Lines Matching +full:external +full:- +full:references
3 * Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
92 if (sm->mld_assoc_link_id >= 0) in wpa_auth_get_aa()
93 return sm->wpa_auth->mld_addr; in wpa_auth_get_aa()
95 return sm->wpa_auth->addr; in wpa_auth_get_aa()
102 if (sm->mld_assoc_link_id >= 0) in wpa_auth_get_spa()
103 return sm->peer_mld_addr; in wpa_auth_get_spa()
105 return sm->addr; in wpa_auth_get_spa()
115 if (!sm->wpa_auth) in wpa_gkeydone_sta()
118 sm->wpa_auth->group->GKeyDoneStations--; in wpa_gkeydone_sta()
119 sm->GUpdateStationKeys = false; in wpa_gkeydone_sta()
123 sm->mld_links[link_id].wpa_auth->group->GKeyDoneStations--; in wpa_gkeydone_sta()
140 wpa_group_put(sm->mld_links[link_id].wpa_auth, in wpa_release_link_auth_ref()
141 sm->mld_links[link_id].wpa_auth->group); in wpa_release_link_auth_ref()
142 sm->mld_links[link_id].wpa_auth = NULL; in wpa_release_link_auth_ref()
159 if (!wpa_auth->is_ml) in wpa_get_link_sta_auth()
162 if (ctx->mld_addr && in wpa_get_link_sta_auth()
163 !ether_addr_equal(wpa_auth->mld_addr, ctx->mld_addr)) in wpa_get_link_sta_auth()
166 if ((ctx->addr && ether_addr_equal(wpa_auth->addr, ctx->addr)) || in wpa_get_link_sta_auth()
167 (ctx->link_id > -1 && wpa_auth->is_ml && in wpa_get_link_sta_auth()
168 wpa_auth->link_id == ctx->link_id)) { in wpa_get_link_sta_auth()
169 ctx->wpa_auth = wpa_auth; in wpa_get_link_sta_auth()
183 ctx.mld_addr = wpa_auth->mld_addr; in wpa_get_link_auth()
196 if (!wpa_auth->is_ml || in wpa_get_primary_auth_cb()
197 !ether_addr_equal(wpa_auth->mld_addr, ctx->addr) || in wpa_get_primary_auth_cb()
198 !wpa_auth->primary_auth) in wpa_get_primary_auth_cb()
201 ctx->wpa_auth = wpa_auth; in wpa_get_primary_auth_cb()
214 if (!wpa_auth || !wpa_auth->is_ml || wpa_auth->primary_auth) in wpa_get_primary_auth()
217 ctx.addr = wpa_auth->mld_addr; in wpa_get_primary_auth()
231 if (wpa_auth->cb->mic_failure_report) in wpa_auth_mic_failure_report()
232 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr); in wpa_auth_mic_failure_report()
240 if (wpa_auth->cb->psk_failure_report) in wpa_auth_psk_failure_report()
241 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr); in wpa_auth_psk_failure_report()
249 if (wpa_auth->cb->set_eapol) in wpa_auth_set_eapol()
250 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value); in wpa_auth_set_eapol()
257 if (!wpa_auth->cb->get_eapol) in wpa_auth_get_eapol()
258 return -1; in wpa_auth_get_eapol()
259 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var); in wpa_auth_get_eapol()
269 if (!wpa_auth->cb->get_psk) in wpa_auth_get_psk()
271 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, in wpa_auth_get_psk()
279 if (!wpa_auth->cb->get_msk) in wpa_auth_get_msk()
280 return -1; in wpa_auth_get_msk()
281 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len); in wpa_auth_get_msk()
291 if (!wpa_auth->cb->set_key) in wpa_auth_set_key()
292 return -1; in wpa_auth_set_key()
293 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx, in wpa_auth_set_key()
304 if (!wpa_auth->cb->set_ltf_keyseed) in wpa_auth_set_ltf_keyseed()
305 return -1; in wpa_auth_set_ltf_keyseed()
306 return wpa_auth->cb->set_ltf_keyseed(wpa_auth->cb_ctx, peer_addr, in wpa_auth_set_ltf_keyseed()
317 if (!wpa_auth->cb->get_seqnum) in wpa_auth_get_seqnum()
318 return -1; in wpa_auth_get_seqnum()
322 res = wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq); in wpa_auth_get_seqnum()
324 if (!addr && idx < 4 && wpa_auth->conf.gtk_rsc_override_set) { in wpa_auth_get_seqnum()
326 "TESTING: Override GTK RSC %016llx --> %016llx", in wpa_auth_get_seqnum()
329 WPA_GET_LE64(wpa_auth->conf.gtk_rsc_override)); in wpa_auth_get_seqnum()
330 os_memcpy(seq, wpa_auth->conf.gtk_rsc_override, in wpa_auth_get_seqnum()
334 wpa_auth->conf.igtk_rsc_override_set) { in wpa_auth_get_seqnum()
336 "TESTING: Override IGTK RSC %016llx --> %016llx", in wpa_auth_get_seqnum()
339 WPA_GET_LE64(wpa_auth->conf.igtk_rsc_override)); in wpa_auth_get_seqnum()
340 os_memcpy(seq, wpa_auth->conf.igtk_rsc_override, in wpa_auth_get_seqnum()
352 if (!wpa_auth->cb->send_eapol) in wpa_auth_send_eapol()
353 return -1; in wpa_auth_send_eapol()
354 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len, in wpa_auth_send_eapol()
363 if (!wpa_auth->cb->start_ampe) in wpa_auth_start_ampe()
364 return -1; in wpa_auth_start_ampe()
365 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr); in wpa_auth_start_ampe()
374 if (!wpa_auth->cb->for_each_sta) in wpa_auth_for_each_sta()
376 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx); in wpa_auth_for_each_sta()
384 if (!wpa_auth->cb->for_each_auth) in wpa_auth_for_each_auth()
386 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx); in wpa_auth_for_each_auth()
394 if (wpa_auth->cb->store_ptksa) in wpa_auth_store_ptksa()
395 wpa_auth->cb->store_ptksa(wpa_auth->cb_ctx, addr, cipher, in wpa_auth_store_ptksa()
403 if (wpa_auth->cb->clear_ptksa) in wpa_auth_remove_ptksa()
404 wpa_auth->cb->clear_ptksa(wpa_auth->cb_ctx, addr, cipher); in wpa_auth_remove_ptksa()
411 if (!wpa_auth->cb->logger) in wpa_auth_logger()
413 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt); in wpa_auth_logger()
424 if (!wpa_auth->cb->logger) in wpa_auth_vlogger()
445 if (!wpa_auth->cb->disconnect) in wpa_sta_disconnect()
449 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason); in wpa_sta_disconnect()
457 if (!wpa_auth->cb->channel_info) in wpa_channel_info()
458 return -1; in wpa_channel_info()
459 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); in wpa_channel_info()
467 if (!wpa_auth->cb->update_vlan) in wpa_auth_update_vlan()
468 return -1; in wpa_auth_update_vlan()
469 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id); in wpa_auth_update_vlan()
477 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { in wpa_rekey_gmk()
483 wpa_auth->group->GMK, WPA_GMK_LEN); in wpa_rekey_gmk()
486 if (wpa_auth->conf.wpa_gmk_rekey) { in wpa_rekey_gmk()
487 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, in wpa_rekey_gmk()
498 group = wpa_auth->group; in wpa_rekey_all_groups()
502 MAC2STR(wpa_auth->addr), group->vlan_id); in wpa_rekey_all_groups()
505 group->GTKReKey = true; in wpa_rekey_all_groups()
507 group->changed = false; in wpa_rekey_all_groups()
509 } while (group->changed); in wpa_rekey_all_groups()
511 next = group->next; in wpa_rekey_all_groups()
524 group = wpa_auth->group; in wpa_update_all_gtks()
529 next = group->next; in wpa_update_all_gtks()
540 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr)) in wpa_update_all_gtks_cb()
553 if (!ether_addr_equal(wpa_auth->mld_addr, mld_addr)) in wpa_rekey_all_groups_cb()
568 if (wpa_auth->is_ml) { in wpa_rekey_gtk()
569 /* Non-primary ML authenticator eloop timer for group rekey is in wpa_rekey_gtk()
572 if (!wpa_auth->primary_auth) { in wpa_rekey_gtk()
574 "RSN: Cannot start GTK rekey on non-primary ML authenticator"); in wpa_rekey_gtk()
580 wpa_auth->mld_addr); in wpa_rekey_gtk()
585 wpa_auth->mld_addr); in wpa_rekey_gtk()
593 if (wpa_auth->conf.wpa_group_rekey) { in wpa_rekey_gtk()
594 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, in wpa_rekey_gtk()
614 if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) { in wpa_auth_set_ptk_rekey_timer()
618 sm->wpa_auth->conf.wpa_ptk_rekey); in wpa_auth_set_ptk_rekey_timer()
619 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm); in wpa_auth_set_ptk_rekey_timer()
620 eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0, in wpa_auth_set_ptk_rekey_timer()
621 wpa_rekey_ptk, sm->wpa_auth, sm); in wpa_auth_set_ptk_rekey_timer()
628 if (sm->pmksa == ctx) in wpa_auth_pmksa_clear_cb()
629 sm->pmksa = NULL; in wpa_auth_pmksa_clear_cb()
649 if (random_get_bytes(group->GMK, WPA_GMK_LEN) < 0) in wpa_group_init_gmk_and_counter()
650 return -1; in wpa_group_init_gmk_and_counter()
651 wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN); in wpa_group_init_gmk_and_counter()
654 * Counter = PRF-256(Random number, "Init Counter", in wpa_group_init_gmk_and_counter()
657 os_memcpy(buf, wpa_auth->addr, ETH_ALEN); in wpa_group_init_gmk_and_counter()
666 return -1; in wpa_group_init_gmk_and_counter()
669 group->Counter, WPA_NONCE_LEN) < 0) in wpa_group_init_gmk_and_counter()
670 return -1; in wpa_group_init_gmk_and_counter()
672 group->Counter, WPA_NONCE_LEN); in wpa_group_init_gmk_and_counter()
687 group->GTKAuthenticator = true; in wpa_group_init()
688 group->vlan_id = vlan_id; in wpa_group_init()
689 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); in wpa_group_init()
693 …"WPA: Not enough entropy in random pool for secure operations - update keys later when the first s… in wpa_group_init()
709 group->GInit = true; in wpa_group_init()
716 group->GInit = false; in wpa_group_init()
725 * wpa_init - Initialize WPA authenticator
742 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
743 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
746 if (conf->mld_addr) {
747 wpa_auth->is_ml = true;
748 wpa_auth->link_id = conf->link_id;
749 wpa_auth->primary_auth = !conf->first_link_auth;
750 os_memcpy(wpa_auth->mld_addr, conf->mld_addr, ETH_ALEN);
754 wpa_auth->cb = cb;
755 wpa_auth->cb_ctx = cb_ctx;
763 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
764 if (!wpa_auth->group) {
765 os_free(wpa_auth->wpa_ie);
770 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
772 if (!wpa_auth->pmksa) {
774 os_free(wpa_auth->group);
775 os_free(wpa_auth->wpa_ie);
781 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
782 if (!wpa_auth->ft_pmk_cache) {
784 os_free(wpa_auth->group);
785 os_free(wpa_auth->wpa_ie);
786 pmksa_cache_auth_deinit(wpa_auth->pmksa);
792 if (wpa_auth->conf.wpa_gmk_rekey) {
793 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
801 if ((!wpa_auth->is_ml || !conf->first_link_auth) &&
802 wpa_auth->conf.wpa_group_rekey) {
804 if (wpa_auth->conf.wpa_group_rekey) {
806 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
811 if (WPA_GET_BE32(conf->ip_addr_start)) {
812 int count = WPA_GET_BE32(conf->ip_addr_end) -
813 WPA_GET_BE32(conf->ip_addr_start) + 1;
817 wpa_auth->ip_pool = bitfield_alloc(count);
821 if (conf->tx_bss_auth && conf->beacon_prot) {
822 conf->tx_bss_auth->non_tx_beacon_prot = true;
823 if (!conf->tx_bss_auth->conf.beacon_prot)
824 conf->tx_bss_auth->conf.beacon_prot = true;
825 if (!conf->tx_bss_auth->conf.group_mgmt_cipher)
826 conf->tx_bss_auth->conf.group_mgmt_cipher =
827 conf->group_mgmt_cipher;
836 struct wpa_group *group = wpa_auth->group;
841 group->GInit = false;
843 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
844 return -1;
852 wpabuf_free(conf->eapol_m1_elements);
853 conf->eapol_m1_elements = NULL;
854 wpabuf_free(conf->eapol_m3_elements);
855 conf->eapol_m3_elements = NULL;
861 * wpa_deinit - Deinitialize WPA authenticator
874 pmksa_cache_auth_deinit(wpa_auth->pmksa);
877 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
878 wpa_auth->ft_pmk_cache = NULL;
883 bitfield_free(wpa_auth->ip_pool);
887 os_free(wpa_auth->wpa_ie);
889 group = wpa_auth->group;
892 group = group->next;
896 wpa_auth_free_conf(&wpa_auth->conf);
902 * wpa_reconfig - Update WPA authenticator configuration
914 wpa_auth_free_conf(&wpa_auth->conf);
915 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
918 return -1;
925 group = wpa_auth->group;
926 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
927 group->GInit = true;
929 group->GInit = false;
942 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
948 os_memcpy(sm->addr, addr, ETH_ALEN);
950 os_memcpy(sm->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
952 sm->wpa_auth = wpa_auth;
953 sm->group = wpa_auth->group;
954 wpa_group_get(sm->wpa_auth, sm->group);
956 sm->mld_assoc_link_id = -1;
966 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
967 return -1;
970 if (sm->ft_completed) {
972 "FT authentication already completed - do not start 4-way handshake");
974 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
975 sm->Pair = true;
981 if (sm->fils_completed) {
983 "FILS authentication already completed - do not start 4-way handshake");
985 sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
986 sm->Pair = true;
991 if (sm->started) {
992 os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
993 sm->ReAuthenticationRequest = true;
999 sm->started = 1;
1001 sm->Init = true;
1004 sm->Init = false;
1005 sm->AuthenticationRequest = true;
1012 /* WPA/RSN was not used - clear WPA state. This is needed if the STA
1018 sm->wpa_key_mgmt = 0;
1029 if (WPA_GET_BE32(sm->ip_addr)) {
1033 sm->ip_addr[0], sm->ip_addr[1],
1034 sm->ip_addr[2], sm->ip_addr[3],
1036 sm->ip_addr_bit);
1037 bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
1040 if (sm->GUpdateStationKeys)
1043 os_free(sm->assoc_resp_ftie);
1044 wpabuf_free(sm->ft_pending_req_ies);
1046 os_free(sm->last_rx_eapol_key);
1047 os_free(sm->wpa_ie);
1048 os_free(sm->rsnxe);
1049 os_free(sm->rsn_selection);
1052 wpa_group_put(sm->mld_links[link_id].wpa_auth,
1053 sm->mld_links[link_id].wpa_auth->group);
1054 sm->mld_links[link_id].wpa_auth = NULL;
1057 wpa_group_put(sm->wpa_auth, sm->group);
1059 wpabuf_clear_free(sm->dpp_z);
1072 wpa_auth = sm->wpa_auth;
1073 if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
1077 "strict rekeying - force GTK rekey since STA is leaving");
1080 if (wpa_auth->is_ml && !wpa_auth->primary_auth)
1085 primary_auth, NULL) == -1)
1091 sm->pending_1_of_4_timeout = 0;
1097 if (sm->in_step_loop) {
1103 sm->pending_deinit = 1;
1114 if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
1118 sm->Disconnect = true;
1120 sm->disconnect_reason =
1123 if (sm->use_ext_key_id)
1124 sm->keyidx_active ^= 1; /* flip Key ID */
1125 sm->PTKRequest = true;
1126 sm->PTK_valid = 0;
1170 /* Verify that PMKR1Name from EAPOL-Key message 2/4 matches the value
1173 if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
1176 "FT: No PMKR1Name in FT 4-way handshake message 2/4");
1177 return -1;
1180 if (wpa_parse_wpa_ie_rsn(sm->wpa_ie, sm->wpa_ie_len, &assoc_ie) < 0) {
1191 if (os_memcmp_const(pmkid, sm->pmk_r1_name,
1219 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
1221 "PMKR1Name mismatch in FT 4-way handshake");
1226 sm->pmk_r1_name, WPA_PMK_NAME_LEN);
1227 return -1;
1230 if (!kde->mdie || !kde->ftie) {
1232 "FT: No %s in FT 4-way handshake message 2/4",
1233 kde->mdie ? "FTIE" : "MDIE");
1234 return -1;
1237 mdie = (struct rsn_mdie *) (kde->mdie + 2);
1238 if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
1239 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
1242 return -1;
1245 if (sm->assoc_resp_ftie &&
1246 (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
1247 os_memcmp(kde->ftie, sm->assoc_resp_ftie,
1248 2 + sm->assoc_resp_ftie[1]) != 0)) {
1250 wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
1251 kde->ftie, kde->ftie_len);
1253 sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
1254 return -1;
1267 "received EAPOL-Key Error Request (STA detected Michael MIC failure (group=%d))",
1270 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
1273 } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
1280 sm->dot11RSNAStatsTKIPRemoteMICFailures++;
1281 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
1304 int ret = -1;
1308 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
1309 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
1310 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
1311 sm->p2p_dev_addr, pmk, &pmk_len,
1316 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
1317 os_memcpy(sm->xxkey, pmk, pmk_len);
1318 sm->xxkey_len = pmk_len;
1322 pmk = sm->PMK;
1323 pmk_len = sm->pmk_len;
1326 if (wpa_derive_ptk(sm, sm->alt_SNonce, pmk, pmk_len, &PTK, 0,
1331 if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
1333 if (sm->PMK != pmk) {
1334 os_memcpy(sm->PMK, pmk, pmk_len);
1335 sm->pmk_len = pmk_len;
1341 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
1342 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
1354 sm->alt_snonce_valid = 0;
1356 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
1357 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
1361 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) && !sm->ft_completed) {
1362 wpa_printf(MSG_DEBUG, "FT: Store PMK-R0/PMK-R1");
1368 os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
1369 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
1371 sm->PTK_valid = true;
1385 for (group = wpa_auth->group; group; group = group->next) {
1386 if (group->GKeyDoneStations)
1405 if (!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1406 wpa_use_cmac(sm->wpa_key_mgmt) &&
1410 "advertised support for AES-128-CMAC, but did not use it");
1414 if (sm->pairwise != WPA_CIPHER_TKIP &&
1415 !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1416 !wpa_use_cmac(sm->wpa_key_mgmt) &&
1420 "did not use HMAC-SHA1-AES with CCMP/GCMP");
1424 if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
1428 "did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
1441 if (sm->req_replay_counter_used &&
1442 os_memcmp(replay_counter, sm->req_replay_counter,
1446 "received EAPOL-Key request with replayed counter");
1464 key->replay_counter);
1466 if (wpa_replay_counter_valid(sm->key_replay, key->replay_counter))
1470 wpa_replay_counter_valid(sm->prev_key_replay,
1471 key->replay_counter) &&
1472 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1473 os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1476 * WZC) update SNonce for each EAPOL-Key 2/4. This
1479 * even if we have already sent out EAPOL-Key 3/4.
1483 "Process SNonce update from STA based on retransmitted EAPOL-Key 1/4");
1484 sm->update_snonce = 1;
1485 os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
1486 sm->alt_snonce_valid = true;
1487 os_memcpy(sm->alt_replay_counter,
1488 sm->key_replay[0].counter,
1493 if (msg == PAIRWISE_4 && sm->alt_snonce_valid &&
1494 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
1495 os_memcmp(key->replay_counter, sm->alt_replay_counter,
1499 * there was two EAPOL-Key 2/4 messages and they had
1504 …"Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPO…
1509 wpa_replay_counter_valid(sm->prev_key_replay,
1510 key->replay_counter) &&
1511 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1514 "ignore retransmitted EAPOL-Key %s - SNonce did not change",
1519 "received EAPOL-Key %s with unexpected replay counter",
1523 if (!sm->key_replay[i].valid)
1526 sm->key_replay[i].counter,
1530 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1550 if (!wpa_auth || !wpa_auth->conf.wpa || !sm)
1555 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
1559 wpa_printf(MSG_DEBUG, "WPA: Ignore too short EAPOL-Key frame");
1566 key_info = WPA_GET_BE16(key->key_info);
1569 wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
1571 MAC2STR(wpa_auth_get_spa(sm)), key_info, key->type,
1574 "WPA: EAPOL-Key header (ending before Key MIC)",
1576 wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
1578 if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
1580 "WPA: Invalid EAPOL-Key frame - key_data overflow (%d > %zu)",
1582 data_len - sizeof(*hdr) - keyhdrlen);
1586 if (sm->wpa == WPA_VERSION_WPA2) {
1587 if (key->type == EAPOL_KEY_TYPE_WPA) {
1593 "Workaround: Allow EAPOL-Key with unexpected WPA type in RSN mode");
1594 } else if (key->type != EAPOL_KEY_TYPE_RSN) {
1596 "Ignore EAPOL-Key with unexpected type %d in RSN mode",
1597 key->type);
1601 if (key->type != EAPOL_KEY_TYPE_WPA) {
1603 "Ignore EAPOL-Key with unexpected type %d in WPA mode",
1604 key->type);
1609 wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
1612 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
1614 /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
1626 sm->PTK_valid &&
1629 wpa_use_aes_key_wrap(sm->wpa_key_mgmt)) &&
1631 key_data_length -= 8; /* AES-WRAP adds 8 bytes */
1636 if (aes_unwrap(sm->PTK.kek, sm->PTK.kek_len,
1639 "RSN: AES unwrap failed - could not decrypt EAPOL-Key key data");
1643 wpa_hexdump_key(MSG_DEBUG, "RSN: Decrypted EAPOL-Key Key Data",
1654 (sm->wpa == WPA_VERSION_WPA2 &&
1672 if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
1675 "WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
1682 if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
1683 sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
1684 (!sm->update_snonce ||
1685 sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
1688 "received EAPOL-Key msg 2/4 in invalid state (%d) - dropped",
1689 sm->wpa_ptk_state);
1692 random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
1693 if (sm->group->reject_4way_hs_for_entropy) {
1696 * strong random numbers. Reject the first 4-way
1704 "WPA: Reject 4-way handshake to collect more entropy for random number generation");
1706 wpa_sta_disconnect(wpa_auth, sm->addr,
1712 if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
1713 !sm->PTK_valid) {
1716 "received EAPOL-Key msg 4/4 in invalid state (%d) - dropped",
1717 sm->wpa_ptk_state);
1722 if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
1723 || !sm->PTK_valid) {
1726 "received EAPOL-Key msg 2/2 in invalid state (%d) - dropped",
1727 sm->wpa_ptk_group_state);
1732 if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
1733 sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
1734 sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
1735 sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
1738 "received EAPOL-Key Request in invalid state (%d) - dropped",
1739 sm->wpa_ptk_state);
1746 "received EAPOL-Key frame (%s)", msgtxt);
1750 "received invalid EAPOL-Key: Key Ack set");
1754 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1757 "received invalid EAPOL-Key: Key MIC not set");
1762 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
1765 "received invalid EAPOL-Key: Key MIC set");
1770 sm->MICVerified = false;
1771 if (sm->PTK_valid && !sm->update_snonce) {
1773 wpa_verify_key_mic(sm->wpa_key_mgmt, sm->pmk_len, &sm->PTK,
1775 (msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
1779 "received EAPOL-Key with invalid MIC");
1789 wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
1793 "received EAPOL-Key with invalid MIC");
1805 sm->MICVerified = true;
1807 sm->pending_1_of_4_timeout = 0;
1814 "received EAPOL-Key request without Secure=1");
1817 if (sm->MICVerified) {
1818 sm->req_replay_counter_used = 1;
1819 os_memcpy(sm->req_replay_counter, key->replay_counter,
1824 "received EAPOL-Key request with invalid MIC");
1836 "received EAPOL-Key Request for new 4-Way Handshake");
1841 "received EAPOL-Key Request for GTK rekeying");
1848 "skip new GTK rekey - already in process");
1855 wpa_replay_counter_mark_invalid(sm->key_replay,
1856 key->replay_counter);
1860 * Maintain a copy of the pending EAPOL-Key frames in
1861 * case the EAPOL-Key frame was retransmitted. This is
1862 * needed to allow EAPOL-Key msg 2/4 reply to another
1866 os_memcpy(sm->prev_key_replay, sm->key_replay,
1867 sizeof(sm->key_replay));
1869 os_memset(sm->prev_key_replay, 0,
1870 sizeof(sm->prev_key_replay));
1877 wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
1880 os_free(sm->last_rx_eapol_key);
1881 sm->last_rx_eapol_key = os_memdup(data, data_len);
1882 if (!sm->last_rx_eapol_key)
1884 sm->last_rx_eapol_key_len = data_len;
1886 sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
1887 sm->EAPOLKeyReceived = true;
1888 sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
1889 sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
1891 os_memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
1906 /* GTK = PRF-X(GMK, "Group key expansion",
1923 ret = -1;
1928 ret = -1;
1933 ret = -1;
1937 ret = -1;
1952 if (sm->waiting_radius_psk) {
1953 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1954 "Ignore EAPOL-Key timeout while waiting for RADIUS PSK");
1958 sm->pending_1_of_4_timeout = 0;
1960 "EAPOL-Key timeout");
1961 sm->TimeoutEvt = true;
1972 struct wpa_auth_config *conf = &wpa_auth->conf;
1983 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
1990 else if (wpa_use_akm_defined(sm->wpa_key_mgmt))
1992 else if (wpa_use_cmac(sm->wpa_key_mgmt))
1994 else if (sm->pairwise != WPA_CIPHER_TKIP)
2013 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
2017 pad_len = 8 - pad_len;
2028 hdr->version = conf->eapol_version;
2029 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
2030 hdr->length = host_to_be16(len - sizeof(*hdr));
2035 key->type = sm->wpa == WPA_VERSION_WPA2 ?
2038 if (encr && sm->wpa == WPA_VERSION_WPA2)
2040 if (sm->wpa != WPA_VERSION_WPA2)
2042 WPA_PUT_BE16(key->key_info, key_info);
2044 alg = pairwise ? sm->pairwise : conf->wpa_group;
2045 if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
2046 WPA_PUT_BE16(key->key_length, 0);
2048 WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
2050 for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
2051 sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
2052 os_memcpy(sm->key_replay[i].counter,
2053 sm->key_replay[i - 1].counter,
2056 inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
2057 os_memcpy(key->replay_counter, sm->key_replay[0].counter,
2060 key->replay_counter, WPA_REPLAY_COUNTER_LEN);
2061 sm->key_replay[0].valid = true;
2064 os_memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
2067 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
2078 wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
2082 sm->PTK.kek, sm->PTK.kek_len);
2083 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
2086 aad_len[0] = key_mic + 2 - (u8 *) hdr;
2087 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len, kde, kde_len,
2089 wpa_printf(MSG_DEBUG, "WPA: AES-SIV encryption failed");
2110 "Plaintext EAPOL-Key Key Data (+ padding)",
2113 wpa_use_aes_key_wrap(sm->wpa_key_mgmt) ||
2115 wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
2116 sm->PTK.kek, sm->PTK.kek_len);
2117 if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
2118 (key_data_len - 8) / 8, buf, key_data)) {
2124 "RSN: Encrypted Key Data from AES-WRAP",
2128 } else if (sm->PTK.kek_len == 16) {
2133 os_memcpy(key->key_iv,
2134 sm->group->Counter + WPA_NONCE_LEN - 16, 16);
2135 inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
2136 os_memcpy(ek, key->key_iv, 16);
2137 os_memcpy(ek + 16, sm->PTK.kek, sm->PTK.kek_len);
2151 if (!sm->PTK_valid || !mic_len) {
2154 "PTK not valid when sending EAPOL-Key frame");
2159 if (wpa_eapol_key_mic(sm->PTK.kck, sm->PTK.kck_len,
2160 sm->wpa_key_mgmt, version,
2167 conf->corrupt_gtk_rekey_mic_probability > 0.0 &&
2168 drand48() < conf->corrupt_gtk_rekey_mic_probability) {
2171 "Corrupting group EAPOL-Key Key MIC");
2177 wpa_auth_set_eapol(wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1);
2178 wpa_hexdump(MSG_DEBUG, "Send EAPOL-Key msg", hdr, len);
2179 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
2180 sm->pairwise_set);
2187 if (!wpa_auth->cb->get_sta_count)
2188 return -1;
2190 return wpa_auth->cb->get_sta_count(wpa_auth->cb_ctx);
2207 ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
2210 /* When delay_eapol_tx is true, delay the EAPOL-Key transmission by
2213 if (wpa_auth->conf.delay_eapol_tx &&
2214 ctr != wpa_auth->conf.wpa_pairwise_update_count) {
2215 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO,
2216 "DELAY-EAPOL-TX-%d", ctr);
2226 if (ctr == 1 && wpa_auth->conf.tx_status) {
2236 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
2240 sm->pending_1_of_4_timeout = 1;
2245 "WPA: Use EAPOL-Key timeout of %u ms (retry counter %u)",
2263 return -1;
2268 key_info = WPA_GET_BE16(key->key_info);
2271 if (wpa_eapol_key_mic(PTK->kck, PTK->kck_len, akmp,
2275 ret = -1;
2283 sm->PTK_valid = false;
2284 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2286 wpa_auth_remove_ptksa(sm->wpa_auth, sm->addr, sm->pairwise);
2288 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
2292 if (sm->use_ext_key_id &&
2293 wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 1, NULL,
2297 sm->pairwise_set = false;
2298 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
2307 return -1;
2309 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2316 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
2326 sm->DeauthenticationRequest = true;
2327 os_memset(sm->PMK, 0, sizeof(sm->PMK));
2328 sm->pmk_len = 0;
2330 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2331 sm->xxkey_len = 0;
2332 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2333 sm->pmk_r1_len = 0;
2338 if (!sm->started) {
2341 * manages to re-associate without the previous STA
2347 "WPA state machine had not been started - initialize now");
2348 sm->started = 1;
2349 sm->Init = true;
2352 sm->Init = false;
2353 sm->AuthenticationRequest = true;
2357 if (sm->ptkstart_without_success > 3) {
2359 "WPA: Multiple EAP reauth attempts without 4-way handshake completion, disconnect "
2360 MACSTR, MAC2STR(sm->addr));
2361 sm->Disconnect = true;
2365 if (!sm->use_ext_key_id &&
2366 sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
2370 sm->Disconnect = true;
2372 sm->disconnect_reason =
2377 if (sm->use_ext_key_id)
2378 sm->keyidx_active ^= 1; /* flip Key ID */
2380 if (sm->GUpdateStationKeys) {
2386 sm->PtkGroupInit = true;
2388 sm->ReAuthenticationRequest = true;
2397 sm->ft_completed = 1;
2408 sm->fils_completed = 1;
2414 sm->tk_already_set = false;
2419 sm->ft_completed = 0;
2422 if (sm->mgmt_frame_prot && event == WPA_AUTH)
2425 if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
2431 sm->PTK_valid = false;
2432 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2438 if (sm->in_step_loop) {
2440 * wpa_sm_step() is already running - avoid recursive call to
2443 sm->changed = true;
2453 if (sm->Init) {
2456 sm->changed = false;
2459 sm->keycount = 0;
2460 if (sm->GUpdateStationKeys)
2462 if (sm->wpa == WPA_VERSION_WPA)
2463 sm->PInitAKeys = false;
2466 sm->Pair = true;
2468 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
2470 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
2471 sm->TimeoutCtr = 0;
2472 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
2473 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
2474 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
2475 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
2483 u16 reason = sm->disconnect_reason;
2486 sm->Disconnect = false;
2487 sm->disconnect_reason = 0;
2490 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
2497 sm->DeauthenticationRequest = false;
2504 os_memset(&sm->PTK, 0, sizeof(sm->PTK));
2505 sm->PTK_valid = false;
2506 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
2508 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
2509 sm->AuthenticationRequest = false;
2516 if (group->first_sta_seen)
2521 * of collecting more randomness on embedded systems. Re-initialize the
2526 "WPA: Re-initialize GMK/Counter on first station");
2529 "WPA: Not enough entropy in random pool to proceed - reject first 4-way handshake");
2530 group->reject_4way_hs_for_entropy = true;
2532 group->first_sta_seen = true;
2533 group->reject_4way_hs_for_entropy = false;
2540 group->first_sta_seen = false;
2541 group->reject_4way_hs_for_entropy = true;
2550 wpa_group_ensure_init(sm->wpa_auth, sm->group);
2551 sm->ReAuthenticationRequest = false;
2554 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
2556 * incremented by one for each 4-way handshake. However, the security
2557 * analysis of 4-way handshake points out that unpredictable nonces
2562 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2565 sm->Disconnect = true;
2568 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
2572 * re-entered on ReAuthenticationRequest without going through
2574 sm->TimeoutCtr = 0;
2580 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
2583 sm->Disconnect = true;
2584 return -1;
2586 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
2588 sm->TimeoutCtr = 0;
2600 sm->xxkey_len = 0;
2602 if (sm->pmksa) {
2604 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2605 sm->pmk_len = sm->pmksa->pmk_len;
2607 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
2609 "DPP: No PMKSA cache entry for STA - reject connection");
2610 sm->Disconnect = true;
2611 sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
2614 } else if (wpa_auth_get_msk(sm->wpa_auth, wpa_auth_get_spa(sm),
2618 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
2629 sm->Disconnect = true;
2632 os_memcpy(sm->PMK, msk, pmk_len);
2633 sm->pmk_len = pmk_len;
2636 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
2637 os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
2638 sm->xxkey_len = SHA384_MAC_LEN;
2640 os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
2641 sm->xxkey_len = PMK_LEN;
2647 sm->wpa_auth->cb->get_msk);
2648 sm->Disconnect = true;
2653 sm->req_replay_counter_used = 0;
2659 * eventually fail in 4-Way Handshake because Supplicant uses PMK
2662 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, false);
2672 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
2675 os_memcpy(sm->PMK, psk, psk_len);
2676 sm->pmk_len = psk_len;
2678 sm->xxkey_len = PMK_LEN;
2680 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY &&
2683 sm->xxkey_len = psk_len;
2685 os_memcpy(sm->xxkey, psk, sm->xxkey_len);
2689 if (wpa_auth_uses_sae(sm) && sm->pmksa) {
2691 sm->pmksa->pmk_len);
2692 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
2693 sm->pmk_len = sm->pmksa->pmk_len;
2695 os_memcpy(sm->xxkey, sm->pmksa->pmk, sm->pmksa->pmk_len);
2696 sm->xxkey_len = sm->pmksa->pmk_len;
2700 sm->req_replay_counter_used = 0;
2712 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
2716 sm->PTKRequest = false;
2717 sm->TimeoutEvt = false;
2718 sm->alt_snonce_valid = false;
2719 sm->ptkstart_without_success++;
2721 sm->TimeoutCtr++;
2722 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
2723 /* No point in sending the EAPOL-Key - we will disconnect
2729 if (sm->mld_assoc_link_id >= 0)
2733 if (conf->eapol_m1_elements)
2734 buf_len += wpabuf_len(conf->eapol_m1_elements);
2741 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
2742 "sending 1/4 msg of 4-Way Handshake");
2745 * the PMKID KDE in EAPOL-Key msg 1/4 since it could be used to initiate
2747 * capture a 4-way handshake from a STA that has access to the network.
2750 * WPA2-PSK cases that use multiple PSKs, but only if there is a single
2757 if (sm->wpa == WPA_VERSION_WPA2 &&
2758 (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
2759 (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
2760 wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
2761 sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
2767 if (sm->pmksa) {
2770 sm->pmksa->pmkid, PMKID_LEN);
2772 sm->pmksa->pmkid, PMKID_LEN);
2773 } else if (wpa_key_mgmt_suite_b(sm->wpa_key_mgmt)) {
2779 } else if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
2780 if (sm->pmkid_set) {
2783 sm->pmkid, PMKID_LEN);
2785 sm->pmkid, PMKID_LEN);
2794 } else if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
2795 sm->ft_completed) {
2801 } else if (wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
2802 if (sm->pmkid_set) {
2805 sm->pmkid, PMKID_LEN);
2807 sm->pmkid, PMKID_LEN);
2818 * available with pre-calculated PMKID.
2820 rsn_pmkid(sm->PMK, sm->pmk_len,
2824 sm->wpa_key_mgmt);
2834 if (sm->mld_assoc_link_id >= 0) {
2839 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
2845 if (conf->eapol_m1_elements) {
2846 os_memcpy(buf + kde_len, wpabuf_head(conf->eapol_m1_elements),
2847 wpabuf_len(conf->eapol_m1_elements));
2848 kde_len += wpabuf_len(conf->eapol_m1_elements);
2853 if (sm->pairwise_set && sm->wpa != WPA_VERSION_WPA)
2855 wpa_send_eapol(sm->wpa_auth, sm, key_info, NULL,
2856 sm->ANonce, kde_len ? buf : NULL, kde_len, 0, 0);
2872 if (sm->wpa_auth->conf.force_kdk_derivation ||
2873 (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2874 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
2880 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
2881 if (sm->ft_completed) {
2884 ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
2885 sm->SNonce, sm->ANonce,
2888 sm->pmk_r1_name, ptk,
2889 ptk_name, sm->wpa_key_mgmt,
2890 sm->pairwise, kdk_len);
2902 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2903 ieee802_11_rsnx_capab(sm->rsnxe,
2905 ret = wpa_ltf_keyseed(ptk, sm->wpa_key_mgmt,
2906 sm->pairwise);
2918 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_z) {
2919 z = wpabuf_head(sm->dpp_z);
2920 z_len = wpabuf_len(sm->dpp_z);
2924 akmp = sm->wpa_key_mgmt;
2929 sm->ANonce, snonce, ptk, akmp,
2930 sm->pairwise, z, z_len, kdk_len);
2938 if (!no_kdk && sm->wpa_auth->conf.secure_ltf &&
2939 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) {
2940 ret = wpa_ltf_keyseed(ptk, sm->wpa_key_mgmt, sm->pairwise);
2964 if (sm->wpa_auth->conf.force_kdk_derivation ||
2965 (sm->wpa_auth->conf.secure_ltf &&
2966 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
2974 &sm->PTK, ick, &ick_len,
2975 sm->wpa_key_mgmt, sm->pairwise,
2981 if (sm->wpa_auth->conf.secure_ltf &&
2982 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)) {
2983 res = wpa_ltf_keyseed(&sm->PTK, sm->wpa_key_mgmt, sm->pairwise);
2992 sm->PTK_valid = true;
2993 sm->tk_already_set = false;
2997 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2998 struct wpa_auth_config *conf = &wpa_auth->conf;
3002 conf->ssid, conf->ssid_len,
3003 conf->mobility_domain,
3004 conf->r0_key_holder,
3005 conf->r0_key_holder_len,
3007 sm->wpa_key_mgmt) < 0)
3008 return -1;
3013 res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
3015 sm->pmk_r1_name,
3019 return -1;
3020 wpa_hexdump(MSG_DEBUG, "FILS+FT: PMKR1Name", sm->pmk_r1_name,
3022 sm->pmk_r1_name_valid = 1;
3033 sm->wpa_key_mgmt, sm->fils_key_auth_sta,
3034 sm->fils_key_auth_ap,
3035 &sm->fils_key_auth_len);
3039 os_memcpy(sm->SNonce, snonce, FILS_NONCE_LEN);
3040 os_memcpy(sm->ANonce, anonce, FILS_NONCE_LEN);
3062 key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
3063 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3064 "No room for AES-SIV data in the frame");
3065 return -1;
3071 return -1;
3073 /* AES-SIV AAD from EAPOL protocol version field (inclusive) to
3076 aad_len[0] = pos - buf;
3077 if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
3079 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
3080 "Invalid AES-SIV data in the frame");
3082 return -1;
3086 key_data_len -= AES_BLOCK_SIZE;
3092 pos -= 2; /* Key Data Length field */
3108 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3110 "FILS: Not a FILS AKM - reject association");
3131 "FILS: %s: Could not find FILS Session element in Assoc Req - reject",
3138 "FILS: %s: Could not find FILS Session element in STA entry - reject",
3163 return -1;
3168 return -1;
3173 return -1;
3176 if (elems.fils_key_confirm_len != sm->fils_key_auth_len) {
3178 "FILS: Unexpected Key-Auth length %d (expected %zu)",
3180 sm->fils_key_auth_len);
3181 return -1;
3184 if (os_memcmp(elems.fils_key_confirm, sm->fils_key_auth_sta,
3185 sm->fils_key_auth_len) != 0) {
3186 wpa_printf(MSG_DEBUG, "FILS: Key-Auth mismatch");
3187 wpa_hexdump(MSG_DEBUG, "FILS: Received Key-Auth",
3189 wpa_hexdump(MSG_DEBUG, "FILS: Expected Key-Auth",
3190 sm->fils_key_auth_sta, sm->fils_key_auth_len);
3191 return -1;
3207 if (!sm || !sm->PTK_valid) {
3210 return -1;
3213 if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
3215 "FILS: Not a FILS AKM - reject association");
3216 return -1;
3220 fc = le_to_host16(mgmt->frame_control);
3223 ie_start = mgmt->u.reassoc_req.variable;
3225 ie_start = mgmt->u.assoc_req.variable;
3232 session = wpa_fils_validate_fils_session(sm, ie, end - ie,
3236 return -1;
3241 if (end - crypt < AES_BLOCK_SIZE) {
3243 "FILS: Too short frame to include AES-SIV data");
3244 return -1;
3247 /* AES-SIV AAD vectors */
3250 aad[0] = mgmt->sa;
3253 aad[1] = mgmt->da;
3256 aad[2] = sm->SNonce;
3259 aad[3] = sm->ANonce;
3265 aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
3266 aad_len[4] = crypt - aad[4];
3268 if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
3269 5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
3271 "FILS: Invalid AES-SIV data in the frame");
3272 return -1;
3275 pos, left - AES_BLOCK_SIZE);
3277 if (wpa_fils_validate_key_confirm(sm, pos, left - AES_BLOCK_SIZE) < 0) {
3279 return -1;
3282 return left - AES_BLOCK_SIZE;
3297 if (!sm || !sm->PTK_valid)
3298 return -1;
3306 /* AES-SIV AAD vectors */
3309 aad[0] = mgmt->sa;
3312 aad[1] = mgmt->da;
3315 aad[2] = sm->ANonce;
3318 aad[3] = sm->SNonce;
3325 aad[4] = (const u8 *) &mgmt->u.assoc_resp.capab_info;
3326 aad_len[4] = pos - aad[4];
3328 /* The following elements will be encrypted with AES-SIV */
3332 return -1;
3339 return -1;
3345 if (aes_siv_encrypt(sm->PTK.kek, sm->PTK.kek_len,
3349 return -1;
3358 sm->fils_completed = 1;
3374 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
3377 if (conf->transition_disable)
3387 wpabuf_put_u8(plain, 1 + sm->fils_key_auth_len); /* Length */
3390 wpabuf_put_data(plain, sm->fils_key_auth_ap, sm->fils_key_auth_len);
3399 gsm = sm->group;
3403 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
3406 gtk = gsm->GTK[gsm->GN - 1];
3407 gtk_len = gsm->GTK_len;
3408 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
3419 hdr[0] = gsm->GN & 0x03;
3424 wpabuf_put(plain, tmp2 - tmp);
3429 wpabuf_put(plain, tmp2 - tmp);
3431 if (conf->transition_disable) {
3434 &conf->transition_disable, 1, NULL, 0);
3435 wpabuf_put(plain, tmp2 - tmp);
3438 *len = (u8 *) wpabuf_put(plain, 0) - len - 1;
3445 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3452 if (conf->oci_freq_override_fils_assoc) {
3454 "TEST: Override OCI frequency %d -> %u MHz",
3456 conf->oci_freq_override_fils_assoc);
3457 ci.frequency = conf->oci_freq_override_fils_assoc;
3478 if (!sm || !sm->PTK_valid) {
3480 return -1;
3482 if (sm->tk_already_set) {
3484 return -1;
3487 alg = wpa_cipher_to_alg(sm->pairwise);
3488 klen = wpa_cipher_key_len(sm->pairwise);
3491 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3492 sm->PTK.tk, klen, KEY_FLAG_PAIRWISE_RX_TX)) {
3494 return -1;
3498 if (sm->wpa_auth->conf.secure_ltf &&
3499 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF) &&
3500 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
3501 sm->PTK.ltf_keyseed,
3502 sm->PTK.ltf_keyseed_len)) {
3505 return -1;
3509 sm->pairwise_set = true;
3510 sm->tk_already_set = true;
3512 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
3513 dot11RSNAConfigPMKLifetime, &sm->PTK);
3544 sm->fils_completed = 1;
3555 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3557 if (!wpa_auth->cb->get_sta_tx_params)
3558 return -1;
3559 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
3573 if (sm->mld_assoc_link_id < 0)
3577 if (!kde->mac_addr ||
3578 !ether_addr_equal(kde->mac_addr, sm->peer_mld_addr)) {
3580 return -1;
3584 for_each_link(kde->valid_mlo_links, i) {
3589 if (kde->mlo_link_len[i] != 1 + ETH_ALEN) {
3592 i, kde->mlo_link_len[i]);
3593 return -1;
3596 if (!sm->mld_links[i].valid || i == sm->mld_assoc_link_id) {
3599 return -1;
3602 if (!ether_addr_equal(sm->mld_links[i].peer_addr,
3603 kde->mlo_link[i] + 1)) {
3607 MAC2STR(kde->mlo_link[i] + 1),
3608 MAC2STR(sm->mld_links[i].peer_addr), i);
3609 return -1;
3616 if (n_links != sm->n_mld_affiliated_links) {
3619 sm->n_mld_affiliated_links, n_links);
3620 return -1;
3630 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3643 int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
3652 sm->EAPOLKeyReceived = false;
3653 sm->update_snonce = false;
3656 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
3658 derive_kdk = sm->wpa_auth->conf.secure_ltf &&
3659 ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF);
3662 * WPA-PSK: iterate through possible PSKs and select the one matching
3665 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
3666 !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
3667 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
3668 sm->p2p_dev_addr, pmk, &pmk_len,
3674 if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
3675 os_memcpy(sm->xxkey, pmk, pmk_len);
3676 sm->xxkey_len = pmk_len;
3680 pmk = sm->PMK;
3681 pmk_len = sm->pmk_len;
3684 if ((!pmk || !pmk_len) && sm->pmksa) {
3686 pmk = sm->pmksa->pmk;
3687 pmk_len = sm->pmksa->pmk_len;
3692 if (wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK,
3698 wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
3699 sm->last_rx_eapol_key,
3700 sm->last_rx_eapol_key_len) == 0) {
3701 if (sm->PMK != pmk) {
3702 os_memcpy(sm->PMK, pmk, pmk_len);
3703 sm->pmk_len = pmk_len;
3711 wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
3712 sm->last_rx_eapol_key_len, NULL) == 0) {
3719 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && pmk_len > 32 &&
3732 if (!sm->wpa_auth->conf.force_kdk_derivation &&
3740 if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
3741 wpa_key_mgmt_sae(sm->wpa_key_mgmt))
3746 /* The workaround worked, so allow the 4-way handshake to be
3749 "PTK without KDK worked - misbehaving STA "
3750 MACSTR, MAC2STR(sm->addr));
3753 if (!ok && wpa_key_mgmt_wpa_psk_no_sae(sm->wpa_key_mgmt) &&
3754 wpa_auth->conf.radius_psk && wpa_auth->cb->request_radius_psk &&
3755 !sm->waiting_radius_psk) {
3756 wpa_printf(MSG_DEBUG, "No PSK available - ask RADIUS server");
3757 wpa_auth->cb->request_radius_psk(wpa_auth->cb_ctx, sm->addr,
3758 sm->wpa_key_mgmt,
3759 sm->ANonce,
3760 sm->last_rx_eapol_key,
3761 sm->last_rx_eapol_key_len);
3762 sm->waiting_radius_psk = 1;
3767 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
3769 "invalid MIC in msg 2/4 of 4-Way Handshake");
3771 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
3779 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
3782 key_info = WPA_GET_BE16(key->key_info);
3785 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
3786 sizeof(*key) - mic_len - 2)
3793 !wpa_use_aes_key_wrap(sm->wpa_key_mgmt)) {
3795 "Unsupported EAPOL-Key Key Data field encryption");
3801 "RSN: Unsupported AES-WRAP len %u",
3805 key_data_length -= 8; /* AES-WRAP adds 8 bytes */
3814 "RSN: AES unwrap failed - could not decrypt EAPOL-Key key data");
3818 wpa_hexdump_key(MSG_DEBUG, "RSN: Decrypted EAPOL-Key Key Data",
3824 "received EAPOL-Key msg 2/4 with invalid Key Data contents");
3837 ft = sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt);
3838 if (!sm->wpa_ie ||
3839 wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
3843 if (sm->wpa_ie) {
3845 sm->wpa_ie, sm->wpa_ie_len);
3849 /* MLME-DEAUTHENTICATE.request */
3850 wpa_sta_disconnect(wpa_auth, sm->addr,
3854 if ((!sm->rsnxe && kde.rsnxe) ||
3855 (sm->rsnxe && !kde.rsnxe) ||
3856 (sm->rsnxe && kde.rsnxe &&
3857 (sm->rsnxe_len != kde.rsnxe_len ||
3858 os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
3860 "RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
3862 sm->rsnxe, sm->rsnxe_len);
3863 wpa_hexdump(MSG_DEBUG, "RSNXE in EAPOL-Key msg 2/4",
3865 /* MLME-DEAUTHENTICATE.request */
3866 wpa_sta_disconnect(wpa_auth, sm->addr,
3880 "Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
3902 if (wpa_auth->conf.msg_ctx)
3903 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
3905 " frame=eapol-key-m2 error=%s",
3914 wpa_sta_disconnect(wpa_auth, sm->addr,
3921 if ((wpa_auth->conf.rsn_override_key_mgmt ||
3922 wpa_auth->conf.rsn_override_key_mgmt_2) &&
3923 ((rsn_is_snonce_cookie(sm->SNonce) && !kde.rsn_selection) ||
3924 (!rsn_is_snonce_cookie(sm->SNonce) && kde.rsn_selection) ||
3925 (sm->rsn_selection && !kde.rsn_selection) ||
3926 (!sm->rsn_selection && kde.rsn_selection) ||
3927 (sm->rsn_selection && kde.rsn_selection &&
3928 (sm->rsn_selection_len != kde.rsn_selection_len ||
3929 os_memcmp(sm->rsn_selection, kde.rsn_selection,
3930 sm->rsn_selection_len) != 0)))) {
3932 "RSN Selection element from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
3935 rsn_is_snonce_cookie(sm->SNonce) ? "" : "not ");
3937 sm->rsn_selection, sm->rsn_selection_len);
3938 wpa_hexdump(MSG_DEBUG, "RSN Selection in EAPOL-Key msg 2/4",
3940 /* MLME-DEAUTHENTICATE.request */
3941 wpa_sta_disconnect(wpa_auth, sm->addr,
3949 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
3952 "P2P: IP address requested in EAPOL-Key exchange");
3953 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
3955 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
3956 bitfield_set(wpa_auth->ip_pool, idx);
3957 sm->ip_addr_bit = idx;
3958 WPA_PUT_BE32(sm->ip_addr, start + idx);
3962 sm->ip_addr[0], sm->ip_addr[1],
3963 sm->ip_addr[2], sm->ip_addr[3],
3965 sm->ip_addr_bit);
3975 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
3976 wpa_auth->conf.dpp_pfs != 2 &&
3978 !sm->dpp_z) {
3981 wpa_sta_disconnect(wpa_auth, sm->addr,
3989 wpa_sta_disconnect(wpa_auth, sm->addr,
3994 if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
3995 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
3996 wpa_sta_disconnect(wpa_auth, sm->addr,
4001 sm->pending_1_of_4_timeout = 0;
4002 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
4004 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
4008 os_memcpy(sm->PMK, pmk, PMK_LEN);
4009 sm->pmk_len = PMK_LEN;
4012 sm->MICVerified = true;
4015 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt) && !sm->ft_completed) {
4016 wpa_printf(MSG_DEBUG, "FT: Store PMK-R0/PMK-R1");
4022 os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
4024 sm->PTK_valid = true;
4035 sm->TimeoutCtr = 0;
4042 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4044 if (sm->mgmt_frame_prot) {
4046 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4049 if (wpa_auth->conf.tx_bss_auth)
4050 wpa_auth = wpa_auth->conf.tx_bss_auth;
4051 if (sm->mgmt_frame_prot && sm->wpa_auth->conf.beacon_prot) {
4053 len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4064 struct wpa_group *gsm = sm->group;
4066 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
4067 struct wpa_auth_config *conf = &wpa_auth->conf;
4068 size_t len = wpa_cipher_key_len(conf->group_mgmt_cipher);
4070 if (!sm->mgmt_frame_prot)
4074 if (sm->mld_assoc_link_id >= 0)
4075 return pos; /* Use per-link MLO KDEs instead */
4078 igtk.keyid[0] = gsm->GN_igtk;
4080 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
4081 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
4085 os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
4086 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4099 if (wpa_auth->conf.tx_bss_auth) {
4100 wpa_auth = wpa_auth->conf.tx_bss_auth;
4101 conf = &wpa_auth->conf;
4102 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
4103 gsm = wpa_auth->group;
4106 if (!sm->wpa_auth->conf.beacon_prot)
4109 bigtk.keyid[0] = gsm->GN_bigtk;
4111 if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
4112 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
4116 os_memcpy(bigtk.bigtk, gsm->BIGTK[gsm->GN_bigtk - 6], len);
4117 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4153 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
4156 return -1;
4161 "TEST: Override OCI KDE frequency %d -> %u MHz",
4193 *len - (elem - buf) - elem_len);
4194 *len -= elem_len;
4212 struct wpa_group *gsm = a->group;
4217 info->link_id, mgmt_frame_prot, beacon_prot);
4219 info->gtkidx = gsm->GN & 0x03;
4220 info->gtk = gsm->GTK[gsm->GN - 1];
4221 info->gtk_len = gsm->GTK_len;
4223 if (wpa_auth_get_seqnum(a, NULL, gsm->GN, rsc) < 0)
4224 os_memset(info->pn, 0, sizeof(info->pn));
4226 os_memcpy(info->pn, rsc, sizeof(info->pn));
4231 info->igtkidx = gsm->GN_igtk;
4232 info->igtk = gsm->IGTK[gsm->GN_igtk - 4];
4233 info->igtk_len = wpa_cipher_key_len(a->conf.group_mgmt_cipher);
4235 if (wpa_auth_get_seqnum(a, NULL, gsm->GN_igtk, rsc) < 0)
4236 os_memset(info->ipn, 0, sizeof(info->ipn));
4238 os_memcpy(info->ipn, rsc, sizeof(info->ipn));
4243 if (a->conf.tx_bss_auth) {
4244 a = a->conf.tx_bss_auth;
4245 gsm = a->group;
4248 info->bigtkidx = gsm->GN_bigtk;
4249 info->bigtk = gsm->BIGTK[gsm->GN_bigtk - 6];
4251 if (wpa_auth_get_seqnum(a, NULL, gsm->GN_bigtk, rsc) < 0)
4252 os_memset(info->bipn, 0, sizeof(info->bipn));
4254 os_memcpy(info->bipn, rsc, sizeof(info->bipn));
4261 if (!wpa_auth->cb->get_ml_key_info)
4264 wpa_auth->cb->get_ml_key_info(wpa_auth->cb_ctx, info);
4274 if (sm->mld_assoc_link_id < 0)
4278 if (!sm->mld_links[link_id].valid)
4281 wpa_auth = sm->mld_links[link_id].wpa_auth;
4282 if (!wpa_auth || !wpa_auth->group)
4288 kde_len += wpa_auth->group->GTK_len;
4290 if (!sm->mgmt_frame_prot)
4293 if (wpa_auth->conf.tx_bss_auth)
4294 wpa_auth = wpa_auth->conf.tx_bss_auth;
4299 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4301 if (!wpa_auth->conf.beacon_prot)
4307 kde_len += wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
4324 ml_key_info.n_mld_links = sm->n_mld_affiliated_links + 1;
4330 ml_key_info.mgmt_frame_prot = sm->mgmt_frame_prot;
4331 ml_key_info.beacon_prot = sm->wpa_auth->conf.beacon_prot;
4334 if (!sm->mld_links[link_id].valid)
4340 wpa_auth_get_ml_key_info(sm->wpa_auth, &ml_key_info);
4344 if (!sm->mld_links[link_id].valid ||
4372 if (!sm->mgmt_frame_prot) {
4374 pos - start);
4380 if (!sm->mld_links[link_id].valid ||
4415 if (!sm->wpa_auth->conf.beacon_prot) {
4417 pos - start);
4423 if (!sm->mld_links[link_id].valid ||
4459 wpa_printf(MSG_DEBUG, "RSN: MLO Group KDE len = %ld", pos - start);
4473 if (sm->mld_assoc_link_id < 0)
4484 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4491 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4496 ie = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4501 if (!rsn_is_snonce_cookie(sm->SNonce))
4507 ie = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4512 ie = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4517 ie = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4536 if (sm->mld_assoc_link_id < 0)
4541 sm->wpa_auth->mld_addr, ETH_ALEN, NULL, 0);
4549 wpa_auth = wpa_get_link_auth(sm->wpa_auth, link_id);
4553 rsne = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4557 rsnxe = get_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4582 os_memcpy(pos, wpa_auth->addr, ETH_ALEN);
4595 if (!rsn_is_snonce_cookie(sm->SNonce))
4598 rsnoe = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4602 rsno2e = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4606 rsnxoe = get_vendor_ie(wpa_auth->wpa_ie, wpa_auth->wpa_ie_len,
4650 pos - start);
4662 struct wpa_group *gsm = sm->group;
4667 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
4669 bool is_mld = sm->mld_assoc_link_id >= 0;
4675 sm->TimeoutEvt = false;
4677 sm->TimeoutCtr++;
4678 if (conf->wpa_disable_eapol_key_retries && sm->TimeoutCtr > 1) {
4679 /* Do not allow retransmission of EAPOL-Key msg 3/4 */
4682 if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
4683 /* No point in sending the EAPOL-Key - we will disconnect
4692 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
4693 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4694 wpa_ie = sm->wpa_auth->wpa_ie;
4695 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
4696 if (sm->wpa == WPA_VERSION_WPA && (conf->wpa & WPA_PROTO_RSN) &&
4698 /* WPA-only STA, remove RSN IE and possible MDIE */
4706 if ((conf->rsn_override_key_mgmt || conf->rsn_override_key_mgmt_2) &&
4707 !rsn_is_snonce_cookie(sm->SNonce)) {
4720 wpa_hexdump(MSG_DEBUG, "EAPOL-Key msg 3/4 IEs before edits",
4732 wpa_ie_len - (ie + ie_len - wpa_ie));
4733 wpa_ie_len -= ie_len;
4736 wpa_hexdump(MSG_DEBUG, "EAPOL-Key msg 3/4 IEs after edits",
4740 if (conf->rsne_override_eapol_set) {
4743 conf->rsne_override_eapol,
4744 conf->rsne_override_eapol_len);
4749 if (conf->rsnxe_override_eapol_set) {
4752 conf->rsnxe_override_eapol,
4753 conf->rsnxe_override_eapol_len);
4759 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
4760 "sending 3/4 msg of 4-Way Handshake");
4761 if (sm->wpa == WPA_VERSION_WPA2) {
4762 if (sm->use_ext_key_id && sm->TimeoutCtr == 1 &&
4763 wpa_auth_set_key(sm->wpa_auth, 0,
4764 wpa_cipher_to_alg(sm->pairwise),
4765 sm->addr,
4766 sm->keyidx_active, sm->PTK.tk,
4767 wpa_cipher_key_len(sm->pairwise),
4769 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4775 if (sm->wpa_auth->conf.secure_ltf &&
4776 ieee802_11_rsnx_capab(sm->rsnxe,
4778 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
4779 sm->PTK.ltf_keyseed,
4780 sm->PTK.ltf_keyseed_len)) {
4783 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
4789 /* WPA2 send GTK in the 4-way handshake */
4791 gtk = gsm->GTK[gsm->GN - 1];
4792 gtk_len = gsm->GTK_len;
4793 if (conf->disable_gtk ||
4794 sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
4803 gtkidx = gsm->GN;
4813 if (sm->rx_eapol_key_secure) {
4817 * MIC failure and it then rejects the 4-way handshake
4822 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
4824 "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
4831 if (sm->use_ext_key_id)
4837 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4843 if (WPA_GET_BE32(sm->ip_addr) > 0)
4847 if (conf->transition_disable)
4851 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
4857 if (sm->ssid_protection)
4858 kde_len += 2 + conf->ssid_len;
4861 if (conf->eapol_m3_elements)
4862 kde_len += wpabuf_len(conf->eapol_m3_elements);
4875 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4879 elen = pos - kde;
4880 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name, true);
4883 "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
4886 pos -= wpa_ie_len;
4892 if (sm->use_ext_key_id) {
4893 hdr[0] = sm->keyidx_active & 0x01;
4903 if (ocv_oci_add(sm, &pos, conf->oci_freq_override_eapol_m3) < 0)
4907 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
4910 if (sm->assoc_resp_ftie &&
4911 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
4912 os_memcpy(pos, sm->assoc_resp_ftie,
4913 2 + sm->assoc_resp_ftie[1]);
4914 res = 2 + sm->assoc_resp_ftie[1];
4916 res = wpa_write_ftie(conf, sm->wpa_key_mgmt,
4917 sm->xxkey_len,
4918 conf->r0_key_holder,
4919 conf->r0_key_holder_len,
4921 kde + kde_len - pos,
4926 "FT: Failed to insert FTIE into EAPOL-Key Key Data");
4935 WPA_PUT_LE32(pos, conf->reassociation_deadline);
4942 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
4947 if (WPA_GET_BE32(sm->ip_addr) > 0) {
4949 os_memcpy(addr, sm->ip_addr, 4);
4950 os_memcpy(addr + 4, conf->ip_addr_mask, 4);
4951 os_memcpy(addr + 8, conf->ip_addr_go, 4);
4957 if (conf->transition_disable)
4959 &conf->transition_disable, 1, NULL, 0);
4962 if (DPP_VERSION > 1 && sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
4967 if (conf->dpp_pfs == 0)
4969 else if (conf->dpp_pfs == 1)
4983 if (sm->ssid_protection) {
4985 *pos++ = conf->ssid_len;
4986 os_memcpy(pos, conf->ssid, conf->ssid_len);
4987 pos += conf->ssid_len;
4991 if (conf->eapol_m3_elements) {
4992 os_memcpy(pos, wpabuf_head(conf->eapol_m3_elements),
4993 wpabuf_len(conf->eapol_m3_elements));
4994 pos += wpabuf_len(conf->eapol_m3_elements);
4997 if (conf->eapol_m3_no_encrypt)
5001 wpa_send_eapol(sm->wpa_auth, sm,
5003 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5007 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
5026 if (sm->mld_assoc_link_id < 0)
5033 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
5035 hdr = (const struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
5040 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
5041 sizeof(*key) - mic_len - 2)
5042 return -1;
5045 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
5047 "received EAPOL-Key msg 4/4 with invalid Key Data contents");
5048 return -1;
5053 !ether_addr_equal(kde.mac_addr, sm->peer_mld_addr)) {
5055 "MLD: Mismatching or missing MLD address in EAPOL-Key msg 4/4");
5056 return -1;
5059 wpa_printf(MSG_DEBUG, "MLD: MLD address in EAPOL-Key msg 4/4: " MACSTR,
5070 sm->EAPOLKeyReceived = false;
5073 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
5078 if (sm->Pair) {
5079 enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
5080 int klen = wpa_cipher_key_len(sm->pairwise);
5083 if (sm->use_ext_key_id)
5084 res = wpa_auth_set_key(sm->wpa_auth, 0, 0, sm->addr,
5085 sm->keyidx_active, NULL, 0,
5088 res = wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr,
5089 0, sm->PTK.tk, klen,
5092 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
5098 if (sm->wpa_auth->conf.secure_ltf &&
5099 ieee802_11_rsnx_capab(sm->rsnxe,
5101 wpa_auth_set_ltf_keyseed(sm->wpa_auth, sm->addr,
5102 sm->PTK.ltf_keyseed,
5103 sm->PTK.ltf_keyseed_len)) {
5106 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
5112 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
5113 sm->pairwise_set = true;
5116 wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
5117 dot11RSNAConfigPMKLifetime, &sm->PTK);
5119 if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
5120 sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP ||
5121 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE) {
5122 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
5128 sm->keycount++;
5129 if (sm->keycount == 2) {
5130 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
5134 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
5137 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable,
5139 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, true);
5140 if (sm->wpa == WPA_VERSION_WPA)
5141 sm->PInitAKeys = true;
5143 sm->has_GTK = true;
5144 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5146 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
5147 wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
5148 MACSTR, MAC2STR(sm->addr));
5151 wpa_ft_push_pmk_r1(sm->wpa_auth, wpa_auth_get_spa(sm));
5154 sm->ptkstart_without_success = 0;
5160 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5161 struct wpa_auth_config *conf = &wpa_auth->conf;
5163 if (sm->Init)
5165 else if (sm->Disconnect
5168 "WPA_PTK: sm->Disconnect");
5171 else if (sm->DeauthenticationRequest)
5173 else if (sm->AuthenticationRequest)
5175 else if (sm->ReAuthenticationRequest)
5177 else if (sm->PTKRequest) {
5182 } else switch (sm->wpa_ptk_state) {
5195 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
5196 wpa_auth_get_eapol(wpa_auth, sm->addr,
5199 else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) ||
5200 sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE
5203 else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
5207 if (wpa_auth_get_eapol(wpa_auth, sm->addr,
5211 } else if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && sm->pmksa) {
5215 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5218 "INITPMK - keyAvailable = false");
5223 if (wpa_auth_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
5227 } else if (wpa_auth_uses_sae(sm) && sm->pmksa) {
5230 } else if (wpa_key_mgmt_wpa_psk_no_sae(sm->wpa_key_mgmt) &&
5231 wpa_auth->conf.radius_psk) {
5233 "INITPSK: No PSK yet available for STA - use RADIUS later");
5239 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5244 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5245 sm->EAPOLKeyPairwise)
5247 else if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
5248 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5252 conf->wpa_pairwise_update_count);
5253 sm->disconnect_reason =
5256 } else if (sm->TimeoutEvt)
5260 if (sm->MICVerified)
5262 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5263 sm->EAPOLKeyPairwise)
5265 else if (sm->TimeoutEvt)
5272 if (sm->update_snonce)
5274 else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5275 sm->EAPOLKeyPairwise && sm->MICVerified)
5277 else if (sm->TimeoutCtr >
5278 conf->wpa_pairwise_update_count ||
5279 (conf->wpa_disable_eapol_key_retries &&
5280 sm->TimeoutCtr > 1)) {
5281 wpa_auth->dot11RSNA4WayHandshakeFailures++;
5285 conf->wpa_pairwise_update_count);
5286 sm->disconnect_reason =
5289 } else if (sm->TimeoutEvt)
5301 if (sm->Init) {
5304 sm->changed = false;
5306 sm->GTimeoutCtr = 0;
5313 struct wpa_group *gsm = sm->group;
5318 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5322 is_mld = sm->mld_assoc_link_id >= 0;
5327 sm->GTimeoutCtr++;
5328 if (conf->wpa_disable_eapol_key_retries && sm->GTimeoutCtr > 1) {
5329 /* Do not allow retransmission of EAPOL-Key group msg 1/2 */
5332 if (sm->GTimeoutCtr > conf->wpa_group_update_count) {
5333 /* No point in sending the EAPOL-Key - we will disconnect
5338 if (sm->wpa == WPA_VERSION_WPA)
5339 sm->PInitAKeys = false;
5340 sm->TimeoutEvt = false;
5343 if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
5344 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
5345 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
5348 gtk = gsm->GTK[gsm->GN - 1];
5349 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5354 if (random_get_bytes(stub_gtk, gsm->GTK_len) < 0)
5359 if (sm->wpa == WPA_VERSION_WPA2 && !is_mld) {
5360 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
5367 hdr[0] = gsm->GN & 0x03;
5370 gtk, gsm->GTK_len);
5373 conf->oci_freq_override_eapol_g1) < 0) {
5377 kde_len = pos - kde;
5379 } else if (sm->wpa == WPA_VERSION_WPA2 && is_mld) {
5388 kde_len = pos - kde_buf;
5393 kde_len = gsm->GTK_len;
5396 wpa_send_eapol(sm->wpa_auth, sm,
5398 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
5401 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
5402 rsc, NULL, kde, kde_len, gsm->GN, 1);
5410 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5421 sm->EAPOLKeyReceived = false;
5424 mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
5430 hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
5435 if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) -
5436 sizeof(*key) - mic_len - 2)
5441 "received EAPOL-Key group msg 2/2 with invalid Key Data contents");
5453 "Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
5469 if (wpa_auth->conf.msg_ctx)
5470 wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
5472 " frame=eapol-key-g2 error=%s",
5480 if (sm->GUpdateStationKeys)
5482 sm->GTimeoutCtr = 0;
5486 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
5487 sm->has_GTK = true;
5494 if (sm->GUpdateStationKeys)
5496 if (sm->wpa_auth->conf.no_disconnect_on_group_keyerror &&
5497 sm->wpa == WPA_VERSION_WPA2) {
5498 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm),
5500 "group key handshake failed after %u tries - allow STA to remain connected",
5501 sm->wpa_auth->conf.wpa_group_update_count);
5504 sm->Disconnect = true;
5505 sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT;
5506 wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
5508 sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
5509 sm->wpa_auth->conf.wpa_group_update_count);
5515 if (sm->Init || sm->PtkGroupInit) {
5517 sm->PtkGroupInit = false;
5518 } else switch (sm->wpa_ptk_group_state) {
5520 if (sm->GUpdateStationKeys ||
5521 (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
5525 if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
5526 !sm->EAPOLKeyPairwise && sm->MICVerified)
5528 else if (sm->GTimeoutCtr >
5529 sm->wpa_auth->conf.wpa_group_update_count ||
5530 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
5531 sm->GTimeoutCtr > 1))
5533 else if (sm->TimeoutEvt)
5549 struct wpa_auth_config *conf = &wpa_auth->conf;
5553 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5554 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5555 if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
5556 wpa_auth->addr, group->GNonce,
5557 group->GTK[group->GN - 1], group->GTK_len) < 0)
5558 ret = -1;
5560 group->GTK[group->GN - 1], group->GTK_len);
5562 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5563 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5564 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5565 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5566 if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
5567 wpa_auth->addr, group->GNonce,
5568 group->IGTK[group->GN_igtk - 4], len) < 0)
5569 ret = -1;
5571 group->IGTK[group->GN_igtk - 4], len);
5574 if (!wpa_auth->non_tx_beacon_prot &&
5575 conf->ieee80211w == NO_MGMT_FRAME_PROTECTION)
5577 if (!conf->beacon_prot)
5580 if (wpa_auth->conf.tx_bss_auth) {
5581 group = wpa_auth->conf.tx_bss_auth->group;
5582 if (group->bigtk_set)
5587 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5588 os_memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
5589 inc_byte_array(group->Counter, WPA_NONCE_LEN);
5590 if (wpa_gmk_to_gtk(group->GMK, "BIGTK key expansion",
5591 wpa_auth->addr, group->GNonce,
5592 group->BIGTK[group->GN_bigtk - 6], len) < 0)
5593 return -1;
5594 group->bigtk_set = true;
5596 group->BIGTK[group->GN_bigtk - 6], len);
5606 "WPA: group state machine entering state GTK_INIT (VLAN-ID %d)",
5607 group->vlan_id);
5608 group->changed = false; /* GInit is not cleared here; avoid loop */
5609 group->wpa_group_state = WPA_GROUP_GTK_INIT;
5612 os_memset(group->GTK, 0, sizeof(group->GTK));
5613 group->GN = 1;
5614 group->GM = 2;
5615 group->GN_igtk = 4;
5616 group->GM_igtk = 5;
5617 group->GN_bigtk = 6;
5618 group->GM_bigtk = 7;
5626 if (ctx != NULL && ctx != sm->group)
5629 if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
5630 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5633 sm->GUpdateStationKeys = false;
5636 if (sm->GUpdateStationKeys) {
5642 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
5647 /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
5648 if (sm->is_wnmsleep)
5651 sm->group->GKeyDoneStations++;
5652 sm->GUpdateStationKeys = true;
5660 /* update GTK when exiting WNM-Sleep Mode */
5663 if (!sm || sm->is_wnmsleep)
5673 sm->is_wnmsleep = !!flag;
5679 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5680 struct wpa_group *gsm = sm->group;
5685 * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
5689 *pos++ = 11 + gsm->GTK_len;
5690 /* Key ID in B0-B1 of Key Info */
5691 WPA_PUT_LE16(pos, gsm->GN & 0x03);
5693 *pos++ = gsm->GTK_len;
5694 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
5697 os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
5698 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5703 if (random_get_bytes(pos, gsm->GTK_len) < 0)
5706 pos += gsm->GTK_len;
5708 wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
5709 gsm->GN);
5710 wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
5711 gsm->GTK[gsm->GN - 1], gsm->GTK_len);
5713 return pos - start;
5719 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
5720 struct wpa_group *gsm = sm->group;
5722 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
5726 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
5730 WPA_PUT_LE16(pos, gsm->GN_igtk);
5732 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
5736 os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
5737 if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5747 wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
5748 gsm->GN_igtk);
5749 wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
5750 gsm->IGTK[gsm->GN_igtk - 4], len);
5752 return pos - start;
5758 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
5759 struct wpa_group *gsm = wpa_auth->group;
5761 size_t len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
5765 * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
5769 WPA_PUT_LE16(pos, gsm->GN_bigtk);
5771 if (wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, pos) != 0)
5775 os_memcpy(pos, gsm->BIGTK[gsm->GN_bigtk - 6], len);
5776 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
5786 wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit",
5787 gsm->GN_bigtk);
5788 wpa_hexdump_key(MSG_DEBUG, "WNM: BIGTK in WNM-Sleep Mode exit",
5789 gsm->BIGTK[gsm->GN_bigtk - 6], len);
5791 return pos - start;
5802 tmp = group->GM;
5803 group->GM = group->GN;
5804 group->GN = tmp;
5805 tmp = group->GM_igtk;
5806 group->GM_igtk = group->GN_igtk;
5807 group->GN_igtk = tmp;
5808 tmp = group->GM_bigtk;
5809 group->GM_bigtk = group->GN_bigtk;
5810 group->GN_bigtk = tmp;
5813 * including all STAs that could be in not-yet-completed state. */
5822 "WPA: group state machine entering state SETKEYS (VLAN-ID %d)",
5823 group->vlan_id);
5824 group->changed = true;
5825 group->wpa_group_state = WPA_GROUP_SETKEYS;
5826 group->GTKReKey = false;
5829 if (wpa_auth->is_ml)
5835 if (group->GKeyDoneStations) {
5838 group->GKeyDoneStations);
5839 group->GKeyDoneStations = 0;
5847 group->GKeyDoneStations);
5854 struct wpa_auth_config *conf = &wpa_auth->conf;
5857 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
5858 wpa_cipher_to_alg(conf->wpa_group),
5859 broadcast_ether_addr, group->GN,
5860 group->GTK[group->GN - 1], group->GTK_len,
5862 ret = -1;
5864 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
5868 alg = wpa_cipher_to_alg(conf->group_mgmt_cipher);
5869 len = wpa_cipher_key_len(conf->group_mgmt_cipher);
5872 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5873 broadcast_ether_addr, group->GN_igtk,
5874 group->IGTK[group->GN_igtk - 4], len,
5876 ret = -1;
5878 if (ret || !conf->beacon_prot)
5880 if (wpa_auth->conf.tx_bss_auth) {
5881 wpa_auth = wpa_auth->conf.tx_bss_auth;
5882 group = wpa_auth->group;
5883 if (!group->bigtk_set || group->bigtk_configured)
5886 if (wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
5887 broadcast_ether_addr, group->GN_bigtk,
5888 group->BIGTK[group->GN_bigtk - 6], len,
5890 ret = -1;
5892 group->bigtk_configured = true;
5901 if (sm->group == ctx) {
5905 sm->Disconnect = true;
5917 group->changed = true;
5918 group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
5927 "WPA: group state machine entering state SETKEYSDONE (VLAN-ID %d)",
5928 group->vlan_id);
5929 group->changed = true;
5930 group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
5934 return -1;
5944 if (group->GInit) {
5946 } else if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) {
5948 } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
5949 group->GTKAuthenticator) {
5951 } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
5952 group->GTKReKey) {
5954 } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
5955 if (group->GKeyDoneStations == 0)
5957 else if (group->GTKReKey)
5969 sm->changed = false;
5970 sm->wpa_auth->group->changed = false;
5974 sm->mld_links[link_id].wpa_auth->group->changed = false;
5985 if (!sm || !sm->wpa_auth)
5987 wpa_group_sm_step(sm->wpa_auth, sm->wpa_auth->group);
5991 wpa_group_sm_step(sm->mld_links[link_id].wpa_auth,
5992 sm->mld_links[link_id].wpa_auth->group);
6005 if (!sm || !sm->wpa_auth)
6007 changed = sm->wpa_auth->group->changed;
6011 changed |= sm->mld_links[link_id].wpa_auth->group->changed;
6023 if (sm->in_step_loop) {
6031 sm->in_step_loop = 1;
6033 if (sm->pending_deinit)
6039 if (sm->pending_deinit)
6042 if (sm->pending_deinit)
6045 } while (sm->changed || wpa_group_sm_changed(sm));
6046 sm->in_step_loop = 0;
6048 if (sm->pending_deinit) {
6082 group = wpa_auth->group;
6085 tmp = group->GM;
6086 group->GM = group->GN;
6087 group->GN = tmp;
6088 tmp = group->GM_igtk;
6089 group->GM_igtk = group->GN_igtk;
6090 group->GN_igtk = tmp;
6091 if (!wpa_auth->conf.tx_bss_auth) {
6092 tmp = group->GM_bigtk;
6093 group->GM_bigtk = group->GN_bigtk;
6094 group->GN_bigtk = tmp;
6108 #define RSN_SUITE "%02x-%02x-%02x-%d"
6125 conf = &wpa_auth->conf;
6127 ret = os_snprintf(buf + len, buflen - len,
6133 wpa_bool_txt(conf->wpa & WPA_PROTO_RSN),
6134 wpa_bool_txt(conf->rsn_preauth));
6135 if (os_snprintf_error(buflen - len, ret))
6140 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
6143 buf + len, buflen - len,
6169 !!conf->wpa_strict_rekey,
6170 conf->wpa_group_update_count,
6171 conf->wpa_pairwise_update_count,
6172 wpa_cipher_key_len(conf->wpa_group) * 8,
6176 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
6177 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
6178 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
6180 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
6181 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
6182 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
6183 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
6184 wpa_auth->dot11RSNA4WayHandshakeFailures);
6185 if (os_snprintf_error(buflen - len, ret))
6193 ret = os_snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n",
6194 wpa_auth->group->wpa_group_state);
6195 if (os_snprintf_error(buflen - len, ret))
6211 /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */
6215 pairwise = wpa_cipher_to_suite(sm->wpa == WPA_VERSION_WPA2 ?
6217 sm->pairwise);
6222 buf + len, buflen - len,
6233 MAC2STR(sm->addr),
6235 sm->dot11RSNAStatsTKIPLocalMICFailures,
6236 sm->dot11RSNAStatsTKIPRemoteMICFailures);
6237 if (os_snprintf_error(buflen - len, ret))
6242 ret = os_snprintf(buf + len, buflen - len,
6248 sm->wpa,
6249 RSN_SUITE_ARG(wpa_akm_to_suite(sm->wpa_key_mgmt)),
6250 sm->wpa_ptk_state,
6251 sm->wpa_ptk_group_state,
6252 sm->mfpr);
6253 if (os_snprintf_error(buflen - len, ret))
6264 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
6270 return sm && sm->pairwise_set;
6276 return sm->pairwise;
6284 *len = sm->pmk_len;
6285 return sm->PMK;
6291 if (!sm || !sm->pmksa)
6293 return sm->pmksa->dpp_pkhash;
6300 return -1;
6301 return sm->wpa_key_mgmt;
6309 return sm->wpa;
6315 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
6317 return sm->tk_already_set;
6323 if (!sm || !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
6325 return sm->tk_already_set;
6332 if (!sm || sm->pmksa != entry)
6333 return -1;
6334 sm->pmksa = NULL;
6342 return sm ? sm->pmksa : NULL;
6349 sm->dot11RSNAStatsTKIPLocalMICFailures++;
6357 *len = wpa_auth->wpa_ie_len;
6358 return wpa_auth->wpa_ie;
6366 if (!sm || sm->wpa != WPA_VERSION_WPA2 ||
6367 sm->wpa_auth->conf.disable_pmksa_caching)
6368 return -1;
6371 if (pmk_len >= 2 * PMK_LEN && wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
6372 wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
6373 !wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
6379 if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
6387 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
6388 sm->PTK.kck, sm->PTK.kck_len,
6391 eapol, sm->wpa_key_mgmt))
6394 return -1;
6404 return -1;
6407 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
6409 wpa_auth->addr,
6414 return -1;
6422 if (wpa_auth->conf.disable_pmksa_caching)
6423 return -1;
6428 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6429 NULL, 0, wpa_auth->addr, addr, 0, NULL, akmp))
6432 return -1;
6438 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
6439 sm->pmkid_set = 1;
6449 if (!wpa_auth || wpa_auth->conf.disable_pmksa_caching)
6450 return -1;
6453 entry = pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
6454 NULL, 0, wpa_auth->addr, addr, session_timeout,
6457 return -1;
6460 entry->dpp_pkhash = os_memdup(dpp_pkhash, SHA256_MAC_LEN);
6471 if (!wpa_auth || !wpa_auth->pmksa)
6473 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
6477 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
6485 if (!wpa_auth || !wpa_auth->pmksa)
6487 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
6493 if (wpa_auth && wpa_auth->pmksa)
6494 pmksa_cache_auth_flush(wpa_auth->pmksa);
6504 if (!wpa_auth || !wpa_auth->pmksa)
6507 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
6525 entry->expiration = now.sec + expiration;
6535 if (!wpa_auth || !wpa_auth->pmksa)
6536 return -1;
6538 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
6541 "RSN: Failed to store external PMKSA cache for "
6542 MACSTR, MAC2STR(entry->spa));
6554 if (!wpa_auth || !wpa_auth->pmksa)
6556 return wpa_auth->pmksa;
6564 if (!wpa_auth || !wpa_auth->pmksa)
6566 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
6578 sm->pmksa = pmksa;
6579 os_memcpy(pmk, pmksa->pmk, pmksa->pmk_len);
6580 *pmk_len = pmksa->pmk_len;
6581 os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
6582 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
6594 struct wpa_group *prev = wpa_auth->group;
6596 wpa_printf(MSG_DEBUG, "WPA: Remove group state machine for VLAN-ID %d",
6597 group->vlan_id);
6600 if (prev->next == group) {
6602 prev->next = group->next;
6606 prev = prev->next;
6617 if (wpa_auth->group == group)
6620 group->references++;
6629 if (wpa_auth->group == group)
6632 group->references--;
6633 if (group->references)
6640 * Add a group that has its references counter set to zero. Caller needs to
6648 if (!wpa_auth || !wpa_auth->group)
6651 wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
6657 group->next = wpa_auth->group->next;
6658 wpa_auth->group->next = group;
6666 * reference counter as interface is up. References might have been increased
6668 * Returns: -1 on error (group missing, group already failed); otherwise, 0
6677 group = wpa_auth->group;
6679 if (group->vlan_id == vlan_id)
6681 group = group->next;
6687 return -1;
6695 group->num_setup_iface++;
6697 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6698 return -1;
6706 * returns: -1 on error (group not found, group in fail state)
6707 * -2 if wpa_group is still referenced
6718 group = wpa_auth->group;
6720 if (group->vlan_id == vlan_id)
6722 group = group->next;
6726 return -1;
6732 if (group->num_setup_iface <= 0) {
6736 return -1;
6738 group->num_setup_iface--;
6740 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6741 ret = -1;
6743 if (group->references > 1) {
6745 "WPA: Cannot stop group state machine for VLAN ID %d as references are still hold",
6747 ret = -2;
6760 if (!sm || !sm->wpa_auth)
6763 group = sm->wpa_auth->group;
6765 if (group->vlan_id == vlan_id)
6767 group = group->next;
6771 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
6773 return -1;
6776 if (sm->group == group)
6779 if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
6780 return -1;
6786 wpa_group_get(sm->wpa_auth, group);
6787 wpa_group_put(sm->wpa_auth, sm->group);
6788 sm->group = group;
6799 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
6801 if (sm->pending_1_of_4_timeout && ack) {
6804 * for each EAPOL-Key 2/4 message even within the same 4-way
6806 * deriving the PTK. This results in unsuccessful 4-way
6808 * reached and EAPOL-Key 1/4 is retransmitted. Try to work
6814 "WPA: Increase initial EAPOL-Key 1/4 timeout by %u ms because of acknowledged frame",
6823 if (sm->eapol_status_cb) {
6824 sm->eapol_status_cb(sm->eapol_status_cb_ctx1,
6825 sm->eapol_status_cb_ctx2);
6826 sm->eapol_status_cb = NULL;
6836 return wpa_key_mgmt_sae(sm->wpa_key_mgmt);
6844 return sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE ||
6845 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_SAE_EXT_KEY;
6852 if (!sm || WPA_GET_BE32(sm->ip_addr) == 0)
6853 return -1;
6854 os_memcpy(addr, sm->ip_addr, 4);
6863 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
6873 for (group = wpa_auth->group; group; group = group->next)
6893 if (a == data->auth || !a->conf.fils_cache_id_set ||
6894 os_memcmp(a->conf.fils_cache_id, data->cache_id,
6897 data->pmksa = pmksa_cache_auth_get(a->pmksa, data->spa, data->pmkid);
6898 return data->pmksa != NULL;
6908 if (!wpa_auth->conf.fils_cache_id_set)
6911 idata.cache_id = wpa_auth->conf.fils_cache_id;
6925 struct wpa_auth_config *conf = &wpa_auth->conf;
6927 return wpa_write_ftie(conf, sm->wpa_key_mgmt, sm->xxkey_len,
6928 conf->r0_key_holder, conf->r0_key_holder_len,
6938 os_memcpy(fils_anonce, sm->ANonce, WPA_NONCE_LEN);
6939 os_memcpy(fils_snonce, sm->SNonce, WPA_NONCE_LEN);
6940 os_memcpy(fils_kek, sm->PTK.kek, WPA_KEK_MAX_LEN);
6941 *fils_kek_len = sm->PTK.kek_len;
6948 os_memcpy(sm->PMK, pmk, pmk_len);
6949 sm->pmk_len = pmk_len;
6950 os_memcpy(sm->pmkid, pmkid, PMKID_LEN);
6951 sm->pmkid_set = 1;
6960 sm->auth_alg = auth_alg;
6969 os_free(sm->rsn_selection);
6970 sm->rsn_selection = NULL;
6971 sm->rsn_selection_len = 0;
6972 sm->rsn_override = false;
6973 sm->rsn_override_2 = false;
6977 sm->rsn_override = true;
6979 sm->rsn_override_2 = true;
6981 sm->rsn_selection = os_memdup(ie, len);
6982 if (sm->rsn_selection)
6983 sm->rsn_selection_len = len;
6992 wpabuf_clear_free(sm->dpp_z);
6993 sm->dpp_z = z ? wpabuf_dup(z) : NULL;
7002 sm->ssid_protection = val;
7010 wpa_auth->conf.transition_disable = val;
7020 const u8 *anonce = sm->ANonce;
7025 return -1;
7029 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7030 "sending 1/4 msg of 4-Way Handshake (TESTING)");
7031 wpa_send_eapol(sm->wpa_auth, sm,
7045 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
7046 struct wpa_group *gsm = sm->group;
7057 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
7058 wpa_ie = sm->wpa_auth->wpa_ie;
7059 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
7060 if (sm->wpa == WPA_VERSION_WPA &&
7061 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
7063 /* WPA-only STA, remove RSN IE and possible MDIE */
7071 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7072 "sending 3/4 msg of 4-Way Handshake (TESTING)");
7073 if (sm->wpa == WPA_VERSION_WPA2) {
7074 /* WPA2 send GTK in the 4-way handshake */
7076 gtk = gsm->GTK[gsm->GN - 1];
7077 gtk_len = gsm->GTK_len;
7078 gtkidx = gsm->GN;
7087 if (sm->rx_eapol_key_secure) {
7091 * MIC failure and it then rejects the 4-way handshake
7096 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
7098 "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
7105 if (sm->use_ext_key_id)
7111 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
7118 return -1;
7124 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
7128 elen = pos - kde;
7129 res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name, true);
7132 "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
7134 return -1;
7136 pos -= wpa_ie_len;
7142 if (sm->use_ext_key_id) {
7143 hdr[0] = sm->keyidx_active & 0x01;
7154 if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
7159 if (ocv_oci_add(sm, &pos, conf->oci_freq_override_eapol_m3) < 0) {
7161 return -1;
7165 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
7168 if (sm->assoc_resp_ftie &&
7169 kde + kde_len - pos >= 2 + sm->assoc_resp_ftie[1]) {
7170 os_memcpy(pos, sm->assoc_resp_ftie,
7171 2 + sm->assoc_resp_ftie[1]);
7172 res = 2 + sm->assoc_resp_ftie[1];
7174 res = wpa_write_ftie(conf, sm->wpa_key_mgmt,
7175 sm->xxkey_len,
7176 conf->r0_key_holder,
7177 conf->r0_key_holder_len,
7179 kde + kde_len - pos,
7184 "FT: Failed to insert FTIE into EAPOL-Key Key Data");
7186 return -1;
7194 WPA_PUT_LE32(pos, conf->reassociation_deadline);
7201 WPA_PUT_LE32(pos, conf->r0_key_lifetime);
7206 wpa_send_eapol(sm->wpa_auth, sm,
7208 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
7212 _rsc, sm->ANonce, kde, pos - kde, 0, encr);
7223 struct wpa_auth_config *conf = &sm->wpa_auth->conf;
7224 struct wpa_group *gsm = sm->group;
7234 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7237 gtk = gsm->GTK[gsm->GN - 1];
7238 if (sm->wpa == WPA_VERSION_WPA2) {
7239 kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
7243 return -1;
7246 hdr[0] = gsm->GN & 0x03;
7249 gtk, gsm->GTK_len);
7252 if (pos - opos >=
7259 conf->oci_freq_override_eapol_g1) < 0) {
7261 return -1;
7263 kde_len = pos - kde;
7266 kde_len = gsm->GTK_len;
7269 sm->eapol_status_cb = cb;
7270 sm->eapol_status_cb_ctx1 = ctx1;
7271 sm->eapol_status_cb_ctx2 = ctx2;
7273 wpa_send_eapol(sm->wpa_auth, sm,
7275 (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?
7278 (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
7279 rsc, NULL, kde, kde_len, gsm->GN, 1);
7289 return -1;
7301 return -1;
7302 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
7312 wpa_auth->conf.ft_rsnxe_used = val;
7324 wpa_auth->conf.oci_freq_override_eapol_m3 = freq;
7327 wpa_auth->conf.oci_freq_override_eapol_g1 = freq;
7330 wpa_auth->conf.oci_freq_override_ft_assoc = freq;
7333 wpa_auth->conf.oci_freq_override_fils_assoc = freq;
7343 if (!sm->waiting_radius_psk) {
7347 MAC2STR(sm->addr));
7352 MAC2STR(sm->addr), success ? "success" : "fail");
7353 sm->waiting_radius_psk = 0;
7356 /* Try to process the EAPOL-Key msg 2/4 again */
7357 sm->EAPOLKeyReceived = true;
7359 sm->Disconnect = true;
7375 os_memset(sm->mld_links, 0, sizeof(sm->mld_links));
7376 sm->n_mld_affiliated_links = 0;
7378 wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
7381 os_memcpy(sm->peer_mld_addr, info->common_info.mld_addr, ETH_ALEN);
7383 sm->mld_assoc_link_id = mld_assoc_link_id;
7386 struct mld_link_info *link = &info->links[link_id];
7387 struct mld_link *sm_link = &sm->mld_links[link_id];
7390 sm_link->valid = link->valid;
7391 if (!link->valid)
7394 os_memcpy(sm_link->peer_addr, link->peer_addr, ETH_ALEN);
7399 MAC2STR(sm_link->peer_addr));
7402 sm->n_mld_affiliated_links++;
7403 ctx.addr = link->local_addr;
7405 ctx.link_id = -1;
7407 wpa_auth_for_each_auth(sm->wpa_auth,
7410 sm_link->wpa_auth = ctx.wpa_auth;
7411 wpa_group_get(sm_link->wpa_auth,
7412 sm_link->wpa_auth->group);
7415 sm_link->wpa_auth = sm->wpa_auth;
7418 if (!sm_link->wpa_auth)
7422 MAC2STR(sm->wpa_auth->mld_addr),