int ap_ctrl_iface_wpa_get_status(struct wpa_supplicant *wpa_s, char *buf,
size_t buflen, int verbose)
{
char *pos = buf, *end = buf + buflen;
int ret;
struct hostapd_bss_config *conf;
if (wpa_s->ap_iface == NULL)
return -1;
conf = wpa_s->ap_iface->bss[0]->conf;
if (conf->wpa == 0)
return 0;
ret = os_snprintf(pos, end - pos,
"pairwise_cipher=%s\n"
"group_cipher=%s\n"
"key_mgmt=%s\n",
wpa_cipher_txt(conf->rsn_pairwise),
wpa_cipher_txt(conf->wpa_group),
wpa_key_mgmt_txt(conf->wpa_key_mgmt,
conf->wpa));
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
return pos - buf;
}
static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
const char *params,
char *buf, size_t buflen)
{
char *pos, *end;
int res, verbose;
verbose = strcmp(params, "-VERBOSE") == 0;
pos = buf;
end = buf + buflen;
pos += snprintf(pos, end - pos, "bssid=" MACSTR "\n",
MAC2STR(wpa_s->bssid));
if (wpa_s->current_ssid) {
pos += snprintf(pos, end - pos, "ssid=%s\n",
wpa_ssid_txt(wpa_s->current_ssid->ssid,
wpa_s->current_ssid->ssid_len));
}
pos += snprintf(pos, end - pos,
"pairwise_cipher=%s\n"
"group_cipher=%s\n"
"key_mgmt=%s\n"
"wpa_state=%s\n",
wpa_cipher_txt(wpa_s->pairwise_cipher),
wpa_cipher_txt(wpa_s->group_cipher),
wpa_key_mgmt_txt(wpa_s->key_mgmt, wpa_s->proto),
wpa_state_txt(wpa_s->wpa_state));
res = eapol_sm_get_status(wpa_s->eapol, pos, end - pos, verbose);
if (res >= 0)
pos += res;
if (wpa_s->preauth_eapol) {
pos += snprintf(pos, end - pos, "Pre-authentication "
"EAPOL state machines:\n");
res = eapol_sm_get_status(wpa_s->preauth_eapol,
pos, end - pos, verbose);
if (res >= 0)
pos += res;
}
return pos - buf;
}
static int wpa_supplicant_check_group_cipher(int group_cipher,
int keylen, int maxkeylen,
int *key_rsc_len,
enum wpa_alg *alg)
{
int ret = 0;
switch (group_cipher) {
case WPA_CIPHER_CCMP:
if (keylen != 16 || maxkeylen < 16) {
ret = -1;
break;
}
*key_rsc_len = 6;
*alg = WPA_ALG_CCMP;
break;
case WPA_CIPHER_TKIP:
if (keylen != 32 || maxkeylen < 32) {
ret = -1;
break;
}
*key_rsc_len = 6;
*alg = WPA_ALG_TKIP;
break;
case WPA_CIPHER_WEP104:
if (keylen != 13 || maxkeylen < 13) {
ret = -1;
break;
}
*key_rsc_len = 0;
*alg = WPA_ALG_WEP;
break;
case WPA_CIPHER_WEP40:
if (keylen != 5 || maxkeylen < 5) {
ret = -1;
break;
}
*key_rsc_len = 0;
*alg = WPA_ALG_WEP;
break;
default:
wpa_printf(MSG_WARNING, "WPA: Unsupported Group Cipher %d",
group_cipher);
return -1;
}
if (ret < 0 ) {
wpa_printf(MSG_WARNING, "WPA: Unsupported %s Group Cipher key "
"length %d (%d).",
wpa_cipher_txt(group_cipher), keylen, maxkeylen);
}
return ret;
}
static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
int extra_len, u16 ver)
{
u16 key_info, keydatalen;
int rekey, ret;
struct wpa_gtk_data gd;
os_memset(&gd, 0, sizeof(gd));
rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from "
MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
key_info = WPA_GET_BE16(key->key_info);
keydatalen = WPA_GET_BE16(key->key_data_length);
if (sm->proto == WPA_PROTO_RSN) {
ret = wpa_supplicant_process_1_of_2_rsn(sm,
(const u8 *) (key + 1),
keydatalen, key_info,
&gd);
} else {
ret = wpa_supplicant_process_1_of_2_wpa(sm, key, keydatalen,
key_info, extra_len,
ver, &gd);
}
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
if (ret)
goto failed;
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
goto failed;
if (rekey) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
"completed with " MACSTR " [GTK=%s]",
MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
wpa_sm_cancel_auth_timeout(sm);
wpa_sm_set_state(sm, WPA_COMPLETED);
} else {
wpa_supplicant_key_neg_complete(sm, sm->bssid,
key_info &
WPA_KEY_INFO_SECURE);
}
return;
failed:
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}
static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
const u8 *addr, int secure)
{
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: Key negotiation completed with "
MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
wpa_cipher_txt(sm->pairwise_cipher),
wpa_cipher_txt(sm->group_cipher));
wpa_sm_cancel_auth_timeout(sm);
wpa_sm_set_state(sm, WPA_COMPLETED);
if (secure) {
wpa_sm_mlme_setprotection(
sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
eapol_sm_notify_portValid(sm->eapol, TRUE);
if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
eapol_sm_notify_eap_success(sm->eapol, TRUE);
/*
* Start preauthentication after a short wait to avoid a
* possible race condition between the data receive and key
* configuration after the 4-Way Handshake. This increases the
* likelyhood of the first preauth EAPOL-Start frame getting to
* the target AP.
*/
eloop_register_timeout(1, 0, wpa_sm_start_preauth, sm, NULL);
}
if (sm->cur_pmksa && sm->cur_pmksa->opportunistic) {
wpa_printf(MSG_DEBUG, "RSN: Authenticator accepted "
"opportunistic PMKSA entry - marking it valid");
sm->cur_pmksa->opportunistic = 0;
}
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->key_mgmt)) {
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(sm, NULL);
}
#endif /* CONFIG_IEEE80211R */
}
static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
const unsigned char *src_addr,
const struct wpa_eapol_key *key,
int ver,
struct wpa_peerkey *peerkey,
struct wpa_eapol_ie_parse *kde)
{
int cipher;
struct wpa_ie_data ie;
wpa_printf(MSG_DEBUG, "RSN: Received SMK M5 (Peer " MACSTR ")",
MAC2STR(kde->mac_addr));
if (kde->rsn_ie == NULL || kde->rsn_ie_len > PEERKEY_MAX_IE_LEN ||
wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0) {
wpa_printf(MSG_INFO, "RSN: No RSN IE in SMK M5");
/* TODO: abort negotiation */
return -1;
}
if (os_memcmp(key->key_nonce, peerkey->inonce, WPA_NONCE_LEN) != 0) {
wpa_printf(MSG_INFO, "RSN: Key Nonce in SMK M5 does "
"not match with INonce used in SMK M1");
return -1;
}
if (os_memcmp(kde->smk + PMK_LEN, peerkey->inonce, WPA_NONCE_LEN) != 0)
{
wpa_printf(MSG_INFO, "RSN: INonce in SMK KDE does not "
"match with the one used in SMK M1");
return -1;
}
os_memcpy(peerkey->rsnie_p, kde->rsn_ie, kde->rsn_ie_len);
peerkey->rsnie_p_len = kde->rsn_ie_len;
os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
sm->allowed_pairwise_cipher, 0);
if (cipher < 0) {
wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
"unacceptable cipher", MAC2STR(kde->mac_addr));
wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
STK_MUI_SMK, STK_ERR_CPHR_NS,
ver);
/* TODO: abort negotiation */
return -1;
}
wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
wpa_cipher_txt(cipher));
peerkey->cipher = cipher;
return 0;
}
static int wpa_supplicant_process_smk_m2(
struct wpa_sm *sm, const unsigned char *src_addr,
const struct wpa_eapol_key *key, size_t extra_len, int ver)
{
struct wpa_peerkey *peerkey;
struct wpa_eapol_ie_parse kde;
struct wpa_ie_data ie;
int cipher;
struct rsn_ie_hdr *hdr;
u8 *pos;
wpa_printf(MSG_DEBUG, "RSN: Received SMK M2");
if (!sm->peerkey_enabled || sm->proto != WPA_PROTO_RSN) {
wpa_printf(MSG_INFO, "RSN: SMK handshake not allowed for "
"the current network");
return -1;
}
if (wpa_supplicant_parse_ies((const u8 *) (key + 1), extra_len, &kde) <
0) {
wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M2");
return -1;
}
if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
kde.mac_addr_len < ETH_ALEN) {
wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
"SMK M2");
return -1;
}
wpa_printf(MSG_DEBUG, "RSN: SMK M2 - SMK initiator " MACSTR,
MAC2STR(kde.mac_addr));
if (kde.rsn_ie_len > PEERKEY_MAX_IE_LEN) {
wpa_printf(MSG_INFO, "RSN: Too long Initiator RSN IE in SMK "
"M2");
return -1;
}
if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
wpa_printf(MSG_INFO, "RSN: Failed to parse RSN IE in SMK M2");
return -1;
}
cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
sm->allowed_pairwise_cipher, 0);
if (cipher < 0) {
wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
STK_MUI_SMK, STK_ERR_CPHR_NS,
ver);
return -1;
}
wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
wpa_cipher_txt(cipher));
/* TODO: find existing entry and if found, use that instead of adding
* a new one; how to handle the case where both ends initiate at the
* same time? */
peerkey = os_zalloc(sizeof(*peerkey));
if (peerkey == NULL)
return -1;
os_memcpy(peerkey->addr, kde.mac_addr, ETH_ALEN);
os_memcpy(peerkey->inonce, key->key_nonce, WPA_NONCE_LEN);
os_memcpy(peerkey->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
peerkey->rsnie_i_len = kde.rsn_ie_len;
peerkey->cipher = cipher;
#ifdef CONFIG_IEEE80211W
if (ie.key_mgmt & (WPA_KEY_MGMT_IEEE8021X_SHA256 |
WPA_KEY_MGMT_PSK_SHA256))
peerkey->use_sha256 = 1;
#endif /* CONFIG_IEEE80211W */
if (random_get_bytes(peerkey->pnonce, WPA_NONCE_LEN)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Failed to get random data for PNonce");
wpa_supplicant_peerkey_free(sm, peerkey);
return -1;
}
hdr = (struct rsn_ie_hdr *) peerkey->rsnie_p;
hdr->elem_id = WLAN_EID_RSN;
WPA_PUT_LE16(hdr->version, RSN_VERSION);
pos = (u8 *) (hdr + 1);
/* Group Suite can be anything for SMK RSN IE; receiver will just
* ignore it. */
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
pos += RSN_SELECTOR_LEN;
/* Include only the selected cipher in pairwise cipher suite */
WPA_PUT_LE16(pos, 1);
pos += 2;
RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN, cipher));
pos += RSN_SELECTOR_LEN;
hdr->len = (pos - peerkey->rsnie_p) - 2;
peerkey->rsnie_p_len = pos - peerkey->rsnie_p;
wpa_hexdump(MSG_DEBUG, "WPA: RSN IE for SMK handshake",
peerkey->rsnie_p, peerkey->rsnie_p_len);
wpa_supplicant_send_smk_m3(sm, src_addr, key, ver, peerkey);
peerkey->next = sm->peerkey;
sm->peerkey = peerkey;
return 0;
}
