31 	u8 *pos, *count;
38 	pos = (u8 *) (hdr + 1);
46 	RSN_SELECTOR_PUT(pos, suite);
47 	pos += WPA_SELECTOR_LEN;
49 	count = pos;
50 	pos += 2;
52 	num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
58 	pos += num_suites * WPA_SELECTOR_LEN;
62 	count = pos;
63 	pos += 2;
66 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 		pos += WPA_SELECTOR_LEN;
71 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 		pos += WPA_SELECTOR_LEN;
85 	hdr->len = (pos - buf) - 2;
87 	return pos - buf;
96 	u8 *pos, *count;
103 	pos = (u8 *) (hdr + 1);
111 	RSN_SELECTOR_PUT(pos, suite);
112 	pos += RSN_SELECTOR_LEN;
115 	count = pos;
116 	pos += 2;
120 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 		pos += RSN_SELECTOR_LEN;
126 	res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
128 	pos += res * RSN_SELECTOR_LEN;
132 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 		pos += RSN_SELECTOR_LEN;
146 	count = pos;
147 	pos += 2;
151 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 		pos += RSN_SELECTOR_LEN;
158 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 		pos += RSN_SELECTOR_LEN;
163 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 		pos += RSN_SELECTOR_LEN;
169 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 		pos += RSN_SELECTOR_LEN;
174 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
175 		pos += RSN_SELECTOR_LEN;
181 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
182 		pos += RSN_SELECTOR_LEN;
186 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
187 		pos += RSN_SELECTOR_LEN;
193 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
194 		pos += RSN_SELECTOR_LEN;
198 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
199 		pos += RSN_SELECTOR_LEN;
206 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
207 		pos += RSN_SELECTOR_LEN;
240 	WPA_PUT_LE16(pos, capab);
241 	pos += 2;
244 		if (pos + 2 + PMKID_LEN > buf + len)
247 		WPA_PUT_LE16(pos, 1);
248 		pos += 2;
249 		os_memcpy(pos, pmkid, PMKID_LEN);
250 		pos += PMKID_LEN;
255 		if (pos + 2 + 4 > buf + len)
259 			WPA_PUT_LE16(pos, 0);
260 			pos += 2;
266 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
269 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
272 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
275 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
283 		pos += RSN_SELECTOR_LEN;
297 		WPA_PUT_LE16(pos, 0);
298 		pos += 2;
301 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
302 			pos += RSN_SELECTOR_LEN;
305 		os_memset(pos, 0x12, 17);
306 		pos += 17;
310 	hdr->len = (pos - buf) - 2;
312 	return pos - buf;
367 	u8 *pos, buf[128];
370 	pos = buf;
373 		pos = wpa_write_osen(&wpa_auth->conf, pos);
377 				       pos, buf + sizeof(buf) - pos, NULL);
380 		pos += res;
384 		res = wpa_write_mdie(&wpa_auth->conf, pos,
385 				     buf + sizeof(buf) - pos);
388 		pos += res;
393 				       pos, buf + sizeof(buf) - pos);
396 		pos += res;
400 	wpa_auth->wpa_ie = os_malloc(pos - buf);
403 	os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
404 	wpa_auth->wpa_ie_len = pos - buf;
410 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
413 	*pos++ = WLAN_EID_VENDOR_SPECIFIC;
414 	*pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
415 	RSN_SELECTOR_PUT(pos, kde);
416 	pos += RSN_SELECTOR_LEN;
417 	os_memcpy(pos, data, data_len);
418 	pos += data_len;
420 		os_memcpy(pos, data2, data2_len);
421 		pos += data2_len;
423 	return pos;
732  * @pos: Pointer to the IE header
737 static int wpa_parse_generic(const u8 *pos, const u8 *end,
740 	if (pos[1] == 0)
743 	if (pos[1] >= 6 &&
744 	    RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
745 	    pos[2 + WPA_SELECTOR_LEN] == 1 &&
746 	    pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
747 		ie->wpa_ie = pos;
748 		ie->wpa_ie_len = pos[1] + 2;
752 	if (pos[1] >= 4 && WPA_GET_BE32(pos + 2) == OSEN_IE_VENDOR_TYPE) {
753 		ie->osen = pos;
754 		ie->osen_len = pos[1] + 2;
758 	if (pos + 1 + RSN_SELECTOR_LEN < end &&
759 	    pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
760 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
761 		ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
765 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
766 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
767 		ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
768 		ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
772 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
773 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
774 		ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
775 		ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
780 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
781 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
782 		ie->smk = pos + 2 + RSN_SELECTOR_LEN;
783 		ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
787 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
788 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
789 		ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
790 		ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
794 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
795 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
796 		ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
797 		ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
801 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
802 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
803 		ie->error = pos + 2 + RSN_SELECTOR_LEN;
804 		ie->error_len = pos[1] - RSN_SELECTOR_LEN;
810 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
811 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
812 		ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
813 		ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
819 	if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
820 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
821 		ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
823 			    ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
827 	if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
828 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
829 		ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
832 			    ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
850 	const u8 *pos, *end;
854 	for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
855 		if (pos[0] == 0xdd &&
856 		    ((pos == buf + len - 1) || pos[1] == 0)) {
860 		if (pos + 2 + pos[1] > end) {
862 				   "underflow (ie=%d len=%d pos=%d)",
863 				   pos[0], pos[1], (int) (pos - buf));
869 		if (*pos == WLAN_EID_RSN) {
870 			ie->rsn_ie = pos;
871 			ie->rsn_ie_len = pos[1] + 2;
873 		} else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
874 			ie->mdie = pos;
875 			ie->mdie_len = pos[1] + 2;
876 		} else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
877 			ie->ftie = pos;
878 			ie->ftie_len = pos[1] + 2;
880 		} else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
881 			ret = wpa_parse_generic(pos, end, ie);
890 				    "Key Data IE", pos, 2 + pos[1]);

Indexes created Thu Nov 06 06:13:30 CET 2014