OSDN Git Service

(root) / android-x86 / external-wpa_supplicant_8.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Accumulative patch from commit dc013f1e37df3462085cf01a13f0c432f146ad7a
[android-x86/external-wpa_supplicant_8.git] / src / rsn_supp / peerkey.c
1 /*
2  * WPA Supplicant - PeerKey for Direct Link Setup (DLS)
3  * Copyright (c) 2006-2008, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8
9 #include "includes.h"
10
11 #ifdef CONFIG_PEERKEY
12
13 #include "common.h"
14 #include "eloop.h"
15 #include "crypto/sha1.h"
16 #include "crypto/sha256.h"
17 #include "crypto/random.h"
18 #include "common/ieee802_11_defs.h"
19 #include "wpa.h"
20 #include "wpa_i.h"
21 #include "wpa_ie.h"
22 #include "peerkey.h"
23
24
25 static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
26 {
27         os_memcpy(pos, ie, ie_len);
28         return pos + ie_len;
29 }
30
31
32 static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len)
33 {
34         *pos++ = WLAN_EID_VENDOR_SPECIFIC;
35         *pos++ = RSN_SELECTOR_LEN + data_len;
36         RSN_SELECTOR_PUT(pos, kde);
37         pos += RSN_SELECTOR_LEN;
38         os_memcpy(pos, data, data_len);
39         pos += data_len;
40         return pos;
41 }
42
43
44 static void wpa_supplicant_smk_timeout(void *eloop_ctx, void *timeout_ctx)
45 {
46 #if 0
47         struct wpa_sm *sm = eloop_ctx;
48         struct wpa_peerkey *peerkey = timeout_ctx;
49 #endif
50         /* TODO: time out SMK and any STK that was generated using this SMK */
51 }
52
53
54 static void wpa_supplicant_peerkey_free(struct wpa_sm *sm,
55                                         struct wpa_peerkey *peerkey)
56 {
57         eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
58         os_free(peerkey);
59 }
60
61
62 static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
63                                          const u8 *peer,
64                                          u16 mui, u16 error_type, int ver)
65 {
66         size_t rlen;
67         struct wpa_eapol_key *err;
68         struct rsn_error_kde error;
69         u8 *rbuf, *pos;
70         size_t kde_len;
71         u16 key_info;
72
73         kde_len = 2 + RSN_SELECTOR_LEN + sizeof(error);
74         if (peer)
75                 kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN;
76
77         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
78                                   NULL, sizeof(*err) + kde_len, &rlen,
79                                   (void *) &err);
80         if (rbuf == NULL)
81                 return -1;
82
83         err->type = EAPOL_KEY_TYPE_RSN;
84         key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
85                 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ERROR |
86                 WPA_KEY_INFO_REQUEST;
87         WPA_PUT_BE16(err->key_info, key_info);
88         WPA_PUT_BE16(err->key_length, 0);
89         os_memcpy(err->replay_counter, sm->request_counter,
90                   WPA_REPLAY_COUNTER_LEN);
91         inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
92
93         WPA_PUT_BE16(err->key_data_length, (u16) kde_len);
94         pos = (u8 *) (err + 1);
95
96         if (peer) {
97                 /* Peer MAC Address KDE */
98                 pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
99         }
100
101         /* Error KDE */
102         error.mui = host_to_be16(mui);
103         error.error_type = host_to_be16(error_type);
104         wpa_add_kde(pos, RSN_KEY_DATA_ERROR, (u8 *) &error, sizeof(error));
105
106         if (peer) {
107                 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error (peer "
108                            MACSTR " mui %d error_type %d)",
109                            MAC2STR(peer), mui, error_type);
110         } else {
111                 wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK Error "
112                            "(mui %d error_type %d)", mui, error_type);
113         }
114
115         wpa_eapol_key_send(sm, sm->ptk.kck, ver, dst, ETH_P_EAPOL,
116                            rbuf, rlen, err->key_mic);
117
118         return 0;
119 }
120
121
122 static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
123                                       const unsigned char *src_addr,
124                                       const struct wpa_eapol_key *key,
125                                       int ver, struct wpa_peerkey *peerkey)
126 {
127         size_t rlen;
128         struct wpa_eapol_key *reply;
129         u8 *rbuf, *pos;
130         size_t kde_len;
131         u16 key_info;
132
133         /* KDEs: Peer RSN IE, Initiator MAC Address, Initiator Nonce */
134         kde_len = peerkey->rsnie_p_len +
135                 2 + RSN_SELECTOR_LEN + ETH_ALEN +
136                 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN;
137
138         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
139                                   NULL, sizeof(*reply) + kde_len, &rlen,
140                                   (void *) &reply);
141         if (rbuf == NULL)
142                 return -1;
143
144         reply->type = EAPOL_KEY_TYPE_RSN;
145         key_info = ver | WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
146                 WPA_KEY_INFO_SECURE;
147         WPA_PUT_BE16(reply->key_info, key_info);
148         WPA_PUT_BE16(reply->key_length, 0);
149         os_memcpy(reply->replay_counter, key->replay_counter,
150                   WPA_REPLAY_COUNTER_LEN);
151
152         os_memcpy(reply->key_nonce, peerkey->pnonce, WPA_NONCE_LEN);
153
154         WPA_PUT_BE16(reply->key_data_length, (u16) kde_len);
155         pos = (u8 *) (reply + 1);
156
157         /* Peer RSN IE */
158         pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
159
160         /* Initiator MAC Address KDE */
161         pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peerkey->addr, ETH_ALEN);
162
163         /* Initiator Nonce */
164         wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
165
166         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
167         wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
168                            rbuf, rlen, reply->key_mic);
169
170         return 0;
171 }
172
173
174 static int wpa_supplicant_process_smk_m2(
175         struct wpa_sm *sm, const unsigned char *src_addr,
176         const struct wpa_eapol_key *key, size_t extra_len, int ver)
177 {
178         struct wpa_peerkey *peerkey;
179         struct wpa_eapol_ie_parse kde;
180         struct wpa_ie_data ie;
181         int cipher;
182         struct rsn_ie_hdr *hdr;
183         u8 *pos;
184
185         wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
186
187         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
188                 wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
189                            "the current network");
190                 return -1;
191         }
192
193         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
194             0) {
195                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
196                 return -1;
197         }
198
199         if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
200             kde.mac_addr_len < ETH_ALEN) {
201                 wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
202                            "SMK M2");
203                 return -1;
204         }
205
206         wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
207                    MAC2STR(kde.mac_addr));
208
209         if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
210                 wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
211                            "M2");
212                 return -1;
213         }
214
215         if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
216                 wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
217                 return -1;
218         }
219
220         cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
221                                           sm->allowed_pairwise_cipher, 0);
222         if (cipher < 0) {
223                 wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
224                 wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
225                                               STK_MUI_SMK, STK_ERR_CPHR_NS,
226                                               ver);
227                 return -1;
228         }
229         wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
230                    wpa_cipher_txt(cipher));
231
232         /* TODO: find existing entry and if found, use that instead of adding
233          * a new one; how to handle the case where both ends initiate at the
234          * same time? */
235         peerkey = os_zalloc(sizeof(*peerkey));
236         if (peerkey == NULL)
237                 return -1;
238         os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
239         os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
240         os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
241         peerkey->rsnie_i_len = kde.rsn_ie_len;
242         peerkey->cipher = cipher;
243 #ifdef CONFIG_IEEE80211W
244         if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 |
245                            WPA_KEY_MGMT_PSK_SHA256))
246                 peerkey->use_sha256 = 1;
247 #endif /* CONFIG_IEEE80211W */
248
249         if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
250                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
251                         "WPA: Failed to get random data for PNonce");
252                 wpa_supplicant_peerkey_free(sm, peerkey);
253                 return -1;
254         }
255
256         hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
257         hdr->elem_id = WLAN_EID_RSN;
258         WPA_PUT_LE16(hdr->version, RSN_VERSION);
259         pos = (u8 *) (hdr + 1);
260         /* Group Suite can be anything for SMK RSN IE; receiver will just
261          * ignore it. */
262         RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
263         pos += RSN_SELECTOR_LEN;
264         /* Include only the selected cipher in pairwise cipher suite */
265         WPA_PUT_LE16(pos, 1);
266         pos += 2;
267         RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher));
268         pos += RSN_SELECTOR_LEN;
269
270         hdr->len = (pos - peerkey->rsnie_p) - 2;
271         peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
272         wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
273                     peerkey->rsnie_p, peerkey->rsnie_p_len);
274
275         wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
276
277         peerkey->next = sm->peerkey;
278         sm->peerkey = peerkey;
279
280         return 0;
281 }
282
283
284 /**
285  * rsn_smkid - Derive SMK identifier
286  * @smk: Station master key (32 bytes)
287  * @pnonce: Peer Nonce
288  * @mac_p: Peer MAC address
289  * @inonce: Initiator Nonce
290  * @mac_i: Initiator MAC address
291  * @use_sha256: Whether to use SHA256-based KDF
292  *
293  * 8.5.1.4 Station to station (STK) key hierarchy
294  * SMKID = HMAC-SHA1-128(SMK, "SMK Name" || PNonce || MAC_P || INonce || MAC_I)
295  */
296 static void rsn_smkid(const u8 *smk, const u8 *pnonce, const u8 *mac_p,
297                       const u8 *inonce, const u8 *mac_i, u8 *smkid,
298                       int use_sha256)
299 {
300         char *title = "SMK Name";
301         const u8 *addr[5];
302         const size_t len[5] = { 8, WPA_NONCE_LEN, ETH_ALEN, WPA_NONCE_LEN,
303                                 ETH_ALEN };
304         unsigned char hash[SHA256_MAC_LEN];
305
306         addr[0] = (u8 *) title;
307         addr[1] = pnonce;
308         addr[2] = mac_p;
309         addr[3] = inonce;
310         addr[4] = mac_i;
311
312 #ifdef CONFIG_IEEE80211W
313         if (use_sha256)
314                 hmac_sha256_vector(smk, PMK_LEN, 5, addr, len, hash);
315         else
316 #endif /* CONFIG_IEEE80211W */
317                 hmac_sha1_vector(smk, PMK_LEN, 5, addr, len, hash);
318         os_memcpy(smkid, hash, PMKID_LEN);
319 }
320
321
322 static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
323                                            struct wpa_peerkey *peerkey)
324 {
325         size_t mlen;
326         struct wpa_eapol_key *msg;
327         u8 *mbuf;
328         size_t kde_len;
329         u16 key_info, ver;
330
331         kde_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
332
333         mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
334                                   sizeof(*msg) + kde_len, &mlen,
335                                   (void *) &msg);
336         if (mbuf == NULL)
337                 return;
338
339         msg->type = EAPOL_KEY_TYPE_RSN;
340
341         if (peerkey->cipher != WPA_CIPHER_TKIP)
342                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
343         else
344                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
345
346         key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK;
347         WPA_PUT_BE16(msg->key_info, key_info);
348
349         if (peerkey->cipher != WPA_CIPHER_TKIP)
350                 WPA_PUT_BE16(msg->key_length, 16);
351         else
352                 WPA_PUT_BE16(msg->key_length, 32);
353
354         os_memcpy(msg->replay_counter, peerkey->replay_counter,
355                   WPA_REPLAY_COUNTER_LEN);
356         inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
357
358         WPA_PUT_BE16(msg->key_data_length, kde_len);
359         wpa_add_kde((u8 *) (msg + 1), RSN_KEY_DATA_PMKID,
360                     peerkey->smkid, PMKID_LEN);
361
362         if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
363                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
364                         "RSN: Failed to get random data for INonce (STK)");
365                 os_free(mbuf);
366                 return;
367         }
368         wpa_hexdump(MSG_DEBUG, "RSN: INonce for STK 4-Way Handshake",
369                     peerkey->inonce, WPA_NONCE_LEN);
370         os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
371
372         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
373                    MAC2STR(peerkey->addr));
374         wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
375                            mbuf, mlen, NULL);
376 }
377
378
379 static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
380                                            struct wpa_peerkey *peerkey)
381 {
382         size_t mlen;
383         struct wpa_eapol_key *msg;
384         u8 *mbuf, *pos;
385         size_t kde_len;
386         u16 key_info, ver;
387         be32 lifetime;
388
389         kde_len = peerkey->rsnie_i_len +
390                 2 + RSN_SELECTOR_LEN + sizeof(lifetime);
391
392         mbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
393                                   sizeof(*msg) + kde_len, &mlen,
394                                   (void *) &msg);
395         if (mbuf == NULL)
396                 return;
397
398         msg->type = EAPOL_KEY_TYPE_RSN;
399
400         if (peerkey->cipher != WPA_CIPHER_TKIP)
401                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
402         else
403                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
404
405         key_info = ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_ACK |
406                 WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
407         WPA_PUT_BE16(msg->key_info, key_info);
408
409         if (peerkey->cipher != WPA_CIPHER_TKIP)
410                 WPA_PUT_BE16(msg->key_length, 16);
411         else
412                 WPA_PUT_BE16(msg->key_length, 32);
413
414         os_memcpy(msg->replay_counter, peerkey->replay_counter,
415                   WPA_REPLAY_COUNTER_LEN);
416         inc_byte_array(peerkey->replay_counter, WPA_REPLAY_COUNTER_LEN);
417
418         WPA_PUT_BE16(msg->key_data_length, kde_len);
419         pos = (u8 *) (msg + 1);
420         pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
421         lifetime = host_to_be32(peerkey->lifetime);
422         wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
423                     (u8 *) &lifetime, sizeof(lifetime));
424
425         os_memcpy(msg->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
426
427         wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
428                    MAC2STR(peerkey->addr));
429         wpa_eapol_key_send(sm, peerkey->stk.kck, ver, peerkey->addr,
430                            ETH_P_EAPOL, mbuf, mlen, msg->key_mic);
431 }
432
433
434 static int wpa_supplicant_process_smk_m4(struct wpa_peerkey *peerkey,
435                                          struct wpa_eapol_ie_parse *kde)
436 {
437         wpa_printf(MSG_DEBUG, "RSN: Received SMK M4 (Initiator " MACSTR ")",
438                    MAC2STR(kde->mac_addr));
439
440         if (os_memcmp(kde->smk + PMK_LEN, peerkey->pnonce, WPA_NONCE_LEN) != 0)
441         {
442                 wpa_printf(MSG_INFO, "RSN: PNonce in SMK KDE does not "
443                            "match with the one used in SMK M3");
444                 return -1;
445         }
446
447         if (os_memcmp(kde->nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
448                 wpa_printf(MSG_INFO, "RSN: INonce in SMK M4 did not "
449                            "match with the one received in SMK M2");
450                 return -1;
451         }
452
453         return 0;
454 }
455
456
457 static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
458                                          const unsigned char *src_addr,
459                                          const struct wpa_eapol_key *key,
460                                          int ver,
461                                          struct wpa_peerkey *peerkey,
462                                          struct wpa_eapol_ie_parse *kde)
463 {
464         int cipher;
465         struct wpa_ie_data ie;
466
467         wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
468                    MAC2STR(kde->mac_addr));
469         if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
470             wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
471                 wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
472                 /* TODO: abort negotiation */
473                 return -1;
474         }
475
476         if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
477                 wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
478                            "not match with INonce used in SMK M1");
479                 return -1;
480         }
481
482         if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
483         {
484                 wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
485                            "match with the one used in SMK M1");
486                 return -1;
487         }
488
489         os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
490         peerkey->rsnie_p_len = kde->rsn_ie_len;
491         os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
492
493         cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
494                                           sm->allowed_pairwise_cipher, 0);
495         if (cipher < 0) {
496                 wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
497                            "unacceptable cipher", MAC2STR(kde->mac_addr));
498                 wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
499                                               STK_MUI_SMK, STK_ERR_CPHR_NS,
500                                               ver);
501                 /* TODO: abort negotiation */
502                 return -1;
503         }
504         wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
505                    wpa_cipher_txt(cipher));
506         peerkey->cipher = cipher;
507
508         return 0;
509 }
510
511
512 static int wpa_supplicant_process_smk_m45(
513         struct wpa_sm *sm, const unsigned char *src_addr,
514         const struct wpa_eapol_key *key, size_t extra_len, int ver)
515 {
516         struct wpa_peerkey *peerkey;
517         struct wpa_eapol_ie_parse kde;
518         u32 lifetime;
519         struct os_time now;
520
521         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
522                 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
523                            "the current network");
524                 return -1;
525         }
526
527         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
528             0) {
529                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M4/M5");
530                 return -1;
531         }
532
533         if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
534             kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN ||
535             kde.smk == NULL || kde.smk_len < PMK_LEN + WPA_NONCE_LEN ||
536             kde.lifetime == NULL || kde.lifetime_len < 4) {
537                 wpa_printf(MSG_INFO, "RSN: No MAC Address, Nonce, SMK, or "
538                            "Lifetime KDE in SMK M4/M5");
539                 return -1;
540         }
541
542         for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
543                 if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) == 0 &&
544                     os_memcmp(peerkey->initiator ? peerkey->inonce :
545                            peerkey->pnonce,
546                            key->key_nonce, WPA_NONCE_LEN) == 0)
547                         break;
548         }
549         if (peerkey == NULL) {
550                 wpa_printf(MSG_INFO, "RSN: No matching SMK handshake found "
551                            "for SMK M4/M5: peer " MACSTR,
552                            MAC2STR(kde.mac_addr));
553                 return -1;
554         }
555
556         if (peerkey->initiator) {
557                 if (wpa_supplicant_process_smk_m5(sm, src_addr, key, ver,
558                                                   peerkey, &kde) < 0)
559                         return -1;
560         } else {
561                 if (wpa_supplicant_process_smk_m4(peerkey, &kde) < 0)
562                         return -1;
563         }
564
565         os_memcpy(peerkey->smk, kde.smk, PMK_LEN);
566         peerkey->smk_complete = 1;
567         wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", peerkey->smk, PMK_LEN);
568         lifetime = WPA_GET_BE32(kde.lifetime);
569         wpa_printf(MSG_DEBUG, "RSN: SMK lifetime %u seconds", lifetime);
570         if (lifetime > 1000000000)
571                 lifetime = 1000000000; /* avoid overflowing expiration time */
572         peerkey->lifetime = lifetime;
573         os_get_time(&now);
574         peerkey->expiration = now.sec + lifetime;
575         eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
576                                sm, peerkey);
577
578         if (peerkey->initiator) {
579                 rsn_smkid(peerkey->smk, peerkey->pnonce, peerkey->addr,
580                           peerkey->inonce, sm->own_addr, peerkey->smkid,
581                           peerkey->use_sha256);
582                 wpa_supplicant_send_stk_1_of_4(sm, peerkey);
583         } else {
584                 rsn_smkid(peerkey->smk, peerkey->pnonce, sm->own_addr,
585                           peerkey->inonce, peerkey->addr, peerkey->smkid,
586                           peerkey->use_sha256);
587         }
588         wpa_hexdump(MSG_DEBUG, "RSN: SMKID", peerkey->smkid, PMKID_LEN);
589
590         return 0;
591 }
592
593
594 static int wpa_supplicant_process_smk_error(
595         struct wpa_sm *sm, const unsigned char *src_addr,
596         const struct wpa_eapol_key *key, size_t extra_len)
597 {
598         struct wpa_eapol_ie_parse kde;
599         struct rsn_error_kde error;
600         u8 peer[ETH_ALEN];
601         u16 error_type;
602
603         wpa_printf(MSG_DEBUG, "RSN: Received SMK Error");
604
605         if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
606                 wpa_printf(MSG_DEBUG, "RSN: SMK handshake not allowed for "
607                            "the current network");
608                 return -1;
609         }
610
611         if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
612             0) {
613                 wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
614                 return -1;
615         }
616
617         if (kde.error == NULL || kde.error_len < sizeof(error)) {
618                 wpa_printf(MSG_INFO, "RSN: No Error KDE in SMK Error");
619                 return -1;
620         }
621
622         if (kde.mac_addr && kde.mac_addr_len >= ETH_ALEN)
623                 os_memcpy(peer, kde.mac_addr, ETH_ALEN);
624         else
625                 os_memset(peer, 0, ETH_ALEN);
626         os_memcpy(&error, kde.error, sizeof(error));
627         error_type = be_to_host16(error.error_type);
628         wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
629                 "RSN: SMK Error KDE received: MUI %d error_type %d peer "
630                 MACSTR,
631                 be_to_host16(error.mui), error_type,
632                 MAC2STR(peer));
633
634         if (kde.mac_addr &&
635             (error_type == STK_ERR_STA_NR || error_type == STK_ERR_STA_NRSN ||
636              error_type == STK_ERR_CPHR_NS)) {
637                 struct wpa_peerkey *peerkey;
638
639                 for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
640                         if (os_memcmp(peerkey->addr, kde.mac_addr, ETH_ALEN) ==
641                             0)
642                                 break;
643                 }
644                 if (peerkey == NULL) {
645                         wpa_printf(MSG_DEBUG, "RSN: No matching SMK handshake "
646                                    "found for SMK Error");
647                         return -1;
648                 }
649                 /* TODO: abort SMK/STK handshake and remove all related keys */
650         }
651
652         return 0;
653 }
654
655
656 static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
657                                               struct wpa_peerkey *peerkey,
658                                               const struct wpa_eapol_key *key,
659                                               u16 ver)
660 {
661         struct wpa_eapol_ie_parse ie;
662         const u8 *kde;
663         size_t len, kde_buf_len;
664         struct wpa_ptk *stk;
665         u8 buf[8], *kde_buf, *pos;
666         be32 lifetime;
667
668         wpa_printf(MSG_DEBUG, "RSN: RX message 1 of STK 4-Way Handshake from "
669                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
670
671         os_memset(&ie, 0, sizeof(ie));
672
673         /* RSN: msg 1/4 should contain SMKID for the selected SMK */
674         kde = (const u8 *) (key + 1);
675         len = WPA_GET_BE16(key->key_data_length);
676         wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
677         if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
678                 wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
679                 return;
680         }
681         if (os_memcmp(ie.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
682                 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 1/4",
683                             ie.pmkid, PMKID_LEN);
684                 return;
685         }
686
687         if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
688                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
689                         "RSN: Failed to get random data for PNonce");
690                 return;
691         }
692         wpa_hexdump(MSG_DEBUG, "WPA: Renewed PNonce",
693                     peerkey->pnonce, WPA_NONCE_LEN);
694
695         /* Calculate STK which will be stored as a temporary STK until it has
696          * been verified when processing message 3/4. */
697         stk = &peerkey->tstk;
698         wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
699                        sm->own_addr, peerkey->addr,
700                        peerkey->pnonce, key->key_nonce,
701                        (u8 *) stk, sizeof(*stk),
702                        peerkey->use_sha256);
703         /* Supplicant: swap tx/rx Mic keys */
704         os_memcpy(buf, stk->u.auth.tx_mic_key, 8);
705         os_memcpy(stk->u.auth.tx_mic_key, stk->u.auth.rx_mic_key, 8);
706         os_memcpy(stk->u.auth.rx_mic_key, buf, 8);
707         peerkey->tstk_set = 1;
708
709         kde_buf_len = peerkey->rsnie_p_len +
710                 2 + RSN_SELECTOR_LEN + sizeof(lifetime) +
711                 2 + RSN_SELECTOR_LEN + PMKID_LEN;
712         kde_buf = os_malloc(kde_buf_len);
713         if (kde_buf == NULL)
714                 return;
715         pos = kde_buf;
716         pos = wpa_add_ie(pos, peerkey->rsnie_p, peerkey->rsnie_p_len);
717         lifetime = host_to_be32(peerkey->lifetime);
718         pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
719                           (u8 *) &lifetime, sizeof(lifetime));
720         wpa_add_kde(pos, RSN_KEY_DATA_PMKID, peerkey->smkid, PMKID_LEN);
721
722         if (wpa_supplicant_send_2_of_4(sm, peerkey->addr, key, ver,
723                                        peerkey->pnonce, kde_buf, kde_buf_len,
724                                        stk)) {
725                 os_free(kde_buf);
726                 return;
727         }
728         os_free(kde_buf);
729
730         os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
731 }
732
733
734 static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
735                                                struct wpa_peerkey *peerkey,
736                                                struct wpa_eapol_ie_parse *kde)
737 {
738         u32 lifetime;
739         struct os_time now;
740
741         if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime))
742                 return;
743
744         lifetime = WPA_GET_BE32(kde->lifetime);
745
746         if (lifetime >= peerkey->lifetime) {
747                 wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds "
748                            "which is larger than or equal to own value %u "
749                            "seconds - ignored", lifetime, peerkey->lifetime);
750                 return;
751         }
752
753         wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds "
754                    "(own was %u seconds) - updated",
755                    lifetime, peerkey->lifetime);
756         peerkey->lifetime = lifetime;
757
758         os_get_time(&now);
759         peerkey->expiration = now.sec + lifetime;
760         eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey);
761         eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout,
762                                sm, peerkey);
763 }
764
765
766 static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
767                                               struct wpa_peerkey *peerkey,
768                                               const struct wpa_eapol_key *key,
769                                               u16 ver)
770 {
771         struct wpa_eapol_ie_parse kde;
772         const u8 *keydata;
773         size_t len;
774
775         wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
776                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
777
778         os_memset(&kde, 0, sizeof(kde));
779
780         /* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
781          * from the peer. It may also include Lifetime KDE. */
782         keydata = (const u8 *) (key + 1);
783         len = WPA_GET_BE16(key->key_data_length);
784         wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
785         if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
786             kde.pmkid == NULL || kde.rsn_ie == NULL) {
787                 wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
788                 return;
789         }
790
791         if (os_memcmp(kde.pmkid, peerkey->smkid, PMKID_LEN) != 0) {
792                 wpa_hexdump(MSG_DEBUG, "RSN: Unknown SMKID in STK 2/4",
793                             kde.pmkid, PMKID_LEN);
794                 return;
795         }
796
797         if (kde.rsn_ie_len != peerkey->rsnie_p_len ||
798             os_memcmp(kde.rsn_ie, peerkey->rsnie_p, kde.rsn_ie_len) != 0) {
799                 wpa_printf(MSG_INFO, "RSN: Peer RSN IE in SMK and STK "
800                            "handshakes did not match");
801                 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in SMK handshake",
802                             peerkey->rsnie_p, peerkey->rsnie_p_len);
803                 wpa_hexdump(MSG_DEBUG, "RSN: Peer RSN IE in STK handshake",
804                             kde.rsn_ie, kde.rsn_ie_len);
805                 return;
806         }
807
808         wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
809
810         wpa_supplicant_send_stk_3_of_4(sm, peerkey);
811         os_memcpy(peerkey->pnonce, key->key_nonce, WPA_NONCE_LEN);
812 }
813
814
815 static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
816                                               struct wpa_peerkey *peerkey,
817                                               const struct wpa_eapol_key *key,
818                                               u16 ver)
819 {
820         struct wpa_eapol_ie_parse kde;
821         const u8 *keydata;
822         size_t len, key_len;
823         const u8 *_key;
824         u8 key_buf[32], rsc[6];
825
826         wpa_printf(MSG_DEBUG, "RSN: RX message 3 of STK 4-Way Handshake from "
827                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
828
829         os_memset(&kde, 0, sizeof(kde));
830
831         /* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
832          * Lifetime KDE. */
833         keydata = (const u8 *) (key + 1);
834         len = WPA_GET_BE16(key->key_data_length);
835         wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
836         if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
837                 wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
838                            "STK 3/4");
839                 return;
840         }
841
842         if (kde.rsn_ie_len != peerkey->rsnie_i_len ||
843             os_memcmp(kde.rsn_ie, peerkey->rsnie_i, kde.rsn_ie_len) != 0) {
844                 wpa_printf(MSG_INFO, "RSN: Initiator RSN IE in SMK and STK "
845                            "handshakes did not match");
846                 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in SMK "
847                             "handshake",
848                             peerkey->rsnie_i, peerkey->rsnie_i_len);
849                 wpa_hexdump(MSG_DEBUG, "RSN: Initiator RSN IE in STK "
850                             "handshake",
851                             kde.rsn_ie, kde.rsn_ie_len);
852                 return;
853         }
854
855         if (os_memcmp(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
856                 wpa_printf(MSG_WARNING, "RSN: INonce from message 1 of STK "
857                            "4-Way Handshake differs from 3 of STK 4-Way "
858                            "Handshake - drop packet (src=" MACSTR ")",
859                            MAC2STR(peerkey->addr));
860                 return;
861         }
862
863         wpa_supplicant_update_smk_lifetime(sm, peerkey, &kde);
864
865         if (wpa_supplicant_send_4_of_4(sm, peerkey->addr, key, ver,
866                                        WPA_GET_BE16(key->key_info),
867                                        NULL, 0, &peerkey->stk))
868                 return;
869
870         _key = (u8 *) peerkey->stk.tk1;
871         if (peerkey->cipher == WPA_CIPHER_TKIP) {
872                 /* Swap Tx/Rx keys for Michael MIC */
873                 os_memcpy(key_buf, _key, 16);
874                 os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8);
875                 os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8);
876                 _key = key_buf;
877                 key_len = 32;
878         } else
879                 key_len = 16;
880
881         os_memset(rsc, 0, 6);
882         if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
883                            rsc, sizeof(rsc), _key, key_len) < 0) {
884                 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
885                            "driver.");
886                 return;
887         }
888 }
889
890
891 static void wpa_supplicant_process_stk_4_of_4(struct wpa_sm *sm,
892                                               struct wpa_peerkey *peerkey,
893                                               const struct wpa_eapol_key *key,
894                                               u16 ver)
895 {
896         u8 rsc[6];
897
898         wpa_printf(MSG_DEBUG, "RSN: RX message 4 of STK 4-Way Handshake from "
899                    MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
900
901         os_memset(rsc, 0, 6);
902         if (wpa_sm_set_key(sm, peerkey->cipher, peerkey->addr, 0, 1,
903                            rsc, sizeof(rsc), (u8 *) peerkey->stk.tk1,
904                            peerkey->cipher == WPA_CIPHER_TKIP ? 32 : 16) < 0) {
905                 wpa_printf(MSG_WARNING, "RSN: Failed to set STK to the "
906                            "driver.");
907                 return;
908         }
909 }
910
911
912 /**
913  * peerkey_verify_eapol_key_mic - Verify PeerKey MIC
914  * @sm: Pointer to WPA state machine data from wpa_sm_init()
915  * @peerkey: Pointer to the PeerKey data for the peer
916  * @key: Pointer to the EAPOL-Key frame header
917  * @ver: Version bits from EAPOL-Key Key Info
918  * @buf: Pointer to the beginning of EAPOL-Key frame
919  * @len: Length of the EAPOL-Key frame
920  * Returns: 0 on success, -1 on failure
921  */
922 int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
923                                  struct wpa_peerkey *peerkey,
924                                  struct wpa_eapol_key *key, u16 ver,
925                                  const u8 *buf, size_t len)
926 {
927         u8 mic[16];
928         int ok = 0;
929
930         if (peerkey->initiator && !peerkey->stk_set) {
931                 wpa_pmk_to_ptk(peerkey->smk, PMK_LEN, "Peer key expansion",
932                                sm->own_addr, peerkey->addr,
933                                peerkey->inonce, key->key_nonce,
934                                (u8 *) &peerkey->stk, sizeof(peerkey->stk),
935                                peerkey->use_sha256);
936                 peerkey->stk_set = 1;
937         }
938
939         os_memcpy(mic, key->key_mic, 16);
940         if (peerkey->tstk_set) {
941                 os_memset(key->key_mic, 0, 16);
942                 wpa_eapol_key_mic(peerkey->tstk.kck, ver, buf, len,
943                                   key->key_mic);
944                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
945                         wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
946                                    "when using TSTK - ignoring TSTK");
947                 } else {
948                         ok = 1;
949                         peerkey->tstk_set = 0;
950                         peerkey->stk_set = 1;
951                         os_memcpy(&peerkey->stk, &peerkey->tstk,
952                                   sizeof(peerkey->stk));
953                 }
954         }
955
956         if (!ok && peerkey->stk_set) {
957                 os_memset(key->key_mic, 0, 16);
958                 wpa_eapol_key_mic(peerkey->stk.kck, ver, buf, len,
959                                   key->key_mic);
960                 if (os_memcmp(mic, key->key_mic, 16) != 0) {
961                         wpa_printf(MSG_WARNING, "RSN: Invalid EAPOL-Key MIC "
962                                    "- dropping packet");
963                         return -1;
964                 }
965                 ok = 1;
966         }
967
968         if (!ok) {
969                 wpa_printf(MSG_WARNING, "RSN: Could not verify EAPOL-Key MIC "
970                            "- dropping packet");
971                 return -1;
972         }
973
974         os_memcpy(peerkey->replay_counter, key->replay_counter,
975                   WPA_REPLAY_COUNTER_LEN);
976         peerkey->replay_counter_set = 1;
977         return 0;
978 }
979
980
981 /**
982  * wpa_sm_stkstart - Send EAPOL-Key Request for STK handshake (STK M1)
983  * @sm: Pointer to WPA state machine data from wpa_sm_init()
984  * @peer: MAC address of the peer STA
985  * Returns: 0 on success, or -1 on failure
986  *
987  * Send an EAPOL-Key Request to the current authenticator to start STK
988  * handshake with the peer.
989  */
990 int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
991 {
992         size_t rlen, kde_len;
993         struct wpa_eapol_key *req;
994         int key_info, ver;
995         u8 bssid[ETH_ALEN], *rbuf, *pos, *count_pos;
996         u16 count;
997         struct rsn_ie_hdr *hdr;
998         struct wpa_peerkey *peerkey;
999         struct wpa_ie_data ie;
1000
1001         if (sm->proto != WPA_PROTO_RSN || !sm->ptk_set || !sm->peerkey_enabled)
1002                 return -1;
1003
1004         if (sm->ap_rsn_ie &&
1005             wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &ie) == 0 &&
1006             !(ie.capabilities & WPA_CAPABILITY_PEERKEY_ENABLED)) {
1007                 wpa_printf(MSG_DEBUG, "RSN: Current AP does not support STK");
1008                 return -1;
1009         }
1010
1011         if (sm->pairwise_cipher != WPA_CIPHER_TKIP)
1012                 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
1013         else
1014                 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
1015
1016         if (wpa_sm_get_bssid(sm, bssid) < 0) {
1017                 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key "
1018                            "SMK M1");
1019                 return -1;
1020         }
1021
1022         /* TODO: find existing entry and if found, use that instead of adding
1023          * a new one */
1024         peerkey = os_zalloc(sizeof(*peerkey));
1025         if (peerkey == NULL)
1026                 return -1;
1027         peerkey->initiator = 1;
1028         os_memcpy(peerkey->addr, peer, ETH_ALEN);
1029 #ifdef CONFIG_IEEE80211W
1030         if (wpa_key_mgmt_sha256(sm->key_mgmt))
1031                 peerkey->use_sha256 = 1;
1032 #endif /* CONFIG_IEEE80211W */
1033
1034         /* SMK M1:
1035          * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
1036          *           MIC=MIC, DataKDs=(RSNIE_I, MAC_P KDE))
1037          */
1038
1039         hdr = (struct rsn_ie_hdr *) peerkey->rsnie_i;
1040         hdr->elem_id = WLAN_EID_RSN;
1041         WPA_PUT_LE16(hdr->version, RSN_VERSION);
1042         pos = (u8 *) (hdr + 1);
1043         /* Group Suite can be anything for SMK RSN IE; receiver will just
1044          * ignore it. */
1045         RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1046         pos += RSN_SELECTOR_LEN;
1047         count_pos = pos;
1048         pos += 2;
1049
1050         count = rsn_cipher_put_suites(pos, sm->allowed_pairwise_cipher);
1051         pos += count * RSN_SELECTOR_LEN;
1052         WPA_PUT_LE16(count_pos, count);
1053
1054         hdr->len = (pos - peerkey->rsnie_i) - 2;
1055         peerkey->rsnie_i_len = pos - peerkey->rsnie_i;
1056         wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
1057                     peerkey->rsnie_i, peerkey->rsnie_i_len);
1058
1059         kde_len = peerkey->rsnie_i_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
1060
1061         rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
1062                                   sizeof(*req) + kde_len, &rlen,
1063                                   (void *) &req);
1064         if (rbuf == NULL) {
1065                 wpa_supplicant_peerkey_free(sm, peerkey);
1066                 return -1;
1067         }
1068
1069         req->type = EAPOL_KEY_TYPE_RSN;
1070         key_info = WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_MIC |
1071                 WPA_KEY_INFO_SECURE | WPA_KEY_INFO_REQUEST | ver;
1072         WPA_PUT_BE16(req->key_info, key_info);
1073         WPA_PUT_BE16(req->key_length, 0);
1074         os_memcpy(req->replay_counter, sm->request_counter,
1075                   WPA_REPLAY_COUNTER_LEN);
1076         inc_byte_array(sm->request_counter, WPA_REPLAY_COUNTER_LEN);
1077
1078         if (random_get_bytes(peerkey->inonce, WPA_NONCE_LEN)) {
1079                 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1080                         "WPA: Failed to get random data for INonce");
1081                 os_free(rbuf);
1082                 wpa_supplicant_peerkey_free(sm, peerkey);
1083                 return -1;
1084         }
1085         os_memcpy(req->key_nonce, peerkey->inonce, WPA_NONCE_LEN);
1086         wpa_hexdump(MSG_DEBUG, "WPA: INonce for SMK handshake",
1087                     req->key_nonce, WPA_NONCE_LEN);
1088
1089         WPA_PUT_BE16(req->key_data_length, (u16) kde_len);
1090         pos = (u8 *) (req + 1);
1091
1092         /* Initiator RSN IE */
1093         pos = wpa_add_ie(pos, peerkey->rsnie_i, peerkey->rsnie_i_len);
1094         /* Peer MAC address KDE */
1095         wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN);
1096
1097         wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
1098                    MACSTR ")", MAC2STR(peer));
1099         wpa_eapol_key_send(sm, sm->ptk.kck, ver, bssid, ETH_P_EAPOL,
1100                            rbuf, rlen, req->key_mic);
1101
1102         peerkey->next = sm->peerkey;
1103         sm->peerkey = peerkey;
1104
1105         return 0;
1106 }
1107
1108
1109 /**
1110  * peerkey_deinit - Free PeerKey values
1111  * @sm: Pointer to WPA state machine data from wpa_sm_init()
1112  */
1113 void peerkey_deinit(struct wpa_sm *sm)
1114 {
1115         struct wpa_peerkey *prev, *peerkey = sm->peerkey;
1116         while (peerkey) {
1117                 prev = peerkey;
1118                 peerkey = peerkey->next;
1119                 os_free(prev);
1120         }
1121         sm->peerkey = NULL;
1122 }
1123
1124
1125 void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
1126                            struct wpa_eapol_key *key, u16 key_info, u16 ver)
1127 {
1128         if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
1129             (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
1130                 /* 3/4 STK 4-Way Handshake */
1131                 wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
1132         } else if (key_info & WPA_KEY_INFO_ACK) {
1133                 /* 1/4 STK 4-Way Handshake */
1134                 wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
1135         } else if (key_info & WPA_KEY_INFO_SECURE) {
1136                 /* 4/4 STK 4-Way Handshake */
1137                 wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
1138         } else {
1139                 /* 2/4 STK 4-Way Handshake */
1140                 wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
1141         }
1142 }
1143
1144
1145 void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
1146                           struct wpa_eapol_key *key, size_t extra_len,
1147                           u16 key_info, u16 ver)
1148 {
1149         if (key_info & WPA_KEY_INFO_ERROR) {
1150                 /* SMK Error */
1151                 wpa_supplicant_process_smk_error(sm, src_addr, key, extra_len);
1152         } else if (key_info & WPA_KEY_INFO_ACK) {
1153                 /* SMK M2 */
1154                 wpa_supplicant_process_smk_m2(sm, src_addr, key, extra_len,
1155                                               ver);
1156         } else {
1157                 /* SMK M4 or M5 */
1158                 wpa_supplicant_process_smk_m45(sm, src_addr, key, extra_len,
1159                                                ver);
1160         }
1161 }
1162
1163 #endif /* CONFIG_PEERKEY */
external/wpa_supplicant_8
About OSDN
Find Software
Develop Software
Help