]>
Commit | Line | Data |
---|---|---|
161d0339 JM |
1 | /* |
2 | * Received Data frame processing for EAPOL messages | |
3 | * Copyright (c) 2010, Jouni Malinen <j@w1.fi> | |
4 | * | |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
161d0339 JM |
7 | */ |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "crypto/aes_wrap.h" | |
13 | #include "crypto/crypto.h" | |
14 | #include "common/defs.h" | |
15 | #include "common/ieee802_11_defs.h" | |
c81defea | 16 | #include "common/ieee802_11_common.h" |
161d0339 JM |
17 | #include "common/eapol_common.h" |
18 | #include "common/wpa_common.h" | |
19 | #include "rsn_supp/wpa_ie.h" | |
20 | #include "wlantest.h" | |
21 | ||
22 | ||
23 | static int is_zero(const u8 *buf, size_t len) | |
24 | { | |
25 | size_t i; | |
26 | for (i = 0; i < len; i++) { | |
27 | if (buf[i]) | |
28 | return 0; | |
29 | } | |
30 | return 1; | |
31 | } | |
32 | ||
33 | ||
34 | static int check_mic(const u8 *kck, int ver, const u8 *data, size_t len) | |
35 | { | |
36 | u8 *buf; | |
37 | int ret = -1; | |
38 | struct ieee802_1x_hdr *hdr; | |
39 | struct wpa_eapol_key *key; | |
40 | u8 rx_mic[16]; | |
41 | ||
42 | buf = os_malloc(len); | |
43 | if (buf == NULL) | |
44 | return -1; | |
45 | os_memcpy(buf, data, len); | |
46 | hdr = (struct ieee802_1x_hdr *) buf; | |
47 | key = (struct wpa_eapol_key *) (hdr + 1); | |
48 | ||
49 | os_memcpy(rx_mic, key->key_mic, 16); | |
50 | os_memset(key->key_mic, 0, 16); | |
51 | ||
52 | if (wpa_eapol_key_mic(kck, ver, buf, len, key->key_mic) == 0 && | |
53 | os_memcmp(rx_mic, key->key_mic, 16) == 0) | |
54 | ret = 0; | |
55 | ||
56 | os_free(buf); | |
57 | ||
58 | return ret; | |
59 | } | |
60 | ||
61 | ||
62 | static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst, | |
63 | const u8 *src, const u8 *data, size_t len) | |
64 | { | |
65 | struct wlantest_bss *bss; | |
66 | struct wlantest_sta *sta; | |
67 | const struct ieee802_1x_hdr *eapol; | |
68 | const struct wpa_eapol_key *hdr; | |
69 | ||
70 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR, | |
71 | MAC2STR(src), MAC2STR(dst)); | |
72 | bss = bss_get(wt, src); | |
73 | if (bss == NULL) | |
74 | return; | |
75 | sta = sta_get(bss, dst); | |
76 | if (sta == NULL) | |
77 | return; | |
78 | ||
79 | eapol = (const struct ieee802_1x_hdr *) data; | |
80 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
81 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { | |
82 | wpa_printf(MSG_INFO, "EAPOL-Key 1/4 from " MACSTR " used " | |
83 | "zero nonce", MAC2STR(src)); | |
84 | } | |
85 | if (!is_zero(hdr->key_rsc, 8)) { | |
86 | wpa_printf(MSG_INFO, "EAPOL-Key 1/4 from " MACSTR " used " | |
87 | "non-zero Key RSC", MAC2STR(src)); | |
88 | } | |
89 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
90 | } | |
91 | ||
92 | ||
93 | static int try_pmk(struct wlantest_bss *bss, struct wlantest_sta *sta, | |
94 | u16 ver, const u8 *data, size_t len, | |
95 | struct wlantest_pmk *pmk) | |
96 | { | |
97 | struct wpa_ptk ptk; | |
98 | size_t ptk_len = sta->pairwise_cipher == WPA_CIPHER_TKIP ? 64 : 48; | |
99 | wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk), | |
100 | "Pairwise key expansion", | |
101 | bss->bssid, sta->addr, sta->anonce, sta->snonce, | |
102 | (u8 *) &ptk, ptk_len, | |
103 | wpa_key_mgmt_sha256(sta->key_mgmt)); | |
104 | if (check_mic(ptk.kck, ver, data, len) < 0) | |
105 | return -1; | |
106 | ||
107 | wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR, | |
108 | MAC2STR(sta->addr), MAC2STR(bss->bssid)); | |
109 | sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++; | |
d0b251d2 JM |
110 | if (sta->ptk_set) { |
111 | /* | |
112 | * Rekeying - use new PTK for EAPOL-Key frames, but continue | |
113 | * using the old PTK for frame decryption. | |
114 | */ | |
115 | os_memcpy(&sta->tptk, &ptk, sizeof(ptk)); | |
116 | wpa_hexdump(MSG_DEBUG, "TPTK:KCK", sta->tptk.kck, 16); | |
117 | wpa_hexdump(MSG_DEBUG, "TPTK:KEK", sta->tptk.kek, 16); | |
118 | wpa_hexdump(MSG_DEBUG, "TPTK:TK1", sta->tptk.tk1, 16); | |
119 | if (ptk_len > 48) | |
120 | wpa_hexdump(MSG_DEBUG, "TPTK:TK2", sta->tptk.u.tk2, | |
121 | 16); | |
122 | sta->tptk_set = 1; | |
123 | return 0; | |
124 | } | |
161d0339 JM |
125 | os_memcpy(&sta->ptk, &ptk, sizeof(ptk)); |
126 | wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, 16); | |
127 | wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, 16); | |
128 | wpa_hexdump(MSG_DEBUG, "PTK:TK1", sta->ptk.tk1, 16); | |
129 | if (ptk_len > 48) | |
130 | wpa_hexdump(MSG_DEBUG, "PTK:TK2", sta->ptk.u.tk2, 16); | |
131 | sta->ptk_set = 1; | |
132 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
133 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
134 | return 0; | |
135 | } | |
136 | ||
137 | ||
138 | static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss, | |
139 | struct wlantest_sta *sta, u16 ver, | |
140 | const u8 *data, size_t len) | |
141 | { | |
142 | struct wlantest_pmk *pmk; | |
143 | ||
0778c8f5 JM |
144 | wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR, |
145 | MAC2STR(sta->addr)); | |
161d0339 | 146 | dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) { |
0778c8f5 | 147 | wpa_printf(MSG_DEBUG, "Try per-BSS PMK"); |
161d0339 JM |
148 | if (try_pmk(bss, sta, ver, data, len, pmk) == 0) |
149 | return; | |
150 | } | |
151 | ||
152 | dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) { | |
0778c8f5 | 153 | wpa_printf(MSG_DEBUG, "Try global PMK"); |
161d0339 JM |
154 | if (try_pmk(bss, sta, ver, data, len, pmk) == 0) |
155 | return; | |
156 | } | |
0778c8f5 | 157 | wpa_printf(MSG_DEBUG, "No matching PMK found to derive PTK"); |
161d0339 JM |
158 | } |
159 | ||
160 | ||
161 | static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst, | |
162 | const u8 *src, const u8 *data, size_t len) | |
163 | { | |
164 | struct wlantest_bss *bss; | |
165 | struct wlantest_sta *sta; | |
166 | const struct ieee802_1x_hdr *eapol; | |
167 | const struct wpa_eapol_key *hdr; | |
d0b251d2 | 168 | const u8 *key_data, *kck; |
161d0339 JM |
169 | u16 key_info, key_data_len; |
170 | struct wpa_eapol_ie_parse ie; | |
171 | ||
172 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR, | |
173 | MAC2STR(src), MAC2STR(dst)); | |
174 | bss = bss_get(wt, dst); | |
175 | if (bss == NULL) | |
176 | return; | |
177 | sta = sta_get(bss, src); | |
178 | if (sta == NULL) | |
179 | return; | |
180 | ||
181 | eapol = (const struct ieee802_1x_hdr *) data; | |
182 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
183 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { | |
184 | wpa_printf(MSG_INFO, "EAPOL-Key 2/4 from " MACSTR " used " | |
185 | "zero nonce", MAC2STR(src)); | |
186 | } | |
187 | if (!is_zero(hdr->key_rsc, 8)) { | |
188 | wpa_printf(MSG_INFO, "EAPOL-Key 2/4 from " MACSTR " used " | |
189 | "non-zero Key RSC", MAC2STR(src)); | |
190 | } | |
191 | os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN); | |
192 | key_info = WPA_GET_BE16(hdr->key_info); | |
193 | key_data_len = WPA_GET_BE16(hdr->key_data_length); | |
194 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len); | |
195 | ||
d0b251d2 | 196 | if (!sta->ptk_set && !sta->tptk_set) { |
161d0339 JM |
197 | wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/4"); |
198 | return; | |
199 | } | |
200 | ||
d0b251d2 JM |
201 | kck = sta->ptk.kck; |
202 | if (sta->tptk_set) { | |
203 | wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC"); | |
204 | kck = sta->tptk.kck; | |
205 | } | |
206 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
161d0339 JM |
207 | wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC"); |
208 | return; | |
209 | } | |
210 | wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4"); | |
211 | ||
212 | key_data = (const u8 *) (hdr + 1); | |
213 | ||
214 | if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) { | |
215 | wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data"); | |
216 | return; | |
217 | } | |
218 | ||
219 | if (ie.wpa_ie) { | |
220 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
221 | ie.wpa_ie, ie.wpa_ie_len); | |
222 | if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) { | |
c81defea | 223 | struct ieee802_11_elems elems; |
161d0339 JM |
224 | wpa_printf(MSG_INFO, "Mismatch in WPA IE between " |
225 | "EAPOL-Key 2/4 and (Re)Association " | |
226 | "Request from " MACSTR, MAC2STR(sta->addr)); | |
227 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", | |
228 | ie.wpa_ie, ie.wpa_ie_len); | |
229 | wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association " | |
230 | "Request", | |
231 | sta->rsnie, | |
232 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
233 | /* |
234 | * The sniffer may have missed (Re)Association | |
235 | * Request, so try to survive with the information from | |
236 | * EAPOL-Key. | |
237 | */ | |
238 | os_memset(&elems, 0, sizeof(elems)); | |
239 | elems.wpa_ie = ie.wpa_ie + 2; | |
240 | elems.wpa_ie_len = ie.wpa_ie_len - 2; | |
241 | wpa_printf(MSG_DEBUG, "Update STA data based on WPA " | |
242 | "IE in EAPOL-Key 2/4"); | |
243 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
244 | } |
245 | } | |
246 | ||
247 | if (ie.rsn_ie) { | |
248 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
249 | ie.rsn_ie, ie.rsn_ie_len); | |
250 | if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) { | |
c81defea | 251 | struct ieee802_11_elems elems; |
161d0339 JM |
252 | wpa_printf(MSG_INFO, "Mismatch in RSN IE between " |
253 | "EAPOL-Key 2/4 and (Re)Association " | |
254 | "Request from " MACSTR, MAC2STR(sta->addr)); | |
255 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", | |
256 | ie.rsn_ie, ie.rsn_ie_len); | |
257 | wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association " | |
258 | "Request", | |
259 | sta->rsnie, | |
260 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
261 | /* |
262 | * The sniffer may have missed (Re)Association | |
263 | * Request, so try to survive with the information from | |
264 | * EAPOL-Key. | |
265 | */ | |
266 | os_memset(&elems, 0, sizeof(elems)); | |
267 | elems.rsn_ie = ie.rsn_ie + 2; | |
268 | elems.rsn_ie_len = ie.rsn_ie_len - 2; | |
269 | wpa_printf(MSG_DEBUG, "Update STA data based on RSN " | |
270 | "IE in EAPOL-Key 2/4"); | |
271 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
272 | } |
273 | } | |
274 | } | |
275 | ||
276 | ||
277 | static u8 * decrypt_eapol_key_data_rc4(const u8 *kek, | |
278 | const struct wpa_eapol_key *hdr, | |
279 | size_t *len) | |
280 | { | |
281 | u8 ek[32], *buf; | |
282 | u16 keydatalen = WPA_GET_BE16(hdr->key_data_length); | |
283 | ||
284 | buf = os_malloc(keydatalen); | |
285 | if (buf == NULL) | |
286 | return NULL; | |
287 | ||
288 | os_memcpy(ek, hdr->key_iv, 16); | |
289 | os_memcpy(ek + 16, kek, 16); | |
290 | os_memcpy(buf, hdr + 1, keydatalen); | |
291 | if (rc4_skip(ek, 32, 256, buf, keydatalen)) { | |
292 | wpa_printf(MSG_INFO, "RC4 failed"); | |
293 | os_free(buf); | |
294 | return NULL; | |
295 | } | |
296 | ||
297 | *len = keydatalen; | |
298 | return buf; | |
299 | } | |
300 | ||
301 | ||
302 | static u8 * decrypt_eapol_key_data_aes(const u8 *kek, | |
303 | const struct wpa_eapol_key *hdr, | |
304 | size_t *len) | |
305 | { | |
306 | u8 *buf; | |
307 | u16 keydatalen = WPA_GET_BE16(hdr->key_data_length); | |
308 | ||
309 | if (keydatalen % 8) { | |
310 | wpa_printf(MSG_INFO, "Unsupported AES-WRAP len %d", | |
311 | keydatalen); | |
312 | return NULL; | |
313 | } | |
314 | keydatalen -= 8; /* AES-WRAP adds 8 bytes */ | |
315 | buf = os_malloc(keydatalen); | |
316 | if (buf == NULL) | |
317 | return NULL; | |
318 | if (aes_unwrap(kek, keydatalen / 8, (u8 *) (hdr + 1), buf)) { | |
319 | os_free(buf); | |
320 | wpa_printf(MSG_INFO, "AES unwrap failed - " | |
321 | "could not decrypt EAPOL-Key key data"); | |
322 | return NULL; | |
323 | } | |
324 | ||
325 | *len = keydatalen; | |
326 | return buf; | |
327 | } | |
328 | ||
329 | ||
330 | static u8 * decrypt_eapol_key_data(const u8 *kek, u16 ver, | |
331 | const struct wpa_eapol_key *hdr, | |
332 | size_t *len) | |
333 | { | |
334 | switch (ver) { | |
335 | case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: | |
336 | return decrypt_eapol_key_data_rc4(kek, hdr, len); | |
337 | case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: | |
338 | case WPA_KEY_INFO_TYPE_AES_128_CMAC: | |
339 | return decrypt_eapol_key_data_aes(kek, hdr, len); | |
340 | default: | |
341 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor " | |
342 | "Version %u", ver); | |
343 | return NULL; | |
344 | } | |
345 | } | |
346 | ||
347 | ||
fd848ab9 JM |
348 | static void learn_kde_keys(struct wlantest_bss *bss, struct wlantest_sta *sta, |
349 | const u8 *buf, size_t len, const u8 *rsc) | |
161d0339 JM |
350 | { |
351 | struct wpa_eapol_ie_parse ie; | |
352 | ||
353 | if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) { | |
354 | wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data"); | |
355 | return; | |
356 | } | |
357 | ||
358 | if (ie.wpa_ie) { | |
359 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
360 | ie.wpa_ie, ie.wpa_ie_len); | |
361 | } | |
362 | ||
363 | if (ie.rsn_ie) { | |
364 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
365 | ie.rsn_ie, ie.rsn_ie_len); | |
366 | } | |
367 | ||
368 | if (ie.gtk) { | |
369 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE", | |
370 | ie.gtk, ie.gtk_len); | |
371 | if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) { | |
372 | int id; | |
373 | id = ie.gtk[0] & 0x03; | |
374 | wpa_printf(MSG_DEBUG, "GTK KeyID=%u tx=%u", | |
375 | id, !!(ie.gtk[0] & 0x04)); | |
376 | if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) | |
377 | wpa_printf(MSG_INFO, "GTK KDE: Reserved field " | |
378 | "set: %02x %02x", | |
379 | ie.gtk[0], ie.gtk[1]); | |
380 | wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2, | |
381 | ie.gtk_len - 2); | |
382 | bss->gtk_len[id] = ie.gtk_len - 2; | |
fd848ab9 | 383 | sta->gtk_len = ie.gtk_len - 2; |
161d0339 | 384 | os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2); |
fd848ab9 | 385 | os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2); |
161d0339 JM |
386 | bss->rsc[id][0] = rsc[5]; |
387 | bss->rsc[id][1] = rsc[4]; | |
388 | bss->rsc[id][2] = rsc[3]; | |
389 | bss->rsc[id][3] = rsc[2]; | |
390 | bss->rsc[id][4] = rsc[1]; | |
391 | bss->rsc[id][5] = rsc[0]; | |
392 | bss->gtk_idx = id; | |
fd848ab9 | 393 | sta->gtk_idx = id; |
161d0339 JM |
394 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); |
395 | } else { | |
396 | wpa_printf(MSG_INFO, "Invalid GTK KDE length %u", | |
397 | (unsigned) ie.gtk_len); | |
398 | } | |
399 | } | |
400 | ||
401 | if (ie.igtk) { | |
402 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE", | |
403 | ie.igtk, ie.igtk_len); | |
404 | if (ie.igtk_len == 24) { | |
405 | u16 id; | |
406 | id = WPA_GET_LE16(ie.igtk); | |
407 | if (id > 5) { | |
408 | wpa_printf(MSG_INFO, "Unexpected IGTK KeyID " | |
409 | "%u", id); | |
410 | } else { | |
411 | const u8 *ipn; | |
412 | wpa_printf(MSG_DEBUG, "IGTK KeyID %u", id); | |
413 | wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6); | |
414 | wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8, | |
415 | 16); | |
416 | os_memcpy(bss->igtk[id], ie.igtk + 8, 16); | |
417 | bss->igtk_set[id] = 1; | |
418 | ipn = ie.igtk + 2; | |
419 | bss->ipn[id][0] = ipn[5]; | |
420 | bss->ipn[id][1] = ipn[4]; | |
421 | bss->ipn[id][2] = ipn[3]; | |
422 | bss->ipn[id][3] = ipn[2]; | |
423 | bss->ipn[id][4] = ipn[1]; | |
424 | bss->ipn[id][5] = ipn[0]; | |
425 | bss->igtk_idx = id; | |
426 | } | |
427 | } else { | |
428 | wpa_printf(MSG_INFO, "Invalid IGTK KDE length %u", | |
429 | (unsigned) ie.igtk_len); | |
430 | } | |
431 | } | |
432 | } | |
433 | ||
434 | ||
435 | static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst, | |
436 | const u8 *src, const u8 *data, size_t len) | |
437 | { | |
438 | struct wlantest_bss *bss; | |
439 | struct wlantest_sta *sta; | |
440 | const struct ieee802_1x_hdr *eapol; | |
441 | const struct wpa_eapol_key *hdr; | |
3c56f0e2 | 442 | const u8 *key_data, *kck, *kek; |
161d0339 JM |
443 | int recalc = 0; |
444 | u16 key_info, ver; | |
445 | u8 *decrypted_buf = NULL; | |
446 | const u8 *decrypted; | |
447 | size_t decrypted_len = 0; | |
448 | struct wpa_eapol_ie_parse ie; | |
449 | ||
450 | wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR, | |
451 | MAC2STR(src), MAC2STR(dst)); | |
452 | bss = bss_get(wt, src); | |
453 | if (bss == NULL) | |
454 | return; | |
455 | sta = sta_get(bss, dst); | |
456 | if (sta == NULL) | |
457 | return; | |
458 | ||
459 | eapol = (const struct ieee802_1x_hdr *) data; | |
460 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
461 | key_info = WPA_GET_BE16(hdr->key_info); | |
462 | ||
463 | if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) { | |
464 | wpa_printf(MSG_INFO, "EAPOL-Key ANonce mismatch between 1/4 " | |
465 | "and 3/4"); | |
466 | recalc = 1; | |
467 | } | |
468 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
469 | if (recalc) { | |
470 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, | |
471 | data, len); | |
472 | } | |
473 | ||
d0b251d2 | 474 | if (!sta->ptk_set && !sta->tptk_set) { |
161d0339 JM |
475 | wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 3/4"); |
476 | return; | |
477 | } | |
478 | ||
3c56f0e2 | 479 | kek = sta->ptk.kek; |
d0b251d2 JM |
480 | kck = sta->ptk.kck; |
481 | if (sta->tptk_set) { | |
482 | wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC"); | |
483 | kck = sta->tptk.kck; | |
3c56f0e2 | 484 | kek = sta->tptk.kek; |
d0b251d2 JM |
485 | } |
486 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
161d0339 JM |
487 | wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC"); |
488 | return; | |
489 | } | |
490 | wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4"); | |
491 | ||
492 | key_data = (const u8 *) (hdr + 1); | |
493 | if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | |
494 | if (sta->proto & WPA_PROTO_RSN) | |
495 | wpa_printf(MSG_INFO, "EAPOL-Key 3/4 without " | |
496 | "EncrKeyData bit"); | |
497 | decrypted = key_data; | |
498 | decrypted_len = WPA_GET_BE16(hdr->key_data_length); | |
499 | } else { | |
500 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
3c56f0e2 | 501 | decrypted_buf = decrypt_eapol_key_data(kek, ver, hdr, |
161d0339 JM |
502 | &decrypted_len); |
503 | if (decrypted_buf == NULL) { | |
504 | wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key " | |
505 | "Data"); | |
506 | return; | |
507 | } | |
508 | decrypted = decrypted_buf; | |
509 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
510 | decrypted, decrypted_len); | |
511 | } | |
512 | if (wt->write_pcap_dumper && decrypted != key_data) { | |
513 | /* Fill in a dummy Data frame header */ | |
514 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)]; | |
515 | struct ieee80211_hdr *h; | |
516 | struct wpa_eapol_key *k; | |
517 | const u8 *p; | |
518 | u8 *pos; | |
519 | size_t plain_len; | |
520 | ||
521 | plain_len = decrypted_len; | |
522 | p = decrypted; | |
523 | while (p + 1 < decrypted + decrypted_len) { | |
524 | if (p[0] == 0xdd && p[1] == 0x00) { | |
525 | /* Remove padding */ | |
526 | plain_len = p - decrypted; | |
527 | break; | |
528 | } | |
529 | p += 2 + p[1]; | |
530 | } | |
531 | ||
532 | os_memset(buf, 0, sizeof(buf)); | |
533 | h = (struct ieee80211_hdr *) buf; | |
534 | h->frame_control = host_to_le16(0x0208); | |
535 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
536 | os_memcpy(h->addr2, src, ETH_ALEN); | |
537 | os_memcpy(h->addr3, src, ETH_ALEN); | |
538 | pos = (u8 *) (h + 1); | |
539 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
540 | pos += 8; | |
541 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
542 | pos += sizeof(*eapol); | |
543 | os_memcpy(pos, hdr, sizeof(*hdr)); | |
544 | k = (struct wpa_eapol_key *) pos; | |
545 | WPA_PUT_BE16(k->key_info, | |
546 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
547 | WPA_PUT_BE16(k->key_data_length, plain_len); | |
548 | write_pcap_decrypted(wt, buf, sizeof(buf), | |
549 | decrypted, plain_len); | |
550 | } | |
551 | ||
552 | if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) { | |
553 | wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data"); | |
554 | os_free(decrypted_buf); | |
555 | return; | |
556 | } | |
557 | ||
558 | if ((ie.wpa_ie && | |
559 | os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) || | |
560 | (ie.wpa_ie == NULL && bss->wpaie[0])) { | |
561 | wpa_printf(MSG_INFO, "Mismatch in WPA IE between " | |
562 | "EAPOL-Key 3/4 and Beacon/Probe Response " | |
563 | "from " MACSTR, MAC2STR(bss->bssid)); | |
564 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", | |
565 | ie.wpa_ie, ie.wpa_ie_len); | |
566 | wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe " | |
567 | "Response", | |
568 | bss->wpaie, | |
569 | bss->wpaie[0] ? 2 + bss->wpaie[1] : 0); | |
570 | } | |
571 | ||
572 | if ((ie.rsn_ie && | |
573 | os_memcmp(ie.rsn_ie, bss->rsnie, ie.rsn_ie_len) != 0) || | |
574 | (ie.rsn_ie == NULL && bss->rsnie[0])) { | |
575 | wpa_printf(MSG_INFO, "Mismatch in RSN IE between " | |
576 | "EAPOL-Key 3/4 and Beacon/Probe Response " | |
577 | "from " MACSTR, MAC2STR(bss->bssid)); | |
578 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", | |
579 | ie.rsn_ie, ie.rsn_ie_len); | |
580 | wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association " | |
581 | "Request", | |
582 | bss->rsnie, | |
583 | bss->rsnie[0] ? 2 + bss->rsnie[1] : 0); | |
584 | } | |
585 | ||
fd848ab9 | 586 | learn_kde_keys(bss, sta, decrypted, decrypted_len, hdr->key_rsc); |
161d0339 JM |
587 | os_free(decrypted_buf); |
588 | } | |
589 | ||
590 | ||
591 | static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst, | |
592 | const u8 *src, const u8 *data, size_t len) | |
593 | { | |
594 | struct wlantest_bss *bss; | |
595 | struct wlantest_sta *sta; | |
596 | const struct ieee802_1x_hdr *eapol; | |
597 | const struct wpa_eapol_key *hdr; | |
598 | u16 key_info; | |
d0b251d2 | 599 | const u8 *kck; |
161d0339 JM |
600 | |
601 | wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR, | |
602 | MAC2STR(src), MAC2STR(dst)); | |
603 | bss = bss_get(wt, dst); | |
604 | if (bss == NULL) | |
605 | return; | |
606 | sta = sta_get(bss, src); | |
607 | if (sta == NULL) | |
608 | return; | |
609 | ||
610 | eapol = (const struct ieee802_1x_hdr *) data; | |
611 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
612 | if (!is_zero(hdr->key_rsc, 8)) { | |
613 | wpa_printf(MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used " | |
614 | "non-zero Key RSC", MAC2STR(src)); | |
615 | } | |
616 | key_info = WPA_GET_BE16(hdr->key_info); | |
617 | ||
d0b251d2 | 618 | if (!sta->ptk_set && !sta->tptk_set) { |
161d0339 JM |
619 | wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 4/4"); |
620 | return; | |
621 | } | |
622 | ||
d0b251d2 JM |
623 | kck = sta->ptk.kck; |
624 | if (sta->tptk_set) { | |
625 | wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC"); | |
626 | kck = sta->tptk.kck; | |
627 | } | |
628 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
161d0339 JM |
629 | wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC"); |
630 | return; | |
631 | } | |
632 | wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4"); | |
d0b251d2 JM |
633 | if (sta->tptk_set) { |
634 | wpa_printf(MSG_DEBUG, "Update PTK (rekeying)"); | |
635 | os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk)); | |
636 | sta->ptk_set = 1; | |
637 | sta->tptk_set = 0; | |
638 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
639 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
640 | } | |
161d0339 JM |
641 | } |
642 | ||
643 | ||
644 | static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst, | |
645 | const u8 *src, const u8 *data, size_t len) | |
646 | { | |
647 | struct wlantest_bss *bss; | |
648 | struct wlantest_sta *sta; | |
649 | const struct ieee802_1x_hdr *eapol; | |
650 | const struct wpa_eapol_key *hdr; | |
161d0339 JM |
651 | u16 key_info, ver; |
652 | u8 *decrypted; | |
653 | size_t decrypted_len = 0; | |
654 | ||
655 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR, | |
656 | MAC2STR(src), MAC2STR(dst)); | |
657 | bss = bss_get(wt, src); | |
658 | if (bss == NULL) | |
659 | return; | |
660 | sta = sta_get(bss, dst); | |
661 | if (sta == NULL) | |
662 | return; | |
663 | ||
664 | eapol = (const struct ieee802_1x_hdr *) data; | |
665 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
666 | key_info = WPA_GET_BE16(hdr->key_info); | |
667 | ||
668 | if (!sta->ptk_set) { | |
669 | wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 1/2"); | |
670 | return; | |
671 | } | |
672 | ||
673 | if (sta->ptk_set && | |
674 | check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK, | |
675 | data, len) < 0) { | |
676 | wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC"); | |
677 | return; | |
678 | } | |
679 | wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2"); | |
680 | ||
161d0339 JM |
681 | if (sta->proto & WPA_PROTO_RSN && |
682 | !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | |
683 | wpa_printf(MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit"); | |
684 | return; | |
685 | } | |
686 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
687 | decrypted = decrypt_eapol_key_data(sta->ptk.kek, ver, hdr, | |
688 | &decrypted_len); | |
689 | if (decrypted == NULL) { | |
690 | wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key Data"); | |
691 | return; | |
692 | } | |
693 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
694 | decrypted, decrypted_len); | |
695 | if (wt->write_pcap_dumper) { | |
696 | /* Fill in a dummy Data frame header */ | |
697 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)]; | |
698 | struct ieee80211_hdr *h; | |
699 | struct wpa_eapol_key *k; | |
700 | u8 *pos; | |
701 | size_t plain_len; | |
702 | ||
703 | plain_len = decrypted_len; | |
704 | pos = decrypted; | |
705 | while (pos + 1 < decrypted + decrypted_len) { | |
706 | if (pos[0] == 0xdd && pos[1] == 0x00) { | |
707 | /* Remove padding */ | |
708 | plain_len = pos - decrypted; | |
709 | break; | |
710 | } | |
711 | pos += 2 + pos[1]; | |
712 | } | |
713 | ||
714 | os_memset(buf, 0, sizeof(buf)); | |
715 | h = (struct ieee80211_hdr *) buf; | |
716 | h->frame_control = host_to_le16(0x0208); | |
717 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
718 | os_memcpy(h->addr2, src, ETH_ALEN); | |
719 | os_memcpy(h->addr3, src, ETH_ALEN); | |
720 | pos = (u8 *) (h + 1); | |
721 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
722 | pos += 8; | |
723 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
724 | pos += sizeof(*eapol); | |
725 | os_memcpy(pos, hdr, sizeof(*hdr)); | |
726 | k = (struct wpa_eapol_key *) pos; | |
727 | WPA_PUT_BE16(k->key_info, | |
728 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
729 | WPA_PUT_BE16(k->key_data_length, plain_len); | |
730 | write_pcap_decrypted(wt, buf, sizeof(buf), | |
731 | decrypted, plain_len); | |
732 | } | |
733 | if (sta->proto & WPA_PROTO_RSN) | |
fd848ab9 JM |
734 | learn_kde_keys(bss, sta, decrypted, decrypted_len, |
735 | hdr->key_rsc); | |
161d0339 | 736 | else { |
30e09b0d JM |
737 | int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16; |
738 | if (decrypted_len == klen) { | |
161d0339 JM |
739 | const u8 *rsc = hdr->key_rsc; |
740 | int id; | |
741 | id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
742 | WPA_KEY_INFO_KEY_INDEX_SHIFT; | |
743 | wpa_printf(MSG_DEBUG, "GTK key index %d", id); | |
744 | wpa_hexdump(MSG_DEBUG, "GTK", decrypted, | |
745 | decrypted_len); | |
746 | bss->gtk_len[id] = decrypted_len; | |
747 | os_memcpy(bss->gtk[id], decrypted, decrypted_len); | |
748 | bss->rsc[id][0] = rsc[5]; | |
749 | bss->rsc[id][1] = rsc[4]; | |
750 | bss->rsc[id][2] = rsc[3]; | |
751 | bss->rsc[id][3] = rsc[2]; | |
752 | bss->rsc[id][4] = rsc[1]; | |
753 | bss->rsc[id][5] = rsc[0]; | |
754 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); | |
755 | } else { | |
756 | wpa_printf(MSG_INFO, "Unexpected WPA Key Data length " | |
757 | "in Group Key msg 1/2 from " MACSTR, | |
758 | MAC2STR(src)); | |
759 | } | |
760 | } | |
761 | os_free(decrypted); | |
762 | } | |
763 | ||
764 | ||
765 | static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst, | |
766 | const u8 *src, const u8 *data, size_t len) | |
767 | { | |
768 | struct wlantest_bss *bss; | |
769 | struct wlantest_sta *sta; | |
770 | const struct ieee802_1x_hdr *eapol; | |
771 | const struct wpa_eapol_key *hdr; | |
772 | u16 key_info; | |
773 | ||
774 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR, | |
775 | MAC2STR(src), MAC2STR(dst)); | |
776 | bss = bss_get(wt, dst); | |
777 | if (bss == NULL) | |
778 | return; | |
779 | sta = sta_get(bss, src); | |
780 | if (sta == NULL) | |
781 | return; | |
782 | ||
783 | eapol = (const struct ieee802_1x_hdr *) data; | |
784 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
785 | if (!is_zero(hdr->key_rsc, 8)) { | |
786 | wpa_printf(MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used " | |
787 | "non-zero Key RSC", MAC2STR(src)); | |
788 | } | |
789 | key_info = WPA_GET_BE16(hdr->key_info); | |
790 | ||
791 | if (!sta->ptk_set) { | |
792 | wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/2"); | |
793 | return; | |
794 | } | |
795 | ||
796 | if (sta->ptk_set && | |
797 | check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK, | |
798 | data, len) < 0) { | |
799 | wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC"); | |
800 | return; | |
801 | } | |
802 | wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2"); | |
803 | } | |
804 | ||
805 | ||
806 | static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst, | |
807 | const u8 *src, const u8 *data, size_t len, | |
808 | int prot) | |
809 | { | |
810 | const struct ieee802_1x_hdr *eapol; | |
811 | const struct wpa_eapol_key *hdr; | |
812 | const u8 *key_data; | |
813 | u16 key_info, key_length, ver, key_data_length; | |
814 | ||
815 | eapol = (const struct ieee802_1x_hdr *) data; | |
816 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
817 | ||
818 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key", | |
819 | (const u8 *) hdr, len - sizeof(*eapol)); | |
820 | if (len < sizeof(*hdr)) { | |
821 | wpa_printf(MSG_INFO, "Too short EAPOL-Key frame from " MACSTR, | |
822 | MAC2STR(src)); | |
823 | return; | |
824 | } | |
825 | ||
826 | if (hdr->type == EAPOL_KEY_TYPE_RC4) { | |
827 | /* TODO: EAPOL-Key RC4 for WEP */ | |
828 | wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from " | |
829 | MACSTR, MAC2STR(src)); | |
830 | return; | |
831 | } | |
832 | ||
833 | if (hdr->type != EAPOL_KEY_TYPE_RSN && | |
834 | hdr->type != EAPOL_KEY_TYPE_WPA) { | |
835 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type " | |
836 | "%u from " MACSTR, hdr->type, MAC2STR(src)); | |
837 | return; | |
838 | } | |
839 | ||
840 | key_info = WPA_GET_BE16(hdr->key_info); | |
841 | key_length = WPA_GET_BE16(hdr->key_length); | |
842 | key_data_length = WPA_GET_BE16(hdr->key_data_length); | |
843 | key_data = (const u8 *) (hdr + 1); | |
844 | if (key_data + key_data_length > data + len) { | |
845 | wpa_printf(MSG_INFO, "Truncated EAPOL-Key from " MACSTR, | |
846 | MAC2STR(src)); | |
847 | return; | |
848 | } | |
849 | if (key_data + key_data_length < data + len) { | |
850 | wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data " | |
851 | "field", key_data + key_data_length, | |
852 | data + len - key_data - key_data_length); | |
853 | } | |
854 | ||
855 | ||
856 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
857 | wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s " | |
858 | "datalen=%u", | |
859 | ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G', | |
860 | (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
861 | WPA_KEY_INFO_KEY_INDEX_SHIFT, | |
862 | (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "", | |
863 | (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "", | |
864 | (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "", | |
865 | (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "", | |
866 | (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "", | |
867 | (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "", | |
868 | (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "", | |
869 | (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "", | |
870 | key_data_length); | |
871 | ||
872 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
873 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && | |
874 | ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { | |
875 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor " | |
876 | "Version %u from " MACSTR, ver, MAC2STR(src)); | |
877 | return; | |
878 | } | |
879 | ||
880 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter", | |
881 | hdr->replay_counter, WPA_REPLAY_COUNTER_LEN); | |
882 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce", | |
883 | hdr->key_nonce, WPA_NONCE_LEN); | |
884 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV", | |
885 | hdr->key_iv, 16); | |
886 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC", | |
887 | hdr->key_rsc, WPA_KEY_RSC_LEN); | |
888 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC", | |
889 | hdr->key_mic, 16); | |
890 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data", | |
891 | key_data, key_data_length); | |
892 | ||
893 | if (hdr->type == EAPOL_KEY_TYPE_RSN && | |
894 | (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) != | |
895 | 0) { | |
896 | wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved " | |
897 | "Key Info bits 0x%x from " MACSTR, | |
898 | key_info, MAC2STR(src)); | |
899 | } | |
900 | ||
901 | if (hdr->type == EAPOL_KEY_TYPE_WPA && | |
902 | (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA | | |
903 | WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) { | |
904 | wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved " | |
905 | "Key Info bits 0x%x from " MACSTR, | |
906 | key_info, MAC2STR(src)); | |
907 | } | |
908 | ||
909 | if (key_length > 32) { | |
910 | wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d " | |
911 | "from " MACSTR, key_length, MAC2STR(src)); | |
912 | } | |
913 | ||
914 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
915 | !is_zero(hdr->key_iv, 16)) { | |
916 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV " | |
917 | "(reserved with ver=%d) field from " MACSTR, | |
918 | ver, MAC2STR(src)); | |
919 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)", | |
920 | hdr->key_iv, 16); | |
921 | } | |
922 | ||
923 | if (!is_zero(hdr->key_id, 8)) { | |
924 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID " | |
925 | "(reserved) field from " MACSTR, MAC2STR(src)); | |
926 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)", | |
927 | hdr->key_id, 8); | |
928 | } | |
929 | ||
930 | if (hdr->key_rsc[6] || hdr->key_rsc[7]) { | |
931 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets " | |
932 | "(last two are unused)" MACSTR, MAC2STR(src)); | |
933 | } | |
934 | ||
935 | if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST)) | |
936 | return; | |
937 | ||
938 | if (key_info & WPA_KEY_INFO_SMK_MESSAGE) | |
939 | return; | |
940 | ||
941 | if (key_info & WPA_KEY_INFO_KEY_TYPE) { | |
942 | /* 4-Way Handshake */ | |
943 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
944 | WPA_KEY_INFO_MIC | | |
945 | WPA_KEY_INFO_ACK | | |
946 | WPA_KEY_INFO_INSTALL)) { | |
947 | case WPA_KEY_INFO_ACK: | |
948 | rx_data_eapol_key_1_of_4(wt, dst, src, data, len); | |
949 | break; | |
950 | case WPA_KEY_INFO_MIC: | |
951 | if (key_data_length == 0) | |
952 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
953 | len); | |
954 | else | |
955 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
956 | len); | |
957 | break; | |
958 | case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK | | |
959 | WPA_KEY_INFO_INSTALL: | |
960 | /* WPA does not include Secure bit in 3/4 */ | |
961 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); | |
962 | break; | |
963 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
964 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL: | |
965 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); | |
966 | break; | |
967 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
d0b251d2 JM |
968 | if (key_data_length == 0) |
969 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
970 | len); | |
971 | else | |
972 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
973 | len); | |
161d0339 JM |
974 | break; |
975 | default: | |
976 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
977 | break; | |
978 | } | |
979 | } else { | |
980 | /* Group Key Handshake */ | |
981 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
982 | WPA_KEY_INFO_MIC | | |
983 | WPA_KEY_INFO_ACK)) { | |
984 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
985 | WPA_KEY_INFO_ACK: | |
986 | rx_data_eapol_key_1_of_2(wt, dst, src, data, len); | |
987 | break; | |
988 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
989 | rx_data_eapol_key_2_of_2(wt, dst, src, data, len); | |
990 | break; | |
991 | default: | |
992 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
993 | break; | |
994 | } | |
995 | } | |
996 | } | |
997 | ||
998 | ||
999 | void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src, | |
1000 | const u8 *data, size_t len, int prot) | |
1001 | { | |
1002 | const struct ieee802_1x_hdr *hdr; | |
1003 | u16 length; | |
1004 | const u8 *p; | |
1005 | ||
1006 | wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len); | |
1007 | if (len < sizeof(*hdr)) { | |
1008 | wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR, | |
1009 | MAC2STR(src)); | |
1010 | return; | |
1011 | } | |
1012 | ||
1013 | hdr = (const struct ieee802_1x_hdr *) data; | |
1014 | length = be_to_host16(hdr->length); | |
1015 | wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u " | |
1016 | "type=%u len=%u", | |
1017 | MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "", | |
1018 | hdr->version, hdr->type, length); | |
1019 | if (hdr->version < 1 || hdr->version > 3) { | |
1020 | wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from " | |
1021 | MACSTR, hdr->version, MAC2STR(src)); | |
1022 | } | |
1023 | if (sizeof(*hdr) + length > len) { | |
1024 | wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR, | |
1025 | MAC2STR(src)); | |
1026 | return; | |
1027 | } | |
1028 | ||
1029 | if (sizeof(*hdr) + length < len) { | |
1030 | wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes", | |
1031 | (int) (len - sizeof(*hdr) - length)); | |
1032 | } | |
1033 | p = (const u8 *) (hdr + 1); | |
1034 | ||
1035 | switch (hdr->type) { | |
1036 | case IEEE802_1X_TYPE_EAP_PACKET: | |
1037 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length); | |
1038 | break; | |
1039 | case IEEE802_1X_TYPE_EAPOL_START: | |
1040 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length); | |
1041 | break; | |
1042 | case IEEE802_1X_TYPE_EAPOL_LOGOFF: | |
1043 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length); | |
1044 | break; | |
1045 | case IEEE802_1X_TYPE_EAPOL_KEY: | |
1046 | rx_data_eapol_key(wt, dst, src, data, sizeof(*hdr) + length, | |
1047 | prot); | |
1048 | break; | |
1049 | case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT: | |
1050 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert", | |
1051 | p, length); | |
1052 | break; | |
1053 | default: | |
1054 | wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length); | |
1055 | break; | |
1056 | } | |
1057 | } |