1 /* $OpenBSD: ieee80211_pae_output.c,v 1.29 2017/03/01 19:28:48 stsp Exp $ */ 2 3 /*- 4 * Copyright (c) 2007,2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements the 4-Way Handshake and Group Key Handshake protocols 21 * (both Supplicant and Authenticator Key Transmit state machines) defined in 22 * IEEE Std 802.11-2007 section 8.5. 23 */ 24 25 #include <sys/param.h> 26 #include <sys/systm.h> 27 #include <sys/mbuf.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/sockio.h> 31 #include <sys/endian.h> 32 #include <sys/errno.h> 33 34 #include <net/if.h> 35 #include <net/if_dl.h> 36 #include <net/if_media.h> 37 #include <net/if_llc.h> 38 39 #include <netinet/in.h> 40 #include <netinet/if_ether.h> 41 #include <netinet/ip.h> 42 43 #include <net80211/ieee80211_var.h> 44 #include <net80211/ieee80211_priv.h> 45 46 int ieee80211_send_eapol_key(struct ieee80211com *, struct mbuf *, 47 struct ieee80211_node *, const struct ieee80211_ptk *); 48 #ifndef IEEE80211_STA_ONLY 49 u_int8_t *ieee80211_add_gtk_kde(u_int8_t *, struct ieee80211_node *, 50 const struct ieee80211_key *); 51 u_int8_t *ieee80211_add_pmkid_kde(u_int8_t *, const u_int8_t *); 52 u_int8_t *ieee80211_add_igtk_kde(u_int8_t *, 53 const struct ieee80211_key *); 54 #endif 55 struct mbuf *ieee80211_get_eapol_key(int, int, u_int); 56 57 /* 58 * Send an EAPOL-Key frame to node `ni'. If MIC or encryption is required, 59 * the PTK must be passed (otherwise it can be set to NULL.) 60 */ 61 int 62 ieee80211_send_eapol_key(struct ieee80211com *ic, struct mbuf *m, 63 struct ieee80211_node *ni, const struct ieee80211_ptk *ptk) 64 { 65 struct ifnet *ifp = &ic->ic_if; 66 struct ether_header *eh; 67 struct ieee80211_eapol_key *key; 68 u_int16_t info; 69 int len; 70 71 M_PREPEND(m, sizeof(struct ether_header), M_DONTWAIT); 72 if (m == NULL) 73 return ENOMEM; 74 /* no need to m_pullup here (ok by construction) */ 75 eh = mtod(m, struct ether_header *); 76 eh->ether_type = htons(ETHERTYPE_PAE); 77 IEEE80211_ADDR_COPY(eh->ether_shost, ic->ic_myaddr); 78 IEEE80211_ADDR_COPY(eh->ether_dhost, ni->ni_macaddr); 79 80 key = (struct ieee80211_eapol_key *)&eh[1]; 81 key->version = EAPOL_VERSION; 82 key->type = EAPOL_KEY; 83 key->desc = (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 84 EAPOL_KEY_DESC_IEEE80211 : EAPOL_KEY_DESC_WPA; 85 86 info = BE_READ_2(key->info); 87 /* use V3 descriptor if KDF is SHA256-based */ 88 if (ieee80211_is_sha256_akm(ni->ni_rsnakms)) 89 info |= EAPOL_KEY_DESC_V3; 90 /* use V2 descriptor if pairwise or group cipher is CCMP */ 91 else if (ni->ni_rsncipher == IEEE80211_CIPHER_CCMP || 92 ni->ni_rsngroupcipher == IEEE80211_CIPHER_CCMP) 93 info |= EAPOL_KEY_DESC_V2; 94 else 95 info |= EAPOL_KEY_DESC_V1; 96 BE_WRITE_2(key->info, info); 97 98 len = m->m_len - sizeof(struct ether_header); 99 BE_WRITE_2(key->paylen, len - sizeof(*key)); 100 BE_WRITE_2(key->len, len - 4); 101 102 #ifndef IEEE80211_STA_ONLY 103 if (info & EAPOL_KEY_ENCRYPTED) { 104 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 105 /* clear "Encrypted" bit for WPA */ 106 info &= ~EAPOL_KEY_ENCRYPTED; 107 BE_WRITE_2(key->info, info); 108 } 109 ieee80211_eapol_key_encrypt(ic, key, ptk->kek); 110 111 if ((info & EAPOL_KEY_VERSION_MASK) != EAPOL_KEY_DESC_V1) { 112 /* AES Key Wrap adds 8 bytes + padding */ 113 m->m_pkthdr.len = m->m_len = 114 sizeof(*eh) + 4 + BE_READ_2(key->len); 115 } 116 } 117 #endif 118 if (info & EAPOL_KEY_KEYMIC) 119 ieee80211_eapol_key_mic(key, ptk->kck); 120 121 #ifndef IEEE80211_STA_ONLY 122 /* start a 100ms timeout if an answer is expected from supplicant */ 123 if (info & EAPOL_KEY_KEYACK) 124 timeout_add_msec(&ni->ni_eapol_to, 100); 125 #endif 126 return if_enqueue(ifp, m); 127 } 128 129 #ifndef IEEE80211_STA_ONLY 130 /* 131 * Handle EAPOL-Key timeouts (no answer from supplicant). 132 */ 133 void 134 ieee80211_eapol_timeout(void *arg) 135 { 136 struct ieee80211_node *ni = arg; 137 struct ieee80211com *ic = ni->ni_ic; 138 int s; 139 140 DPRINTF(("no answer from station %s in state %d\n", 141 ether_sprintf(ni->ni_macaddr), ni->ni_rsn_state)); 142 143 s = splnet(); 144 145 switch (ni->ni_rsn_state) { 146 case RSNA_PTKSTART: 147 case RSNA_PTKCALCNEGOTIATING: 148 (void)ieee80211_send_4way_msg1(ic, ni); 149 break; 150 case RSNA_PTKINITNEGOTIATING: 151 (void)ieee80211_send_4way_msg3(ic, ni); 152 break; 153 } 154 155 switch (ni->ni_rsn_gstate) { 156 case RSNA_REKEYNEGOTIATING: 157 (void)ieee80211_send_group_msg1(ic, ni); 158 break; 159 } 160 161 splx(s); 162 } 163 164 /* 165 * Add a GTK KDE to an EAPOL-Key frame (see Figure 144). 166 */ 167 u_int8_t * 168 ieee80211_add_gtk_kde(u_int8_t *frm, struct ieee80211_node *ni, 169 const struct ieee80211_key *k) 170 { 171 KASSERT(k->k_flags & IEEE80211_KEY_GROUP); 172 173 *frm++ = IEEE80211_ELEMID_VENDOR; 174 *frm++ = 6 + k->k_len; 175 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 176 *frm++ = IEEE80211_KDE_GTK; 177 *frm = k->k_id & 3; 178 /* 179 * The TxRx flag for sending a GTK is always the opposite of whether 180 * the pairwise key is used for data encryption/integrity or not. 181 */ 182 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 183 *frm |= 1 << 2; /* set the Tx bit */ 184 frm++; 185 *frm++ = 0; /* reserved */ 186 memcpy(frm, k->k_key, k->k_len); 187 return frm + k->k_len; 188 } 189 190 /* 191 * Add a PMKID KDE to an EAPOL-Key frame (see Figure 146). 192 */ 193 u_int8_t * 194 ieee80211_add_pmkid_kde(u_int8_t *frm, const u_int8_t *pmkid) 195 { 196 *frm++ = IEEE80211_ELEMID_VENDOR; 197 *frm++ = 20; 198 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 199 *frm++ = IEEE80211_KDE_PMKID; 200 memcpy(frm, pmkid, IEEE80211_PMKID_LEN); 201 return frm + IEEE80211_PMKID_LEN; 202 } 203 204 /* 205 * Add an IGTK KDE to an EAPOL-Key frame (see Figure 8-32a). 206 */ 207 u_int8_t * 208 ieee80211_add_igtk_kde(u_int8_t *frm, const struct ieee80211_key *k) 209 { 210 KASSERT(k->k_flags & IEEE80211_KEY_IGTK); 211 212 *frm++ = IEEE80211_ELEMID_VENDOR; 213 *frm++ = 4 + 24; 214 memcpy(frm, IEEE80211_OUI, 3); frm += 3; 215 *frm++ = IEEE80211_KDE_IGTK; 216 LE_WRITE_2(frm, k->k_id); frm += 2; 217 LE_WRITE_6(frm, k->k_tsc); frm += 6; /* IPN */ 218 memcpy(frm, k->k_key, 16); 219 return frm + 16; 220 } 221 #endif /* IEEE80211_STA_ONLY */ 222 223 struct mbuf * 224 ieee80211_get_eapol_key(int flags, int type, u_int pktlen) 225 { 226 struct mbuf *m; 227 228 /* reserve space for 802.11 encapsulation and EAPOL-Key header */ 229 pktlen += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN + 230 sizeof(struct ieee80211_eapol_key); 231 232 if (pktlen > MCLBYTES) 233 panic("EAPOL-Key frame too large: %u", pktlen); 234 MGETHDR(m, flags, type); 235 if (m == NULL) 236 return NULL; 237 if (pktlen > MHLEN) { 238 MCLGET(m, flags); 239 if (!(m->m_flags & M_EXT)) 240 return m_free(m); 241 } 242 m->m_data += sizeof(struct ieee80211_frame) + LLC_SNAPFRAMELEN; 243 return m; 244 } 245 246 #ifndef IEEE80211_STA_ONLY 247 /* 248 * Send 4-Way Handshake Message 1 to the supplicant. 249 */ 250 int 251 ieee80211_send_4way_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 252 { 253 struct ieee80211_eapol_key *key; 254 struct mbuf *m; 255 u_int16_t info, keylen; 256 u_int8_t *frm; 257 258 ni->ni_rsn_state = RSNA_PTKSTART; 259 if (++ni->ni_rsn_retries > 3) { 260 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 261 IEEE80211_REASON_4WAY_TIMEOUT); 262 ieee80211_node_leave(ic, ni); 263 return 0; 264 } 265 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 266 (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 2 + 20 : 0); 267 if (m == NULL) 268 return ENOMEM; 269 key = mtod(m, struct ieee80211_eapol_key *); 270 memset(key, 0, sizeof(*key)); 271 272 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK; 273 BE_WRITE_2(key->info, info); 274 275 /* copy the authenticator's nonce (ANonce) */ 276 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 277 278 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 279 BE_WRITE_2(key->keylen, keylen); 280 281 frm = (u_int8_t *)&key[1]; 282 /* NB: WPA does not have PMKID KDE */ 283 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 284 ieee80211_is_8021x_akm(ni->ni_rsnakms)) 285 frm = ieee80211_add_pmkid_kde(frm, ni->ni_pmkid); 286 287 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 288 289 if (ic->ic_if.if_flags & IFF_DEBUG) 290 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 291 ic->ic_if.if_xname, 1, 4, "4-way", 292 ether_sprintf(ni->ni_macaddr)); 293 294 ni->ni_replaycnt++; 295 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 296 297 return ieee80211_send_eapol_key(ic, m, ni, NULL); 298 } 299 #endif /* IEEE80211_STA_ONLY */ 300 301 /* 302 * Send 4-Way Handshake Message 2 to the authenticator. 303 */ 304 int 305 ieee80211_send_4way_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 306 const u_int8_t *replaycnt, const struct ieee80211_ptk *tptk) 307 { 308 struct ieee80211_eapol_key *key; 309 struct mbuf *m; 310 u_int16_t info; 311 u_int8_t *frm; 312 313 ni->ni_rsn_supp_state = RSNA_SUPP_PTKNEGOTIATING; 314 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 315 (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 316 2 + IEEE80211_WPAIE_MAXLEN : 317 2 + IEEE80211_RSNIE_MAXLEN); 318 if (m == NULL) 319 return ENOMEM; 320 key = mtod(m, struct ieee80211_eapol_key *); 321 memset(key, 0, sizeof(*key)); 322 323 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 324 BE_WRITE_2(key->info, info); 325 326 /* copy key replay counter from Message 1/4 */ 327 memcpy(key->replaycnt, replaycnt, 8); 328 329 /* copy the supplicant's nonce (SNonce) */ 330 memcpy(key->nonce, ic->ic_nonce, EAPOL_KEY_NONCE_LEN); 331 332 frm = (u_int8_t *)&key[1]; 333 /* add the WPA/RSN IE used in the (Re)Association Request */ 334 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 335 int keylen; 336 frm = ieee80211_add_wpa(frm, ic, ni); 337 /* WPA sets the key length field here */ 338 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 339 BE_WRITE_2(key->keylen, keylen); 340 } else /* RSN */ 341 frm = ieee80211_add_rsn(frm, ic, ni); 342 343 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 344 345 if (ic->ic_if.if_flags & IFF_DEBUG) 346 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 347 ic->ic_if.if_xname, 2, 4, "4-way", 348 ether_sprintf(ni->ni_macaddr)); 349 350 return ieee80211_send_eapol_key(ic, m, ni, tptk); 351 } 352 353 #ifndef IEEE80211_STA_ONLY 354 /* 355 * Send 4-Way Handshake Message 3 to the supplicant. 356 */ 357 int 358 ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni) 359 { 360 struct ieee80211_eapol_key *key; 361 struct ieee80211_key *k = NULL; 362 struct mbuf *m; 363 u_int16_t info, keylen; 364 u_int8_t *frm; 365 366 ni->ni_rsn_state = RSNA_PTKINITNEGOTIATING; 367 if (++ni->ni_rsn_retries > 3) { 368 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 369 IEEE80211_REASON_4WAY_TIMEOUT); 370 ieee80211_node_leave(ic, ni); 371 return 0; 372 } 373 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { 374 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 375 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 376 2 + IEEE80211_RSNIE_MAXLEN + 2 + 6 + k->k_len + 15 + 377 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); 378 } else { /* WPA */ 379 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 380 2 + IEEE80211_WPAIE_MAXLEN + 381 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); 382 } 383 if (m == NULL) 384 return ENOMEM; 385 key = mtod(m, struct ieee80211_eapol_key *); 386 memset(key, 0, sizeof(*key)); 387 388 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC; 389 if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) 390 info |= EAPOL_KEY_INSTALL; 391 392 /* use same nonce as in Message 1 */ 393 memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 394 395 ni->ni_replaycnt++; 396 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 397 398 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 399 BE_WRITE_2(key->keylen, keylen); 400 401 frm = (u_int8_t *)&key[1]; 402 /* add the WPA/RSN IE included in Beacon/Probe Response */ 403 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { 404 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 405 /* encapsulate the GTK */ 406 frm = ieee80211_add_gtk_kde(frm, ni, k); 407 LE_WRITE_6(key->rsc, k->k_tsc); 408 /* encapsulate the IGTK if MFP was negotiated */ 409 if (ni->ni_flags & IEEE80211_NODE_MFP) { 410 frm = ieee80211_add_igtk_kde(frm, 411 &ic->ic_nw_keys[ic->ic_igtk_kid]); 412 } 413 /* ask that the EAPOL-Key frame be encrypted */ 414 info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE; 415 } else /* WPA */ 416 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 417 418 /* write the key info field */ 419 BE_WRITE_2(key->info, info); 420 421 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 422 423 if (ic->ic_if.if_flags & IFF_DEBUG) 424 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 425 ic->ic_if.if_xname, 3, 4, "4-way", 426 ether_sprintf(ni->ni_macaddr)); 427 428 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 429 } 430 #endif /* IEEE80211_STA_ONLY */ 431 432 /* 433 * Send 4-Way Handshake Message 4 to the authenticator. 434 */ 435 int 436 ieee80211_send_4way_msg4(struct ieee80211com *ic, struct ieee80211_node *ni) 437 { 438 struct ieee80211_eapol_key *key; 439 struct mbuf *m; 440 u_int16_t info; 441 442 ni->ni_rsn_supp_state = RNSA_SUPP_PTKDONE; 443 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 444 if (m == NULL) 445 return ENOMEM; 446 key = mtod(m, struct ieee80211_eapol_key *); 447 memset(key, 0, sizeof(*key)); 448 449 info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC; 450 451 /* copy key replay counter from authenticator */ 452 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 453 454 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 455 int keylen; 456 /* WPA sets the key length field here */ 457 keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); 458 BE_WRITE_2(key->keylen, keylen); 459 } else 460 info |= EAPOL_KEY_SECURE; 461 462 /* write the key info field */ 463 BE_WRITE_2(key->info, info); 464 465 /* empty key data field */ 466 m->m_pkthdr.len = m->m_len = sizeof(*key); 467 468 if (ic->ic_if.if_flags & IFF_DEBUG) 469 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 470 ic->ic_if.if_xname, 4, 4, "4-way", 471 ether_sprintf(ni->ni_macaddr)); 472 473 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 474 } 475 476 #ifndef IEEE80211_STA_ONLY 477 /* 478 * Send Group Key Handshake Message 1 to the supplicant. 479 */ 480 int 481 ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) 482 { 483 struct ieee80211_eapol_key *key; 484 const struct ieee80211_key *k; 485 struct mbuf *m; 486 u_int16_t info; 487 u_int8_t *frm; 488 u_int8_t kid; 489 490 ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; 491 if (++ni->ni_rsn_retries > 3) { 492 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 493 IEEE80211_REASON_GROUP_TIMEOUT); 494 ieee80211_node_leave(ic, ni); 495 return 0; 496 } 497 if (ni->ni_flags & IEEE80211_NODE_REKEY) 498 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 499 else 500 kid = ic->ic_def_txkey; 501 k = &ic->ic_nw_keys[kid]; 502 503 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 504 ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? 505 k->k_len : 2 + 6 + k->k_len) + 506 ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0) + 507 15); 508 if (m == NULL) 509 return ENOMEM; 510 key = mtod(m, struct ieee80211_eapol_key *); 511 memset(key, 0, sizeof(*key)); 512 513 info = EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE | 514 EAPOL_KEY_ENCRYPTED; 515 516 ni->ni_replaycnt++; 517 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 518 519 frm = (u_int8_t *)&key[1]; 520 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 521 /* WPA does not have GTK KDE */ 522 BE_WRITE_2(key->keylen, k->k_len); 523 memcpy(frm, k->k_key, k->k_len); 524 frm += k->k_len; 525 info |= (k->k_id & 0x3) << EAPOL_KEY_WPA_KID_SHIFT; 526 if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) 527 info |= EAPOL_KEY_WPA_TX; 528 } else { /* RSN */ 529 frm = ieee80211_add_gtk_kde(frm, ni, k); 530 if (ni->ni_flags & IEEE80211_NODE_MFP) { 531 if (ni->ni_flags & IEEE80211_NODE_REKEY) 532 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 533 else 534 kid = ic->ic_igtk_kid; 535 frm = ieee80211_add_igtk_kde(frm, 536 &ic->ic_nw_keys[kid]); 537 } 538 } 539 /* RSC = last transmit sequence number for the GTK */ 540 LE_WRITE_6(key->rsc, k->k_tsc); 541 542 /* write the key info field */ 543 BE_WRITE_2(key->info, info); 544 545 m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; 546 547 if (ic->ic_if.if_flags & IFF_DEBUG) 548 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 549 ic->ic_if.if_xname, 1, 2, "group key", 550 ether_sprintf(ni->ni_macaddr)); 551 552 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 553 } 554 #endif /* IEEE80211_STA_ONLY */ 555 556 /* 557 * Send Group Key Handshake Message 2 to the authenticator. 558 */ 559 int 560 ieee80211_send_group_msg2(struct ieee80211com *ic, struct ieee80211_node *ni, 561 const struct ieee80211_key *k) 562 { 563 struct ieee80211_eapol_key *key; 564 u_int16_t info; 565 struct mbuf *m; 566 567 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 568 if (m == NULL) 569 return ENOMEM; 570 key = mtod(m, struct ieee80211_eapol_key *); 571 memset(key, 0, sizeof(*key)); 572 573 info = EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE; 574 575 /* copy key replay counter from authenticator */ 576 BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); 577 578 if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { 579 /* WPA sets the key length and key id fields here */ 580 BE_WRITE_2(key->keylen, k->k_len); 581 info |= (k->k_id & 3) << EAPOL_KEY_WPA_KID_SHIFT; 582 } 583 584 /* write the key info field */ 585 BE_WRITE_2(key->info, info); 586 587 /* empty key data field */ 588 m->m_pkthdr.len = m->m_len = sizeof(*key); 589 590 if (ic->ic_if.if_flags & IFF_DEBUG) 591 printf("%s: sending msg %d/%d of the %s handshake to %s\n", 592 ic->ic_if.if_xname, 2, 2, "group key", 593 ether_sprintf(ni->ni_macaddr)); 594 595 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 596 } 597 598 /* 599 * EAPOL-Key Request frames are sent by the supplicant to request that the 600 * authenticator initiates either a 4-Way Handshake or Group Key Handshake, 601 * or to report a MIC failure in a TKIP MSDU. 602 */ 603 int 604 ieee80211_send_eapol_key_req(struct ieee80211com *ic, 605 struct ieee80211_node *ni, u_int16_t info, u_int64_t tsc) 606 { 607 struct ieee80211_eapol_key *key; 608 struct mbuf *m; 609 610 m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 0); 611 if (m == NULL) 612 return ENOMEM; 613 key = mtod(m, struct ieee80211_eapol_key *); 614 memset(key, 0, sizeof(*key)); 615 616 info |= EAPOL_KEY_REQUEST; 617 BE_WRITE_2(key->info, info); 618 619 /* in case of TKIP MIC failure, fill the RSC field */ 620 if (info & EAPOL_KEY_ERROR) 621 LE_WRITE_6(key->rsc, tsc); 622 623 /* use our separate key replay counter for key requests */ 624 BE_WRITE_8(key->replaycnt, ni->ni_reqreplaycnt); 625 ni->ni_reqreplaycnt++; 626 627 /* empty key data field */ 628 m->m_pkthdr.len = m->m_len = sizeof(*key); 629 630 if (ic->ic_if.if_flags & IFF_DEBUG) 631 printf("%s: sending EAPOL-Key request to %s\n", 632 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 633 634 return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); 635 } 636