1 /* $OpenBSD: ieee80211_pae_input.c,v 1.32 2018/11/02 14:40:24 stsp Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Receive state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/errno.h> 32 33 #include <net/if.h> 34 #include <net/if_dl.h> 35 #include <net/if_media.h> 36 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 40 #include <net80211/ieee80211_var.h> 41 #include <net80211/ieee80211_priv.h> 42 43 void ieee80211_recv_4way_msg1(struct ieee80211com *, 44 struct ieee80211_eapol_key *, struct ieee80211_node *); 45 #ifndef IEEE80211_STA_ONLY 46 void ieee80211_recv_4way_msg2(struct ieee80211com *, 47 struct ieee80211_eapol_key *, struct ieee80211_node *, 48 const u_int8_t *); 49 #endif 50 int ieee80211_must_update_group_key(struct ieee80211_key *, const uint8_t *, 51 int); 52 void ieee80211_recv_4way_msg3(struct ieee80211com *, 53 struct ieee80211_eapol_key *, struct ieee80211_node *); 54 #ifndef IEEE80211_STA_ONLY 55 void ieee80211_recv_4way_msg4(struct ieee80211com *, 56 struct ieee80211_eapol_key *, struct ieee80211_node *); 57 void ieee80211_recv_4way_msg2or4(struct ieee80211com *, 58 struct ieee80211_eapol_key *, struct ieee80211_node *); 59 #endif 60 void ieee80211_recv_rsn_group_msg1(struct ieee80211com *, 61 struct ieee80211_eapol_key *, struct ieee80211_node *); 62 void ieee80211_recv_wpa_group_msg1(struct ieee80211com *, 63 struct ieee80211_eapol_key *, struct ieee80211_node *); 64 #ifndef IEEE80211_STA_ONLY 65 void ieee80211_recv_group_msg2(struct ieee80211com *, 66 struct ieee80211_eapol_key *, struct ieee80211_node *); 67 void ieee80211_recv_eapol_key_req(struct ieee80211com *, 68 struct ieee80211_eapol_key *, struct ieee80211_node *); 69 #endif 70 71 /* 72 * Process an incoming EAPOL frame. Notice that we are only interested in 73 * EAPOL-Key frames with an IEEE 802.11 or WPA descriptor type. 74 */ 75 void 76 ieee80211_eapol_key_input(struct ieee80211com *ic, struct mbuf *m, 77 struct ieee80211_node *ni) 78 { 79 struct ifnet *ifp = &ic->ic_if; 80 struct ether_header *eh; 81 struct ieee80211_eapol_key *key; 82 u_int16_t info, desc; 83 int totlen, bodylen, paylen; 84 85 ifp->if_ibytes += m->m_pkthdr.len; 86 87 eh = mtod(m, struct ether_header *); 88 if (IEEE80211_IS_MULTICAST(eh->ether_dhost)) { 89 ifp->if_imcasts++; 90 goto done; 91 } 92 m_adj(m, sizeof(*eh)); 93 94 if (m->m_pkthdr.len < sizeof(*key)) 95 goto done; 96 if (m->m_len < sizeof(*key) && 97 (m = m_pullup(m, sizeof(*key))) == NULL) { 98 ic->ic_stats.is_rx_nombuf++; 99 goto done; 100 } 101 key = mtod(m, struct ieee80211_eapol_key *); 102 103 if (key->type != EAPOL_KEY) 104 goto done; 105 ic->ic_stats.is_rx_eapol_key++; 106 107 if ((ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 108 key->desc != EAPOL_KEY_DESC_IEEE80211) || 109 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA && 110 key->desc != EAPOL_KEY_DESC_WPA)) 111 goto done; 112 113 /* check packet body length */ 114 bodylen = BE_READ_2(key->len); 115 totlen = 4 + bodylen; 116 if (m->m_pkthdr.len < totlen || totlen > MCLBYTES) 117 goto done; 118 119 /* check key data length */ 120 paylen = BE_READ_2(key->paylen); 121 if (paylen > totlen - sizeof(*key)) 122 goto done; 123 124 info = BE_READ_2(key->info); 125 126 /* discard EAPOL-Key frames with an unknown descriptor version */ 127 desc = info & EAPOL_KEY_VERSION_MASK; 128 if (desc < EAPOL_KEY_DESC_V1 || desc > EAPOL_KEY_DESC_V3) 129 goto done; 130 131 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) { 132 if (desc != EAPOL_KEY_DESC_V3) 133 goto done; 134 } else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 135 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) { 136 if (desc != EAPOL_KEY_DESC_V2) 137 goto done; 138 } 139 140 /* make sure the key data field is contiguous */ 141 if (m->m_len < totlen && (m = m_pullup(m, totlen)) == NULL) { 142 ic->ic_stats.is_rx_nombuf++; 143 goto done; 144 } 145 key = mtod(m, struct ieee80211_eapol_key *); 146 147 /* determine message type (see 8.5.3.7) */ 148 if (info & EAPOL_KEY_REQUEST) { 149 #ifndef IEEE80211_STA_ONLY 150 /* EAPOL-Key Request frame */ 151 ieee80211_recv_eapol_key_req(ic, key, ni); 152 #endif 153 } else if (info & EAPOL_KEY_PAIRWISE) { 154 /* 4-Way Handshake */ 155 if (info & EAPOL_KEY_KEYMIC) { 156 if (info & EAPOL_KEY_KEYACK) 157 ieee80211_recv_4way_msg3(ic, key, ni); 158 #ifndef IEEE80211_STA_ONLY 159 else 160 ieee80211_recv_4way_msg2or4(ic, key, ni); 161 #endif 162 } else if (info & EAPOL_KEY_KEYACK) 163 ieee80211_recv_4way_msg1(ic, key, ni); 164 } else { 165 /* Group Key Handshake */ 166 if (!(info & EAPOL_KEY_KEYMIC)) 167 goto done; 168 if (info & EAPOL_KEY_KEYACK) { 169 if (key->desc == EAPOL_KEY_DESC_WPA) 170 ieee80211_recv_wpa_group_msg1(ic, key, ni); 171 else 172 ieee80211_recv_rsn_group_msg1(ic, key, ni); 173 } 174 #ifndef IEEE80211_STA_ONLY 175 else 176 ieee80211_recv_group_msg2(ic, key, ni); 177 #endif 178 } 179 done: 180 m_freem(m); 181 } 182 183 /* 184 * Process Message 1 of the 4-Way Handshake (sent by Authenticator). 185 */ 186 void 187 ieee80211_recv_4way_msg1(struct ieee80211com *ic, 188 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 189 { 190 struct ieee80211_ptk tptk; 191 struct ieee80211_pmk *pmk; 192 const u_int8_t *frm, *efrm; 193 const u_int8_t *pmkid; 194 195 #ifndef IEEE80211_STA_ONLY 196 if (ic->ic_opmode != IEEE80211_M_STA && 197 ic->ic_opmode != IEEE80211_M_IBSS) 198 return; 199 #endif 200 /* 201 * Message 1 is always expected while RSN is active since some 202 * APs will rekey the PTK by sending Msg1/4 after some time. 203 */ 204 if (ni->ni_rsn_supp_state == RSNA_SUPP_INITIALIZE) { 205 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 206 return; 207 } 208 /* enforce monotonicity of key request replay counter */ 209 if (ni->ni_replaycnt_ok && 210 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 211 ic->ic_stats.is_rx_eapol_replay++; 212 return; 213 } 214 215 /* parse key data field (may contain an encapsulated PMKID) */ 216 frm = (const u_int8_t *)&key[1]; 217 efrm = frm + BE_READ_2(key->paylen); 218 219 pmkid = NULL; 220 while (frm + 2 <= efrm) { 221 if (frm + 2 + frm[1] > efrm) 222 break; 223 switch (frm[0]) { 224 case IEEE80211_ELEMID_VENDOR: 225 if (frm[1] < 4) 226 break; 227 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 228 switch (frm[5]) { 229 case IEEE80211_KDE_PMKID: 230 pmkid = frm; 231 break; 232 } 233 } 234 break; 235 } 236 frm += 2 + frm[1]; 237 } 238 /* check that the PMKID KDE is valid (if present) */ 239 if (pmkid != NULL && pmkid[1] != 4 + 16) 240 return; 241 242 if (ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 243 /* retrieve the PMK for this (AP,PMKID) */ 244 pmk = ieee80211_pmksa_find(ic, ni, 245 (pmkid != NULL) ? &pmkid[6] : NULL); 246 if (pmk == NULL) { 247 DPRINTF(("no PMK available for %s\n", 248 ether_sprintf(ni->ni_macaddr))); 249 return; 250 } 251 memcpy(ni->ni_pmk, pmk->pmk_key, IEEE80211_PMK_LEN); 252 } else /* use pre-shared key */ 253 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 254 ni->ni_flags |= IEEE80211_NODE_PMK; 255 256 /* save authenticator's nonce (ANonce) */ 257 memcpy(ni->ni_nonce, key->nonce, EAPOL_KEY_NONCE_LEN); 258 259 /* generate supplicant's nonce (SNonce) */ 260 arc4random_buf(ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 261 262 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 263 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 264 ic->ic_myaddr, ni->ni_nonce, ic->ic_nonce, &tptk); 265 266 /* We are now expecting a new pairwise key. */ 267 ni->ni_flags |= IEEE80211_NODE_RSN_NEW_PTK; 268 269 if (ic->ic_if.if_flags & IFF_DEBUG) 270 printf("%s: received msg %d/%d of the %s handshake from %s\n", 271 ic->ic_if.if_xname, 1, 4, "4-way", 272 ether_sprintf(ni->ni_macaddr)); 273 274 /* send message 2 to authenticator using TPTK */ 275 (void)ieee80211_send_4way_msg2(ic, ni, key->replaycnt, &tptk); 276 } 277 278 #ifndef IEEE80211_STA_ONLY 279 /* 280 * Process Message 2 of the 4-Way Handshake (sent by Supplicant). 281 */ 282 void 283 ieee80211_recv_4way_msg2(struct ieee80211com *ic, 284 struct ieee80211_eapol_key *key, struct ieee80211_node *ni, 285 const u_int8_t *rsnie) 286 { 287 struct ieee80211_ptk tptk; 288 289 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 290 ic->ic_opmode != IEEE80211_M_IBSS) 291 return; 292 293 /* discard if we're not expecting this message */ 294 if (ni->ni_rsn_state != RSNA_PTKSTART && 295 ni->ni_rsn_state != RSNA_PTKCALCNEGOTIATING) { 296 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 297 return; 298 } 299 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING; 300 301 /* NB: replay counter has already been verified by caller */ 302 303 /* PTK = CalcPTK(ANonce, SNonce) */ 304 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ic->ic_myaddr, 305 ni->ni_macaddr, ni->ni_nonce, key->nonce, &tptk); 306 307 /* check Key MIC field using KCK */ 308 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 309 DPRINTF(("key MIC failed\n")); 310 ic->ic_stats.is_rx_eapol_badmic++; 311 return; /* will timeout.. */ 312 } 313 314 timeout_del(&ni->ni_eapol_to); 315 ni->ni_rsn_state = RSNA_PTKCALCNEGOTIATING_2; 316 ni->ni_rsn_retries = 0; 317 318 /* install TPTK as PTK now that MIC is verified */ 319 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 320 321 /* 322 * The RSN IE must match bit-wise with what the STA included in its 323 * (Re)Association Request. 324 */ 325 if (ni->ni_rsnie == NULL || rsnie[1] != ni->ni_rsnie[1] || 326 memcmp(rsnie, ni->ni_rsnie, 2 + rsnie[1]) != 0) { 327 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 328 IEEE80211_REASON_RSN_DIFFERENT_IE); 329 ieee80211_node_leave(ic, ni); 330 return; 331 } 332 333 if (ic->ic_if.if_flags & IFF_DEBUG) 334 printf("%s: received msg %d/%d of the %s handshake from %s\n", 335 ic->ic_if.if_xname, 2, 4, "4-way", 336 ether_sprintf(ni->ni_macaddr)); 337 338 /* send message 3 to supplicant */ 339 (void)ieee80211_send_4way_msg3(ic, ni); 340 } 341 #endif /* IEEE80211_STA_ONLY */ 342 343 /* 344 * Check if a group key must be updated with a new GTK from an EAPOL frame. 345 * Manipulated group key handshake messages could trick clients into 346 * reinstalling an already used group key and hence lower or reset the 347 * associated replay counter. This check prevents such attacks. 348 */ 349 int 350 ieee80211_must_update_group_key(struct ieee80211_key *k, const uint8_t *gtk, 351 int len) 352 { 353 return (k->k_cipher == IEEE80211_CIPHER_NONE || k->k_len != len || 354 memcmp(k->k_key, gtk, len) != 0); 355 } 356 357 /* 358 * Process Message 3 of the 4-Way Handshake (sent by Authenticator). 359 */ 360 void 361 ieee80211_recv_4way_msg3(struct ieee80211com *ic, 362 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 363 { 364 struct ieee80211_ptk tptk; 365 struct ieee80211_key *k; 366 const u_int8_t *frm, *efrm; 367 const u_int8_t *rsnie1, *rsnie2, *gtk, *igtk; 368 u_int16_t info, reason = 0; 369 int keylen; 370 371 #ifndef IEEE80211_STA_ONLY 372 if (ic->ic_opmode != IEEE80211_M_STA && 373 ic->ic_opmode != IEEE80211_M_IBSS) 374 return; 375 #endif 376 /* discard if we're not expecting this message */ 377 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKNEGOTIATING && 378 ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 379 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 380 return; 381 } 382 /* enforce monotonicity of key request replay counter */ 383 if (ni->ni_replaycnt_ok && 384 BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 385 ic->ic_stats.is_rx_eapol_replay++; 386 return; 387 } 388 /* make sure that a PMK has been selected */ 389 if (!(ni->ni_flags & IEEE80211_NODE_PMK)) { 390 DPRINTF(("no PMK found for %s\n", 391 ether_sprintf(ni->ni_macaddr))); 392 return; 393 } 394 /* check that ANonce matches that of Message 1 */ 395 if (memcmp(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN) != 0) { 396 DPRINTF(("ANonce does not match msg 1/4\n")); 397 return; 398 } 399 /* TPTK = CalcPTK(PMK, ANonce, SNonce) */ 400 ieee80211_derive_ptk(ni->ni_rsnakms, ni->ni_pmk, ni->ni_macaddr, 401 ic->ic_myaddr, key->nonce, ic->ic_nonce, &tptk); 402 403 info = BE_READ_2(key->info); 404 405 /* check Key MIC field using KCK */ 406 if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) { 407 DPRINTF(("key MIC failed\n")); 408 ic->ic_stats.is_rx_eapol_badmic++; 409 return; 410 } 411 /* install TPTK as PTK now that MIC is verified */ 412 memcpy(&ni->ni_ptk, &tptk, sizeof(tptk)); 413 414 /* if encrypted, decrypt Key Data field using KEK */ 415 if ((info & EAPOL_KEY_ENCRYPTED) && 416 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 417 DPRINTF(("decryption failed\n")); 418 return; 419 } 420 421 /* parse key data field */ 422 frm = (const u_int8_t *)&key[1]; 423 efrm = frm + BE_READ_2(key->paylen); 424 425 /* 426 * Some WPA1+WPA2 APs (like hostapd) appear to include both WPA and 427 * RSN IEs in message 3/4. We only take into account the IE of the 428 * version of the protocol we negotiated at association time. 429 */ 430 rsnie1 = rsnie2 = gtk = igtk = NULL; 431 while (frm + 2 <= efrm) { 432 if (frm + 2 + frm[1] > efrm) 433 break; 434 switch (frm[0]) { 435 case IEEE80211_ELEMID_RSN: 436 if (ni->ni_rsnprotos != IEEE80211_PROTO_RSN) 437 break; 438 if (rsnie1 == NULL) 439 rsnie1 = frm; 440 else if (rsnie2 == NULL) 441 rsnie2 = frm; 442 /* ignore others if more than two RSN IEs */ 443 break; 444 case IEEE80211_ELEMID_VENDOR: 445 if (frm[1] < 4) 446 break; 447 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 448 switch (frm[5]) { 449 case IEEE80211_KDE_GTK: 450 gtk = frm; 451 break; 452 case IEEE80211_KDE_IGTK: 453 if (ni->ni_flags & IEEE80211_NODE_MFP) 454 igtk = frm; 455 break; 456 } 457 } else if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 458 switch (frm[5]) { 459 case 1: /* WPA */ 460 if (ni->ni_rsnprotos != 461 IEEE80211_PROTO_WPA) 462 break; 463 rsnie1 = frm; 464 break; 465 } 466 } 467 break; 468 } 469 frm += 2 + frm[1]; 470 } 471 /* first WPA/RSN IE is mandatory */ 472 if (rsnie1 == NULL) { 473 DPRINTF(("missing RSN IE\n")); 474 return; 475 } 476 /* key data must be encrypted if GTK is included */ 477 if (gtk != NULL && !(info & EAPOL_KEY_ENCRYPTED)) { 478 DPRINTF(("GTK not encrypted\n")); 479 return; 480 } 481 /* GTK KDE must be included if IGTK KDE is present */ 482 if (igtk != NULL && gtk == NULL) { 483 DPRINTF(("IGTK KDE found but GTK KDE missing\n")); 484 return; 485 } 486 /* check that the Install bit is set if using pairwise keys */ 487 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 488 !(info & EAPOL_KEY_INSTALL)) { 489 DPRINTF(("pairwise cipher but !Install\n")); 490 return; 491 } 492 493 /* 494 * Check that first WPA/RSN IE is identical to the one received in 495 * the beacon or probe response frame. 496 */ 497 if (ni->ni_rsnie == NULL || rsnie1[1] != ni->ni_rsnie[1] || 498 memcmp(rsnie1, ni->ni_rsnie, 2 + rsnie1[1]) != 0) { 499 reason = IEEE80211_REASON_RSN_DIFFERENT_IE; 500 goto deauth; 501 } 502 503 /* 504 * If a second RSN information element is present, use its pairwise 505 * cipher suite or deauthenticate. 506 */ 507 if (rsnie2 != NULL) { 508 struct ieee80211_rsnparams rsn; 509 510 if (ieee80211_parse_rsn(ic, rsnie2, &rsn) == 0) { 511 if (rsn.rsn_akms != ni->ni_rsnakms || 512 rsn.rsn_groupcipher != ni->ni_rsngroupcipher || 513 rsn.rsn_nciphers != 1 || 514 !(rsn.rsn_ciphers & ic->ic_rsnciphers)) { 515 reason = IEEE80211_REASON_BAD_PAIRWISE_CIPHER; 516 goto deauth; 517 } 518 /* use pairwise cipher suite of second RSN IE */ 519 ni->ni_rsnciphers = rsn.rsn_ciphers; 520 ni->ni_rsncipher = ni->ni_rsnciphers; 521 } 522 } 523 524 /* update the last seen value of the key replay counter field */ 525 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 526 ni->ni_replaycnt_ok = 1; 527 528 if (ic->ic_if.if_flags & IFF_DEBUG) 529 printf("%s: received msg %d/%d of the %s handshake from %s\n", 530 ic->ic_if.if_xname, 3, 4, "4-way", 531 ether_sprintf(ni->ni_macaddr)); 532 533 /* send message 4 to authenticator */ 534 if (ieee80211_send_4way_msg4(ic, ni) != 0) 535 return; /* ..authenticator will retry */ 536 537 /* 538 * Only install a new pairwise key if we are still expecting a new key, 539 * as indicated by the NODE_RSN_NEW_PTK flag. An adversary could be 540 * sending manipulated retransmissions of message 3 of the 4-way 541 * handshake in an attempt to trick us into reinstalling an already 542 * used pairwise key. If this attack succeeded, the incremental nonce 543 * and replay counter associated with the key would be reset. 544 * Against CCMP, the adversary could abuse this to replay and decrypt 545 * packets. Against TKIP, it would become possible to replay, decrypt, 546 * and forge packets. 547 */ 548 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP && 549 (ni->ni_flags & IEEE80211_NODE_RSN_NEW_PTK)) { 550 u_int64_t prsc; 551 552 /* check that key length matches that of pairwise cipher */ 553 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 554 if (BE_READ_2(key->keylen) != keylen) { 555 reason = IEEE80211_REASON_AUTH_LEAVE; 556 goto deauth; 557 } 558 prsc = (gtk == NULL) ? LE_READ_6(key->rsc) : 0; 559 560 /* map PTK to 802.11 key */ 561 k = &ni->ni_pairwise_key; 562 memset(k, 0, sizeof(*k)); 563 k->k_cipher = ni->ni_rsncipher; 564 k->k_rsc[0] = prsc; 565 k->k_len = keylen; 566 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 567 /* install the PTK */ 568 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 569 reason = IEEE80211_REASON_AUTH_LEAVE; 570 goto deauth; 571 } 572 ni->ni_flags &= ~IEEE80211_NODE_RSN_NEW_PTK; 573 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 574 ni->ni_flags |= IEEE80211_NODE_RXPROT; 575 } else if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 576 printf("%s: unexpected pairwise key update received from %s\n", 577 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 578 579 if (gtk != NULL) { 580 u_int8_t kid; 581 582 /* check that key length matches that of group cipher */ 583 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 584 if (gtk[1] != 6 + keylen) { 585 reason = IEEE80211_REASON_AUTH_LEAVE; 586 goto deauth; 587 } 588 /* map GTK to 802.11 key */ 589 kid = gtk[6] & 3; 590 k = &ic->ic_nw_keys[kid]; 591 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 592 memset(k, 0, sizeof(*k)); 593 k->k_id = kid; /* 0-3 */ 594 k->k_cipher = ni->ni_rsngroupcipher; 595 k->k_flags = IEEE80211_KEY_GROUP; 596 if (gtk[6] & (1 << 2)) 597 k->k_flags |= IEEE80211_KEY_TX; 598 k->k_rsc[0] = LE_READ_6(key->rsc); 599 k->k_len = keylen; 600 memcpy(k->k_key, >k[8], k->k_len); 601 /* install the GTK */ 602 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 603 reason = IEEE80211_REASON_AUTH_LEAVE; 604 goto deauth; 605 } 606 } 607 } 608 if (igtk != NULL) { /* implies MFP && gtk != NULL */ 609 u_int16_t kid; 610 611 /* check that the IGTK KDE is valid */ 612 if (igtk[1] != 4 + 24) { 613 reason = IEEE80211_REASON_AUTH_LEAVE; 614 goto deauth; 615 } 616 kid = LE_READ_2(&igtk[6]); 617 if (kid != 4 && kid != 5) { 618 DPRINTF(("unsupported IGTK id %u\n", kid)); 619 reason = IEEE80211_REASON_AUTH_LEAVE; 620 goto deauth; 621 } 622 /* map IGTK to 802.11 key */ 623 k = &ic->ic_nw_keys[kid]; 624 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 625 memset(k, 0, sizeof(*k)); 626 k->k_id = kid; /* either 4 or 5 */ 627 k->k_cipher = ni->ni_rsngroupmgmtcipher; 628 k->k_flags = IEEE80211_KEY_IGTK; 629 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 630 k->k_len = 16; 631 memcpy(k->k_key, &igtk[14], k->k_len); 632 /* install the IGTK */ 633 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 634 reason = IEEE80211_REASON_AUTH_LEAVE; 635 goto deauth; 636 } 637 } 638 } 639 if (info & EAPOL_KEY_INSTALL) 640 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 641 642 if (info & EAPOL_KEY_SECURE) { 643 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 644 #ifndef IEEE80211_STA_ONLY 645 if (ic->ic_opmode != IEEE80211_M_IBSS || 646 ++ni->ni_key_count == 2) 647 #endif 648 { 649 DPRINTF(("marking port %s valid\n", 650 ether_sprintf(ni->ni_macaddr))); 651 ni->ni_port_valid = 1; 652 ieee80211_set_link_state(ic, LINK_STATE_UP); 653 } 654 } 655 deauth: 656 if (reason != 0) { 657 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 658 reason); 659 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 660 } 661 } 662 663 #ifndef IEEE80211_STA_ONLY 664 /* 665 * Process Message 4 of the 4-Way Handshake (sent by Supplicant). 666 */ 667 void 668 ieee80211_recv_4way_msg4(struct ieee80211com *ic, 669 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 670 { 671 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 672 ic->ic_opmode != IEEE80211_M_IBSS) 673 return; 674 675 /* discard if we're not expecting this message */ 676 if (ni->ni_rsn_state != RSNA_PTKINITNEGOTIATING) { 677 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 678 return; 679 } 680 681 /* NB: replay counter has already been verified by caller */ 682 683 /* check Key MIC field using KCK */ 684 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 685 DPRINTF(("key MIC failed\n")); 686 ic->ic_stats.is_rx_eapol_badmic++; 687 return; /* will timeout.. */ 688 } 689 690 timeout_del(&ni->ni_eapol_to); 691 ni->ni_rsn_state = RSNA_PTKINITDONE; 692 ni->ni_rsn_retries = 0; 693 694 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) { 695 struct ieee80211_key *k; 696 697 /* map PTK to 802.11 key */ 698 k = &ni->ni_pairwise_key; 699 memset(k, 0, sizeof(*k)); 700 k->k_cipher = ni->ni_rsncipher; 701 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 702 memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); 703 /* install the PTK */ 704 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 705 IEEE80211_SEND_MGMT(ic, ni, 706 IEEE80211_FC0_SUBTYPE_DEAUTH, 707 IEEE80211_REASON_ASSOC_TOOMANY); 708 ieee80211_node_leave(ic, ni); 709 return; 710 } 711 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 712 } 713 if (ic->ic_opmode != IEEE80211_M_IBSS || ++ni->ni_key_count == 2) { 714 DPRINTF(("marking port %s valid\n", 715 ether_sprintf(ni->ni_macaddr))); 716 ni->ni_port_valid = 1; 717 } 718 719 if (ic->ic_if.if_flags & IFF_DEBUG) 720 printf("%s: received msg %d/%d of the %s handshake from %s\n", 721 ic->ic_if.if_xname, 4, 4, "4-way", 722 ether_sprintf(ni->ni_macaddr)); 723 724 /* initiate a group key handshake for WPA */ 725 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) 726 (void)ieee80211_send_group_msg1(ic, ni); 727 else 728 ni->ni_rsn_gstate = RSNA_IDLE; 729 } 730 731 /* 732 * Differentiate Message 2 from Message 4 of the 4-Way Handshake based on 733 * the presence of an RSN or WPA Information Element. 734 */ 735 void 736 ieee80211_recv_4way_msg2or4(struct ieee80211com *ic, 737 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 738 { 739 const u_int8_t *frm, *efrm; 740 const u_int8_t *rsnie; 741 742 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 743 ic->ic_stats.is_rx_eapol_replay++; 744 return; 745 } 746 747 /* parse key data field (check if an RSN IE is present) */ 748 frm = (const u_int8_t *)&key[1]; 749 efrm = frm + BE_READ_2(key->paylen); 750 751 rsnie = NULL; 752 while (frm + 2 <= efrm) { 753 if (frm + 2 + frm[1] > efrm) 754 break; 755 switch (frm[0]) { 756 case IEEE80211_ELEMID_RSN: 757 rsnie = frm; 758 break; 759 case IEEE80211_ELEMID_VENDOR: 760 if (frm[1] < 4) 761 break; 762 if (memcmp(&frm[2], MICROSOFT_OUI, 3) == 0) { 763 switch (frm[5]) { 764 case 1: /* WPA */ 765 rsnie = frm; 766 break; 767 } 768 } 769 } 770 frm += 2 + frm[1]; 771 } 772 if (rsnie != NULL) 773 ieee80211_recv_4way_msg2(ic, key, ni, rsnie); 774 else 775 ieee80211_recv_4way_msg4(ic, key, ni); 776 } 777 #endif /* IEEE80211_STA_ONLY */ 778 779 /* 780 * Process Message 1 of the RSN Group Key Handshake (sent by Authenticator). 781 */ 782 void 783 ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, 784 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 785 { 786 struct ieee80211_key *k; 787 const u_int8_t *frm, *efrm; 788 const u_int8_t *gtk, *igtk; 789 u_int16_t info, kid, reason = 0; 790 int keylen; 791 792 #ifndef IEEE80211_STA_ONLY 793 if (ic->ic_opmode != IEEE80211_M_STA && 794 ic->ic_opmode != IEEE80211_M_IBSS) 795 return; 796 #endif 797 /* discard if we're not expecting this message */ 798 if (ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 799 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 800 return; 801 } 802 /* enforce monotonicity of key request replay counter */ 803 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 804 ic->ic_stats.is_rx_eapol_replay++; 805 return; 806 } 807 /* check Key MIC field using KCK */ 808 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 809 DPRINTF(("key MIC failed\n")); 810 ic->ic_stats.is_rx_eapol_badmic++; 811 return; 812 } 813 info = BE_READ_2(key->info); 814 815 /* check that encrypted and decrypt Key Data field using KEK */ 816 if (!(info & EAPOL_KEY_ENCRYPTED) || 817 ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 818 DPRINTF(("decryption failed\n")); 819 return; 820 } 821 822 /* parse key data field (shall contain a GTK KDE) */ 823 frm = (const u_int8_t *)&key[1]; 824 efrm = frm + BE_READ_2(key->paylen); 825 826 gtk = igtk = NULL; 827 while (frm + 2 <= efrm) { 828 if (frm + 2 + frm[1] > efrm) 829 break; 830 switch (frm[0]) { 831 case IEEE80211_ELEMID_VENDOR: 832 if (frm[1] < 4) 833 break; 834 if (memcmp(&frm[2], IEEE80211_OUI, 3) == 0) { 835 switch (frm[5]) { 836 case IEEE80211_KDE_GTK: 837 gtk = frm; 838 break; 839 case IEEE80211_KDE_IGTK: 840 if (ni->ni_flags & IEEE80211_NODE_MFP) 841 igtk = frm; 842 break; 843 } 844 } 845 break; 846 } 847 frm += 2 + frm[1]; 848 } 849 /* check that the GTK KDE is present */ 850 if (gtk == NULL) { 851 DPRINTF(("GTK KDE missing\n")); 852 return; 853 } 854 855 /* check that key length matches that of group cipher */ 856 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 857 if (gtk[1] != 6 + keylen) 858 return; 859 860 /* map GTK to 802.11 key */ 861 kid = gtk[6] & 3; 862 k = &ic->ic_nw_keys[kid]; 863 if (ieee80211_must_update_group_key(k, >k[8], keylen)) { 864 memset(k, 0, sizeof(*k)); 865 k->k_id = kid; /* 0-3 */ 866 k->k_cipher = ni->ni_rsngroupcipher; 867 k->k_flags = IEEE80211_KEY_GROUP; 868 if (gtk[6] & (1 << 2)) 869 k->k_flags |= IEEE80211_KEY_TX; 870 k->k_rsc[0] = LE_READ_6(key->rsc); 871 k->k_len = keylen; 872 memcpy(k->k_key, >k[8], k->k_len); 873 /* install the GTK */ 874 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 875 reason = IEEE80211_REASON_AUTH_LEAVE; 876 goto deauth; 877 } 878 } 879 if (igtk != NULL) { /* implies MFP */ 880 /* check that the IGTK KDE is valid */ 881 if (igtk[1] != 4 + 24) { 882 reason = IEEE80211_REASON_AUTH_LEAVE; 883 goto deauth; 884 } 885 kid = LE_READ_2(&igtk[6]); 886 if (kid != 4 && kid != 5) { 887 DPRINTF(("unsupported IGTK id %u\n", kid)); 888 reason = IEEE80211_REASON_AUTH_LEAVE; 889 goto deauth; 890 } 891 /* map IGTK to 802.11 key */ 892 k = &ic->ic_nw_keys[kid]; 893 if (ieee80211_must_update_group_key(k, &igtk[14], 16)) { 894 memset(k, 0, sizeof(*k)); 895 k->k_id = kid; /* either 4 or 5 */ 896 k->k_cipher = ni->ni_rsngroupmgmtcipher; 897 k->k_flags = IEEE80211_KEY_IGTK; 898 k->k_mgmt_rsc = LE_READ_6(&igtk[8]); /* IPN */ 899 k->k_len = 16; 900 memcpy(k->k_key, &igtk[14], k->k_len); 901 /* install the IGTK */ 902 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 903 reason = IEEE80211_REASON_AUTH_LEAVE; 904 goto deauth; 905 } 906 } 907 } 908 if (info & EAPOL_KEY_SECURE) { 909 #ifndef IEEE80211_STA_ONLY 910 if (ic->ic_opmode != IEEE80211_M_IBSS || 911 ++ni->ni_key_count == 2) 912 #endif 913 { 914 DPRINTF(("marking port %s valid\n", 915 ether_sprintf(ni->ni_macaddr))); 916 ni->ni_port_valid = 1; 917 ieee80211_set_link_state(ic, LINK_STATE_UP); 918 } 919 } 920 /* update the last seen value of the key replay counter field */ 921 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 922 923 if (ic->ic_if.if_flags & IFF_DEBUG) 924 printf("%s: received msg %d/%d of the %s handshake from %s\n", 925 ic->ic_if.if_xname, 1, 2, "group key", 926 ether_sprintf(ni->ni_macaddr)); 927 928 /* send message 2 to authenticator */ 929 (void)ieee80211_send_group_msg2(ic, ni, NULL); 930 return; 931 deauth: 932 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 933 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 934 } 935 936 /* 937 * Process Message 1 of the WPA Group Key Handshake (sent by Authenticator). 938 */ 939 void 940 ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, 941 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 942 { 943 struct ieee80211_key *k; 944 u_int16_t info; 945 u_int8_t kid; 946 int keylen; 947 const uint8_t *gtk; 948 949 #ifndef IEEE80211_STA_ONLY 950 if (ic->ic_opmode != IEEE80211_M_STA && 951 ic->ic_opmode != IEEE80211_M_IBSS) 952 return; 953 #endif 954 /* discard if we're not expecting this message */ 955 if (ni->ni_rsn_supp_state != RNSA_SUPP_PTKDONE) { 956 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_supp_state)); 957 return; 958 } 959 /* enforce monotonicity of key request replay counter */ 960 if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) { 961 ic->ic_stats.is_rx_eapol_replay++; 962 return; 963 } 964 /* check Key MIC field using KCK */ 965 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 966 DPRINTF(("key MIC failed\n")); 967 ic->ic_stats.is_rx_eapol_badmic++; 968 return; 969 } 970 /* 971 * EAPOL-Key data field is encrypted even though WPA doesn't set 972 * the ENCRYPTED bit in the info field. 973 */ 974 if (ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) { 975 DPRINTF(("decryption failed\n")); 976 return; 977 } 978 979 /* check that key length matches that of group cipher */ 980 keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); 981 if (BE_READ_2(key->keylen) != keylen) 982 return; 983 984 /* check that the data length is large enough to hold the key */ 985 if (BE_READ_2(key->paylen) < keylen) 986 return; 987 988 info = BE_READ_2(key->info); 989 990 /* map GTK to 802.11 key */ 991 kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3; 992 k = &ic->ic_nw_keys[kid]; 993 gtk = (const uint8_t *)&key[1]; /* key data field contains the GTK */ 994 if (ieee80211_must_update_group_key(k, gtk, keylen)) { 995 memset(k, 0, sizeof(*k)); 996 k->k_id = kid; /* 0-3 */ 997 k->k_cipher = ni->ni_rsngroupcipher; 998 k->k_flags = IEEE80211_KEY_GROUP; 999 if (info & EAPOL_KEY_WPA_TX) 1000 k->k_flags |= IEEE80211_KEY_TX; 1001 k->k_rsc[0] = LE_READ_6(key->rsc); 1002 k->k_len = keylen; 1003 memcpy(k->k_key, gtk, k->k_len); 1004 /* install the GTK */ 1005 if ((*ic->ic_set_key)(ic, ni, k) != 0) { 1006 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 1007 IEEE80211_REASON_AUTH_LEAVE); 1008 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1009 return; 1010 } 1011 } 1012 if (info & EAPOL_KEY_SECURE) { 1013 #ifndef IEEE80211_STA_ONLY 1014 if (ic->ic_opmode != IEEE80211_M_IBSS || 1015 ++ni->ni_key_count == 2) 1016 #endif 1017 { 1018 DPRINTF(("marking port %s valid\n", 1019 ether_sprintf(ni->ni_macaddr))); 1020 ni->ni_port_valid = 1; 1021 ieee80211_set_link_state(ic, LINK_STATE_UP); 1022 } 1023 } 1024 /* update the last seen value of the key replay counter field */ 1025 ni->ni_replaycnt = BE_READ_8(key->replaycnt); 1026 1027 if (ic->ic_if.if_flags & IFF_DEBUG) 1028 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1029 ic->ic_if.if_xname, 1, 2, "group key", 1030 ether_sprintf(ni->ni_macaddr)); 1031 1032 /* send message 2 to authenticator */ 1033 (void)ieee80211_send_group_msg2(ic, ni, k); 1034 } 1035 1036 #ifndef IEEE80211_STA_ONLY 1037 /* 1038 * Process Message 2 of the Group Key Handshake (sent by Supplicant). 1039 */ 1040 void 1041 ieee80211_recv_group_msg2(struct ieee80211com *ic, 1042 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1043 { 1044 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1045 ic->ic_opmode != IEEE80211_M_IBSS) 1046 return; 1047 1048 /* discard if we're not expecting this message */ 1049 if (ni->ni_rsn_gstate != RSNA_REKEYNEGOTIATING) { 1050 DPRINTF(("%s: unexpected in state: %d\n", ic->ic_if.if_xname, 1051 ni->ni_rsn_gstate)); 1052 return; 1053 } 1054 /* enforce monotonicity of key request replay counter */ 1055 if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) { 1056 ic->ic_stats.is_rx_eapol_replay++; 1057 return; 1058 } 1059 /* check Key MIC field using KCK */ 1060 if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1061 DPRINTF(("key MIC failed\n")); 1062 ic->ic_stats.is_rx_eapol_badmic++; 1063 return; 1064 } 1065 1066 timeout_del(&ni->ni_eapol_to); 1067 ni->ni_rsn_gstate = RSNA_REKEYESTABLISHED; 1068 1069 if (ni->ni_flags & IEEE80211_NODE_REKEY) { 1070 int rekeysta = 0; 1071 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 1072 ieee80211_iterate_nodes(ic, 1073 ieee80211_count_rekeysta, &rekeysta); 1074 if (rekeysta == 0) 1075 ieee80211_setkeysdone(ic); 1076 } 1077 ni->ni_flags |= IEEE80211_NODE_TXRXPROT; 1078 1079 ni->ni_rsn_gstate = RSNA_IDLE; 1080 ni->ni_rsn_retries = 0; 1081 1082 if (ic->ic_if.if_flags & IFF_DEBUG) 1083 printf("%s: received msg %d/%d of the %s handshake from %s\n", 1084 ic->ic_if.if_xname, 2, 2, "group key", 1085 ether_sprintf(ni->ni_macaddr)); 1086 } 1087 1088 /* 1089 * EAPOL-Key Request frames are sent by the supplicant to request that the 1090 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 1091 * or to report a MIC failure in a TKIP MSDU. 1092 */ 1093 void 1094 ieee80211_recv_eapol_key_req(struct ieee80211com *ic, 1095 struct ieee80211_eapol_key *key, struct ieee80211_node *ni) 1096 { 1097 u_int16_t info; 1098 1099 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 1100 ic->ic_opmode != IEEE80211_M_IBSS) 1101 return; 1102 1103 /* discard if we're not expecting this message */ 1104 if (ni->ni_rsn_state != RSNA_PTKINITDONE) { 1105 DPRINTF(("unexpected in state: %d\n", ni->ni_rsn_state)); 1106 return; 1107 } 1108 /* enforce monotonicity of key request replay counter */ 1109 if (ni->ni_reqreplaycnt_ok && 1110 BE_READ_8(key->replaycnt) <= ni->ni_reqreplaycnt) { 1111 ic->ic_stats.is_rx_eapol_replay++; 1112 return; 1113 } 1114 info = BE_READ_2(key->info); 1115 1116 if (!(info & EAPOL_KEY_KEYMIC) || 1117 ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) { 1118 DPRINTF(("key request MIC failed\n")); 1119 ic->ic_stats.is_rx_eapol_badmic++; 1120 return; 1121 } 1122 /* update key request replay counter now that MIC is verified */ 1123 ni->ni_reqreplaycnt = BE_READ_8(key->replaycnt); 1124 ni->ni_reqreplaycnt_ok = 1; 1125 1126 if (info & EAPOL_KEY_ERROR) { /* TKIP MIC failure */ 1127 /* ignore reports from STAs not using TKIP */ 1128 if (ic->ic_bss->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 1129 ni->ni_rsncipher != IEEE80211_CIPHER_TKIP) { 1130 DPRINTF(("MIC failure report from !TKIP STA: %s\n", 1131 ether_sprintf(ni->ni_macaddr))); 1132 return; 1133 } 1134 ic->ic_stats.is_rx_remmicfail++; 1135 ieee80211_michael_mic_failure(ic, LE_READ_6(key->rsc)); 1136 1137 } else if (info & EAPOL_KEY_PAIRWISE) { 1138 /* initiate a 4-Way Handshake */ 1139 1140 } else { 1141 /* 1142 * Should change the GTK, initiate the 4-Way Handshake and 1143 * then execute a Group Key Handshake with all supplicants. 1144 */ 1145 } 1146 } 1147 #endif /* IEEE80211_STA_ONLY */ 1148