Lines Matching refs:sm

42 #define STATE_MACHINE_ADDR sm->addr
45 static int wpa_sm_step(struct wpa_state_machine *sm);
50 static void wpa_request_new_ptk(struct wpa_state_machine *sm);
73 static void wpa_auth_add_sm(struct wpa_state_machine *sm) in wpa_auth_add_sm() argument
75 if (sm) { in wpa_auth_add_sm()
79 if (s_sm_table[i] == sm) { in wpa_auth_add_sm()
84 s_sm_table[i] = sm; in wpa_auth_add_sm()
86 sm->index = i; in wpa_auth_add_sm()
93 static void wpa_auth_del_sm(struct wpa_state_machine *sm) in wpa_auth_del_sm() argument
95 if (sm && (sm->index < WPA_SM_MAX_INDEX)) { in wpa_auth_del_sm()
96 if (sm != s_sm_table[sm->index]) { in wpa_auth_del_sm()
97 wpa_printf( MSG_INFO, "del sm error %d", sm->index); in wpa_auth_del_sm()
99 s_sm_table[sm->index] = NULL; in wpa_auth_del_sm()
100 s_sm_valid_bitmap &= ~BIT(sm->index); in wpa_auth_del_sm()
101 wpa_printf( MSG_DEBUG, "del sm, index=%d bitmap=%x", sm->index, s_sm_valid_bitmap); in wpa_auth_del_sm()
211 int (*cb)(struct wpa_state_machine *sm, void *ctx), in wpa_auth_for_each_sta() argument
225 static int wpa_use_aes_cmac(struct wpa_state_machine *sm) in wpa_use_aes_cmac() argument
229 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) in wpa_use_aes_cmac()
233 if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt)) in wpa_use_aes_cmac()
261 struct wpa_state_machine *sm = timeout_ctx; in wpa_rekey_ptk() local
263 wpa_request_new_ptk(sm); in wpa_rekey_ptk()
264 wpa_sm_step(sm); in wpa_rekey_ptk()
268 static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) in wpa_auth_pmksa_clear_cb() argument
270 if (sm->pmksa == ctx) in wpa_auth_pmksa_clear_cb()
271 sm->pmksa = NULL; in wpa_auth_pmksa_clear_cb()
417 struct wpa_state_machine *sm; in wpa_auth_sta_init() local
419 sm = (struct wpa_state_machine *)os_zalloc(sizeof(struct wpa_state_machine)); in wpa_auth_sta_init()
420 if (sm == NULL) in wpa_auth_sta_init()
422 memcpy(sm->addr, addr, ETH_ALEN); in wpa_auth_sta_init()
424 sm->wpa_auth = wpa_auth; in wpa_auth_sta_init()
425 sm->group = wpa_auth->group; in wpa_auth_sta_init()
426 wpa_auth_add_sm(sm); in wpa_auth_sta_init()
428 return sm; in wpa_auth_sta_init()
432 struct wpa_state_machine *sm) in wpa_auth_sta_associated() argument
434 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) in wpa_auth_sta_associated()
438 if (sm->ft_completed) { in wpa_auth_sta_associated()
439 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, in wpa_auth_sta_associated()
446 if (sm->started) { in wpa_auth_sta_associated()
447 memset(&sm->key_replay, 0, sizeof(sm->key_replay)); in wpa_auth_sta_associated()
448 sm->ReAuthenticationRequest = TRUE; in wpa_auth_sta_associated()
449 return wpa_sm_step(sm); in wpa_auth_sta_associated()
452 sm->started = 1; in wpa_auth_sta_associated()
454 sm->Init = TRUE; in wpa_auth_sta_associated()
455 if (wpa_sm_step(sm) == 1) in wpa_auth_sta_associated()
457 sm->Init = FALSE; in wpa_auth_sta_associated()
458 sm->AuthenticationRequest = TRUE; in wpa_auth_sta_associated()
459 return wpa_sm_step(sm); in wpa_auth_sta_associated()
463 void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm) in wpa_auth_sta_no_wpa() argument
468 if (sm == NULL) in wpa_auth_sta_no_wpa()
471 sm->wpa_key_mgmt = 0; in wpa_auth_sta_no_wpa()
475 static void wpa_free_sta_sm(struct wpa_state_machine *sm) in wpa_free_sta_sm() argument
477 wpa_auth_del_sm(sm); in wpa_free_sta_sm()
478 if (sm->GUpdateStationKeys) { in wpa_free_sta_sm()
479 sm->group->GKeyDoneStations--; in wpa_free_sta_sm()
480 sm->GUpdateStationKeys = FALSE; in wpa_free_sta_sm()
483 os_free(sm->assoc_resp_ftie); in wpa_free_sta_sm()
484 wpabuf_free(sm->ft_pending_req_ies); in wpa_free_sta_sm()
486 wpa_printf( MSG_DEBUG, "wpa_free_sta_sm: free eapol=%p\n", sm->last_rx_eapol_key); in wpa_free_sta_sm()
487 os_free(sm->last_rx_eapol_key); in wpa_free_sta_sm()
488 os_free(sm->wpa_ie); in wpa_free_sta_sm()
489 os_free(sm->rsnxe); in wpa_free_sta_sm()
490 os_free(sm); in wpa_free_sta_sm()
494 void wpa_auth_sta_deinit(struct wpa_state_machine *sm) in wpa_auth_sta_deinit() argument
497 if (sm && esp_wifi_ap_is_sta_sae_reauth_node(sm->addr)) { in wpa_auth_sta_deinit()
498 wpa_printf( MSG_DEBUG, "deinit old sm=%p\n", sm); in wpa_auth_sta_deinit()
501 wpa_printf( MSG_DEBUG, "deinit sm=%p\n", sm); in wpa_auth_sta_deinit()
503 if (sm == NULL) in wpa_auth_sta_deinit()
506 eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); in wpa_auth_sta_deinit()
508 if (sm->in_step_loop) { in wpa_auth_sta_deinit()
512 "machine deinit for " MACSTR, MAC2STR(sm->addr)); in wpa_auth_sta_deinit()
513 sm->pending_deinit = 1; in wpa_auth_sta_deinit()
515 wpa_free_sta_sm(sm); in wpa_auth_sta_deinit()
519 static void wpa_request_new_ptk(struct wpa_state_machine *sm) in wpa_request_new_ptk() argument
521 if (sm == NULL) in wpa_request_new_ptk()
524 sm->PTKRequest = TRUE; in wpa_request_new_ptk()
525 sm->PTK_valid = 0; in wpa_request_new_ptk()
557 struct wpa_state_machine *sm, in ft_check_msg_2_of_4() argument
570 memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN); in ft_check_msg_2_of_4()
572 sm->sup_pmk_r1_name, PMKID_LEN); in ft_check_msg_2_of_4()
588 if (sm->assoc_resp_ftie && in ft_check_msg_2_of_4()
589 (kde->ftie[1] != sm->assoc_resp_ftie[1] || in ft_check_msg_2_of_4()
590 memcmp(kde->ftie, sm->assoc_resp_ftie, in ft_check_msg_2_of_4()
591 2 + sm->assoc_resp_ftie[1]) != 0)) { in ft_check_msg_2_of_4()
596 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]); in ft_check_msg_2_of_4()
605 struct wpa_state_machine *sm, int group) in wpa_receive_error_report() argument
608 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) { in wpa_receive_error_report()
610 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0) in wpa_receive_error_report()
618 wpa_request_new_ptk(sm); in wpa_receive_error_report()
622 void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, u8 *data, size_t… in wpa_receive() argument
633 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) in wpa_receive()
645 MAC2STR(sm->addr), key_info, key->type, key_data_length); in wpa_receive()
655 if (sm->wpa == WPA_VERSION_WPA2) { in wpa_receive()
704 if (sm->pairwise == WPA_CIPHER_CCMP || in wpa_receive()
705 sm->pairwise == WPA_CIPHER_GCMP) { in wpa_receive()
706 if (wpa_use_aes_cmac(sm) && in wpa_receive()
707 !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) && in wpa_receive()
708 !wpa_use_akm_defined(sm->wpa_key_mgmt) && in wpa_receive()
713 if (!wpa_use_aes_cmac(sm) && in wpa_receive()
714 !wpa_use_akm_defined(sm->wpa_key_mgmt) && in wpa_receive()
719 if (wpa_use_akm_defined(sm->wpa_key_mgmt) && in wpa_receive()
726 if (sm->req_replay_counter_used && in wpa_receive()
727 os_memcmp(key->replay_counter, sm->req_replay_counter, in wpa_receive()
734 !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) { in wpa_receive()
738 wpa_replay_counter_valid(sm->prev_key_replay, in wpa_receive()
740 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING && in wpa_receive()
741 memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) in wpa_receive()
750 sm->update_snonce = 1; in wpa_receive()
751 wpa_replay_counter_mark_invalid(sm->prev_key_replay, in wpa_receive()
757 wpa_replay_counter_valid(sm->prev_key_replay, in wpa_receive()
759 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) { in wpa_receive()
763 if (!sm->key_replay[i].valid) in wpa_receive()
766 sm->key_replay[i].counter, in wpa_receive()
777 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && in wpa_receive()
778 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING && in wpa_receive()
779 (!sm->update_snonce || in wpa_receive()
780 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) { in wpa_receive()
784 if (sm->group->reject_4way_hs_for_entropy) { in wpa_receive()
798 wpa_sta_disconnect(wpa_auth, sm->addr, in wpa_receive()
813 ft = sm->wpa == WPA_VERSION_WPA2 && in wpa_receive()
814 wpa_key_mgmt_ft(sm->wpa_key_mgmt); in wpa_receive()
815 if (sm->wpa_ie == NULL || in wpa_receive()
817 sm->wpa_ie, sm->wpa_ie_len, in wpa_receive()
819 if (sm->wpa_ie) { in wpa_receive()
821 sm->wpa_ie, sm->wpa_ie_len); in wpa_receive()
826 wpa_sta_disconnect(wpa_auth, sm->addr, in wpa_receive()
831 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { in wpa_receive()
832 wpa_sta_disconnect(wpa_auth, sm->addr, in wpa_receive()
839 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || in wpa_receive()
840 !sm->PTK_valid) { in wpa_receive()
845 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING in wpa_receive()
846 || !sm->PTK_valid) { in wpa_receive()
863 sm->MICVerified = FALSE; in wpa_receive()
864 if (sm->PTK_valid && !sm->update_snonce) { in wpa_receive()
865 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data, in wpa_receive()
871 sm->MICVerified = TRUE; in wpa_receive()
872 eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); in wpa_receive()
873 sm->pending_1_of_4_timeout = 0; in wpa_receive()
877 if (sm->MICVerified) { in wpa_receive()
878 sm->req_replay_counter_used = 1; in wpa_receive()
879 memcpy(sm->req_replay_counter, key->replay_counter, in wpa_receive()
894 wpa_auth, sm, in wpa_receive()
898 wpa_request_new_ptk(sm); in wpa_receive()
909 wpa_replay_counter_mark_invalid(sm->key_replay, in wpa_receive()
920 memcpy(sm->prev_key_replay, sm->key_replay, in wpa_receive()
921 sizeof(sm->key_replay)); in wpa_receive()
923 memset(sm->prev_key_replay, 0, in wpa_receive()
924 sizeof(sm->prev_key_replay)); in wpa_receive()
931 wpa_replay_counter_mark_invalid(sm->key_replay, NULL); in wpa_receive()
934 wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p", sm->last_rx_eapol_key); in wpa_receive()
935 os_free(sm->last_rx_eapol_key); in wpa_receive()
936 sm->last_rx_eapol_key = (u8 *)os_malloc(data_len); in wpa_receive()
937 if (sm->last_rx_eapol_key == NULL) in wpa_receive()
939 wpa_printf( MSG_DEBUG, "wpa_rx: new eapol=%p", sm->last_rx_eapol_key); in wpa_receive()
940 memcpy(sm->last_rx_eapol_key, data, data_len); in wpa_receive()
941 sm->last_rx_eapol_key_len = data_len; in wpa_receive()
943 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE); in wpa_receive()
944 sm->EAPOLKeyReceived = TRUE; in wpa_receive()
945 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); in wpa_receive()
946 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); in wpa_receive()
947 memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); in wpa_receive()
948 wpa_sm_step(sm); in wpa_receive()
967 void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid) in wpa_auth_add_sae_pmkid() argument
969 os_memcpy(sm->pmkid, pmkid, PMKID_LEN); in wpa_auth_add_sae_pmkid()
970 sm->pmkid_set = 1; in wpa_auth_add_sae_pmkid()
1007 struct wpa_state_machine *sm, int key_info, in __wpa_send_eapol() argument
1022 wpa_auth,sm, key_rsc, kde, nonce, kde_len, keyidx, encr, force_version); in __wpa_send_eapol()
1027 else if (wpa_use_akm_defined(sm->wpa_key_mgmt)) in __wpa_send_eapol()
1029 else if (wpa_use_aes_cmac(sm)) in __wpa_send_eapol()
1031 else if (sm->pairwise != WPA_CIPHER_TKIP) in __wpa_send_eapol()
1051 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) || in __wpa_send_eapol()
1069 key->type = sm->wpa == WPA_VERSION_WPA2 ? in __wpa_send_eapol()
1072 if (encr && sm->wpa == WPA_VERSION_WPA2) in __wpa_send_eapol()
1074 if (sm->wpa != WPA_VERSION_WPA2) in __wpa_send_eapol()
1078 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; in __wpa_send_eapol()
1079 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise) in __wpa_send_eapol()
1085 sm->key_replay[i].valid = sm->key_replay[i - 1].valid; in __wpa_send_eapol()
1086 memcpy(sm->key_replay[i].counter, in __wpa_send_eapol()
1087 sm->key_replay[i - 1].counter, in __wpa_send_eapol()
1090 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN); in __wpa_send_eapol()
1091 memcpy(key->replay_counter, sm->key_replay[0].counter, in __wpa_send_eapol()
1093 sm->key_replay[0].valid = TRUE; in __wpa_send_eapol()
1120 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) || in __wpa_send_eapol()
1122 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len, (key_data_len - 8) / 8, buf, in __wpa_send_eapol()
1129 } else if (sm->PTK.kek_len == 16) { in __wpa_send_eapol()
1132 sm->group->Counter + WPA_NONCE_LEN - 16, 16); in __wpa_send_eapol()
1133 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); in __wpa_send_eapol()
1135 memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len); in __wpa_send_eapol()
1148 if (!sm->PTK_valid) { in __wpa_send_eapol()
1152 wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len, in __wpa_send_eapol()
1153 sm->wpa_key_mgmt, version, in __wpa_send_eapol()
1157 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1); in __wpa_send_eapol()
1158 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, sm->pairwise_set); in __wpa_send_eapol()
1165 struct wpa_state_machine *sm = wpa_auth_get_sm(index); in hostap_eapol_resend_process() local
1169 if(sm) { in hostap_eapol_resend_process()
1170 sm->pending_1_of_4_timeout = 0; in hostap_eapol_resend_process()
1171 sm->TimeoutEvt = TRUE; in hostap_eapol_resend_process()
1172 sm->in_step_loop = 0; in hostap_eapol_resend_process()
1173 wpa_sm_step(sm); in hostap_eapol_resend_process()
1192 struct wpa_state_machine *sm, int key_info, in wpa_send_eapol() argument
1200 if (sm == NULL) in wpa_send_eapol()
1203 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, in wpa_send_eapol()
1206 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr; in wpa_send_eapol()
1208 sm->pending_1_of_4_timeout = 1; in wpa_send_eapol()
1210 eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); in wpa_send_eapol()
1211 eloop_register_timeout(1, 0, resend_eapol_handle, (void*)(sm->index), NULL); in wpa_send_eapol()
1244 void wpa_remove_ptk(struct wpa_state_machine *sm) in wpa_remove_ptk() argument
1246 sm->PTK_valid = FALSE; in wpa_remove_ptk()
1247 memset(&sm->PTK, 0, sizeof(sm->PTK)); in wpa_remove_ptk()
1248 wpa_auth_set_key(sm->wpa_auth, 0, WIFI_WPA_ALG_NONE, sm->addr, 0, NULL, 0); in wpa_remove_ptk()
1249 sm->pairwise_set = FALSE; in wpa_remove_ptk()
1250 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); in wpa_remove_ptk()
1254 int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) in wpa_auth_sm_event() argument
1258 if (sm == NULL) in wpa_auth_sm_event()
1267 sm->DeauthenticationRequest = TRUE; in wpa_auth_sm_event()
1271 if (!sm->started) { in wpa_auth_sm_event()
1281 sm->started = 1; in wpa_auth_sm_event()
1282 sm->Init = TRUE; in wpa_auth_sm_event()
1283 if (wpa_sm_step(sm) == 1) in wpa_auth_sm_event()
1285 sm->Init = FALSE; in wpa_auth_sm_event()
1286 sm->AuthenticationRequest = TRUE; in wpa_auth_sm_event()
1289 if (sm->GUpdateStationKeys) { in wpa_auth_sm_event()
1294 sm->group->GKeyDoneStations--; in wpa_auth_sm_event()
1295 sm->GUpdateStationKeys = FALSE; in wpa_auth_sm_event()
1296 sm->PtkGroupInit = TRUE; in wpa_auth_sm_event()
1298 sm->ReAuthenticationRequest = TRUE; in wpa_auth_sm_event()
1304 wpa_ft_install_ptk(sm); in wpa_auth_sm_event()
1307 sm->ft_completed = 1; in wpa_auth_sm_event()
1315 sm->ft_completed = 0; in wpa_auth_sm_event()
1319 if (sm->mgmt_frame_prot && event == WPA_AUTH) in wpa_auth_sm_event()
1324 sm->PTK_valid = FALSE; in wpa_auth_sm_event()
1325 memset(&sm->PTK, 0, sizeof(sm->PTK)); in wpa_auth_sm_event()
1328 wpa_remove_ptk(sm); in wpa_auth_sm_event()
1331 return wpa_sm_step(sm); in wpa_auth_sm_event()
1338 if (sm->Init) { in SM_STATE()
1341 sm->changed = FALSE; in SM_STATE()
1344 sm->keycount = 0; in SM_STATE()
1345 if (sm->GUpdateStationKeys) in SM_STATE()
1346 sm->group->GKeyDoneStations--; in SM_STATE()
1347 sm->GUpdateStationKeys = FALSE; in SM_STATE()
1348 if (sm->wpa == WPA_VERSION_WPA) in SM_STATE()
1349 sm->PInitAKeys = FALSE; in SM_STATE()
1352 sm->Pair = TRUE; in SM_STATE()
1354 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); in SM_STATE()
1355 wpa_remove_ptk(sm); in SM_STATE()
1356 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); in SM_STATE()
1357 sm->TimeoutCtr = 0; in SM_STATE()
1358 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { in SM_STATE()
1359 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, in SM_STATE()
1367 u16 reason = sm->disconnect_reason; in SM_STATE()
1370 sm->Disconnect = FALSE; in SM_STATE()
1371 sm->disconnect_reason = 0; in SM_STATE()
1374 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason); in SM_STATE()
1381 sm->DeauthenticationRequest = FALSE; in SM_STATE()
1388 memset(&sm->PTK, 0, sizeof(sm->PTK)); in SM_STATE()
1389 sm->PTK_valid = FALSE; in SM_STATE()
1390 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, in SM_STATE()
1392 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); in SM_STATE()
1393 sm->AuthenticationRequest = FALSE; in SM_STATE()
1430 wpa_group_ensure_init(sm->wpa_auth, sm->group); in SM_STATE()
1441 if (os_get_random(sm->ANonce, WPA_NONCE_LEN)) { in SM_STATE()
1444 sm->Disconnect = true; in SM_STATE()
1447 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, in SM_STATE()
1449 sm->ReAuthenticationRequest = FALSE; in SM_STATE()
1454 sm->TimeoutCtr = 0; in SM_STATE()
1458 static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) in wpa_auth_sm_ptk_update() argument
1460 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { in wpa_auth_sm_ptk_update()
1463 sm->Disconnect = TRUE; in wpa_auth_sm_ptk_update()
1466 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, in wpa_auth_sm_ptk_update()
1468 sm->TimeoutCtr = 0; in wpa_auth_sm_ptk_update()
1480 sm->xxkey_len = 0; in SM_STATE()
1483 if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { in SM_STATE()
1486 memcpy(sm->PMK, msk, PMK_LEN); in SM_STATE()
1489 memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); in SM_STATE()
1490 sm->xxkey_len = PMK_LEN; in SM_STATE()
1497 sm->req_replay_counter_used = 0; in SM_STATE()
1506 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); in SM_STATE()
1514 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL); in SM_STATE()
1516 memcpy(sm->PMK, psk, PMK_LEN); in SM_STATE()
1518 memcpy(sm->xxkey, psk, PMK_LEN); in SM_STATE()
1519 sm->xxkey_len = PMK_LEN; in SM_STATE()
1523 if (wpa_auth_uses_sae(sm) && sm->pmksa) { in SM_STATE()
1525 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len); in SM_STATE()
1526 sm->pmk_len = sm->pmksa->pmk_len; in SM_STATE()
1529 sm->req_replay_counter_used = 0; in SM_STATE()
1539 sm->PTKRequest = FALSE; in SM_STATE()
1540 sm->TimeoutEvt = FALSE; in SM_STATE()
1542 sm->TimeoutCtr++; in SM_STATE()
1543 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { in SM_STATE()
1553 if (sm->wpa == WPA_VERSION_WPA2 && in SM_STATE()
1554 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) || in SM_STATE()
1555 wpa_key_mgmt_sae(sm->wpa_key_mgmt))) { in SM_STATE()
1561 if (sm->pmksa) { in SM_STATE()
1564 sm->pmksa->pmkid, PMKID_LEN); in SM_STATE()
1566 sm->pmksa->pmkid, PMKID_LEN); in SM_STATE()
1568 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { in SM_STATE()
1569 if (sm->pmkid_set) { in SM_STATE()
1572 sm->pmkid, PMKID_LEN); in SM_STATE()
1574 sm->pmkid, PMKID_LEN); in SM_STATE()
1587 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr, in SM_STATE()
1588 sm->addr, &pmkid[2 + RSN_SELECTOR_LEN], in SM_STATE()
1589 sm->wpa_key_mgmt); in SM_STATE()
1595 wpa_send_eapol(sm->wpa_auth, sm, in SM_STATE()
1597 sm->ANonce, pmkid, pmkid_len, 0, 0); in SM_STATE()
1601 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, in wpa_derive_ptk() argument
1605 size_t ptk_len = sm->pairwise != WPA_CIPHER_TKIP ? 48 : 64; in wpa_derive_ptk()
1607 size_t ptk_len = sm->pairwise != WPA_CIPHER_TKIP ? 48 : 64; in wpa_derive_ptk()
1608 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) in wpa_derive_ptk()
1609 return wpa_auth_derive_ptk_ft(sm, pmk, ptk); in wpa_derive_ptk()
1613 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce, in wpa_derive_ptk()
1614 ptk, sm->wpa_key_mgmt, sm->pairwise); in wpa_derive_ptk()
1629 sm->EAPOLKeyReceived = FALSE; in SM_STATE()
1630 sm->update_snonce = FALSE; in SM_STATE()
1636 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && in SM_STATE()
1637 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { in SM_STATE()
1639 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk); in SM_STATE()
1645 pmk = sm->PMK; in SM_STATE()
1648 if (!pmk && sm->pmksa) { in SM_STATE()
1650 pmk = sm->pmksa->pmk; in SM_STATE()
1653 wpa_derive_ptk(sm, sm->SNonce, pmk, &PTK); in SM_STATE()
1655 if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK, in SM_STATE()
1656 sm->last_rx_eapol_key, in SM_STATE()
1657 sm->last_rx_eapol_key_len) == 0) { in SM_STATE()
1662 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) || in SM_STATE()
1663 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { in SM_STATE()
1664 wpa_printf( MSG_DEBUG, "wpa_key_mgmt=%x", sm->wpa_key_mgmt); in SM_STATE()
1674 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key; in SM_STATE()
1677 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) - in SM_STATE()
1688 if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { in SM_STATE()
1693 if (memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name, in SM_STATE()
1697 sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); in SM_STATE()
1699 sm->pmk_r1_name, WPA_PMK_NAME_LEN); in SM_STATE()
1705 if ((!sm->rsnxe && kde.rsnxe) || in SM_STATE()
1706 (sm->rsnxe && !kde.rsnxe) || in SM_STATE()
1707 (sm->rsnxe && kde.rsnxe && in SM_STATE()
1708 (sm->rsnxe_len != kde.rsnxe_len || in SM_STATE()
1709 os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) { in SM_STATE()
1713 sm->rsnxe, sm->rsnxe_len); in SM_STATE()
1716 wpa_sta_disconnect(sm->wpa_auth, sm->addr, in SM_STATE()
1721 sm->pending_1_of_4_timeout = 0; in SM_STATE()
1722 eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); in SM_STATE()
1724 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) { in SM_STATE()
1728 memcpy(sm->PMK, pmk, PMK_LEN); in SM_STATE()
1731 sm->MICVerified = TRUE; in SM_STATE()
1733 memcpy(&sm->PTK, &PTK, sizeof(PTK)); in SM_STATE()
1734 sm->PTK_valid = TRUE; in SM_STATE()
1741 sm->TimeoutCtr = 0; in SM_STATE()
1747 static int ieee80211w_kde_len(struct wpa_state_machine *sm) in ieee80211w_kde_len() argument
1749 if (sm->mgmt_frame_prot) { in ieee80211w_kde_len()
1757 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) in ieee80211w_kde_add() argument
1760 struct wpa_group *gsm = sm->group; in ieee80211w_kde_add()
1762 if (!sm->mgmt_frame_prot) in ieee80211w_kde_add()
1768 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0) in ieee80211w_kde_add()
1771 if (sm->wpa_auth->conf.disable_gtk) { in ieee80211w_kde_add()
1787 static int ieee80211w_kde_len(struct wpa_state_machine *sm) in ieee80211w_kde_len() argument
1793 static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) in ieee80211w_kde_add() argument
1805 struct wpa_group *gsm = sm->group; in SM_STATE()
1810 sm->TimeoutEvt = FALSE; in SM_STATE()
1812 sm->TimeoutCtr++; in SM_STATE()
1813 if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) { in SM_STATE()
1823 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); in SM_STATE()
1825 wpa_ie = sm->wpa_auth->wpa_ie; in SM_STATE()
1826 wpa_ie_len = sm->wpa_auth->wpa_ie_len; in SM_STATE()
1827 if (sm->wpa == WPA_VERSION_WPA && in SM_STATE()
1828 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) && in SM_STATE()
1836 if (sm->wpa == WPA_VERSION_WPA2) { in SM_STATE()
1841 if (sm->wpa_auth->conf.disable_gtk) { in SM_STATE()
1860 if (sm->rx_eapol_key_secure) { in SM_STATE()
1873 kde_len = wpa_ie_len + ieee80211w_kde_len(sm); in SM_STATE()
1877 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { in SM_STATE()
1890 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { in SM_STATE()
1891 int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name); in SM_STATE()
1908 pos = ieee80211w_kde_add(sm, pos); in SM_STATE()
1911 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { in SM_STATE()
1915 conf = &sm->wpa_auth->conf; in SM_STATE()
1944 wpa_send_eapol(sm->wpa_auth, sm, in SM_STATE()
1948 _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); in SM_STATE()
1956 sm->EAPOLKeyReceived = FALSE; in SM_STATE()
1957 if (sm->Pair) { in SM_STATE()
1958 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise); in SM_STATE()
1959 int klen = wpa_cipher_key_len(sm->pairwise); in SM_STATE()
1960 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, in SM_STATE()
1961 sm->PTK.tk, klen)) { in SM_STATE()
1962 wpa_sta_disconnect(sm->wpa_auth, sm->addr, in SM_STATE()
1967 sm->pairwise_set = TRUE; in SM_STATE()
1969 if (sm->wpa_auth->conf.wpa_ptk_rekey) { in SM_STATE()
1970 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); in SM_STATE()
1971 eloop_register_timeout(sm->wpa_auth->conf. in SM_STATE()
1973 sm->wpa_auth, sm); in SM_STATE()
1976 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) { in SM_STATE()
1977 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, in SM_STATE()
1983 sm->keycount++; in SM_STATE()
1984 if (sm->keycount == 2) { in SM_STATE()
1985 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, in SM_STATE()
1989 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, in SM_STATE()
1992 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); in SM_STATE()
1993 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); in SM_STATE()
1994 if (sm->wpa == WPA_VERSION_WPA) in SM_STATE()
1995 sm->PInitAKeys = TRUE; in SM_STATE()
1997 sm->has_GTK = TRUE; in SM_STATE()
2001 esp_wifi_wpa_ptk_init_done_internal(sm->addr); in SM_STATE()
2004 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr); in SM_STATE()
2012 if (sm->Init) in SM_STEP()
2014 else if (sm->Disconnect in SM_STEP()
2018 else if (sm->DeauthenticationRequest) in SM_STEP()
2020 else if (sm->AuthenticationRequest) in SM_STEP()
2022 else if (sm->ReAuthenticationRequest) in SM_STEP()
2024 else if (sm->PTKRequest) { in SM_STEP()
2025 if (wpa_auth_sm_ptk_update(sm) < 0) in SM_STEP()
2029 } else switch (sm->wpa_ptk_state) { in SM_STEP()
2042 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && in SM_STEP()
2043 wpa_auth_get_eapol(sm->wpa_auth, sm->addr, in SM_STEP()
2046 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) in SM_STEP()
2051 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, in SM_STEP()
2059 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL)) { in SM_STEP()
2062 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) { in SM_STEP()
2070 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && in SM_STEP()
2071 sm->EAPOLKeyPairwise) in SM_STEP()
2073 else if (sm->TimeoutCtr > in SM_STEP()
2075 sm->disconnect_reason = in SM_STEP()
2078 } else if (sm->TimeoutEvt) in SM_STEP()
2082 if (sm->MICVerified) in SM_STEP()
2084 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && in SM_STEP()
2085 sm->EAPOLKeyPairwise) in SM_STEP()
2087 else if (sm->TimeoutEvt) in SM_STEP()
2094 if (sm->update_snonce) in SM_STEP()
2096 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && in SM_STEP()
2097 sm->EAPOLKeyPairwise && sm->MICVerified) in SM_STEP()
2099 else if (sm->TimeoutCtr > in SM_STEP()
2101 sm->disconnect_reason = in SM_STEP()
2104 } else if (sm->TimeoutEvt) in SM_STEP()
2116 if (sm->Init) { in SM_STATE()
2119 sm->changed = FALSE; in SM_STATE()
2121 sm->GTimeoutCtr = 0; in SM_STATE()
2128 struct wpa_group *gsm = sm->group; in SM_STATE()
2135 sm->GTimeoutCtr++; in SM_STATE()
2136 if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) { in SM_STATE()
2142 if (sm->wpa == WPA_VERSION_WPA) in SM_STATE()
2143 sm->PInitAKeys = FALSE; in SM_STATE()
2144 sm->TimeoutEvt = FALSE; in SM_STATE()
2148 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); in SM_STATE()
2151 if (sm->wpa_auth->conf.disable_gtk) { in SM_STATE()
2160 if (sm->wpa == WPA_VERSION_WPA2) { in SM_STATE()
2162 ieee80211w_kde_len(sm); in SM_STATE()
2172 pos = ieee80211w_kde_add(sm, pos); in SM_STATE()
2178 wpa_send_eapol(sm->wpa_auth, sm, in SM_STATE()
2181 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), in SM_STATE()
2183 if (sm->wpa == WPA_VERSION_WPA2) in SM_STATE()
2191 sm->EAPOLKeyReceived = FALSE; in SM_STATE()
2192 if (sm->GUpdateStationKeys) in SM_STATE()
2193 sm->group->GKeyDoneStations--; in SM_STATE()
2194 sm->GUpdateStationKeys = FALSE; in SM_STATE()
2195 sm->GTimeoutCtr = 0; in SM_STATE()
2197 sm->has_GTK = TRUE; in SM_STATE()
2204 if (sm->GUpdateStationKeys) in SM_STATE()
2205 sm->group->GKeyDoneStations--; in SM_STATE()
2206 sm->GUpdateStationKeys = FALSE; in SM_STATE()
2207 sm->Disconnect = TRUE; in SM_STATE()
2208 sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT; in SM_STATE()
2214 if (sm->Init || sm->PtkGroupInit) { in SM_STEP()
2216 sm->PtkGroupInit = FALSE; in SM_STEP()
2217 } else switch (sm->wpa_ptk_group_state) { in SM_STEP()
2219 if (sm->GUpdateStationKeys || in SM_STEP()
2220 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) in SM_STEP()
2224 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && in SM_STEP()
2225 !sm->EAPOLKeyPairwise && sm->MICVerified) in SM_STEP()
2227 else if (sm->GTimeoutCtr > in SM_STEP()
2230 else if (sm->TimeoutEvt) in SM_STEP()
2297 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) in wpa_group_update_sta() argument
2299 if (ctx != NULL && ctx != sm->group) in wpa_group_update_sta()
2302 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) { in wpa_group_update_sta()
2303 sm->GUpdateStationKeys = FALSE; in wpa_group_update_sta()
2306 if (sm->GUpdateStationKeys) { in wpa_group_update_sta()
2315 if (sm->is_wnmsleep) in wpa_group_update_sta()
2318 sm->group->GKeyDoneStations++; in wpa_group_update_sta()
2319 sm->GUpdateStationKeys = TRUE; in wpa_group_update_sta()
2321 wpa_sm_step(sm); in wpa_group_update_sta()
2328 void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm) in wpa_wnmsleep_rekey_gtk() argument
2330 if (sm->is_wnmsleep) in wpa_wnmsleep_rekey_gtk()
2333 wpa_group_update_sta(sm, NULL); in wpa_wnmsleep_rekey_gtk()
2337 void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag) in wpa_set_wnmsleep() argument
2339 sm->is_wnmsleep = !!flag; in wpa_set_wnmsleep()
2343 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos) in wpa_wnmsleep_gtk_subelem() argument
2345 struct wpa_group *gsm = sm->group; in wpa_wnmsleep_gtk_subelem()
2359 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0) in wpa_wnmsleep_gtk_subelem()
2375 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos) in wpa_wnmsleep_igtk_subelem() argument
2377 struct wpa_group *gsm = sm->group; in wpa_wnmsleep_igtk_subelem()
2388 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0) in wpa_wnmsleep_igtk_subelem()
2499 static int wpa_sm_step(struct wpa_state_machine *sm) in wpa_sm_step() argument
2501 if (sm == NULL) in wpa_sm_step()
2504 if (sm->in_step_loop) { in wpa_sm_step()
2512 sm->in_step_loop = 1; in wpa_sm_step()
2514 if (sm->pending_deinit) in wpa_sm_step()
2517 sm->changed = FALSE; in wpa_sm_step()
2518 sm->wpa_auth->group->changed = FALSE; in wpa_sm_step()
2521 if (sm->pending_deinit) in wpa_sm_step()
2524 if (sm->pending_deinit) in wpa_sm_step()
2526 wpa_group_sm_step(sm->wpa_auth, sm->group); in wpa_sm_step()
2527 } while (sm->changed || sm->wpa_auth->group->changed); in wpa_sm_step()
2528 sm->in_step_loop = 0; in wpa_sm_step()
2530 if (sm->pending_deinit) { in wpa_sm_step()
2532 "machine deinit for " MACSTR, MAC2STR(sm->addr)); in wpa_sm_step()
2533 wpa_free_sta_sm(sm); in wpa_sm_step()
2573 int wpa_auth_uses_sae(struct wpa_state_machine *sm) in wpa_auth_uses_sae() argument
2575 if (sm == NULL) in wpa_auth_uses_sae()
2577 return wpa_key_mgmt_sae(sm->wpa_key_mgmt); in wpa_auth_uses_sae()