wpa_auth_ie.c revision 61d9df3e62aaa0e87ad05452fcb95142159a17b6
1/* 2 * hostapd - WPA/RSN IE and KDE definitions 3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "common/ieee802_11_defs.h" 13#include "eapol_auth/eapol_auth_sm.h" 14#include "ap_config.h" 15#include "ieee802_11.h" 16#include "wpa_auth.h" 17#include "pmksa_cache_auth.h" 18#include "wpa_auth_ie.h" 19#include "wpa_auth_i.h" 20 21 22#ifdef CONFIG_RSN_TESTING 23int rsn_testing = 0; 24#endif /* CONFIG_RSN_TESTING */ 25 26 27static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) 28{ 29 struct wpa_ie_hdr *hdr; 30 int num_suites; 31 u8 *pos, *count; 32 33 hdr = (struct wpa_ie_hdr *) buf; 34 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC; 35 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE); 36 WPA_PUT_LE16(hdr->version, WPA_VERSION); 37 pos = (u8 *) (hdr + 1); 38 39 if (conf->wpa_group == WPA_CIPHER_CCMP) { 40 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); 41 } else if (conf->wpa_group == WPA_CIPHER_TKIP) { 42 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); 43 } else if (conf->wpa_group == WPA_CIPHER_WEP104) { 44 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104); 45 } else if (conf->wpa_group == WPA_CIPHER_WEP40) { 46 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40); 47 } else { 48 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 49 conf->wpa_group); 50 return -1; 51 } 52 pos += WPA_SELECTOR_LEN; 53 54 num_suites = 0; 55 count = pos; 56 pos += 2; 57 58 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) { 59 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); 60 pos += WPA_SELECTOR_LEN; 61 num_suites++; 62 } 63 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) { 64 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); 65 pos += WPA_SELECTOR_LEN; 66 num_suites++; 67 } 68 if (conf->wpa_pairwise & WPA_CIPHER_NONE) { 69 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE); 70 pos += WPA_SELECTOR_LEN; 71 num_suites++; 72 } 73 74 if (num_suites == 0) { 75 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 76 conf->wpa_pairwise); 77 return -1; 78 } 79 WPA_PUT_LE16(count, num_suites); 80 81 num_suites = 0; 82 count = pos; 83 pos += 2; 84 85 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 86 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 87 pos += WPA_SELECTOR_LEN; 88 num_suites++; 89 } 90 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 91 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 92 pos += WPA_SELECTOR_LEN; 93 num_suites++; 94 } 95 96 if (num_suites == 0) { 97 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 98 conf->wpa_key_mgmt); 99 return -1; 100 } 101 WPA_PUT_LE16(count, num_suites); 102 103 /* WPA Capabilities; use defaults, so no need to include it */ 104 105 hdr->len = (pos - buf) - 2; 106 107 return pos - buf; 108} 109 110 111int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, 112 const u8 *pmkid) 113{ 114 struct rsn_ie_hdr *hdr; 115 int num_suites; 116 u8 *pos, *count; 117 u16 capab; 118 119 hdr = (struct rsn_ie_hdr *) buf; 120 hdr->elem_id = WLAN_EID_RSN; 121 WPA_PUT_LE16(hdr->version, RSN_VERSION); 122 pos = (u8 *) (hdr + 1); 123 124 if (conf->wpa_group == WPA_CIPHER_CCMP) { 125 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 126 } else if (conf->wpa_group == WPA_CIPHER_GCMP) { 127 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP); 128 } else if (conf->wpa_group == WPA_CIPHER_TKIP) { 129 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); 130 } else if (conf->wpa_group == WPA_CIPHER_WEP104) { 131 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104); 132 } else if (conf->wpa_group == WPA_CIPHER_WEP40) { 133 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40); 134 } else { 135 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 136 conf->wpa_group); 137 return -1; 138 } 139 pos += RSN_SELECTOR_LEN; 140 141 num_suites = 0; 142 count = pos; 143 pos += 2; 144 145#ifdef CONFIG_RSN_TESTING 146 if (rsn_testing) { 147 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 148 pos += RSN_SELECTOR_LEN; 149 num_suites++; 150 } 151#endif /* CONFIG_RSN_TESTING */ 152 153 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) { 154 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 155 pos += RSN_SELECTOR_LEN; 156 num_suites++; 157 } 158 if (conf->rsn_pairwise & WPA_CIPHER_GCMP) { 159 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP); 160 pos += RSN_SELECTOR_LEN; 161 num_suites++; 162 } 163 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { 164 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); 165 pos += RSN_SELECTOR_LEN; 166 num_suites++; 167 } 168 if (conf->rsn_pairwise & WPA_CIPHER_NONE) { 169 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE); 170 pos += RSN_SELECTOR_LEN; 171 num_suites++; 172 } 173 174#ifdef CONFIG_RSN_TESTING 175 if (rsn_testing) { 176 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 177 pos += RSN_SELECTOR_LEN; 178 num_suites++; 179 } 180#endif /* CONFIG_RSN_TESTING */ 181 182 if (num_suites == 0) { 183 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 184 conf->rsn_pairwise); 185 return -1; 186 } 187 WPA_PUT_LE16(count, num_suites); 188 189 num_suites = 0; 190 count = pos; 191 pos += 2; 192 193#ifdef CONFIG_RSN_TESTING 194 if (rsn_testing) { 195 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 196 pos += RSN_SELECTOR_LEN; 197 num_suites++; 198 } 199#endif /* CONFIG_RSN_TESTING */ 200 201 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 202 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X); 203 pos += RSN_SELECTOR_LEN; 204 num_suites++; 205 } 206 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 207 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X); 208 pos += RSN_SELECTOR_LEN; 209 num_suites++; 210 } 211#ifdef CONFIG_IEEE80211R 212 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { 213 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X); 214 pos += RSN_SELECTOR_LEN; 215 num_suites++; 216 } 217 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { 218 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK); 219 pos += RSN_SELECTOR_LEN; 220 num_suites++; 221 } 222#endif /* CONFIG_IEEE80211R */ 223#ifdef CONFIG_IEEE80211W 224 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { 225 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256); 226 pos += RSN_SELECTOR_LEN; 227 num_suites++; 228 } 229 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { 230 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256); 231 pos += RSN_SELECTOR_LEN; 232 num_suites++; 233 } 234#endif /* CONFIG_IEEE80211W */ 235 236#ifdef CONFIG_RSN_TESTING 237 if (rsn_testing) { 238 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 239 pos += RSN_SELECTOR_LEN; 240 num_suites++; 241 } 242#endif /* CONFIG_RSN_TESTING */ 243 244 if (num_suites == 0) { 245 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 246 conf->wpa_key_mgmt); 247 return -1; 248 } 249 WPA_PUT_LE16(count, num_suites); 250 251 /* RSN Capabilities */ 252 capab = 0; 253 if (conf->rsn_preauth) 254 capab |= WPA_CAPABILITY_PREAUTH; 255 if (conf->peerkey) 256 capab |= WPA_CAPABILITY_PEERKEY_ENABLED; 257 if (conf->wmm_enabled) { 258 /* 4 PTKSA replay counters when using WMM */ 259 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); 260 } 261#ifdef CONFIG_IEEE80211W 262 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 263 capab |= WPA_CAPABILITY_MFPC; 264 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 265 capab |= WPA_CAPABILITY_MFPR; 266 } 267#endif /* CONFIG_IEEE80211W */ 268#ifdef CONFIG_RSN_TESTING 269 if (rsn_testing) 270 capab |= BIT(8) | BIT(14) | BIT(15); 271#endif /* CONFIG_RSN_TESTING */ 272 WPA_PUT_LE16(pos, capab); 273 pos += 2; 274 275 if (pmkid) { 276 if (pos + 2 + PMKID_LEN > buf + len) 277 return -1; 278 /* PMKID Count */ 279 WPA_PUT_LE16(pos, 1); 280 pos += 2; 281 os_memcpy(pos, pmkid, PMKID_LEN); 282 pos += PMKID_LEN; 283 } 284 285#ifdef CONFIG_IEEE80211W 286 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 287 if (pos + 2 + 4 > buf + len) 288 return -1; 289 if (pmkid == NULL) { 290 /* PMKID Count */ 291 WPA_PUT_LE16(pos, 0); 292 pos += 2; 293 } 294 295 /* Management Group Cipher Suite */ 296 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 297 pos += RSN_SELECTOR_LEN; 298 } 299#endif /* CONFIG_IEEE80211W */ 300 301#ifdef CONFIG_RSN_TESTING 302 if (rsn_testing) { 303 /* 304 * Fill in any defined fields and add extra data to the end of 305 * the element. 306 */ 307 int pmkid_count_set = pmkid != NULL; 308 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) 309 pmkid_count_set = 1; 310 /* PMKID Count */ 311 WPA_PUT_LE16(pos, 0); 312 pos += 2; 313 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) { 314 /* Management Group Cipher Suite */ 315 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 316 pos += RSN_SELECTOR_LEN; 317 } 318 319 os_memset(pos, 0x12, 17); 320 pos += 17; 321 } 322#endif /* CONFIG_RSN_TESTING */ 323 324 hdr->len = (pos - buf) - 2; 325 326 return pos - buf; 327} 328 329 330int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth) 331{ 332 u8 *pos, buf[128]; 333 int res; 334 335 pos = buf; 336 337 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) { 338 res = wpa_write_rsn_ie(&wpa_auth->conf, 339 pos, buf + sizeof(buf) - pos, NULL); 340 if (res < 0) 341 return res; 342 pos += res; 343 } 344#ifdef CONFIG_IEEE80211R 345 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) { 346 res = wpa_write_mdie(&wpa_auth->conf, pos, 347 buf + sizeof(buf) - pos); 348 if (res < 0) 349 return res; 350 pos += res; 351 } 352#endif /* CONFIG_IEEE80211R */ 353 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) { 354 res = wpa_write_wpa_ie(&wpa_auth->conf, 355 pos, buf + sizeof(buf) - pos); 356 if (res < 0) 357 return res; 358 pos += res; 359 } 360 361 os_free(wpa_auth->wpa_ie); 362 wpa_auth->wpa_ie = os_malloc(pos - buf); 363 if (wpa_auth->wpa_ie == NULL) 364 return -1; 365 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf); 366 wpa_auth->wpa_ie_len = pos - buf; 367 368 return 0; 369} 370 371 372u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, 373 const u8 *data2, size_t data2_len) 374{ 375 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 376 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; 377 RSN_SELECTOR_PUT(pos, kde); 378 pos += RSN_SELECTOR_LEN; 379 os_memcpy(pos, data, data_len); 380 pos += data_len; 381 if (data2) { 382 os_memcpy(pos, data2, data2_len); 383 pos += data2_len; 384 } 385 return pos; 386} 387 388 389struct wpa_auth_okc_iter_data { 390 struct rsn_pmksa_cache_entry *pmksa; 391 const u8 *aa; 392 const u8 *spa; 393 const u8 *pmkid; 394}; 395 396 397static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx) 398{ 399 struct wpa_auth_okc_iter_data *data = ctx; 400 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa, 401 data->pmkid); 402 if (data->pmksa) 403 return 1; 404 return 0; 405} 406 407 408int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 409 struct wpa_state_machine *sm, 410 const u8 *wpa_ie, size_t wpa_ie_len, 411 const u8 *mdie, size_t mdie_len) 412{ 413 struct wpa_ie_data data; 414 int ciphers, key_mgmt, res, version; 415 u32 selector; 416 size_t i; 417 const u8 *pmkid = NULL; 418 419 if (wpa_auth == NULL || sm == NULL) 420 return WPA_NOT_ENABLED; 421 422 if (wpa_ie == NULL || wpa_ie_len < 1) 423 return WPA_INVALID_IE; 424 425 if (wpa_ie[0] == WLAN_EID_RSN) 426 version = WPA_PROTO_RSN; 427 else 428 version = WPA_PROTO_WPA; 429 430 if (!(wpa_auth->conf.wpa & version)) { 431 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR, 432 version, MAC2STR(sm->addr)); 433 return WPA_INVALID_PROTO; 434 } 435 436 if (version == WPA_PROTO_RSN) { 437 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); 438 439 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 440 if (0) { 441 } 442#ifdef CONFIG_IEEE80211R 443 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 444 selector = RSN_AUTH_KEY_MGMT_FT_802_1X; 445 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) 446 selector = RSN_AUTH_KEY_MGMT_FT_PSK; 447#endif /* CONFIG_IEEE80211R */ 448#ifdef CONFIG_IEEE80211W 449 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 450 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256; 451 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 452 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256; 453#endif /* CONFIG_IEEE80211W */ 454 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 455 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 456 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 457 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 458 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 459 460 selector = RSN_CIPHER_SUITE_CCMP; 461 if (data.pairwise_cipher & WPA_CIPHER_CCMP) 462 selector = RSN_CIPHER_SUITE_CCMP; 463 else if (data.pairwise_cipher & WPA_CIPHER_GCMP) 464 selector = RSN_CIPHER_SUITE_GCMP; 465 else if (data.pairwise_cipher & WPA_CIPHER_TKIP) 466 selector = RSN_CIPHER_SUITE_TKIP; 467 else if (data.pairwise_cipher & WPA_CIPHER_WEP104) 468 selector = RSN_CIPHER_SUITE_WEP104; 469 else if (data.pairwise_cipher & WPA_CIPHER_WEP40) 470 selector = RSN_CIPHER_SUITE_WEP40; 471 else if (data.pairwise_cipher & WPA_CIPHER_NONE) 472 selector = RSN_CIPHER_SUITE_NONE; 473 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 474 475 selector = RSN_CIPHER_SUITE_CCMP; 476 if (data.group_cipher & WPA_CIPHER_CCMP) 477 selector = RSN_CIPHER_SUITE_CCMP; 478 else if (data.group_cipher & WPA_CIPHER_GCMP) 479 selector = RSN_CIPHER_SUITE_GCMP; 480 else if (data.group_cipher & WPA_CIPHER_TKIP) 481 selector = RSN_CIPHER_SUITE_TKIP; 482 else if (data.group_cipher & WPA_CIPHER_WEP104) 483 selector = RSN_CIPHER_SUITE_WEP104; 484 else if (data.group_cipher & WPA_CIPHER_WEP40) 485 selector = RSN_CIPHER_SUITE_WEP40; 486 else if (data.group_cipher & WPA_CIPHER_NONE) 487 selector = RSN_CIPHER_SUITE_NONE; 488 wpa_auth->dot11RSNAGroupCipherSelected = selector; 489 } else { 490 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data); 491 492 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 493 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 494 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 495 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 496 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 497 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 498 499 selector = WPA_CIPHER_SUITE_TKIP; 500 if (data.pairwise_cipher & WPA_CIPHER_CCMP) 501 selector = WPA_CIPHER_SUITE_CCMP; 502 else if (data.pairwise_cipher & WPA_CIPHER_TKIP) 503 selector = WPA_CIPHER_SUITE_TKIP; 504 else if (data.pairwise_cipher & WPA_CIPHER_WEP104) 505 selector = WPA_CIPHER_SUITE_WEP104; 506 else if (data.pairwise_cipher & WPA_CIPHER_WEP40) 507 selector = WPA_CIPHER_SUITE_WEP40; 508 else if (data.pairwise_cipher & WPA_CIPHER_NONE) 509 selector = WPA_CIPHER_SUITE_NONE; 510 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 511 512 selector = WPA_CIPHER_SUITE_TKIP; 513 if (data.group_cipher & WPA_CIPHER_CCMP) 514 selector = WPA_CIPHER_SUITE_CCMP; 515 else if (data.group_cipher & WPA_CIPHER_TKIP) 516 selector = WPA_CIPHER_SUITE_TKIP; 517 else if (data.group_cipher & WPA_CIPHER_WEP104) 518 selector = WPA_CIPHER_SUITE_WEP104; 519 else if (data.group_cipher & WPA_CIPHER_WEP40) 520 selector = WPA_CIPHER_SUITE_WEP40; 521 else if (data.group_cipher & WPA_CIPHER_NONE) 522 selector = WPA_CIPHER_SUITE_NONE; 523 wpa_auth->dot11RSNAGroupCipherSelected = selector; 524 } 525 if (res) { 526 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from " 527 MACSTR " (res=%d)", MAC2STR(sm->addr), res); 528 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len); 529 return WPA_INVALID_IE; 530 } 531 532 if (data.group_cipher != wpa_auth->conf.wpa_group) { 533 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from " 534 MACSTR, data.group_cipher, MAC2STR(sm->addr)); 535 return WPA_INVALID_GROUP; 536 } 537 538 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt; 539 if (!key_mgmt) { 540 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " 541 MACSTR, data.key_mgmt, MAC2STR(sm->addr)); 542 return WPA_INVALID_AKMP; 543 } 544 if (0) { 545 } 546#ifdef CONFIG_IEEE80211R 547 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 548 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 549 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 550 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 551#endif /* CONFIG_IEEE80211R */ 552#ifdef CONFIG_IEEE80211W 553 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 554 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; 555 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 556 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256; 557#endif /* CONFIG_IEEE80211W */ 558 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) 559 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; 560 else 561 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK; 562 563 if (version == WPA_PROTO_RSN) 564 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise; 565 else 566 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise; 567 if (!ciphers) { 568 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) " 569 "from " MACSTR, 570 version == WPA_PROTO_RSN ? "RSN" : "WPA", 571 data.pairwise_cipher, MAC2STR(sm->addr)); 572 return WPA_INVALID_PAIRWISE; 573 } 574 575#ifdef CONFIG_IEEE80211W 576 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) { 577 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) { 578 wpa_printf(MSG_DEBUG, "Management frame protection " 579 "required, but client did not enable it"); 580 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 581 } 582 583 if (ciphers & WPA_CIPHER_TKIP) { 584 wpa_printf(MSG_DEBUG, "Management frame protection " 585 "cannot use TKIP"); 586 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 587 } 588 589 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { 590 wpa_printf(MSG_DEBUG, "Unsupported management group " 591 "cipher %d", data.mgmt_group_cipher); 592 return WPA_INVALID_MGMT_GROUP_CIPHER; 593 } 594 } 595 596 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION || 597 !(data.capabilities & WPA_CAPABILITY_MFPC)) 598 sm->mgmt_frame_prot = 0; 599 else 600 sm->mgmt_frame_prot = 1; 601#endif /* CONFIG_IEEE80211W */ 602 603#ifdef CONFIG_IEEE80211R 604 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 605 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) { 606 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but " 607 "MDIE not included"); 608 return WPA_INVALID_MDIE; 609 } 610 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain, 611 MOBILITY_DOMAIN_ID_LEN) != 0) { 612 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown " 613 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); 614 return WPA_INVALID_MDIE; 615 } 616 } 617#endif /* CONFIG_IEEE80211R */ 618 619 if (ciphers & WPA_CIPHER_CCMP) 620 sm->pairwise = WPA_CIPHER_CCMP; 621 else if (ciphers & WPA_CIPHER_GCMP) 622 sm->pairwise = WPA_CIPHER_GCMP; 623 else 624 sm->pairwise = WPA_CIPHER_TKIP; 625 626 /* TODO: clear WPA/WPA2 state if STA changes from one to another */ 627 if (wpa_ie[0] == WLAN_EID_RSN) 628 sm->wpa = WPA_VERSION_WPA2; 629 else 630 sm->wpa = WPA_VERSION_WPA; 631 632 sm->pmksa = NULL; 633 for (i = 0; i < data.num_pmkid; i++) { 634 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID", 635 &data.pmkid[i * PMKID_LEN], PMKID_LEN); 636 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr, 637 &data.pmkid[i * PMKID_LEN]); 638 if (sm->pmksa) { 639 pmkid = sm->pmksa->pmkid; 640 break; 641 } 642 } 643 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc && 644 i < data.num_pmkid; i++) { 645 struct wpa_auth_okc_iter_data idata; 646 idata.pmksa = NULL; 647 idata.aa = wpa_auth->addr; 648 idata.spa = sm->addr; 649 idata.pmkid = &data.pmkid[i * PMKID_LEN]; 650 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata); 651 if (idata.pmksa) { 652 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 653 "OKC match for PMKID"); 654 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa, 655 idata.pmksa, 656 wpa_auth->addr, 657 idata.pmkid); 658 pmkid = idata.pmkid; 659 break; 660 } 661 } 662 if (sm->pmksa) { 663 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 664 "PMKID found from PMKSA cache " 665 "eap_type=%d vlan_id=%d", 666 sm->pmksa->eap_type_authsrv, 667 sm->pmksa->vlan_id); 668 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN); 669 } 670 671 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) { 672 os_free(sm->wpa_ie); 673 sm->wpa_ie = os_malloc(wpa_ie_len); 674 if (sm->wpa_ie == NULL) 675 return WPA_ALLOC_FAIL; 676 } 677 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len); 678 sm->wpa_ie_len = wpa_ie_len; 679 680 return WPA_IE_OK; 681} 682 683 684/** 685 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs 686 * @pos: Pointer to the IE header 687 * @end: Pointer to the end of the Key Data buffer 688 * @ie: Pointer to parsed IE data 689 * Returns: 0 on success, 1 if end mark is found, -1 on failure 690 */ 691static int wpa_parse_generic(const u8 *pos, const u8 *end, 692 struct wpa_eapol_ie_parse *ie) 693{ 694 if (pos[1] == 0) 695 return 1; 696 697 if (pos[1] >= 6 && 698 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE && 699 pos[2 + WPA_SELECTOR_LEN] == 1 && 700 pos[2 + WPA_SELECTOR_LEN + 1] == 0) { 701 ie->wpa_ie = pos; 702 ie->wpa_ie_len = pos[1] + 2; 703 return 0; 704 } 705 706 if (pos + 1 + RSN_SELECTOR_LEN < end && 707 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN && 708 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) { 709 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN; 710 return 0; 711 } 712 713 if (pos[1] > RSN_SELECTOR_LEN + 2 && 714 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) { 715 ie->gtk = pos + 2 + RSN_SELECTOR_LEN; 716 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN; 717 return 0; 718 } 719 720 if (pos[1] > RSN_SELECTOR_LEN + 2 && 721 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) { 722 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN; 723 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN; 724 return 0; 725 } 726 727#ifdef CONFIG_PEERKEY 728 if (pos[1] > RSN_SELECTOR_LEN + 2 && 729 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) { 730 ie->smk = pos + 2 + RSN_SELECTOR_LEN; 731 ie->smk_len = pos[1] - RSN_SELECTOR_LEN; 732 return 0; 733 } 734 735 if (pos[1] > RSN_SELECTOR_LEN + 2 && 736 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) { 737 ie->nonce = pos + 2 + RSN_SELECTOR_LEN; 738 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN; 739 return 0; 740 } 741 742 if (pos[1] > RSN_SELECTOR_LEN + 2 && 743 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) { 744 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN; 745 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN; 746 return 0; 747 } 748 749 if (pos[1] > RSN_SELECTOR_LEN + 2 && 750 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) { 751 ie->error = pos + 2 + RSN_SELECTOR_LEN; 752 ie->error_len = pos[1] - RSN_SELECTOR_LEN; 753 return 0; 754 } 755#endif /* CONFIG_PEERKEY */ 756 757#ifdef CONFIG_IEEE80211W 758 if (pos[1] > RSN_SELECTOR_LEN + 2 && 759 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) { 760 ie->igtk = pos + 2 + RSN_SELECTOR_LEN; 761 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN; 762 return 0; 763 } 764#endif /* CONFIG_IEEE80211W */ 765 766 return 0; 767} 768 769 770/** 771 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs 772 * @buf: Pointer to the Key Data buffer 773 * @len: Key Data Length 774 * @ie: Pointer to parsed IE data 775 * Returns: 0 on success, -1 on failure 776 */ 777int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie) 778{ 779 const u8 *pos, *end; 780 int ret = 0; 781 782 os_memset(ie, 0, sizeof(*ie)); 783 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) { 784 if (pos[0] == 0xdd && 785 ((pos == buf + len - 1) || pos[1] == 0)) { 786 /* Ignore padding */ 787 break; 788 } 789 if (pos + 2 + pos[1] > end) { 790 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data " 791 "underflow (ie=%d len=%d pos=%d)", 792 pos[0], pos[1], (int) (pos - buf)); 793 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data", 794 buf, len); 795 ret = -1; 796 break; 797 } 798 if (*pos == WLAN_EID_RSN) { 799 ie->rsn_ie = pos; 800 ie->rsn_ie_len = pos[1] + 2; 801#ifdef CONFIG_IEEE80211R 802 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) { 803 ie->mdie = pos; 804 ie->mdie_len = pos[1] + 2; 805 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) { 806 ie->ftie = pos; 807 ie->ftie_len = pos[1] + 2; 808#endif /* CONFIG_IEEE80211R */ 809 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) { 810 ret = wpa_parse_generic(pos, end, ie); 811 if (ret < 0) 812 break; 813 if (ret > 0) { 814 ret = 0; 815 break; 816 } 817 } else { 818 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key " 819 "Key Data IE", pos, 2 + pos[1]); 820 } 821 } 822 823 return ret; 824} 825 826 827int wpa_auth_uses_mfp(struct wpa_state_machine *sm) 828{ 829 return sm ? sm->mgmt_frame_prot : 0; 830} 831