61 |
61 |
62 m_authentication_type = authentication_type; |
62 m_authentication_type = authentication_type; |
63 m_eapol_pairwise_cipher = eapol_pairwise_cipher; |
63 m_eapol_pairwise_cipher = eapol_pairwise_cipher; |
64 m_eapol_group_cipher = eapol_group_cipher; |
64 m_eapol_group_cipher = eapol_group_cipher; |
65 |
65 |
66 eapol_key_state_string_c state_string; |
|
67 EAP_TRACE_DEBUG( |
66 EAP_TRACE_DEBUG( |
68 m_am_tools, |
67 m_am_tools, |
69 TRACE_FLAGS_DEFAULT, |
68 TRACE_FLAGS_DEFAULT, |
70 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::save_parameters(): m_authentication_type=%s, ") |
69 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::save_parameters(): m_authentication_type=%s, ") |
71 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
70 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
72 (m_is_client == true) ? "client": "server", |
71 (m_is_client == true) ? "client": "server", |
73 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
72 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
74 m_eapol_pairwise_cipher, |
73 m_eapol_pairwise_cipher, |
75 m_eapol_group_cipher)); |
74 m_eapol_group_cipher)); |
76 |
75 |
77 |
76 |
78 if (get_is_RSNA() == true |
77 if (get_is_RSNA() == true |
228 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::initialize(): illegal group cipher suite %d.\n"), |
227 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::initialize(): illegal group cipher suite %d.\n"), |
229 m_eapol_group_cipher)); |
228 m_eapol_group_cipher)); |
230 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
229 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
231 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_cipher_suite); |
230 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_cipher_suite); |
232 } |
231 } |
233 else if (m_authentication_type == eapol_key_authentication_type_802_1X) |
232 else if (m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
|
233 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
234 ) |
234 { |
235 { |
235 // OK, cannot check the pairwise and group ciphers. |
236 // OK, cannot check the pairwise and group ciphers. |
236 // AP will tell these in the EAPOL RC4 Key message. |
237 // AP will tell these in the EAPOL RC4 Key message. |
237 } |
238 } |
238 |
239 |
274 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
275 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
275 return EAP_STATUS_RETURN(m_am_tools, status); |
276 return EAP_STATUS_RETURN(m_am_tools, status); |
276 } |
277 } |
277 } |
278 } |
278 |
279 |
279 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
280 { |
280 { |
281 m_is_associated = true; |
281 m_is_associated = true; |
282 |
282 |
283 EAP_TRACE_DEBUG( |
283 EAP_TRACE_DEBUG( |
284 m_am_tools, |
284 m_am_tools, |
285 TRACE_FLAGS_DEFAULT, |
285 TRACE_FLAGS_DEFAULT, |
286 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize(): m_is_associated=%s.\n"), |
286 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize(): m_is_associated=%s.\n"), |
287 (m_is_client == true) ? "client": "server", |
287 (m_is_client == true) ? "client": "server", |
288 (m_is_associated == true) ? "true": "false")); |
288 (m_is_associated == true) ? "true": "false")); |
289 } |
289 } |
290 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
291 |
290 |
292 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
291 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
293 } |
292 } |
294 |
293 |
295 //-------------------------------------------------- |
294 //-------------------------------------------------- |
296 |
|
297 #if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
298 |
295 |
299 // |
296 // |
300 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::initialize( |
297 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::initialize( |
301 const eap_am_network_id_c * const receive_network_id, |
298 const eap_am_network_id_c * const receive_network_id, |
302 const eapol_key_authentication_type_e authentication_type) |
299 const eapol_key_authentication_type_e authentication_type) |
325 set_eapol_key_state(eapol_key_state_none); |
322 set_eapol_key_state(eapol_key_state_none); |
326 m_eapol_key_handshake_type = eapol_key_handshake_type_none; |
323 m_eapol_key_handshake_type = eapol_key_handshake_type_none; |
327 |
324 |
328 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
325 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
329 |
326 |
330 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
331 // Creates SNonce. This is done here in early phase of authentication. |
327 // Creates SNonce. This is done here in early phase of authentication. |
332 // This will reduce the CPU load when time critical first message |
328 // This will reduce the CPU load when time critical first message |
333 // of 4-Way handshake is processed. |
329 // of 4-Way handshake is processed. |
334 status = create_nonce(&m_SNonce, EAPOL_RSNA_NONCE_LENGTH_BYTES); |
330 status = create_nonce(&m_SNonce, EAPOL_RSNA_NONCE_LENGTH_BYTES); |
335 if (status != eap_status_ok) |
331 if (status != eap_status_ok) |
336 { |
332 { |
337 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
333 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
338 return EAP_STATUS_RETURN(m_am_tools, status); |
334 return EAP_STATUS_RETURN(m_am_tools, status); |
339 } |
335 } |
340 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
341 |
336 |
342 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
337 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
343 |
338 |
344 |
339 |
345 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
340 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
346 } |
341 } |
347 |
|
348 #endif //#if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
349 |
342 |
350 //-------------------------------------------------- |
343 //-------------------------------------------------- |
351 |
344 |
352 // |
345 // |
353 eap_status_e eapol_key_state_c::set_mac_addresses( |
346 eap_status_e eapol_key_state_c::set_mac_addresses( |
518 , m_skip_PMKID_key_data_in_message_1(false) |
511 , m_skip_PMKID_key_data_in_message_1(false) |
519 , m_allow_non_zero_mic_and_reserved_in_message_1(false) |
512 , m_allow_non_zero_mic_and_reserved_in_message_1(false) |
520 , m_indicate_pmkid_to_lower_layer(false) |
513 , m_indicate_pmkid_to_lower_layer(false) |
521 , m_handshake_timeout_set(false) |
514 , m_handshake_timeout_set(false) |
522 , m_server_TEST_group_key_update(false) |
515 , m_server_TEST_group_key_update(false) |
523 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
524 , m_is_associated(false) |
516 , m_is_associated(false) |
525 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
526 { |
517 { |
527 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
518 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
528 |
519 |
529 EAP_UNREFERENCED_PARAMETER(receive_network_id); |
520 EAP_UNREFERENCED_PARAMETER(receive_network_id); |
530 EAP_UNREFERENCED_PARAMETER(authenticator_RSNA_IE); |
521 EAP_UNREFERENCED_PARAMETER(authenticator_RSNA_IE); |
613 , m_skip_PMKID_key_data_in_message_1(false) |
604 , m_skip_PMKID_key_data_in_message_1(false) |
614 , m_allow_non_zero_mic_and_reserved_in_message_1(false) |
605 , m_allow_non_zero_mic_and_reserved_in_message_1(false) |
615 , m_indicate_pmkid_to_lower_layer(false) |
606 , m_indicate_pmkid_to_lower_layer(false) |
616 , m_handshake_timeout_set(false) |
607 , m_handshake_timeout_set(false) |
617 , m_server_TEST_group_key_update(false) |
608 , m_server_TEST_group_key_update(false) |
618 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
619 , m_is_associated(false) |
609 , m_is_associated(false) |
620 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
621 { |
610 { |
622 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
611 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
623 |
612 |
624 EAP_TRACE_DEBUG( |
613 EAP_TRACE_DEBUG( |
625 m_am_tools, |
614 m_am_tools, |
952 const eapol_key_authentication_type_e authentication_type |
941 const eapol_key_authentication_type_e authentication_type |
953 ) |
942 ) |
954 { |
943 { |
955 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
944 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
956 |
945 |
957 eapol_key_state_string_c state_string; |
|
958 EAP_TRACE_DEBUG( |
946 EAP_TRACE_DEBUG( |
959 m_am_tools, |
947 m_am_tools, |
960 TRACE_FLAGS_DEFAULT, |
948 TRACE_FLAGS_DEFAULT, |
961 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
949 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
962 (m_is_client == true) ? "client": "server", |
950 (m_is_client == true) ? "client": "server", |
963 this, |
951 this, |
964 get_eapol_key_state(), |
952 get_eapol_key_state(), |
965 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
953 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
966 m_authentication_type, |
954 m_authentication_type, |
967 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
955 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
968 |
956 |
969 eap_status_e status = m_pairwise_PMK_WPXK3.set_copy_of_buffer(pairwise_PMK_WPXK3); |
957 eap_status_e status = m_pairwise_PMK_WPXK3.set_copy_of_buffer(pairwise_PMK_WPXK3); |
970 if (status != eap_status_ok) |
958 if (status != eap_status_ok) |
971 { |
959 { |
972 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
960 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1047 m_am_tools, |
1035 m_am_tools, |
1048 TRACE_FLAGS_DEFAULT, |
1036 TRACE_FLAGS_DEFAULT, |
1049 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): m_authentication_type=%s, ") |
1037 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): m_authentication_type=%s, ") |
1050 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
1038 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
1051 (m_is_client == true) ? "client": "server", |
1039 (m_is_client == true) ? "client": "server", |
1052 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
1040 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
1053 m_eapol_pairwise_cipher, |
1041 m_eapol_pairwise_cipher, |
1054 m_eapol_group_cipher)); |
1042 m_eapol_group_cipher)); |
1055 |
1043 |
1056 |
1044 |
1057 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1045 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1146 (void) EAP_STATUS_RETURN(m_am_tools, status); |
1134 (void) EAP_STATUS_RETURN(m_am_tools, status); |
1147 return 0; |
1135 return 0; |
1148 } |
1136 } |
1149 |
1137 |
1150 |
1138 |
1151 #if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1152 |
|
1153 status = new_state->initialize( |
1139 status = new_state->initialize( |
1154 receive_network_id, |
1140 receive_network_id, |
1155 m_authentication_type); |
1141 m_authentication_type); |
1156 if (status != eap_status_ok) |
1142 if (status != eap_status_ok) |
1157 { |
1143 { |
1158 new_state->shutdown(); |
1144 new_state->shutdown(); |
1159 delete new_state; |
1145 delete new_state; |
1160 (void) EAP_STATUS_RETURN(m_am_tools, status); |
1146 (void) EAP_STATUS_RETURN(m_am_tools, status); |
1161 return 0; |
1147 return 0; |
1162 } |
1148 } |
1163 |
|
1164 #endif //#if defined(USE_EAPOL_KEY_STATE) && defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1165 |
|
1166 |
1149 |
1167 eapol_key_handshake_type_e eapol_key_handshake_type(m_eapol_key_handshake_type); |
1150 eapol_key_handshake_type_e eapol_key_handshake_type(m_eapol_key_handshake_type); |
1168 |
1151 |
1169 eapol_key_authentication_type_e authentication_type(m_authentication_type); |
1152 eapol_key_authentication_type_e authentication_type(m_authentication_type); |
1170 |
1153 |
1217 eapol_key_state_string_c eapol_key_state_string; |
1200 eapol_key_state_string_c eapol_key_state_string; |
1218 |
1201 |
1219 EAP_TRACE_DEBUG( |
1202 EAP_TRACE_DEBUG( |
1220 m_am_tools, |
1203 m_am_tools, |
1221 TRACE_FLAGS_DEFAULT, |
1204 TRACE_FLAGS_DEFAULT, |
1222 (EAPL("eapol_key_state_c::handshake_failure_notification(): %s, m_eapol_key_handshake_type=%s, get_eapol_key_state()=%s\n"), |
1205 (EAPL("eapol_key_state_c::handshake_failure_notification(): %s, m_eapol_key_handshake_type=%d=%s, get_eapol_key_state()=%d=%s\n"), |
1223 (m_is_client == true) ? "client": "server", |
1206 (m_is_client == true) ? "client": "server", |
|
1207 m_eapol_key_handshake_type, |
1224 eapol_key_state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type), |
1208 eapol_key_state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type), |
|
1209 get_eapol_key_state(), |
1225 eapol_key_state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1210 eapol_key_state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1226 |
1211 |
1227 EAP_ASSERT(m_am_tools->get_global_mutex()->get_is_reserved() == true); |
1212 EAP_ASSERT(m_am_tools->get_global_mutex()->get_is_reserved() == true); |
1228 |
1213 |
1229 if (m_eapol_key_handshake_type == eapol_key_handshake_type_4_way_handshake) |
1214 if (m_eapol_key_handshake_type == eapol_key_handshake_type_4_way_handshake) |
1320 TRACE_FLAGS_DEFAULT, |
1305 TRACE_FLAGS_DEFAULT, |
1321 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Group Key Handshake FAILED\n"), |
1306 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Group Key Handshake FAILED\n"), |
1322 (m_is_client == true ? "client": "server"))); |
1307 (m_is_client == true ? "client": "server"))); |
1323 } |
1308 } |
1324 } |
1309 } |
1325 else if (m_eapol_key_handshake_type == eapol_key_handshake_type_none) |
1310 else if (m_eapol_key_handshake_type == eapol_key_handshake_type_none |
|
1311 || m_eapol_key_handshake_type == eapol_key_handshake_type_authenticated) |
1326 { |
1312 { |
1327 EAP_TRACE_ALWAYS( |
1313 EAP_TRACE_ALWAYS( |
1328 m_am_tools, |
1314 m_am_tools, |
1329 TRACE_FLAGS_DEFAULT, |
1315 TRACE_FLAGS_DEFAULT, |
1330 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Unused EAPOL Key state.\n"), |
1316 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Unused EAPOL Key state.\n"), |
1413 (EAPL("eapol_key_state_c::check_pmksa_cache(): %s\n"), |
1399 (EAPL("eapol_key_state_c::check_pmksa_cache(): %s\n"), |
1414 (m_is_client == true) ? "client": "server")); |
1400 (m_is_client == true) ? "client": "server")); |
1415 |
1401 |
1416 eap_status_e status = eap_status_ok; |
1402 eap_status_e status = eap_status_ok; |
1417 |
1403 |
1418 eapol_key_state_string_c state_string; |
|
1419 EAP_TRACE_DEBUG( |
1404 EAP_TRACE_DEBUG( |
1420 m_am_tools, |
1405 m_am_tools, |
1421 TRACE_FLAGS_DEFAULT, |
1406 TRACE_FLAGS_DEFAULT, |
1422 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::check_pmksa_cache(): this = 0x%08x, state %d=%s, selected_eapol_key_authentication_type %d=%s, m_authentication_type %d=%s.\n"), |
1407 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::check_pmksa_cache(): this = 0x%08x, state %d=%s,\n"), |
1423 (m_is_client == true) ? "client": "server", |
1408 (m_is_client == true) ? "client": "server", |
1424 this, |
1409 this, |
1425 get_eapol_key_state(), |
1410 get_eapol_key_state(), |
1426 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1411 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
|
1412 |
|
1413 EAP_TRACE_DEBUG( |
|
1414 m_am_tools, |
|
1415 TRACE_FLAGS_DEFAULT, |
|
1416 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::check_pmksa_cache(): selected_eapol_key_authentication_type %d=%s, m_authentication_type %d=%s.\n"), |
|
1417 (m_is_client == true) ? "client": "server", |
1427 selected_eapol_key_authentication_type, |
1418 selected_eapol_key_authentication_type, |
1428 state_string.get_eapol_key_authentication_type_string(selected_eapol_key_authentication_type), |
1419 eapol_key_state_string_c::get_eapol_key_authentication_type_string(selected_eapol_key_authentication_type), |
1429 m_authentication_type, |
1420 m_authentication_type, |
1430 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1421 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1431 |
1422 |
1432 |
1423 |
1433 if (selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_EAP |
1424 if (selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_EAP |
1434 && selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_PSK |
1425 && selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_PSK |
1435 && selected_eapol_key_authentication_type != eapol_key_authentication_type_WPXM) |
1426 && selected_eapol_key_authentication_type != eapol_key_authentication_type_WPXM) |
1453 const eap_am_network_id_c * const receive_network_id, |
1444 const eap_am_network_id_c * const receive_network_id, |
1454 const eapol_key_authentication_type_e authentication_type) |
1445 const eapol_key_authentication_type_e authentication_type) |
1455 { |
1446 { |
1456 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1447 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1457 |
1448 |
1458 eapol_key_state_string_c state_string; |
|
1459 EAP_TRACE_DEBUG( |
1449 EAP_TRACE_DEBUG( |
1460 m_am_tools, |
1450 m_am_tools, |
1461 TRACE_FLAGS_DEFAULT, |
1451 TRACE_FLAGS_DEFAULT, |
1462 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize_preauthentication(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1452 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize_preauthentication(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1463 (m_is_client == true) ? "client": "server", |
1453 (m_is_client == true) ? "client": "server", |
1464 this, |
1454 this, |
1465 get_eapol_key_state(), |
1455 get_eapol_key_state(), |
1466 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1456 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
1467 m_authentication_type, |
1457 m_authentication_type, |
1468 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1458 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1469 |
1459 |
1470 eap_status_e status(eap_status_process_general_error); |
1460 eap_status_e status(eap_status_process_general_error); |
1471 |
1461 |
1472 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1462 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1473 |
1463 |
1479 } |
1469 } |
1480 |
1470 |
1481 if (m_authentication_type == eapol_key_authentication_type_none |
1471 if (m_authentication_type == eapol_key_authentication_type_none |
1482 || m_authentication_type == eapol_key_authentication_type_RSNA_PSK |
1472 || m_authentication_type == eapol_key_authentication_type_RSNA_PSK |
1483 || m_authentication_type == eapol_key_authentication_type_WPA_PSK |
1473 || m_authentication_type == eapol_key_authentication_type_WPA_PSK |
1484 || m_authentication_type == eapol_key_authentication_type_802_1X) |
1474 || m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
|
1475 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
1476 ) |
1485 { |
1477 { |
1486 // Illegal authentication type. |
1478 // Illegal authentication type. |
1487 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1479 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1488 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
1480 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
1489 } |
1481 } |
1519 const eap_variable_data_c * const received_WPA_ie, |
1511 const eap_variable_data_c * const received_WPA_ie, |
1520 const eap_variable_data_c * const sent_WPA_ie) |
1512 const eap_variable_data_c * const sent_WPA_ie) |
1521 { |
1513 { |
1522 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1514 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1523 |
1515 |
1524 eapol_key_state_string_c state_string; |
|
1525 EAP_TRACE_DEBUG( |
1516 EAP_TRACE_DEBUG( |
1526 m_am_tools, |
1517 m_am_tools, |
1527 TRACE_FLAGS_DEFAULT, |
1518 TRACE_FLAGS_DEFAULT, |
1528 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1519 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1529 (m_is_client == true) ? "client": "server", |
1520 (m_is_client == true) ? "client": "server", |
1530 this, |
1521 this, |
1531 get_eapol_key_state(), |
1522 get_eapol_key_state(), |
1532 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1523 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
1533 m_authentication_type, |
1524 m_authentication_type, |
1534 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1525 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1535 |
1526 |
1536 |
1527 |
1537 (void) cancel_pmksa_caching_timeout(); |
1528 (void) cancel_pmksa_caching_timeout(); |
1538 (void) cancel_handshake_timeout(); |
1529 (void) cancel_handshake_timeout(); |
1539 (void) cancel_reassociate_timeout(); |
1530 (void) cancel_reassociate_timeout(); |
1565 } |
1556 } |
1566 } |
1557 } |
1567 |
1558 |
1568 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1559 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1569 |
1560 |
1570 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1571 // Creates SNonce. This is done here in early phase of authentication. |
1561 // Creates SNonce. This is done here in early phase of authentication. |
1572 // This will reduce the CPU load when time critical first message |
1562 // This will reduce the CPU load when time critical first message |
1573 // of 4-Way handshake is processed. |
1563 // of 4-Way handshake is processed. |
1574 status = create_nonce(&m_SNonce, EAPOL_RSNA_NONCE_LENGTH_BYTES); |
1564 status = create_nonce(&m_SNonce, EAPOL_RSNA_NONCE_LENGTH_BYTES); |
1575 if (status != eap_status_ok) |
1565 if (status != eap_status_ok) |
1576 { |
1566 { |
1577 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1567 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1578 return EAP_STATUS_RETURN(m_am_tools, status); |
1568 return EAP_STATUS_RETURN(m_am_tools, status); |
1579 } |
1569 } |
1580 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1581 |
1570 |
1582 status = init_handshake_timeout(m_handshake_timeout); |
1571 status = init_handshake_timeout(m_handshake_timeout); |
1583 if (status != eap_status_ok) |
1572 if (status != eap_status_ok) |
1584 { |
1573 { |
1585 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1574 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1595 TRACE_FLAGS_DEFAULT, |
1584 TRACE_FLAGS_DEFAULT, |
1596 (EAPL("ERROR: EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, (get_eapol_key_state()=%d=%s) != (eapol_key_state_preauthenticated)\n"), |
1585 (EAPL("ERROR: EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, (get_eapol_key_state()=%d=%s) != (eapol_key_state_preauthenticated)\n"), |
1597 (m_is_client == true) ? "client": "server", |
1586 (m_is_client == true) ? "client": "server", |
1598 this, |
1587 this, |
1599 get_eapol_key_state(), |
1588 get_eapol_key_state(), |
1600 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1589 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
1601 |
1590 |
1602 EAP_TRACE_DEBUG( |
1591 EAP_TRACE_DEBUG( |
1603 m_am_tools, |
1592 m_am_tools, |
1604 TRACE_FLAGS_DEFAULT, |
1593 TRACE_FLAGS_DEFAULT, |
1605 (EAPL("ERROR: EAPOL_KEY: %s: || (m_authentication_type=%d=%s) != (required_authentication_type=%d=%s)\n"), |
1594 (EAPL("ERROR: EAPOL_KEY: %s: || (m_authentication_type=%d=%s) != (required_authentication_type=%d=%s)\n"), |
1606 (m_is_client == true) ? "client": "server", |
1595 (m_is_client == true) ? "client": "server", |
1607 m_authentication_type, |
1596 m_authentication_type, |
1608 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
1597 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
1609 required_authentication_type, |
1598 required_authentication_type, |
1610 state_string.get_eapol_key_authentication_type_string(required_authentication_type))); |
1599 eapol_key_state_string_c::get_eapol_key_authentication_type_string(required_authentication_type))); |
1611 |
1600 |
1612 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1601 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1613 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1602 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1614 } |
1603 } |
1615 |
1604 |
1741 { |
1730 { |
1742 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1731 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1743 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1732 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1744 } |
1733 } |
1745 |
1734 |
1746 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1747 { |
1735 { |
1748 m_is_associated = true; |
1736 m_is_associated = true; |
1749 |
1737 |
1750 EAP_TRACE_DEBUG( |
1738 EAP_TRACE_DEBUG( |
1751 m_am_tools, |
1739 m_am_tools, |
1752 TRACE_FLAGS_DEFAULT, |
1740 TRACE_FLAGS_DEFAULT, |
1753 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::complete_reassociation(): m_is_associated=%s.\n"), |
1741 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::complete_reassociation(): m_is_associated=%s.\n"), |
1754 (m_is_client == true) ? "client": "server", |
1742 (m_is_client == true) ? "client": "server", |
1755 (m_is_associated == true) ? "true": "false")); |
1743 (m_is_associated == true) ? "true": "false")); |
1756 } |
1744 } |
1757 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
1758 |
|
1759 } |
1745 } |
1760 else |
1746 else |
1761 { |
1747 { |
1762 // Reassociation failed, clean-up state. |
1748 // Reassociation failed, clean-up state. |
1763 reset(); |
1749 reset(); |
1834 id, |
1820 id, |
1835 data)); |
1821 data)); |
1836 |
1822 |
1837 if (id == EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID) |
1823 if (id == EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID) |
1838 { |
1824 { |
1839 eapol_key_state_string_c state_string; |
|
1840 EAP_TRACE_DEBUG( |
1825 EAP_TRACE_DEBUG( |
1841 m_am_tools, |
1826 m_am_tools, |
1842 TRACE_FLAGS_DEFAULT, |
1827 TRACE_FLAGS_DEFAULT, |
1843 (EAPL("TIMER: EAPOL_KEY: %s: EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID expired, eapol_key_state=%d=%s\n"), |
1828 (EAPL("TIMER: EAPOL_KEY: %s: EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID expired, eapol_key_state=%d=%s\n"), |
1844 (m_is_client == true ? "client": "server"), |
1829 (m_is_client == true ? "client": "server"), |
1845 get_eapol_key_state(), |
1830 get_eapol_key_state(), |
1846 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1831 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
1847 |
1832 |
1848 if ((m_is_client == true |
1833 if ((m_is_client == true |
1849 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_3) |
1834 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_3) |
1850 || (m_is_client == false |
1835 || (m_is_client == false |
1851 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_2)) |
1836 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_2)) |
1857 // There could be other problems too. |
1842 // There could be other problems too. |
1858 send_error_notification(eap_status_wrong_password); |
1843 send_error_notification(eap_status_wrong_password); |
1859 } |
1844 } |
1860 else if (m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
1845 else if (m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
1861 || m_authentication_type == eapol_key_authentication_type_WPA_EAP |
1846 || m_authentication_type == eapol_key_authentication_type_WPA_EAP |
1862 || m_authentication_type == eapol_key_authentication_type_802_1X |
1847 || m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
1863 || m_authentication_type == eapol_key_authentication_type_WPXM) |
1848 || m_authentication_type == eapol_key_authentication_type_WPXM |
|
1849 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
1850 ) |
1864 { |
1851 { |
1865 send_error_notification(eap_status_authentication_failure); |
1852 send_error_notification(eap_status_authentication_failure); |
1866 } |
1853 } |
1867 } |
1854 } |
1868 else if (get_eapol_key_state() != eapol_key_state_none) |
1855 else if (get_eapol_key_state() != eapol_key_state_none) |
2781 key_data_payload, |
2768 key_data_payload, |
2782 debug_string.get_eapol_key_state_string(expected_key_message), |
2769 debug_string.get_eapol_key_state_string(expected_key_message), |
2783 expected_key_message)); |
2770 expected_key_message)); |
2784 } |
2771 } |
2785 |
2772 |
2786 if (get_is_RSNA() == true |
2773 if (current_key_descriptor_type == eapol_RSNA_key_data_type_RSN_key_data |
2787 && eapol_key_descriptor_type == eapol_key_descriptor_type_RSNA |
|
2788 && current_key_descriptor_type == eapol_RSNA_key_data_type_RSN_key_data |
|
2789 && check_is_aes_key_wrap_padding( |
2774 && check_is_aes_key_wrap_padding( |
2790 current_key_descriptor_type, |
2775 current_key_descriptor_type, |
2791 key_data_payload, |
2776 key_data_payload, |
2792 *key_data_max_length) == eap_status_ok) |
2777 *key_data_max_length) == eap_status_ok) |
2793 { |
2778 { |
|
2779 if (get_is_RSNA() == false) |
|
2780 { |
|
2781 EAP_TRACE_DEBUG( |
|
2782 m_am_tools, |
|
2783 TRACE_FLAGS_DEFAULT, |
|
2784 (EAPL("WARNING: EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding in non RSNA\n"), |
|
2785 key_data_payload)); |
|
2786 } |
|
2787 |
|
2788 if (eapol_key_descriptor_type != eapol_key_descriptor_type_RSNA) |
|
2789 { |
|
2790 EAP_TRACE_DEBUG( |
|
2791 m_am_tools, |
|
2792 TRACE_FLAGS_DEFAULT, |
|
2793 (EAPL("WARNING: EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding in non RSNA, eapol_key_descriptor_type=%d\n"), |
|
2794 key_data_payload, |
|
2795 eapol_key_descriptor_type)); |
|
2796 } |
|
2797 |
2794 EAP_TRACE_DEBUG( |
2798 EAP_TRACE_DEBUG( |
2795 m_am_tools, |
2799 m_am_tools, |
2796 TRACE_FLAGS_DEFAULT, |
2800 TRACE_FLAGS_DEFAULT, |
2797 (EAPL("EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding\n"), |
2801 (EAPL("EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding, %d bytes\n"), |
2798 key_data_payload)); |
2802 key_data_payload, |
|
2803 *key_data_max_length)); |
2799 |
2804 |
2800 // This is AES key wrap padding. |
2805 // This is AES key wrap padding. |
2801 *key_data_max_length = 0ul; |
2806 *key_data_max_length = 0ul; |
2802 |
2807 |
2803 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
2808 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3603 } |
3608 } |
3604 } |
3609 } |
3605 |
3610 |
3606 if (*buffer_length != 0u) |
3611 if (*buffer_length != 0u) |
3607 { |
3612 { |
3608 if (key_descriptor_version == eapol_RSNA_key_header_c::m_key_descriptor_version_1) |
3613 // Check is this padding. |
|
3614 const u8_t * const padding = payload.get_header_offset(payload.get_header_and_body_length(), *buffer_length); |
|
3615 |
|
3616 status = check_padding(padding, *buffer_length); |
|
3617 |
|
3618 if (status != eap_status_ok |
|
3619 && key_descriptor_version == eapol_RSNA_key_header_c::m_key_descriptor_version_1) |
3609 { |
3620 { |
3610 EAP_TRACE_ERROR( |
3621 EAP_TRACE_ERROR( |
3611 m_am_tools, |
3622 m_am_tools, |
3612 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
3623 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
3613 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::parse_key_data(): ") |
3624 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::parse_key_data(): ") |
3614 EAPL("EAPOl Key Data-header is corrupted. Buffer length ") |
3625 EAPL("EAPOl Key Data-header is corrupted. Buffer length ") |
3615 EAPL("and payload length does not match. %lu illegal bytes.\n"), |
3626 EAPL("and payload length does not match. %d illegal bytes.\n"), |
3616 *buffer_length)); |
3627 *buffer_length)); |
|
3628 EAP_TRACE_DATA_ERROR( |
|
3629 m_am_tools, |
|
3630 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
|
3631 (EAPL("ERROR: illegal padding"), |
|
3632 padding, |
|
3633 *buffer_length)); |
3617 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3634 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3618 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
3635 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
3619 } |
3636 } |
3620 } |
3637 } |
3621 |
3638 |
4302 EAPL("m_encryption_KEK is missing or corrupted.\n"))); |
4319 EAPL("m_encryption_KEK is missing or corrupted.\n"))); |
4303 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4320 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4304 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
4321 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
4305 } |
4322 } |
4306 |
4323 |
|
4324 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
4325 |
|
4326 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4327 |
|
4328 if (aes_wrap.get_is_valid() == false) |
|
4329 { |
|
4330 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4331 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4332 } |
|
4333 |
|
4334 u32_t padding_length(0ul); |
|
4335 u32_t min_key_data_length = 2ul * aes_wrap.get_block_size(); |
|
4336 |
|
4337 if (eapol_key_message->get_key_data_length() < min_key_data_length) |
|
4338 { |
|
4339 padding_length = min_key_data_length - eapol_key_message->get_key_data_length(); |
|
4340 } |
|
4341 else if ((eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()) != 0) |
|
4342 { |
|
4343 padding_length = aes_wrap.get_block_size() |
|
4344 - (eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()); |
|
4345 } |
|
4346 |
|
4347 u32_t padding_offset = eapol_key_message->get_key_data_length(); |
|
4348 |
|
4349 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4307 |
4350 |
4308 if (m_eapol_pairwise_cipher |
4351 if (m_eapol_pairwise_cipher |
4309 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP |
4352 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP |
4310 || m_eapol_group_cipher |
4353 || m_eapol_group_cipher |
4311 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP) |
4354 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP) |
4313 EAP_TRACE_DEBUG( |
4356 EAP_TRACE_DEBUG( |
4314 m_am_tools, |
4357 m_am_tools, |
4315 TRACE_FLAGS_DEFAULT, |
4358 TRACE_FLAGS_DEFAULT, |
4316 (EAPL("EAPOL_KEY: AES-WRAP encryption algorithm.\n"))); |
4359 (EAPL("EAPOL_KEY: AES-WRAP encryption algorithm.\n"))); |
4317 |
4360 |
4318 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4319 |
|
4320 if (aes_wrap.get_is_valid() == false) |
|
4321 { |
|
4322 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4323 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4324 } |
|
4325 |
|
4326 status = aes_wrap.set_encryption_key( |
4361 status = aes_wrap.set_encryption_key( |
4327 m_encryption_KEK.get_data(), |
4362 m_encryption_KEK.get_data(), |
4328 m_encryption_KEK.get_data_length()); |
4363 m_encryption_KEK.get_data_length()); |
4329 if (status != eap_status_ok) |
4364 if (status != eap_status_ok) |
4330 { |
4365 { |
4331 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4366 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4332 return EAP_STATUS_RETURN(m_am_tools, status); |
4367 return EAP_STATUS_RETURN(m_am_tools, status); |
4333 } |
4368 } |
4334 |
|
4335 u32_t padding_length(0ul); |
|
4336 u32_t min_key_data_length = 2ul * aes_wrap.get_block_size(); |
|
4337 |
|
4338 if (eapol_key_message->get_key_data_length() < min_key_data_length) |
|
4339 { |
|
4340 padding_length = min_key_data_length - eapol_key_message->get_key_data_length(); |
|
4341 } |
|
4342 else if ((eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()) != 0) |
|
4343 { |
|
4344 padding_length = aes_wrap.get_block_size() |
|
4345 - (eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()); |
|
4346 } |
|
4347 |
|
4348 u32_t padding_offset = eapol_key_message->get_key_data_length(); |
|
4349 |
4369 |
4350 // AES-Wrap increases message length with one block. |
4370 // AES-Wrap increases message length with one block. |
4351 status = eapol_key_message->set_key_data_length( |
4371 status = eapol_key_message->set_key_data_length( |
4352 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
4372 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
4353 + padding_length |
4373 + padding_length |
4447 status = rc4->discard_stream(EAPOL_RSNA_RC4_KEY_STREAM_DISCARD_LENGTH); |
4467 status = rc4->discard_stream(EAPOL_RSNA_RC4_KEY_STREAM_DISCARD_LENGTH); |
4448 if (status != eap_status_ok) |
4468 if (status != eap_status_ok) |
4449 { |
4469 { |
4450 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4470 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4451 return EAP_STATUS_RETURN(m_am_tools, status); |
4471 return EAP_STATUS_RETURN(m_am_tools, status); |
|
4472 } |
|
4473 |
|
4474 if (padding_length > 0ul) |
|
4475 { |
|
4476 // Of course some access points use padding also with RC4 encryption. It is required only with AES-wrap algorithm. |
|
4477 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4478 |
|
4479 if (aes_wrap.get_is_valid() == false) |
|
4480 { |
|
4481 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4482 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4483 } |
|
4484 |
|
4485 aes_wrap.add_padding_bytes( |
|
4486 eapol_key_message->get_key_data_offset( |
|
4487 padding_offset, |
|
4488 padding_length), |
|
4489 padding_length); |
|
4490 |
|
4491 status = eapol_key_message->set_key_data_length( |
|
4492 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
|
4493 + padding_length)); |
|
4494 if (status != eap_status_ok) |
|
4495 { |
|
4496 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4497 return EAP_STATUS_RETURN(m_am_tools, status); |
|
4498 } |
|
4499 |
4452 } |
4500 } |
4453 |
4501 |
4454 EAP_TRACE_DATA_DEBUG( |
4502 EAP_TRACE_DATA_DEBUG( |
4455 m_am_tools, |
4503 m_am_tools, |
4456 TRACE_FLAGS_DEFAULT, |
4504 TRACE_FLAGS_DEFAULT, |
5111 eap_general_header_base_c * const packet_data, |
5159 eap_general_header_base_c * const packet_data, |
5112 const u32_t packet_length) |
5160 const u32_t packet_length) |
5113 { |
5161 { |
5114 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5162 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5115 |
5163 |
|
5164 EAP_TRACE_DEBUG( |
|
5165 m_am_tools, |
|
5166 TRACE_FLAGS_DEFAULT, |
|
5167 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::process_eapol_key_frame(): ") |
|
5168 EAPL("m_authentication_type=%d=%s, m_eapol_key_state=%d=%s\n"), |
|
5169 (m_is_client == true ? "client": "server"), |
|
5170 m_authentication_type, |
|
5171 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
|
5172 m_eapol_key_state, |
|
5173 eapol_key_state_string_c::get_eapol_key_state_string(m_eapol_key_state))); |
|
5174 |
5116 eap_status_e status = eap_status_not_supported; |
5175 eap_status_e status = eap_status_not_supported; |
5117 |
5176 |
5118 if (packet_length < eapol_header_wr_c::get_header_length() |
5177 if (packet_length < eapol_header_wr_c::get_header_length() |
5119 || packet_data->get_header_buffer_length() < eapol_header_wr_c::get_header_length() |
5178 || packet_data->get_header_buffer_length() < eapol_header_wr_c::get_header_length() |
5120 || packet_data->get_header_buffer_length() < packet_length) |
5179 || packet_data->get_header_buffer_length() < packet_length) |
5240 (m_is_associated == true) ? "true": "false")); |
5297 (m_is_associated == true) ? "true": "false")); |
5241 |
5298 |
5242 return m_is_associated; |
5299 return m_is_associated; |
5243 } |
5300 } |
5244 |
5301 |
5245 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
5246 |
|
5247 //-------------------------------------------------- |
5302 //-------------------------------------------------- |
5248 |
5303 |
5249 EAP_FUNC_EXPORT void eapol_key_state_c::set_eapol_key_state(const eapol_key_state_e state) |
5304 EAP_FUNC_EXPORT void eapol_key_state_c::set_eapol_key_state(const eapol_key_state_e state) |
5250 { |
5305 { |
5251 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5306 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5252 |
|
5253 eapol_key_state_string_c state_string; |
|
5254 |
5307 |
5255 EAP_TRACE_DEBUG( |
5308 EAP_TRACE_DEBUG( |
5256 m_am_tools, |
5309 m_am_tools, |
5257 TRACE_FLAGS_DEFAULT, |
5310 TRACE_FLAGS_DEFAULT, |
5258 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_eapol_key_state(): set_eapol_key_state() from %s to %s\n"), |
5311 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_eapol_key_state(): set_eapol_key_state() from %s to %s\n"), |
5259 (m_is_client == true ? "client": "server"), |
5312 (m_is_client == true ? "client": "server"), |
5260 state_string.get_eapol_key_state_string(m_eapol_key_state), |
5313 eapol_key_state_string_c::get_eapol_key_state_string(m_eapol_key_state), |
5261 state_string.get_eapol_key_state_string(state))); |
5314 eapol_key_state_string_c::get_eapol_key_state_string(state))); |
5262 |
5315 |
5263 m_eapol_key_state = state; |
5316 m_eapol_key_state = state; |
5264 |
5317 |
5265 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
5318 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
5266 } |
5319 } |
5395 //-------------------------------------------------- |
5448 //-------------------------------------------------- |
5396 |
5449 |
5397 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_handshake_timeout( |
5450 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_handshake_timeout( |
5398 const u32_t timeout) |
5451 const u32_t timeout) |
5399 { |
5452 { |
5400 eapol_key_state_string_c state_string; |
|
5401 EAP_TRACE_DEBUG( |
5453 EAP_TRACE_DEBUG( |
5402 m_am_tools, |
5454 m_am_tools, |
5403 TRACE_FLAGS_DEFAULT, |
5455 TRACE_FLAGS_DEFAULT, |
5404 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_handshake_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5456 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_handshake_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5405 (m_is_client == true) ? "client": "server", |
5457 (m_is_client == true) ? "client": "server", |
5406 this, |
5458 this, |
5407 get_eapol_key_state(), |
5459 get_eapol_key_state(), |
5408 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5460 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5409 m_authentication_type, |
5461 m_authentication_type, |
5410 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5462 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5411 |
5463 |
5412 if (m_handshake_timeout_set == true) |
5464 if (m_handshake_timeout_set == true) |
5413 { |
5465 { |
5414 EAP_TRACE_DEBUG( |
5466 EAP_TRACE_DEBUG( |
5415 m_am_tools, |
5467 m_am_tools, |
5473 //-------------------------------------------------- |
5525 //-------------------------------------------------- |
5474 |
5526 |
5475 eap_status_e eapol_key_state_c::init_reassociate_timeout( |
5527 eap_status_e eapol_key_state_c::init_reassociate_timeout( |
5476 const u32_t timeout) |
5528 const u32_t timeout) |
5477 { |
5529 { |
5478 eapol_key_state_string_c state_string; |
|
5479 EAP_TRACE_DEBUG( |
5530 EAP_TRACE_DEBUG( |
5480 m_am_tools, |
5531 m_am_tools, |
5481 TRACE_FLAGS_DEFAULT, |
5532 TRACE_FLAGS_DEFAULT, |
5482 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_reassociate_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5533 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_reassociate_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5483 (m_is_client == true) ? "client": "server", |
5534 (m_is_client == true) ? "client": "server", |
5484 this, |
5535 this, |
5485 get_eapol_key_state(), |
5536 get_eapol_key_state(), |
5486 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5537 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5487 m_authentication_type, |
5538 m_authentication_type, |
5488 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5539 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5489 |
5540 |
5490 eap_status_e status = m_key_state_partner->set_timer( |
5541 eap_status_e status = m_key_state_partner->set_timer( |
5491 this, |
5542 this, |
5492 EAPOL_KEY_STATE_TIMER_REASSOCIATE_TIMEOUT_ID, |
5543 EAPOL_KEY_STATE_TIMER_REASSOCIATE_TIMEOUT_ID, |
5493 0, |
5544 0, |
5538 |
5589 |
5539 //-------------------------------------------------- |
5590 //-------------------------------------------------- |
5540 |
5591 |
5541 eap_status_e eapol_key_state_c::init_4_way_handshake_start_timeout() |
5592 eap_status_e eapol_key_state_c::init_4_way_handshake_start_timeout() |
5542 { |
5593 { |
5543 eapol_key_state_string_c state_string; |
|
5544 EAP_TRACE_DEBUG( |
5594 EAP_TRACE_DEBUG( |
5545 m_am_tools, |
5595 m_am_tools, |
5546 TRACE_FLAGS_DEFAULT, |
5596 TRACE_FLAGS_DEFAULT, |
5547 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_4_way_handshake_start_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5597 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_4_way_handshake_start_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5548 (m_is_client == true) ? "client": "server", |
5598 (m_is_client == true) ? "client": "server", |
5549 this, |
5599 this, |
5550 get_eapol_key_state(), |
5600 get_eapol_key_state(), |
5551 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5601 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5552 m_authentication_type, |
5602 m_authentication_type, |
5553 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5603 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5554 |
5604 |
5555 eap_status_e status = m_key_state_partner->set_timer( |
5605 eap_status_e status = m_key_state_partner->set_timer( |
5556 this, |
5606 this, |
5557 EAPOL_KEY_STATE_TIMER_INITIALIZE_4_WAY_HANDSHAKE_TIMEOUT_ID, |
5607 EAPOL_KEY_STATE_TIMER_INITIALIZE_4_WAY_HANDSHAKE_TIMEOUT_ID, |
5558 0, |
5608 0, |
5603 |
5653 |
5604 //-------------------------------------------------- |
5654 //-------------------------------------------------- |
5605 |
5655 |
5606 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::cancel_authentication_session() |
5656 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::cancel_authentication_session() |
5607 { |
5657 { |
5608 eapol_key_state_string_c state_string; |
|
5609 EAP_TRACE_DEBUG( |
5658 EAP_TRACE_DEBUG( |
5610 m_am_tools, |
5659 m_am_tools, |
5611 TRACE_FLAGS_DEFAULT, |
5660 TRACE_FLAGS_DEFAULT, |
5612 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::cancel_authentication_session(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5661 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::cancel_authentication_session(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5613 (m_is_client == true) ? "client": "server", |
5662 (m_is_client == true) ? "client": "server", |
5614 this, |
5663 this, |
5615 get_eapol_key_state(), |
5664 get_eapol_key_state(), |
5616 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5665 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5617 m_authentication_type, |
5666 m_authentication_type, |
5618 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5667 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5619 |
5668 |
5620 eap_status_e status(eap_status_process_general_error); |
5669 eap_status_e status(eap_status_process_general_error); |
5621 |
5670 |
5622 // RSNA could cache the current PMKSA. |
5671 // RSNA could cache the current PMKSA. |
5623 status = init_pmksa_caching_timeout(); |
5672 status = init_pmksa_caching_timeout(); |
5628 |
5677 |
5629 //-------------------------------------------------- |
5678 //-------------------------------------------------- |
5630 |
5679 |
5631 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_pmksa_caching_timeout() |
5680 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_pmksa_caching_timeout() |
5632 { |
5681 { |
5633 eapol_key_state_string_c state_string; |
|
5634 EAP_TRACE_DEBUG( |
5682 EAP_TRACE_DEBUG( |
5635 m_am_tools, |
5683 m_am_tools, |
5636 TRACE_FLAGS_DEFAULT, |
5684 TRACE_FLAGS_DEFAULT, |
5637 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5685 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5638 (m_is_client == true) ? "client": "server", |
5686 (m_is_client == true) ? "client": "server", |
5639 this, |
5687 this, |
5640 get_eapol_key_state(), |
5688 get_eapol_key_state(), |
5641 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5689 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5642 m_authentication_type, |
5690 m_authentication_type, |
5643 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5691 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5644 |
5692 |
5645 eap_status_e status(eap_status_process_general_error); |
5693 eap_status_e status(eap_status_process_general_error); |
5646 |
5694 |
5647 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
5648 { |
5695 { |
5649 m_is_associated = false; |
5696 m_is_associated = false; |
5650 |
5697 |
5651 EAP_TRACE_DEBUG( |
5698 EAP_TRACE_DEBUG( |
5652 m_am_tools, |
5699 m_am_tools, |
5653 TRACE_FLAGS_DEFAULT, |
5700 TRACE_FLAGS_DEFAULT, |
5654 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): m_is_associated=%s.\n"), |
5701 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): m_is_associated=%s.\n"), |
5655 (m_is_client == true) ? "client": "server", |
5702 (m_is_client == true) ? "client": "server", |
5656 (m_is_associated == true) ? "true": "false")); |
5703 (m_is_associated == true) ? "true": "false")); |
5657 } |
5704 } |
5658 #endif //#if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
5659 |
5705 |
5660 if ((m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
5706 if ((m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
5661 #if defined(EAP_USE_WPXM) |
5707 #if defined(EAP_USE_WPXM) |
5662 || get_is_WPXM() == true |
5708 || get_is_WPXM() == true |
5663 #endif //#if defined(EAP_USE_WPXM) |
5709 #endif //#if defined(EAP_USE_WPXM) |
5888 //-------------------------------------------------- |
5934 //-------------------------------------------------- |
5889 |
5935 |
5890 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_group_key_update_timeout( |
5936 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_group_key_update_timeout( |
5891 const u32_t timeout) |
5937 const u32_t timeout) |
5892 { |
5938 { |
5893 eapol_key_state_string_c state_string; |
|
5894 EAP_TRACE_DEBUG( |
5939 EAP_TRACE_DEBUG( |
5895 m_am_tools, |
5940 m_am_tools, |
5896 TRACE_FLAGS_DEFAULT, |
5941 TRACE_FLAGS_DEFAULT, |
5897 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_group_key_update_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5942 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_group_key_update_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5898 (m_is_client == true) ? "client": "server", |
5943 (m_is_client == true) ? "client": "server", |
5899 this, |
5944 this, |
5900 get_eapol_key_state(), |
5945 get_eapol_key_state(), |
5901 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5946 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5902 m_authentication_type, |
5947 m_authentication_type, |
5903 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5948 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5904 |
5949 |
5905 eap_status_e status = m_key_state_partner->set_timer( |
5950 eap_status_e status = m_key_state_partner->set_timer( |
5906 this, |
5951 this, |
5907 EAPOL_KEY_STATE_TIMER_GROUP_KEY_UPDATE_TIMEOUT_ID, |
5952 EAPOL_KEY_STATE_TIMER_GROUP_KEY_UPDATE_TIMEOUT_ID, |
5908 0, |
5953 0, |
5953 // |
5998 // |
5954 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::reset_cached_pmksa() |
5999 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::reset_cached_pmksa() |
5955 { |
6000 { |
5956 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
6001 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5957 |
6002 |
5958 eapol_key_state_string_c state_string; |
|
5959 EAP_TRACE_DEBUG( |
6003 EAP_TRACE_DEBUG( |
5960 m_am_tools, |
6004 m_am_tools, |
5961 TRACE_FLAGS_DEFAULT, |
6005 TRACE_FLAGS_DEFAULT, |
5962 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::reset_cached_pmksa(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
6006 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::reset_cached_pmksa(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5963 (m_is_client == true) ? "client": "server", |
6007 (m_is_client == true) ? "client": "server", |
5964 this, |
6008 this, |
5965 get_eapol_key_state(), |
6009 get_eapol_key_state(), |
5966 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
6010 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5967 m_authentication_type, |
6011 m_authentication_type, |
5968 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
6012 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5969 |
6013 |
5970 eap_status_e status = eap_status_ok; |
6014 eap_status_e status = eap_status_ok; |
5971 |
6015 |
5972 for (u32_t key_type = 0ul; key_type < eapol_key_type_last_type; key_type++) |
6016 for (u32_t key_type = 0ul; key_type < eapol_key_type_last_type; key_type++) |
5973 { |
6017 { |
6290 if (m_authentication_type == eapol_key_authentication_type_none) |
6334 if (m_authentication_type == eapol_key_authentication_type_none) |
6291 { |
6335 { |
6292 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6336 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6293 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
6337 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
6294 } |
6338 } |
6295 else if (m_authentication_type != eapol_key_authentication_type_802_1X) |
6339 else if (m_authentication_type != eapol_key_authentication_type_dynamic_WEP |
|
6340 && m_authentication_type != eapol_key_authentication_type_EAP_authentication_no_encryption |
|
6341 ) |
6296 { |
6342 { |
6297 // Truncate PMK only in WPA and RSN case |
6343 // Truncate PMK only in WPA and RSN case |
6298 if (pmk_key_length > EAPOL_RSNA_PMK_LENGTH_BYTES) |
6344 if (pmk_key_length > EAPOL_RSNA_PMK_LENGTH_BYTES) |
6299 { |
6345 { |
6300 pmk_key_length = EAPOL_RSNA_PMK_LENGTH_BYTES; |
6346 pmk_key_length = EAPOL_RSNA_PMK_LENGTH_BYTES; |
6343 if (field[ind] != 0) |
6389 if (field[ind] != 0) |
6344 { |
6390 { |
6345 status = eap_status_illegal_padding; |
6391 status = eap_status_illegal_padding; |
6346 break; |
6392 break; |
6347 } |
6393 } |
|
6394 } |
|
6395 |
|
6396 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6397 return EAP_STATUS_RETURN(m_am_tools, status); |
|
6398 } |
|
6399 |
|
6400 //-------------------------------------------------- |
|
6401 |
|
6402 // |
|
6403 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::check_padding( |
|
6404 const u8_t * const field, |
|
6405 const u32_t field_length) |
|
6406 { |
|
6407 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6408 |
|
6409 eap_status_e status = eap_status_ok; |
|
6410 |
|
6411 if (field == 0 |
|
6412 || field_length == 0ul |
|
6413 || field[0] != eapol_RSNA_key_data_type_RSN_key_data |
|
6414 || verify_field_is_zero( |
|
6415 field+1, |
|
6416 field_length-1) != eap_status_ok) |
|
6417 { |
|
6418 status = eap_status_illegal_padding; |
6348 } |
6419 } |
6349 |
6420 |
6350 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6421 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6351 return EAP_STATUS_RETURN(m_am_tools, status); |
6422 return EAP_STATUS_RETURN(m_am_tools, status); |
6352 } |
6423 } |
6426 // OK, we need 4-Way Handshake. |
6497 // OK, we need 4-Way Handshake. |
6427 EAP_TRACE_DEBUG( |
6498 EAP_TRACE_DEBUG( |
6428 m_am_tools, |
6499 m_am_tools, |
6429 TRACE_FLAGS_DEFAULT, |
6500 TRACE_FLAGS_DEFAULT, |
6430 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6501 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6431 EAPL("Allow 4-Way Handshake, m_authentication_type=%d\n"), |
6502 EAPL("Allow 4-Way Handshake, m_authentication_type=%d=%s\n"), |
6432 (m_is_client == true ? "client": "server"), |
6503 (m_is_client == true ? "client": "server"), |
6433 m_authentication_type)); |
6504 m_authentication_type, |
|
6505 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
6434 |
6506 |
6435 m_eapol_key_handshake_type = eapol_key_handshake_type_4_way_handshake; |
6507 m_eapol_key_handshake_type = eapol_key_handshake_type_4_way_handshake; |
6436 m_eapol_key_state = eapol_key_state_wait_4_way_handshake_message_1; |
6508 m_eapol_key_state = eapol_key_state_wait_4_way_handshake_message_1; |
6437 } |
6509 } |
6438 else if (m_authentication_type == eapol_key_authentication_type_802_1X) |
6510 else if (m_authentication_type == eapol_key_authentication_type_dynamic_WEP) |
|
6511 { |
|
6512 // No 4-Way Handshake needed. |
|
6513 // AP will send unicast and broad cast keys in EAPOL key RC4 messages. |
|
6514 EAP_TRACE_DEBUG( |
|
6515 m_am_tools, |
|
6516 TRACE_FLAGS_DEFAULT, |
|
6517 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
|
6518 EAPL("Dynamic WEP, m_authentication_type=%d=%s\n"), |
|
6519 (m_is_client == true ? "client": "server"), |
|
6520 m_authentication_type, |
|
6521 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
|
6522 |
|
6523 m_eapol_key_handshake_type = eapol_key_handshake_type_dynamic_WEP; |
|
6524 m_eapol_key_state = eapol_key_state_wait_rc4_key_message; |
|
6525 |
|
6526 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6527 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
6528 } |
|
6529 else if (m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
6530 ) |
6439 { |
6531 { |
6440 // No 4-Way Handshake needed. |
6532 // No 4-Way Handshake needed. |
6441 // AP will send unicast and broad cast keys in EAPOL key messages. |
6533 // AP will send unicast and broad cast keys in EAPOL key messages. |
6442 EAP_TRACE_DEBUG( |
6534 EAP_TRACE_DEBUG( |
6443 m_am_tools, |
6535 m_am_tools, |
6445 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6537 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6446 EAPL("Dynamic WEP, m_authentication_type=%d\n"), |
6538 EAPL("Dynamic WEP, m_authentication_type=%d\n"), |
6447 (m_is_client == true ? "client": "server"), |
6539 (m_is_client == true ? "client": "server"), |
6448 m_authentication_type)); |
6540 m_authentication_type)); |
6449 |
6541 |
6450 m_eapol_key_handshake_type = eapol_key_handshake_type_dynamic_WEP; |
6542 m_eapol_key_handshake_type = eapol_key_handshake_type_EAP_authentication_no_encryption; |
6451 m_eapol_key_state = eapol_key_state_wait_rc4_key_message; |
6543 m_eapol_key_state = eapol_key_state_802_11i_authentication_finished_successfull; |
|
6544 |
|
6545 { |
|
6546 // This is notification to eapol_core_c object. |
|
6547 // EAP authentication without encryption finished successfully. |
|
6548 eap_state_notification_c * notification = new eap_state_notification_c( |
|
6549 m_am_tools, |
|
6550 &m_send_network_id, |
|
6551 m_is_client, |
|
6552 eap_state_notification_generic, |
|
6553 eap_protocol_layer_eapol_key, |
|
6554 eapol_key_authentication_type_EAP_authentication_no_encryption, |
|
6555 get_eapol_key_state(), |
|
6556 eapol_key_state_802_11i_authentication_finished_successfull, |
|
6557 0ul, |
|
6558 false); |
|
6559 if (notification == 0) |
|
6560 { |
|
6561 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6562 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
6563 } |
|
6564 m_key_state_partner->state_notification(notification); |
|
6565 |
|
6566 delete notification; |
|
6567 } |
|
6568 |
|
6569 cancel_handshake_timeout(); |
6452 |
6570 |
6453 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6571 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6454 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6572 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6455 } |
6573 } |
6456 else |
6574 else |
6458 // No 4-Way Handshake needed. |
6576 // No 4-Way Handshake needed. |
6459 EAP_TRACE_DEBUG( |
6577 EAP_TRACE_DEBUG( |
6460 m_am_tools, |
6578 m_am_tools, |
6461 TRACE_FLAGS_DEFAULT, |
6579 TRACE_FLAGS_DEFAULT, |
6462 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6580 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6463 EAPL("No 4-Way Handshake, m_authentication_type=%d\n"), |
6581 EAPL("No 4-Way Handshake, m_authentication_type=%d=%s\n"), |
6464 (m_is_client == true ? "client": "server"), |
6582 (m_is_client == true ? "client": "server"), |
6465 m_authentication_type)); |
6583 m_authentication_type, |
|
6584 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
6466 |
6585 |
6467 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6586 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6468 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6587 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6469 } |
6588 } |
6470 |
6589 |
6471 #if !defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
6472 // Creates SNonce. This is done here in early phase of authentication. |
|
6473 // This will reduce the CPU load when time critical first message |
|
6474 // of 4-Way handshake is processed. |
|
6475 status = create_nonce(&m_SNonce, EAPOL_RSNA_NONCE_LENGTH_BYTES); |
|
6476 if (status != eap_status_ok) |
|
6477 { |
|
6478 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6479 return EAP_STATUS_RETURN(m_am_tools, status); |
|
6480 } |
|
6481 #endif //#if !defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
|
6482 |
|
6483 status = init_handshake_timeout(m_handshake_timeout); |
6590 status = init_handshake_timeout(m_handshake_timeout); |
6484 if (status != eap_status_ok) |
6591 if (status != eap_status_ok) |
6485 { |
6592 { |
6486 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6593 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6487 return EAP_STATUS_RETURN(m_am_tools, status); |
6594 return EAP_STATUS_RETURN(m_am_tools, status); |
6517 m_am_tools, |
6624 m_am_tools, |
6518 TRACE_FLAGS_DEFAULT, |
6625 TRACE_FLAGS_DEFAULT, |
6519 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::start_group_key_handshake()\n"), |
6626 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::start_group_key_handshake()\n"), |
6520 (m_is_client == true ? "client": "server"))); |
6627 (m_is_client == true ? "client": "server"))); |
6521 |
6628 |
6522 if (m_eapol_key_handshake_type != eapol_key_handshake_type_none |
6629 if (m_eapol_key_handshake_type != eapol_key_handshake_type_authenticated |
6523 && m_eapol_key_handshake_type != eapol_key_handshake_type_group_key_handshake |
6630 && m_eapol_key_handshake_type != eapol_key_handshake_type_group_key_handshake |
6524 && m_eapol_key_handshake_type != eapol_key_handshake_type_4_way_handshake) |
6631 && m_eapol_key_handshake_type != eapol_key_handshake_type_4_way_handshake) |
6525 { |
6632 { |
6526 eapol_key_state_string_c state_string; |
|
6527 EAP_TRACE_ERROR( |
6633 EAP_TRACE_ERROR( |
6528 m_am_tools, |
6634 m_am_tools, |
6529 TRACE_FLAGS_DEFAULT, |
6635 TRACE_FLAGS_DEFAULT, |
6530 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong handshake type %s\n"), |
6636 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong handshake type %s\n"), |
6531 (m_is_client == true ? "client": "server"), |
6637 (m_is_client == true ? "client": "server"), |
6532 state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
6638 eapol_key_state_string_c::get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
6533 |
6639 |
6534 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6640 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6535 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6641 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6536 } |
6642 } |
6537 |
6643 |
6538 if (get_eapol_key_state() != eapol_key_state_4_way_handshake_successfull |
6644 if (get_eapol_key_state() != eapol_key_state_4_way_handshake_successfull |
6539 && get_eapol_key_state() != eapol_key_state_group_key_handshake_successfull) |
6645 && get_eapol_key_state() != eapol_key_state_group_key_handshake_successfull) |
6540 { |
6646 { |
6541 eapol_key_state_string_c state_string; |
|
6542 EAP_TRACE_ERROR( |
6647 EAP_TRACE_ERROR( |
6543 m_am_tools, |
6648 m_am_tools, |
6544 TRACE_FLAGS_DEFAULT, |
6649 TRACE_FLAGS_DEFAULT, |
6545 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong state %s\n"), |
6650 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong state %s\n"), |
6546 (m_is_client == true ? "client": "server"), |
6651 (m_is_client == true ? "client": "server"), |
6547 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
6652 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
6548 |
6653 |
6549 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6654 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6550 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6655 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6551 } |
6656 } |
6552 |
6657 |
7010 packet_length); |
7115 packet_length); |
7011 } |
7116 } |
7012 else |
7117 else |
7013 { |
7118 { |
7014 // Unknown message received and dropped quietly. |
7119 // Unknown message received and dropped quietly. |
7015 eapol_key_state_string_c state_string; |
|
7016 EAP_TRACE_ERROR( |
7120 EAP_TRACE_ERROR( |
7017 m_am_tools, |
7121 m_am_tools, |
7018 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
7122 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
7019 (EAPL("WARNING: EAPOL_KEY: Handshake in NOT supported in m_eapol_key_handshake_type %s.\n"), |
7123 (EAPL("WARNING: EAPOL_KEY: Handshake in NOT supported in m_eapol_key_handshake_type %s.\n"), |
7020 state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
7124 eapol_key_state_string_c::get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
7021 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7125 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7022 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_illegal_packet_error); |
7126 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_illegal_packet_error); |
7023 } |
7127 } |
7024 |
7128 |
7025 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7129 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |