1 /* $OpenBSD: ieee80211_pae_input.c,v 1.33 2019/09/02 12:54:21 stsp Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Receive state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/errno.h> 32 33 #include <net/if.h> 34 #include <net/if_dl.h> 35 #include <net/if_media.h> 36 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 40 #include <net80211/ieee80211_var.h> 41 #include <net80211/ieee80211_priv.h> 42 43 void ieee80211_recv_4way_msg1(struct ieee80211com *, 44 struct ieee80211_eapol_key *, struct ieee80211_node *); 45 #ifndef IEEE80211_STA_ONLY 46 void ieee80211_recv_4way_msg2(struct ieee80211com *, 47 struct ieee80211_eapol_key *, struct ieee80211_node *, 48 const u_int8_t *); 49 #endif 50 int ieee80211_must_update_group_key(struct ieee80211_key *, const uint8_t *, 51 int); 52 void ieee80211_recv_4way_msg3(struct ieee80211com *, 53 struct ieee80211_eapol_key *, struct ieee80211_node *); 54 #ifndef IEEE80211_STA_ONLY 55 void ieee80211_recv_4way_msg4(struct ieee80211com *, 56 struct ieee80211_eapol_key *, struct ieee80211_node *); 57 void ieee80211_recv_4way_msg2or4(struct ieee80211com *, 58 struct ieee80211_eapol_key *, struct ieee80211_node *); 59 #endif 60 void ieee80211_recv_rsn_group_msg1(struct ieee80211com *, 61 struct ieee80211_eapol_key *, struct ieee80211_node *); 62 void ieee80211_recv_wpa_group_msg1(struct ieee80211com *, 63 struct ieee80211_eapol_key *, struct ieee80211_node *); 64 #ifndef IEEE80211_STA_ONLY 65 void ieee80211_recv_group_msg2(struct ieee80211com *, 66 struct ieee80211_eapol_key *, struct ieee80211_node *); 67 void ieee80211_recv_eapol_key_req(struct ieee80211com *, 68 struct ieee80211_eapol_key *, struct ieee80211_node *); 69 #endif 70 71 /* 72 * Process an incoming EAPOL frame. Notice that we are only interested in 73 * EAPOL-Key frames with an IEEE 802.11 or WPA descriptor type. 74 */ 75 void 76 ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m, 77 struct ieee80211_node *ni) 78 { 79 struct ifnet *ifp = &ic->ic_if; 80 struct ether_header *eh; 81 struct ieee80211_eapol_key *key; 82 u_int16_t info, desc; 83 int totlen, bodylen, paylen; 84 85 ifp->if_ibytes += m->m_pkthdr.len; 86 87 eh = mtod(m, struct ether_header *); 88 if (IEEE80211_IS_MULTICAST(eh->ether_dhost)) { 89 ifp->if_imcasts++; 90 goto done; 91 } 92 m_adj(m, sizeof(*eh)); 93 94 if (m->m_pkthdr.len < sizeof(*key)) 95 goto done; 96 if (m->m_len < sizeof(*key) && 97 (m = m_pullup(m, sizeof(*key))) == NULL) { 98 ic->ic_stats.is_rx_nombuf++; 99 goto done; 100 } 101 key = mtod(m, struct ieee80211_eapol_key *); 102 103 if (key->type != EAPOL_KEY) 104 goto done; 105 ic->ic_stats.is_rx_eapol_key++; 106 107 if ((ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 108 key->desc != EAPOL_KEY_DESC_IEEE80211) || 109 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA && 110 key->desc != EAPOL_KEY_DESC_WPA)) 111 goto done; 112 113 /* check packet body length */ 114 bodylen = BE_READ_2(key->len); 115 totlen = 4 + bodylen; 116 if (m->m_pkthdr.len < totlen || totlen > MCLBYTES) 117 goto done; 118 119 /* check key data length */ 120 paylen = BE_READ_2(key->paylen); 121 if (paylen > totlen - sizeof(*key)) 122 goto done; 123 124 info = BE_READ_2(key->info); 125 126 /* discard EAPOL-Key frames with an unknown descriptor version */ 127 desc = info & EAPOL_KEY_VERSION_MASK; 128 if (desc < EAPOL_KEY_DESC_V1 || desc > EAPOL_KEY_DESC_V3) 129 goto done; 130 131 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) { 132 if (desc != EAPOL_KEY_DESC_V3) 133 goto done; 134 } else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 135 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) { 136 if (desc != EAPOL_KEY_DESC_V2) 137 goto done; 138 } 139 140 /* make sure the key data field is contiguous */ 141 if (m->m_len < totlen && (m = m_pullup(m, totlen)) == NULL) { 142 ic->ic_stats.is_rx_nombuf++; 143 goto done; 144 } 145 key = mtod(m, struct ieee80211_eapol_key *); 146 147 /* determine message type (see 8.5.3.7) */ 148 if (info & EAPOL_KEY_REQUEST) { 149 #ifndef IEEE80211_STA_ONLY 150 /* EAPOL-Key Request frame */ 151 ieee80211_recv_eapol_key_req(ic, key, ni); 152 #endif 153 } else if (info & EAPOL_KEY_PAIRWISE) { 154 /* 4-Way Handshake */ 155 if (info & EAPOL_KEY_KEYMIC) { 156 if (info & EAPOL_KEY_KEYACK) 157 ieee80211_recv_4way_msg3(ic, key, ni); 158 #ifndef IEEE80211_STA_ONLY 159 else 160 ieee80211_recv_4way_msg2or4(ic, key, ni); 161 #endif 162 } else if (info & EAPOL_KEY_KEYACK) 163 ieee80211_recv_4way_msg1(ic, key, ni); 164 } else { 165 /* Group Key Handshake */ 166 if (!(info & EAPOL_KEY_KEYMIC)) 167 goto done; 168 if (info & EAPOL_KEY_KEYACK) { 169 if (key->desc == EAPOL_KEY_DESC_WPA) 170 ieee80211_recv_wpa_group_msg1(ic, key, ni); 171 else 172 ieee80211_recv_rsn_group_msg1(ic, key, ni); 173 } 174 #ifndef IEEE80211_STA_ONLY 175 else 176 ieee80211_recv_group_msg2(ic, key, ni); 177 #endif 178 } 179 done: 180 m_freem(m); 181 } 182 183 /* 184 * Process Message 1 of the 4-Way Handshake (sent by Authenticator). 185 */ 186 void 187 ieee80211_recv_4way_msg1(struct ieee80211com *ic, 188 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 189 { 190 struct ieee80211_ptk tptk; 191 struct ieee80211_pmk *pmk; 192 const u_int8_t *frm, *efrm; 193 const u_int8_t *pmkid; 194 195 #ifndef IEEE80211_STA_ONLY 196 if (ic->ic_opmode != IEEE80211_M_STA && 197 ic->ic_opmode != IEEE80211_M_IBSS) 198 return; 199 #endif 200 /* 201 * Message 1 is always expected while RSN is active since some 202 * APs will rekey the PTK by sending Msg1/4 after some time. 203 */ 204 if (ni->ni_rsn_supp_state == RSNA_SUPP_INITIALIZE) { 205 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 206 return; 207 } 208 /* enforce monotonicity of key request replay counter */ 209 if (ni->ni_replaycnt_ok && 210 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 211 ic->ic_stats.is_rx_eapol_replay++; 212 return; 213 } 214 215 /* parse key data field (may contain an encapsulated PMKID) */ 216 frm = (const u_int8_t *)&key[1]; 217 efrm = frm + BE_READ_2(key->paylen); 218 219 pmkid = NULL; 220 while (frm + 2 <= efrm) { 221 if (frm + 2 + frm[1] > efrm) 222 break; 223 switch (frm[0]) { 224 case IEEE80211_ELEMID_VENDOR: 225 if (frm[1] < 4) 226 break; 227 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 228 switch (frm[5]) { 229 case IEEE80211_KDE_PMKID: 230 pmkid = frm; 231 break; 232 } 233 } 234 break; 235 } 236 frm += 2 + frm[1]; 237 } 238 /* check that the PMKID KDE is valid (if present) */ 239 if (pmkid != NULL && pmkid[1] != 4 + 16) 240 return; 241 242 if (ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 243 /* retrieve the PMK for this (AP,PMKID) */ 244 pmk = ieee80211_pmksa_find(ic, ni, 245 (pmkid != NULL) ? &pmkid[6] : NULL); 246 if (pmk == NULL) { 247 DPRINTF(("no PMK available for %s\n", 248 ether_sprintf(ni->ni_macaddr))); 249 return; 250 } 251 memcpy(ni->ni_pmk, pmk->pmk_key, IEEE80211_PMK_LEN); 252 } else /* use pre-shared key */ 253 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 254 ni->ni_flags |= IEEE80211_NODE_PMK; 255 256 /* save authenticator's nonce (ANonce) */ 257 memcpy(ni->ni_nonce, key->nonce, EAPOL_KEY_NONCE_LEN); 258 259 /* generate supplicant's nonce (SNonce) */ 260 arc4random_buf(ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 261 262 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 263 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 264 ic->ic_myaddr, ni->ni_nonce, ic->ic_nonce, &tptk); 265 266 /* We are now expecting a new pairwise key. */ 267 ni->ni_flags |= IEEE80211_NODE_RSN_NEW_PTK; 268 269 if (ic->ic_if.if_flags & IFF_DEBUG) 270 printf("%s: received msg %d/%d of the %s handshake from %s\n", 271 ic->ic_if.if_xname, 1, 4, "4-way", 272 ether_sprintf(ni->ni_macaddr)); 273 274 /* send message 2 to authenticator using TPTK */ 275 (void)ieee80211_send_4way_msg2(ic, ni, key->replaycnt, &tptk); 276 } 277 278 #ifndef IEEE80211_STA_ONLY 279 /* 280 * Process Message 2 of the 4-Way Handshake (sent by Supplicant). 281 */ 282 void 283 ieee80211_recv_4way_msg2(struct ieee80211com *ic, 284 struct ieee80211_eapol_key *key, struct ieee80211_node *ni, 285 const u_int8_t *rsnie) 286 { 287 struct ieee80211_ptk tptk; 288 289 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 290 ic->ic_opmode != IEEE80211_M_IBSS) 291 return; 292 293 /* discard if we're not expecting this message */ 294 if (ni->ni_rsn_state != RSNA_PTKSTART && 295 ni->ni_rsn_state != RSNA_PTKCALCNEGOTIATING) { 296 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 297 return; 298 } 299 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING; 300 301 /* NB: replay counter has already been verified by caller */ 302 303 /* PTK = CalcPTK(ANonce, SNonce) */ 304 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ic->ic_myaddr, 305 ni->ni_macaddr, ni->ni_nonce, key->nonce, &tptk); 306 307 /* check Key MIC field using KCK */ 308 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 309 DPRINTF(("key MIC failed\n")); 310 ic->ic_stats.is_rx_eapol_badmic++; 311 return; /* will timeout.. */ 312 } 313 314 timeout_del(&ni->ni_eapol_to); 315 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING_2; 316 ni->ni_rsn_retries = 0; 317 318 /* install TPTK as PTK now that MIC is verified */ 319 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 320 321 /* 322 * The RSN IE must match bit-wise with what the STA included in its 323 * (Re)Association Request. 324 */ 325 if (ni->ni_rsnie == NULL || rsnie[1] != ni->ni_rsnie[1] || 326 memcmp(rsnie, ni->ni_rsnie, 2 + rsnie[1]) != 0) { 327 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 328 IEEE80211_REASON_RSN_DIFFERENT_IE); 329 ieee80211_node_leave(ic, ni); 330 return; 331 } 332 333 if (ic->ic_if.if_flags & IFF_DEBUG) 334 printf("%s: received msg %d/%d of the %s handshake from %s\n", 335 ic->ic_if.if_xname, 2, 4, "4-way", 336 ether_sprintf(ni->ni_macaddr)); 337 338 /* send message 3 to supplicant */ 339 (void)ieee80211_send_4way_msg3(ic, ni); 340 } 341 #endif /* IEEE80211_STA_ONLY */ 342 343 /* 344 * Check if a group key must be updated with a new GTK from an EAPOL frame. 345 * Manipulated group key handshake messages could trick clients into 346 * reinstalling an already used group key and hence lower or reset the 347 * associated replay counter. This check prevents such attacks. 348 */ 349 int 350 ieee80211_must_update_group_key(struct ieee80211_key *k, const uint8_t *gtk, 351 int len) 352 { 353 return (k->k_cipher == IEEE80211_CIPHER_NONE || k->k_len != len || 354 memcmp(k->k_key, gtk, len) != 0); 355 } 356 357 /* 358 * Process Message 3 of the 4-Way Handshake (sent by Authenticator). 359 */ 360 void 361 ieee80211_recv_4way_msg3(struct ieee80211com *ic, 362 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 363 { 364 struct ieee80211_ptk tptk; 365 struct ieee80211_key *k; 366 const u_int8_t *frm, *efrm; 367 const u_int8_t *rsnie1, *rsnie2, *gtk, *igtk; 368 u_int16_t info, reason = 0; 369 int keylen; 370 371 #ifndef IEEE80211_STA_ONLY 372 if (ic->ic_opmode != IEEE80211_M_STA && 373 ic->ic_opmode != IEEE80211_M_IBSS) 374 return; 375 #endif 376 /* discard if we're not expecting this message */ 377 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKNEGOTIATING && 378 ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 379 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 380 return; 381 } 382 /* enforce monotonicity of key request replay counter */ 383 if (ni->ni_replaycnt_ok && 384 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 385 ic->ic_stats.is_rx_eapol_replay++; 386 return; 387 } 388 /* make sure that a PMK has been selected */ 389 if (!(ni->ni_flags & IEEE80211_NODE_PMK)) { 390 DPRINTF(("no PMK found for %s\n", 391 ether_sprintf(ni->ni_macaddr))); 392 return; 393 } 394 /* check that ANonce matches that of Message 1 */ 395 if (memcmp(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN) != 0) { 396 DPRINTF(("ANonce does not match msg 1/4\n")); 397 return; 398 } 399 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 400 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 401 ic->ic_myaddr, key->nonce, ic->ic_nonce, &tptk); 402 403 info = BE_READ_2(key->info); 404 405 /* check Key MIC field using KCK */ 406 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 407 DPRINTF(("key MIC failed\n")); 408 ic->ic_stats.is_rx_eapol_badmic++; 409 return; 410 } 411 /* install TPTK as PTK now that MIC is verified */ 412 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 413 414 /* if encrypted, decrypt Key Data field using KEK */ 415 if ((info & EAPOL_KEY_ENCRYPTED) && 416 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 417 DPRINTF(("decryption failed\n")); 418 return; 419 } 420 421 /* parse key data field */ 422 frm = (const u_int8_t *)&key[1]; 423 efrm = frm + BE_READ_2(key->paylen); 424 425 /* 426 * Some WPA1+WPA2 APs (like hostapd) appear to include both WPA and 427 * RSN IEs in message 3/4. We only take into account the IE of the 428 * version of the protocol we negotiated at association time. 429 */ 430 rsnie1 = rsnie2 = gtk = igtk = NULL; 431 while (frm + 2 <= efrm) { 432 if (frm + 2 + frm[1] > efrm) 433 break; 434 switch (frm[0]) { 435 case IEEE80211_ELEMID_RSN: 436 if (ni->ni_rsnprotos != IEEE80211_PROTO_RSN) 437 break; 438 if (rsnie1 == NULL) 439 rsnie1 = frm; 440 else if (rsnie2 == NULL) 441 rsnie2 = frm; 442 /* ignore others if more than two RSN IEs */ 443 break; 444 case IEEE80211_ELEMID_VENDOR: 445 if (frm[1] < 4) 446 break; 447 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 448 switch (frm[5]) { 449 case IEEE80211_KDE_GTK: 450 gtk = frm; 451 break; 452 case IEEE80211_KDE_IGTK: 453 if (ni->ni_flags & IEEE80211_NODE_MFP) 454 igtk = frm; 455 break; 456 } 457 } else if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 458 switch (frm[5]) { 459 case 1: /* WPA */ 460 if (ni->ni_rsnprotos != 461 IEEE80211_PROTO_WPA) 462 break; 463 rsnie1 = frm; 464 break; 465 } 466 } 467 break; 468 } 469 frm += 2 + frm[1]; 470 } 471 /* first WPA/RSN IE is mandatory */ 472 if (rsnie1 == NULL) { 473 DPRINTF(("missing RSN IE\n")); 474 return; 475 } 476 /* key data must be encrypted if GTK is included */ 477 if (gtk != NULL && !(info & EAPOL_KEY_ENCRYPTED)) { 478 DPRINTF(("GTK not encrypted\n")); 479 return; 480 } 481 /* GTK KDE must be included if IGTK KDE is present */ 482 if (igtk != NULL && gtk == NULL) { 483 DPRINTF(("IGTK KDE found but GTK KDE missing\n")); 484 return; 485 } 486 /* check that the Install bit is set if using pairwise keys */ 487 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 488 !(info & EAPOL_KEY_INSTALL)) { 489 DPRINTF(("pairwise cipher but !Install\n")); 490 return; 491 } 492 493 /* 494 * Check that first WPA/RSN IE is identical to the one received in 495 * the beacon or probe response frame. 496 */ 497 if (ni->ni_rsnie == NULL || rsnie1[1] != ni->ni_rsnie[1] || 498 memcmp(rsnie1, ni->ni_rsnie, 2 + rsnie1[1]) != 0) { 499 reason = IEEE80211_REASON_RSN_DIFFERENT_IE; 500 goto deauth; 501 } 502 503 /* 504 * If a second RSN information element is present, use its pairwise 505 * cipher suite or deauthenticate. 506 */ 507 if (rsnie2 != NULL) { 508 struct ieee80211_rsnparams rsn; 509 510 if (ieee80211_parse_rsn(ic, rsnie2, &rsn) == 0) { 511 if (rsn.rsn_akms != ni->ni_rsnakms || 512 rsn.rsn_groupcipher != ni->ni_rsngroupcipher || 513 rsn.rsn_nciphers != 1 || 514 !(rsn.rsn_ciphers & ic->ic_rsnciphers)) { 515 reason = IEEE80211_REASON_BAD_PAIRWISE_CIPHER; 516 goto deauth; 517 } 518 /* use pairwise cipher suite of second RSN IE */ 519 ni->ni_rsnciphers = rsn.rsn_ciphers; 520 ni->ni_rsncipher = ni->ni_rsnciphers; 521 } 522 } 523 524 /* update the last seen value of the key replay counter field */ 525 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 526 ni->ni_replaycnt_ok = 1; 527 528 if (ic->ic_if.if_flags & IFF_DEBUG) 529 printf("%s: received msg %d/%d of the %s handshake from %s\n", 530 ic->ic_if.if_xname, 3, 4, "4-way", 531 ether_sprintf(ni->ni_macaddr)); 532 533 /* send message 4 to authenticator */ 534 if (ieee80211_send_4way_msg4(ic, ni) != 0) 535 return; /* ..authenticator will retry */ 536 537 /* 538 * Only install a new pairwise key if we are still expecting a new key, 539 * as indicated by the NODE_RSN_NEW_PTK flag. An adversary could be 540 * sending manipulated retransmissions of message 3 of the 4-way 541 * handshake in an attempt to trick us into reinstalling an already 542 * used pairwise key. If this attack succeeded, the incremental nonce 543 * and replay counter associated with the key would be reset. 544 * Against CCMP, the adversary could abuse this to replay and decrypt 545 * packets. Against TKIP, it would become possible to replay, decrypt, 546 * and forge packets. 547 */ 548 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 549 (ni->ni_flags & IEEE80211_NODE_RSN_NEW_PTK)) { 550 u_int64_t prsc; 551 552 /* check that key length matches that of pairwise cipher */ 553 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 554 if (BE_READ_2(key->keylen) != keylen) { 555 reason = IEEE80211_REASON_AUTH_LEAVE; 556 goto deauth; 557 } 558 prsc = (gtk == NULL) ? LE_READ_6(key->rsc) : 0; 559 560 /* map PTK to 802.11 key */ 561 k = &ni->ni_pairwise_key; 562 memset(k, 0, sizeof(*k)); 563 k->k_cipher = ni->ni_rsncipher; 564 k->k_rsc[0] = prsc; 565 k->k_len = keylen; 566 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 567 /* install the PTK */ 568 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 569 reason = IEEE80211_REASON_AUTH_LEAVE; 570 goto deauth; 571 } 572 ni->ni_flags &= ~IEEE80211_NODE_RSN_NEW_PTK; 573 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 574 ni->ni_flags |= IEEE80211_NODE_RXPROT; 575 } else if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 576 printf("%s: unexpected pairwise key update received from %s\n", 577 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 578 579 if (gtk != NULL) { 580 u_int8_t kid; 581 582 /* check that key length matches that of group cipher */ 583 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 584 if (gtk[1] != 6 + keylen) { 585 reason = IEEE80211_REASON_AUTH_LEAVE; 586 goto deauth; 587 } 588 /* map GTK to 802.11 key */ 589 kid = gtk[6] & 3; 590 k = &ic->ic_nw_keys[kid]; 591 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 592 memset(k, 0, sizeof(*k)); 593 k->k_id = kid; /* 0-3 */ 594 k->k_cipher = ni->ni_rsngroupcipher; 595 k->k_flags = IEEE80211_KEY_GROUP; 596 if (gtk[6] & (1 << 2)) 597 k->k_flags |= IEEE80211_KEY_TX; 598 k->k_rsc[0] = LE_READ_6(key->rsc); 599 k->k_len = keylen; 600 memcpy(k->k_key, >k[8], k->k_len); 601 /* install the GTK */ 602 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 603 reason = IEEE80211_REASON_AUTH_LEAVE; 604 goto deauth; 605 } 606 } 607 } 608 if (igtk != NULL) { /* implies MFP && gtk != NULL */ 609 u_int16_t kid; 610 611 /* check that the IGTK KDE is valid */ 612 if (igtk[1] != 4 + 24) { 613 reason = IEEE80211_REASON_AUTH_LEAVE; 614 goto deauth; 615 } 616 kid = LE_READ_2(&igtk[6]); 617 if (kid != 4 && kid != 5) { 618 DPRINTF(("unsupported IGTK id %u\n", kid)); 619 reason = IEEE80211_REASON_AUTH_LEAVE; 620 goto deauth; 621 } 622 /* map IGTK to 802.11 key */ 623 k = &ic->ic_nw_keys[kid]; 624 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 625 memset(k, 0, sizeof(*k)); 626 k->k_id = kid; /* either 4 or 5 */ 627 k->k_cipher = ni->ni_rsngroupmgmtcipher; 628 k->k_flags = IEEE80211_KEY_IGTK; 629 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 630 k->k_len = 16; 631 memcpy(k->k_key, &igtk[14], k->k_len); 632 /* install the IGTK */ 633 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 634 reason = IEEE80211_REASON_AUTH_LEAVE; 635 goto deauth; 636 } 637 } 638 } 639 if (info & EAPOL_KEY_INSTALL) 640 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 641 642 if (info & EAPOL_KEY_SECURE) { 643 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 644 #ifndef IEEE80211_STA_ONLY 645 if (ic->ic_opmode != IEEE80211_M_IBSS || 646 ++ni->ni_key_count == 2) 647 #endif 648 { 649 DPRINTF(("marking port %s valid\n", 650 ether_sprintf(ni->ni_macaddr))); 651 ni->ni_port_valid = 1; 652 ieee80211_set_link_state(ic, LINK_STATE_UP); 653 ni->ni_assoc_fail = 0; 654 } 655 } 656 deauth: 657 if (reason != 0) { 658 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 659 reason); 660 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 661 } 662 } 663 664 #ifndef IEEE80211_STA_ONLY 665 /* 666 * Process Message 4 of the 4-Way Handshake (sent by Supplicant). 667 */ 668 void 669 ieee80211_recv_4way_msg4(struct ieee80211com *ic, 670 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 671 { 672 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 673 ic->ic_opmode != IEEE80211_M_IBSS) 674 return; 675 676 /* discard if we're not expecting this message */ 677 if (ni->ni_rsn_state != RSNA_PTKINITNEGOTIATING) { 678 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 679 return; 680 } 681 682 /* NB: replay counter has already been verified by caller */ 683 684 /* check Key MIC field using KCK */ 685 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 686 DPRINTF(("key MIC failed\n")); 687 ic->ic_stats.is_rx_eapol_badmic++; 688 return; /* will timeout.. */ 689 } 690 691 timeout_del(&ni->ni_eapol_to); 692 ni->ni_rsn_state = RSNA_PTKINITDONE; 693 ni->ni_rsn_retries = 0; 694 695 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) { 696 struct ieee80211_key *k; 697 698 /* map PTK to 802.11 key */ 699 k = &ni->ni_pairwise_key; 700 memset(k, 0, sizeof(*k)); 701 k->k_cipher = ni->ni_rsncipher; 702 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 703 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 704 /* install the PTK */ 705 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 706 IEEE80211_SEND_MGMT(ic, ni, 707 IEEE80211_FC0_SUBTYPE_DEAUTH, 708 IEEE80211_REASON_ASSOC_TOOMANY); 709 ieee80211_node_leave(ic, ni); 710 return; 711 } 712 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 713 } 714 if (ic->ic_opmode != IEEE80211_M_IBSS || ++ni->ni_key_count == 2) { 715 DPRINTF(("marking port %s valid\n", 716 ether_sprintf(ni->ni_macaddr))); 717 ni->ni_port_valid = 1; 718 } 719 720 if (ic->ic_if.if_flags & IFF_DEBUG) 721 printf("%s: received msg %d/%d of the %s handshake from %s\n", 722 ic->ic_if.if_xname, 4, 4, "4-way", 723 ether_sprintf(ni->ni_macaddr)); 724 725 /* initiate a group key handshake for WPA */ 726 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) 727 (void)ieee80211_send_group_msg1(ic, ni); 728 else 729 ni->ni_rsn_gstate = RSNA_IDLE; 730 } 731 732 /* 733 * Differentiate Message 2 from Message 4 of the 4-Way Handshake based on 734 * the presence of an RSN or WPA Information Element. 735 */ 736 void 737 ieee80211_recv_4way_msg2or4(struct ieee80211com *ic, 738 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 739 { 740 const u_int8_t *frm, *efrm; 741 const u_int8_t *rsnie; 742 743 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 744 ic->ic_stats.is_rx_eapol_replay++; 745 return; 746 } 747 748 /* parse key data field (check if an RSN IE is present) */ 749 frm = (const u_int8_t *)&key[1]; 750 efrm = frm + BE_READ_2(key->paylen); 751 752 rsnie = NULL; 753 while (frm + 2 <= efrm) { 754 if (frm + 2 + frm[1] > efrm) 755 break; 756 switch (frm[0]) { 757 case IEEE80211_ELEMID_RSN: 758 rsnie = frm; 759 break; 760 case IEEE80211_ELEMID_VENDOR: 761 if (frm[1] < 4) 762 break; 763 if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 764 switch (frm[5]) { 765 case 1: /* WPA */ 766 rsnie = frm; 767 break; 768 } 769 } 770 } 771 frm += 2 + frm[1]; 772 } 773 if (rsnie != NULL) 774 ieee80211_recv_4way_msg2(ic, key, ni, rsnie); 775 else 776 ieee80211_recv_4way_msg4(ic, key, ni); 777 } 778 #endif /* IEEE80211_STA_ONLY */ 779 780 /* 781 * Process Message 1 of the RSN Group Key Handshake (sent by Authenticator). 782 */ 783 void 784 ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, 785 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 786 { 787 struct ieee80211_key *k; 788 const u_int8_t *frm, *efrm; 789 const u_int8_t *gtk, *igtk; 790 u_int16_t info, kid, reason = 0; 791 int keylen; 792 793 #ifndef IEEE80211_STA_ONLY 794 if (ic->ic_opmode != IEEE80211_M_STA && 795 ic->ic_opmode != IEEE80211_M_IBSS) 796 return; 797 #endif 798 /* discard if we're not expecting this message */ 799 if (ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 800 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 801 return; 802 } 803 /* enforce monotonicity of key request replay counter */ 804 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 805 ic->ic_stats.is_rx_eapol_replay++; 806 return; 807 } 808 /* check Key MIC field using KCK */ 809 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 810 DPRINTF(("key MIC failed\n")); 811 ic->ic_stats.is_rx_eapol_badmic++; 812 return; 813 } 814 info = BE_READ_2(key->info); 815 816 /* check that encrypted and decrypt Key Data field using KEK */ 817 if (!(info & EAPOL_KEY_ENCRYPTED) || 818 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 819 DPRINTF(("decryption failed\n")); 820 return; 821 } 822 823 /* parse key data field (shall contain a GTK KDE) */ 824 frm = (const u_int8_t *)&key[1]; 825 efrm = frm + BE_READ_2(key->paylen); 826 827 gtk = igtk = NULL; 828 while (frm + 2 <= efrm) { 829 if (frm + 2 + frm[1] > efrm) 830 break; 831 switch (frm[0]) { 832 case IEEE80211_ELEMID_VENDOR: 833 if (frm[1] < 4) 834 break; 835 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 836 switch (frm[5]) { 837 case IEEE80211_KDE_GTK: 838 gtk = frm; 839 break; 840 case IEEE80211_KDE_IGTK: 841 if (ni->ni_flags & IEEE80211_NODE_MFP) 842 igtk = frm; 843 break; 844 } 845 } 846 break; 847 } 848 frm += 2 + frm[1]; 849 } 850 /* check that the GTK KDE is present */ 851 if (gtk == NULL) { 852 DPRINTF(("GTK KDE missing\n")); 853 return; 854 } 855 856 /* check that key length matches that of group cipher */ 857 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 858 if (gtk[1] != 6 + keylen) 859 return; 860 861 /* map GTK to 802.11 key */ 862 kid = gtk[6] & 3; 863 k = &ic->ic_nw_keys[kid]; 864 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 865 memset(k, 0, sizeof(*k)); 866 k->k_id = kid; /* 0-3 */ 867 k->k_cipher = ni->ni_rsngroupcipher; 868 k->k_flags = IEEE80211_KEY_GROUP; 869 if (gtk[6] & (1 << 2)) 870 k->k_flags |= IEEE80211_KEY_TX; 871 k->k_rsc[0] = LE_READ_6(key->rsc); 872 k->k_len = keylen; 873 memcpy(k->k_key, >k[8], k->k_len); 874 /* install the GTK */ 875 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 876 reason = IEEE80211_REASON_AUTH_LEAVE; 877 goto deauth; 878 } 879 } 880 if (igtk != NULL) { /* implies MFP */ 881 /* check that the IGTK KDE is valid */ 882 if (igtk[1] != 4 + 24) { 883 reason = IEEE80211_REASON_AUTH_LEAVE; 884 goto deauth; 885 } 886 kid = LE_READ_2(&igtk[6]); 887 if (kid != 4 && kid != 5) { 888 DPRINTF(("unsupported IGTK id %u\n", kid)); 889 reason = IEEE80211_REASON_AUTH_LEAVE; 890 goto deauth; 891 } 892 /* map IGTK to 802.11 key */ 893 k = &ic->ic_nw_keys[kid]; 894 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 895 memset(k, 0, sizeof(*k)); 896 k->k_id = kid; /* either 4 or 5 */ 897 k->k_cipher = ni->ni_rsngroupmgmtcipher; 898 k->k_flags = IEEE80211_KEY_IGTK; 899 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 900 k->k_len = 16; 901 memcpy(k->k_key, &igtk[14], k->k_len); 902 /* install the IGTK */ 903 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 904 reason = IEEE80211_REASON_AUTH_LEAVE; 905 goto deauth; 906 } 907 } 908 } 909 if (info & EAPOL_KEY_SECURE) { 910 #ifndef IEEE80211_STA_ONLY 911 if (ic->ic_opmode != IEEE80211_M_IBSS || 912 ++ni->ni_key_count == 2) 913 #endif 914 { 915 DPRINTF(("marking port %s valid\n", 916 ether_sprintf(ni->ni_macaddr))); 917 ni->ni_port_valid = 1; 918 ieee80211_set_link_state(ic, LINK_STATE_UP); 919 ni->ni_assoc_fail = 0; 920 } 921 } 922 /* update the last seen value of the key replay counter field */ 923 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 924 925 if (ic->ic_if.if_flags & IFF_DEBUG) 926 printf("%s: received msg %d/%d of the %s handshake from %s\n", 927 ic->ic_if.if_xname, 1, 2, "group key", 928 ether_sprintf(ni->ni_macaddr)); 929 930 /* send message 2 to authenticator */ 931 (void)ieee80211_send_group_msg2(ic, ni, NULL); 932 return; 933 deauth: 934 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 935 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 936 } 937 938 /* 939 * Process Message 1 of the WPA Group Key Handshake (sent by Authenticator). 940 */ 941 void 942 ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, 943 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 944 { 945 struct ieee80211_key *k; 946 u_int16_t info; 947 u_int8_t kid; 948 int keylen; 949 const uint8_t *gtk; 950 951 #ifndef IEEE80211_STA_ONLY 952 if (ic->ic_opmode != IEEE80211_M_STA && 953 ic->ic_opmode != IEEE80211_M_IBSS) 954 return; 955 #endif 956 /* discard if we're not expecting this message */ 957 if (ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 958 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 959 return; 960 } 961 /* enforce monotonicity of key request replay counter */ 962 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 963 ic->ic_stats.is_rx_eapol_replay++; 964 return; 965 } 966 /* check Key MIC field using KCK */ 967 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 968 DPRINTF(("key MIC failed\n")); 969 ic->ic_stats.is_rx_eapol_badmic++; 970 return; 971 } 972 /* 973 * EAPOL-Key data field is encrypted even though WPA doesn't set 974 * the ENCRYPTED bit in the info field. 975 */ 976 if (ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 977 DPRINTF(("decryption failed\n")); 978 return; 979 } 980 981 /* check that key length matches that of group cipher */ 982 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 983 if (BE_READ_2(key->keylen) != keylen) 984 return; 985 986 /* check that the data length is large enough to hold the key */ 987 if (BE_READ_2(key->paylen) < keylen) 988 return; 989 990 info = BE_READ_2(key->info); 991 992 /* map GTK to 802.11 key */ 993 kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3; 994 k = &ic->ic_nw_keys[kid]; 995 gtk = (const uint8_t *)&key[1]; /* key data field contains the GTK */ 996 if (ieee80211_must_update_group_key(k, gtk, keylen)) { 997 memset(k, 0, sizeof(*k)); 998 k->k_id = kid; /* 0-3 */ 999 k->k_cipher = ni->ni_rsngroupcipher; 1000 k->k_flags = IEEE80211_KEY_GROUP; 1001 if (info & EAPOL_KEY_WPA_TX) 1002 k->k_flags |= IEEE80211_KEY_TX; 1003 k->k_rsc[0] = LE_READ_6(key->rsc); 1004 k->k_len = keylen; 1005 memcpy(k->k_key, gtk, k->k_len); 1006 /* install the GTK */ 1007 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 1008 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 1009 IEEE80211_REASON_AUTH_LEAVE); 1010 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1011 return; 1012 } 1013 } 1014 if (info & EAPOL_KEY_SECURE) { 1015 #ifndef IEEE80211_STA_ONLY 1016 if (ic->ic_opmode != IEEE80211_M_IBSS || 1017 ++ni->ni_key_count == 2) 1018 #endif 1019 { 1020 DPRINTF(("marking port %s valid\n", 1021 ether_sprintf(ni->ni_macaddr))); 1022 ni->ni_port_valid = 1; 1023 ieee80211_set_link_state(ic, LINK_STATE_UP); 1024 ni->ni_assoc_fail = 0; 1025 } 1026 } 1027 /* update the last seen value of the key replay counter field */ 1028 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 1029 1030 if (ic->ic_if.if_flags & IFF_DEBUG) 1031 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1032 ic->ic_if.if_xname, 1, 2, "group key", 1033 ether_sprintf(ni->ni_macaddr)); 1034 1035 /* send message 2 to authenticator */ 1036 (void)ieee80211_send_group_msg2(ic, ni, k); 1037 } 1038 1039 #ifndef IEEE80211_STA_ONLY 1040 /* 1041 * Process Message 2 of the Group Key Handshake (sent by Supplicant). 1042 */ 1043 void 1044 ieee80211_recv_group_msg2(struct ieee80211com *ic, 1045 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1046 { 1047 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1048 ic->ic_opmode != IEEE80211_M_IBSS) 1049 return; 1050 1051 /* discard if we're not expecting this message */ 1052 if (ni->ni_rsn_gstate != RSNA_REKEYNEGOTIATING) { 1053 DPRINTF(("%s: unexpected in state: %d\n", ic->ic_if.if_xname, 1054 ni->ni_rsn_gstate)); 1055 return; 1056 } 1057 /* enforce monotonicity of key request replay counter */ 1058 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 1059 ic->ic_stats.is_rx_eapol_replay++; 1060 return; 1061 } 1062 /* check Key MIC field using KCK */ 1063 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1064 DPRINTF(("key MIC failed\n")); 1065 ic->ic_stats.is_rx_eapol_badmic++; 1066 return; 1067 } 1068 1069 timeout_del(&ni->ni_eapol_to); 1070 ni->ni_rsn_gstate = RSNA_REKEYESTABLISHED; 1071 1072 if (ni->ni_flags & IEEE80211_NODE_REKEY) { 1073 int rekeysta = 0; 1074 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 1075 ieee80211_iterate_nodes(ic, 1076 ieee80211_count_rekeysta, &rekeysta); 1077 if (rekeysta == 0) 1078 ieee80211_setkeysdone(ic); 1079 } 1080 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 1081 1082 ni->ni_rsn_gstate = RSNA_IDLE; 1083 ni->ni_rsn_retries = 0; 1084 1085 if (ic->ic_if.if_flags & IFF_DEBUG) 1086 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1087 ic->ic_if.if_xname, 2, 2, "group key", 1088 ether_sprintf(ni->ni_macaddr)); 1089 } 1090 1091 /* 1092 * EAPOL-Key Request frames are sent by the supplicant to request that the 1093 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 1094 * or to report a MIC failure in a TKIP MSDU. 1095 */ 1096 void 1097 ieee80211_recv_eapol_key_req(struct ieee80211com *ic, 1098 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1099 { 1100 u_int16_t info; 1101 1102 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1103 ic->ic_opmode != IEEE80211_M_IBSS) 1104 return; 1105 1106 /* discard if we're not expecting this message */ 1107 if (ni->ni_rsn_state != RSNA_PTKINITDONE) { 1108 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 1109 return; 1110 } 1111 /* enforce monotonicity of key request replay counter */ 1112 if (ni->ni_reqreplaycnt_ok && 1113 BE_READ_8(key->replaycnt) <= ni->ni_reqreplaycnt) { 1114 ic->ic_stats.is_rx_eapol_replay++; 1115 return; 1116 } 1117 info = BE_READ_2(key->info); 1118 1119 if (!(info & EAPOL_KEY_KEYMIC) || 1120 ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1121 DPRINTF(("key request MIC failed\n")); 1122 ic->ic_stats.is_rx_eapol_badmic++; 1123 return; 1124 } 1125 /* update key request replay counter now that MIC is verified */ 1126 ni->ni_reqreplaycnt = BE_READ_8(key->replaycnt); 1127 ni->ni_reqreplaycnt_ok = 1; 1128 1129 if (info & EAPOL_KEY_ERROR) { /* TKIP MIC failure */ 1130 /* ignore reports from STAs not using TKIP */ 1131 if (ic->ic_bss->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 1132 ni->ni_rsncipher != IEEE80211_CIPHER_TKIP) { 1133 DPRINTF(("MIC failure report from !TKIP STA: %s\n", 1134 ether_sprintf(ni->ni_macaddr))); 1135 return; 1136 } 1137 ic->ic_stats.is_rx_remmicfail++; 1138 ieee80211_michael_mic_failure(ic, LE_READ_6(key->rsc)); 1139 1140 } else if (info & EAPOL_KEY_PAIRWISE) { 1141 /* initiate a 4-Way Handshake */ 1142 1143 } else { 1144 /* 1145 * Should change the GTK, initiate the 4-Way Handshake and 1146 * then execute a Group Key Handshake with all supplicants. 1147 */ 1148 } 1149 } 1150 #endif /* IEEE80211_STA_ONLY */ 1151