31 	u8 *pos, *count;
38 	pos = (u8 *) (hdr + 1);
46 	RSN_SELECTOR_PUT(pos, suite);
47 	pos += WPA_SELECTOR_LEN;
49 	count = pos;
50 	pos += 2;
52 	num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
58 	pos += num_suites * WPA_SELECTOR_LEN;
62 	count = pos;
63 	pos += 2;
66 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 		pos += WPA_SELECTOR_LEN;
71 		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 		pos += WPA_SELECTOR_LEN;
85 	hdr->len = (pos - buf) - 2;
87 	return pos - buf;
96 	u8 *pos, *count;
103 	pos = (u8 *) (hdr + 1);
111 	RSN_SELECTOR_PUT(pos, suite);
112 	pos += RSN_SELECTOR_LEN;
115 	count = pos;
116 	pos += 2;
120 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 		pos += RSN_SELECTOR_LEN;
126 	res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
128 	pos += res * RSN_SELECTOR_LEN;
132 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 		pos += RSN_SELECTOR_LEN;
146 	count = pos;
147 	pos += 2;
151 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 		pos += RSN_SELECTOR_LEN;
158 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 		pos += RSN_SELECTOR_LEN;
163 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 		pos += RSN_SELECTOR_LEN;
169 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 		pos += RSN_SELECTOR_LEN;
174 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
175 		pos += RSN_SELECTOR_LEN;
181 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
182 		pos += RSN_SELECTOR_LEN;
186 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
187 		pos += RSN_SELECTOR_LEN;
193 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
194 		pos += RSN_SELECTOR_LEN;
198 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
199 		pos += RSN_SELECTOR_LEN;
204 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
205 		pos += RSN_SELECTOR_LEN;
209 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
210 		pos += RSN_SELECTOR_LEN;
215 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
216 		pos += RSN_SELECTOR_LEN;
220 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
221 		pos += RSN_SELECTOR_LEN;
226 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
227 		pos += RSN_SELECTOR_LEN;
231 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
232 		pos += RSN_SELECTOR_LEN;
240 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
241 		pos += RSN_SELECTOR_LEN;
274 	WPA_PUT_LE16(pos, capab);
275 	pos += 2;
278 		if (2 + PMKID_LEN > buf + len - pos)
281 		WPA_PUT_LE16(pos, 1);
282 		pos += 2;
283 		os_memcpy(pos, pmkid, PMKID_LEN);
284 		pos += PMKID_LEN;
290 		if (2 + 4 > buf + len - pos)
294 			WPA_PUT_LE16(pos, 0);
295 			pos += 2;
301 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
304 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
307 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
310 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
318 		pos += RSN_SELECTOR_LEN;
332 		WPA_PUT_LE16(pos, 0);
333 		pos += 2;
336 			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
337 			pos += RSN_SELECTOR_LEN;
340 		os_memset(pos, 0x12, 17);
341 		pos += 17;
345 	hdr->len = (pos - buf) - 2;
347 	return pos - buf;
402 	u8 *pos, buf[128];
422 	pos = buf;
425 		pos = wpa_write_osen(&wpa_auth->conf, pos);
429 				       pos, buf + sizeof(buf) - pos, NULL);
432 		pos += res;
436 		res = wpa_write_mdie(&wpa_auth->conf, pos,
437 				     buf + sizeof(buf) - pos);
440 		pos += res;
445 				       pos, buf + sizeof(buf) - pos);
448 		pos += res;
452 	wpa_auth->wpa_ie = os_malloc(pos - buf);
455 	os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
456 	wpa_auth->wpa_ie_len = pos - buf;
462 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
465 	*pos++ = WLAN_EID_VENDOR_SPECIFIC;
466 	*pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
467 	RSN_SELECTOR_PUT(pos, kde);
468 	pos += RSN_SELECTOR_LEN;
469 	os_memcpy(pos, data, data_len);
470 	pos += data_len;
472 		os_memcpy(pos, data2, data2_len);
473 		pos += data2_len;
475 	return pos;
823  * @pos: Pointer to the IE header
828 static int wpa_parse_generic(const u8 *pos, const u8 *end,
831 	if (pos[1] == 0)
834 	if (pos[1] >= 6 &&
835 	    RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
836 	    pos[2 + WPA_SELECTOR_LEN] == 1 &&
837 	    pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
838 		ie->wpa_ie = pos;
839 		ie->wpa_ie_len = pos[1] + 2;
843 	if (pos[1] >= 4 && WPA_GET_BE32(pos + 2) == OSEN_IE_VENDOR_TYPE) {
844 		ie->osen = pos;
845 		ie->osen_len = pos[1] + 2;
849 	if (1 + RSN_SELECTOR_LEN < end - pos &&
850 	    pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
851 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
852 		ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
856 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
857 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
858 		ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
859 		ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
863 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
864 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
865 		ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
866 		ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
871 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
872 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
873 		ie->smk = pos + 2 + RSN_SELECTOR_LEN;
874 		ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
878 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
879 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
880 		ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
881 		ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
885 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
886 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
887 		ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
888 		ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
892 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
893 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
894 		ie->error = pos + 2 + RSN_SELECTOR_LEN;
895 		ie->error_len = pos[1] - RSN_SELECTOR_LEN;
901 	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
902 	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
903 		ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
904 		ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
910 	if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
911 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
912 		ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
914 			    ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
918 	if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
919 	    RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
920 		ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
923 			    ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
941 	const u8 *pos, *end;
945 	for (pos = buf, end = pos + len; end - pos > 1; pos += 2 + pos[1]) {
946 		if (pos[0] == 0xdd &&
947 		    ((pos == buf + len - 1) || pos[1] == 0)) {
951 		if (2 + pos[1] > end - pos) {
953 				   "underflow (ie=%d len=%d pos=%d)",
954 				   pos[0], pos[1], (int) (pos - buf));
960 		if (*pos == WLAN_EID_RSN) {
961 			ie->rsn_ie = pos;
962 			ie->rsn_ie_len = pos[1] + 2;
964 		} else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
965 			ie->mdie = pos;
966 			ie->mdie_len = pos[1] + 2;
967 		} else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
968 			ie->ftie = pos;
969 			ie->ftie_len = pos[1] + 2;
971 		} else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
972 			ret = wpa_parse_generic(pos, end, ie);
981 				    "Key Data IE", pos, 2 + pos[1]);

Indexes created Sun Sep 10 09:05:34 CEST 2017