projects / thirdparty / hostap.git / blame
| Commit | Line | Data |
|---|---|---|
| 6fc6879b JM |
1 | /* |
| 2 | * hostapd - WPA/RSN IE and KDE definitions | |
| 3 | * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> | |
| 4 | * | |
| 5 | * This program is free software; you can redistribute it and/or modify | |
| 6 | * it under the terms of the GNU General Public License version 2 as | |
| 7 | * published by the Free Software Foundation. | |
| 8 | * | |
| 9 | * Alternatively, this software may be distributed under the terms of BSD | |
| 10 | * license. | |
| 11 | * | |
| 12 | * See README and COPYING for more details. | |
| 13 | */ | |
| 14 | ||
| 15 | #include "includes.h" | |
| 16 | ||
| 17 | #include "common.h" | |
| 18 | #include "config.h" | |
| 19 | #include "ieee802_11.h" | |
| 20 | #include "eapol_sm.h" | |
| 21 | #include "wpa.h" | |
| 22 | #include "pmksa_cache.h" | |
| 23 | #include "wpa_auth_ie.h" | |
| 24 | #include "wpa_auth_i.h" | |
| 25 | ||
| 26 | ||
| 27 | static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) | |
| 28 | { | |
| 29 | struct wpa_ie_hdr *hdr; | |
| 30 | int num_suites; | |
| 31 | u8 *pos, *count; | |
| 32 | ||
| 33 | hdr = (struct wpa_ie_hdr *) buf; | |
| 34 | hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC; | |
| 35 | RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE); | |
| 36 | WPA_PUT_LE16(hdr->version, WPA_VERSION); | |
| 37 | pos = (u8 *) (hdr + 1); | |
| 38 | ||
| 39 | if (conf->wpa_group == WPA_CIPHER_CCMP) { | |
| 40 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); | |
| 41 | } else if (conf->wpa_group == WPA_CIPHER_TKIP) { | |
| 42 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); | |
| 43 | } else if (conf->wpa_group == WPA_CIPHER_WEP104) { | |
| 44 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104); | |
| 45 | } else if (conf->wpa_group == WPA_CIPHER_WEP40) { | |
| 46 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40); | |
| 47 | } else { | |
| 48 | wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", | |
| 49 | conf->wpa_group); | |
| 50 | return -1; | |
| 51 | } | |
| 52 | pos += WPA_SELECTOR_LEN; | |
| 53 | ||
| 54 | num_suites = 0; | |
| 55 | count = pos; | |
| 56 | pos += 2; | |
| 57 | ||
| 58 | if (conf->wpa_pairwise & WPA_CIPHER_CCMP) { | |
| 59 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); | |
| 60 | pos += WPA_SELECTOR_LEN; | |
| 61 | num_suites++; | |
| 62 | } | |
| 63 | if (conf->wpa_pairwise & WPA_CIPHER_TKIP) { | |
| 64 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); | |
| 65 | pos += WPA_SELECTOR_LEN; | |
| 66 | num_suites++; | |
| 67 | } | |
| 68 | if (conf->wpa_pairwise & WPA_CIPHER_NONE) { | |
| 69 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE); | |
| 70 | pos += WPA_SELECTOR_LEN; | |
| 71 | num_suites++; | |
| 72 | } | |
| 73 | ||
| 74 | if (num_suites == 0) { | |
| 75 | wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", | |
| 76 | conf->wpa_pairwise); | |
| 77 | return -1; | |
| 78 | } | |
| 79 | WPA_PUT_LE16(count, num_suites); | |
| 80 | ||
| 81 | num_suites = 0; | |
| 82 | count = pos; | |
| 83 | pos += 2; | |
| 84 | ||
| 85 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { | |
| 86 | RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); | |
| 87 | pos += WPA_SELECTOR_LEN; | |
| 88 | num_suites++; | |
| 89 | } | |
| 90 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { | |
| 91 | RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); | |
| 92 | pos += WPA_SELECTOR_LEN; | |
| 93 | num_suites++; | |
| 94 | } | |
| 95 | ||
| 96 | if (num_suites == 0) { | |
| 97 | wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", | |
| 98 | conf->wpa_key_mgmt); | |
| 99 | return -1; | |
| 100 | } | |
| 101 | WPA_PUT_LE16(count, num_suites); | |
| 102 | ||
| 103 | /* WPA Capabilities; use defaults, so no need to include it */ | |
| 104 | ||
| 105 | hdr->len = (pos - buf) - 2; | |
| 106 | ||
| 107 | return pos - buf; | |
| 108 | } | |
| 109 | ||
| 110 | ||
| 111 | int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, | |
| 112 | const u8 *pmkid) | |
| 113 | { | |
| 114 | struct rsn_ie_hdr *hdr; | |
| 115 | int num_suites; | |
| 116 | u8 *pos, *count; | |
| 117 | u16 capab; | |
| 118 | ||
| 119 | hdr = (struct rsn_ie_hdr *) buf; | |
| 120 | hdr->elem_id = WLAN_EID_RSN; | |
| 121 | WPA_PUT_LE16(hdr->version, RSN_VERSION); | |
| 122 | pos = (u8 *) (hdr + 1); | |
| 123 | ||
| 124 | if (conf->wpa_group == WPA_CIPHER_CCMP) { | |
| 125 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); | |
| 126 | } else if (conf->wpa_group == WPA_CIPHER_TKIP) { | |
| 127 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); | |
| 128 | } else if (conf->wpa_group == WPA_CIPHER_WEP104) { | |
| 129 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104); | |
| 130 | } else if (conf->wpa_group == WPA_CIPHER_WEP40) { | |
| 131 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40); | |
| 132 | } else { | |
| 133 | wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", | |
| 134 | conf->wpa_group); | |
| 135 | return -1; | |
| 136 | } | |
| 137 | pos += RSN_SELECTOR_LEN; | |
| 138 | ||
| 139 | num_suites = 0; | |
| 140 | count = pos; | |
| 141 | pos += 2; | |
| 142 | ||
| 143 | if (conf->rsn_pairwise & WPA_CIPHER_CCMP) { | |
| 144 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); | |
| 145 | pos += RSN_SELECTOR_LEN; | |
| 146 | num_suites++; | |
| 147 | } | |
| 148 | if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { | |
| 149 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); | |
| 150 | pos += RSN_SELECTOR_LEN; | |
| 151 | num_suites++; | |
| 152 | } | |
| 153 | if (conf->rsn_pairwise & WPA_CIPHER_NONE) { | |
| 154 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE); | |
| 155 | pos += RSN_SELECTOR_LEN; | |
| 156 | num_suites++; | |
| 157 | } | |
| 158 | ||
| 159 | if (num_suites == 0) { | |
| 160 | wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", | |
| 161 | conf->rsn_pairwise); | |
| 162 | return -1; | |
| 163 | } | |
| 164 | WPA_PUT_LE16(count, num_suites); | |
| 165 | ||
| 166 | num_suites = 0; | |
| 167 | count = pos; | |
| 168 | pos += 2; | |
| 169 | ||
| 170 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { | |
| 171 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X); | |
| 172 | pos += RSN_SELECTOR_LEN; | |
| 173 | num_suites++; | |
| 174 | } | |
| 175 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { | |
| 176 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X); | |
| 177 | pos += RSN_SELECTOR_LEN; | |
| 178 | num_suites++; | |
| 179 | } | |
| 180 | #ifdef CONFIG_IEEE80211R | |
| 181 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { | |
| 182 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X); | |
| 183 | pos += RSN_SELECTOR_LEN; | |
| 184 | num_suites++; | |
| 185 | } | |
| 186 | if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { | |
| 187 | RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK); | |
| 188 | pos += RSN_SELECTOR_LEN; | |
| 189 | num_suites++; | |
| 190 | } | |
| 191 | #endif /* CONFIG_IEEE80211R */ | |
| 192 | ||
| 193 | if (num_suites == 0) { | |
| 194 | wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", | |
| 195 | conf->wpa_key_mgmt); | |
| 196 | return -1; | |
| 197 | } | |
| 198 | WPA_PUT_LE16(count, num_suites); | |
| 199 | ||
| 200 | /* RSN Capabilities */ | |
| 201 | capab = 0; | |
| 202 | if (conf->rsn_preauth) | |
| 203 | capab |= WPA_CAPABILITY_PREAUTH; | |
| 204 | if (conf->peerkey) | |
| 205 | capab |= WPA_CAPABILITY_PEERKEY_ENABLED; | |
| 206 | if (conf->wme_enabled) { | |
| 207 | /* 4 PTKSA replay counters when using WME */ | |
| 208 | capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); | |
| 209 | } | |
| 210 | #ifdef CONFIG_IEEE80211W | |
| 211 | if (conf->ieee80211w != WPA_NO_IEEE80211W) | |
| 212 | capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION; | |
| 213 | #endif /* CONFIG_IEEE80211W */ | |
| 214 | WPA_PUT_LE16(pos, capab); | |
| 215 | pos += 2; | |
| 216 | ||
| 217 | if (pmkid) { | |
| 218 | if (pos + 2 + PMKID_LEN > buf + len) | |
| 219 | return -1; | |
| 220 | /* PMKID Count */ | |
| 221 | WPA_PUT_LE16(pos, 1); | |
| 222 | pos += 2; | |
| 223 | os_memcpy(pos, pmkid, PMKID_LEN); | |
| 224 | pos += PMKID_LEN; | |
| 225 | } | |
| 226 | ||
| 227 | #ifdef CONFIG_IEEE80211W | |
| 228 | if (conf->ieee80211w != WPA_NO_IEEE80211W) { | |
| 229 | if (pos + 2 + 4 > buf + len) | |
| 230 | return -1; | |
| 231 | if (pmkid == NULL) { | |
| 232 | /* PMKID Count */ | |
| 233 | WPA_PUT_LE16(pos, 0); | |
| 234 | pos += 2; | |
| 235 | } | |
| 236 | ||
| 237 | /* Management Group Cipher Suite */ | |
| 238 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); | |
| 239 | pos += RSN_SELECTOR_LEN; | |
| 240 | } | |
| 241 | #endif /* CONFIG_IEEE80211W */ | |
| 242 | ||
| 243 | hdr->len = (pos - buf) - 2; | |
| 244 | ||
| 245 | return pos - buf; | |
| 246 | } | |
| 247 | ||
| 248 | ||
| 249 | int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth) | |
| 250 | { | |
| 251 | u8 *pos, buf[128]; | |
| 252 | int res; | |
| 253 | ||
| 254 | pos = buf; | |
| 255 | ||
| 256 | if (wpa_auth->conf.wpa & WPA_PROTO_RSN) { | |
| 257 | res = wpa_write_rsn_ie(&wpa_auth->conf, | |
| 258 | pos, buf + sizeof(buf) - pos, NULL); | |
| 259 | if (res < 0) | |
| 260 | return res; | |
| 261 | pos += res; | |
| 262 | } | |
| 263 | #ifdef CONFIG_IEEE80211R | |
| 264 | if (wpa_auth->conf.wpa_key_mgmt & | |
| 265 | (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) { | |
| 266 | res = wpa_write_mdie(&wpa_auth->conf, pos, | |
| 267 | buf + sizeof(buf) - pos); | |
| 268 | if (res < 0) | |
| 269 | return res; | |
| 270 | pos += res; | |
| 271 | } | |
| 272 | #endif /* CONFIG_IEEE80211R */ | |
| 273 | if (wpa_auth->conf.wpa & WPA_PROTO_WPA) { | |
| 274 | res = wpa_write_wpa_ie(&wpa_auth->conf, | |
| 275 | pos, buf + sizeof(buf) - pos); | |
| 276 | if (res < 0) | |
| 277 | return res; | |
| 278 | pos += res; | |
| 279 | } | |
| 280 | ||
| 281 | os_free(wpa_auth->wpa_ie); | |
| 282 | wpa_auth->wpa_ie = os_malloc(pos - buf); | |
| 283 | if (wpa_auth->wpa_ie == NULL) | |
| 284 | return -1; | |
| 285 | os_memcpy(wpa_auth->wpa_ie, buf, pos - buf); | |
| 286 | wpa_auth->wpa_ie_len = pos - buf; | |
| 287 | ||
| 288 | return 0; | |
| 289 | } | |
| 290 | ||
| 291 | ||
| 292 | u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, | |
| 293 | const u8 *data2, size_t data2_len) | |
| 294 | { | |
| 295 | *pos++ = WLAN_EID_VENDOR_SPECIFIC; | |
| 296 | *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; | |
| 297 | RSN_SELECTOR_PUT(pos, kde); | |
| 298 | pos += RSN_SELECTOR_LEN; | |
| 299 | os_memcpy(pos, data, data_len); | |
| 300 | pos += data_len; | |
| 301 | if (data2) { | |
| 302 | os_memcpy(pos, data2, data2_len); | |
| 303 | pos += data2_len; | |
| 304 | } | |
| 305 | return pos; | |
| 306 | } | |
| 307 | ||
| 308 | ||
| 309 | static int wpa_selector_to_bitfield(const u8 *s) | |
| 310 | { | |
| 311 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE) | |
| 312 | return WPA_CIPHER_NONE; | |
| 313 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40) | |
| 314 | return WPA_CIPHER_WEP40; | |
| 315 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP) | |
| 316 | return WPA_CIPHER_TKIP; | |
| 317 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP) | |
| 318 | return WPA_CIPHER_CCMP; | |
| 319 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104) | |
| 320 | return WPA_CIPHER_WEP104; | |
| 321 | return 0; | |
| 322 | } | |
| 323 | ||
| 324 | ||
| 325 | static int wpa_key_mgmt_to_bitfield(const u8 *s) | |
| 326 | { | |
| 327 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X) | |
| 328 | return WPA_KEY_MGMT_IEEE8021X; | |
| 329 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X) | |
| 330 | return WPA_KEY_MGMT_PSK; | |
| 331 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE) | |
| 332 | return WPA_KEY_MGMT_WPA_NONE; | |
| 333 | return 0; | |
| 334 | } | |
| 335 | ||
| 336 | ||
| 337 | static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len, | |
| 338 | struct wpa_ie_data *data) | |
| 339 | { | |
| 340 | const struct wpa_ie_hdr *hdr; | |
| 341 | const u8 *pos; | |
| 342 | int left; | |
| 343 | int i, count; | |
| 344 | ||
| 345 | os_memset(data, 0, sizeof(*data)); | |
| 346 | data->pairwise_cipher = WPA_CIPHER_TKIP; | |
| 347 | data->group_cipher = WPA_CIPHER_TKIP; | |
| 348 | data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
| 349 | data->mgmt_group_cipher = 0; | |
| 350 | ||
| 351 | if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) | |
| 352 | return -1; | |
| 353 | ||
| 354 | hdr = (const struct wpa_ie_hdr *) wpa_ie; | |
| 355 | ||
| 356 | if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC || | |
| 357 | hdr->len != wpa_ie_len - 2 || | |
| 358 | RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE || | |
| 359 | WPA_GET_LE16(hdr->version) != WPA_VERSION) { | |
| 360 | return -2; | |
| 361 | } | |
| 362 | ||
| 363 | pos = (const u8 *) (hdr + 1); | |
| 364 | left = wpa_ie_len - sizeof(*hdr); | |
| 365 | ||
| 366 | if (left >= WPA_SELECTOR_LEN) { | |
| 367 | data->group_cipher = wpa_selector_to_bitfield(pos); | |
| 368 | pos += WPA_SELECTOR_LEN; | |
| 369 | left -= WPA_SELECTOR_LEN; | |
| 370 | } else if (left > 0) | |
| 371 | return -3; | |
| 372 | ||
| 373 | if (left >= 2) { | |
| 374 | data->pairwise_cipher = 0; | |
| 375 | count = WPA_GET_LE16(pos); | |
| 376 | pos += 2; | |
| 377 | left -= 2; | |
| 378 | if (count == 0 || left < count * WPA_SELECTOR_LEN) | |
| 379 | return -4; | |
| 380 | for (i = 0; i < count; i++) { | |
| 381 | data->pairwise_cipher |= wpa_selector_to_bitfield(pos); | |
| 382 | pos += WPA_SELECTOR_LEN; | |
| 383 | left -= WPA_SELECTOR_LEN; | |
| 384 | } | |
| 385 | } else if (left == 1) | |
| 386 | return -5; | |
| 387 | ||
| 388 | if (left >= 2) { | |
| 389 | data->key_mgmt = 0; | |
| 390 | count = WPA_GET_LE16(pos); | |
| 391 | pos += 2; | |
| 392 | left -= 2; | |
| 393 | if (count == 0 || left < count * WPA_SELECTOR_LEN) | |
| 394 | return -6; | |
| 395 | for (i = 0; i < count; i++) { | |
| 396 | data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos); | |
| 397 | pos += WPA_SELECTOR_LEN; | |
| 398 | left -= WPA_SELECTOR_LEN; | |
| 399 | } | |
| 400 | } else if (left == 1) | |
| 401 | return -7; | |
| 402 | ||
| 403 | if (left >= 2) { | |
| 404 | data->capabilities = WPA_GET_LE16(pos); | |
| 405 | pos += 2; | |
| 406 | left -= 2; | |
| 407 | } | |
| 408 | ||
| 409 | if (left > 0) { | |
| 410 | return -8; | |
| 411 | } | |
| 412 | ||
| 413 | return 0; | |
| 414 | } | |
| 415 | ||
| 416 | ||
| 417 | int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, | |
| 418 | struct wpa_state_machine *sm, | |
| 419 | const u8 *wpa_ie, size_t wpa_ie_len, | |
| 420 | const u8 *mdie, size_t mdie_len) | |
| 421 | { | |
| 422 | struct wpa_ie_data data; | |
| 423 | int ciphers, key_mgmt, res, version; | |
| 424 | u32 selector; | |
| 425 | size_t i; | |
| 426 | ||
| 427 | if (wpa_auth == NULL || sm == NULL) | |
| 428 | return WPA_NOT_ENABLED; | |
| 429 | ||
| 430 | if (wpa_ie == NULL || wpa_ie_len < 1) | |
| 431 | return WPA_INVALID_IE; | |
| 432 | ||
| 433 | if (wpa_ie[0] == WLAN_EID_RSN) | |
| 434 | version = WPA_PROTO_RSN; | |
| 435 | else | |
| 436 | version = WPA_PROTO_WPA; | |
| 437 | ||
| 438 | if (version == WPA_PROTO_RSN) { | |
| 439 | res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); | |
| 440 | ||
| 441 | selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; | |
| 442 | if (0) { | |
| 443 | } | |
| 444 | #ifdef CONFIG_IEEE80211R | |
| 445 | else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) | |
| 446 | selector = RSN_AUTH_KEY_MGMT_FT_802_1X; | |
| 447 | else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) | |
| 448 | selector = RSN_AUTH_KEY_MGMT_FT_PSK; | |
| 449 | #endif /* CONFIG_IEEE80211R */ | |
| 450 | else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) | |
| 451 | selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; | |
| 452 | else if (data.key_mgmt & WPA_KEY_MGMT_PSK) | |
| 453 | selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; | |
| 454 | wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; | |
| 455 | ||
| 456 | selector = RSN_CIPHER_SUITE_CCMP; | |
| 457 | if (data.pairwise_cipher & WPA_CIPHER_CCMP) | |
| 458 | selector = RSN_CIPHER_SUITE_CCMP; | |
| 459 | else if (data.pairwise_cipher & WPA_CIPHER_TKIP) | |
| 460 | selector = RSN_CIPHER_SUITE_TKIP; | |
| 461 | else if (data.pairwise_cipher & WPA_CIPHER_WEP104) | |
| 462 | selector = RSN_CIPHER_SUITE_WEP104; | |
| 463 | else if (data.pairwise_cipher & WPA_CIPHER_WEP40) | |
| 464 | selector = RSN_CIPHER_SUITE_WEP40; | |
| 465 | else if (data.pairwise_cipher & WPA_CIPHER_NONE) | |
| 466 | selector = RSN_CIPHER_SUITE_NONE; | |
| 467 | wpa_auth->dot11RSNAPairwiseCipherSelected = selector; | |
| 468 | ||
| 469 | selector = RSN_CIPHER_SUITE_CCMP; | |
| 470 | if (data.group_cipher & WPA_CIPHER_CCMP) | |
| 471 | selector = RSN_CIPHER_SUITE_CCMP; | |
| 472 | else if (data.group_cipher & WPA_CIPHER_TKIP) | |
| 473 | selector = RSN_CIPHER_SUITE_TKIP; | |
| 474 | else if (data.group_cipher & WPA_CIPHER_WEP104) | |
| 475 | selector = RSN_CIPHER_SUITE_WEP104; | |
| 476 | else if (data.group_cipher & WPA_CIPHER_WEP40) | |
| 477 | selector = RSN_CIPHER_SUITE_WEP40; | |
| 478 | else if (data.group_cipher & WPA_CIPHER_NONE) | |
| 479 | selector = RSN_CIPHER_SUITE_NONE; | |
| 480 | wpa_auth->dot11RSNAGroupCipherSelected = selector; | |
| 481 | } else { | |
| 482 | res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data); | |
| 483 | ||
| 484 | selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; | |
| 485 | if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) | |
| 486 | selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; | |
| 487 | else if (data.key_mgmt & WPA_KEY_MGMT_PSK) | |
| 488 | selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; | |
| 489 | wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; | |
| 490 | ||
| 491 | selector = WPA_CIPHER_SUITE_TKIP; | |
| 492 | if (data.pairwise_cipher & WPA_CIPHER_CCMP) | |
| 493 | selector = WPA_CIPHER_SUITE_CCMP; | |
| 494 | else if (data.pairwise_cipher & WPA_CIPHER_TKIP) | |
| 495 | selector = WPA_CIPHER_SUITE_TKIP; | |
| 496 | else if (data.pairwise_cipher & WPA_CIPHER_WEP104) | |
| 497 | selector = WPA_CIPHER_SUITE_WEP104; | |
| 498 | else if (data.pairwise_cipher & WPA_CIPHER_WEP40) | |
| 499 | selector = WPA_CIPHER_SUITE_WEP40; | |
| 500 | else if (data.pairwise_cipher & WPA_CIPHER_NONE) | |
| 501 | selector = WPA_CIPHER_SUITE_NONE; | |
| 502 | wpa_auth->dot11RSNAPairwiseCipherSelected = selector; | |
| 503 | ||
| 504 | selector = WPA_CIPHER_SUITE_TKIP; | |
| 505 | if (data.group_cipher & WPA_CIPHER_CCMP) | |
| 506 | selector = WPA_CIPHER_SUITE_CCMP; | |
| 507 | else if (data.group_cipher & WPA_CIPHER_TKIP) | |
| 508 | selector = WPA_CIPHER_SUITE_TKIP; | |
| 509 | else if (data.group_cipher & WPA_CIPHER_WEP104) | |
| 510 | selector = WPA_CIPHER_SUITE_WEP104; | |
| 511 | else if (data.group_cipher & WPA_CIPHER_WEP40) | |
| 512 | selector = WPA_CIPHER_SUITE_WEP40; | |
| 513 | else if (data.group_cipher & WPA_CIPHER_NONE) | |
| 514 | selector = WPA_CIPHER_SUITE_NONE; | |
| 515 | wpa_auth->dot11RSNAGroupCipherSelected = selector; | |
| 516 | } | |
| 517 | if (res) { | |
| 518 | wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from " | |
| 519 | MACSTR " (res=%d)", MAC2STR(sm->addr), res); | |
| 520 | wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len); | |
| 521 | return WPA_INVALID_IE; | |
| 522 | } | |
| 523 | ||
| 524 | if (data.group_cipher != wpa_auth->conf.wpa_group) { | |
| 525 | wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from " | |
| 526 | MACSTR, data.group_cipher, MAC2STR(sm->addr)); | |
| 527 | return WPA_INVALID_GROUP; | |
| 528 | } | |
| 529 | ||
| 530 | key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt; | |
| 531 | if (!key_mgmt) { | |
| 532 | wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " | |
| 533 | MACSTR, data.key_mgmt, MAC2STR(sm->addr)); | |
| 534 | return WPA_INVALID_AKMP; | |
| 535 | } | |
| 536 | if (0) { | |
| 537 | } | |
| 538 | #ifdef CONFIG_IEEE80211R | |
| 539 | else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) | |
| 540 | sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; | |
| 541 | else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) | |
| 542 | sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; | |
| 543 | #endif /* CONFIG_IEEE80211R */ | |
| 544 | else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) | |
| 545 | sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
| 546 | else | |
| 547 | sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK; | |
| 548 | ||
| 549 | if (version == WPA_PROTO_RSN) | |
| 550 | ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise; | |
| 551 | else | |
| 552 | ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise; | |
| 553 | if (!ciphers) { | |
| 554 | wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) " | |
| 555 | "from " MACSTR, | |
| 556 | version == WPA_PROTO_RSN ? "RSN" : "WPA", | |
| 557 | data.pairwise_cipher, MAC2STR(sm->addr)); | |
| 558 | return WPA_INVALID_PAIRWISE; | |
| 559 | } | |
| 560 | ||
| 561 | #ifdef CONFIG_IEEE80211W | |
| 562 | if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) { | |
| 563 | if (!(data.capabilities & | |
| 564 | WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) { | |
| 565 | wpa_printf(MSG_DEBUG, "Management frame protection " | |
| 566 | "required, but client did not enable it"); | |
| 567 | return WPA_MGMT_FRAME_PROTECTION_VIOLATION; | |
| 568 | } | |
| 569 | ||
| 570 | if (ciphers & WPA_CIPHER_TKIP) { | |
| 571 | wpa_printf(MSG_DEBUG, "Management frame protection " | |
| 572 | "cannot use TKIP"); | |
| 573 | return WPA_MGMT_FRAME_PROTECTION_VIOLATION; | |
| 574 | } | |
| 575 | ||
| 576 | if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { | |
| 577 | wpa_printf(MSG_DEBUG, "Unsupported management group " | |
| 578 | "cipher %d", data.mgmt_group_cipher); | |
| 579 | return WPA_INVALID_MGMT_GROUP_CIPHER; | |
| 580 | } | |
| 581 | } | |
| 582 | ||
| 583 | if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W || | |
| 584 | !(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) | |
| 585 | sm->mgmt_frame_prot = 0; | |
| 586 | else | |
| 587 | sm->mgmt_frame_prot = 1; | |
| 588 | #endif /* CONFIG_IEEE80211W */ | |
| 589 | ||
| 590 | #ifdef CONFIG_IEEE80211R | |
| 591 | if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X || | |
| 592 | sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) { | |
| 593 | if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) { | |
| 594 | wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but " | |
| 595 | "MDIE not included"); | |
| 596 | return WPA_INVALID_MDIE; | |
| 597 | } | |
| 598 | if (os_memcmp(mdie, wpa_auth->conf.mobility_domain, | |
| 599 | MOBILITY_DOMAIN_ID_LEN) != 0) { | |
| 600 | wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown " | |
| 601 | "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); | |
| 602 | return WPA_INVALID_MDIE; | |
| 603 | } | |
| 604 | } | |
| 605 | #endif /* CONFIG_IEEE80211R */ | |
| 606 | ||
| 607 | if (ciphers & WPA_CIPHER_CCMP) | |
| 608 | sm->pairwise = WPA_CIPHER_CCMP; | |
| 609 | else | |
| 610 | sm->pairwise = WPA_CIPHER_TKIP; | |
| 611 | ||
| 612 | /* TODO: clear WPA/WPA2 state if STA changes from one to another */ | |
| 613 | if (wpa_ie[0] == WLAN_EID_RSN) | |
| 614 | sm->wpa = WPA_VERSION_WPA2; | |
| 615 | else | |
| 616 | sm->wpa = WPA_VERSION_WPA; | |
| 617 | ||
| 618 | for (i = 0; i < data.num_pmkid; i++) { | |
| 619 | wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID", | |
| 620 | &data.pmkid[i * PMKID_LEN], PMKID_LEN); | |
| 621 | sm->pmksa = pmksa_cache_get(wpa_auth->pmksa, sm->addr, | |
| 622 | &data.pmkid[i * PMKID_LEN]); | |
| 623 | if (sm->pmksa) { | |
| 624 | wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, | |
| 625 | "PMKID found from PMKSA cache " | |
| 626 | "eap_type=%d vlan_id=%d", | |
| 627 | sm->pmksa->eap_type_authsrv, | |
| 628 | sm->pmksa->vlan_id); | |
| 629 | os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, | |
| 630 | sm->pmksa->pmkid, PMKID_LEN); | |
| 631 | break; | |
| 632 | } | |
| 633 | } | |
| 634 | ||
| 635 | if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) { | |
| 636 | os_free(sm->wpa_ie); | |
| 637 | sm->wpa_ie = os_malloc(wpa_ie_len); | |
| 638 | if (sm->wpa_ie == NULL) | |
| 639 | return WPA_ALLOC_FAIL; | |
| 640 | } | |
| 641 | os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len); | |
| 642 | sm->wpa_ie_len = wpa_ie_len; | |
| 643 | ||
| 644 | return WPA_IE_OK; | |
| 645 | } | |
| 646 | ||
| 647 | ||
| 648 | /** | |
| 649 | * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs | |
| 650 | * @pos: Pointer to the IE header | |
| 651 | * @end: Pointer to the end of the Key Data buffer | |
| 652 | * @ie: Pointer to parsed IE data | |
| 653 | * Returns: 0 on success, 1 if end mark is found, -1 on failure | |
| 654 | */ | |
| 655 | static int wpa_parse_generic(const u8 *pos, const u8 *end, | |
| 656 | struct wpa_eapol_ie_parse *ie) | |
| 657 | { | |
| 658 | if (pos[1] == 0) | |
| 659 | return 1; | |
| 660 | ||
| 661 | if (pos[1] >= 6 && | |
| 662 | RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE && | |
| 663 | pos[2 + WPA_SELECTOR_LEN] == 1 && | |
| 664 | pos[2 + WPA_SELECTOR_LEN + 1] == 0) { | |
| 665 | ie->wpa_ie = pos; | |
| 666 | ie->wpa_ie_len = pos[1] + 2; | |
| 667 | return 0; | |
| 668 | } | |
| 669 | ||
| 670 | if (pos + 1 + RSN_SELECTOR_LEN < end && | |
| 671 | pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN && | |
| 672 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) { | |
| 673 | ie->pmkid = pos + 2 + RSN_SELECTOR_LEN; | |
| 674 | return 0; | |
| 675 | } | |
| 676 | ||
| 677 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 678 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) { | |
| 679 | ie->gtk = pos + 2 + RSN_SELECTOR_LEN; | |
| 680 | ie->gtk_len = pos[1] - RSN_SELECTOR_LEN; | |
| 681 | return 0; | |
| 682 | } | |
| 683 | ||
| 684 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 685 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) { | |
| 686 | ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN; | |
| 687 | ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN; | |
| 688 | return 0; | |
| 689 | } | |
| 690 | ||
| 691 | #ifdef CONFIG_PEERKEY | |
| 692 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 693 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) { | |
| 694 | ie->smk = pos + 2 + RSN_SELECTOR_LEN; | |
| 695 | ie->smk_len = pos[1] - RSN_SELECTOR_LEN; | |
| 696 | return 0; | |
| 697 | } | |
| 698 | ||
| 699 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 700 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) { | |
| 701 | ie->nonce = pos + 2 + RSN_SELECTOR_LEN; | |
| 702 | ie->nonce_len = pos[1] - RSN_SELECTOR_LEN; | |
| 703 | return 0; | |
| 704 | } | |
| 705 | ||
| 706 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 707 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) { | |
| 708 | ie->lifetime = pos + 2 + RSN_SELECTOR_LEN; | |
| 709 | ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN; | |
| 710 | return 0; | |
| 711 | } | |
| 712 | ||
| 713 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 714 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) { | |
| 715 | ie->error = pos + 2 + RSN_SELECTOR_LEN; | |
| 716 | ie->error_len = pos[1] - RSN_SELECTOR_LEN; | |
| 717 | return 0; | |
| 718 | } | |
| 719 | #endif /* CONFIG_PEERKEY */ | |
| 720 | ||
| 721 | #ifdef CONFIG_IEEE80211W | |
| 722 | if (pos[1] > RSN_SELECTOR_LEN + 2 && | |
| 723 | RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) { | |
| 724 | ie->igtk = pos + 2 + RSN_SELECTOR_LEN; | |
| 725 | ie->igtk_len = pos[1] - RSN_SELECTOR_LEN; | |
| 726 | return 0; | |
| 727 | } | |
| 728 | #endif /* CONFIG_IEEE80211W */ | |
| 729 | ||
| 730 | return 0; | |
| 731 | } | |
| 732 | ||
| 733 | ||
| 734 | /** | |
| 735 | * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs | |
| 736 | * @buf: Pointer to the Key Data buffer | |
| 737 | * @len: Key Data Length | |
| 738 | * @ie: Pointer to parsed IE data | |
| 739 | * Returns: 0 on success, -1 on failure | |
| 740 | */ | |
| 741 | int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie) | |
| 742 | { | |
| 743 | const u8 *pos, *end; | |
| 744 | int ret = 0; | |
| 745 | ||
| 746 | os_memset(ie, 0, sizeof(*ie)); | |
| 747 | for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) { | |
| 748 | if (pos[0] == 0xdd && | |
| 749 | ((pos == buf + len - 1) || pos[1] == 0)) { | |
| 750 | /* Ignore padding */ | |
| 751 | break; | |
| 752 | } | |
| 753 | if (pos + 2 + pos[1] > end) { | |
| 754 | wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data " | |
| 755 | "underflow (ie=%d len=%d pos=%d)", | |
| 756 | pos[0], pos[1], (int) (pos - buf)); | |
| 757 | wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data", | |
| 758 | buf, len); | |
| 759 | ret = -1; | |
| 760 | break; | |
| 761 | } | |
| 762 | if (*pos == WLAN_EID_RSN) { | |
| 763 | ie->rsn_ie = pos; | |
| 764 | ie->rsn_ie_len = pos[1] + 2; | |
| 765 | #ifdef CONFIG_IEEE80211R | |
| 766 | } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) { | |
| 767 | ie->mdie = pos; | |
| 768 | ie->mdie_len = pos[1] + 2; | |
| 769 | #endif /* CONFIG_IEEE80211R */ | |
| 770 | } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) { | |
| 771 | ret = wpa_parse_generic(pos, end, ie); | |
| 772 | if (ret < 0) | |
| 773 | break; | |
| 774 | if (ret > 0) { | |
| 775 | ret = 0; | |
| 776 | break; | |
| 777 | } | |
| 778 | } else { | |
| 779 | wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key " | |
| 780 | "Key Data IE", pos, 2 + pos[1]); | |
| 781 | } | |
| 782 | } | |
| 783 | ||
| 784 | return ret; | |
| 785 | } | |
| f3f7540e JM |
786 | |
| 787 | ||
| 788 | int wpa_auth_uses_mfp(struct wpa_state_machine *sm) | |
| 789 | { | |
| 790 | return sm ? sm->mgmt_frame_prot : 0; | |
| 791 | } |