Lines Matching defs:wpa_auth
29 #include "wpa_auth.h"
50 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
53 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
55 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
60 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
62 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
64 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
80 struct wpa_authenticator *wpa_auth, const u8 *addr)
82 if (wpa_auth->cb->mic_failure_report)
83 return wpa_auth->cb->mic_failure_report(wpa_auth->cb_ctx, addr);
89 struct wpa_authenticator *wpa_auth, const u8 *addr)
91 if (wpa_auth->cb->psk_failure_report)
92 wpa_auth->cb->psk_failure_report(wpa_auth->cb_ctx, addr);
96 static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
100 if (wpa_auth->cb->set_eapol)
101 wpa_auth->cb->set_eapol(wpa_auth->cb_ctx, addr, var, value);
105 static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
108 if (wpa_auth->cb->get_eapol == NULL)
110 return wpa_auth->cb->get_eapol(wpa_auth->cb_ctx, addr, var);
114 static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
120 if (wpa_auth->cb->get_psk == NULL)
122 return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
127 static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
130 if (wpa_auth->cb->get_msk == NULL)
132 return wpa_auth->cb->get_msk(wpa_auth->cb_ctx, addr, msk, len);
136 static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
141 if (wpa_auth->cb->set_key == NULL)
143 return wpa_auth->cb->set_key(wpa_auth->cb_ctx, vlan_id, alg, addr, idx,
148 static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
151 if (wpa_auth->cb->get_seqnum == NULL)
153 return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
158 wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
161 if (wpa_auth->cb->send_eapol == NULL)
163 return wpa_auth->cb->send_eapol(wpa_auth->cb_ctx, addr, data, data_len,
169 static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth,
172 if (wpa_auth->cb->start_ampe == NULL)
174 return wpa_auth->cb->start_ampe(wpa_auth->cb_ctx, addr);
179 int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
183 if (wpa_auth->cb->for_each_sta == NULL)
185 return wpa_auth->cb->for_each_sta(wpa_auth->cb_ctx, cb, cb_ctx);
189 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
193 if (wpa_auth->cb->for_each_auth == NULL)
195 return wpa_auth->cb->for_each_auth(wpa_auth->cb_ctx, cb, cb_ctx);
199 void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
202 if (wpa_auth->cb->logger == NULL)
204 wpa_auth->cb->logger(wpa_auth->cb_ctx, addr, level, txt);
208 void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
215 if (wpa_auth->cb->logger == NULL)
227 wpa_auth_logger(wpa_auth, addr, level, format);
233 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
236 if (wpa_auth->cb->disconnect == NULL)
240 wpa_auth->cb->disconnect(wpa_auth->cb_ctx, addr, reason);
245 static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
248 if (!wpa_auth->cb->channel_info)
250 return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci);
255 static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
258 if (!wpa_auth->cb->update_vlan)
260 return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
266 struct wpa_authenticator *wpa_auth = eloop_ctx;
268 if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
272 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
274 wpa_auth->group->GMK, WPA_GMK_LEN);
277 if (wpa_auth->conf.wpa_gmk_rekey) {
278 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
279 wpa_rekey_gmk, wpa_auth, NULL);
286 struct wpa_authenticator *wpa_auth = eloop_ctx;
289 wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK");
290 group = wpa_auth->group;
292 wpa_group_get(wpa_auth, group);
297 wpa_group_sm_step(wpa_auth, group);
301 wpa_group_put(wpa_auth, group);
305 if (wpa_auth->conf.wpa_group_rekey) {
306 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
307 0, wpa_rekey_gtk, wpa_auth, NULL);
314 struct wpa_authenticator *wpa_auth = eloop_ctx;
317 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
325 if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) {
328 sm->wpa_auth->conf.wpa_ptk_rekey);
329 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
330 eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0,
331 wpa_rekey_ptk, sm->wpa_auth, sm);
347 struct wpa_authenticator *wpa_auth = ctx;
348 wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry);
352 static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
367 os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
388 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
399 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
413 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
426 wpa_group_sm_step(wpa_auth, group);
428 wpa_group_sm_step(wpa_auth, group);
447 struct wpa_authenticator *wpa_auth;
449 wpa_auth = os_zalloc(sizeof(struct wpa_authenticator));
450 if (wpa_auth == NULL)
452 os_memcpy(wpa_auth->addr, addr, ETH_ALEN);
453 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
454 wpa_auth->cb = cb;
455 wpa_auth->cb_ctx = cb_ctx;
457 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
459 os_free(wpa_auth);
463 wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
464 if (wpa_auth->group == NULL) {
465 os_free(wpa_auth->wpa_ie);
466 os_free(wpa_auth);
470 wpa_auth->pmksa = pmksa_cache_auth_init(wpa_auth_pmksa_free_cb,
471 wpa_auth);
472 if (wpa_auth->pmksa == NULL) {
474 os_free(wpa_auth->group);
475 os_free(wpa_auth->wpa_ie);
476 os_free(wpa_auth);
481 wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
482 if (wpa_auth->ft_pmk_cache == NULL) {
484 os_free(wpa_auth->group);
485 os_free(wpa_auth->wpa_ie);
486 pmksa_cache_auth_deinit(wpa_auth->pmksa);
487 os_free(wpa_auth);
492 if (wpa_auth->conf.wpa_gmk_rekey) {
493 eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0,
494 wpa_rekey_gmk, wpa_auth, NULL);
497 if (wpa_auth->conf.wpa_group_rekey) {
498 eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0,
499 wpa_rekey_gtk, wpa_auth, NULL);
509 wpa_auth->ip_pool = bitfield_alloc(count);
513 return wpa_auth;
517 int wpa_init_keys(struct wpa_authenticator *wpa_auth)
519 struct wpa_group *group = wpa_auth->group;
523 wpa_group_sm_step(wpa_auth, group);
525 wpa_group_sm_step(wpa_auth, group);
534 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
536 void wpa_deinit(struct wpa_authenticator *wpa_auth)
540 eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL);
541 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
543 pmksa_cache_auth_deinit(wpa_auth->pmksa);
546 wpa_ft_pmk_cache_deinit(wpa_auth->ft_pmk_cache);
547 wpa_auth->ft_pmk_cache = NULL;
548 wpa_ft_deinit(wpa_auth);
552 bitfield_free(wpa_auth->ip_pool);
556 os_free(wpa_auth->wpa_ie);
558 group = wpa_auth->group;
565 os_free(wpa_auth);
571 * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
574 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
578 if (wpa_auth == NULL)
581 os_memcpy(&wpa_auth->conf, conf, sizeof(*conf));
582 if (wpa_auth_gen_wpa_ie(wpa_auth)) {
591 group = wpa_auth->group;
592 group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
594 wpa_group_sm_step(wpa_auth, group);
596 wpa_group_sm_step(wpa_auth, group);
603 wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
608 if (wpa_auth->group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
618 sm->wpa_auth = wpa_auth;
619 sm->group = wpa_auth->group;
620 wpa_group_get(sm->wpa_auth, sm->group);
626 int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
629 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
634 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
646 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
661 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
696 start = WPA_GET_BE32(sm->wpa_auth->conf.ip_addr_start);
697 bitfield_clear(sm->wpa_auth->ip_pool,
711 wpa_group_put(sm->wpa_auth, sm->group);
724 if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
725 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
729 sm->wpa_auth, NULL) == -1)
730 eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth,
734 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
737 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
792 static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
818 os_memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
841 static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
845 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
850 if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
851 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
855 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
859 if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
862 wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
887 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
932 wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
944 void wpa_receive(struct wpa_authenticator *wpa_auth,
958 if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
1054 wpa_auth_logger(wpa_auth, sm->addr,
1065 wpa_auth_logger(wpa_auth, sm->addr,
1075 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1085 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
1109 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1131 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1140 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1144 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1164 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1176 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1197 wpa_sta_disconnect(wpa_auth, sm->addr,
1205 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1215 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
1226 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1230 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1237 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1245 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1258 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1271 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1285 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
1295 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1308 wpa_auth, sm,
1312 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1321 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1324 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
1325 wpa_rekey_gtk(wpa_auth, NULL);
1419 struct wpa_authenticator *wpa_auth = eloop_ctx;
1423 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
1429 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1491 hdr->version = wpa_auth->conf.eapol_version;
1507 alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
1612 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
1627 wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0 &&
1629 wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
1630 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
1637 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
1639 wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len,
1645 static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
1658 __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
1662 if (ctr == 1 && wpa_auth->conf.tx_status)
1667 if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
1678 wpa_send_eapol_timeout, wpa_auth, sm);
1715 if (wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL,
1720 eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
1731 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
1738 if (wpa_auth_start_ampe(sm->wpa_auth, sm->addr)) {
1870 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
1872 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
1877 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
1892 wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
1908 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
1910 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
1915 static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
1938 if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0 ||
1939 wpa_gtk_update(wpa_auth, group) < 0 ||
1940 wpa_group_config_group_keys(wpa_auth, group) < 0) {
1952 wpa_group_ensure_init(sm->wpa_auth, sm->group);
2016 } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
2048 sm->wpa_auth->cb->get_msk);
2063 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
2073 psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr, NULL,
2109 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
2115 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2195 rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
2203 wpa_send_eapol(sm->wpa_auth, sm,
2223 sm->addr, sm->wpa_auth->addr,
2241 sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
2259 res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
2271 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2272 struct wpa_auth_config *conf = &wpa_auth->conf;
2306 sm->addr, sm->wpa_auth->addr,
2341 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2357 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
2676 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN,
2681 if (sm->wpa_auth->conf.disable_gtk ||
2712 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
2749 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
2796 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2798 if (!wpa_auth->cb->get_sta_tx_params)
2800 return wpa_auth->cb->get_sta_tx_params(wpa_auth->cb_ctx, sm->addr,
2809 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
2836 pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
2889 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
2892 wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
2910 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
2928 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2937 wpa_sta_disconnect(wpa_auth, sm->addr,
2947 if (wpa_channel_info(wpa_auth, &ci) != 0) {
2948 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2961 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
2968 if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
2969 wpa_sta_disconnect(wpa_auth, sm->addr,
2976 wpa_auth->ip_pool && WPA_GET_BE32(sm->ip_addr) == 0) {
2980 idx = bitfield_get_first_zero(wpa_auth->ip_pool);
2982 u32 start = WPA_GET_BE32(wpa_auth->conf.ip_addr_start);
2983 bitfield_set(wpa_auth->ip_pool, idx);
3002 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3016 wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
3017 wpa_sta_disconnect(wpa_auth, sm->addr,
3023 eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
3054 len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
3067 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
3075 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, rsc) < 0)
3080 if (sm->wpa_auth->conf.disable_gtk ||
3129 if (wpa_channel_info(sm->wpa_auth, &ci) != 0) {
3154 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3159 if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
3169 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3170 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
3171 wpa_ie = sm->wpa_auth->wpa_ie;
3172 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
3174 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
3182 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3189 if (sm->wpa_auth->conf.disable_gtk ||
3218 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3280 conf = &sm->wpa_auth->conf;
3323 os_memcpy(addr + 4, sm->wpa_auth->conf.ip_addr_mask, 4);
3324 os_memcpy(addr + 8, sm->wpa_auth->conf.ip_addr_go, 4);
3330 wpa_send_eapol(sm->wpa_auth, sm,
3348 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
3350 wpa_sta_disconnect(sm->wpa_auth, sm->addr,
3362 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3370 wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
3374 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
3377 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
3378 wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
3383 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3388 wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
3395 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3401 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
3430 wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3441 if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
3449 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3450 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3456 if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, sm->p2p_dev_addr,
3464 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3466 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3475 sm->wpa_auth->conf.wpa_pairwise_update_count) {
3476 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3478 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3480 sm->wpa_auth->conf.wpa_pairwise_update_count);
3504 sm->wpa_auth->conf.wpa_pairwise_update_count ||
3505 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3507 wpa_auth->dot11RSNA4WayHandshakeFailures++;
3509 sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3511 sm->wpa_auth->conf.wpa_pairwise_update_count);
3546 if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3551 if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
3563 wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
3564 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3568 if (sm->wpa_auth->conf.disable_gtk ||
3601 wpa_send_eapol(sm->wpa_auth, sm,
3616 struct wpa_authenticator *wpa_auth = sm->wpa_auth;
3645 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
3655 if (wpa_channel_info(wpa_auth, &ci) != 0) {
3656 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3669 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
3681 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3695 wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
3698 sm->wpa_auth->conf.wpa_group_update_count);
3718 sm->wpa_auth->conf.wpa_group_update_count ||
3719 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
3735 static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
3743 wpa_auth->addr, group->GNonce,
3750 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3752 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3756 wpa_auth->addr, group->GNonce,
3768 static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
3785 wpa_gtk_update(wpa_auth, group);
3795 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3806 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
3857 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
3877 size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
3887 if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
3905 static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
3926 wpa_gtk_update(wpa_auth, group);
3934 wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
3940 static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
3945 if (wpa_auth_set_key(wpa_auth, group->vlan_id,
3946 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
3952 if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3956 alg = wpa_cipher_to_alg(wpa_auth->conf.group_mgmt_cipher);
3957 len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher);
3960 wpa_auth_set_key(wpa_auth, group->vlan_id, alg,
3984 static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
3990 wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
3994 static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
4002 if (wpa_group_config_group_keys(wpa_auth, group) < 0) {
4003 wpa_group_fatal_failure(wpa_auth, group);
4011 static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
4015 wpa_group_gtk_init(wpa_auth, group);
4020 wpa_group_setkeysdone(wpa_auth, group);
4023 wpa_group_setkeys(wpa_auth, group);
4026 wpa_group_setkeysdone(wpa_auth, group);
4028 wpa_group_setkeys(wpa_auth, group);
4052 sm->wpa_auth->group->changed = FALSE;
4060 wpa_group_sm_step(sm->wpa_auth, sm->group);
4061 } while (sm->changed || sm->wpa_auth->group->changed);
4089 void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
4094 if (wpa_auth == NULL)
4097 group = wpa_auth->group;
4108 wpa_gtk_update(wpa_auth, group);
4109 wpa_group_config_group_keys(wpa_auth, group);
4124 int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen)
4134 if (wpa_auth == NULL)
4143 wpa_bool_txt(wpa_auth->conf.wpa & WPA_PROTO_RSN),
4144 wpa_bool_txt(wpa_auth->conf.rsn_preauth));
4150 wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN);
4179 !!wpa_auth->conf.wpa_strict_rekey,
4180 wpa_auth->conf.wpa_group_update_count,
4181 wpa_auth->conf.wpa_pairwise_update_count,
4182 wpa_cipher_key_len(wpa_auth->conf.wpa_group) * 8,
4186 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteSelected),
4187 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherSelected),
4188 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected),
4190 RSN_SUITE_ARG(wpa_auth->dot11RSNAAuthenticationSuiteRequested),
4191 RSN_SUITE_ARG(wpa_auth->dot11RSNAPairwiseCipherRequested),
4192 RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested),
4193 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked,
4194 wpa_auth->dot11RSNA4WayHandshakeFailures);
4204 wpa_auth->group->wpa_group_state);
4269 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
4271 if (wpa_auth)
4272 wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++;
4353 const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len)
4355 if (wpa_auth == NULL)
4357 *len = wpa_auth->wpa_ie_len;
4358 return wpa_auth->wpa_ie;
4367 sm->wpa_auth->conf.disable_pmksa_caching)
4387 if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
4389 sm->wpa_auth->addr, sm->addr, session_timeout,
4397 int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
4402 if (wpa_auth == NULL)
4406 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, len, NULL,
4408 wpa_auth->addr,
4417 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
4420 if (wpa_auth->conf.disable_pmksa_caching)
4424 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, PMK_LEN, pmkid,
4426 wpa_auth->addr, addr, 0, NULL,
4441 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
4445 if (wpa_auth->conf.disable_pmksa_caching)
4449 if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
4450 NULL, 0, wpa_auth->addr, addr, session_timeout,
4458 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
4463 if (wpa_auth == NULL || wpa_auth->pmksa == NULL)
4465 pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
4469 pmksa_cache_free_entry(wpa_auth->pmksa, pmksa);
4474 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
4477 if (!wpa_auth || !wpa_auth->pmksa)
4479 return pmksa_cache_auth_list(wpa_auth->pmksa, buf, len);
4483 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
4485 if (wpa_auth && wpa_auth->pmksa)
4486 pmksa_cache_auth_flush(wpa_auth->pmksa);
4493 int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
4496 if (!wpa_auth || !wpa_auth->pmksa)
4499 return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
4521 int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
4526 if (!wpa_auth || !wpa_auth->pmksa)
4529 ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
4543 wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
4546 if (!wpa_auth || !wpa_auth->pmksa)
4548 return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
4554 struct wpa_authenticator *wpa_auth,
4563 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
4572 static void wpa_group_free(struct wpa_authenticator *wpa_auth,
4575 struct wpa_group *prev = wpa_auth->group;
4594 static void wpa_group_get(struct wpa_authenticator *wpa_auth,
4598 if (wpa_auth->group == group)
4606 static void wpa_group_put(struct wpa_authenticator *wpa_auth,
4610 if (wpa_auth->group == group)
4616 wpa_group_free(wpa_auth, group);
4625 wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4629 if (wpa_auth == NULL || wpa_auth->group == NULL)
4634 group = wpa_group_init(wpa_auth, vlan_id, 0);
4638 group->next = wpa_auth->group->next;
4639 wpa_auth->group->next = group;
4651 int wpa_auth_ensure_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4655 if (wpa_auth == NULL)
4658 group = wpa_auth->group;
4666 group = wpa_auth_add_group(wpa_auth, vlan_id);
4675 wpa_group_get(wpa_auth, group);
4691 int wpa_auth_release_group(struct wpa_authenticator *wpa_auth, int vlan_id)
4696 if (wpa_auth == NULL)
4699 group = wpa_auth->group;
4731 wpa_group_put(wpa_auth, group);
4741 if (sm == NULL || sm->wpa_auth == NULL)
4744 group = sm->wpa_auth->group;
4752 group = wpa_auth_add_group(sm->wpa_auth, vlan_id);
4766 wpa_group_get(sm->wpa_auth, group);
4767 wpa_group_put(sm->wpa_auth, sm->group);
4774 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
4777 if (wpa_auth == NULL || sm == NULL)
4796 eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
4799 wpa_send_eapol_timeout, wpa_auth, sm);
4839 int wpa_auth_radius_das_disconnect_pmksa(struct wpa_authenticator *wpa_auth,
4842 return pmksa_cache_auth_radius_das_disconnect(wpa_auth->pmksa, attr);
4846 void wpa_auth_reconfig_group_keys(struct wpa_authenticator *wpa_auth)
4850 if (!wpa_auth)
4852 for (group = wpa_auth->group; group; group = group->next)
4853 wpa_group_config_group_keys(wpa_auth, group);
4882 wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
4887 if (!wpa_auth->conf.fils_cache_id_set)
4889 idata.auth = wpa_auth;
4890 idata.cache_id = wpa_auth->conf.fils_cache_id;
4894 wpa_auth_for_each_auth(wpa_auth, wpa_auth_fils_iter, &idata);
4900 int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384,
4903 struct wpa_auth_config *conf = &wpa_auth->conf;
4968 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
4970 wpa_send_eapol(sm->wpa_auth, sm,
4996 /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
4997 wpa_ie = sm->wpa_auth->wpa_ie;
4998 wpa_ie_len = sm->wpa_auth->wpa_ie_len;
5000 (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
5008 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5034 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5100 conf = &sm->wpa_auth->conf;
5140 wpa_send_eapol(sm->wpa_auth, sm,
5169 wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
5209 wpa_send_eapol(sm->wpa_auth, sm,
5222 int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
5224 if (!wpa_auth)
5226 eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
5227 return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);