1 /* $OpenBSD: ieee80211_pae_output.c,v 1.15 2009/01/26 19:09:41 damien Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Transmit state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/endian.h> 32 #include <sys/errno.h> 33 #include <sys/proc.h> 34 35 #include <net/if.h> 36 #include <net/if_dl.h> 37 #include <net/if_media.h> 38 #include <net/if_arp.h> 39 #include <net/if_llc.h> 40 #include <net/bpf.h> 41 42 #ifdef INET 43 #include <netinet/in.h> 44 #include <netinet/if_ether.h> 45 #include <netinet/in_systm.h> 46 #include <netinet/ip.h> 47 #endif 48 49 #include <net80211/ieee80211_var.h> 50 #include <net80211/ieee80211_priv.h> 51 52 int ieee80211_send_eapol_key(struct ieee80211com *, struct mbuf *, 53 struct ieee80211_node *, const struct ieee80211_ptk *); 54 #ifndef IEEE80211_STA_ONLY 55 u_int8_t *ieee80211_add_gtk_kde(u_int8_t *, struct ieee80211_node *, 56 const struct ieee80211_key *); 57 u_int8_t *ieee80211_add_pmkid_kde(u_int8_t *, const u_int8_t *); 58 u_int8_t *ieee80211_add_igtk_kde(u_int8_t *, 59 const struct ieee80211_key *); 60 #endif 61 struct mbuf *ieee80211_get_eapol_key(int, int, u_int); 62 63 /* 64 * Send an EAPOL-Key frame to node `ni'. If MIC or encryption is required, 65 * the PTK must be passed (otherwise it can be set to NULL.) 66 */ 67 int 68 ieee80211_send_eapol_key(struct ieee80211com *ic, struct mbuf *m, 69 struct ieee80211_node *ni, const struct ieee80211_ptk *ptk) 70 { 71 struct ifnet *ifp = &ic->ic_if; 72 struct ether_header *eh; 73 struct ieee80211_eapol_key *key; 74 u_int16_t info; 75 int s, len, error; 76 77 M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT); 78 if (m == NULL) 79 return ENOMEM; 80 /* no need to m_pullup here (ok by construction) */ 81 eh = mtod(m, struct ether_header *); 82 eh->ether_type = htons(ETHERTYPE_PAE); 83 IEEE80211_ADDR_COPY(eh->ether_shost, ic->ic_myaddr); 84 IEEE80211_ADDR_COPY(eh->ether_dhost, ni->ni_macaddr); 85 86 key = (struct ieee80211_eapol_key *)&eh[1]; 87 key->version = EAPOL_VERSION; 88 key->type = EAPOL_KEY; 89 key->desc = (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 90 EAPOL_KEY_DESC_IEEE80211 : EAPOL_KEY_DESC_WPA; 91 92 info = BE_READ_2(key->info); 93 /* use V3 descriptor if KDF is SHA256-based */ 94 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) 95 info |= EAPOL_KEY_DESC_V3; 96 /* use V2 descriptor if pairwise or group cipher is CCMP */ 97 else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 98 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) 99 info |= EAPOL_KEY_DESC_V2; 100 else 101 info |= EAPOL_KEY_DESC_V1; 102 BE_WRITE_2(key->info, info); 103 104 len = m->m_len - sizeof(struct ether_header); 105 BE_WRITE_2(key->paylen, len - sizeof(*key)); 106 BE_WRITE_2(key->len, len - 4); 107 108 #ifndef IEEE80211_STA_ONLY 109 if (info & EAPOL_KEY_ENCRYPTED) { 110 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 111 /* clear "Encrypted" bit for WPA */ 112 info &= ~EAPOL_KEY_ENCRYPTED; 113 BE_WRITE_2(key->info, info); 114 } 115 ieee80211_eapol_key_encrypt(ic, key, ptk->kek); 116 117 if ((info & EAPOL_KEY_VERSION_MASK) != EAPOL_KEY_DESC_V1) { 118 /* AES Key Wrap adds 8 bytes + padding */ 119 m->m_pkthdr.len = m->m_len = 120 sizeof(*eh) + 4 + BE_READ_2(key->len); 121 } 122 } 123 #endif 124 if (info & EAPOL_KEY_KEYMIC) 125 ieee80211_eapol_key_mic(key, ptk->kck); 126 127 len = m->m_pkthdr.len; 128 s = splnet(); 129 #ifndef IEEE80211_STA_ONLY 130 /* start a 100ms timeout if an answer is expected from supplicant */ 131 if (info & EAPOL_KEY_KEYACK) 132 timeout_add_msec(&ni->ni_eapol_to, 100); 133 #endif 134 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 135 if (error == 0) { 136 ifp->if_obytes += len; 137 if ((ifp->if_flags & IFF_OACTIVE) == 0) 138 (*ifp->if_start)(ifp); 139 } 140 splx(s); 141 142 return error; 143 } 144 145 #ifndef IEEE80211_STA_ONLY 146 /* 147 * Handle EAPOL-Key timeouts (no answer from supplicant). 148 */ 149 void 150 ieee80211_eapol_timeout(void *arg) 151 { 152 struct ieee80211_node *ni = arg; 153 struct ieee80211com *ic = ni->ni_ic; 154 int s; 155 156 DPRINTF(("no answer from station %s in state %d\n", 157 ether_sprintf(ni->ni_macaddr), ni->ni_rsn_state)); 158 159 s = splnet(); 160 161 switch (ni->ni_rsn_state) { 162 case RSNA_PTKSTART: 163 case RSNA_PTKCALCNEGOTIATING: 164 (void)ieee80211_send_4way_msg1(ic, ni); 165 break; 166 case RSNA_PTKINITNEGOTIATING: 167 (void)ieee80211_send_4way_msg3(ic, ni); 168 break; 169 } 170 171 switch (ni->ni_rsn_gstate) { 172 case RSNA_REKEYNEGOTIATING: 173 (void)ieee80211_send_group_msg1(ic, ni); 174 break; 175 } 176 177 splx(s); 178 } 179 180 /* 181 * Add a GTK KDE to an EAPOL-Key frame (see Figure 144). 182 */ 183 u_int8_t * 184 ieee80211_add_gtk_kde(u_int8_t *frm, struct ieee80211_node *ni, 185 const struct ieee80211_key *k) 186 { 187 KASSERT(k->k_flags & IEEE80211_KEY_GROUP); 188 189 *frm++ = IEEE80211_ELEMID_VENDOR; 190 *frm++ = 6 + k->k_len; 191 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 192 *frm++ = IEEE80211_KDE_GTK; 193 *frm = k->k_id & 3; 194 /* 195 * The TxRx flag for sending a GTK is always the opposite of whether 196 * the pairwise key is used for data encryption/integrity or not. 197 */ 198 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 199 *frm |= 1 << 2; /* set the Tx bit */ 200 frm++; 201 *frm++ = 0; /* reserved */ 202 memcpy(frm, k->k_key, k->k_len); 203 return frm + k->k_len; 204 } 205 206 /* 207 * Add a PMKID KDE to an EAPOL-Key frame (see Figure 146). 208 */ 209 u_int8_t * 210 ieee80211_add_pmkid_kde(u_int8_t *frm, const u_int8_t *pmkid) 211 { 212 *frm++ = IEEE80211_ELEMID_VENDOR; 213 *frm++ = 20; 214 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 215 *frm++ = IEEE80211_KDE_PMKID; 216 memcpy(frm, pmkid, IEEE80211_PMKID_LEN); 217 return frm + IEEE80211_PMKID_LEN; 218 } 219 220 /* 221 * Add an IGTK KDE to an EAPOL-Key frame (see Figure 8-32a). 222 */ 223 u_int8_t * 224 ieee80211_add_igtk_kde(u_int8_t *frm, const struct ieee80211_key *k) 225 { 226 KASSERT(k->k_flags & IEEE80211_KEY_IGTK); 227 228 *frm++ = IEEE80211_ELEMID_VENDOR; 229 *frm++ = 4 + 24; 230 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 231 *frm++ = IEEE80211_KDE_IGTK; 232 LE_WRITE_2(frm, k->k_id); frm += 2; 233 LE_WRITE_6(frm, k->k_tsc); frm += 6; /* IPN */ 234 memcpy(frm, k->k_key, 16); 235 return frm + 16; 236 } 237 #endif /* IEEE80211_STA_ONLY */ 238 239 struct mbuf * 240 ieee80211_get_eapol_key(int flags, int type, u_int pktlen) 241 { 242 struct mbuf *m; 243 244 /* reserve space for 802.11 encapsulation and EAPOL-Key header */ 245 pktlen += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN + 246 sizeof(struct ieee80211_eapol_key); 247 248 if (pktlen > MCLBYTES) 249 panic("EAPOL-Key frame too large: %u", pktlen); 250 MGETHDR(m, flags, type); 251 if (m == NULL) 252 return NULL; 253 if (pktlen > MHLEN) { 254 MCLGET(m, flags); 255 if (!(m->m_flags & M_EXT)) 256 return m_free(m); 257 } 258 m->m_data += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN; 259 return m; 260 } 261 262 #ifndef IEEE80211_STA_ONLY 263 /* 264 * Send 4-Way Handshake Message 1 to the supplicant. 265 */ 266 int 267 ieee80211_send_4way_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 268 { 269 struct ieee80211_eapol_key *key; 270 struct mbuf *m; 271 u_int16_t info, keylen; 272 u_int8_t *frm; 273 274 ni->ni_rsn_state = RSNA_PTKSTART; 275 if (++ni->ni_rsn_retries > 3) { 276 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 277 IEEE80211_REASON_4WAY_TIMEOUT); 278 ieee80211_node_leave(ic, ni); 279 return 0; 280 } 281 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 282 (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 2 + 20 : 0); 283 if (m == NULL) 284 return ENOMEM; 285 key = mtod(m, struct ieee80211_eapol_key *); 286 memset(key, 0, sizeof(*key)); 287 288 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK; 289 BE_WRITE_2(key->info, info); 290 291 /* copy the authenticator's nonce (ANonce) */ 292 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 293 294 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 295 BE_WRITE_2(key->keylen, keylen); 296 297 frm = (u_int8_t *)&key[1]; 298 /* NB: WPA does not have PMKID KDE */ 299 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 300 ieee80211_is_8021x_akm(ni->ni_rsnakms)) 301 frm = ieee80211_add_pmkid_kde(frm, ni->ni_pmkid); 302 303 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 304 305 if (ic->ic_if.if_flags & IFF_DEBUG) 306 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 307 ic->ic_if.if_xname, 1, 4, "4-way", 308 ether_sprintf(ni->ni_macaddr)); 309 310 ni->ni_replaycnt++; 311 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 312 313 return ieee80211_send_eapol_key(ic, m, ni, NULL); 314 } 315 #endif /* IEEE80211_STA_ONLY */ 316 317 /* 318 * Send 4-Way Handshake Message 2 to the authenticator. 319 */ 320 int 321 ieee80211_send_4way_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 322 const u_int8_t *replaycnt, const struct ieee80211_ptk *tptk) 323 { 324 struct ieee80211_eapol_key *key; 325 struct mbuf *m; 326 u_int16_t info; 327 u_int8_t *frm; 328 329 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 330 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 331 2 + IEEE80211_WPAIE_MAXLEN : 332 2 + IEEE80211_RSNIE_MAXLEN); 333 if (m == NULL) 334 return ENOMEM; 335 key = mtod(m, struct ieee80211_eapol_key *); 336 memset(key, 0, sizeof(*key)); 337 338 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 339 BE_WRITE_2(key->info, info); 340 341 /* copy key replay counter from Message 1/4 */ 342 memcpy(key->replaycnt, replaycnt, 8); 343 344 /* copy the supplicant's nonce (SNonce) */ 345 memcpy(key->nonce, ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 346 347 frm = (u_int8_t *)&key[1]; 348 /* add the WPA/RSN IE used in the (Re)Association Request */ 349 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 350 int keylen; 351 frm = ieee80211_add_wpa(frm, ic, ni); 352 /* WPA sets the key length field here */ 353 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 354 BE_WRITE_2(key->keylen, keylen); 355 } else /* RSN */ 356 frm = ieee80211_add_rsn(frm, ic, ni); 357 358 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 359 360 if (ic->ic_if.if_flags & IFF_DEBUG) 361 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 362 ic->ic_if.if_xname, 2, 4, "4-way", 363 ether_sprintf(ni->ni_macaddr)); 364 365 return ieee80211_send_eapol_key(ic, m, ni, tptk); 366 } 367 368 #ifndef IEEE80211_STA_ONLY 369 /* 370 * Send 4-Way Handshake Message 3 to the supplicant. 371 */ 372 int 373 ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni) 374 { 375 struct ieee80211_eapol_key *key; 376 struct ieee80211_key *k; 377 struct mbuf *m; 378 u_int16_t info, keylen; 379 u_int8_t *frm; 380 381 ni->ni_rsn_state = RSNA_PTKINITNEGOTIATING; 382 if (++ni->ni_rsn_retries > 3) { 383 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 384 IEEE80211_REASON_4WAY_TIMEOUT); 385 ieee80211_node_leave(ic, ni); 386 return 0; 387 } 388 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) 389 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 390 391 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 392 ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 393 2 + IEEE80211_WPAIE_MAXLEN : 394 2 + IEEE80211_RSNIE_MAXLEN + 2 + 6 + k->k_len + 15) + 395 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); 396 if (m == NULL) 397 return ENOMEM; 398 key = mtod(m, struct ieee80211_eapol_key *); 399 memset(key, 0, sizeof(*key)); 400 401 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC; 402 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 403 info |= EAPOL_KEY_INSTALL; 404 405 /* use same nonce as in Message 1 */ 406 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 407 408 ni->ni_replaycnt++; 409 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 410 411 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 412 BE_WRITE_2(key->keylen, keylen); 413 414 frm = (u_int8_t *)&key[1]; 415 /* add the WPA/RSN IE included in Beacon/Probe Response */ 416 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { 417 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 418 /* encapsulate the GTK */ 419 frm = ieee80211_add_gtk_kde(frm, ni, k); 420 LE_WRITE_6(key->rsc, k->k_tsc); 421 /* encapsulate the IGTK if MFP was negotiated */ 422 if (ni->ni_flags & IEEE80211_NODE_MFP) { 423 frm = ieee80211_add_igtk_kde(frm, 424 &ic->ic_nw_keys[ic->ic_igtk_kid]); 425 } 426 /* ask that the EAPOL-Key frame be encrypted */ 427 info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE; 428 } else /* WPA */ 429 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 430 431 /* write the key info field */ 432 BE_WRITE_2(key->info, info); 433 434 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 435 436 if (ic->ic_if.if_flags & IFF_DEBUG) 437 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 438 ic->ic_if.if_xname, 3, 4, "4-way", 439 ether_sprintf(ni->ni_macaddr)); 440 441 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 442 } 443 #endif /* IEEE80211_STA_ONLY */ 444 445 /* 446 * Send 4-Way Handshake Message 4 to the authenticator. 447 */ 448 int 449 ieee80211_send_4way_msg4(struct ieee80211com *ic, struct ieee80211_node *ni) 450 { 451 struct ieee80211_eapol_key *key; 452 struct mbuf *m; 453 u_int16_t info; 454 455 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 456 if (m == NULL) 457 return ENOMEM; 458 key = mtod(m, struct ieee80211_eapol_key *); 459 memset(key, 0, sizeof(*key)); 460 461 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 462 463 /* copy key replay counter from authenticator */ 464 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 465 466 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 467 int keylen; 468 /* WPA sets the key length field here */ 469 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 470 BE_WRITE_2(key->keylen, keylen); 471 } else 472 info |= EAPOL_KEY_SECURE; 473 474 /* write the key info field */ 475 BE_WRITE_2(key->info, info); 476 477 /* empty key data field */ 478 m->m_pkthdr.len = m->m_len = sizeof(*key); 479 480 if (ic->ic_if.if_flags & IFF_DEBUG) 481 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 482 ic->ic_if.if_xname, 4, 4, "4-way", 483 ether_sprintf(ni->ni_macaddr)); 484 485 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 486 } 487 488 #ifndef IEEE80211_STA_ONLY 489 /* 490 * Send Group Key Handshake Message 1 to the supplicant. 491 */ 492 int 493 ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 494 { 495 struct ieee80211_eapol_key *key; 496 const struct ieee80211_key *k; 497 struct mbuf *m; 498 u_int16_t info; 499 u_int8_t *frm; 500 501 ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; 502 if (++ni->ni_rsn_retries > 3) { 503 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 504 IEEE80211_REASON_GROUP_TIMEOUT); 505 ieee80211_node_leave(ic, ni); 506 return 0; 507 } 508 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 509 510 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 511 ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 512 k->k_len : 2 + 6 + k->k_len) + 513 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0) + 514 15); 515 if (m == NULL) 516 return ENOMEM; 517 key = mtod(m, struct ieee80211_eapol_key *); 518 memset(key, 0, sizeof(*key)); 519 520 info = EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE | 521 EAPOL_KEY_ENCRYPTED; 522 523 ni->ni_replaycnt++; 524 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 525 526 frm = (u_int8_t *)&key[1]; 527 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 528 /* WPA does not have GTK KDE */ 529 BE_WRITE_2(key->keylen, k->k_len); 530 memcpy(frm, k->k_key, k->k_len); 531 frm += k->k_len; 532 info |= (k->k_id & 0x3) << EAPOL_KEY_WPA_KID_SHIFT; 533 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 534 info |= EAPOL_KEY_WPA_TX; 535 } else { /* RSN */ 536 frm = ieee80211_add_gtk_kde(frm, ni, k); 537 if (ni->ni_flags & IEEE80211_NODE_MFP) { 538 frm = ieee80211_add_igtk_kde(frm, 539 &ic->ic_nw_keys[ic->ic_igtk_kid]); 540 } 541 } 542 /* RSC = last transmit sequence number for the GTK */ 543 LE_WRITE_6(key->rsc, k->k_tsc); 544 545 /* write the key info field */ 546 BE_WRITE_2(key->info, info); 547 548 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 549 550 if (ic->ic_if.if_flags & IFF_DEBUG) 551 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 552 ic->ic_if.if_xname, 1, 2, "group key", 553 ether_sprintf(ni->ni_macaddr)); 554 555 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 556 } 557 #endif /* IEEE80211_STA_ONLY */ 558 559 /* 560 * Send Group Key Handshake Message 2 to the authenticator. 561 */ 562 int 563 ieee80211_send_group_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 564 const struct ieee80211_key *k) 565 { 566 struct ieee80211_eapol_key *key; 567 u_int16_t info; 568 struct mbuf *m; 569 570 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 571 if (m == NULL) 572 return ENOMEM; 573 key = mtod(m, struct ieee80211_eapol_key *); 574 memset(key, 0, sizeof(*key)); 575 576 info = EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE; 577 578 /* copy key replay counter from authenticator */ 579 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 580 581 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 582 /* WPA sets the key length and key id fields here */ 583 BE_WRITE_2(key->keylen, k->k_len); 584 info |= (k->k_id & 3) << EAPOL_KEY_WPA_KID_SHIFT; 585 } 586 587 /* write the key info field */ 588 BE_WRITE_2(key->info, info); 589 590 /* empty key data field */ 591 m->m_pkthdr.len = m->m_len = sizeof(*key); 592 593 if (ic->ic_if.if_flags & IFF_DEBUG) 594 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 595 ic->ic_if.if_xname, 2, 2, "group key", 596 ether_sprintf(ni->ni_macaddr)); 597 598 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 599 } 600 601 /* 602 * EAPOL-Key Request frames are sent by the supplicant to request that the 603 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 604 * or to report a MIC failure in a TKIP MSDU. 605 */ 606 int 607 ieee80211_send_eapol_key_req(struct ieee80211com *ic, 608 struct ieee80211_node *ni, u_int16_t info, u_int64_t tsc) 609 { 610 struct ieee80211_eapol_key *key; 611 struct mbuf *m; 612 613 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 614 if (m == NULL) 615 return ENOMEM; 616 key = mtod(m, struct ieee80211_eapol_key *); 617 memset(key, 0, sizeof(*key)); 618 619 info |= EAPOL_KEY_REQUEST; 620 BE_WRITE_2(key->info, info); 621 622 /* in case of TKIP MIC failure, fill the RSC field */ 623 if (info & EAPOL_KEY_ERROR) 624 LE_WRITE_6(key->rsc, tsc); 625 626 /* use our separate key replay counter for key requests */ 627 BE_WRITE_8(key->replaycnt, ni->ni_reqreplaycnt); 628 ni->ni_reqreplaycnt++; 629 630 if (ic->ic_if.if_flags & IFF_DEBUG) 631 printf("%s: sending EAPOL-Key request to %s\n", 632 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 633 634 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 635 } 636