]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * WPA/RSN - Shared functions for supplicant and authenticator | |
edbd2a19 | 3 | * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi> |
6fc6879b | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
6fc6879b JM |
7 | */ |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
03da66bd JM |
12 | #include "crypto/md5.h" |
13 | #include "crypto/sha1.h" | |
14 | #include "crypto/sha256.h" | |
15 | #include "crypto/aes_wrap.h" | |
16 | #include "crypto/crypto.h" | |
6fc6879b JM |
17 | #include "ieee802_11_defs.h" |
18 | #include "defs.h" | |
19 | #include "wpa_common.h" | |
20 | ||
21 | ||
22 | /** | |
23 | * wpa_eapol_key_mic - Calculate EAPOL-Key MIC | |
24 | * @key: EAPOL-Key Key Confirmation Key (KCK) | |
25 | * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*) | |
26 | * @buf: Pointer to the beginning of the EAPOL header (version field) | |
27 | * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame) | |
28 | * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written | |
29 | * Returns: 0 on success, -1 on failure | |
30 | * | |
31 | * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has | |
32 | * to be cleared (all zeroes) when calling this function. | |
33 | * | |
34 | * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the | |
35 | * description of the Key MIC calculation. It includes packet data from the | |
36 | * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change | |
37 | * happened during final editing of the standard and the correct behavior is | |
38 | * defined in the last draft (IEEE 802.11i/D10). | |
39 | */ | |
40 | int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len, | |
41 | u8 *mic) | |
42 | { | |
43 | u8 hash[SHA1_MAC_LEN]; | |
44 | ||
45 | switch (ver) { | |
6e6909a9 | 46 | #ifndef CONFIG_FIPS |
6fc6879b | 47 | case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: |
04b6b3ed | 48 | return hmac_md5(key, 16, buf, len, mic); |
6e6909a9 | 49 | #endif /* CONFIG_FIPS */ |
6fc6879b | 50 | case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: |
04b6b3ed JM |
51 | if (hmac_sha1(key, 16, buf, len, hash)) |
52 | return -1; | |
6fc6879b JM |
53 | os_memcpy(mic, hash, MD5_MAC_LEN); |
54 | break; | |
a20088e5 | 55 | #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) |
6fc6879b JM |
56 | case WPA_KEY_INFO_TYPE_AES_128_CMAC: |
57 | return omac1_aes_128(key, buf, len, mic); | |
a20088e5 | 58 | #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ |
a5d75636 JM |
59 | #ifdef CONFIG_HS20 |
60 | case WPA_KEY_INFO_TYPE_AKM_DEFINED: | |
61 | /* FIX: This should be based on negotiated AKM */ | |
62 | return omac1_aes_128(key, buf, len, mic); | |
63 | #endif /* CONFIG_HS20 */ | |
6fc6879b JM |
64 | default: |
65 | return -1; | |
66 | } | |
67 | ||
68 | return 0; | |
69 | } | |
70 | ||
71 | ||
72 | /** | |
73 | * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces | |
74 | * @pmk: Pairwise master key | |
75 | * @pmk_len: Length of PMK | |
76 | * @label: Label to use in derivation | |
77 | * @addr1: AA or SA | |
78 | * @addr2: SA or AA | |
79 | * @nonce1: ANonce or SNonce | |
80 | * @nonce2: SNonce or ANonce | |
81 | * @ptk: Buffer for pairwise transient key | |
82 | * @ptk_len: Length of PTK | |
56586197 | 83 | * @use_sha256: Whether to use SHA256-based KDF |
6fc6879b JM |
84 | * |
85 | * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy | |
86 | * PTK = PRF-X(PMK, "Pairwise key expansion", | |
87 | * Min(AA, SA) || Max(AA, SA) || | |
88 | * Min(ANonce, SNonce) || Max(ANonce, SNonce)) | |
89 | * | |
90 | * STK = PRF-X(SMK, "Peer key expansion", | |
91 | * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) || | |
92 | * Min(INonce, PNonce) || Max(INonce, PNonce)) | |
93 | */ | |
94 | void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, | |
95 | const u8 *addr1, const u8 *addr2, | |
96 | const u8 *nonce1, const u8 *nonce2, | |
56586197 | 97 | u8 *ptk, size_t ptk_len, int use_sha256) |
6fc6879b JM |
98 | { |
99 | u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN]; | |
100 | ||
101 | if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) { | |
102 | os_memcpy(data, addr1, ETH_ALEN); | |
103 | os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN); | |
104 | } else { | |
105 | os_memcpy(data, addr2, ETH_ALEN); | |
106 | os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN); | |
107 | } | |
108 | ||
109 | if (os_memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) { | |
110 | os_memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN); | |
111 | os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2, | |
112 | WPA_NONCE_LEN); | |
113 | } else { | |
114 | os_memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN); | |
115 | os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1, | |
116 | WPA_NONCE_LEN); | |
117 | } | |
118 | ||
56586197 JM |
119 | #ifdef CONFIG_IEEE80211W |
120 | if (use_sha256) | |
121 | sha256_prf(pmk, pmk_len, label, data, sizeof(data), | |
122 | ptk, ptk_len); | |
123 | else | |
124 | #endif /* CONFIG_IEEE80211W */ | |
125 | sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, | |
126 | ptk_len); | |
6fc6879b JM |
127 | |
128 | wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR, | |
129 | MAC2STR(addr1), MAC2STR(addr2)); | |
bc8318ac JM |
130 | wpa_hexdump(MSG_DEBUG, "WPA: Nonce1", nonce1, WPA_NONCE_LEN); |
131 | wpa_hexdump(MSG_DEBUG, "WPA: Nonce2", nonce2, WPA_NONCE_LEN); | |
6fc6879b JM |
132 | wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len); |
133 | wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len); | |
134 | } | |
135 | ||
136 | ||
137 | #ifdef CONFIG_IEEE80211R | |
138 | int wpa_ft_mic(const u8 *kck, const u8 *sta_addr, const u8 *ap_addr, | |
139 | u8 transaction_seqnum, const u8 *mdie, size_t mdie_len, | |
140 | const u8 *ftie, size_t ftie_len, | |
141 | const u8 *rsnie, size_t rsnie_len, | |
142 | const u8 *ric, size_t ric_len, u8 *mic) | |
143 | { | |
144 | u8 *buf, *pos; | |
145 | size_t buf_len; | |
146 | ||
147 | buf_len = 2 * ETH_ALEN + 1 + mdie_len + ftie_len + rsnie_len + ric_len; | |
148 | buf = os_malloc(buf_len); | |
149 | if (buf == NULL) | |
150 | return -1; | |
151 | ||
152 | pos = buf; | |
153 | os_memcpy(pos, sta_addr, ETH_ALEN); | |
154 | pos += ETH_ALEN; | |
155 | os_memcpy(pos, ap_addr, ETH_ALEN); | |
156 | pos += ETH_ALEN; | |
157 | *pos++ = transaction_seqnum; | |
158 | if (rsnie) { | |
159 | os_memcpy(pos, rsnie, rsnie_len); | |
160 | pos += rsnie_len; | |
161 | } | |
162 | if (mdie) { | |
163 | os_memcpy(pos, mdie, mdie_len); | |
164 | pos += mdie_len; | |
165 | } | |
166 | if (ftie) { | |
167 | struct rsn_ftie *_ftie; | |
168 | os_memcpy(pos, ftie, ftie_len); | |
169 | if (ftie_len < 2 + sizeof(*_ftie)) { | |
170 | os_free(buf); | |
171 | return -1; | |
172 | } | |
173 | _ftie = (struct rsn_ftie *) (pos + 2); | |
174 | os_memset(_ftie->mic, 0, sizeof(_ftie->mic)); | |
175 | pos += ftie_len; | |
176 | } | |
177 | if (ric) { | |
178 | os_memcpy(pos, ric, ric_len); | |
179 | pos += ric_len; | |
180 | } | |
181 | ||
182 | wpa_hexdump(MSG_MSGDUMP, "FT: MIC data", buf, pos - buf); | |
183 | if (omac1_aes_128(kck, buf, pos - buf, mic)) { | |
184 | os_free(buf); | |
185 | return -1; | |
186 | } | |
187 | ||
188 | os_free(buf); | |
189 | ||
190 | return 0; | |
191 | } | |
6554237f JM |
192 | |
193 | ||
194 | static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len, | |
195 | struct wpa_ft_ies *parse) | |
196 | { | |
197 | const u8 *end, *pos; | |
198 | ||
199 | parse->ftie = ie; | |
200 | parse->ftie_len = ie_len; | |
201 | ||
202 | pos = ie + sizeof(struct rsn_ftie); | |
203 | end = ie + ie_len; | |
204 | ||
205 | while (pos + 2 <= end && pos + 2 + pos[1] <= end) { | |
206 | switch (pos[0]) { | |
207 | case FTIE_SUBELEM_R1KH_ID: | |
208 | if (pos[1] != FT_R1KH_ID_LEN) { | |
209 | wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID " | |
210 | "length in FTIE: %d", pos[1]); | |
211 | return -1; | |
212 | } | |
213 | parse->r1kh_id = pos + 2; | |
214 | break; | |
215 | case FTIE_SUBELEM_GTK: | |
216 | parse->gtk = pos + 2; | |
217 | parse->gtk_len = pos[1]; | |
218 | break; | |
219 | case FTIE_SUBELEM_R0KH_ID: | |
220 | if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) { | |
221 | wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID " | |
222 | "length in FTIE: %d", pos[1]); | |
223 | return -1; | |
224 | } | |
225 | parse->r0kh_id = pos + 2; | |
226 | parse->r0kh_id_len = pos[1]; | |
227 | break; | |
228 | #ifdef CONFIG_IEEE80211W | |
229 | case FTIE_SUBELEM_IGTK: | |
230 | parse->igtk = pos + 2; | |
231 | parse->igtk_len = pos[1]; | |
232 | break; | |
233 | #endif /* CONFIG_IEEE80211W */ | |
234 | } | |
235 | ||
236 | pos += 2 + pos[1]; | |
237 | } | |
238 | ||
239 | return 0; | |
240 | } | |
241 | ||
242 | ||
243 | int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, | |
244 | struct wpa_ft_ies *parse) | |
245 | { | |
246 | const u8 *end, *pos; | |
247 | struct wpa_ie_data data; | |
248 | int ret; | |
249 | const struct rsn_ftie *ftie; | |
250 | int prot_ie_count = 0; | |
251 | ||
252 | os_memset(parse, 0, sizeof(*parse)); | |
253 | if (ies == NULL) | |
254 | return 0; | |
255 | ||
256 | pos = ies; | |
257 | end = ies + ies_len; | |
258 | while (pos + 2 <= end && pos + 2 + pos[1] <= end) { | |
259 | switch (pos[0]) { | |
260 | case WLAN_EID_RSN: | |
261 | parse->rsn = pos + 2; | |
262 | parse->rsn_len = pos[1]; | |
263 | ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2, | |
264 | parse->rsn_len + 2, | |
265 | &data); | |
266 | if (ret < 0) { | |
267 | wpa_printf(MSG_DEBUG, "FT: Failed to parse " | |
268 | "RSN IE: %d", ret); | |
269 | return -1; | |
270 | } | |
271 | if (data.num_pmkid == 1 && data.pmkid) | |
272 | parse->rsn_pmkid = data.pmkid; | |
273 | break; | |
274 | case WLAN_EID_MOBILITY_DOMAIN: | |
275 | parse->mdie = pos + 2; | |
276 | parse->mdie_len = pos[1]; | |
277 | break; | |
278 | case WLAN_EID_FAST_BSS_TRANSITION: | |
279 | if (pos[1] < sizeof(*ftie)) | |
280 | return -1; | |
281 | ftie = (const struct rsn_ftie *) (pos + 2); | |
282 | prot_ie_count = ftie->mic_control[1]; | |
283 | if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0) | |
284 | return -1; | |
285 | break; | |
286 | case WLAN_EID_TIMEOUT_INTERVAL: | |
287 | parse->tie = pos + 2; | |
288 | parse->tie_len = pos[1]; | |
289 | break; | |
290 | case WLAN_EID_RIC_DATA: | |
291 | if (parse->ric == NULL) | |
292 | parse->ric = pos; | |
293 | break; | |
294 | } | |
295 | ||
296 | pos += 2 + pos[1]; | |
297 | } | |
298 | ||
299 | if (prot_ie_count == 0) | |
300 | return 0; /* no MIC */ | |
301 | ||
302 | /* | |
303 | * Check that the protected IE count matches with IEs included in the | |
304 | * frame. | |
305 | */ | |
306 | if (parse->rsn) | |
307 | prot_ie_count--; | |
308 | if (parse->mdie) | |
309 | prot_ie_count--; | |
310 | if (parse->ftie) | |
311 | prot_ie_count--; | |
312 | if (prot_ie_count < 0) { | |
313 | wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in " | |
314 | "the protected IE count"); | |
315 | return -1; | |
316 | } | |
317 | ||
318 | if (prot_ie_count == 0 && parse->ric) { | |
319 | wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not " | |
320 | "included in protected IE count"); | |
321 | return -1; | |
322 | } | |
323 | ||
324 | /* Determine the end of the RIC IE(s) */ | |
325 | pos = parse->ric; | |
326 | while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end && | |
327 | prot_ie_count) { | |
328 | prot_ie_count--; | |
329 | pos += 2 + pos[1]; | |
330 | } | |
331 | parse->ric_len = pos - parse->ric; | |
332 | if (prot_ie_count) { | |
333 | wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from " | |
334 | "frame", (int) prot_ie_count); | |
335 | return -1; | |
336 | } | |
337 | ||
338 | return 0; | |
339 | } | |
6fc6879b JM |
340 | #endif /* CONFIG_IEEE80211R */ |
341 | ||
342 | ||
6fc6879b JM |
343 | static int rsn_selector_to_bitfield(const u8 *s) |
344 | { | |
345 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE) | |
346 | return WPA_CIPHER_NONE; | |
347 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP40) | |
348 | return WPA_CIPHER_WEP40; | |
349 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP) | |
350 | return WPA_CIPHER_TKIP; | |
351 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP) | |
352 | return WPA_CIPHER_CCMP; | |
353 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP104) | |
354 | return WPA_CIPHER_WEP104; | |
355 | #ifdef CONFIG_IEEE80211W | |
356 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC) | |
357 | return WPA_CIPHER_AES_128_CMAC; | |
358 | #endif /* CONFIG_IEEE80211W */ | |
eb7719ff JM |
359 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP) |
360 | return WPA_CIPHER_GCMP; | |
30675c34 JM |
361 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256) |
362 | return WPA_CIPHER_CCMP_256; | |
363 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256) | |
364 | return WPA_CIPHER_GCMP_256; | |
365 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128) | |
366 | return WPA_CIPHER_BIP_GMAC_128; | |
367 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256) | |
368 | return WPA_CIPHER_BIP_GMAC_256; | |
369 | if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256) | |
370 | return WPA_CIPHER_BIP_CMAC_256; | |
6fc6879b JM |
371 | return 0; |
372 | } | |
373 | ||
374 | ||
375 | static int rsn_key_mgmt_to_bitfield(const u8 *s) | |
376 | { | |
377 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X) | |
378 | return WPA_KEY_MGMT_IEEE8021X; | |
379 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X) | |
380 | return WPA_KEY_MGMT_PSK; | |
381 | #ifdef CONFIG_IEEE80211R | |
382 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X) | |
383 | return WPA_KEY_MGMT_FT_IEEE8021X; | |
384 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK) | |
385 | return WPA_KEY_MGMT_FT_PSK; | |
386 | #endif /* CONFIG_IEEE80211R */ | |
56586197 JM |
387 | #ifdef CONFIG_IEEE80211W |
388 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256) | |
389 | return WPA_KEY_MGMT_IEEE8021X_SHA256; | |
390 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256) | |
391 | return WPA_KEY_MGMT_PSK_SHA256; | |
392 | #endif /* CONFIG_IEEE80211W */ | |
c10347f2 JM |
393 | #ifdef CONFIG_SAE |
394 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE) | |
395 | return WPA_KEY_MGMT_SAE; | |
396 | if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE) | |
397 | return WPA_KEY_MGMT_FT_SAE; | |
398 | #endif /* CONFIG_SAE */ | |
6fc6879b JM |
399 | return 0; |
400 | } | |
6fc6879b JM |
401 | |
402 | ||
403 | /** | |
404 | * wpa_parse_wpa_ie_rsn - Parse RSN IE | |
405 | * @rsn_ie: Buffer containing RSN IE | |
406 | * @rsn_ie_len: RSN IE buffer length (including IE number and length octets) | |
407 | * @data: Pointer to structure that will be filled in with parsed data | |
408 | * Returns: 0 on success, <0 on failure | |
409 | */ | |
410 | int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len, | |
411 | struct wpa_ie_data *data) | |
412 | { | |
6fc6879b JM |
413 | const struct rsn_ie_hdr *hdr; |
414 | const u8 *pos; | |
415 | int left; | |
416 | int i, count; | |
417 | ||
418 | os_memset(data, 0, sizeof(*data)); | |
419 | data->proto = WPA_PROTO_RSN; | |
420 | data->pairwise_cipher = WPA_CIPHER_CCMP; | |
421 | data->group_cipher = WPA_CIPHER_CCMP; | |
422 | data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
423 | data->capabilities = 0; | |
424 | data->pmkid = NULL; | |
425 | data->num_pmkid = 0; | |
426 | #ifdef CONFIG_IEEE80211W | |
427 | data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; | |
428 | #else /* CONFIG_IEEE80211W */ | |
429 | data->mgmt_group_cipher = 0; | |
430 | #endif /* CONFIG_IEEE80211W */ | |
431 | ||
432 | if (rsn_ie_len == 0) { | |
433 | /* No RSN IE - fail silently */ | |
434 | return -1; | |
435 | } | |
436 | ||
437 | if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) { | |
438 | wpa_printf(MSG_DEBUG, "%s: ie len too short %lu", | |
439 | __func__, (unsigned long) rsn_ie_len); | |
440 | return -1; | |
441 | } | |
442 | ||
443 | hdr = (const struct rsn_ie_hdr *) rsn_ie; | |
444 | ||
445 | if (hdr->elem_id != WLAN_EID_RSN || | |
446 | hdr->len != rsn_ie_len - 2 || | |
447 | WPA_GET_LE16(hdr->version) != RSN_VERSION) { | |
448 | wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", | |
449 | __func__); | |
450 | return -2; | |
451 | } | |
452 | ||
453 | pos = (const u8 *) (hdr + 1); | |
454 | left = rsn_ie_len - sizeof(*hdr); | |
455 | ||
456 | if (left >= RSN_SELECTOR_LEN) { | |
457 | data->group_cipher = rsn_selector_to_bitfield(pos); | |
458 | #ifdef CONFIG_IEEE80211W | |
459 | if (data->group_cipher == WPA_CIPHER_AES_128_CMAC) { | |
460 | wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as group " | |
461 | "cipher", __func__); | |
462 | return -1; | |
463 | } | |
464 | #endif /* CONFIG_IEEE80211W */ | |
465 | pos += RSN_SELECTOR_LEN; | |
466 | left -= RSN_SELECTOR_LEN; | |
467 | } else if (left > 0) { | |
468 | wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", | |
469 | __func__, left); | |
470 | return -3; | |
471 | } | |
472 | ||
473 | if (left >= 2) { | |
474 | data->pairwise_cipher = 0; | |
475 | count = WPA_GET_LE16(pos); | |
476 | pos += 2; | |
477 | left -= 2; | |
478 | if (count == 0 || left < count * RSN_SELECTOR_LEN) { | |
479 | wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " | |
480 | "count %u left %u", __func__, count, left); | |
481 | return -4; | |
482 | } | |
483 | for (i = 0; i < count; i++) { | |
484 | data->pairwise_cipher |= rsn_selector_to_bitfield(pos); | |
485 | pos += RSN_SELECTOR_LEN; | |
486 | left -= RSN_SELECTOR_LEN; | |
487 | } | |
488 | #ifdef CONFIG_IEEE80211W | |
489 | if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) { | |
490 | wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as " | |
491 | "pairwise cipher", __func__); | |
492 | return -1; | |
493 | } | |
494 | #endif /* CONFIG_IEEE80211W */ | |
495 | } else if (left == 1) { | |
496 | wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", | |
497 | __func__); | |
498 | return -5; | |
499 | } | |
500 | ||
501 | if (left >= 2) { | |
502 | data->key_mgmt = 0; | |
503 | count = WPA_GET_LE16(pos); | |
504 | pos += 2; | |
505 | left -= 2; | |
506 | if (count == 0 || left < count * RSN_SELECTOR_LEN) { | |
507 | wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " | |
508 | "count %u left %u", __func__, count, left); | |
509 | return -6; | |
510 | } | |
511 | for (i = 0; i < count; i++) { | |
512 | data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos); | |
513 | pos += RSN_SELECTOR_LEN; | |
514 | left -= RSN_SELECTOR_LEN; | |
515 | } | |
516 | } else if (left == 1) { | |
517 | wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", | |
518 | __func__); | |
519 | return -7; | |
520 | } | |
521 | ||
522 | if (left >= 2) { | |
523 | data->capabilities = WPA_GET_LE16(pos); | |
524 | pos += 2; | |
525 | left -= 2; | |
526 | } | |
527 | ||
528 | if (left >= 2) { | |
529 | data->num_pmkid = WPA_GET_LE16(pos); | |
530 | pos += 2; | |
531 | left -= 2; | |
532 | if (left < (int) data->num_pmkid * PMKID_LEN) { | |
533 | wpa_printf(MSG_DEBUG, "%s: PMKID underflow " | |
534 | "(num_pmkid=%lu left=%d)", | |
535 | __func__, (unsigned long) data->num_pmkid, | |
536 | left); | |
537 | data->num_pmkid = 0; | |
538 | return -9; | |
539 | } else { | |
540 | data->pmkid = pos; | |
541 | pos += data->num_pmkid * PMKID_LEN; | |
542 | left -= data->num_pmkid * PMKID_LEN; | |
543 | } | |
544 | } | |
545 | ||
546 | #ifdef CONFIG_IEEE80211W | |
547 | if (left >= 4) { | |
548 | data->mgmt_group_cipher = rsn_selector_to_bitfield(pos); | |
549 | if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { | |
550 | wpa_printf(MSG_DEBUG, "%s: Unsupported management " | |
551 | "group cipher 0x%x", __func__, | |
552 | data->mgmt_group_cipher); | |
553 | return -10; | |
554 | } | |
555 | pos += RSN_SELECTOR_LEN; | |
556 | left -= RSN_SELECTOR_LEN; | |
557 | } | |
558 | #endif /* CONFIG_IEEE80211W */ | |
559 | ||
560 | if (left > 0) { | |
749fa140 JM |
561 | wpa_hexdump(MSG_DEBUG, |
562 | "wpa_parse_wpa_ie_rsn: ignore trailing bytes", | |
563 | pos, left); | |
6fc6879b JM |
564 | } |
565 | ||
566 | return 0; | |
6fc6879b JM |
567 | } |
568 | ||
569 | ||
f3b87561 JM |
570 | static int wpa_selector_to_bitfield(const u8 *s) |
571 | { | |
572 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE) | |
573 | return WPA_CIPHER_NONE; | |
574 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40) | |
575 | return WPA_CIPHER_WEP40; | |
576 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP) | |
577 | return WPA_CIPHER_TKIP; | |
578 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP) | |
579 | return WPA_CIPHER_CCMP; | |
580 | if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104) | |
581 | return WPA_CIPHER_WEP104; | |
582 | return 0; | |
583 | } | |
584 | ||
585 | ||
586 | static int wpa_key_mgmt_to_bitfield(const u8 *s) | |
587 | { | |
588 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X) | |
589 | return WPA_KEY_MGMT_IEEE8021X; | |
590 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X) | |
591 | return WPA_KEY_MGMT_PSK; | |
592 | if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE) | |
593 | return WPA_KEY_MGMT_WPA_NONE; | |
594 | return 0; | |
595 | } | |
596 | ||
597 | ||
598 | int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len, | |
599 | struct wpa_ie_data *data) | |
600 | { | |
601 | const struct wpa_ie_hdr *hdr; | |
602 | const u8 *pos; | |
603 | int left; | |
604 | int i, count; | |
605 | ||
606 | os_memset(data, 0, sizeof(*data)); | |
607 | data->proto = WPA_PROTO_WPA; | |
608 | data->pairwise_cipher = WPA_CIPHER_TKIP; | |
609 | data->group_cipher = WPA_CIPHER_TKIP; | |
610 | data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
611 | data->capabilities = 0; | |
612 | data->pmkid = NULL; | |
613 | data->num_pmkid = 0; | |
614 | data->mgmt_group_cipher = 0; | |
615 | ||
616 | if (wpa_ie_len == 0) { | |
617 | /* No WPA IE - fail silently */ | |
618 | return -1; | |
619 | } | |
620 | ||
621 | if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) { | |
622 | wpa_printf(MSG_DEBUG, "%s: ie len too short %lu", | |
623 | __func__, (unsigned long) wpa_ie_len); | |
624 | return -1; | |
625 | } | |
626 | ||
627 | hdr = (const struct wpa_ie_hdr *) wpa_ie; | |
628 | ||
629 | if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC || | |
630 | hdr->len != wpa_ie_len - 2 || | |
631 | RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE || | |
632 | WPA_GET_LE16(hdr->version) != WPA_VERSION) { | |
633 | wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", | |
634 | __func__); | |
635 | return -2; | |
636 | } | |
637 | ||
638 | pos = (const u8 *) (hdr + 1); | |
639 | left = wpa_ie_len - sizeof(*hdr); | |
640 | ||
641 | if (left >= WPA_SELECTOR_LEN) { | |
642 | data->group_cipher = wpa_selector_to_bitfield(pos); | |
643 | pos += WPA_SELECTOR_LEN; | |
644 | left -= WPA_SELECTOR_LEN; | |
645 | } else if (left > 0) { | |
646 | wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", | |
647 | __func__, left); | |
648 | return -3; | |
649 | } | |
650 | ||
651 | if (left >= 2) { | |
652 | data->pairwise_cipher = 0; | |
653 | count = WPA_GET_LE16(pos); | |
654 | pos += 2; | |
655 | left -= 2; | |
656 | if (count == 0 || left < count * WPA_SELECTOR_LEN) { | |
657 | wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " | |
658 | "count %u left %u", __func__, count, left); | |
659 | return -4; | |
660 | } | |
661 | for (i = 0; i < count; i++) { | |
662 | data->pairwise_cipher |= wpa_selector_to_bitfield(pos); | |
663 | pos += WPA_SELECTOR_LEN; | |
664 | left -= WPA_SELECTOR_LEN; | |
665 | } | |
666 | } else if (left == 1) { | |
667 | wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", | |
668 | __func__); | |
669 | return -5; | |
670 | } | |
671 | ||
672 | if (left >= 2) { | |
673 | data->key_mgmt = 0; | |
674 | count = WPA_GET_LE16(pos); | |
675 | pos += 2; | |
676 | left -= 2; | |
677 | if (count == 0 || left < count * WPA_SELECTOR_LEN) { | |
678 | wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " | |
679 | "count %u left %u", __func__, count, left); | |
680 | return -6; | |
681 | } | |
682 | for (i = 0; i < count; i++) { | |
683 | data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos); | |
684 | pos += WPA_SELECTOR_LEN; | |
685 | left -= WPA_SELECTOR_LEN; | |
686 | } | |
687 | } else if (left == 1) { | |
688 | wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", | |
689 | __func__); | |
690 | return -7; | |
691 | } | |
692 | ||
693 | if (left >= 2) { | |
694 | data->capabilities = WPA_GET_LE16(pos); | |
695 | pos += 2; | |
696 | left -= 2; | |
697 | } | |
698 | ||
699 | if (left > 0) { | |
749fa140 JM |
700 | wpa_hexdump(MSG_DEBUG, |
701 | "wpa_parse_wpa_ie_wpa: ignore trailing bytes", | |
702 | pos, left); | |
f3b87561 JM |
703 | } |
704 | ||
705 | return 0; | |
706 | } | |
707 | ||
708 | ||
6fc6879b JM |
709 | #ifdef CONFIG_IEEE80211R |
710 | ||
711 | /** | |
712 | * wpa_derive_pmk_r0 - Derive PMK-R0 and PMKR0Name | |
713 | * | |
c1e033b0 | 714 | * IEEE Std 802.11r-2008 - 8.5.1.5.3 |
6fc6879b JM |
715 | */ |
716 | void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len, | |
717 | const u8 *ssid, size_t ssid_len, | |
718 | const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len, | |
719 | const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name) | |
720 | { | |
721 | u8 buf[1 + WPA_MAX_SSID_LEN + MOBILITY_DOMAIN_ID_LEN + 1 + | |
722 | FT_R0KH_ID_MAX_LEN + ETH_ALEN]; | |
723 | u8 *pos, r0_key_data[48], hash[32]; | |
724 | const u8 *addr[2]; | |
725 | size_t len[2]; | |
726 | ||
727 | /* | |
728 | * R0-Key-Data = KDF-384(XXKey, "FT-R0", | |
729 | * SSIDlength || SSID || MDID || R0KHlength || | |
730 | * R0KH-ID || S0KH-ID) | |
731 | * XXKey is either the second 256 bits of MSK or PSK. | |
732 | * PMK-R0 = L(R0-Key-Data, 0, 256) | |
733 | * PMK-R0Name-Salt = L(R0-Key-Data, 256, 128) | |
734 | */ | |
735 | if (ssid_len > WPA_MAX_SSID_LEN || r0kh_id_len > FT_R0KH_ID_MAX_LEN) | |
736 | return; | |
737 | pos = buf; | |
738 | *pos++ = ssid_len; | |
739 | os_memcpy(pos, ssid, ssid_len); | |
740 | pos += ssid_len; | |
741 | os_memcpy(pos, mdid, MOBILITY_DOMAIN_ID_LEN); | |
742 | pos += MOBILITY_DOMAIN_ID_LEN; | |
743 | *pos++ = r0kh_id_len; | |
744 | os_memcpy(pos, r0kh_id, r0kh_id_len); | |
745 | pos += r0kh_id_len; | |
746 | os_memcpy(pos, s0kh_id, ETH_ALEN); | |
747 | pos += ETH_ALEN; | |
748 | ||
749 | sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf, | |
750 | r0_key_data, sizeof(r0_key_data)); | |
751 | os_memcpy(pmk_r0, r0_key_data, PMK_LEN); | |
752 | ||
753 | /* | |
754 | * PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt) | |
755 | */ | |
756 | addr[0] = (const u8 *) "FT-R0N"; | |
757 | len[0] = 6; | |
758 | addr[1] = r0_key_data + PMK_LEN; | |
759 | len[1] = 16; | |
760 | ||
761 | sha256_vector(2, addr, len, hash); | |
762 | os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN); | |
763 | } | |
764 | ||
765 | ||
766 | /** | |
767 | * wpa_derive_pmk_r1_name - Derive PMKR1Name | |
768 | * | |
c1e033b0 | 769 | * IEEE Std 802.11r-2008 - 8.5.1.5.4 |
6fc6879b JM |
770 | */ |
771 | void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id, | |
772 | const u8 *s1kh_id, u8 *pmk_r1_name) | |
773 | { | |
774 | u8 hash[32]; | |
775 | const u8 *addr[4]; | |
776 | size_t len[4]; | |
777 | ||
778 | /* | |
779 | * PMKR1Name = Truncate-128(SHA-256("FT-R1N" || PMKR0Name || | |
780 | * R1KH-ID || S1KH-ID)) | |
781 | */ | |
782 | addr[0] = (const u8 *) "FT-R1N"; | |
783 | len[0] = 6; | |
784 | addr[1] = pmk_r0_name; | |
785 | len[1] = WPA_PMK_NAME_LEN; | |
786 | addr[2] = r1kh_id; | |
787 | len[2] = FT_R1KH_ID_LEN; | |
788 | addr[3] = s1kh_id; | |
789 | len[3] = ETH_ALEN; | |
790 | ||
791 | sha256_vector(4, addr, len, hash); | |
792 | os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN); | |
793 | } | |
794 | ||
795 | ||
796 | /** | |
797 | * wpa_derive_pmk_r1 - Derive PMK-R1 and PMKR1Name from PMK-R0 | |
798 | * | |
c1e033b0 | 799 | * IEEE Std 802.11r-2008 - 8.5.1.5.4 |
6fc6879b JM |
800 | */ |
801 | void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name, | |
802 | const u8 *r1kh_id, const u8 *s1kh_id, | |
803 | u8 *pmk_r1, u8 *pmk_r1_name) | |
804 | { | |
805 | u8 buf[FT_R1KH_ID_LEN + ETH_ALEN]; | |
806 | u8 *pos; | |
807 | ||
808 | /* PMK-R1 = KDF-256(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID) */ | |
809 | pos = buf; | |
810 | os_memcpy(pos, r1kh_id, FT_R1KH_ID_LEN); | |
811 | pos += FT_R1KH_ID_LEN; | |
812 | os_memcpy(pos, s1kh_id, ETH_ALEN); | |
813 | pos += ETH_ALEN; | |
814 | ||
815 | sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN); | |
816 | ||
817 | wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name); | |
818 | } | |
819 | ||
820 | ||
821 | /** | |
822 | * wpa_pmk_r1_to_ptk - Derive PTK and PTKName from PMK-R1 | |
823 | * | |
c1e033b0 | 824 | * IEEE Std 802.11r-2008 - 8.5.1.5.5 |
6fc6879b JM |
825 | */ |
826 | void wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce, | |
827 | const u8 *sta_addr, const u8 *bssid, | |
828 | const u8 *pmk_r1_name, | |
829 | u8 *ptk, size_t ptk_len, u8 *ptk_name) | |
830 | { | |
831 | u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN]; | |
832 | u8 *pos, hash[32]; | |
833 | const u8 *addr[6]; | |
834 | size_t len[6]; | |
835 | ||
836 | /* | |
837 | * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce || | |
838 | * BSSID || STA-ADDR) | |
839 | */ | |
840 | pos = buf; | |
841 | os_memcpy(pos, snonce, WPA_NONCE_LEN); | |
842 | pos += WPA_NONCE_LEN; | |
843 | os_memcpy(pos, anonce, WPA_NONCE_LEN); | |
844 | pos += WPA_NONCE_LEN; | |
845 | os_memcpy(pos, bssid, ETH_ALEN); | |
846 | pos += ETH_ALEN; | |
847 | os_memcpy(pos, sta_addr, ETH_ALEN); | |
848 | pos += ETH_ALEN; | |
849 | ||
850 | sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, ptk, ptk_len); | |
851 | ||
852 | /* | |
853 | * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce || | |
854 | * ANonce || BSSID || STA-ADDR)) | |
855 | */ | |
856 | addr[0] = pmk_r1_name; | |
857 | len[0] = WPA_PMK_NAME_LEN; | |
858 | addr[1] = (const u8 *) "FT-PTKN"; | |
859 | len[1] = 7; | |
860 | addr[2] = snonce; | |
861 | len[2] = WPA_NONCE_LEN; | |
862 | addr[3] = anonce; | |
863 | len[3] = WPA_NONCE_LEN; | |
864 | addr[4] = bssid; | |
865 | len[4] = ETH_ALEN; | |
866 | addr[5] = sta_addr; | |
867 | len[5] = ETH_ALEN; | |
868 | ||
869 | sha256_vector(6, addr, len, hash); | |
870 | os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN); | |
871 | } | |
872 | ||
873 | #endif /* CONFIG_IEEE80211R */ | |
13268290 JM |
874 | |
875 | ||
876 | /** | |
877 | * rsn_pmkid - Calculate PMK identifier | |
878 | * @pmk: Pairwise master key | |
879 | * @pmk_len: Length of pmk in bytes | |
880 | * @aa: Authenticator address | |
881 | * @spa: Supplicant address | |
882 | * @pmkid: Buffer for PMKID | |
883 | * @use_sha256: Whether to use SHA256-based KDF | |
884 | * | |
885 | * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy | |
886 | * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA) | |
887 | */ | |
888 | void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, | |
889 | u8 *pmkid, int use_sha256) | |
890 | { | |
891 | char *title = "PMK Name"; | |
892 | const u8 *addr[3]; | |
893 | const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN }; | |
894 | unsigned char hash[SHA256_MAC_LEN]; | |
895 | ||
896 | addr[0] = (u8 *) title; | |
897 | addr[1] = aa; | |
898 | addr[2] = spa; | |
899 | ||
900 | #ifdef CONFIG_IEEE80211W | |
901 | if (use_sha256) | |
902 | hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); | |
903 | else | |
904 | #endif /* CONFIG_IEEE80211W */ | |
905 | hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash); | |
906 | os_memcpy(pmkid, hash, PMKID_LEN); | |
907 | } | |
43fb5297 JM |
908 | |
909 | ||
910 | /** | |
911 | * wpa_cipher_txt - Convert cipher suite to a text string | |
912 | * @cipher: Cipher suite (WPA_CIPHER_* enum) | |
913 | * Returns: Pointer to a text string of the cipher suite name | |
914 | */ | |
915 | const char * wpa_cipher_txt(int cipher) | |
916 | { | |
917 | switch (cipher) { | |
918 | case WPA_CIPHER_NONE: | |
919 | return "NONE"; | |
920 | case WPA_CIPHER_WEP40: | |
921 | return "WEP-40"; | |
922 | case WPA_CIPHER_WEP104: | |
923 | return "WEP-104"; | |
924 | case WPA_CIPHER_TKIP: | |
925 | return "TKIP"; | |
926 | case WPA_CIPHER_CCMP: | |
927 | return "CCMP"; | |
928 | case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP: | |
929 | return "CCMP+TKIP"; | |
eb7719ff JM |
930 | case WPA_CIPHER_GCMP: |
931 | return "GCMP"; | |
30675c34 JM |
932 | case WPA_CIPHER_GCMP_256: |
933 | return "GCMP-256"; | |
934 | case WPA_CIPHER_CCMP_256: | |
935 | return "CCMP-256"; | |
dff1e285 JM |
936 | case WPA_CIPHER_GTK_NOT_USED: |
937 | return "GTK_NOT_USED"; | |
43fb5297 JM |
938 | default: |
939 | return "UNKNOWN"; | |
940 | } | |
941 | } | |
942 | ||
943 | ||
944 | /** | |
945 | * wpa_key_mgmt_txt - Convert key management suite to a text string | |
946 | * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum) | |
947 | * @proto: WPA/WPA2 version (WPA_PROTO_*) | |
948 | * Returns: Pointer to a text string of the key management suite name | |
949 | */ | |
950 | const char * wpa_key_mgmt_txt(int key_mgmt, int proto) | |
951 | { | |
952 | switch (key_mgmt) { | |
953 | case WPA_KEY_MGMT_IEEE8021X: | |
954 | if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA)) | |
955 | return "WPA2+WPA/IEEE 802.1X/EAP"; | |
956 | return proto == WPA_PROTO_RSN ? | |
957 | "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP"; | |
958 | case WPA_KEY_MGMT_PSK: | |
959 | if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA)) | |
960 | return "WPA2-PSK+WPA-PSK"; | |
961 | return proto == WPA_PROTO_RSN ? | |
962 | "WPA2-PSK" : "WPA-PSK"; | |
963 | case WPA_KEY_MGMT_NONE: | |
964 | return "NONE"; | |
965 | case WPA_KEY_MGMT_IEEE8021X_NO_WPA: | |
966 | return "IEEE 802.1X (no WPA)"; | |
967 | #ifdef CONFIG_IEEE80211R | |
968 | case WPA_KEY_MGMT_FT_IEEE8021X: | |
969 | return "FT-EAP"; | |
970 | case WPA_KEY_MGMT_FT_PSK: | |
971 | return "FT-PSK"; | |
972 | #endif /* CONFIG_IEEE80211R */ | |
973 | #ifdef CONFIG_IEEE80211W | |
974 | case WPA_KEY_MGMT_IEEE8021X_SHA256: | |
975 | return "WPA2-EAP-SHA256"; | |
976 | case WPA_KEY_MGMT_PSK_SHA256: | |
977 | return "WPA2-PSK-SHA256"; | |
978 | #endif /* CONFIG_IEEE80211W */ | |
979 | default: | |
980 | return "UNKNOWN"; | |
981 | } | |
982 | } | |
26e23750 JM |
983 | |
984 | ||
985 | int wpa_compare_rsn_ie(int ft_initial_assoc, | |
986 | const u8 *ie1, size_t ie1len, | |
987 | const u8 *ie2, size_t ie2len) | |
988 | { | |
d3ccead3 JM |
989 | if (ie1 == NULL || ie2 == NULL) |
990 | return -1; | |
991 | ||
26e23750 JM |
992 | if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0) |
993 | return 0; /* identical IEs */ | |
994 | ||
995 | #ifdef CONFIG_IEEE80211R | |
996 | if (ft_initial_assoc) { | |
997 | struct wpa_ie_data ie1d, ie2d; | |
998 | /* | |
999 | * The PMKID-List in RSN IE is different between Beacon/Probe | |
1000 | * Response/(Re)Association Request frames and EAPOL-Key | |
1001 | * messages in FT initial mobility domain association. Allow | |
1002 | * for this, but verify that other parts of the RSN IEs are | |
1003 | * identical. | |
1004 | */ | |
1005 | if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 || | |
1006 | wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0) | |
1007 | return -1; | |
1008 | if (ie1d.proto == ie2d.proto && | |
1009 | ie1d.pairwise_cipher == ie2d.pairwise_cipher && | |
1010 | ie1d.group_cipher == ie2d.group_cipher && | |
1011 | ie1d.key_mgmt == ie2d.key_mgmt && | |
1012 | ie1d.capabilities == ie2d.capabilities && | |
1013 | ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher) | |
1014 | return 0; | |
1015 | } | |
1016 | #endif /* CONFIG_IEEE80211R */ | |
1017 | ||
1018 | return -1; | |
1019 | } | |
1020 | ||
1021 | ||
1022 | #ifdef CONFIG_IEEE80211R | |
1023 | int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid) | |
1024 | { | |
1025 | u8 *start, *end, *rpos, *rend; | |
1026 | int added = 0; | |
1027 | ||
1028 | start = ies; | |
1029 | end = ies + ies_len; | |
1030 | ||
1031 | while (start < end) { | |
1032 | if (*start == WLAN_EID_RSN) | |
1033 | break; | |
1034 | start += 2 + start[1]; | |
1035 | } | |
1036 | if (start >= end) { | |
1037 | wpa_printf(MSG_ERROR, "FT: Could not find RSN IE in " | |
1038 | "IEs data"); | |
1039 | return -1; | |
1040 | } | |
1041 | wpa_hexdump(MSG_DEBUG, "FT: RSN IE before modification", | |
1042 | start, 2 + start[1]); | |
1043 | ||
1044 | /* Find start of PMKID-Count */ | |
1045 | rpos = start + 2; | |
1046 | rend = rpos + start[1]; | |
1047 | ||
1048 | /* Skip Version and Group Data Cipher Suite */ | |
1049 | rpos += 2 + 4; | |
1050 | /* Skip Pairwise Cipher Suite Count and List */ | |
1051 | rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN; | |
1052 | /* Skip AKM Suite Count and List */ | |
1053 | rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN; | |
1054 | ||
1055 | if (rpos == rend) { | |
1056 | /* Add RSN Capabilities */ | |
1057 | os_memmove(rpos + 2, rpos, end - rpos); | |
1058 | *rpos++ = 0; | |
1059 | *rpos++ = 0; | |
1060 | } else { | |
1061 | /* Skip RSN Capabilities */ | |
1062 | rpos += 2; | |
1063 | if (rpos > rend) { | |
1064 | wpa_printf(MSG_ERROR, "FT: Could not parse RSN IE in " | |
1065 | "IEs data"); | |
1066 | return -1; | |
1067 | } | |
1068 | } | |
1069 | ||
1070 | if (rpos == rend) { | |
1071 | /* No PMKID-Count field included; add it */ | |
1072 | os_memmove(rpos + 2 + PMKID_LEN, rpos, end - rpos); | |
1073 | WPA_PUT_LE16(rpos, 1); | |
1074 | rpos += 2; | |
1075 | os_memcpy(rpos, pmkid, PMKID_LEN); | |
1076 | added += 2 + PMKID_LEN; | |
1077 | start[1] += 2 + PMKID_LEN; | |
1078 | } else { | |
1079 | /* PMKID-Count was included; use it */ | |
1080 | if (WPA_GET_LE16(rpos) != 0) { | |
1081 | wpa_printf(MSG_ERROR, "FT: Unexpected PMKID " | |
1082 | "in RSN IE in EAPOL-Key data"); | |
1083 | return -1; | |
1084 | } | |
1085 | WPA_PUT_LE16(rpos, 1); | |
1086 | rpos += 2; | |
1087 | os_memmove(rpos + PMKID_LEN, rpos, end - rpos); | |
1088 | os_memcpy(rpos, pmkid, PMKID_LEN); | |
1089 | added += PMKID_LEN; | |
1090 | start[1] += PMKID_LEN; | |
1091 | } | |
1092 | ||
1093 | wpa_hexdump(MSG_DEBUG, "FT: RSN IE after modification " | |
1094 | "(PMKID inserted)", start, 2 + start[1]); | |
1095 | ||
1096 | return added; | |
1097 | } | |
1098 | #endif /* CONFIG_IEEE80211R */ | |
c3550295 JM |
1099 | |
1100 | ||
1101 | int wpa_cipher_key_len(int cipher) | |
1102 | { | |
1103 | switch (cipher) { | |
30675c34 JM |
1104 | case WPA_CIPHER_CCMP_256: |
1105 | case WPA_CIPHER_GCMP_256: | |
1106 | return 32; | |
c3550295 JM |
1107 | case WPA_CIPHER_CCMP: |
1108 | case WPA_CIPHER_GCMP: | |
1109 | return 16; | |
1110 | case WPA_CIPHER_TKIP: | |
1111 | return 32; | |
1112 | case WPA_CIPHER_WEP104: | |
1113 | return 13; | |
1114 | case WPA_CIPHER_WEP40: | |
1115 | return 5; | |
1116 | } | |
1117 | ||
1118 | return 0; | |
1119 | } | |
1120 | ||
1121 | ||
1122 | int wpa_cipher_rsc_len(int cipher) | |
1123 | { | |
1124 | switch (cipher) { | |
30675c34 JM |
1125 | case WPA_CIPHER_CCMP_256: |
1126 | case WPA_CIPHER_GCMP_256: | |
c3550295 JM |
1127 | case WPA_CIPHER_CCMP: |
1128 | case WPA_CIPHER_GCMP: | |
1129 | case WPA_CIPHER_TKIP: | |
1130 | return 6; | |
1131 | case WPA_CIPHER_WEP104: | |
1132 | case WPA_CIPHER_WEP40: | |
1133 | return 0; | |
1134 | } | |
1135 | ||
1136 | return 0; | |
1137 | } | |
1138 | ||
1139 | ||
1140 | int wpa_cipher_to_alg(int cipher) | |
1141 | { | |
1142 | switch (cipher) { | |
30675c34 JM |
1143 | case WPA_CIPHER_CCMP_256: |
1144 | return WPA_ALG_CCMP_256; | |
1145 | case WPA_CIPHER_GCMP_256: | |
1146 | return WPA_ALG_GCMP_256; | |
c3550295 JM |
1147 | case WPA_CIPHER_CCMP: |
1148 | return WPA_ALG_CCMP; | |
1149 | case WPA_CIPHER_GCMP: | |
1150 | return WPA_ALG_GCMP; | |
1151 | case WPA_CIPHER_TKIP: | |
1152 | return WPA_ALG_TKIP; | |
1153 | case WPA_CIPHER_WEP104: | |
1154 | case WPA_CIPHER_WEP40: | |
1155 | return WPA_ALG_WEP; | |
1156 | } | |
1157 | return WPA_ALG_NONE; | |
1158 | } | |
1159 | ||
1160 | ||
1161 | int wpa_cipher_valid_pairwise(int cipher) | |
1162 | { | |
30675c34 JM |
1163 | return cipher == WPA_CIPHER_CCMP_256 || |
1164 | cipher == WPA_CIPHER_GCMP_256 || | |
1165 | cipher == WPA_CIPHER_CCMP || | |
c3550295 JM |
1166 | cipher == WPA_CIPHER_GCMP || |
1167 | cipher == WPA_CIPHER_TKIP; | |
1168 | } | |
1169 | ||
1170 | ||
1171 | u32 wpa_cipher_to_suite(int proto, int cipher) | |
1172 | { | |
30675c34 JM |
1173 | if (cipher & WPA_CIPHER_CCMP_256) |
1174 | return RSN_CIPHER_SUITE_CCMP_256; | |
1175 | if (cipher & WPA_CIPHER_GCMP_256) | |
1176 | return RSN_CIPHER_SUITE_GCMP_256; | |
c3550295 JM |
1177 | if (cipher & WPA_CIPHER_CCMP) |
1178 | return (proto == WPA_PROTO_RSN ? | |
1179 | RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); | |
1180 | if (cipher & WPA_CIPHER_GCMP) | |
1181 | return RSN_CIPHER_SUITE_GCMP; | |
1182 | if (cipher & WPA_CIPHER_TKIP) | |
1183 | return (proto == WPA_PROTO_RSN ? | |
1184 | RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); | |
1185 | if (cipher & WPA_CIPHER_WEP104) | |
1186 | return (proto == WPA_PROTO_RSN ? | |
1187 | RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); | |
1188 | if (cipher & WPA_CIPHER_WEP40) | |
1189 | return (proto == WPA_PROTO_RSN ? | |
1190 | RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); | |
1191 | if (cipher & WPA_CIPHER_NONE) | |
1192 | return (proto == WPA_PROTO_RSN ? | |
1193 | RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); | |
dff1e285 JM |
1194 | if (cipher & WPA_CIPHER_GTK_NOT_USED) |
1195 | return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED; | |
c3550295 JM |
1196 | return 0; |
1197 | } | |
1198 | ||
1199 | ||
8a4ce280 | 1200 | int rsn_cipher_put_suites(u8 *start, int ciphers) |
c3550295 | 1201 | { |
8a4ce280 | 1202 | u8 *pos = start; |
c3550295 | 1203 | |
30675c34 JM |
1204 | if (ciphers & WPA_CIPHER_CCMP_256) { |
1205 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256); | |
1206 | pos += RSN_SELECTOR_LEN; | |
30675c34 JM |
1207 | } |
1208 | if (ciphers & WPA_CIPHER_GCMP_256) { | |
1209 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256); | |
1210 | pos += RSN_SELECTOR_LEN; | |
30675c34 | 1211 | } |
c3550295 JM |
1212 | if (ciphers & WPA_CIPHER_CCMP) { |
1213 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); | |
1214 | pos += RSN_SELECTOR_LEN; | |
c3550295 JM |
1215 | } |
1216 | if (ciphers & WPA_CIPHER_GCMP) { | |
1217 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP); | |
1218 | pos += RSN_SELECTOR_LEN; | |
c3550295 JM |
1219 | } |
1220 | if (ciphers & WPA_CIPHER_TKIP) { | |
1221 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); | |
1222 | pos += RSN_SELECTOR_LEN; | |
c3550295 JM |
1223 | } |
1224 | if (ciphers & WPA_CIPHER_NONE) { | |
1225 | RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE); | |
1226 | pos += RSN_SELECTOR_LEN; | |
c3550295 JM |
1227 | } |
1228 | ||
8a4ce280 | 1229 | return (pos - start) / RSN_SELECTOR_LEN; |
c3550295 JM |
1230 | } |
1231 | ||
1232 | ||
8a4ce280 | 1233 | int wpa_cipher_put_suites(u8 *start, int ciphers) |
c3550295 | 1234 | { |
8a4ce280 | 1235 | u8 *pos = start; |
c3550295 JM |
1236 | |
1237 | if (ciphers & WPA_CIPHER_CCMP) { | |
1238 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); | |
1239 | pos += WPA_SELECTOR_LEN; | |
c3550295 JM |
1240 | } |
1241 | if (ciphers & WPA_CIPHER_TKIP) { | |
1242 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); | |
1243 | pos += WPA_SELECTOR_LEN; | |
c3550295 JM |
1244 | } |
1245 | if (ciphers & WPA_CIPHER_NONE) { | |
1246 | RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE); | |
1247 | pos += WPA_SELECTOR_LEN; | |
c3550295 JM |
1248 | } |
1249 | ||
8a4ce280 | 1250 | return (pos - start) / RSN_SELECTOR_LEN; |
c3550295 | 1251 | } |
edbd2a19 JM |
1252 | |
1253 | ||
1254 | int wpa_pick_pairwise_cipher(int ciphers, int none_allowed) | |
1255 | { | |
30675c34 JM |
1256 | if (ciphers & WPA_CIPHER_CCMP_256) |
1257 | return WPA_CIPHER_CCMP_256; | |
1258 | if (ciphers & WPA_CIPHER_GCMP_256) | |
1259 | return WPA_CIPHER_GCMP_256; | |
edbd2a19 JM |
1260 | if (ciphers & WPA_CIPHER_CCMP) |
1261 | return WPA_CIPHER_CCMP; | |
1262 | if (ciphers & WPA_CIPHER_GCMP) | |
1263 | return WPA_CIPHER_GCMP; | |
1264 | if (ciphers & WPA_CIPHER_TKIP) | |
1265 | return WPA_CIPHER_TKIP; | |
1266 | if (none_allowed && (ciphers & WPA_CIPHER_NONE)) | |
1267 | return WPA_CIPHER_NONE; | |
1268 | return -1; | |
1269 | } | |
1270 | ||
1271 | ||
1272 | int wpa_pick_group_cipher(int ciphers) | |
1273 | { | |
30675c34 JM |
1274 | if (ciphers & WPA_CIPHER_CCMP_256) |
1275 | return WPA_CIPHER_CCMP_256; | |
1276 | if (ciphers & WPA_CIPHER_GCMP_256) | |
1277 | return WPA_CIPHER_GCMP_256; | |
edbd2a19 JM |
1278 | if (ciphers & WPA_CIPHER_CCMP) |
1279 | return WPA_CIPHER_CCMP; | |
1280 | if (ciphers & WPA_CIPHER_GCMP) | |
1281 | return WPA_CIPHER_GCMP; | |
dff1e285 JM |
1282 | if (ciphers & WPA_CIPHER_GTK_NOT_USED) |
1283 | return WPA_CIPHER_GTK_NOT_USED; | |
edbd2a19 JM |
1284 | if (ciphers & WPA_CIPHER_TKIP) |
1285 | return WPA_CIPHER_TKIP; | |
1286 | if (ciphers & WPA_CIPHER_WEP104) | |
1287 | return WPA_CIPHER_WEP104; | |
1288 | if (ciphers & WPA_CIPHER_WEP40) | |
1289 | return WPA_CIPHER_WEP40; | |
1290 | return -1; | |
1291 | } | |
a39c78be JM |
1292 | |
1293 | ||
1294 | int wpa_parse_cipher(const char *value) | |
1295 | { | |
1296 | int val = 0, last; | |
1297 | char *start, *end, *buf; | |
1298 | ||
1299 | buf = os_strdup(value); | |
1300 | if (buf == NULL) | |
1301 | return -1; | |
1302 | start = buf; | |
1303 | ||
1304 | while (*start != '\0') { | |
1305 | while (*start == ' ' || *start == '\t') | |
1306 | start++; | |
1307 | if (*start == '\0') | |
1308 | break; | |
1309 | end = start; | |
1310 | while (*end != ' ' && *end != '\t' && *end != '\0') | |
1311 | end++; | |
1312 | last = *end == '\0'; | |
1313 | *end = '\0'; | |
30675c34 JM |
1314 | if (os_strcmp(start, "CCMP-256") == 0) |
1315 | val |= WPA_CIPHER_CCMP_256; | |
1316 | else if (os_strcmp(start, "GCMP-256") == 0) | |
1317 | val |= WPA_CIPHER_GCMP_256; | |
1318 | else if (os_strcmp(start, "CCMP") == 0) | |
a39c78be JM |
1319 | val |= WPA_CIPHER_CCMP; |
1320 | else if (os_strcmp(start, "GCMP") == 0) | |
1321 | val |= WPA_CIPHER_GCMP; | |
1322 | else if (os_strcmp(start, "TKIP") == 0) | |
1323 | val |= WPA_CIPHER_TKIP; | |
1324 | else if (os_strcmp(start, "WEP104") == 0) | |
1325 | val |= WPA_CIPHER_WEP104; | |
1326 | else if (os_strcmp(start, "WEP40") == 0) | |
1327 | val |= WPA_CIPHER_WEP40; | |
1328 | else if (os_strcmp(start, "NONE") == 0) | |
1329 | val |= WPA_CIPHER_NONE; | |
dff1e285 JM |
1330 | else if (os_strcmp(start, "GTK_NOT_USED") == 0) |
1331 | val |= WPA_CIPHER_GTK_NOT_USED; | |
a39c78be JM |
1332 | else { |
1333 | os_free(buf); | |
1334 | return -1; | |
1335 | } | |
1336 | ||
1337 | if (last) | |
1338 | break; | |
1339 | start = end + 1; | |
1340 | } | |
1341 | os_free(buf); | |
1342 | ||
1343 | return val; | |
1344 | } | |
0282a8c4 JM |
1345 | |
1346 | ||
1347 | int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim) | |
1348 | { | |
1349 | char *pos = start; | |
1350 | int ret; | |
1351 | ||
30675c34 JM |
1352 | if (ciphers & WPA_CIPHER_CCMP_256) { |
1353 | ret = os_snprintf(pos, end - pos, "%sCCMP-256", | |
1354 | pos == start ? "" : delim); | |
1355 | if (ret < 0 || ret >= end - pos) | |
1356 | return -1; | |
1357 | pos += ret; | |
1358 | } | |
1359 | if (ciphers & WPA_CIPHER_GCMP_256) { | |
1360 | ret = os_snprintf(pos, end - pos, "%sGCMP-256", | |
1361 | pos == start ? "" : delim); | |
1362 | if (ret < 0 || ret >= end - pos) | |
1363 | return -1; | |
1364 | pos += ret; | |
1365 | } | |
0282a8c4 JM |
1366 | if (ciphers & WPA_CIPHER_CCMP) { |
1367 | ret = os_snprintf(pos, end - pos, "%sCCMP", | |
1368 | pos == start ? "" : delim); | |
1369 | if (ret < 0 || ret >= end - pos) | |
1370 | return -1; | |
1371 | pos += ret; | |
1372 | } | |
1373 | if (ciphers & WPA_CIPHER_GCMP) { | |
1374 | ret = os_snprintf(pos, end - pos, "%sGCMP", | |
1375 | pos == start ? "" : delim); | |
1376 | if (ret < 0 || ret >= end - pos) | |
1377 | return -1; | |
1378 | pos += ret; | |
1379 | } | |
1380 | if (ciphers & WPA_CIPHER_TKIP) { | |
1381 | ret = os_snprintf(pos, end - pos, "%sTKIP", | |
1382 | pos == start ? "" : delim); | |
1383 | if (ret < 0 || ret >= end - pos) | |
1384 | return -1; | |
1385 | pos += ret; | |
1386 | } | |
1387 | if (ciphers & WPA_CIPHER_WEP104) { | |
1388 | ret = os_snprintf(pos, end - pos, "%sWEP104", | |
1389 | pos == start ? "" : delim); | |
1390 | if (ret < 0 || ret >= end - pos) | |
1391 | return -1; | |
1392 | pos += ret; | |
1393 | } | |
1394 | if (ciphers & WPA_CIPHER_WEP40) { | |
1395 | ret = os_snprintf(pos, end - pos, "%sWEP40", | |
1396 | pos == start ? "" : delim); | |
1397 | if (ret < 0 || ret >= end - pos) | |
1398 | return -1; | |
1399 | pos += ret; | |
1400 | } | |
1401 | if (ciphers & WPA_CIPHER_NONE) { | |
1402 | ret = os_snprintf(pos, end - pos, "%sNONE", | |
1403 | pos == start ? "" : delim); | |
1404 | if (ret < 0 || ret >= end - pos) | |
1405 | return -1; | |
1406 | pos += ret; | |
1407 | } | |
1408 | ||
1409 | return pos - start; | |
1410 | } | |
cf830c1c JM |
1411 | |
1412 | ||
1413 | int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise) | |
1414 | { | |
1415 | int pairwise = 0; | |
1416 | ||
1417 | /* Select group cipher based on the enabled pairwise cipher suites */ | |
1418 | if (wpa & 1) | |
1419 | pairwise |= wpa_pairwise; | |
1420 | if (wpa & 2) | |
1421 | pairwise |= rsn_pairwise; | |
1422 | ||
1423 | if (pairwise & WPA_CIPHER_TKIP) | |
1424 | return WPA_CIPHER_TKIP; | |
1425 | if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP) | |
1426 | return WPA_CIPHER_GCMP; | |
30675c34 JM |
1427 | if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP | |
1428 | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256) | |
1429 | return WPA_CIPHER_GCMP_256; | |
1430 | if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP | | |
1431 | WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256) | |
1432 | return WPA_CIPHER_CCMP_256; | |
cf830c1c JM |
1433 | return WPA_CIPHER_CCMP; |
1434 | } |