]>
Commit | Line | Data |
---|---|---|
161d0339 JM |
1 | /* |
2 | * Received Data frame processing for EAPOL messages | |
3 | * Copyright (c) 2010, Jouni Malinen <j@w1.fi> | |
4 | * | |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
161d0339 JM |
7 | */ |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "crypto/aes_wrap.h" | |
13 | #include "crypto/crypto.h" | |
14 | #include "common/defs.h" | |
15 | #include "common/ieee802_11_defs.h" | |
c81defea | 16 | #include "common/ieee802_11_common.h" |
161d0339 JM |
17 | #include "common/eapol_common.h" |
18 | #include "common/wpa_common.h" | |
19 | #include "rsn_supp/wpa_ie.h" | |
20 | #include "wlantest.h" | |
21 | ||
22 | ||
23 | static int is_zero(const u8 *buf, size_t len) | |
24 | { | |
25 | size_t i; | |
26 | for (i = 0; i < len; i++) { | |
27 | if (buf[i]) | |
28 | return 0; | |
29 | } | |
30 | return 1; | |
31 | } | |
32 | ||
33 | ||
34 | static int check_mic(const u8 *kck, int ver, const u8 *data, size_t len) | |
35 | { | |
36 | u8 *buf; | |
37 | int ret = -1; | |
38 | struct ieee802_1x_hdr *hdr; | |
39 | struct wpa_eapol_key *key; | |
40 | u8 rx_mic[16]; | |
41 | ||
42 | buf = os_malloc(len); | |
43 | if (buf == NULL) | |
44 | return -1; | |
45 | os_memcpy(buf, data, len); | |
46 | hdr = (struct ieee802_1x_hdr *) buf; | |
47 | key = (struct wpa_eapol_key *) (hdr + 1); | |
48 | ||
49 | os_memcpy(rx_mic, key->key_mic, 16); | |
50 | os_memset(key->key_mic, 0, 16); | |
51 | ||
52 | if (wpa_eapol_key_mic(kck, ver, buf, len, key->key_mic) == 0 && | |
53 | os_memcmp(rx_mic, key->key_mic, 16) == 0) | |
54 | ret = 0; | |
55 | ||
56 | os_free(buf); | |
57 | ||
58 | return ret; | |
59 | } | |
60 | ||
61 | ||
62 | static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst, | |
63 | const u8 *src, const u8 *data, size_t len) | |
64 | { | |
65 | struct wlantest_bss *bss; | |
66 | struct wlantest_sta *sta; | |
67 | const struct ieee802_1x_hdr *eapol; | |
68 | const struct wpa_eapol_key *hdr; | |
69 | ||
70 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR, | |
71 | MAC2STR(src), MAC2STR(dst)); | |
72 | bss = bss_get(wt, src); | |
73 | if (bss == NULL) | |
74 | return; | |
75 | sta = sta_get(bss, dst); | |
76 | if (sta == NULL) | |
77 | return; | |
78 | ||
79 | eapol = (const struct ieee802_1x_hdr *) data; | |
80 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
81 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { | |
e4d99217 JM |
82 | add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR |
83 | " used zero nonce", MAC2STR(src)); | |
161d0339 JM |
84 | } |
85 | if (!is_zero(hdr->key_rsc, 8)) { | |
e4d99217 JM |
86 | add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR |
87 | " used non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
88 | } |
89 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
90 | } | |
91 | ||
92 | ||
e4d99217 JM |
93 | static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss, |
94 | struct wlantest_sta *sta, u16 ver, | |
95 | const u8 *data, size_t len, | |
161d0339 JM |
96 | struct wlantest_pmk *pmk) |
97 | { | |
98 | struct wpa_ptk ptk; | |
99 | size_t ptk_len = sta->pairwise_cipher == WPA_CIPHER_TKIP ? 64 : 48; | |
100 | wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk), | |
101 | "Pairwise key expansion", | |
102 | bss->bssid, sta->addr, sta->anonce, sta->snonce, | |
103 | (u8 *) &ptk, ptk_len, | |
104 | wpa_key_mgmt_sha256(sta->key_mgmt)); | |
105 | if (check_mic(ptk.kck, ver, data, len) < 0) | |
106 | return -1; | |
107 | ||
108 | wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR, | |
109 | MAC2STR(sta->addr), MAC2STR(bss->bssid)); | |
110 | sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++; | |
d0b251d2 JM |
111 | if (sta->ptk_set) { |
112 | /* | |
113 | * Rekeying - use new PTK for EAPOL-Key frames, but continue | |
114 | * using the old PTK for frame decryption. | |
115 | */ | |
e4d99217 | 116 | add_note(wt, MSG_DEBUG, "Derived PTK during rekeying"); |
d0b251d2 JM |
117 | os_memcpy(&sta->tptk, &ptk, sizeof(ptk)); |
118 | wpa_hexdump(MSG_DEBUG, "TPTK:KCK", sta->tptk.kck, 16); | |
119 | wpa_hexdump(MSG_DEBUG, "TPTK:KEK", sta->tptk.kek, 16); | |
120 | wpa_hexdump(MSG_DEBUG, "TPTK:TK1", sta->tptk.tk1, 16); | |
121 | if (ptk_len > 48) | |
122 | wpa_hexdump(MSG_DEBUG, "TPTK:TK2", sta->tptk.u.tk2, | |
123 | 16); | |
124 | sta->tptk_set = 1; | |
125 | return 0; | |
126 | } | |
e4d99217 | 127 | add_note(wt, MSG_DEBUG, "Derived new PTK"); |
161d0339 JM |
128 | os_memcpy(&sta->ptk, &ptk, sizeof(ptk)); |
129 | wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, 16); | |
130 | wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, 16); | |
131 | wpa_hexdump(MSG_DEBUG, "PTK:TK1", sta->ptk.tk1, 16); | |
132 | if (ptk_len > 48) | |
133 | wpa_hexdump(MSG_DEBUG, "PTK:TK2", sta->ptk.u.tk2, 16); | |
134 | sta->ptk_set = 1; | |
135 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
136 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
137 | return 0; | |
138 | } | |
139 | ||
140 | ||
141 | static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss, | |
142 | struct wlantest_sta *sta, u16 ver, | |
143 | const u8 *data, size_t len) | |
144 | { | |
145 | struct wlantest_pmk *pmk; | |
146 | ||
f6ff5160 JM |
147 | wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)", |
148 | MAC2STR(sta->addr), ver); | |
161d0339 | 149 | dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) { |
0778c8f5 | 150 | wpa_printf(MSG_DEBUG, "Try per-BSS PMK"); |
e4d99217 | 151 | if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0) |
161d0339 JM |
152 | return; |
153 | } | |
154 | ||
155 | dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) { | |
0778c8f5 | 156 | wpa_printf(MSG_DEBUG, "Try global PMK"); |
e4d99217 | 157 | if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0) |
161d0339 JM |
158 | return; |
159 | } | |
a0530dff JM |
160 | |
161 | if (!sta->ptk_set) { | |
162 | struct wlantest_ptk *ptk; | |
163 | int prev_level = wpa_debug_level; | |
164 | ||
165 | wpa_debug_level = MSG_WARNING; | |
166 | dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) { | |
167 | if (check_mic(ptk->ptk.kck, ver, data, len) < 0) | |
168 | continue; | |
169 | wpa_printf(MSG_INFO, "Pre-set PTK matches for STA " | |
170 | MACSTR " BSSID " MACSTR, | |
171 | MAC2STR(sta->addr), MAC2STR(bss->bssid)); | |
172 | add_note(wt, MSG_DEBUG, "Using pre-set PTK"); | |
173 | os_memcpy(&sta->ptk, &ptk->ptk, sizeof(ptk->ptk)); | |
174 | wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, 16); | |
175 | wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, 16); | |
176 | wpa_hexdump(MSG_DEBUG, "PTK:TK1", sta->ptk.tk1, 16); | |
177 | if (ptk->ptk_len > 48) | |
178 | wpa_hexdump(MSG_DEBUG, "PTK:TK2", | |
179 | sta->ptk.u.tk2, 16); | |
180 | sta->ptk_set = 1; | |
181 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
182 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
183 | } | |
184 | wpa_debug_level = prev_level; | |
185 | } | |
186 | ||
e4d99217 | 187 | add_note(wt, MSG_DEBUG, "No matching PMK found to derive PTK"); |
161d0339 JM |
188 | } |
189 | ||
190 | ||
191 | static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst, | |
192 | const u8 *src, const u8 *data, size_t len) | |
193 | { | |
194 | struct wlantest_bss *bss; | |
195 | struct wlantest_sta *sta; | |
196 | const struct ieee802_1x_hdr *eapol; | |
197 | const struct wpa_eapol_key *hdr; | |
d0b251d2 | 198 | const u8 *key_data, *kck; |
161d0339 JM |
199 | u16 key_info, key_data_len; |
200 | struct wpa_eapol_ie_parse ie; | |
201 | ||
202 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR, | |
203 | MAC2STR(src), MAC2STR(dst)); | |
204 | bss = bss_get(wt, dst); | |
205 | if (bss == NULL) | |
206 | return; | |
207 | sta = sta_get(bss, src); | |
208 | if (sta == NULL) | |
209 | return; | |
210 | ||
211 | eapol = (const struct ieee802_1x_hdr *) data; | |
212 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
213 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { | |
e4d99217 JM |
214 | add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR |
215 | " used zero nonce", MAC2STR(src)); | |
161d0339 JM |
216 | } |
217 | if (!is_zero(hdr->key_rsc, 8)) { | |
e4d99217 JM |
218 | add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR |
219 | " used non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
220 | } |
221 | os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN); | |
222 | key_info = WPA_GET_BE16(hdr->key_info); | |
223 | key_data_len = WPA_GET_BE16(hdr->key_data_length); | |
224 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len); | |
225 | ||
d0b251d2 | 226 | if (!sta->ptk_set && !sta->tptk_set) { |
e4d99217 JM |
227 | add_note(wt, MSG_DEBUG, |
228 | "No PTK known to process EAPOL-Key 2/4"); | |
161d0339 JM |
229 | return; |
230 | } | |
231 | ||
d0b251d2 JM |
232 | kck = sta->ptk.kck; |
233 | if (sta->tptk_set) { | |
e4d99217 JM |
234 | add_note(wt, MSG_DEBUG, |
235 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 JM |
236 | kck = sta->tptk.kck; |
237 | } | |
238 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
e4d99217 | 239 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC"); |
161d0339 JM |
240 | return; |
241 | } | |
e4d99217 | 242 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4"); |
161d0339 JM |
243 | |
244 | key_data = (const u8 *) (hdr + 1); | |
245 | ||
246 | if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) { | |
e4d99217 | 247 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
248 | return; |
249 | } | |
250 | ||
251 | if (ie.wpa_ie) { | |
252 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
253 | ie.wpa_ie, ie.wpa_ie_len); | |
254 | if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) { | |
c81defea | 255 | struct ieee802_11_elems elems; |
e4d99217 JM |
256 | add_note(wt, MSG_INFO, |
257 | "Mismatch in WPA IE between EAPOL-Key 2/4 " | |
258 | "and (Re)Association Request from " MACSTR, | |
259 | MAC2STR(sta->addr)); | |
161d0339 JM |
260 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", |
261 | ie.wpa_ie, ie.wpa_ie_len); | |
262 | wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association " | |
263 | "Request", | |
264 | sta->rsnie, | |
265 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
266 | /* |
267 | * The sniffer may have missed (Re)Association | |
268 | * Request, so try to survive with the information from | |
269 | * EAPOL-Key. | |
270 | */ | |
271 | os_memset(&elems, 0, sizeof(elems)); | |
272 | elems.wpa_ie = ie.wpa_ie + 2; | |
273 | elems.wpa_ie_len = ie.wpa_ie_len - 2; | |
274 | wpa_printf(MSG_DEBUG, "Update STA data based on WPA " | |
275 | "IE in EAPOL-Key 2/4"); | |
276 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
277 | } |
278 | } | |
279 | ||
280 | if (ie.rsn_ie) { | |
281 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
282 | ie.rsn_ie, ie.rsn_ie_len); | |
283 | if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) { | |
c81defea | 284 | struct ieee802_11_elems elems; |
e4d99217 JM |
285 | add_note(wt, MSG_INFO, |
286 | "Mismatch in RSN IE between EAPOL-Key 2/4 " | |
287 | "and (Re)Association Request from " MACSTR, | |
288 | MAC2STR(sta->addr)); | |
161d0339 JM |
289 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", |
290 | ie.rsn_ie, ie.rsn_ie_len); | |
291 | wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association " | |
292 | "Request", | |
293 | sta->rsnie, | |
294 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
295 | /* |
296 | * The sniffer may have missed (Re)Association | |
297 | * Request, so try to survive with the information from | |
298 | * EAPOL-Key. | |
299 | */ | |
300 | os_memset(&elems, 0, sizeof(elems)); | |
301 | elems.rsn_ie = ie.rsn_ie + 2; | |
302 | elems.rsn_ie_len = ie.rsn_ie_len - 2; | |
303 | wpa_printf(MSG_DEBUG, "Update STA data based on RSN " | |
304 | "IE in EAPOL-Key 2/4"); | |
305 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
306 | } |
307 | } | |
308 | } | |
309 | ||
310 | ||
e4d99217 | 311 | static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek, |
161d0339 JM |
312 | const struct wpa_eapol_key *hdr, |
313 | size_t *len) | |
314 | { | |
315 | u8 ek[32], *buf; | |
316 | u16 keydatalen = WPA_GET_BE16(hdr->key_data_length); | |
317 | ||
318 | buf = os_malloc(keydatalen); | |
319 | if (buf == NULL) | |
320 | return NULL; | |
321 | ||
322 | os_memcpy(ek, hdr->key_iv, 16); | |
323 | os_memcpy(ek + 16, kek, 16); | |
324 | os_memcpy(buf, hdr + 1, keydatalen); | |
325 | if (rc4_skip(ek, 32, 256, buf, keydatalen)) { | |
e4d99217 | 326 | add_note(wt, MSG_INFO, "RC4 failed"); |
161d0339 JM |
327 | os_free(buf); |
328 | return NULL; | |
329 | } | |
330 | ||
331 | *len = keydatalen; | |
332 | return buf; | |
333 | } | |
334 | ||
335 | ||
e4d99217 | 336 | static u8 * decrypt_eapol_key_data_aes(struct wlantest *wt, const u8 *kek, |
161d0339 JM |
337 | const struct wpa_eapol_key *hdr, |
338 | size_t *len) | |
339 | { | |
340 | u8 *buf; | |
341 | u16 keydatalen = WPA_GET_BE16(hdr->key_data_length); | |
342 | ||
343 | if (keydatalen % 8) { | |
e4d99217 JM |
344 | add_note(wt, MSG_INFO, "Unsupported AES-WRAP len %d", |
345 | keydatalen); | |
161d0339 JM |
346 | return NULL; |
347 | } | |
348 | keydatalen -= 8; /* AES-WRAP adds 8 bytes */ | |
349 | buf = os_malloc(keydatalen); | |
350 | if (buf == NULL) | |
351 | return NULL; | |
352 | if (aes_unwrap(kek, keydatalen / 8, (u8 *) (hdr + 1), buf)) { | |
353 | os_free(buf); | |
e4d99217 JM |
354 | add_note(wt, MSG_INFO, |
355 | "AES unwrap failed - could not decrypt EAPOL-Key " | |
356 | "key data"); | |
161d0339 JM |
357 | return NULL; |
358 | } | |
359 | ||
360 | *len = keydatalen; | |
361 | return buf; | |
362 | } | |
363 | ||
364 | ||
e4d99217 | 365 | static u8 * decrypt_eapol_key_data(struct wlantest *wt, const u8 *kek, u16 ver, |
161d0339 JM |
366 | const struct wpa_eapol_key *hdr, |
367 | size_t *len) | |
368 | { | |
369 | switch (ver) { | |
370 | case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: | |
e4d99217 | 371 | return decrypt_eapol_key_data_rc4(wt, kek, hdr, len); |
161d0339 JM |
372 | case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: |
373 | case WPA_KEY_INFO_TYPE_AES_128_CMAC: | |
e4d99217 | 374 | return decrypt_eapol_key_data_aes(wt, kek, hdr, len); |
f6ff5160 JM |
375 | case WPA_KEY_INFO_TYPE_AKM_DEFINED: |
376 | /* For now, assume this is OSEN */ | |
377 | return decrypt_eapol_key_data_aes(wt, kek, hdr, len); | |
161d0339 | 378 | default: |
e4d99217 JM |
379 | add_note(wt, MSG_INFO, |
380 | "Unsupported EAPOL-Key Key Descriptor Version %u", | |
381 | ver); | |
161d0339 JM |
382 | return NULL; |
383 | } | |
384 | } | |
385 | ||
386 | ||
e4d99217 JM |
387 | static void learn_kde_keys(struct wlantest *wt, struct wlantest_bss *bss, |
388 | struct wlantest_sta *sta, | |
fd848ab9 | 389 | const u8 *buf, size_t len, const u8 *rsc) |
161d0339 JM |
390 | { |
391 | struct wpa_eapol_ie_parse ie; | |
392 | ||
393 | if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) { | |
e4d99217 | 394 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
395 | return; |
396 | } | |
397 | ||
398 | if (ie.wpa_ie) { | |
399 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
400 | ie.wpa_ie, ie.wpa_ie_len); | |
401 | } | |
402 | ||
403 | if (ie.rsn_ie) { | |
404 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
405 | ie.rsn_ie, ie.rsn_ie_len); | |
406 | } | |
407 | ||
408 | if (ie.gtk) { | |
409 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE", | |
410 | ie.gtk, ie.gtk_len); | |
411 | if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) { | |
412 | int id; | |
413 | id = ie.gtk[0] & 0x03; | |
c41e1d7c JM |
414 | add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u", |
415 | id, !!(ie.gtk[0] & 0x04)); | |
e4d99217 JM |
416 | if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) { |
417 | add_note(wt, MSG_INFO, | |
418 | "GTK KDE: Reserved field set: " | |
419 | "%02x %02x", ie.gtk[0], ie.gtk[1]); | |
420 | } | |
161d0339 JM |
421 | wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2, |
422 | ie.gtk_len - 2); | |
423 | bss->gtk_len[id] = ie.gtk_len - 2; | |
fd848ab9 | 424 | sta->gtk_len = ie.gtk_len - 2; |
161d0339 | 425 | os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2); |
fd848ab9 | 426 | os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2); |
161d0339 JM |
427 | bss->rsc[id][0] = rsc[5]; |
428 | bss->rsc[id][1] = rsc[4]; | |
429 | bss->rsc[id][2] = rsc[3]; | |
430 | bss->rsc[id][3] = rsc[2]; | |
431 | bss->rsc[id][4] = rsc[1]; | |
432 | bss->rsc[id][5] = rsc[0]; | |
433 | bss->gtk_idx = id; | |
fd848ab9 | 434 | sta->gtk_idx = id; |
161d0339 JM |
435 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); |
436 | } else { | |
e4d99217 JM |
437 | add_note(wt, MSG_INFO, "Invalid GTK KDE length %u", |
438 | (unsigned) ie.gtk_len); | |
161d0339 JM |
439 | } |
440 | } | |
441 | ||
442 | if (ie.igtk) { | |
443 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE", | |
444 | ie.igtk, ie.igtk_len); | |
445 | if (ie.igtk_len == 24) { | |
446 | u16 id; | |
447 | id = WPA_GET_LE16(ie.igtk); | |
448 | if (id > 5) { | |
e4d99217 JM |
449 | add_note(wt, MSG_INFO, |
450 | "Unexpected IGTK KeyID %u", id); | |
161d0339 JM |
451 | } else { |
452 | const u8 *ipn; | |
c41e1d7c | 453 | add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id); |
161d0339 JM |
454 | wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6); |
455 | wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8, | |
456 | 16); | |
457 | os_memcpy(bss->igtk[id], ie.igtk + 8, 16); | |
458 | bss->igtk_set[id] = 1; | |
459 | ipn = ie.igtk + 2; | |
460 | bss->ipn[id][0] = ipn[5]; | |
461 | bss->ipn[id][1] = ipn[4]; | |
462 | bss->ipn[id][2] = ipn[3]; | |
463 | bss->ipn[id][3] = ipn[2]; | |
464 | bss->ipn[id][4] = ipn[1]; | |
465 | bss->ipn[id][5] = ipn[0]; | |
466 | bss->igtk_idx = id; | |
467 | } | |
468 | } else { | |
e4d99217 JM |
469 | add_note(wt, MSG_INFO, "Invalid IGTK KDE length %u", |
470 | (unsigned) ie.igtk_len); | |
161d0339 JM |
471 | } |
472 | } | |
473 | } | |
474 | ||
475 | ||
476 | static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst, | |
477 | const u8 *src, const u8 *data, size_t len) | |
478 | { | |
479 | struct wlantest_bss *bss; | |
480 | struct wlantest_sta *sta; | |
481 | const struct ieee802_1x_hdr *eapol; | |
482 | const struct wpa_eapol_key *hdr; | |
3c56f0e2 | 483 | const u8 *key_data, *kck, *kek; |
161d0339 JM |
484 | int recalc = 0; |
485 | u16 key_info, ver; | |
486 | u8 *decrypted_buf = NULL; | |
487 | const u8 *decrypted; | |
488 | size_t decrypted_len = 0; | |
489 | struct wpa_eapol_ie_parse ie; | |
490 | ||
491 | wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR, | |
492 | MAC2STR(src), MAC2STR(dst)); | |
493 | bss = bss_get(wt, src); | |
494 | if (bss == NULL) | |
495 | return; | |
496 | sta = sta_get(bss, dst); | |
497 | if (sta == NULL) | |
498 | return; | |
499 | ||
500 | eapol = (const struct ieee802_1x_hdr *) data; | |
501 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
502 | key_info = WPA_GET_BE16(hdr->key_info); | |
503 | ||
504 | if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) { | |
e4d99217 JM |
505 | add_note(wt, MSG_INFO, |
506 | "EAPOL-Key ANonce mismatch between 1/4 and 3/4"); | |
161d0339 JM |
507 | recalc = 1; |
508 | } | |
509 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
510 | if (recalc) { | |
511 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, | |
512 | data, len); | |
513 | } | |
514 | ||
d0b251d2 | 515 | if (!sta->ptk_set && !sta->tptk_set) { |
e4d99217 JM |
516 | add_note(wt, MSG_DEBUG, |
517 | "No PTK known to process EAPOL-Key 3/4"); | |
161d0339 JM |
518 | return; |
519 | } | |
520 | ||
3c56f0e2 | 521 | kek = sta->ptk.kek; |
d0b251d2 JM |
522 | kck = sta->ptk.kck; |
523 | if (sta->tptk_set) { | |
e4d99217 JM |
524 | add_note(wt, MSG_DEBUG, |
525 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 | 526 | kck = sta->tptk.kck; |
3c56f0e2 | 527 | kek = sta->tptk.kek; |
d0b251d2 JM |
528 | } |
529 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
e4d99217 | 530 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC"); |
161d0339 JM |
531 | return; |
532 | } | |
e4d99217 | 533 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4"); |
161d0339 JM |
534 | |
535 | key_data = (const u8 *) (hdr + 1); | |
536 | if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | |
537 | if (sta->proto & WPA_PROTO_RSN) | |
e4d99217 JM |
538 | add_note(wt, MSG_INFO, |
539 | "EAPOL-Key 3/4 without EncrKeyData bit"); | |
161d0339 JM |
540 | decrypted = key_data; |
541 | decrypted_len = WPA_GET_BE16(hdr->key_data_length); | |
542 | } else { | |
543 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
e4d99217 | 544 | decrypted_buf = decrypt_eapol_key_data(wt, kek, ver, hdr, |
161d0339 JM |
545 | &decrypted_len); |
546 | if (decrypted_buf == NULL) { | |
e4d99217 JM |
547 | add_note(wt, MSG_INFO, |
548 | "Failed to decrypt EAPOL-Key Key Data"); | |
161d0339 JM |
549 | return; |
550 | } | |
551 | decrypted = decrypted_buf; | |
552 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
553 | decrypted, decrypted_len); | |
554 | } | |
555 | if (wt->write_pcap_dumper && decrypted != key_data) { | |
556 | /* Fill in a dummy Data frame header */ | |
557 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)]; | |
558 | struct ieee80211_hdr *h; | |
559 | struct wpa_eapol_key *k; | |
560 | const u8 *p; | |
561 | u8 *pos; | |
562 | size_t plain_len; | |
563 | ||
564 | plain_len = decrypted_len; | |
565 | p = decrypted; | |
566 | while (p + 1 < decrypted + decrypted_len) { | |
567 | if (p[0] == 0xdd && p[1] == 0x00) { | |
568 | /* Remove padding */ | |
569 | plain_len = p - decrypted; | |
570 | break; | |
571 | } | |
572 | p += 2 + p[1]; | |
573 | } | |
574 | ||
575 | os_memset(buf, 0, sizeof(buf)); | |
576 | h = (struct ieee80211_hdr *) buf; | |
577 | h->frame_control = host_to_le16(0x0208); | |
578 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
579 | os_memcpy(h->addr2, src, ETH_ALEN); | |
580 | os_memcpy(h->addr3, src, ETH_ALEN); | |
581 | pos = (u8 *) (h + 1); | |
582 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
583 | pos += 8; | |
584 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
585 | pos += sizeof(*eapol); | |
586 | os_memcpy(pos, hdr, sizeof(*hdr)); | |
587 | k = (struct wpa_eapol_key *) pos; | |
588 | WPA_PUT_BE16(k->key_info, | |
589 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
590 | WPA_PUT_BE16(k->key_data_length, plain_len); | |
591 | write_pcap_decrypted(wt, buf, sizeof(buf), | |
592 | decrypted, plain_len); | |
593 | } | |
594 | ||
595 | if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) { | |
e4d99217 | 596 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
597 | os_free(decrypted_buf); |
598 | return; | |
599 | } | |
600 | ||
601 | if ((ie.wpa_ie && | |
602 | os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) || | |
603 | (ie.wpa_ie == NULL && bss->wpaie[0])) { | |
e4d99217 JM |
604 | add_note(wt, MSG_INFO, |
605 | "Mismatch in WPA IE between EAPOL-Key 3/4 and " | |
606 | "Beacon/Probe Response from " MACSTR, | |
607 | MAC2STR(bss->bssid)); | |
161d0339 JM |
608 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", |
609 | ie.wpa_ie, ie.wpa_ie_len); | |
610 | wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe " | |
611 | "Response", | |
612 | bss->wpaie, | |
613 | bss->wpaie[0] ? 2 + bss->wpaie[1] : 0); | |
614 | } | |
615 | ||
616 | if ((ie.rsn_ie && | |
617 | os_memcmp(ie.rsn_ie, bss->rsnie, ie.rsn_ie_len) != 0) || | |
618 | (ie.rsn_ie == NULL && bss->rsnie[0])) { | |
e4d99217 JM |
619 | add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key " |
620 | "3/4 and Beacon/Probe Response from " MACSTR, | |
621 | MAC2STR(bss->bssid)); | |
161d0339 JM |
622 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", |
623 | ie.rsn_ie, ie.rsn_ie_len); | |
624 | wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association " | |
625 | "Request", | |
626 | bss->rsnie, | |
627 | bss->rsnie[0] ? 2 + bss->rsnie[1] : 0); | |
628 | } | |
629 | ||
e4d99217 | 630 | learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, hdr->key_rsc); |
161d0339 JM |
631 | os_free(decrypted_buf); |
632 | } | |
633 | ||
634 | ||
635 | static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst, | |
636 | const u8 *src, const u8 *data, size_t len) | |
637 | { | |
638 | struct wlantest_bss *bss; | |
639 | struct wlantest_sta *sta; | |
640 | const struct ieee802_1x_hdr *eapol; | |
641 | const struct wpa_eapol_key *hdr; | |
642 | u16 key_info; | |
d0b251d2 | 643 | const u8 *kck; |
161d0339 JM |
644 | |
645 | wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR, | |
646 | MAC2STR(src), MAC2STR(dst)); | |
647 | bss = bss_get(wt, dst); | |
648 | if (bss == NULL) | |
649 | return; | |
650 | sta = sta_get(bss, src); | |
651 | if (sta == NULL) | |
652 | return; | |
653 | ||
654 | eapol = (const struct ieee802_1x_hdr *) data; | |
655 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
656 | if (!is_zero(hdr->key_rsc, 8)) { | |
c41e1d7c JM |
657 | add_note(wt, MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used " |
658 | "non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
659 | } |
660 | key_info = WPA_GET_BE16(hdr->key_info); | |
661 | ||
d0b251d2 | 662 | if (!sta->ptk_set && !sta->tptk_set) { |
c41e1d7c JM |
663 | add_note(wt, MSG_DEBUG, |
664 | "No PTK known to process EAPOL-Key 4/4"); | |
161d0339 JM |
665 | return; |
666 | } | |
667 | ||
d0b251d2 JM |
668 | kck = sta->ptk.kck; |
669 | if (sta->tptk_set) { | |
c41e1d7c JM |
670 | add_note(wt, MSG_DEBUG, |
671 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 JM |
672 | kck = sta->tptk.kck; |
673 | } | |
674 | if (check_mic(kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
c41e1d7c | 675 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC"); |
161d0339 JM |
676 | return; |
677 | } | |
c41e1d7c | 678 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4"); |
d0b251d2 | 679 | if (sta->tptk_set) { |
c41e1d7c | 680 | add_note(wt, MSG_DEBUG, "Update PTK (rekeying)"); |
d0b251d2 JM |
681 | os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk)); |
682 | sta->ptk_set = 1; | |
683 | sta->tptk_set = 0; | |
684 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
685 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
686 | } | |
161d0339 JM |
687 | } |
688 | ||
689 | ||
690 | static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst, | |
691 | const u8 *src, const u8 *data, size_t len) | |
692 | { | |
693 | struct wlantest_bss *bss; | |
694 | struct wlantest_sta *sta; | |
695 | const struct ieee802_1x_hdr *eapol; | |
696 | const struct wpa_eapol_key *hdr; | |
161d0339 JM |
697 | u16 key_info, ver; |
698 | u8 *decrypted; | |
699 | size_t decrypted_len = 0; | |
700 | ||
701 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR, | |
702 | MAC2STR(src), MAC2STR(dst)); | |
703 | bss = bss_get(wt, src); | |
704 | if (bss == NULL) | |
705 | return; | |
706 | sta = sta_get(bss, dst); | |
707 | if (sta == NULL) | |
708 | return; | |
709 | ||
710 | eapol = (const struct ieee802_1x_hdr *) data; | |
711 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
712 | key_info = WPA_GET_BE16(hdr->key_info); | |
713 | ||
714 | if (!sta->ptk_set) { | |
c41e1d7c JM |
715 | add_note(wt, MSG_DEBUG, |
716 | "No PTK known to process EAPOL-Key 1/2"); | |
161d0339 JM |
717 | return; |
718 | } | |
719 | ||
720 | if (sta->ptk_set && | |
721 | check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK, | |
722 | data, len) < 0) { | |
c41e1d7c | 723 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC"); |
161d0339 JM |
724 | return; |
725 | } | |
c41e1d7c | 726 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2"); |
161d0339 | 727 | |
161d0339 JM |
728 | if (sta->proto & WPA_PROTO_RSN && |
729 | !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | |
c41e1d7c | 730 | add_note(wt, MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit"); |
161d0339 JM |
731 | return; |
732 | } | |
733 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
e4d99217 | 734 | decrypted = decrypt_eapol_key_data(wt, sta->ptk.kek, ver, hdr, |
161d0339 JM |
735 | &decrypted_len); |
736 | if (decrypted == NULL) { | |
c41e1d7c | 737 | add_note(wt, MSG_INFO, "Failed to decrypt EAPOL-Key Key Data"); |
161d0339 JM |
738 | return; |
739 | } | |
740 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
741 | decrypted, decrypted_len); | |
742 | if (wt->write_pcap_dumper) { | |
743 | /* Fill in a dummy Data frame header */ | |
744 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)]; | |
745 | struct ieee80211_hdr *h; | |
746 | struct wpa_eapol_key *k; | |
747 | u8 *pos; | |
748 | size_t plain_len; | |
749 | ||
750 | plain_len = decrypted_len; | |
751 | pos = decrypted; | |
752 | while (pos + 1 < decrypted + decrypted_len) { | |
753 | if (pos[0] == 0xdd && pos[1] == 0x00) { | |
754 | /* Remove padding */ | |
755 | plain_len = pos - decrypted; | |
756 | break; | |
757 | } | |
758 | pos += 2 + pos[1]; | |
759 | } | |
760 | ||
761 | os_memset(buf, 0, sizeof(buf)); | |
762 | h = (struct ieee80211_hdr *) buf; | |
763 | h->frame_control = host_to_le16(0x0208); | |
764 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
765 | os_memcpy(h->addr2, src, ETH_ALEN); | |
766 | os_memcpy(h->addr3, src, ETH_ALEN); | |
767 | pos = (u8 *) (h + 1); | |
768 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
769 | pos += 8; | |
770 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
771 | pos += sizeof(*eapol); | |
772 | os_memcpy(pos, hdr, sizeof(*hdr)); | |
773 | k = (struct wpa_eapol_key *) pos; | |
774 | WPA_PUT_BE16(k->key_info, | |
775 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
776 | WPA_PUT_BE16(k->key_data_length, plain_len); | |
777 | write_pcap_decrypted(wt, buf, sizeof(buf), | |
778 | decrypted, plain_len); | |
779 | } | |
780 | if (sta->proto & WPA_PROTO_RSN) | |
e4d99217 | 781 | learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, |
fd848ab9 | 782 | hdr->key_rsc); |
161d0339 | 783 | else { |
30e09b0d JM |
784 | int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16; |
785 | if (decrypted_len == klen) { | |
161d0339 JM |
786 | const u8 *rsc = hdr->key_rsc; |
787 | int id; | |
788 | id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
789 | WPA_KEY_INFO_KEY_INDEX_SHIFT; | |
c41e1d7c | 790 | add_note(wt, MSG_DEBUG, "GTK key index %d", id); |
161d0339 JM |
791 | wpa_hexdump(MSG_DEBUG, "GTK", decrypted, |
792 | decrypted_len); | |
793 | bss->gtk_len[id] = decrypted_len; | |
794 | os_memcpy(bss->gtk[id], decrypted, decrypted_len); | |
795 | bss->rsc[id][0] = rsc[5]; | |
796 | bss->rsc[id][1] = rsc[4]; | |
797 | bss->rsc[id][2] = rsc[3]; | |
798 | bss->rsc[id][3] = rsc[2]; | |
799 | bss->rsc[id][4] = rsc[1]; | |
800 | bss->rsc[id][5] = rsc[0]; | |
801 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); | |
802 | } else { | |
c41e1d7c JM |
803 | add_note(wt, MSG_INFO, "Unexpected WPA Key Data length " |
804 | "in Group Key msg 1/2 from " MACSTR, | |
805 | MAC2STR(src)); | |
161d0339 JM |
806 | } |
807 | } | |
808 | os_free(decrypted); | |
809 | } | |
810 | ||
811 | ||
812 | static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst, | |
813 | const u8 *src, const u8 *data, size_t len) | |
814 | { | |
815 | struct wlantest_bss *bss; | |
816 | struct wlantest_sta *sta; | |
817 | const struct ieee802_1x_hdr *eapol; | |
818 | const struct wpa_eapol_key *hdr; | |
819 | u16 key_info; | |
820 | ||
821 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR, | |
822 | MAC2STR(src), MAC2STR(dst)); | |
823 | bss = bss_get(wt, dst); | |
824 | if (bss == NULL) | |
825 | return; | |
826 | sta = sta_get(bss, src); | |
827 | if (sta == NULL) | |
828 | return; | |
829 | ||
830 | eapol = (const struct ieee802_1x_hdr *) data; | |
831 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
832 | if (!is_zero(hdr->key_rsc, 8)) { | |
c41e1d7c JM |
833 | add_note(wt, MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used " |
834 | "non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
835 | } |
836 | key_info = WPA_GET_BE16(hdr->key_info); | |
837 | ||
838 | if (!sta->ptk_set) { | |
c41e1d7c JM |
839 | add_note(wt, MSG_DEBUG, |
840 | "No PTK known to process EAPOL-Key 2/2"); | |
161d0339 JM |
841 | return; |
842 | } | |
843 | ||
844 | if (sta->ptk_set && | |
845 | check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK, | |
846 | data, len) < 0) { | |
c41e1d7c | 847 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC"); |
161d0339 JM |
848 | return; |
849 | } | |
c41e1d7c | 850 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2"); |
161d0339 JM |
851 | } |
852 | ||
853 | ||
854 | static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst, | |
855 | const u8 *src, const u8 *data, size_t len, | |
856 | int prot) | |
857 | { | |
858 | const struct ieee802_1x_hdr *eapol; | |
859 | const struct wpa_eapol_key *hdr; | |
860 | const u8 *key_data; | |
861 | u16 key_info, key_length, ver, key_data_length; | |
862 | ||
863 | eapol = (const struct ieee802_1x_hdr *) data; | |
864 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
865 | ||
866 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key", | |
867 | (const u8 *) hdr, len - sizeof(*eapol)); | |
868 | if (len < sizeof(*hdr)) { | |
c41e1d7c JM |
869 | add_note(wt, MSG_INFO, "Too short EAPOL-Key frame from " MACSTR, |
870 | MAC2STR(src)); | |
161d0339 JM |
871 | return; |
872 | } | |
873 | ||
874 | if (hdr->type == EAPOL_KEY_TYPE_RC4) { | |
875 | /* TODO: EAPOL-Key RC4 for WEP */ | |
876 | wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from " | |
877 | MACSTR, MAC2STR(src)); | |
878 | return; | |
879 | } | |
880 | ||
881 | if (hdr->type != EAPOL_KEY_TYPE_RSN && | |
882 | hdr->type != EAPOL_KEY_TYPE_WPA) { | |
883 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type " | |
884 | "%u from " MACSTR, hdr->type, MAC2STR(src)); | |
885 | return; | |
886 | } | |
887 | ||
888 | key_info = WPA_GET_BE16(hdr->key_info); | |
889 | key_length = WPA_GET_BE16(hdr->key_length); | |
890 | key_data_length = WPA_GET_BE16(hdr->key_data_length); | |
891 | key_data = (const u8 *) (hdr + 1); | |
892 | if (key_data + key_data_length > data + len) { | |
c41e1d7c JM |
893 | add_note(wt, MSG_INFO, "Truncated EAPOL-Key from " MACSTR, |
894 | MAC2STR(src)); | |
161d0339 JM |
895 | return; |
896 | } | |
897 | if (key_data + key_data_length < data + len) { | |
898 | wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data " | |
899 | "field", key_data + key_data_length, | |
900 | data + len - key_data - key_data_length); | |
901 | } | |
902 | ||
903 | ||
904 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
905 | wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s " | |
906 | "datalen=%u", | |
907 | ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G', | |
908 | (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
909 | WPA_KEY_INFO_KEY_INDEX_SHIFT, | |
910 | (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "", | |
911 | (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "", | |
912 | (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "", | |
913 | (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "", | |
914 | (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "", | |
915 | (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "", | |
916 | (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "", | |
917 | (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "", | |
918 | key_data_length); | |
919 | ||
920 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
921 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && | |
f6ff5160 JM |
922 | ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && |
923 | ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { | |
161d0339 JM |
924 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor " |
925 | "Version %u from " MACSTR, ver, MAC2STR(src)); | |
926 | return; | |
927 | } | |
928 | ||
929 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter", | |
930 | hdr->replay_counter, WPA_REPLAY_COUNTER_LEN); | |
931 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce", | |
932 | hdr->key_nonce, WPA_NONCE_LEN); | |
933 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV", | |
934 | hdr->key_iv, 16); | |
935 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC", | |
936 | hdr->key_rsc, WPA_KEY_RSC_LEN); | |
937 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC", | |
938 | hdr->key_mic, 16); | |
939 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data", | |
940 | key_data, key_data_length); | |
941 | ||
942 | if (hdr->type == EAPOL_KEY_TYPE_RSN && | |
943 | (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) != | |
944 | 0) { | |
945 | wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved " | |
946 | "Key Info bits 0x%x from " MACSTR, | |
947 | key_info, MAC2STR(src)); | |
948 | } | |
949 | ||
950 | if (hdr->type == EAPOL_KEY_TYPE_WPA && | |
951 | (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA | | |
952 | WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) { | |
953 | wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved " | |
954 | "Key Info bits 0x%x from " MACSTR, | |
955 | key_info, MAC2STR(src)); | |
956 | } | |
957 | ||
958 | if (key_length > 32) { | |
959 | wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d " | |
960 | "from " MACSTR, key_length, MAC2STR(src)); | |
961 | } | |
962 | ||
963 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
964 | !is_zero(hdr->key_iv, 16)) { | |
965 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV " | |
966 | "(reserved with ver=%d) field from " MACSTR, | |
967 | ver, MAC2STR(src)); | |
968 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)", | |
969 | hdr->key_iv, 16); | |
970 | } | |
971 | ||
972 | if (!is_zero(hdr->key_id, 8)) { | |
973 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID " | |
974 | "(reserved) field from " MACSTR, MAC2STR(src)); | |
975 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)", | |
976 | hdr->key_id, 8); | |
977 | } | |
978 | ||
979 | if (hdr->key_rsc[6] || hdr->key_rsc[7]) { | |
980 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets " | |
981 | "(last two are unused)" MACSTR, MAC2STR(src)); | |
982 | } | |
983 | ||
984 | if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST)) | |
985 | return; | |
986 | ||
987 | if (key_info & WPA_KEY_INFO_SMK_MESSAGE) | |
988 | return; | |
989 | ||
990 | if (key_info & WPA_KEY_INFO_KEY_TYPE) { | |
991 | /* 4-Way Handshake */ | |
992 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
993 | WPA_KEY_INFO_MIC | | |
994 | WPA_KEY_INFO_ACK | | |
995 | WPA_KEY_INFO_INSTALL)) { | |
996 | case WPA_KEY_INFO_ACK: | |
997 | rx_data_eapol_key_1_of_4(wt, dst, src, data, len); | |
998 | break; | |
999 | case WPA_KEY_INFO_MIC: | |
1000 | if (key_data_length == 0) | |
1001 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
1002 | len); | |
1003 | else | |
1004 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
1005 | len); | |
1006 | break; | |
1007 | case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK | | |
1008 | WPA_KEY_INFO_INSTALL: | |
1009 | /* WPA does not include Secure bit in 3/4 */ | |
1010 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); | |
1011 | break; | |
1012 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
1013 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL: | |
1014 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); | |
1015 | break; | |
1016 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
d0b251d2 JM |
1017 | if (key_data_length == 0) |
1018 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
1019 | len); | |
1020 | else | |
1021 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
1022 | len); | |
161d0339 JM |
1023 | break; |
1024 | default: | |
1025 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
1026 | break; | |
1027 | } | |
1028 | } else { | |
1029 | /* Group Key Handshake */ | |
1030 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
1031 | WPA_KEY_INFO_MIC | | |
1032 | WPA_KEY_INFO_ACK)) { | |
1033 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
1034 | WPA_KEY_INFO_ACK: | |
1035 | rx_data_eapol_key_1_of_2(wt, dst, src, data, len); | |
1036 | break; | |
1037 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
1038 | rx_data_eapol_key_2_of_2(wt, dst, src, data, len); | |
1039 | break; | |
1040 | default: | |
1041 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
1042 | break; | |
1043 | } | |
1044 | } | |
1045 | } | |
1046 | ||
1047 | ||
1048 | void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src, | |
1049 | const u8 *data, size_t len, int prot) | |
1050 | { | |
1051 | const struct ieee802_1x_hdr *hdr; | |
1052 | u16 length; | |
1053 | const u8 *p; | |
1054 | ||
1055 | wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len); | |
1056 | if (len < sizeof(*hdr)) { | |
1057 | wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR, | |
1058 | MAC2STR(src)); | |
1059 | return; | |
1060 | } | |
1061 | ||
1062 | hdr = (const struct ieee802_1x_hdr *) data; | |
1063 | length = be_to_host16(hdr->length); | |
1064 | wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u " | |
1065 | "type=%u len=%u", | |
1066 | MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "", | |
1067 | hdr->version, hdr->type, length); | |
1068 | if (hdr->version < 1 || hdr->version > 3) { | |
1069 | wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from " | |
1070 | MACSTR, hdr->version, MAC2STR(src)); | |
1071 | } | |
1072 | if (sizeof(*hdr) + length > len) { | |
1073 | wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR, | |
1074 | MAC2STR(src)); | |
1075 | return; | |
1076 | } | |
1077 | ||
1078 | if (sizeof(*hdr) + length < len) { | |
1079 | wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes", | |
1080 | (int) (len - sizeof(*hdr) - length)); | |
1081 | } | |
1082 | p = (const u8 *) (hdr + 1); | |
1083 | ||
1084 | switch (hdr->type) { | |
1085 | case IEEE802_1X_TYPE_EAP_PACKET: | |
1086 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length); | |
1087 | break; | |
1088 | case IEEE802_1X_TYPE_EAPOL_START: | |
1089 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length); | |
1090 | break; | |
1091 | case IEEE802_1X_TYPE_EAPOL_LOGOFF: | |
1092 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length); | |
1093 | break; | |
1094 | case IEEE802_1X_TYPE_EAPOL_KEY: | |
1095 | rx_data_eapol_key(wt, dst, src, data, sizeof(*hdr) + length, | |
1096 | prot); | |
1097 | break; | |
1098 | case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT: | |
1099 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert", | |
1100 | p, length); | |
1101 | break; | |
1102 | default: | |
1103 | wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length); | |
1104 | break; | |
1105 | } | |
1106 | } |