NULL;
7262
7263 mic_len = wpa_mic_len(sm->last_kck_key_mgmt, sm->last_kck_pmk_len);
7264
7265 ie = wpabuf_alloc(3 + 8 + 1 + mic_len);
7266 if (!ie)
7267 return NULL;
7268
7269 wpabuf_put_u8(ie, WLAN_EID_EXTENSION);
7270 wpabuf_put_u8(ie, 1 + 8 + 1 + mic_len);
7271 wpabuf_put_u8(ie, WLAN_EID_EXT_KNOWN_STA_IDENTIFICATION);
7272 start = wpabuf_put(ie, 0);
7273 wpabuf_put_le64(ie, timestamp);
7274 wpabuf_put_u8(ie, mic_len);
7275 mic = wpabuf_put(ie, mic_len);
7276 if (wpa_eapol_key_mic(sm->last_kck, sm->last_kck_len,
7277 sm->last_kck_key_mgmt, sm->last_kck_eapol_key_ver,
7278 start, 8, mic) < 0) {
7279 wpabuf_free(ie);
7280 return NULL;
7281 }
7282
7283 return ie;
7284 }
7285