]> git.ipfire.org Git - thirdparty/hostap.git/blob - wlantest/rx_eapol.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
WNM: Use Dialog Token value 1 in WNM-Sleep Mode Request
[thirdparty/hostap.git] / wlantest / rx_eapol.c
1 /*
2 * Received Data frame processing for EAPOL messages
3 * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "common/defs.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/eapol_common.h"
18 #include "common/wpa_common.h"
19 #include "rsn_supp/wpa_ie.h"
20 #include "wlantest.h"
21
22
23 static int is_zero(const u8 *buf, size_t len)
24 {
25 size_t i;
26 for (i = 0; i < len; i++) {
27 if (buf[i])
28 return 0;
29 }
30 return 1;
31 }
32
33
34 static int check_mic(const u8 *kck, int ver, const u8 *data, size_t len)
35 {
36 u8 *buf;
37 int ret = -1;
38 struct ieee802_1x_hdr *hdr;
39 struct wpa_eapol_key *key;
40 u8 rx_mic[16];
41
42 buf = os_malloc(len);
43 if (buf == NULL)
44 return -1;
45 os_memcpy(buf, data, len);
46 hdr = (struct ieee802_1x_hdr *) buf;
47 key = (struct wpa_eapol_key *) (hdr + 1);
48
49 os_memcpy(rx_mic, key->key_mic, 16);
50 os_memset(key->key_mic, 0, 16);
51
52 if (wpa_eapol_key_mic(kck, ver, buf, len, key->key_mic) == 0 &&
53 os_memcmp(rx_mic, key->key_mic, 16) == 0)
54 ret = 0;
55
56 os_free(buf);
57
58 return ret;
59 }
60
61
62 static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
63 const u8 *src, const u8 *data, size_t len)
64 {
65 struct wlantest_bss *bss;
66 struct wlantest_sta *sta;
67 const struct ieee802_1x_hdr *eapol;
68 const struct wpa_eapol_key *hdr;
69
70 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
71 MAC2STR(src), MAC2STR(dst));
72 bss = bss_get(wt, src);
73 if (bss == NULL)
74 return;
75 sta = sta_get(bss, dst);
76 if (sta == NULL)
77 return;
78
79 eapol = (const struct ieee802_1x_hdr *) data;
80 hdr = (const struct wpa_eapol_key *) (eapol + 1);
81 if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
82 wpa_printf(MSG_INFO, "EAPOL-Key 1/4 from " MACSTR " used "
83 "zero nonce", MAC2STR(src));
84 }
85 if (!is_zero(hdr->key_rsc, 8)) {
86 wpa_printf(MSG_INFO, "EAPOL-Key 1/4 from " MACSTR " used "
87 "non-zero Key RSC", MAC2STR(src));
88 }
89 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
90 }
91
92
93 static int try_pmk(struct wlantest_bss *bss, struct wlantest_sta *sta,
94 u16 ver, const u8 *data, size_t len,
95 struct wlantest_pmk *pmk)
96 {
97 struct wpa_ptk ptk;
98 size_t ptk_len = sta->pairwise_cipher == WPA_CIPHER_TKIP ? 64 : 48;
99 wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
100 "Pairwise key expansion",
101 bss->bssid, sta->addr, sta->anonce, sta->snonce,
102 (u8 *) &ptk, ptk_len,
103 wpa_key_mgmt_sha256(sta->key_mgmt));
104 if (check_mic(ptk.kck, ver, data, len) < 0)
105 return -1;
106
107 wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR,
108 MAC2STR(sta->addr), MAC2STR(bss->bssid));
109 sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++;
110 if (sta->ptk_set) {
111 /*
112 * Rekeying - use new PTK for EAPOL-Key frames, but continue
113 * using the old PTK for frame decryption.
114 */
115 os_memcpy(&sta->tptk, &ptk, sizeof(ptk));
116 wpa_hexdump(MSG_DEBUG, "TPTK:KCK", sta->tptk.kck, 16);
117 wpa_hexdump(MSG_DEBUG, "TPTK:KEK", sta->tptk.kek, 16);
118 wpa_hexdump(MSG_DEBUG, "TPTK:TK1", sta->tptk.tk1, 16);
119 if (ptk_len > 48)
120 wpa_hexdump(MSG_DEBUG, "TPTK:TK2", sta->tptk.u.tk2,
121 16);
122 sta->tptk_set = 1;
123 return 0;
124 }
125 os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
126 wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, 16);
127 wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, 16);
128 wpa_hexdump(MSG_DEBUG, "PTK:TK1", sta->ptk.tk1, 16);
129 if (ptk_len > 48)
130 wpa_hexdump(MSG_DEBUG, "PTK:TK2", sta->ptk.u.tk2, 16);
131 sta->ptk_set = 1;
132 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
133 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
134 return 0;
135 }
136
137
138 static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
139 struct wlantest_sta *sta, u16 ver,
140 const u8 *data, size_t len)
141 {
142 struct wlantest_pmk *pmk;
143
144 wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR,
145 MAC2STR(sta->addr));
146 dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
147 wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
148 if (try_pmk(bss, sta, ver, data, len, pmk) == 0)
149 return;
150 }
151
152 dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
153 wpa_printf(MSG_DEBUG, "Try global PMK");
154 if (try_pmk(bss, sta, ver, data, len, pmk) == 0)
155 return;
156 }
157 wpa_printf(MSG_DEBUG, "No matching PMK found to derive PTK");
158 }
159
160
161 static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
162 const u8 *src, const u8 *data, size_t len)
163 {
164 struct wlantest_bss *bss;
165 struct wlantest_sta *sta;
166 const struct ieee802_1x_hdr *eapol;
167 const struct wpa_eapol_key *hdr;
168 const u8 *key_data, *kck;
169 u16 key_info, key_data_len;
170 struct wpa_eapol_ie_parse ie;
171
172 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
173 MAC2STR(src), MAC2STR(dst));
174 bss = bss_get(wt, dst);
175 if (bss == NULL)
176 return;
177 sta = sta_get(bss, src);
178 if (sta == NULL)
179 return;
180
181 eapol = (const struct ieee802_1x_hdr *) data;
182 hdr = (const struct wpa_eapol_key *) (eapol + 1);
183 if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
184 wpa_printf(MSG_INFO, "EAPOL-Key 2/4 from " MACSTR " used "
185 "zero nonce", MAC2STR(src));
186 }
187 if (!is_zero(hdr->key_rsc, 8)) {
188 wpa_printf(MSG_INFO, "EAPOL-Key 2/4 from " MACSTR " used "
189 "non-zero Key RSC", MAC2STR(src));
190 }
191 os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
192 key_info = WPA_GET_BE16(hdr->key_info);
193 key_data_len = WPA_GET_BE16(hdr->key_data_length);
194 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
195
196 if (!sta->ptk_set && !sta->tptk_set) {
197 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/4");
198 return;
199 }
200
201 kck = sta->ptk.kck;
202 if (sta->tptk_set) {
203 wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC");
204 kck = sta->tptk.kck;
205 }
206 if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
207 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC");
208 return;
209 }
210 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
211
212 key_data = (const u8 *) (hdr + 1);
213
214 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
215 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
216 return;
217 }
218
219 if (ie.wpa_ie) {
220 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
221 ie.wpa_ie, ie.wpa_ie_len);
222 if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
223 struct ieee802_11_elems elems;
224 wpa_printf(MSG_INFO, "Mismatch in WPA IE between "
225 "EAPOL-Key 2/4 and (Re)Association "
226 "Request from " MACSTR, MAC2STR(sta->addr));
227 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
228 ie.wpa_ie, ie.wpa_ie_len);
229 wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association "
230 "Request",
231 sta->rsnie,
232 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
233 /*
234 * The sniffer may have missed (Re)Association
235 * Request, so try to survive with the information from
236 * EAPOL-Key.
237 */
238 os_memset(&elems, 0, sizeof(elems));
239 elems.wpa_ie = ie.wpa_ie + 2;
240 elems.wpa_ie_len = ie.wpa_ie_len - 2;
241 wpa_printf(MSG_DEBUG, "Update STA data based on WPA "
242 "IE in EAPOL-Key 2/4");
243 sta_update_assoc(sta, &elems);
244 }
245 }
246
247 if (ie.rsn_ie) {
248 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
249 ie.rsn_ie, ie.rsn_ie_len);
250 if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
251 struct ieee802_11_elems elems;
252 wpa_printf(MSG_INFO, "Mismatch in RSN IE between "
253 "EAPOL-Key 2/4 and (Re)Association "
254 "Request from " MACSTR, MAC2STR(sta->addr));
255 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
256 ie.rsn_ie, ie.rsn_ie_len);
257 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
258 "Request",
259 sta->rsnie,
260 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
261 /*
262 * The sniffer may have missed (Re)Association
263 * Request, so try to survive with the information from
264 * EAPOL-Key.
265 */
266 os_memset(&elems, 0, sizeof(elems));
267 elems.rsn_ie = ie.rsn_ie + 2;
268 elems.rsn_ie_len = ie.rsn_ie_len - 2;
269 wpa_printf(MSG_DEBUG, "Update STA data based on RSN "
270 "IE in EAPOL-Key 2/4");
271 sta_update_assoc(sta, &elems);
272 }
273 }
274 }
275
276
277 static u8 * decrypt_eapol_key_data_rc4(const u8 *kek,
278 const struct wpa_eapol_key *hdr,
279 size_t *len)
280 {
281 u8 ek[32], *buf;
282 u16 keydatalen = WPA_GET_BE16(hdr->key_data_length);
283
284 buf = os_malloc(keydatalen);
285 if (buf == NULL)
286 return NULL;
287
288 os_memcpy(ek, hdr->key_iv, 16);
289 os_memcpy(ek + 16, kek, 16);
290 os_memcpy(buf, hdr + 1, keydatalen);
291 if (rc4_skip(ek, 32, 256, buf, keydatalen)) {
292 wpa_printf(MSG_INFO, "RC4 failed");
293 os_free(buf);
294 return NULL;
295 }
296
297 *len = keydatalen;
298 return buf;
299 }
300
301
302 static u8 * decrypt_eapol_key_data_aes(const u8 *kek,
303 const struct wpa_eapol_key *hdr,
304 size_t *len)
305 {
306 u8 *buf;
307 u16 keydatalen = WPA_GET_BE16(hdr->key_data_length);
308
309 if (keydatalen % 8) {
310 wpa_printf(MSG_INFO, "Unsupported AES-WRAP len %d",
311 keydatalen);
312 return NULL;
313 }
314 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
315 buf = os_malloc(keydatalen);
316 if (buf == NULL)
317 return NULL;
318 if (aes_unwrap(kek, keydatalen / 8, (u8 *) (hdr + 1), buf)) {
319 os_free(buf);
320 wpa_printf(MSG_INFO, "AES unwrap failed - "
321 "could not decrypt EAPOL-Key key data");
322 return NULL;
323 }
324
325 *len = keydatalen;
326 return buf;
327 }
328
329
330 static u8 * decrypt_eapol_key_data(const u8 *kek, u16 ver,
331 const struct wpa_eapol_key *hdr,
332 size_t *len)
333 {
334 switch (ver) {
335 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
336 return decrypt_eapol_key_data_rc4(kek, hdr, len);
337 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
338 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
339 return decrypt_eapol_key_data_aes(kek, hdr, len);
340 default:
341 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
342 "Version %u", ver);
343 return NULL;
344 }
345 }
346
347
348 static void learn_kde_keys(struct wlantest_bss *bss, struct wlantest_sta *sta,
349 const u8 *buf, size_t len, const u8 *rsc)
350 {
351 struct wpa_eapol_ie_parse ie;
352
353 if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) {
354 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
355 return;
356 }
357
358 if (ie.wpa_ie) {
359 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
360 ie.wpa_ie, ie.wpa_ie_len);
361 }
362
363 if (ie.rsn_ie) {
364 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
365 ie.rsn_ie, ie.rsn_ie_len);
366 }
367
368 if (ie.gtk) {
369 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE",
370 ie.gtk, ie.gtk_len);
371 if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) {
372 int id;
373 id = ie.gtk[0] & 0x03;
374 wpa_printf(MSG_DEBUG, "GTK KeyID=%u tx=%u",
375 id, !!(ie.gtk[0] & 0x04));
376 if ((ie.gtk[0] & 0xf8) || ie.gtk[1])
377 wpa_printf(MSG_INFO, "GTK KDE: Reserved field "
378 "set: %02x %02x",
379 ie.gtk[0], ie.gtk[1]);
380 wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2,
381 ie.gtk_len - 2);
382 bss->gtk_len[id] = ie.gtk_len - 2;
383 sta->gtk_len = ie.gtk_len - 2;
384 os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2);
385 os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2);
386 bss->rsc[id][0] = rsc[5];
387 bss->rsc[id][1] = rsc[4];
388 bss->rsc[id][2] = rsc[3];
389 bss->rsc[id][3] = rsc[2];
390 bss->rsc[id][4] = rsc[1];
391 bss->rsc[id][5] = rsc[0];
392 bss->gtk_idx = id;
393 sta->gtk_idx = id;
394 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
395 } else {
396 wpa_printf(MSG_INFO, "Invalid GTK KDE length %u",
397 (unsigned) ie.gtk_len);
398 }
399 }
400
401 if (ie.igtk) {
402 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE",
403 ie.igtk, ie.igtk_len);
404 if (ie.igtk_len == 24) {
405 u16 id;
406 id = WPA_GET_LE16(ie.igtk);
407 if (id > 5) {
408 wpa_printf(MSG_INFO, "Unexpected IGTK KeyID "
409 "%u", id);
410 } else {
411 const u8 *ipn;
412 wpa_printf(MSG_DEBUG, "IGTK KeyID %u", id);
413 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
414 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
415 16);
416 os_memcpy(bss->igtk[id], ie.igtk + 8, 16);
417 bss->igtk_set[id] = 1;
418 ipn = ie.igtk + 2;
419 bss->ipn[id][0] = ipn[5];
420 bss->ipn[id][1] = ipn[4];
421 bss->ipn[id][2] = ipn[3];
422 bss->ipn[id][3] = ipn[2];
423 bss->ipn[id][4] = ipn[1];
424 bss->ipn[id][5] = ipn[0];
425 bss->igtk_idx = id;
426 }
427 } else {
428 wpa_printf(MSG_INFO, "Invalid IGTK KDE length %u",
429 (unsigned) ie.igtk_len);
430 }
431 }
432 }
433
434
435 static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
436 const u8 *src, const u8 *data, size_t len)
437 {
438 struct wlantest_bss *bss;
439 struct wlantest_sta *sta;
440 const struct ieee802_1x_hdr *eapol;
441 const struct wpa_eapol_key *hdr;
442 const u8 *key_data, *kck, *kek;
443 int recalc = 0;
444 u16 key_info, ver;
445 u8 *decrypted_buf = NULL;
446 const u8 *decrypted;
447 size_t decrypted_len = 0;
448 struct wpa_eapol_ie_parse ie;
449
450 wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
451 MAC2STR(src), MAC2STR(dst));
452 bss = bss_get(wt, src);
453 if (bss == NULL)
454 return;
455 sta = sta_get(bss, dst);
456 if (sta == NULL)
457 return;
458
459 eapol = (const struct ieee802_1x_hdr *) data;
460 hdr = (const struct wpa_eapol_key *) (eapol + 1);
461 key_info = WPA_GET_BE16(hdr->key_info);
462
463 if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
464 wpa_printf(MSG_INFO, "EAPOL-Key ANonce mismatch between 1/4 "
465 "and 3/4");
466 recalc = 1;
467 }
468 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
469 if (recalc) {
470 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
471 data, len);
472 }
473
474 if (!sta->ptk_set && !sta->tptk_set) {
475 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 3/4");
476 return;
477 }
478
479 kek = sta->ptk.kek;
480 kck = sta->ptk.kck;
481 if (sta->tptk_set) {
482 wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC");
483 kck = sta->tptk.kck;
484 kek = sta->tptk.kek;
485 }
486 if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
487 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
488 return;
489 }
490 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
491
492 key_data = (const u8 *) (hdr + 1);
493 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
494 if (sta->proto & WPA_PROTO_RSN)
495 wpa_printf(MSG_INFO, "EAPOL-Key 3/4 without "
496 "EncrKeyData bit");
497 decrypted = key_data;
498 decrypted_len = WPA_GET_BE16(hdr->key_data_length);
499 } else {
500 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
501 decrypted_buf = decrypt_eapol_key_data(kek, ver, hdr,
502 &decrypted_len);
503 if (decrypted_buf == NULL) {
504 wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key "
505 "Data");
506 return;
507 }
508 decrypted = decrypted_buf;
509 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
510 decrypted, decrypted_len);
511 }
512 if (wt->write_pcap_dumper && decrypted != key_data) {
513 /* Fill in a dummy Data frame header */
514 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)];
515 struct ieee80211_hdr *h;
516 struct wpa_eapol_key *k;
517 const u8 *p;
518 u8 *pos;
519 size_t plain_len;
520
521 plain_len = decrypted_len;
522 p = decrypted;
523 while (p + 1 < decrypted + decrypted_len) {
524 if (p[0] == 0xdd && p[1] == 0x00) {
525 /* Remove padding */
526 plain_len = p - decrypted;
527 break;
528 }
529 p += 2 + p[1];
530 }
531
532 os_memset(buf, 0, sizeof(buf));
533 h = (struct ieee80211_hdr *) buf;
534 h->frame_control = host_to_le16(0x0208);
535 os_memcpy(h->addr1, dst, ETH_ALEN);
536 os_memcpy(h->addr2, src, ETH_ALEN);
537 os_memcpy(h->addr3, src, ETH_ALEN);
538 pos = (u8 *) (h + 1);
539 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
540 pos += 8;
541 os_memcpy(pos, eapol, sizeof(*eapol));
542 pos += sizeof(*eapol);
543 os_memcpy(pos, hdr, sizeof(*hdr));
544 k = (struct wpa_eapol_key *) pos;
545 WPA_PUT_BE16(k->key_info,
546 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
547 WPA_PUT_BE16(k->key_data_length, plain_len);
548 write_pcap_decrypted(wt, buf, sizeof(buf),
549 decrypted, plain_len);
550 }
551
552 if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) {
553 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
554 os_free(decrypted_buf);
555 return;
556 }
557
558 if ((ie.wpa_ie &&
559 os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) ||
560 (ie.wpa_ie == NULL && bss->wpaie[0])) {
561 wpa_printf(MSG_INFO, "Mismatch in WPA IE between "
562 "EAPOL-Key 3/4 and Beacon/Probe Response "
563 "from " MACSTR, MAC2STR(bss->bssid));
564 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
565 ie.wpa_ie, ie.wpa_ie_len);
566 wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe "
567 "Response",
568 bss->wpaie,
569 bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
570 }
571
572 if ((ie.rsn_ie &&
573 os_memcmp(ie.rsn_ie, bss->rsnie, ie.rsn_ie_len) != 0) ||
574 (ie.rsn_ie == NULL && bss->rsnie[0])) {
575 wpa_printf(MSG_INFO, "Mismatch in RSN IE between "
576 "EAPOL-Key 3/4 and Beacon/Probe Response "
577 "from " MACSTR, MAC2STR(bss->bssid));
578 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
579 ie.rsn_ie, ie.rsn_ie_len);
580 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
581 "Request",
582 bss->rsnie,
583 bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
584 }
585
586 learn_kde_keys(bss, sta, decrypted, decrypted_len, hdr->key_rsc);
587 os_free(decrypted_buf);
588 }
589
590
591 static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
592 const u8 *src, const u8 *data, size_t len)
593 {
594 struct wlantest_bss *bss;
595 struct wlantest_sta *sta;
596 const struct ieee802_1x_hdr *eapol;
597 const struct wpa_eapol_key *hdr;
598 u16 key_info;
599 const u8 *kck;
600
601 wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
602 MAC2STR(src), MAC2STR(dst));
603 bss = bss_get(wt, dst);
604 if (bss == NULL)
605 return;
606 sta = sta_get(bss, src);
607 if (sta == NULL)
608 return;
609
610 eapol = (const struct ieee802_1x_hdr *) data;
611 hdr = (const struct wpa_eapol_key *) (eapol + 1);
612 if (!is_zero(hdr->key_rsc, 8)) {
613 wpa_printf(MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used "
614 "non-zero Key RSC", MAC2STR(src));
615 }
616 key_info = WPA_GET_BE16(hdr->key_info);
617
618 if (!sta->ptk_set && !sta->tptk_set) {
619 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 4/4");
620 return;
621 }
622
623 kck = sta->ptk.kck;
624 if (sta->tptk_set) {
625 wpa_printf(MSG_DEBUG, "Use TPTK for validation EAPOL-Key MIC");
626 kck = sta->tptk.kck;
627 }
628 if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
629 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
630 return;
631 }
632 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
633 if (sta->tptk_set) {
634 wpa_printf(MSG_DEBUG, "Update PTK (rekeying)");
635 os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk));
636 sta->ptk_set = 1;
637 sta->tptk_set = 0;
638 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
639 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
640 }
641 }
642
643
644 static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
645 const u8 *src, const u8 *data, size_t len)
646 {
647 struct wlantest_bss *bss;
648 struct wlantest_sta *sta;
649 const struct ieee802_1x_hdr *eapol;
650 const struct wpa_eapol_key *hdr;
651 u16 key_info, ver;
652 u8 *decrypted;
653 size_t decrypted_len = 0;
654
655 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR,
656 MAC2STR(src), MAC2STR(dst));
657 bss = bss_get(wt, src);
658 if (bss == NULL)
659 return;
660 sta = sta_get(bss, dst);
661 if (sta == NULL)
662 return;
663
664 eapol = (const struct ieee802_1x_hdr *) data;
665 hdr = (const struct wpa_eapol_key *) (eapol + 1);
666 key_info = WPA_GET_BE16(hdr->key_info);
667
668 if (!sta->ptk_set) {
669 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 1/2");
670 return;
671 }
672
673 if (sta->ptk_set &&
674 check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
675 data, len) < 0) {
676 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC");
677 return;
678 }
679 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2");
680
681 if (sta->proto & WPA_PROTO_RSN &&
682 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
683 wpa_printf(MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit");
684 return;
685 }
686 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
687 decrypted = decrypt_eapol_key_data(sta->ptk.kek, ver, hdr,
688 &decrypted_len);
689 if (decrypted == NULL) {
690 wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key Data");
691 return;
692 }
693 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
694 decrypted, decrypted_len);
695 if (wt->write_pcap_dumper) {
696 /* Fill in a dummy Data frame header */
697 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)];
698 struct ieee80211_hdr *h;
699 struct wpa_eapol_key *k;
700 u8 *pos;
701 size_t plain_len;
702
703 plain_len = decrypted_len;
704 pos = decrypted;
705 while (pos + 1 < decrypted + decrypted_len) {
706 if (pos[0] == 0xdd && pos[1] == 0x00) {
707 /* Remove padding */
708 plain_len = pos - decrypted;
709 break;
710 }
711 pos += 2 + pos[1];
712 }
713
714 os_memset(buf, 0, sizeof(buf));
715 h = (struct ieee80211_hdr *) buf;
716 h->frame_control = host_to_le16(0x0208);
717 os_memcpy(h->addr1, dst, ETH_ALEN);
718 os_memcpy(h->addr2, src, ETH_ALEN);
719 os_memcpy(h->addr3, src, ETH_ALEN);
720 pos = (u8 *) (h + 1);
721 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
722 pos += 8;
723 os_memcpy(pos, eapol, sizeof(*eapol));
724 pos += sizeof(*eapol);
725 os_memcpy(pos, hdr, sizeof(*hdr));
726 k = (struct wpa_eapol_key *) pos;
727 WPA_PUT_BE16(k->key_info,
728 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
729 WPA_PUT_BE16(k->key_data_length, plain_len);
730 write_pcap_decrypted(wt, buf, sizeof(buf),
731 decrypted, plain_len);
732 }
733 if (sta->proto & WPA_PROTO_RSN)
734 learn_kde_keys(bss, sta, decrypted, decrypted_len,
735 hdr->key_rsc);
736 else {
737 int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16;
738 if (decrypted_len == klen) {
739 const u8 *rsc = hdr->key_rsc;
740 int id;
741 id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
742 WPA_KEY_INFO_KEY_INDEX_SHIFT;
743 wpa_printf(MSG_DEBUG, "GTK key index %d", id);
744 wpa_hexdump(MSG_DEBUG, "GTK", decrypted,
745 decrypted_len);
746 bss->gtk_len[id] = decrypted_len;
747 os_memcpy(bss->gtk[id], decrypted, decrypted_len);
748 bss->rsc[id][0] = rsc[5];
749 bss->rsc[id][1] = rsc[4];
750 bss->rsc[id][2] = rsc[3];
751 bss->rsc[id][3] = rsc[2];
752 bss->rsc[id][4] = rsc[1];
753 bss->rsc[id][5] = rsc[0];
754 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
755 } else {
756 wpa_printf(MSG_INFO, "Unexpected WPA Key Data length "
757 "in Group Key msg 1/2 from " MACSTR,
758 MAC2STR(src));
759 }
760 }
761 os_free(decrypted);
762 }
763
764
765 static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
766 const u8 *src, const u8 *data, size_t len)
767 {
768 struct wlantest_bss *bss;
769 struct wlantest_sta *sta;
770 const struct ieee802_1x_hdr *eapol;
771 const struct wpa_eapol_key *hdr;
772 u16 key_info;
773
774 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR,
775 MAC2STR(src), MAC2STR(dst));
776 bss = bss_get(wt, dst);
777 if (bss == NULL)
778 return;
779 sta = sta_get(bss, src);
780 if (sta == NULL)
781 return;
782
783 eapol = (const struct ieee802_1x_hdr *) data;
784 hdr = (const struct wpa_eapol_key *) (eapol + 1);
785 if (!is_zero(hdr->key_rsc, 8)) {
786 wpa_printf(MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used "
787 "non-zero Key RSC", MAC2STR(src));
788 }
789 key_info = WPA_GET_BE16(hdr->key_info);
790
791 if (!sta->ptk_set) {
792 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/2");
793 return;
794 }
795
796 if (sta->ptk_set &&
797 check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
798 data, len) < 0) {
799 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC");
800 return;
801 }
802 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2");
803 }
804
805
806 static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
807 const u8 *src, const u8 *data, size_t len,
808 int prot)
809 {
810 const struct ieee802_1x_hdr *eapol;
811 const struct wpa_eapol_key *hdr;
812 const u8 *key_data;
813 u16 key_info, key_length, ver, key_data_length;
814
815 eapol = (const struct ieee802_1x_hdr *) data;
816 hdr = (const struct wpa_eapol_key *) (eapol + 1);
817
818 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
819 (const u8 *) hdr, len - sizeof(*eapol));
820 if (len < sizeof(*hdr)) {
821 wpa_printf(MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
822 MAC2STR(src));
823 return;
824 }
825
826 if (hdr->type == EAPOL_KEY_TYPE_RC4) {
827 /* TODO: EAPOL-Key RC4 for WEP */
828 wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from "
829 MACSTR, MAC2STR(src));
830 return;
831 }
832
833 if (hdr->type != EAPOL_KEY_TYPE_RSN &&
834 hdr->type != EAPOL_KEY_TYPE_WPA) {
835 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type "
836 "%u from " MACSTR, hdr->type, MAC2STR(src));
837 return;
838 }
839
840 key_info = WPA_GET_BE16(hdr->key_info);
841 key_length = WPA_GET_BE16(hdr->key_length);
842 key_data_length = WPA_GET_BE16(hdr->key_data_length);
843 key_data = (const u8 *) (hdr + 1);
844 if (key_data + key_data_length > data + len) {
845 wpa_printf(MSG_INFO, "Truncated EAPOL-Key from " MACSTR,
846 MAC2STR(src));
847 return;
848 }
849 if (key_data + key_data_length < data + len) {
850 wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data "
851 "field", key_data + key_data_length,
852 data + len - key_data - key_data_length);
853 }
854
855
856 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
857 wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
858 "datalen=%u",
859 ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
860 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
861 WPA_KEY_INFO_KEY_INDEX_SHIFT,
862 (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
863 (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
864 (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
865 (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
866 (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
867 (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
868 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
869 (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
870 key_data_length);
871
872 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
873 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
874 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
875 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
876 "Version %u from " MACSTR, ver, MAC2STR(src));
877 return;
878 }
879
880 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
881 hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
882 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
883 hdr->key_nonce, WPA_NONCE_LEN);
884 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
885 hdr->key_iv, 16);
886 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
887 hdr->key_rsc, WPA_KEY_RSC_LEN);
888 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
889 hdr->key_mic, 16);
890 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data",
891 key_data, key_data_length);
892
893 if (hdr->type == EAPOL_KEY_TYPE_RSN &&
894 (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) !=
895 0) {
896 wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved "
897 "Key Info bits 0x%x from " MACSTR,
898 key_info, MAC2STR(src));
899 }
900
901 if (hdr->type == EAPOL_KEY_TYPE_WPA &&
902 (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA |
903 WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) {
904 wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved "
905 "Key Info bits 0x%x from " MACSTR,
906 key_info, MAC2STR(src));
907 }
908
909 if (key_length > 32) {
910 wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d "
911 "from " MACSTR, key_length, MAC2STR(src));
912 }
913
914 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
915 !is_zero(hdr->key_iv, 16)) {
916 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV "
917 "(reserved with ver=%d) field from " MACSTR,
918 ver, MAC2STR(src));
919 wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)",
920 hdr->key_iv, 16);
921 }
922
923 if (!is_zero(hdr->key_id, 8)) {
924 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID "
925 "(reserved) field from " MACSTR, MAC2STR(src));
926 wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)",
927 hdr->key_id, 8);
928 }
929
930 if (hdr->key_rsc[6] || hdr->key_rsc[7]) {
931 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets "
932 "(last two are unused)" MACSTR, MAC2STR(src));
933 }
934
935 if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
936 return;
937
938 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
939 return;
940
941 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
942 /* 4-Way Handshake */
943 switch (key_info & (WPA_KEY_INFO_SECURE |
944 WPA_KEY_INFO_MIC |
945 WPA_KEY_INFO_ACK |
946 WPA_KEY_INFO_INSTALL)) {
947 case WPA_KEY_INFO_ACK:
948 rx_data_eapol_key_1_of_4(wt, dst, src, data, len);
949 break;
950 case WPA_KEY_INFO_MIC:
951 if (key_data_length == 0)
952 rx_data_eapol_key_4_of_4(wt, dst, src, data,
953 len);
954 else
955 rx_data_eapol_key_2_of_4(wt, dst, src, data,
956 len);
957 break;
958 case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK |
959 WPA_KEY_INFO_INSTALL:
960 /* WPA does not include Secure bit in 3/4 */
961 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
962 break;
963 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
964 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
965 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
966 break;
967 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
968 if (key_data_length == 0)
969 rx_data_eapol_key_4_of_4(wt, dst, src, data,
970 len);
971 else
972 rx_data_eapol_key_2_of_4(wt, dst, src, data,
973 len);
974 break;
975 default:
976 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
977 break;
978 }
979 } else {
980 /* Group Key Handshake */
981 switch (key_info & (WPA_KEY_INFO_SECURE |
982 WPA_KEY_INFO_MIC |
983 WPA_KEY_INFO_ACK)) {
984 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
985 WPA_KEY_INFO_ACK:
986 rx_data_eapol_key_1_of_2(wt, dst, src, data, len);
987 break;
988 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
989 rx_data_eapol_key_2_of_2(wt, dst, src, data, len);
990 break;
991 default:
992 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
993 break;
994 }
995 }
996 }
997
998
999 void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src,
1000 const u8 *data, size_t len, int prot)
1001 {
1002 const struct ieee802_1x_hdr *hdr;
1003 u16 length;
1004 const u8 *p;
1005
1006 wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
1007 if (len < sizeof(*hdr)) {
1008 wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
1009 MAC2STR(src));
1010 return;
1011 }
1012
1013 hdr = (const struct ieee802_1x_hdr *) data;
1014 length = be_to_host16(hdr->length);
1015 wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
1016 "type=%u len=%u",
1017 MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
1018 hdr->version, hdr->type, length);
1019 if (hdr->version < 1 || hdr->version > 3) {
1020 wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from "
1021 MACSTR, hdr->version, MAC2STR(src));
1022 }
1023 if (sizeof(*hdr) + length > len) {
1024 wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
1025 MAC2STR(src));
1026 return;
1027 }
1028
1029 if (sizeof(*hdr) + length < len) {
1030 wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
1031 (int) (len - sizeof(*hdr) - length));
1032 }
1033 p = (const u8 *) (hdr + 1);
1034
1035 switch (hdr->type) {
1036 case IEEE802_1X_TYPE_EAP_PACKET:
1037 wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
1038 break;
1039 case IEEE802_1X_TYPE_EAPOL_START:
1040 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
1041 break;
1042 case IEEE802_1X_TYPE_EAPOL_LOGOFF:
1043 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
1044 break;
1045 case IEEE802_1X_TYPE_EAPOL_KEY:
1046 rx_data_eapol_key(wt, dst, src, data, sizeof(*hdr) + length,
1047 prot);
1048 break;
1049 case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
1050 wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
1051 p, length);
1052 break;
1053 default:
1054 wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
1055 break;
1056 }
1057 }
Unnamed repository; edit this file 'description' to name the repository.