61 |
61 |
62 m_authentication_type = authentication_type; |
62 m_authentication_type = authentication_type; |
63 m_eapol_pairwise_cipher = eapol_pairwise_cipher; |
63 m_eapol_pairwise_cipher = eapol_pairwise_cipher; |
64 m_eapol_group_cipher = eapol_group_cipher; |
64 m_eapol_group_cipher = eapol_group_cipher; |
65 |
65 |
66 eapol_key_state_string_c state_string; |
|
67 EAP_TRACE_DEBUG( |
66 EAP_TRACE_DEBUG( |
68 m_am_tools, |
67 m_am_tools, |
69 TRACE_FLAGS_DEFAULT, |
68 TRACE_FLAGS_DEFAULT, |
70 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::save_parameters(): m_authentication_type=%s, ") |
69 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::save_parameters(): m_authentication_type=%s, ") |
71 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
70 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
72 (m_is_client == true) ? "client": "server", |
71 (m_is_client == true) ? "client": "server", |
73 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
72 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
74 m_eapol_pairwise_cipher, |
73 m_eapol_pairwise_cipher, |
75 m_eapol_group_cipher)); |
74 m_eapol_group_cipher)); |
76 |
75 |
77 |
76 |
78 if (get_is_RSNA() == true |
77 if (get_is_RSNA() == true |
228 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::initialize(): illegal group cipher suite %d.\n"), |
227 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::initialize(): illegal group cipher suite %d.\n"), |
229 m_eapol_group_cipher)); |
228 m_eapol_group_cipher)); |
230 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
229 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
231 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_cipher_suite); |
230 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_cipher_suite); |
232 } |
231 } |
233 else if (m_authentication_type == eapol_key_authentication_type_802_1X) |
232 else if (m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
|
233 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
234 ) |
234 { |
235 { |
235 // OK, cannot check the pairwise and group ciphers. |
236 // OK, cannot check the pairwise and group ciphers. |
236 // AP will tell these in the EAPOL RC4 Key message. |
237 // AP will tell these in the EAPOL RC4 Key message. |
237 } |
238 } |
238 |
239 |
952 const eapol_key_authentication_type_e authentication_type |
953 const eapol_key_authentication_type_e authentication_type |
953 ) |
954 ) |
954 { |
955 { |
955 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
956 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
956 |
957 |
957 eapol_key_state_string_c state_string; |
|
958 EAP_TRACE_DEBUG( |
958 EAP_TRACE_DEBUG( |
959 m_am_tools, |
959 m_am_tools, |
960 TRACE_FLAGS_DEFAULT, |
960 TRACE_FLAGS_DEFAULT, |
961 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
961 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
962 (m_is_client == true) ? "client": "server", |
962 (m_is_client == true) ? "client": "server", |
963 this, |
963 this, |
964 get_eapol_key_state(), |
964 get_eapol_key_state(), |
965 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
965 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
966 m_authentication_type, |
966 m_authentication_type, |
967 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
967 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
968 |
968 |
969 eap_status_e status = m_pairwise_PMK_WPXK3.set_copy_of_buffer(pairwise_PMK_WPXK3); |
969 eap_status_e status = m_pairwise_PMK_WPXK3.set_copy_of_buffer(pairwise_PMK_WPXK3); |
970 if (status != eap_status_ok) |
970 if (status != eap_status_ok) |
971 { |
971 { |
972 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
972 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1047 m_am_tools, |
1047 m_am_tools, |
1048 TRACE_FLAGS_DEFAULT, |
1048 TRACE_FLAGS_DEFAULT, |
1049 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): m_authentication_type=%s, ") |
1049 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_reassociation_parameters(): m_authentication_type=%s, ") |
1050 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
1050 EAPL("m_eapol_pairwise_cipher=%d, m_eapol_group_cipher=%d.\n"), |
1051 (m_is_client == true) ? "client": "server", |
1051 (m_is_client == true) ? "client": "server", |
1052 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
1052 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
1053 m_eapol_pairwise_cipher, |
1053 m_eapol_pairwise_cipher, |
1054 m_eapol_group_cipher)); |
1054 m_eapol_group_cipher)); |
1055 |
1055 |
1056 |
1056 |
1057 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1057 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1217 eapol_key_state_string_c eapol_key_state_string; |
1217 eapol_key_state_string_c eapol_key_state_string; |
1218 |
1218 |
1219 EAP_TRACE_DEBUG( |
1219 EAP_TRACE_DEBUG( |
1220 m_am_tools, |
1220 m_am_tools, |
1221 TRACE_FLAGS_DEFAULT, |
1221 TRACE_FLAGS_DEFAULT, |
1222 (EAPL("eapol_key_state_c::handshake_failure_notification(): %s, m_eapol_key_handshake_type=%s, get_eapol_key_state()=%s\n"), |
1222 (EAPL("eapol_key_state_c::handshake_failure_notification(): %s, m_eapol_key_handshake_type=%d=%s, get_eapol_key_state()=%d=%s\n"), |
1223 (m_is_client == true) ? "client": "server", |
1223 (m_is_client == true) ? "client": "server", |
|
1224 m_eapol_key_handshake_type, |
1224 eapol_key_state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type), |
1225 eapol_key_state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type), |
|
1226 get_eapol_key_state(), |
1225 eapol_key_state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1227 eapol_key_state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1226 |
1228 |
1227 EAP_ASSERT(m_am_tools->get_global_mutex()->get_is_reserved() == true); |
1229 EAP_ASSERT(m_am_tools->get_global_mutex()->get_is_reserved() == true); |
1228 |
1230 |
1229 if (m_eapol_key_handshake_type == eapol_key_handshake_type_4_way_handshake) |
1231 if (m_eapol_key_handshake_type == eapol_key_handshake_type_4_way_handshake) |
1320 TRACE_FLAGS_DEFAULT, |
1322 TRACE_FLAGS_DEFAULT, |
1321 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Group Key Handshake FAILED\n"), |
1323 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Group Key Handshake FAILED\n"), |
1322 (m_is_client == true ? "client": "server"))); |
1324 (m_is_client == true ? "client": "server"))); |
1323 } |
1325 } |
1324 } |
1326 } |
1325 else if (m_eapol_key_handshake_type == eapol_key_handshake_type_none) |
1327 else if (m_eapol_key_handshake_type == eapol_key_handshake_type_none |
|
1328 || m_eapol_key_handshake_type == eapol_key_handshake_type_authenticated) |
1326 { |
1329 { |
1327 EAP_TRACE_ALWAYS( |
1330 EAP_TRACE_ALWAYS( |
1328 m_am_tools, |
1331 m_am_tools, |
1329 TRACE_FLAGS_DEFAULT, |
1332 TRACE_FLAGS_DEFAULT, |
1330 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Unused EAPOL Key state.\n"), |
1333 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::handshake_failure_notification(): Unused EAPOL Key state.\n"), |
1413 (EAPL("eapol_key_state_c::check_pmksa_cache(): %s\n"), |
1416 (EAPL("eapol_key_state_c::check_pmksa_cache(): %s\n"), |
1414 (m_is_client == true) ? "client": "server")); |
1417 (m_is_client == true) ? "client": "server")); |
1415 |
1418 |
1416 eap_status_e status = eap_status_ok; |
1419 eap_status_e status = eap_status_ok; |
1417 |
1420 |
1418 eapol_key_state_string_c state_string; |
|
1419 EAP_TRACE_DEBUG( |
1421 EAP_TRACE_DEBUG( |
1420 m_am_tools, |
1422 m_am_tools, |
1421 TRACE_FLAGS_DEFAULT, |
1423 TRACE_FLAGS_DEFAULT, |
1422 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::check_pmksa_cache(): this = 0x%08x, state %d=%s, selected_eapol_key_authentication_type %d=%s, m_authentication_type %d=%s.\n"), |
1424 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::check_pmksa_cache(): this = 0x%08x, state %d=%s, selected_eapol_key_authentication_type %d=%s, m_authentication_type %d=%s.\n"), |
1423 (m_is_client == true) ? "client": "server", |
1425 (m_is_client == true) ? "client": "server", |
1424 this, |
1426 this, |
1425 get_eapol_key_state(), |
1427 get_eapol_key_state(), |
1426 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1428 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
1427 selected_eapol_key_authentication_type, |
1429 selected_eapol_key_authentication_type, |
1428 state_string.get_eapol_key_authentication_type_string(selected_eapol_key_authentication_type), |
1430 eapol_key_state_string_c::get_eapol_key_authentication_type_string(selected_eapol_key_authentication_type), |
1429 m_authentication_type, |
1431 m_authentication_type, |
1430 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1432 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1431 |
1433 |
1432 |
1434 |
1433 if (selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_EAP |
1435 if (selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_EAP |
1434 && selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_PSK |
1436 && selected_eapol_key_authentication_type != eapol_key_authentication_type_RSNA_PSK |
1435 && selected_eapol_key_authentication_type != eapol_key_authentication_type_WPXM) |
1437 && selected_eapol_key_authentication_type != eapol_key_authentication_type_WPXM) |
1453 const eap_am_network_id_c * const receive_network_id, |
1455 const eap_am_network_id_c * const receive_network_id, |
1454 const eapol_key_authentication_type_e authentication_type) |
1456 const eapol_key_authentication_type_e authentication_type) |
1455 { |
1457 { |
1456 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1458 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1457 |
1459 |
1458 eapol_key_state_string_c state_string; |
|
1459 EAP_TRACE_DEBUG( |
1460 EAP_TRACE_DEBUG( |
1460 m_am_tools, |
1461 m_am_tools, |
1461 TRACE_FLAGS_DEFAULT, |
1462 TRACE_FLAGS_DEFAULT, |
1462 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize_preauthentication(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1463 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::initialize_preauthentication(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1463 (m_is_client == true) ? "client": "server", |
1464 (m_is_client == true) ? "client": "server", |
1464 this, |
1465 this, |
1465 get_eapol_key_state(), |
1466 get_eapol_key_state(), |
1466 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1467 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
1467 m_authentication_type, |
1468 m_authentication_type, |
1468 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1469 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1469 |
1470 |
1470 eap_status_e status(eap_status_process_general_error); |
1471 eap_status_e status(eap_status_process_general_error); |
1471 |
1472 |
1472 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1473 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
1473 |
1474 |
1479 } |
1480 } |
1480 |
1481 |
1481 if (m_authentication_type == eapol_key_authentication_type_none |
1482 if (m_authentication_type == eapol_key_authentication_type_none |
1482 || m_authentication_type == eapol_key_authentication_type_RSNA_PSK |
1483 || m_authentication_type == eapol_key_authentication_type_RSNA_PSK |
1483 || m_authentication_type == eapol_key_authentication_type_WPA_PSK |
1484 || m_authentication_type == eapol_key_authentication_type_WPA_PSK |
1484 || m_authentication_type == eapol_key_authentication_type_802_1X) |
1485 || m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
|
1486 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
1487 ) |
1485 { |
1488 { |
1486 // Illegal authentication type. |
1489 // Illegal authentication type. |
1487 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1490 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1488 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
1491 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
1489 } |
1492 } |
1519 const eap_variable_data_c * const received_WPA_ie, |
1522 const eap_variable_data_c * const received_WPA_ie, |
1520 const eap_variable_data_c * const sent_WPA_ie) |
1523 const eap_variable_data_c * const sent_WPA_ie) |
1521 { |
1524 { |
1522 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1525 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
1523 |
1526 |
1524 eapol_key_state_string_c state_string; |
|
1525 EAP_TRACE_DEBUG( |
1527 EAP_TRACE_DEBUG( |
1526 m_am_tools, |
1528 m_am_tools, |
1527 TRACE_FLAGS_DEFAULT, |
1529 TRACE_FLAGS_DEFAULT, |
1528 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1530 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
1529 (m_is_client == true) ? "client": "server", |
1531 (m_is_client == true) ? "client": "server", |
1530 this, |
1532 this, |
1531 get_eapol_key_state(), |
1533 get_eapol_key_state(), |
1532 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
1534 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
1533 m_authentication_type, |
1535 m_authentication_type, |
1534 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
1536 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
1535 |
1537 |
1536 |
1538 |
1537 (void) cancel_pmksa_caching_timeout(); |
1539 (void) cancel_pmksa_caching_timeout(); |
1538 (void) cancel_handshake_timeout(); |
1540 (void) cancel_handshake_timeout(); |
1539 (void) cancel_reassociate_timeout(); |
1541 (void) cancel_reassociate_timeout(); |
1595 TRACE_FLAGS_DEFAULT, |
1597 TRACE_FLAGS_DEFAULT, |
1596 (EAPL("ERROR: EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, (get_eapol_key_state()=%d=%s) != (eapol_key_state_preauthenticated)\n"), |
1598 (EAPL("ERROR: EAPOL_KEY: %s: eapol_key_state_c::read_reassociation_parameters(): this = 0x%08x, (get_eapol_key_state()=%d=%s) != (eapol_key_state_preauthenticated)\n"), |
1597 (m_is_client == true) ? "client": "server", |
1599 (m_is_client == true) ? "client": "server", |
1598 this, |
1600 this, |
1599 get_eapol_key_state(), |
1601 get_eapol_key_state(), |
1600 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1602 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
1601 |
1603 |
1602 EAP_TRACE_DEBUG( |
1604 EAP_TRACE_DEBUG( |
1603 m_am_tools, |
1605 m_am_tools, |
1604 TRACE_FLAGS_DEFAULT, |
1606 TRACE_FLAGS_DEFAULT, |
1605 (EAPL("ERROR: EAPOL_KEY: %s: || (m_authentication_type=%d=%s) != (required_authentication_type=%d=%s)\n"), |
1607 (EAPL("ERROR: EAPOL_KEY: %s: || (m_authentication_type=%d=%s) != (required_authentication_type=%d=%s)\n"), |
1606 (m_is_client == true) ? "client": "server", |
1608 (m_is_client == true) ? "client": "server", |
1607 m_authentication_type, |
1609 m_authentication_type, |
1608 state_string.get_eapol_key_authentication_type_string(m_authentication_type), |
1610 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
1609 required_authentication_type, |
1611 required_authentication_type, |
1610 state_string.get_eapol_key_authentication_type_string(required_authentication_type))); |
1612 eapol_key_state_string_c::get_eapol_key_authentication_type_string(required_authentication_type))); |
1611 |
1613 |
1612 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1614 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
1613 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1615 return EAP_STATUS_RETURN(m_am_tools, eap_status_authentication_failure); |
1614 } |
1616 } |
1615 |
1617 |
1834 id, |
1836 id, |
1835 data)); |
1837 data)); |
1836 |
1838 |
1837 if (id == EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID) |
1839 if (id == EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID) |
1838 { |
1840 { |
1839 eapol_key_state_string_c state_string; |
|
1840 EAP_TRACE_DEBUG( |
1841 EAP_TRACE_DEBUG( |
1841 m_am_tools, |
1842 m_am_tools, |
1842 TRACE_FLAGS_DEFAULT, |
1843 TRACE_FLAGS_DEFAULT, |
1843 (EAPL("TIMER: EAPOL_KEY: %s: EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID expired, eapol_key_state=%d=%s\n"), |
1844 (EAPL("TIMER: EAPOL_KEY: %s: EAPOL_KEY_STATE_TIMER_HANDSHAKE_TIMEOUT_ID expired, eapol_key_state=%d=%s\n"), |
1844 (m_is_client == true ? "client": "server"), |
1845 (m_is_client == true ? "client": "server"), |
1845 get_eapol_key_state(), |
1846 get_eapol_key_state(), |
1846 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
1847 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
1847 |
1848 |
1848 if ((m_is_client == true |
1849 if ((m_is_client == true |
1849 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_3) |
1850 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_3) |
1850 || (m_is_client == false |
1851 || (m_is_client == false |
1851 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_2)) |
1852 && get_eapol_key_state() == eapol_key_state_wait_4_way_handshake_message_2)) |
1857 // There could be other problems too. |
1858 // There could be other problems too. |
1858 send_error_notification(eap_status_wrong_password); |
1859 send_error_notification(eap_status_wrong_password); |
1859 } |
1860 } |
1860 else if (m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
1861 else if (m_authentication_type == eapol_key_authentication_type_RSNA_EAP |
1861 || m_authentication_type == eapol_key_authentication_type_WPA_EAP |
1862 || m_authentication_type == eapol_key_authentication_type_WPA_EAP |
1862 || m_authentication_type == eapol_key_authentication_type_802_1X |
1863 || m_authentication_type == eapol_key_authentication_type_dynamic_WEP |
1863 || m_authentication_type == eapol_key_authentication_type_WPXM) |
1864 || m_authentication_type == eapol_key_authentication_type_WPXM |
|
1865 || m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
1866 ) |
1864 { |
1867 { |
1865 send_error_notification(eap_status_authentication_failure); |
1868 send_error_notification(eap_status_authentication_failure); |
1866 } |
1869 } |
1867 } |
1870 } |
1868 else if (get_eapol_key_state() != eapol_key_state_none) |
1871 else if (get_eapol_key_state() != eapol_key_state_none) |
2781 key_data_payload, |
2784 key_data_payload, |
2782 debug_string.get_eapol_key_state_string(expected_key_message), |
2785 debug_string.get_eapol_key_state_string(expected_key_message), |
2783 expected_key_message)); |
2786 expected_key_message)); |
2784 } |
2787 } |
2785 |
2788 |
2786 if (get_is_RSNA() == true |
2789 if (current_key_descriptor_type == eapol_RSNA_key_data_type_RSN_key_data |
2787 && eapol_key_descriptor_type == eapol_key_descriptor_type_RSNA |
|
2788 && current_key_descriptor_type == eapol_RSNA_key_data_type_RSN_key_data |
|
2789 && check_is_aes_key_wrap_padding( |
2790 && check_is_aes_key_wrap_padding( |
2790 current_key_descriptor_type, |
2791 current_key_descriptor_type, |
2791 key_data_payload, |
2792 key_data_payload, |
2792 *key_data_max_length) == eap_status_ok) |
2793 *key_data_max_length) == eap_status_ok) |
2793 { |
2794 { |
|
2795 if (get_is_RSNA() == false) |
|
2796 { |
|
2797 EAP_TRACE_DEBUG( |
|
2798 m_am_tools, |
|
2799 TRACE_FLAGS_DEFAULT, |
|
2800 (EAPL("WARNING: EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding in non RSNA\n"), |
|
2801 key_data_payload)); |
|
2802 } |
|
2803 |
|
2804 if (eapol_key_descriptor_type != eapol_key_descriptor_type_RSNA) |
|
2805 { |
|
2806 EAP_TRACE_DEBUG( |
|
2807 m_am_tools, |
|
2808 TRACE_FLAGS_DEFAULT, |
|
2809 (EAPL("WARNING: EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding in non RSNA, eapol_key_descriptor_type=%d\n"), |
|
2810 key_data_payload, |
|
2811 eapol_key_descriptor_type)); |
|
2812 } |
|
2813 |
2794 EAP_TRACE_DEBUG( |
2814 EAP_TRACE_DEBUG( |
2795 m_am_tools, |
2815 m_am_tools, |
2796 TRACE_FLAGS_DEFAULT, |
2816 TRACE_FLAGS_DEFAULT, |
2797 (EAPL("EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding\n"), |
2817 (EAPL("EAPOL_KEY: eapol_key_state_c::parse_generic_key_data_payload(0x%08x): AES key wrapping padding, %d bytes\n"), |
2798 key_data_payload)); |
2818 key_data_payload, |
|
2819 *key_data_max_length)); |
2799 |
2820 |
2800 // This is AES key wrap padding. |
2821 // This is AES key wrap padding. |
2801 *key_data_max_length = 0ul; |
2822 *key_data_max_length = 0ul; |
2802 |
2823 |
2803 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
2824 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3603 } |
3624 } |
3604 } |
3625 } |
3605 |
3626 |
3606 if (*buffer_length != 0u) |
3627 if (*buffer_length != 0u) |
3607 { |
3628 { |
3608 if (key_descriptor_version == eapol_RSNA_key_header_c::m_key_descriptor_version_1) |
3629 // Check is this padding. |
|
3630 const u8_t * const padding = payload.get_header_offset(payload.get_header_and_body_length(), *buffer_length); |
|
3631 |
|
3632 status = check_padding(padding, *buffer_length); |
|
3633 |
|
3634 if (status != eap_status_ok |
|
3635 && key_descriptor_version == eapol_RSNA_key_header_c::m_key_descriptor_version_1) |
3609 { |
3636 { |
3610 EAP_TRACE_ERROR( |
3637 EAP_TRACE_ERROR( |
3611 m_am_tools, |
3638 m_am_tools, |
3612 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
3639 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
3613 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::parse_key_data(): ") |
3640 (EAPL("ERROR: EAPOL_KEY: eapol_key_state_c::parse_key_data(): ") |
3614 EAPL("EAPOl Key Data-header is corrupted. Buffer length ") |
3641 EAPL("EAPOl Key Data-header is corrupted. Buffer length ") |
3615 EAPL("and payload length does not match. %lu illegal bytes.\n"), |
3642 EAPL("and payload length does not match. %d illegal bytes.\n"), |
3616 *buffer_length)); |
3643 *buffer_length)); |
|
3644 EAP_TRACE_DATA_ERROR( |
|
3645 m_am_tools, |
|
3646 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
|
3647 (EAPL("ERROR: illegal padding"), |
|
3648 padding, |
|
3649 *buffer_length)); |
3617 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3650 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
3618 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
3651 return EAP_STATUS_RETURN(m_am_tools, eap_status_header_corrupted); |
3619 } |
3652 } |
3620 } |
3653 } |
3621 |
3654 |
4302 EAPL("m_encryption_KEK is missing or corrupted.\n"))); |
4335 EAPL("m_encryption_KEK is missing or corrupted.\n"))); |
4303 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4336 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4304 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
4337 return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_parameter); |
4305 } |
4338 } |
4306 |
4339 |
|
4340 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
4341 |
|
4342 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4343 |
|
4344 if (aes_wrap.get_is_valid() == false) |
|
4345 { |
|
4346 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4347 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4348 } |
|
4349 |
|
4350 u32_t padding_length(0ul); |
|
4351 u32_t min_key_data_length = 2ul * aes_wrap.get_block_size(); |
|
4352 |
|
4353 if (eapol_key_message->get_key_data_length() < min_key_data_length) |
|
4354 { |
|
4355 padding_length = min_key_data_length - eapol_key_message->get_key_data_length(); |
|
4356 } |
|
4357 else if ((eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()) != 0) |
|
4358 { |
|
4359 padding_length = aes_wrap.get_block_size() |
|
4360 - (eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()); |
|
4361 } |
|
4362 |
|
4363 u32_t padding_offset = eapol_key_message->get_key_data_length(); |
|
4364 |
|
4365 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4307 |
4366 |
4308 if (m_eapol_pairwise_cipher |
4367 if (m_eapol_pairwise_cipher |
4309 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP |
4368 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP |
4310 || m_eapol_group_cipher |
4369 || m_eapol_group_cipher |
4311 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP) |
4370 == eapol_RSNA_key_header_c::eapol_RSNA_cipher_CCMP) |
4313 EAP_TRACE_DEBUG( |
4372 EAP_TRACE_DEBUG( |
4314 m_am_tools, |
4373 m_am_tools, |
4315 TRACE_FLAGS_DEFAULT, |
4374 TRACE_FLAGS_DEFAULT, |
4316 (EAPL("EAPOL_KEY: AES-WRAP encryption algorithm.\n"))); |
4375 (EAPL("EAPOL_KEY: AES-WRAP encryption algorithm.\n"))); |
4317 |
4376 |
4318 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4319 |
|
4320 if (aes_wrap.get_is_valid() == false) |
|
4321 { |
|
4322 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4323 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4324 } |
|
4325 |
|
4326 status = aes_wrap.set_encryption_key( |
4377 status = aes_wrap.set_encryption_key( |
4327 m_encryption_KEK.get_data(), |
4378 m_encryption_KEK.get_data(), |
4328 m_encryption_KEK.get_data_length()); |
4379 m_encryption_KEK.get_data_length()); |
4329 if (status != eap_status_ok) |
4380 if (status != eap_status_ok) |
4330 { |
4381 { |
4331 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4382 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4332 return EAP_STATUS_RETURN(m_am_tools, status); |
4383 return EAP_STATUS_RETURN(m_am_tools, status); |
4333 } |
4384 } |
4334 |
|
4335 u32_t padding_length(0ul); |
|
4336 u32_t min_key_data_length = 2ul * aes_wrap.get_block_size(); |
|
4337 |
|
4338 if (eapol_key_message->get_key_data_length() < min_key_data_length) |
|
4339 { |
|
4340 padding_length = min_key_data_length - eapol_key_message->get_key_data_length(); |
|
4341 } |
|
4342 else if ((eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()) != 0) |
|
4343 { |
|
4344 padding_length = aes_wrap.get_block_size() |
|
4345 - (eapol_key_message->get_key_data_length() % aes_wrap.get_block_size()); |
|
4346 } |
|
4347 |
|
4348 u32_t padding_offset = eapol_key_message->get_key_data_length(); |
|
4349 |
4385 |
4350 // AES-Wrap increases message length with one block. |
4386 // AES-Wrap increases message length with one block. |
4351 status = eapol_key_message->set_key_data_length( |
4387 status = eapol_key_message->set_key_data_length( |
4352 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
4388 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
4353 + padding_length |
4389 + padding_length |
4447 status = rc4->discard_stream(EAPOL_RSNA_RC4_KEY_STREAM_DISCARD_LENGTH); |
4483 status = rc4->discard_stream(EAPOL_RSNA_RC4_KEY_STREAM_DISCARD_LENGTH); |
4448 if (status != eap_status_ok) |
4484 if (status != eap_status_ok) |
4449 { |
4485 { |
4450 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4486 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
4451 return EAP_STATUS_RETURN(m_am_tools, status); |
4487 return EAP_STATUS_RETURN(m_am_tools, status); |
|
4488 } |
|
4489 |
|
4490 if (padding_length > 0ul) |
|
4491 { |
|
4492 // Of course some access points use padding also with RC4 encryption. It is required only with AES-wrap algorithm. |
|
4493 crypto_aes_wrap_c aes_wrap(m_am_tools); |
|
4494 |
|
4495 if (aes_wrap.get_is_valid() == false) |
|
4496 { |
|
4497 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4498 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
4499 } |
|
4500 |
|
4501 aes_wrap.add_padding_bytes( |
|
4502 eapol_key_message->get_key_data_offset( |
|
4503 padding_offset, |
|
4504 padding_length), |
|
4505 padding_length); |
|
4506 |
|
4507 status = eapol_key_message->set_key_data_length( |
|
4508 static_cast<u16_t>(eapol_key_message->get_key_data_length() |
|
4509 + padding_length)); |
|
4510 if (status != eap_status_ok) |
|
4511 { |
|
4512 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
4513 return EAP_STATUS_RETURN(m_am_tools, status); |
|
4514 } |
|
4515 |
4452 } |
4516 } |
4453 |
4517 |
4454 EAP_TRACE_DATA_DEBUG( |
4518 EAP_TRACE_DATA_DEBUG( |
4455 m_am_tools, |
4519 m_am_tools, |
4456 TRACE_FLAGS_DEFAULT, |
4520 TRACE_FLAGS_DEFAULT, |
5111 eap_general_header_base_c * const packet_data, |
5175 eap_general_header_base_c * const packet_data, |
5112 const u32_t packet_length) |
5176 const u32_t packet_length) |
5113 { |
5177 { |
5114 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5178 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5115 |
5179 |
|
5180 EAP_TRACE_DEBUG( |
|
5181 m_am_tools, |
|
5182 TRACE_FLAGS_DEFAULT, |
|
5183 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::process_eapol_key_frame(): ") |
|
5184 EAPL("m_authentication_type=%d=%s, m_eapol_key_state=%d=%s\n"), |
|
5185 (m_is_client == true ? "client": "server"), |
|
5186 m_authentication_type, |
|
5187 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type), |
|
5188 m_eapol_key_state, |
|
5189 eapol_key_state_string_c::get_eapol_key_state_string(m_eapol_key_state))); |
|
5190 |
5116 eap_status_e status = eap_status_not_supported; |
5191 eap_status_e status = eap_status_not_supported; |
5117 |
5192 |
5118 if (packet_length < eapol_header_wr_c::get_header_length() |
5193 if (packet_length < eapol_header_wr_c::get_header_length() |
5119 || packet_data->get_header_buffer_length() < eapol_header_wr_c::get_header_length() |
5194 || packet_data->get_header_buffer_length() < eapol_header_wr_c::get_header_length() |
5120 || packet_data->get_header_buffer_length() < packet_length) |
5195 || packet_data->get_header_buffer_length() < packet_length) |
5248 |
5323 |
5249 EAP_FUNC_EXPORT void eapol_key_state_c::set_eapol_key_state(const eapol_key_state_e state) |
5324 EAP_FUNC_EXPORT void eapol_key_state_c::set_eapol_key_state(const eapol_key_state_e state) |
5250 { |
5325 { |
5251 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5326 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5252 |
5327 |
5253 eapol_key_state_string_c state_string; |
|
5254 |
|
5255 EAP_TRACE_DEBUG( |
5328 EAP_TRACE_DEBUG( |
5256 m_am_tools, |
5329 m_am_tools, |
5257 TRACE_FLAGS_DEFAULT, |
5330 TRACE_FLAGS_DEFAULT, |
5258 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_eapol_key_state(): set_eapol_key_state() from %s to %s\n"), |
5331 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::set_eapol_key_state(): set_eapol_key_state() from %s to %s\n"), |
5259 (m_is_client == true ? "client": "server"), |
5332 (m_is_client == true ? "client": "server"), |
5260 state_string.get_eapol_key_state_string(m_eapol_key_state), |
5333 eapol_key_state_string_c::get_eapol_key_state_string(m_eapol_key_state), |
5261 state_string.get_eapol_key_state_string(state))); |
5334 eapol_key_state_string_c::get_eapol_key_state_string(state))); |
5262 |
5335 |
5263 m_eapol_key_state = state; |
5336 m_eapol_key_state = state; |
5264 |
5337 |
5265 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
5338 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
5266 } |
5339 } |
5395 //-------------------------------------------------- |
5468 //-------------------------------------------------- |
5396 |
5469 |
5397 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_handshake_timeout( |
5470 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_handshake_timeout( |
5398 const u32_t timeout) |
5471 const u32_t timeout) |
5399 { |
5472 { |
5400 eapol_key_state_string_c state_string; |
|
5401 EAP_TRACE_DEBUG( |
5473 EAP_TRACE_DEBUG( |
5402 m_am_tools, |
5474 m_am_tools, |
5403 TRACE_FLAGS_DEFAULT, |
5475 TRACE_FLAGS_DEFAULT, |
5404 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_handshake_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5476 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_handshake_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5405 (m_is_client == true) ? "client": "server", |
5477 (m_is_client == true) ? "client": "server", |
5406 this, |
5478 this, |
5407 get_eapol_key_state(), |
5479 get_eapol_key_state(), |
5408 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5480 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5409 m_authentication_type, |
5481 m_authentication_type, |
5410 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5482 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5411 |
5483 |
5412 if (m_handshake_timeout_set == true) |
5484 if (m_handshake_timeout_set == true) |
5413 { |
5485 { |
5414 EAP_TRACE_DEBUG( |
5486 EAP_TRACE_DEBUG( |
5415 m_am_tools, |
5487 m_am_tools, |
5473 //-------------------------------------------------- |
5545 //-------------------------------------------------- |
5474 |
5546 |
5475 eap_status_e eapol_key_state_c::init_reassociate_timeout( |
5547 eap_status_e eapol_key_state_c::init_reassociate_timeout( |
5476 const u32_t timeout) |
5548 const u32_t timeout) |
5477 { |
5549 { |
5478 eapol_key_state_string_c state_string; |
|
5479 EAP_TRACE_DEBUG( |
5550 EAP_TRACE_DEBUG( |
5480 m_am_tools, |
5551 m_am_tools, |
5481 TRACE_FLAGS_DEFAULT, |
5552 TRACE_FLAGS_DEFAULT, |
5482 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_reassociate_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5553 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_reassociate_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5483 (m_is_client == true) ? "client": "server", |
5554 (m_is_client == true) ? "client": "server", |
5484 this, |
5555 this, |
5485 get_eapol_key_state(), |
5556 get_eapol_key_state(), |
5486 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5557 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5487 m_authentication_type, |
5558 m_authentication_type, |
5488 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5559 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5489 |
5560 |
5490 eap_status_e status = m_key_state_partner->set_timer( |
5561 eap_status_e status = m_key_state_partner->set_timer( |
5491 this, |
5562 this, |
5492 EAPOL_KEY_STATE_TIMER_REASSOCIATE_TIMEOUT_ID, |
5563 EAPOL_KEY_STATE_TIMER_REASSOCIATE_TIMEOUT_ID, |
5493 0, |
5564 0, |
5538 |
5609 |
5539 //-------------------------------------------------- |
5610 //-------------------------------------------------- |
5540 |
5611 |
5541 eap_status_e eapol_key_state_c::init_4_way_handshake_start_timeout() |
5612 eap_status_e eapol_key_state_c::init_4_way_handshake_start_timeout() |
5542 { |
5613 { |
5543 eapol_key_state_string_c state_string; |
|
5544 EAP_TRACE_DEBUG( |
5614 EAP_TRACE_DEBUG( |
5545 m_am_tools, |
5615 m_am_tools, |
5546 TRACE_FLAGS_DEFAULT, |
5616 TRACE_FLAGS_DEFAULT, |
5547 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_4_way_handshake_start_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5617 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_4_way_handshake_start_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5548 (m_is_client == true) ? "client": "server", |
5618 (m_is_client == true) ? "client": "server", |
5549 this, |
5619 this, |
5550 get_eapol_key_state(), |
5620 get_eapol_key_state(), |
5551 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5621 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5552 m_authentication_type, |
5622 m_authentication_type, |
5553 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5623 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5554 |
5624 |
5555 eap_status_e status = m_key_state_partner->set_timer( |
5625 eap_status_e status = m_key_state_partner->set_timer( |
5556 this, |
5626 this, |
5557 EAPOL_KEY_STATE_TIMER_INITIALIZE_4_WAY_HANDSHAKE_TIMEOUT_ID, |
5627 EAPOL_KEY_STATE_TIMER_INITIALIZE_4_WAY_HANDSHAKE_TIMEOUT_ID, |
5558 0, |
5628 0, |
5603 |
5673 |
5604 //-------------------------------------------------- |
5674 //-------------------------------------------------- |
5605 |
5675 |
5606 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::cancel_authentication_session() |
5676 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::cancel_authentication_session() |
5607 { |
5677 { |
5608 eapol_key_state_string_c state_string; |
|
5609 EAP_TRACE_DEBUG( |
5678 EAP_TRACE_DEBUG( |
5610 m_am_tools, |
5679 m_am_tools, |
5611 TRACE_FLAGS_DEFAULT, |
5680 TRACE_FLAGS_DEFAULT, |
5612 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::cancel_authentication_session(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5681 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::cancel_authentication_session(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5613 (m_is_client == true) ? "client": "server", |
5682 (m_is_client == true) ? "client": "server", |
5614 this, |
5683 this, |
5615 get_eapol_key_state(), |
5684 get_eapol_key_state(), |
5616 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5685 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5617 m_authentication_type, |
5686 m_authentication_type, |
5618 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5687 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5619 |
5688 |
5620 eap_status_e status(eap_status_process_general_error); |
5689 eap_status_e status(eap_status_process_general_error); |
5621 |
5690 |
5622 // RSNA could cache the current PMKSA. |
5691 // RSNA could cache the current PMKSA. |
5623 status = init_pmksa_caching_timeout(); |
5692 status = init_pmksa_caching_timeout(); |
5628 |
5697 |
5629 //-------------------------------------------------- |
5698 //-------------------------------------------------- |
5630 |
5699 |
5631 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_pmksa_caching_timeout() |
5700 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_pmksa_caching_timeout() |
5632 { |
5701 { |
5633 eapol_key_state_string_c state_string; |
|
5634 EAP_TRACE_DEBUG( |
5702 EAP_TRACE_DEBUG( |
5635 m_am_tools, |
5703 m_am_tools, |
5636 TRACE_FLAGS_DEFAULT, |
5704 TRACE_FLAGS_DEFAULT, |
5637 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5705 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_pmksa_caching_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5638 (m_is_client == true) ? "client": "server", |
5706 (m_is_client == true) ? "client": "server", |
5639 this, |
5707 this, |
5640 get_eapol_key_state(), |
5708 get_eapol_key_state(), |
5641 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5709 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5642 m_authentication_type, |
5710 m_authentication_type, |
5643 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5711 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5644 |
5712 |
5645 eap_status_e status(eap_status_process_general_error); |
5713 eap_status_e status(eap_status_process_general_error); |
5646 |
5714 |
5647 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
5715 #if defined(USE_EAPOL_KEY_STATE_OPTIMIZED_4_WAY_HANDSHAKE) |
5648 { |
5716 { |
5888 //-------------------------------------------------- |
5956 //-------------------------------------------------- |
5889 |
5957 |
5890 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_group_key_update_timeout( |
5958 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::init_group_key_update_timeout( |
5891 const u32_t timeout) |
5959 const u32_t timeout) |
5892 { |
5960 { |
5893 eapol_key_state_string_c state_string; |
|
5894 EAP_TRACE_DEBUG( |
5961 EAP_TRACE_DEBUG( |
5895 m_am_tools, |
5962 m_am_tools, |
5896 TRACE_FLAGS_DEFAULT, |
5963 TRACE_FLAGS_DEFAULT, |
5897 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_group_key_update_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5964 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::init_group_key_update_timeout(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5898 (m_is_client == true) ? "client": "server", |
5965 (m_is_client == true) ? "client": "server", |
5899 this, |
5966 this, |
5900 get_eapol_key_state(), |
5967 get_eapol_key_state(), |
5901 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
5968 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5902 m_authentication_type, |
5969 m_authentication_type, |
5903 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
5970 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5904 |
5971 |
5905 eap_status_e status = m_key_state_partner->set_timer( |
5972 eap_status_e status = m_key_state_partner->set_timer( |
5906 this, |
5973 this, |
5907 EAPOL_KEY_STATE_TIMER_GROUP_KEY_UPDATE_TIMEOUT_ID, |
5974 EAPOL_KEY_STATE_TIMER_GROUP_KEY_UPDATE_TIMEOUT_ID, |
5908 0, |
5975 0, |
5953 // |
6020 // |
5954 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::reset_cached_pmksa() |
6021 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::reset_cached_pmksa() |
5955 { |
6022 { |
5956 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
6023 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
5957 |
6024 |
5958 eapol_key_state_string_c state_string; |
|
5959 EAP_TRACE_DEBUG( |
6025 EAP_TRACE_DEBUG( |
5960 m_am_tools, |
6026 m_am_tools, |
5961 TRACE_FLAGS_DEFAULT, |
6027 TRACE_FLAGS_DEFAULT, |
5962 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::reset_cached_pmksa(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
6028 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::reset_cached_pmksa(): this = 0x%08x, state %d=%s, m_authentication_type %d=%s.\n"), |
5963 (m_is_client == true) ? "client": "server", |
6029 (m_is_client == true) ? "client": "server", |
5964 this, |
6030 this, |
5965 get_eapol_key_state(), |
6031 get_eapol_key_state(), |
5966 state_string.get_eapol_key_state_string(get_eapol_key_state()), |
6032 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()), |
5967 m_authentication_type, |
6033 m_authentication_type, |
5968 state_string.get_eapol_key_authentication_type_string(m_authentication_type))); |
6034 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
5969 |
6035 |
5970 eap_status_e status = eap_status_ok; |
6036 eap_status_e status = eap_status_ok; |
5971 |
6037 |
5972 for (u32_t key_type = 0ul; key_type < eapol_key_type_last_type; key_type++) |
6038 for (u32_t key_type = 0ul; key_type < eapol_key_type_last_type; key_type++) |
5973 { |
6039 { |
6290 if (m_authentication_type == eapol_key_authentication_type_none) |
6356 if (m_authentication_type == eapol_key_authentication_type_none) |
6291 { |
6357 { |
6292 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6358 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6293 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
6359 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); |
6294 } |
6360 } |
6295 else if (m_authentication_type != eapol_key_authentication_type_802_1X) |
6361 else if (m_authentication_type != eapol_key_authentication_type_dynamic_WEP |
|
6362 && m_authentication_type != eapol_key_authentication_type_EAP_authentication_no_encryption |
|
6363 ) |
6296 { |
6364 { |
6297 // Truncate PMK only in WPA and RSN case |
6365 // Truncate PMK only in WPA and RSN case |
6298 if (pmk_key_length > EAPOL_RSNA_PMK_LENGTH_BYTES) |
6366 if (pmk_key_length > EAPOL_RSNA_PMK_LENGTH_BYTES) |
6299 { |
6367 { |
6300 pmk_key_length = EAPOL_RSNA_PMK_LENGTH_BYTES; |
6368 pmk_key_length = EAPOL_RSNA_PMK_LENGTH_BYTES; |
6343 if (field[ind] != 0) |
6411 if (field[ind] != 0) |
6344 { |
6412 { |
6345 status = eap_status_illegal_padding; |
6413 status = eap_status_illegal_padding; |
6346 break; |
6414 break; |
6347 } |
6415 } |
|
6416 } |
|
6417 |
|
6418 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6419 return EAP_STATUS_RETURN(m_am_tools, status); |
|
6420 } |
|
6421 |
|
6422 //-------------------------------------------------- |
|
6423 |
|
6424 // |
|
6425 EAP_FUNC_EXPORT eap_status_e eapol_key_state_c::check_padding( |
|
6426 const u8_t * const field, |
|
6427 const u32_t field_length) |
|
6428 { |
|
6429 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6430 |
|
6431 eap_status_e status = eap_status_ok; |
|
6432 |
|
6433 if (field == 0 |
|
6434 || field_length == 0ul |
|
6435 || field[0] != eapol_RSNA_key_data_type_RSN_key_data |
|
6436 || verify_field_is_zero( |
|
6437 field+1, |
|
6438 field_length-1) != eap_status_ok) |
|
6439 { |
|
6440 status = eap_status_illegal_padding; |
6348 } |
6441 } |
6349 |
6442 |
6350 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6443 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6351 return EAP_STATUS_RETURN(m_am_tools, status); |
6444 return EAP_STATUS_RETURN(m_am_tools, status); |
6352 } |
6445 } |
6426 // OK, we need 4-Way Handshake. |
6519 // OK, we need 4-Way Handshake. |
6427 EAP_TRACE_DEBUG( |
6520 EAP_TRACE_DEBUG( |
6428 m_am_tools, |
6521 m_am_tools, |
6429 TRACE_FLAGS_DEFAULT, |
6522 TRACE_FLAGS_DEFAULT, |
6430 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6523 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6431 EAPL("Allow 4-Way Handshake, m_authentication_type=%d\n"), |
6524 EAPL("Allow 4-Way Handshake, m_authentication_type=%d=%s\n"), |
6432 (m_is_client == true ? "client": "server"), |
6525 (m_is_client == true ? "client": "server"), |
6433 m_authentication_type)); |
6526 m_authentication_type, |
|
6527 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
6434 |
6528 |
6435 m_eapol_key_handshake_type = eapol_key_handshake_type_4_way_handshake; |
6529 m_eapol_key_handshake_type = eapol_key_handshake_type_4_way_handshake; |
6436 m_eapol_key_state = eapol_key_state_wait_4_way_handshake_message_1; |
6530 m_eapol_key_state = eapol_key_state_wait_4_way_handshake_message_1; |
6437 } |
6531 } |
6438 else if (m_authentication_type == eapol_key_authentication_type_802_1X) |
6532 else if (m_authentication_type == eapol_key_authentication_type_dynamic_WEP) |
|
6533 { |
|
6534 // No 4-Way Handshake needed. |
|
6535 // AP will send unicast and broad cast keys in EAPOL key RC4 messages. |
|
6536 EAP_TRACE_DEBUG( |
|
6537 m_am_tools, |
|
6538 TRACE_FLAGS_DEFAULT, |
|
6539 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
|
6540 EAPL("Dynamic WEP, m_authentication_type=%d=%s\n"), |
|
6541 (m_is_client == true ? "client": "server"), |
|
6542 m_authentication_type, |
|
6543 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
|
6544 |
|
6545 m_eapol_key_handshake_type = eapol_key_handshake_type_dynamic_WEP; |
|
6546 m_eapol_key_state = eapol_key_state_wait_rc4_key_message; |
|
6547 |
|
6548 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6549 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
|
6550 } |
|
6551 else if (m_authentication_type == eapol_key_authentication_type_EAP_authentication_no_encryption |
|
6552 ) |
6439 { |
6553 { |
6440 // No 4-Way Handshake needed. |
6554 // No 4-Way Handshake needed. |
6441 // AP will send unicast and broad cast keys in EAPOL key messages. |
6555 // AP will send unicast and broad cast keys in EAPOL key messages. |
6442 EAP_TRACE_DEBUG( |
6556 EAP_TRACE_DEBUG( |
6443 m_am_tools, |
6557 m_am_tools, |
6445 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6559 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6446 EAPL("Dynamic WEP, m_authentication_type=%d\n"), |
6560 EAPL("Dynamic WEP, m_authentication_type=%d\n"), |
6447 (m_is_client == true ? "client": "server"), |
6561 (m_is_client == true ? "client": "server"), |
6448 m_authentication_type)); |
6562 m_authentication_type)); |
6449 |
6563 |
6450 m_eapol_key_handshake_type = eapol_key_handshake_type_dynamic_WEP; |
6564 m_eapol_key_handshake_type = eapol_key_handshake_type_EAP_authentication_no_encryption; |
6451 m_eapol_key_state = eapol_key_state_wait_rc4_key_message; |
6565 m_eapol_key_state = eapol_key_state_802_11i_authentication_finished_successfull; |
|
6566 |
|
6567 { |
|
6568 // This is notification to eapol_core_c object. |
|
6569 // EAP authentication without encryption finished successfully. |
|
6570 eap_state_notification_c * notification = new eap_state_notification_c( |
|
6571 m_am_tools, |
|
6572 &m_send_network_id, |
|
6573 m_is_client, |
|
6574 eap_state_notification_generic, |
|
6575 eap_protocol_layer_eapol_key, |
|
6576 eapol_key_authentication_type_EAP_authentication_no_encryption, |
|
6577 get_eapol_key_state(), |
|
6578 eapol_key_state_802_11i_authentication_finished_successfull, |
|
6579 0ul, |
|
6580 false); |
|
6581 if (notification == 0) |
|
6582 { |
|
6583 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
6584 return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); |
|
6585 } |
|
6586 m_key_state_partner->state_notification(notification); |
|
6587 |
|
6588 delete notification; |
|
6589 } |
|
6590 |
|
6591 cancel_handshake_timeout(); |
6452 |
6592 |
6453 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6593 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6454 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6594 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6455 } |
6595 } |
6456 else |
6596 else |
6458 // No 4-Way Handshake needed. |
6598 // No 4-Way Handshake needed. |
6459 EAP_TRACE_DEBUG( |
6599 EAP_TRACE_DEBUG( |
6460 m_am_tools, |
6600 m_am_tools, |
6461 TRACE_FLAGS_DEFAULT, |
6601 TRACE_FLAGS_DEFAULT, |
6462 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6602 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::allow_4_way_handshake(): ") |
6463 EAPL("No 4-Way Handshake, m_authentication_type=%d\n"), |
6603 EAPL("No 4-Way Handshake, m_authentication_type=%d=%s\n"), |
6464 (m_is_client == true ? "client": "server"), |
6604 (m_is_client == true ? "client": "server"), |
6465 m_authentication_type)); |
6605 m_authentication_type, |
|
6606 eapol_key_state_string_c::get_eapol_key_authentication_type_string(m_authentication_type))); |
6466 |
6607 |
6467 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6608 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6468 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6609 return EAP_STATUS_RETURN(m_am_tools, eap_status_ok); |
6469 } |
6610 } |
6470 |
6611 |
6517 m_am_tools, |
6658 m_am_tools, |
6518 TRACE_FLAGS_DEFAULT, |
6659 TRACE_FLAGS_DEFAULT, |
6519 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::start_group_key_handshake()\n"), |
6660 (EAPL("EAPOL_KEY: %s: eapol_key_state_c::start_group_key_handshake()\n"), |
6520 (m_is_client == true ? "client": "server"))); |
6661 (m_is_client == true ? "client": "server"))); |
6521 |
6662 |
6522 if (m_eapol_key_handshake_type != eapol_key_handshake_type_none |
6663 if (m_eapol_key_handshake_type != eapol_key_handshake_type_authenticated |
6523 && m_eapol_key_handshake_type != eapol_key_handshake_type_group_key_handshake |
6664 && m_eapol_key_handshake_type != eapol_key_handshake_type_group_key_handshake |
6524 && m_eapol_key_handshake_type != eapol_key_handshake_type_4_way_handshake) |
6665 && m_eapol_key_handshake_type != eapol_key_handshake_type_4_way_handshake) |
6525 { |
6666 { |
6526 eapol_key_state_string_c state_string; |
|
6527 EAP_TRACE_ERROR( |
6667 EAP_TRACE_ERROR( |
6528 m_am_tools, |
6668 m_am_tools, |
6529 TRACE_FLAGS_DEFAULT, |
6669 TRACE_FLAGS_DEFAULT, |
6530 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong handshake type %s\n"), |
6670 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong handshake type %s\n"), |
6531 (m_is_client == true ? "client": "server"), |
6671 (m_is_client == true ? "client": "server"), |
6532 state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
6672 eapol_key_state_string_c::get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
6533 |
6673 |
6534 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6674 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6535 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6675 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6536 } |
6676 } |
6537 |
6677 |
6538 if (get_eapol_key_state() != eapol_key_state_4_way_handshake_successfull |
6678 if (get_eapol_key_state() != eapol_key_state_4_way_handshake_successfull |
6539 && get_eapol_key_state() != eapol_key_state_group_key_handshake_successfull) |
6679 && get_eapol_key_state() != eapol_key_state_group_key_handshake_successfull) |
6540 { |
6680 { |
6541 eapol_key_state_string_c state_string; |
|
6542 EAP_TRACE_ERROR( |
6681 EAP_TRACE_ERROR( |
6543 m_am_tools, |
6682 m_am_tools, |
6544 TRACE_FLAGS_DEFAULT, |
6683 TRACE_FLAGS_DEFAULT, |
6545 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong state %s\n"), |
6684 (EAPL("WARNING: EAPOL_KEY: %s: start_group_key_handshake(): wrong state %s\n"), |
6546 (m_is_client == true ? "client": "server"), |
6685 (m_is_client == true ? "client": "server"), |
6547 state_string.get_eapol_key_state_string(get_eapol_key_state()))); |
6686 eapol_key_state_string_c::get_eapol_key_state_string(get_eapol_key_state()))); |
6548 |
6687 |
6549 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6688 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
6550 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6689 return EAP_STATUS_RETURN(m_am_tools, eap_status_wrong_eap_type_state); |
6551 } |
6690 } |
6552 |
6691 |
7010 packet_length); |
7149 packet_length); |
7011 } |
7150 } |
7012 else |
7151 else |
7013 { |
7152 { |
7014 // Unknown message received and dropped quietly. |
7153 // Unknown message received and dropped quietly. |
7015 eapol_key_state_string_c state_string; |
|
7016 EAP_TRACE_ERROR( |
7154 EAP_TRACE_ERROR( |
7017 m_am_tools, |
7155 m_am_tools, |
7018 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
7156 TRACE_FLAGS_EAPOL_KEY_DATA_ERROR, |
7019 (EAPL("WARNING: EAPOL_KEY: Handshake in NOT supported in m_eapol_key_handshake_type %s.\n"), |
7157 (EAPL("WARNING: EAPOL_KEY: Handshake in NOT supported in m_eapol_key_handshake_type %s.\n"), |
7020 state_string.get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
7158 eapol_key_state_string_c::get_eapol_key_handshake_type_string(m_eapol_key_handshake_type))); |
7021 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7159 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7022 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_illegal_packet_error); |
7160 return EAP_STATUS_RETURN(m_am_tools, eap_status_process_illegal_packet_error); |
7023 } |
7161 } |
7024 |
7162 |
7025 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
7163 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |