42 	u8 *pos;
54 	pos = (u8 *) (hdr + 1);
62 	RSN_SELECTOR_PUT(pos, suite);
63 	pos += WPA_SELECTOR_LEN;
65 	*pos++ = 1;
66 	*pos++ = 0;
75 	RSN_SELECTOR_PUT(pos, suite);
76 	pos += WPA_SELECTOR_LEN;
78 	*pos++ = 1;
79 	*pos++ = 0;
81 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
83 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
85 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_NONE);
87 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_CCKM);
93 	pos += WPA_SELECTOR_LEN;
97 	hdr->len = (pos - wpa_ie) - 2;
99 	WPA_ASSERT((size_t) (pos - wpa_ie) <= wpa_ie_len);
101 	return pos - wpa_ie;
110 	u8 *pos;
126 	pos = (u8 *) (hdr + 1);
134 	RSN_SELECTOR_PUT(pos, suite);
135 	pos += RSN_SELECTOR_LEN;
137 	*pos++ = 1;
138 	*pos++ = 0;
147 	RSN_SELECTOR_PUT(pos, suite);
148 	pos += RSN_SELECTOR_LEN;
150 	*pos++ = 1;
151 	*pos++ = 0;
153 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
155 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
157 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_CCKM);
160 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
162 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
166 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
168 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
172 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
174 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
181 	pos += RSN_SELECTOR_LEN;
191 	WPA_PUT_LE16(pos, capab);
192 	pos += 2;
196 		*pos++ = 1;
197 		*pos++ = 0;
199 		os_memcpy(pos, sm->cur_pmksa->pmkid, PMKID_LEN);
200 		pos += PMKID_LEN;
207 			WPA_PUT_LE16(pos, 0);
208 			pos += 2;
212 		RSN_SELECTOR_PUT(pos, wpa_cipher_to_suite(WPA_PROTO_RSN,
214 		pos += RSN_SELECTOR_LEN;
218 	hdr->len = (pos - rsn_ie) - 2;
220 	WPA_ASSERT((size_t) (pos - rsn_ie) <= rsn_ie_len);
222 	return pos - rsn_ie;
231 	u8 *pos, *len;
238 	pos = wpa_ie;
239 	*pos++ = WLAN_EID_VENDOR_SPECIFIC;
240 	len = pos++; /* to be filled */
241 	WPA_PUT_BE24(pos, OUI_WFA);
242 	pos += 3;
243 	*pos++ = HS20_OSEN_OUI_TYPE;
252 	RSN_SELECTOR_PUT(pos, suite);
253 	pos += RSN_SELECTOR_LEN;
256 	WPA_PUT_LE16(pos, 1);
257 	pos += 2;
266 	RSN_SELECTOR_PUT(pos, suite);
267 	pos += RSN_SELECTOR_LEN;
270 	WPA_PUT_LE16(pos, 1);
271 	pos += 2;
272 	RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
273 	pos += RSN_SELECTOR_LEN;
275 	*len = pos - len - 1;
277 	WPA_ASSERT((size_t) (pos - wpa_ie) <= wpa_ie_len);
279 	return pos - wpa_ie;
316  * @pos: Pointer to the IE header
321 static int wpa_parse_vendor_specific(const u8 *pos, const u8 *end,
326 	if (pos[1] < 4) {
328 			   pos[1]);
332 	oui = WPA_GET_BE24(&pos[2]);
333 	if (oui == OUI_MICROSOFT && pos[5] == WMM_OUI_TYPE && pos[1] > 4) {
334 		if (pos[6] == WMM_OUI_SUBTYPE_INFORMATION_ELEMENT) {
335 			ie->wmm = &pos[2];
336 			ie->wmm_len = pos[1];
339 		} else if (pos[6] == WMM_OUI_SUBTYPE_PARAMETER_ELEMENT) {
340 			ie->wmm = &pos[2];
341 			ie->wmm_len = pos[1];
352  * @pos: Pointer to the IE header
357 static int wpa_parse_generic(const u8 *pos, const u8 *end,
360 	if (pos[1] == 0)
363 	if (pos[1] >= 6 &&
364 	    RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
365 	    pos[2 + WPA_SELECTOR_LEN] == 1 &&
366 	    pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
367 		ie->wpa_ie = pos;
368 		ie->wpa_ie_len = pos[1] + 2;
374 	if (pos + 1 + RSN_SELECTOR_LEN < end &&
375 	    pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
376 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
377 		ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
379 			    pos, pos[1] + 2);
383 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
384 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
385 		ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
386 		ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
388 				pos, pos[1] + 2);
392 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
393 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
394 		ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
395 		ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
397 			    pos, pos[1] + 2);
402 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
403 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
404 		ie->smk = pos + 2 + RSN_SELECTOR_LEN;
405 		ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
407 				pos, pos[1] + 2);
411 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
412 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
413 		ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
414 		ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
416 			    pos, pos[1] + 2);
420 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
421 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
422 		ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
423 		ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
425 			    pos, pos[1] + 2);
429 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
430 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
431 		ie->error = pos + 2 + RSN_SELECTOR_LEN;
432 		ie->error_len = pos[1] - RSN_SELECTOR_LEN;
434 			    pos, pos[1] + 2);
440 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
441 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
442 		ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
443 		ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
445 				pos, pos[1] + 2);
451 	if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
452 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
453 		ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
455 			    ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
459 	if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
460 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
461 		ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
464 			    ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
483 	const u8 *pos, *end;
487 	for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
488 		if (pos[0] == 0xdd &&
489 		    ((pos == buf + len - 1) || pos[1] == 0)) {
493 		if (pos + 2 + pos[1] > end) {
495 				   "underflow (ie=%d len=%d pos=%d)",
496 				   pos[0], pos[1], (int) (pos - buf));
502 		if (*pos == WLAN_EID_RSN) {
503 			ie->rsn_ie = pos;
504 			ie->rsn_ie_len = pos[1] + 2;
507 		} else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
508 			ie->mdie = pos;
509 			ie->mdie_len = pos[1] + 2;
512 		} else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
513 			ie->ftie = pos;
514 			ie->ftie_len = pos[1] + 2;
517 		} else if (*pos == WLAN_EID_TIMEOUT_INTERVAL && pos[1] >= 5) {
518 			if (pos[2] == WLAN_TIMEOUT_REASSOC_DEADLINE) {
519 				ie->reassoc_deadline = pos;
522 					    ie->reassoc_deadline, pos[1] + 2);
523 			} else if (pos[2] == WLAN_TIMEOUT_KEY_LIFETIME) {
524 				ie->key_lifetime = pos;
527 					    ie->key_lifetime, pos[1] + 2);
531 					    pos, 2 + pos[1]);
533 		} else if (*pos == WLAN_EID_LINK_ID) {
534 			if (pos[1] >= 18) {
535 				ie->lnkid = pos;
536 				ie->lnkid_len = pos[1] + 2;
538 		} else if (*pos == WLAN_EID_EXT_CAPAB) {
539 			ie->ext_capab = pos;
540 			ie->ext_capab_len = pos[1] + 2;
541 		} else if (*pos == WLAN_EID_SUPP_RATES) {
542 			ie->supp_rates = pos;
543 			ie->supp_rates_len = pos[1] + 2;
544 		} else if (*pos == WLAN_EID_EXT_SUPP_RATES) {
545 			ie->ext_supp_rates = pos;
546 			ie->ext_supp_rates_len = pos[1] + 2;
547 		} else if (*pos == WLAN_EID_HT_CAP) {
548 			ie->ht_capabilities = pos + 2;
549 			ie->ht_capabilities_len = pos[1];
550 		} else if (*pos == WLAN_EID_VHT_AID) {
551 			if (pos[1] >= 2)
552 				ie->aid = WPA_GET_LE16(pos + 2) & 0x3fff;
553 		} else if (*pos == WLAN_EID_VHT_CAP) {
554 			ie->vht_capabilities = pos + 2;
555 			ie->vht_capabilities_len = pos[1];
556 		} else if (*pos == WLAN_EID_QOS && pos[1] >= 1) {
557 			ie->qosinfo = pos[2];
558 		} else if (*pos == WLAN_EID_SUPPORTED_CHANNELS) {
559 			ie->supp_channels = pos + 2;
560 			ie->supp_channels_len = pos[1];
561 		} else if (*pos == WLAN_EID_SUPPORTED_OPERATING_CLASSES) {
568 			if (pos[1] >= 2 && pos[1] <= 253) {
569 				ie->supp_oper_classes = pos + 2;
570 				ie->supp_oper_classes_len = pos[1];
572 		} else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
573 			ret = wpa_parse_generic(pos, end, ie);
581 			ret = wpa_parse_vendor_specific(pos, end, ie);
590 				    "Key Data IE", pos, 2 + pos[1]);

Indexes created Fri Mar 13 02:32:08 CET 2015