OSDN Git Service

(root) / android-x86 / external-wpa_supplicant_8.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'goog/ics-aah'
[android-x86/external-wpa_supplicant_8.git] / src / rsn_supp / peerkey.c
1 /*
2  * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
3  * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8
9 #include "includes.h"
10
11 #ifdef CONFIG_PEERKEY
12
13 #include "common.h"
14 #include "eloop.h"
15 #include "crypto/sha1.h"
16 #include "crypto/sha256.h"
17 #include "crypto/random.h"
18 #include "common/ieee802_11_defs.h"
19 #include "wpa.h"
20 #include "wpa_i.h"
21 #include "wpa_ie.h"
22 #include "peerkey.h"
23
24
25 static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
26 {
27         os_memcpy(pos, ie, ie_len);
28         return pos + ie_len;
29 }
30
31
32 static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
33 {
34         *pos++ = WLAN_EID_VENDOR_SPECIFIC;
35         *pos++ = RSN_SELECTOR_LEN + data_len;
36         RSN_SELECTOR_PUT(pos, kde);
37         pos += RSN_SELECTOR_LEN;
38         os_memcpy(pos, data, data_len);
39         pos += data_len;
40         return pos;
41 }
42
43
44 static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
45 {
46 #if 0
47         struct wpa_sm *sm = eloop_ctx;
48         struct wpa_peerkey *peerkey = timeout_ctx;
49 #endif
50         /* TODO: time out SMK and any STK that was generated using this SMK */
51 }
52
53
54 static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
55                                         struct wpa_peerkey *peerkey)
56 {
57         eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
58         os_free(peerkey);
59 }
60
61
62 static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
63                                          const u8 *peer,
64                                          u16 mui, u16 error_type, int ver)
65 {
66         size_t rlen;
67         struct wpa_eapol_key *err;
68         struct rsn_error_kde error;
69         u8 *rbuf, *pos;
70         size_t kde_len;
71         u16 key_info;
72
73         kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
74         if (peer)
75                 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
76
77         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
78                                   NULL, sizeof(*err) + kde_len, &rlen,
79                                   (void *) &err);
80         if (rbuf == NULL)
81                 return -1;
82
83         err->type = EAPOL_KEY_TYPE_RSN;
84         key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
85                 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
86                 WPA_KEY_INFO_REQUEST;
87         WPA_PUT_BE16(err->key_info, key_info);
88         WPA_PUT_BE16(err->key_length, 0);
89         os_memcpy(err->replay_counter, sm->request_counter,
90                   WPA_REPLAY_COUNTER_LEN);
91         inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
92
93         WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
94         pos = (u8 *) (err + 1);
95
96         if (peer) {
97                 /* Peer MAC Address KDE */
98                 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
99         }
100
101         /* Error KDE */
102         error.mui = host_to_be16(mui);
103         error.error_type = host_to_be16(error_type);
104         wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error));
105
106         if (peer) {
107                 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
108                            MACSTR " mui %d error_type %d)",
109                            MAC2STR(peer), mui, error_type);
110         } else {
111                 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
112                            "(mui %d error_type %d)", mui, error_type);
113         }
114
115         wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
116                            rbuf, rlen, err->key_mic);
117
118         return 0;
119 }
120
121
122 static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
123                                       const unsigned char *src_addr,
124                                       const struct wpa_eapol_key *key,
125                                       int ver, struct wpa_peerkey *peerkey)
126 {
127         size_t rlen;
128         struct wpa_eapol_key *reply;
129         u8 *rbuf, *pos;
130         size_t kde_len;
131         u16 key_info;
132
133         /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
134         kde_len = peerkey->rsnie_p_len +
135                 2 + RSN_SELECTOR_LEN + ETH_ALEN +
136                 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
137
138         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
139                                   NULL, sizeof(*reply) + kde_len, &rlen,
140                                   (void *) &reply);
141         if (rbuf == NULL)
142                 return -1;
143
144         reply->type = EAPOL_KEY_TYPE_RSN;
145         key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
146                 WPA_KEY_INFO_SECURE;
147         WPA_PUT_BE16(reply->key_info, key_info);
148         WPA_PUT_BE16(reply->key_length, 0);
149         os_memcpy(reply->replay_counter, key->replay_counter,
150                   WPA_REPLAY_COUNTER_LEN);
151
152         os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
153
154         WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
155         pos = (u8 *) (reply + 1);
156
157         /* Peer RSN IE */
158         pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
159
160         /* Initiator MAC Address KDE */
161         pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
162
163         /* Initiator Nonce */
164         wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
165
166         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
167         wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
168                            rbuf, rlen, reply->key_mic);
169
170         return 0;
171 }
172
173
174 static int wpa_supplicant_process_smk_m2(
175         struct wpa_sm *sm, const unsigned char *src_addr,
176         const struct wpa_eapol_key *key, size_t extra_len, int ver)
177 {
178         struct wpa_peerkey *peerkey;
179         struct wpa_eapol_ie_parse kde;
180         struct wpa_ie_data ie;
181         int cipher;
182         struct rsn_ie_hdr *hdr;
183         u8 *pos;
184
185         wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
186
187         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
188                 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
189                            "the current network");
190                 return -1;
191         }
192
193         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
194             0) {
195                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
196                 return -1;
197         }
198
199         if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
200             kde.mac_addr_len < ETH_ALEN) {
201                 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
202                            "SMK M2");
203                 return -1;
204         }
205
206         wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
207                    MAC2STR(kde.mac_addr));
208
209         if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
210                 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
211                            "M2");
212                 return -1;
213         }
214
215         if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
216                 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
217                 return -1;
218         }
219
220         cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
221         if (cipher & WPA_CIPHER_CCMP) {
222                 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
223                 cipher = WPA_CIPHER_CCMP;
224         } else if (cipher & WPA_CIPHER_TKIP) {
225                 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
226                 cipher = WPA_CIPHER_TKIP;
227         } else {
228                 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
229                 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
230                                               STK_MUI_SMK, STK_ERR_CPHR_NS,
231                                               ver);
232                 return -1;
233         }
234
235         /* TODO: find existing entry and if found, use that instead of adding
236          * a new one; how to handle the case where both ends initiate at the
237          * same time? */
238         peerkey = os_zalloc(sizeof(*peerkey));
239         if (peerkey == NULL)
240                 return -1;
241         os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
242         os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
243         os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
244         peerkey->rsnie_i_len = kde.rsn_ie_len;
245         peerkey->cipher = cipher;
246 #ifdef CONFIG_IEEE80211W
247         if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 |
248                            WPA_KEY_MGMT_PSK_SHA256))
249                 peerkey->use_sha256 = 1;
250 #endif /* CONFIG_IEEE80211W */
251
252         if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
253                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
254                         "WPA: Failed to get random data for PNonce");
255                 wpa_supplicant_peerkey_free(sm, peerkey);
256                 return -1;
257         }
258
259         hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
260         hdr->elem_id = WLAN_EID_RSN;
261         WPA_PUT_LE16(hdr->version, RSN_VERSION);
262         pos = (u8 *) (hdr + 1);
263         /* Group Suite can be anything for SMK RSN IE; receiver will just
264          * ignore it. */
265         RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
266         pos += RSN_SELECTOR_LEN;
267         /* Include only the selected cipher in pairwise cipher suite */
268         WPA_PUT_LE16(pos, 1);
269         pos += 2;
270         if (cipher == WPA_CIPHER_CCMP)
271                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
272         else if (cipher == WPA_CIPHER_TKIP)
273                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
274         pos += RSN_SELECTOR_LEN;
275
276         hdr->len = (pos - peerkey->rsnie_p) - 2;
277         peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
278         wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
279                     peerkey->rsnie_p, peerkey->rsnie_p_len);
280
281         wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
282
283         peerkey->next = sm->peerkey;
284         sm->peerkey = peerkey;
285
286         return 0;
287 }
288
289
290 /**
291  * rsn_smkid - Derive SMK identifier
292  * @smk: Station master key (32 bytes)
293  * @pnonce: Peer Nonce
294  * @mac_p: Peer MAC address
295  * @inonce: Initiator Nonce
296  * @mac_i: Initiator MAC address
297  * @use_sha256: Whether to use SHA256-based KDF
298  *
299  * 8.5.1.4 Station to station (STK) key hierarchy
300  * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
301  */
302 static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
303                       const u8 *inonce, const u8 *mac_i, u8 *smkid,
304                       int use_sha256)
305 {
306         char *title = "SMK Name";
307         const u8 *addr[5];
308         const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
309                                 ETH_ALEN };
310         unsigned char hash[SHA256_MAC_LEN];
311
312         addr[0] = (u8 *) title;
313         addr[1] = pnonce;
314         addr[2] = mac_p;
315         addr[3] = inonce;
316         addr[4] = mac_i;
317
318 #ifdef CONFIG_IEEE80211W
319         if (use_sha256)
320                 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash);
321         else
322 #endif /* CONFIG_IEEE80211W */
323                 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
324         os_memcpy(smkid, hash, PMKID_LEN);
325 }
326
327
328 static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
329                                            struct wpa_peerkey *peerkey)
330 {
331         size_t mlen;
332         struct wpa_eapol_key *msg;
333         u8 *mbuf;
334         size_t kde_len;
335         u16 key_info, ver;
336
337         kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
338
339         mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
340                                   sizeof(*msg) + kde_len, &mlen,
341                                   (void *) &msg);
342         if (mbuf == NULL)
343                 return;
344
345         msg->type = EAPOL_KEY_TYPE_RSN;
346
347         if (peerkey->cipher == WPA_CIPHER_CCMP)
348                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
349         else
350                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
351
352         key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
353         WPA_PUT_BE16(msg->key_info, key_info);
354
355         if (peerkey->cipher == WPA_CIPHER_CCMP)
356                 WPA_PUT_BE16(msg->key_length, 16);
357         else
358                 WPA_PUT_BE16(msg->key_length, 32);
359
360         os_memcpy(msg->replay_counter, peerkey->replay_counter,
361                   WPA_REPLAY_COUNTER_LEN);
362         inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
363
364         WPA_PUT_BE16(msg->key_data_length, kde_len);
365         wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
366                     peerkey->smkid, PMKID_LEN);
367
368         if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
369                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
370                         "RSN: Failed to get random data for INonce (STK)");
371                 os_free(mbuf);
372                 return;
373         }
374         wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
375                     peerkey->inonce, WPA_NONCE_LEN);
376         os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
377
378         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
379                    MAC2STR(peerkey->addr));
380         wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
381                            mbuf, mlen, NULL);
382 }
383
384
385 static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
386                                            struct wpa_peerkey *peerkey)
387 {
388         size_t mlen;
389         struct wpa_eapol_key *msg;
390         u8 *mbuf, *pos;
391         size_t kde_len;
392         u16 key_info, ver;
393         be32 lifetime;
394
395         kde_len = peerkey->rsnie_i_len +
396                 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
397
398         mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
399                                   sizeof(*msg) + kde_len, &mlen,
400                                   (void *) &msg);
401         if (mbuf == NULL)
402                 return;
403
404         msg->type = EAPOL_KEY_TYPE_RSN;
405
406         if (peerkey->cipher == WPA_CIPHER_CCMP)
407                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
408         else
409                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
410
411         key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
412                 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
413         WPA_PUT_BE16(msg->key_info, key_info);
414
415         if (peerkey->cipher == WPA_CIPHER_CCMP)
416                 WPA_PUT_BE16(msg->key_length, 16);
417         else
418                 WPA_PUT_BE16(msg->key_length, 32);
419
420         os_memcpy(msg->replay_counter, peerkey->replay_counter,
421                   WPA_REPLAY_COUNTER_LEN);
422         inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
423
424         WPA_PUT_BE16(msg->key_data_length, kde_len);
425         pos = (u8 *) (msg + 1);
426         pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
427         lifetime = host_to_be32(peerkey->lifetime);
428         wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
429                     (u8 *) &lifetime, sizeof(lifetime));
430
431         os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
432
433         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
434                    MAC2STR(peerkey->addr));
435         wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
436                            ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
437 }
438
439
440 static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey,
441                                          struct wpa_eapol_ie_parse *kde)
442 {
443         wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")",
444                    MAC2STR(kde->mac_addr));
445
446         if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0)
447         {
448                 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
449                            "match with the one used in SMK M3");
450                 return -1;
451         }
452
453         if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
454                 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not "
455                            "match with the one received in SMK M2");
456                 return -1;
457         }
458
459         return 0;
460 }
461
462
463 static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
464                                          const unsigned char *src_addr,
465                                          const struct wpa_eapol_key *key,
466                                          int ver,
467                                          struct wpa_peerkey *peerkey,
468                                          struct wpa_eapol_ie_parse *kde)
469 {
470         int cipher;
471         struct wpa_ie_data ie;
472
473         wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
474                    MAC2STR(kde->mac_addr));
475         if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
476             wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
477                 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
478                 /* TODO: abort negotiation */
479                 return -1;
480         }
481
482         if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
483                 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
484                            "not match with INonce used in SMK M1");
485                 return -1;
486         }
487
488         if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
489         {
490                 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
491                            "match with the one used in SMK M1");
492                 return -1;
493         }
494
495         os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
496         peerkey->rsnie_p_len = kde->rsn_ie_len;
497         os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
498
499         cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
500         if (cipher & WPA_CIPHER_CCMP) {
501                 wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
502                 peerkey->cipher = WPA_CIPHER_CCMP;
503         } else if (cipher & WPA_CIPHER_TKIP) {
504                 wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
505                 peerkey->cipher = WPA_CIPHER_TKIP;
506         } else {
507                 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
508                            "unacceptable cipher", MAC2STR(kde->mac_addr));
509                 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
510                                               STK_MUI_SMK, STK_ERR_CPHR_NS,
511                                               ver);
512                 /* TODO: abort negotiation */
513                 return -1;
514         }
515
516         return 0;
517 }
518
519
520 static int wpa_supplicant_process_smk_m45(
521         struct wpa_sm *sm, const unsigned char *src_addr,
522         const struct wpa_eapol_key *key, size_t extra_len, int ver)
523 {
524         struct wpa_peerkey *peerkey;
525         struct wpa_eapol_ie_parse kde;
526         u32 lifetime;
527         struct os_time now;
528
529         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
530                 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
531                            "the current network");
532                 return -1;
533         }
534
535         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
536             0) {
537                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
538                 return -1;
539         }
540
541         if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
542             kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
543             kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
544             kde.lifetime == NULL || kde.lifetime_len < 4) {
545                 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
546                            "Lifetime KDE in SMK M4/M5");
547                 return -1;
548         }
549
550         for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
551                 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
552                     os_memcmp(peerkey->initiator ? peerkey->inonce :
553                            peerkey->pnonce,
554                            key->key_nonce, WPA_NONCE_LEN) == 0)
555                         break;
556         }
557         if (peerkey == NULL) {
558                 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
559                            "for SMK M4/M5: peer " MACSTR,
560                            MAC2STR(kde.mac_addr));
561                 return -1;
562         }
563
564         if (peerkey->initiator) {
565                 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver,
566                                                   peerkey, &kde) < 0)
567                         return -1;
568         } else {
569                 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0)
570                         return -1;
571         }
572
573         os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
574         peerkey->smk_complete = 1;
575         wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
576         lifetime = WPA_GET_BE32(kde.lifetime);
577         wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
578         if (lifetime > 1000000000)
579                 lifetime = 1000000000; /* avoid overflowing expiration time */
580         peerkey->lifetime = lifetime;
581         os_get_time(&now);
582         peerkey->expiration = now.sec + lifetime;
583         eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
584                                sm, peerkey);
585
586         if (peerkey->initiator) {
587                 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
588                           peerkey->inonce, sm->own_addr, peerkey->smkid,
589                           peerkey->use_sha256);
590                 wpa_supplicant_send_stk_1_of_4(sm, peerkey);
591         } else {
592                 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
593                           peerkey->inonce, peerkey->addr, peerkey->smkid,
594                           peerkey->use_sha256);
595         }
596         wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
597
598         return 0;
599 }
600
601
602 static int wpa_supplicant_process_smk_error(
603         struct wpa_sm *sm, const unsigned char *src_addr,
604         const struct wpa_eapol_key *key, size_t extra_len)
605 {
606         struct wpa_eapol_ie_parse kde;
607         struct rsn_error_kde error;
608         u8 peer[ETH_ALEN];
609         u16 error_type;
610
611         wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
612
613         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
614                 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
615                            "the current network");
616                 return -1;
617         }
618
619         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
620             0) {
621                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
622                 return -1;
623         }
624
625         if (kde.error == NULL || kde.error_len < sizeof(error)) {
626                 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
627                 return -1;
628         }
629
630         if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
631                 os_memcpy(peer, kde.mac_addr, ETH_ALEN);
632         else
633                 os_memset(peer, 0, ETH_ALEN);
634         os_memcpy(&error, kde.error, sizeof(error));
635         error_type = be_to_host16(error.error_type);
636         wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
637                 "RSN: SMK Error KDE received: MUI %d error_type %d peer "
638                 MACSTR,
639                 be_to_host16(error.mui), error_type,
640                 MAC2STR(peer));
641
642         if (kde.mac_addr &&
643             (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
644              error_type == STK_ERR_CPHR_NS)) {
645                 struct wpa_peerkey *peerkey;
646
647                 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
648                         if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
649                             0)
650                                 break;
651                 }
652                 if (peerkey == NULL) {
653                         wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
654                                    "found for SMK Error");
655                         return -1;
656                 }
657                 /* TODO: abort SMK/STK handshake and remove all related keys */
658         }
659
660         return 0;
661 }
662
663
664 static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
665                                               struct wpa_peerkey *peerkey,
666                                               const struct wpa_eapol_key *key,
667                                               u16 ver)
668 {
669         struct wpa_eapol_ie_parse ie;
670         const u8 *kde;
671         size_t len, kde_buf_len;
672         struct wpa_ptk *stk;
673         u8 buf[8], *kde_buf, *pos;
674         be32 lifetime;
675
676         wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
677                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
678
679         os_memset(&ie, 0, sizeof(ie));
680
681         /* RSN: msg 1/4 should contain SMKID for the selected SMK */
682         kde = (const u8 *) (key + 1);
683         len = WPA_GET_BE16(key->key_data_length);
684         wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
685         if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
686                 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
687                 return;
688         }
689         if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
690                 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
691                             ie.pmkid, PMKID_LEN);
692                 return;
693         }
694
695         if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
696                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
697                         "RSN: Failed to get random data for PNonce");
698                 return;
699         }
700         wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
701                     peerkey->pnonce, WPA_NONCE_LEN);
702
703         /* Calculate STK which will be stored as a temporary STK until it has
704          * been verified when processing message 3/4. */
705         stk = &peerkey->tstk;
706         wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
707                        sm->own_addr, peerkey->addr,
708                        peerkey->pnonce, key->key_nonce,
709                        (u8 *) stk, sizeof(*stk),
710                        peerkey->use_sha256);
711         /* Supplicant: swap tx/rx Mic keys */
712         os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
713         os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
714         os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
715         peerkey->tstk_set = 1;
716
717         kde_buf_len = peerkey->rsnie_p_len +
718                 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
719                 2 + RSN_SELECTOR_LEN + PMKID_LEN;
720         kde_buf = os_malloc(kde_buf_len);
721         if (kde_buf == NULL)
722                 return;
723         pos = kde_buf;
724         pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
725         lifetime = host_to_be32(peerkey->lifetime);
726         pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
727                           (u8 *) &lifetime, sizeof(lifetime));
728         wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
729
730         if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
731                                        peerkey->pnonce, kde_buf, kde_buf_len,
732                                        stk)) {
733                 os_free(kde_buf);
734                 return;
735         }
736         os_free(kde_buf);
737
738         os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
739 }
740
741
742 static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
743                                                struct wpa_peerkey *peerkey,
744                                                struct wpa_eapol_ie_parse *kde)
745 {
746         u32 lifetime;
747         struct os_time now;
748
749         if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
750                 return;
751
752         lifetime = WPA_GET_BE32(kde->lifetime);
753
754         if (lifetime >= peerkey->lifetime) {
755                 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
756                            "which is larger than or equal to own value %u "
757                            "seconds - ignored", lifetime, peerkey->lifetime);
758                 return;
759         }
760
761         wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
762                    "(own was %u seconds) - updated",
763                    lifetime, peerkey->lifetime);
764         peerkey->lifetime = lifetime;
765
766         os_get_time(&now);
767         peerkey->expiration = now.sec + lifetime;
768         eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
769         eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
770                                sm, peerkey);
771 }
772
773
774 static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
775                                               struct wpa_peerkey *peerkey,
776                                               const struct wpa_eapol_key *key,
777                                               u16 ver)
778 {
779         struct wpa_eapol_ie_parse kde;
780         const u8 *keydata;
781         size_t len;
782
783         wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
784                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
785
786         os_memset(&kde, 0, sizeof(kde));
787
788         /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
789          * from the peer. It may also include Lifetime KDE. */
790         keydata = (const u8 *) (key + 1);
791         len = WPA_GET_BE16(key->key_data_length);
792         wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
793         if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
794             kde.pmkid == NULL || kde.rsn_ie == NULL) {
795                 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
796                 return;
797         }
798
799         if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
800                 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
801                             kde.pmkid, PMKID_LEN);
802                 return;
803         }
804
805         if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
806             os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
807                 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
808                            "handshakes did not match");
809                 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
810                             peerkey->rsnie_p, peerkey->rsnie_p_len);
811                 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
812                             kde.rsn_ie, kde.rsn_ie_len);
813                 return;
814         }
815
816         wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
817
818         wpa_supplicant_send_stk_3_of_4(sm, peerkey);
819         os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
820 }
821
822
823 static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
824                                               struct wpa_peerkey *peerkey,
825                                               const struct wpa_eapol_key *key,
826                                               u16 ver)
827 {
828         struct wpa_eapol_ie_parse kde;
829         const u8 *keydata;
830         size_t len, key_len;
831         const u8 *_key;
832         u8 key_buf[32], rsc[6];
833
834         wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
835                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
836
837         os_memset(&kde, 0, sizeof(kde));
838
839         /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
840          * Lifetime KDE. */
841         keydata = (const u8 *) (key + 1);
842         len = WPA_GET_BE16(key->key_data_length);
843         wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
844         if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
845                 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
846                            "STK 3/4");
847                 return;
848         }
849
850         if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
851             os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
852                 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
853                            "handshakes did not match");
854                 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
855                             "handshake",
856                             peerkey->rsnie_i, peerkey->rsnie_i_len);
857                 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
858                             "handshake",
859                             kde.rsn_ie, kde.rsn_ie_len);
860                 return;
861         }
862
863         if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
864                 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
865                            "4-Way Handshake differs from 3 of STK 4-Way "
866                            "Handshake - drop packet (src=" MACSTR ")",
867                            MAC2STR(peerkey->addr));
868                 return;
869         }
870
871         wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
872
873         if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
874                                        WPA_GET_BE16(key->key_info),
875                                        NULL, 0, &peerkey->stk))
876                 return;
877
878         _key = (u8 *) peerkey->stk.tk1;
879         if (peerkey->cipher == WPA_CIPHER_TKIP) {
880                 /* Swap Tx/Rx keys for Michael MIC */
881                 os_memcpy(key_buf, _key, 16);
882                 os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8);
883                 os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8);
884                 _key = key_buf;
885                 key_len = 32;
886         } else
887                 key_len = 16;
888
889         os_memset(rsc, 0, 6);
890         if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
891                            rsc, sizeof(rsc), _key, key_len) < 0) {
892                 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
893                            "driver.");
894                 return;
895         }
896 }
897
898
899 static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
900                                               struct wpa_peerkey *peerkey,
901                                               const struct wpa_eapol_key *key,
902                                               u16 ver)
903 {
904         u8 rsc[6];
905
906         wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
907                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
908
909         os_memset(rsc, 0, 6);
910         if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
911                            rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
912                            peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
913                 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
914                            "driver.");
915                 return;
916         }
917 }
918
919
920 /**
921  * peerkey_verify_eapol_key_mic - Verify PeerKey MIC
922  * @sm: Pointer to WPA state machine data from wpa_sm_init()
923  * @peerkey: Pointer to the PeerKey data for the peer
924  * @key: Pointer to the EAPOL-Key frame header
925  * @ver: Version bits from EAPOL-Key Key Info
926  * @buf: Pointer to the beginning of EAPOL-Key frame
927  * @len: Length of the EAPOL-Key frame
928  * Returns: 0 on success, -1 on failure
929  */
930 int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
931                                  struct wpa_peerkey *peerkey,
932                                  struct wpa_eapol_key *key, u16 ver,
933                                  const u8 *buf, size_t len)
934 {
935         u8 mic[16];
936         int ok = 0;
937
938         if (peerkey->initiator && !peerkey->stk_set) {
939                 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
940                                sm->own_addr, peerkey->addr,
941                                peerkey->inonce, key->key_nonce,
942                                (u8 *) &peerkey->stk, sizeof(peerkey->stk),
943                                peerkey->use_sha256);
944                 peerkey->stk_set = 1;
945         }
946
947         os_memcpy(mic, key->key_mic, 16);
948         if (peerkey->tstk_set) {
949                 os_memset(key->key_mic, 0, 16);
950                 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
951                                   key->key_mic);
952                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
953                         wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
954                                    "when using TSTK - ignoring TSTK");
955                 } else {
956                         ok = 1;
957                         peerkey->tstk_set = 0;
958                         peerkey->stk_set = 1;
959                         os_memcpy(&peerkey->stk, &peerkey->tstk,
960                                   sizeof(peerkey->stk));
961                 }
962         }
963
964         if (!ok && peerkey->stk_set) {
965                 os_memset(key->key_mic, 0, 16);
966                 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
967                                   key->key_mic);
968                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
969                         wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
970                                    "- dropping packet");
971                         return -1;
972                 }
973                 ok = 1;
974         }
975
976         if (!ok) {
977                 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
978                            "- dropping packet");
979                 return -1;
980         }
981
982         os_memcpy(peerkey->replay_counter, key->replay_counter,
983                   WPA_REPLAY_COUNTER_LEN);
984         peerkey->replay_counter_set = 1;
985         return 0;
986 }
987
988
989 /**
990  * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
991  * @sm: Pointer to WPA state machine data from wpa_sm_init()
992  * @peer: MAC address of the peer STA
993  * Returns: 0 on success, or -1 on failure
994  *
995  * Send an EAPOL-Key Request to the current authenticator to start STK
996  * handshake with the peer.
997  */
998 int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
999 {
1000         size_t rlen, kde_len;
1001         struct wpa_eapol_key *req;
1002         int key_info, ver;
1003         u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
1004         u16 count;
1005         struct rsn_ie_hdr *hdr;
1006         struct wpa_peerkey *peerkey;
1007         struct wpa_ie_data ie;
1008
1009         if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled)
1010                 return -1;
1011
1012         if (sm->ap_rsn_ie &&
1013             wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
1014             !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
1015                 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
1016                 return -1;
1017         }
1018
1019         if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
1020                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1021         else
1022                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1023
1024         if (wpa_sm_get_bssid(sm, bssid) < 0) {
1025                 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
1026                            "SMK M1");
1027                 return -1;
1028         }
1029
1030         /* TODO: find existing entry and if found, use that instead of adding
1031          * a new one */
1032         peerkey = os_zalloc(sizeof(*peerkey));
1033         if (peerkey == NULL)
1034                 return -1;
1035         peerkey->initiator = 1;
1036         os_memcpy(peerkey->addr, peer, ETH_ALEN);
1037 #ifdef CONFIG_IEEE80211W
1038         if (wpa_key_mgmt_sha256(sm->key_mgmt))
1039                 peerkey->use_sha256 = 1;
1040 #endif /* CONFIG_IEEE80211W */
1041
1042         /* SMK M1:
1043          * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1044          *           MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
1045          */
1046
1047         hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
1048         hdr->elem_id = WLAN_EID_RSN;
1049         WPA_PUT_LE16(hdr->version, RSN_VERSION);
1050         pos = (u8 *) (hdr + 1);
1051         /* Group Suite can be anything for SMK RSN IE; receiver will just
1052          * ignore it. */
1053         RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1054         pos += RSN_SELECTOR_LEN;
1055         count_pos = pos;
1056         pos += 2;
1057
1058         count = 0;
1059         if (sm->allowed_pairwise_cipher & WPA_CIPHER_CCMP) {
1060                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1061                 pos += RSN_SELECTOR_LEN;
1062                 count++;
1063         }
1064         if (sm->allowed_pairwise_cipher & WPA_CIPHER_TKIP) {
1065                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
1066                 pos += RSN_SELECTOR_LEN;
1067                 count++;
1068         }
1069         WPA_PUT_LE16(count_pos, count);
1070
1071         hdr->len = (pos - peerkey->rsnie_i) - 2;
1072         peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
1073         wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
1074                     peerkey->rsnie_i, peerkey->rsnie_i_len);
1075
1076         kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1077
1078         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1079                                   sizeof(*req) + kde_len, &rlen,
1080                                   (void *) &req);
1081         if (rbuf == NULL) {
1082                 wpa_supplicant_peerkey_free(sm, peerkey);
1083                 return -1;
1084         }
1085
1086         req->type = EAPOL_KEY_TYPE_RSN;
1087         key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
1088                 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1089         WPA_PUT_BE16(req->key_info, key_info);
1090         WPA_PUT_BE16(req->key_length, 0);
1091         os_memcpy(req->replay_counter, sm->request_counter,
1092                   WPA_REPLAY_COUNTER_LEN);
1093         inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1094
1095         if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
1096                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1097                         "WPA: Failed to get random data for INonce");
1098                 os_free(rbuf);
1099                 wpa_supplicant_peerkey_free(sm, peerkey);
1100                 return -1;
1101         }
1102         os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1103         wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1104                     req->key_nonce, WPA_NONCE_LEN);
1105
1106         WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
1107         pos = (u8 *) (req + 1);
1108
1109         /* Initiator RSN IE */
1110         pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
1111         /* Peer MAC address KDE */
1112         wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1113
1114         wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
1115                    MACSTR ")", MAC2STR(peer));
1116         wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1117                            rbuf, rlen, req->key_mic);
1118
1119         peerkey->next = sm->peerkey;
1120         sm->peerkey = peerkey;
1121
1122         return 0;
1123 }
1124
1125
1126 /**
1127  * peerkey_deinit - Free PeerKey values
1128  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1129  */
1130 void peerkey_deinit(struct wpa_sm *sm)
1131 {
1132         struct wpa_peerkey *prev, *peerkey = sm->peerkey;
1133         while (peerkey) {
1134                 prev = peerkey;
1135                 peerkey = peerkey->next;
1136                 os_free(prev);
1137         }
1138         sm->peerkey = NULL;
1139 }
1140
1141
1142 void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
1143                            struct wpa_eapol_key *key, u16 key_info, u16 ver)
1144 {
1145         if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
1146             (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
1147                 /* 3/4 STK 4-Way Handshake */
1148                 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
1149         } else if (key_info & WPA_KEY_INFO_ACK) {
1150                 /* 1/4 STK 4-Way Handshake */
1151                 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
1152         } else if (key_info & WPA_KEY_INFO_SECURE) {
1153                 /* 4/4 STK 4-Way Handshake */
1154                 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
1155         } else {
1156                 /* 2/4 STK 4-Way Handshake */
1157                 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
1158         }
1159 }
1160
1161
1162 void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
1163                           struct wpa_eapol_key *key, size_t extra_len,
1164                           u16 key_info, u16 ver)
1165 {
1166         if (key_info & WPA_KEY_INFO_ERROR) {
1167                 /* SMK Error */
1168                 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len);
1169         } else if (key_info & WPA_KEY_INFO_ACK) {
1170                 /* SMK M2 */
1171                 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len,
1172                                               ver);
1173         } else {
1174                 /* SMK M4 or M5 */
1175                 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len,
1176                                                ver);
1177         }
1178 }
1179
1180 #endif /* CONFIG_PEERKEY */
external/wpa_supplicant_8
About OSDN
Find Software
Develop Software
Help