]>
Commit | Line | Data |
---|---|---|
161d0339 JM |
1 | /* |
2 | * Received Data frame processing for EAPOL messages | |
98cd3d1c | 3 | * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi> |
161d0339 | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
161d0339 JM |
7 | */ |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "crypto/aes_wrap.h" | |
13 | #include "crypto/crypto.h" | |
14 | #include "common/defs.h" | |
15 | #include "common/ieee802_11_defs.h" | |
c81defea | 16 | #include "common/ieee802_11_common.h" |
161d0339 JM |
17 | #include "common/eapol_common.h" |
18 | #include "common/wpa_common.h" | |
19 | #include "rsn_supp/wpa_ie.h" | |
20 | #include "wlantest.h" | |
21 | ||
22 | ||
23 | static int is_zero(const u8 *buf, size_t len) | |
24 | { | |
25 | size_t i; | |
26 | for (i = 0; i < len; i++) { | |
27 | if (buf[i]) | |
28 | return 0; | |
29 | } | |
30 | return 1; | |
31 | } | |
32 | ||
33 | ||
98cd3d1c JM |
34 | static int check_mic(const u8 *kck, size_t kck_len, int akmp, int ver, |
35 | const u8 *data, size_t len) | |
161d0339 JM |
36 | { |
37 | u8 *buf; | |
38 | int ret = -1; | |
39 | struct ieee802_1x_hdr *hdr; | |
40 | struct wpa_eapol_key *key; | |
98cd3d1c | 41 | u8 rx_mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; |
567da5bb | 42 | size_t mic_len = wpa_mic_len(akmp, PMK_LEN); |
161d0339 | 43 | |
a1f11e34 | 44 | buf = os_memdup(data, len); |
161d0339 JM |
45 | if (buf == NULL) |
46 | return -1; | |
161d0339 JM |
47 | hdr = (struct ieee802_1x_hdr *) buf; |
48 | key = (struct wpa_eapol_key *) (hdr + 1); | |
49 | ||
6d014ffc JM |
50 | os_memcpy(rx_mic, key + 1, mic_len); |
51 | os_memset(key + 1, 0, mic_len); | |
161d0339 | 52 | |
98cd3d1c | 53 | if (wpa_eapol_key_mic(kck, kck_len, akmp, ver, buf, len, |
6d014ffc JM |
54 | (u8 *) (key + 1)) == 0 && |
55 | os_memcmp(rx_mic, key + 1, mic_len) == 0) | |
161d0339 JM |
56 | ret = 0; |
57 | ||
58 | os_free(buf); | |
59 | ||
60 | return ret; | |
61 | } | |
62 | ||
63 | ||
64 | static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst, | |
65 | const u8 *src, const u8 *data, size_t len) | |
66 | { | |
67 | struct wlantest_bss *bss; | |
68 | struct wlantest_sta *sta; | |
69 | const struct ieee802_1x_hdr *eapol; | |
70 | const struct wpa_eapol_key *hdr; | |
71 | ||
72 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR, | |
73 | MAC2STR(src), MAC2STR(dst)); | |
74 | bss = bss_get(wt, src); | |
75 | if (bss == NULL) | |
76 | return; | |
77 | sta = sta_get(bss, dst); | |
78 | if (sta == NULL) | |
79 | return; | |
80 | ||
81 | eapol = (const struct ieee802_1x_hdr *) data; | |
82 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
83 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { | |
e4d99217 JM |
84 | add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR |
85 | " used zero nonce", MAC2STR(src)); | |
161d0339 JM |
86 | } |
87 | if (!is_zero(hdr->key_rsc, 8)) { | |
e4d99217 JM |
88 | add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR |
89 | " used non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
90 | } |
91 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
92 | } | |
93 | ||
94 | ||
e4d99217 JM |
95 | static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss, |
96 | struct wlantest_sta *sta, u16 ver, | |
97 | const u8 *data, size_t len, | |
161d0339 JM |
98 | struct wlantest_pmk *pmk) |
99 | { | |
100 | struct wpa_ptk ptk; | |
eb2223e0 | 101 | |
3fb62bda | 102 | if (wpa_key_mgmt_ft(sta->key_mgmt)) { |
3fb62bda JM |
103 | u8 pmk_r1[PMK_LEN]; |
104 | u8 pmk_r1_name[WPA_PMK_NAME_LEN]; | |
105 | u8 ptk_name[WPA_PMK_NAME_LEN]; | |
106 | ||
c38c62ff JM |
107 | if (wpa_derive_pmk_r0(pmk->pmk, PMK_LEN, |
108 | bss->ssid, bss->ssid_len, bss->mdid, | |
109 | bss->r0kh_id, bss->r0kh_id_len, | |
110 | sta->addr, sta->pmk_r0, sta->pmk_r0_name, | |
111 | 0) < 0) | |
112 | return -1; | |
113 | wpa_hexdump(MSG_DEBUG, "FT: PMK-R0", sta->pmk_r0, PMK_LEN); | |
114 | wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", sta->pmk_r0_name, | |
3fb62bda | 115 | WPA_PMK_NAME_LEN); |
c38c62ff JM |
116 | if (wpa_derive_pmk_r1(sta->pmk_r0, PMK_LEN, sta->pmk_r0_name, |
117 | bss->r1kh_id, sta->addr, | |
118 | pmk_r1, pmk_r1_name) < 0) | |
119 | return -1; | |
3fb62bda JM |
120 | wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN); |
121 | wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, | |
122 | WPA_PMK_NAME_LEN); | |
a3e18dbb | 123 | if (wpa_pmk_r1_to_ptk(pmk_r1, PMK_LEN, sta->snonce, sta->anonce, |
3fb62bda JM |
124 | sta->addr, |
125 | bss->bssid, pmk_r1_name, &ptk, ptk_name, | |
126 | sta->key_mgmt, | |
127 | sta->pairwise_cipher) < 0 || | |
128 | check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data, | |
129 | len) < 0) | |
130 | return -1; | |
6c29d95a | 131 | } else if (wpa_pmk_to_ptk(pmk->pmk, PMK_LEN, |
3fb62bda JM |
132 | "Pairwise key expansion", |
133 | bss->bssid, sta->addr, sta->anonce, | |
134 | sta->snonce, &ptk, sta->key_mgmt, | |
ecacd9cc | 135 | sta->pairwise_cipher, NULL, 0) < 0 || |
3fb62bda JM |
136 | check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data, |
137 | len) < 0) { | |
161d0339 | 138 | return -1; |
3fb62bda | 139 | } |
161d0339 JM |
140 | |
141 | wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR, | |
142 | MAC2STR(sta->addr), MAC2STR(bss->bssid)); | |
143 | sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++; | |
d0b251d2 JM |
144 | if (sta->ptk_set) { |
145 | /* | |
146 | * Rekeying - use new PTK for EAPOL-Key frames, but continue | |
147 | * using the old PTK for frame decryption. | |
148 | */ | |
e4d99217 | 149 | add_note(wt, MSG_DEBUG, "Derived PTK during rekeying"); |
d0b251d2 | 150 | os_memcpy(&sta->tptk, &ptk, sizeof(ptk)); |
98cd3d1c JM |
151 | wpa_hexdump(MSG_DEBUG, "TPTK:KCK", |
152 | sta->tptk.kck, sta->tptk.kck_len); | |
153 | wpa_hexdump(MSG_DEBUG, "TPTK:KEK", | |
154 | sta->tptk.kek, sta->tptk.kek_len); | |
155 | wpa_hexdump(MSG_DEBUG, "TPTK:TK", | |
156 | sta->tptk.tk, sta->tptk.tk_len); | |
d0b251d2 JM |
157 | sta->tptk_set = 1; |
158 | return 0; | |
159 | } | |
e4d99217 | 160 | add_note(wt, MSG_DEBUG, "Derived new PTK"); |
161d0339 | 161 | os_memcpy(&sta->ptk, &ptk, sizeof(ptk)); |
98cd3d1c JM |
162 | wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, sta->ptk.kck_len); |
163 | wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, sta->ptk.kek_len); | |
164 | wpa_hexdump(MSG_DEBUG, "PTK:TK", sta->ptk.tk, sta->ptk.tk_len); | |
161d0339 JM |
165 | sta->ptk_set = 1; |
166 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
167 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
168 | return 0; | |
169 | } | |
170 | ||
171 | ||
172 | static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss, | |
173 | struct wlantest_sta *sta, u16 ver, | |
174 | const u8 *data, size_t len) | |
175 | { | |
176 | struct wlantest_pmk *pmk; | |
177 | ||
f6ff5160 JM |
178 | wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)", |
179 | MAC2STR(sta->addr), ver); | |
161d0339 | 180 | dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) { |
0778c8f5 | 181 | wpa_printf(MSG_DEBUG, "Try per-BSS PMK"); |
e4d99217 | 182 | if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0) |
161d0339 JM |
183 | return; |
184 | } | |
185 | ||
186 | dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) { | |
0778c8f5 | 187 | wpa_printf(MSG_DEBUG, "Try global PMK"); |
e4d99217 | 188 | if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0) |
161d0339 JM |
189 | return; |
190 | } | |
a0530dff JM |
191 | |
192 | if (!sta->ptk_set) { | |
193 | struct wlantest_ptk *ptk; | |
194 | int prev_level = wpa_debug_level; | |
195 | ||
196 | wpa_debug_level = MSG_WARNING; | |
197 | dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) { | |
98cd3d1c JM |
198 | if (check_mic(ptk->ptk.kck, ptk->ptk.kck_len, |
199 | sta->key_mgmt, ver, data, len) < 0) | |
a0530dff JM |
200 | continue; |
201 | wpa_printf(MSG_INFO, "Pre-set PTK matches for STA " | |
202 | MACSTR " BSSID " MACSTR, | |
203 | MAC2STR(sta->addr), MAC2STR(bss->bssid)); | |
204 | add_note(wt, MSG_DEBUG, "Using pre-set PTK"); | |
eb2223e0 AKP |
205 | ptk->ptk_len = 32 + |
206 | wpa_cipher_key_len(sta->pairwise_cipher); | |
a0530dff | 207 | os_memcpy(&sta->ptk, &ptk->ptk, sizeof(ptk->ptk)); |
98cd3d1c JM |
208 | wpa_hexdump(MSG_DEBUG, "PTK:KCK", |
209 | sta->ptk.kck, sta->ptk.kck_len); | |
210 | wpa_hexdump(MSG_DEBUG, "PTK:KEK", | |
211 | sta->ptk.kek, sta->ptk.kek_len); | |
212 | wpa_hexdump(MSG_DEBUG, "PTK:TK", | |
213 | sta->ptk.tk, sta->ptk.tk_len); | |
a0530dff JM |
214 | sta->ptk_set = 1; |
215 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
216 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
217 | } | |
218 | wpa_debug_level = prev_level; | |
219 | } | |
220 | ||
e4d99217 | 221 | add_note(wt, MSG_DEBUG, "No matching PMK found to derive PTK"); |
161d0339 JM |
222 | } |
223 | ||
224 | ||
225 | static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst, | |
226 | const u8 *src, const u8 *data, size_t len) | |
227 | { | |
228 | struct wlantest_bss *bss; | |
229 | struct wlantest_sta *sta; | |
230 | const struct ieee802_1x_hdr *eapol; | |
231 | const struct wpa_eapol_key *hdr; | |
6d014ffc JM |
232 | const u8 *key_data, *kck, *mic; |
233 | size_t kck_len, mic_len; | |
161d0339 JM |
234 | u16 key_info, key_data_len; |
235 | struct wpa_eapol_ie_parse ie; | |
236 | ||
237 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR, | |
238 | MAC2STR(src), MAC2STR(dst)); | |
239 | bss = bss_get(wt, dst); | |
240 | if (bss == NULL) | |
241 | return; | |
242 | sta = sta_get(bss, src); | |
243 | if (sta == NULL) | |
244 | return; | |
245 | ||
246 | eapol = (const struct ieee802_1x_hdr *) data; | |
247 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
567da5bb | 248 | mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN); |
6d014ffc | 249 | mic = (const u8 *) (hdr + 1); |
161d0339 | 250 | if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) { |
e4d99217 JM |
251 | add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR |
252 | " used zero nonce", MAC2STR(src)); | |
161d0339 JM |
253 | } |
254 | if (!is_zero(hdr->key_rsc, 8)) { | |
e4d99217 JM |
255 | add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR |
256 | " used non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
257 | } |
258 | os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN); | |
259 | key_info = WPA_GET_BE16(hdr->key_info); | |
6d014ffc | 260 | key_data_len = WPA_GET_BE16(mic + mic_len); |
161d0339 JM |
261 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len); |
262 | ||
d0b251d2 | 263 | if (!sta->ptk_set && !sta->tptk_set) { |
e4d99217 JM |
264 | add_note(wt, MSG_DEBUG, |
265 | "No PTK known to process EAPOL-Key 2/4"); | |
161d0339 JM |
266 | return; |
267 | } | |
268 | ||
d0b251d2 | 269 | kck = sta->ptk.kck; |
98cd3d1c | 270 | kck_len = sta->ptk.kck_len; |
d0b251d2 | 271 | if (sta->tptk_set) { |
e4d99217 JM |
272 | add_note(wt, MSG_DEBUG, |
273 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 | 274 | kck = sta->tptk.kck; |
98cd3d1c | 275 | kck_len = sta->tptk.kck_len; |
d0b251d2 | 276 | } |
98cd3d1c JM |
277 | if (check_mic(kck, kck_len, sta->key_mgmt, |
278 | key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
e4d99217 | 279 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC"); |
161d0339 JM |
280 | return; |
281 | } | |
e4d99217 | 282 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4"); |
161d0339 | 283 | |
6d014ffc | 284 | key_data = mic + mic_len + 2; |
161d0339 JM |
285 | |
286 | if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) { | |
e4d99217 | 287 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
288 | return; |
289 | } | |
290 | ||
291 | if (ie.wpa_ie) { | |
292 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
293 | ie.wpa_ie, ie.wpa_ie_len); | |
294 | if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) { | |
c81defea | 295 | struct ieee802_11_elems elems; |
e4d99217 JM |
296 | add_note(wt, MSG_INFO, |
297 | "Mismatch in WPA IE between EAPOL-Key 2/4 " | |
298 | "and (Re)Association Request from " MACSTR, | |
299 | MAC2STR(sta->addr)); | |
161d0339 JM |
300 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", |
301 | ie.wpa_ie, ie.wpa_ie_len); | |
302 | wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association " | |
303 | "Request", | |
304 | sta->rsnie, | |
305 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
306 | /* |
307 | * The sniffer may have missed (Re)Association | |
308 | * Request, so try to survive with the information from | |
309 | * EAPOL-Key. | |
310 | */ | |
311 | os_memset(&elems, 0, sizeof(elems)); | |
312 | elems.wpa_ie = ie.wpa_ie + 2; | |
313 | elems.wpa_ie_len = ie.wpa_ie_len - 2; | |
314 | wpa_printf(MSG_DEBUG, "Update STA data based on WPA " | |
315 | "IE in EAPOL-Key 2/4"); | |
316 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
317 | } |
318 | } | |
319 | ||
320 | if (ie.rsn_ie) { | |
321 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
322 | ie.rsn_ie, ie.rsn_ie_len); | |
323 | if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) { | |
c81defea | 324 | struct ieee802_11_elems elems; |
e4d99217 JM |
325 | add_note(wt, MSG_INFO, |
326 | "Mismatch in RSN IE between EAPOL-Key 2/4 " | |
327 | "and (Re)Association Request from " MACSTR, | |
328 | MAC2STR(sta->addr)); | |
161d0339 JM |
329 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", |
330 | ie.rsn_ie, ie.rsn_ie_len); | |
331 | wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association " | |
332 | "Request", | |
333 | sta->rsnie, | |
334 | sta->rsnie[0] ? 2 + sta->rsnie[1] : 0); | |
c81defea JM |
335 | /* |
336 | * The sniffer may have missed (Re)Association | |
337 | * Request, so try to survive with the information from | |
338 | * EAPOL-Key. | |
339 | */ | |
340 | os_memset(&elems, 0, sizeof(elems)); | |
341 | elems.rsn_ie = ie.rsn_ie + 2; | |
342 | elems.rsn_ie_len = ie.rsn_ie_len - 2; | |
343 | wpa_printf(MSG_DEBUG, "Update STA data based on RSN " | |
344 | "IE in EAPOL-Key 2/4"); | |
345 | sta_update_assoc(sta, &elems); | |
161d0339 JM |
346 | } |
347 | } | |
348 | } | |
349 | ||
350 | ||
e4d99217 | 351 | static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek, |
161d0339 | 352 | const struct wpa_eapol_key *hdr, |
6d014ffc | 353 | const u8 *keydata, u16 keydatalen, |
161d0339 JM |
354 | size_t *len) |
355 | { | |
356 | u8 ek[32], *buf; | |
161d0339 | 357 | |
a1f11e34 | 358 | buf = os_memdup(keydata, keydatalen); |
161d0339 JM |
359 | if (buf == NULL) |
360 | return NULL; | |
361 | ||
362 | os_memcpy(ek, hdr->key_iv, 16); | |
363 | os_memcpy(ek + 16, kek, 16); | |
161d0339 | 364 | if (rc4_skip(ek, 32, 256, buf, keydatalen)) { |
e4d99217 | 365 | add_note(wt, MSG_INFO, "RC4 failed"); |
161d0339 JM |
366 | os_free(buf); |
367 | return NULL; | |
368 | } | |
369 | ||
370 | *len = keydatalen; | |
371 | return buf; | |
372 | } | |
373 | ||
374 | ||
e4d99217 | 375 | static u8 * decrypt_eapol_key_data_aes(struct wlantest *wt, const u8 *kek, |
161d0339 | 376 | const struct wpa_eapol_key *hdr, |
6d014ffc | 377 | const u8 *keydata, u16 keydatalen, |
161d0339 JM |
378 | size_t *len) |
379 | { | |
380 | u8 *buf; | |
161d0339 JM |
381 | |
382 | if (keydatalen % 8) { | |
e4d99217 JM |
383 | add_note(wt, MSG_INFO, "Unsupported AES-WRAP len %d", |
384 | keydatalen); | |
161d0339 JM |
385 | return NULL; |
386 | } | |
387 | keydatalen -= 8; /* AES-WRAP adds 8 bytes */ | |
388 | buf = os_malloc(keydatalen); | |
389 | if (buf == NULL) | |
390 | return NULL; | |
6d014ffc | 391 | if (aes_unwrap(kek, 16, keydatalen / 8, keydata, buf)) { |
161d0339 | 392 | os_free(buf); |
e4d99217 JM |
393 | add_note(wt, MSG_INFO, |
394 | "AES unwrap failed - could not decrypt EAPOL-Key " | |
395 | "key data"); | |
161d0339 JM |
396 | return NULL; |
397 | } | |
398 | ||
399 | *len = keydatalen; | |
400 | return buf; | |
401 | } | |
402 | ||
403 | ||
6d014ffc | 404 | static u8 * decrypt_eapol_key_data(struct wlantest *wt, int akmp, const u8 *kek, |
98cd3d1c | 405 | size_t kek_len, u16 ver, |
161d0339 JM |
406 | const struct wpa_eapol_key *hdr, |
407 | size_t *len) | |
408 | { | |
6d014ffc JM |
409 | size_t mic_len; |
410 | u16 keydatalen; | |
411 | const u8 *mic, *keydata; | |
412 | ||
98cd3d1c JM |
413 | if (kek_len != 16) |
414 | return NULL; | |
6d014ffc JM |
415 | |
416 | mic = (const u8 *) (hdr + 1); | |
567da5bb | 417 | mic_len = wpa_mic_len(akmp, PMK_LEN); |
6d014ffc JM |
418 | keydata = mic + mic_len + 2; |
419 | keydatalen = WPA_GET_BE16(mic + mic_len); | |
420 | ||
161d0339 JM |
421 | switch (ver) { |
422 | case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: | |
6d014ffc JM |
423 | return decrypt_eapol_key_data_rc4(wt, kek, hdr, keydata, |
424 | keydatalen, len); | |
161d0339 JM |
425 | case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: |
426 | case WPA_KEY_INFO_TYPE_AES_128_CMAC: | |
6d014ffc JM |
427 | return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata, |
428 | keydatalen, len); | |
f6ff5160 JM |
429 | case WPA_KEY_INFO_TYPE_AKM_DEFINED: |
430 | /* For now, assume this is OSEN */ | |
6d014ffc JM |
431 | return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata, |
432 | keydatalen, len); | |
161d0339 | 433 | default: |
e4d99217 JM |
434 | add_note(wt, MSG_INFO, |
435 | "Unsupported EAPOL-Key Key Descriptor Version %u", | |
436 | ver); | |
161d0339 JM |
437 | return NULL; |
438 | } | |
439 | } | |
440 | ||
441 | ||
e4d99217 JM |
442 | static void learn_kde_keys(struct wlantest *wt, struct wlantest_bss *bss, |
443 | struct wlantest_sta *sta, | |
fd848ab9 | 444 | const u8 *buf, size_t len, const u8 *rsc) |
161d0339 JM |
445 | { |
446 | struct wpa_eapol_ie_parse ie; | |
447 | ||
448 | if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) { | |
e4d99217 | 449 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
450 | return; |
451 | } | |
452 | ||
453 | if (ie.wpa_ie) { | |
454 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE", | |
455 | ie.wpa_ie, ie.wpa_ie_len); | |
456 | } | |
457 | ||
458 | if (ie.rsn_ie) { | |
459 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE", | |
460 | ie.rsn_ie, ie.rsn_ie_len); | |
461 | } | |
462 | ||
463 | if (ie.gtk) { | |
464 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE", | |
465 | ie.gtk, ie.gtk_len); | |
466 | if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) { | |
467 | int id; | |
468 | id = ie.gtk[0] & 0x03; | |
c41e1d7c JM |
469 | add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u", |
470 | id, !!(ie.gtk[0] & 0x04)); | |
e4d99217 JM |
471 | if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) { |
472 | add_note(wt, MSG_INFO, | |
473 | "GTK KDE: Reserved field set: " | |
474 | "%02x %02x", ie.gtk[0], ie.gtk[1]); | |
475 | } | |
161d0339 JM |
476 | wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2, |
477 | ie.gtk_len - 2); | |
478 | bss->gtk_len[id] = ie.gtk_len - 2; | |
fd848ab9 | 479 | sta->gtk_len = ie.gtk_len - 2; |
161d0339 | 480 | os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2); |
fd848ab9 | 481 | os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2); |
161d0339 JM |
482 | bss->rsc[id][0] = rsc[5]; |
483 | bss->rsc[id][1] = rsc[4]; | |
484 | bss->rsc[id][2] = rsc[3]; | |
485 | bss->rsc[id][3] = rsc[2]; | |
486 | bss->rsc[id][4] = rsc[1]; | |
487 | bss->rsc[id][5] = rsc[0]; | |
488 | bss->gtk_idx = id; | |
fd848ab9 | 489 | sta->gtk_idx = id; |
161d0339 JM |
490 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); |
491 | } else { | |
e4d99217 JM |
492 | add_note(wt, MSG_INFO, "Invalid GTK KDE length %u", |
493 | (unsigned) ie.gtk_len); | |
161d0339 JM |
494 | } |
495 | } | |
496 | ||
497 | if (ie.igtk) { | |
498 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE", | |
499 | ie.igtk, ie.igtk_len); | |
500 | if (ie.igtk_len == 24) { | |
501 | u16 id; | |
502 | id = WPA_GET_LE16(ie.igtk); | |
503 | if (id > 5) { | |
e4d99217 JM |
504 | add_note(wt, MSG_INFO, |
505 | "Unexpected IGTK KeyID %u", id); | |
161d0339 JM |
506 | } else { |
507 | const u8 *ipn; | |
c41e1d7c | 508 | add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id); |
161d0339 JM |
509 | wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6); |
510 | wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8, | |
511 | 16); | |
512 | os_memcpy(bss->igtk[id], ie.igtk + 8, 16); | |
cb80fada JM |
513 | bss->igtk_len[id] = 16; |
514 | ipn = ie.igtk + 2; | |
515 | bss->ipn[id][0] = ipn[5]; | |
516 | bss->ipn[id][1] = ipn[4]; | |
517 | bss->ipn[id][2] = ipn[3]; | |
518 | bss->ipn[id][3] = ipn[2]; | |
519 | bss->ipn[id][4] = ipn[1]; | |
520 | bss->ipn[id][5] = ipn[0]; | |
521 | bss->igtk_idx = id; | |
522 | } | |
523 | } else if (ie.igtk_len == 40) { | |
524 | u16 id; | |
525 | id = WPA_GET_LE16(ie.igtk); | |
526 | if (id > 5) { | |
527 | add_note(wt, MSG_INFO, | |
528 | "Unexpected IGTK KeyID %u", id); | |
529 | } else { | |
530 | const u8 *ipn; | |
531 | add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id); | |
532 | wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6); | |
533 | wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8, | |
534 | 32); | |
535 | os_memcpy(bss->igtk[id], ie.igtk + 8, 32); | |
536 | bss->igtk_len[id] = 32; | |
161d0339 JM |
537 | ipn = ie.igtk + 2; |
538 | bss->ipn[id][0] = ipn[5]; | |
539 | bss->ipn[id][1] = ipn[4]; | |
540 | bss->ipn[id][2] = ipn[3]; | |
541 | bss->ipn[id][3] = ipn[2]; | |
542 | bss->ipn[id][4] = ipn[1]; | |
543 | bss->ipn[id][5] = ipn[0]; | |
544 | bss->igtk_idx = id; | |
545 | } | |
546 | } else { | |
e4d99217 JM |
547 | add_note(wt, MSG_INFO, "Invalid IGTK KDE length %u", |
548 | (unsigned) ie.igtk_len); | |
161d0339 JM |
549 | } |
550 | } | |
551 | } | |
552 | ||
553 | ||
554 | static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst, | |
555 | const u8 *src, const u8 *data, size_t len) | |
556 | { | |
557 | struct wlantest_bss *bss; | |
558 | struct wlantest_sta *sta; | |
559 | const struct ieee802_1x_hdr *eapol; | |
560 | const struct wpa_eapol_key *hdr; | |
6d014ffc JM |
561 | const u8 *key_data, *kck, *kek, *mic; |
562 | size_t kck_len, kek_len, mic_len; | |
161d0339 JM |
563 | int recalc = 0; |
564 | u16 key_info, ver; | |
565 | u8 *decrypted_buf = NULL; | |
566 | const u8 *decrypted; | |
567 | size_t decrypted_len = 0; | |
568 | struct wpa_eapol_ie_parse ie; | |
569 | ||
570 | wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR, | |
571 | MAC2STR(src), MAC2STR(dst)); | |
572 | bss = bss_get(wt, src); | |
573 | if (bss == NULL) | |
574 | return; | |
575 | sta = sta_get(bss, dst); | |
576 | if (sta == NULL) | |
577 | return; | |
567da5bb | 578 | mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN); |
161d0339 JM |
579 | |
580 | eapol = (const struct ieee802_1x_hdr *) data; | |
581 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
6d014ffc | 582 | mic = (const u8 *) (hdr + 1); |
161d0339 JM |
583 | key_info = WPA_GET_BE16(hdr->key_info); |
584 | ||
585 | if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) { | |
e4d99217 JM |
586 | add_note(wt, MSG_INFO, |
587 | "EAPOL-Key ANonce mismatch between 1/4 and 3/4"); | |
161d0339 JM |
588 | recalc = 1; |
589 | } | |
590 | os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN); | |
591 | if (recalc) { | |
592 | derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, | |
593 | data, len); | |
594 | } | |
595 | ||
d0b251d2 | 596 | if (!sta->ptk_set && !sta->tptk_set) { |
e4d99217 JM |
597 | add_note(wt, MSG_DEBUG, |
598 | "No PTK known to process EAPOL-Key 3/4"); | |
161d0339 JM |
599 | return; |
600 | } | |
601 | ||
3c56f0e2 | 602 | kek = sta->ptk.kek; |
98cd3d1c | 603 | kek_len = sta->ptk.kek_len; |
d0b251d2 | 604 | kck = sta->ptk.kck; |
98cd3d1c | 605 | kck_len = sta->ptk.kck_len; |
d0b251d2 | 606 | if (sta->tptk_set) { |
e4d99217 JM |
607 | add_note(wt, MSG_DEBUG, |
608 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 | 609 | kck = sta->tptk.kck; |
98cd3d1c | 610 | kck_len = sta->tptk.kck_len; |
3c56f0e2 | 611 | kek = sta->tptk.kek; |
98cd3d1c | 612 | kek_len = sta->tptk.kek_len; |
d0b251d2 | 613 | } |
98cd3d1c JM |
614 | if (check_mic(kck, kck_len, sta->key_mgmt, |
615 | key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
e4d99217 | 616 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC"); |
161d0339 JM |
617 | return; |
618 | } | |
e4d99217 | 619 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4"); |
161d0339 | 620 | |
6d014ffc | 621 | key_data = mic + mic_len + 2; |
161d0339 JM |
622 | if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
623 | if (sta->proto & WPA_PROTO_RSN) | |
e4d99217 JM |
624 | add_note(wt, MSG_INFO, |
625 | "EAPOL-Key 3/4 without EncrKeyData bit"); | |
161d0339 | 626 | decrypted = key_data; |
6d014ffc | 627 | decrypted_len = WPA_GET_BE16(mic + mic_len); |
161d0339 JM |
628 | } else { |
629 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
6d014ffc JM |
630 | decrypted_buf = decrypt_eapol_key_data(wt, sta->key_mgmt, |
631 | kek, kek_len, ver, | |
98cd3d1c | 632 | hdr, &decrypted_len); |
161d0339 | 633 | if (decrypted_buf == NULL) { |
e4d99217 JM |
634 | add_note(wt, MSG_INFO, |
635 | "Failed to decrypt EAPOL-Key Key Data"); | |
161d0339 JM |
636 | return; |
637 | } | |
638 | decrypted = decrypted_buf; | |
639 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
640 | decrypted, decrypted_len); | |
641 | } | |
dd4722df | 642 | if ((wt->write_pcap_dumper || wt->pcapng) && decrypted != key_data) { |
161d0339 | 643 | /* Fill in a dummy Data frame header */ |
19e7ddf7 | 644 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64]; |
161d0339 JM |
645 | struct ieee80211_hdr *h; |
646 | struct wpa_eapol_key *k; | |
647 | const u8 *p; | |
648 | u8 *pos; | |
649 | size_t plain_len; | |
650 | ||
651 | plain_len = decrypted_len; | |
652 | p = decrypted; | |
653 | while (p + 1 < decrypted + decrypted_len) { | |
654 | if (p[0] == 0xdd && p[1] == 0x00) { | |
655 | /* Remove padding */ | |
656 | plain_len = p - decrypted; | |
faf0fef1 | 657 | p = NULL; |
161d0339 JM |
658 | break; |
659 | } | |
660 | p += 2 + p[1]; | |
661 | } | |
faf0fef1 JM |
662 | if (p && p > decrypted && *p == 0xdd && |
663 | p + 1 == decrypted + decrypted_len) { | |
664 | /* Remove padding */ | |
665 | p--; | |
666 | plain_len = p - decrypted; | |
667 | } | |
161d0339 JM |
668 | |
669 | os_memset(buf, 0, sizeof(buf)); | |
670 | h = (struct ieee80211_hdr *) buf; | |
671 | h->frame_control = host_to_le16(0x0208); | |
672 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
673 | os_memcpy(h->addr2, src, ETH_ALEN); | |
674 | os_memcpy(h->addr3, src, ETH_ALEN); | |
675 | pos = (u8 *) (h + 1); | |
676 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
677 | pos += 8; | |
678 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
679 | pos += sizeof(*eapol); | |
6d014ffc | 680 | os_memcpy(pos, hdr, sizeof(*hdr) + mic_len); |
161d0339 | 681 | k = (struct wpa_eapol_key *) pos; |
6d014ffc | 682 | pos += sizeof(struct wpa_eapol_key) + mic_len; |
161d0339 JM |
683 | WPA_PUT_BE16(k->key_info, |
684 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
6d014ffc | 685 | WPA_PUT_BE16(pos, plain_len); |
19e7ddf7 JM |
686 | write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) + |
687 | sizeof(*hdr) + mic_len + 2, | |
161d0339 JM |
688 | decrypted, plain_len); |
689 | } | |
690 | ||
691 | if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) { | |
e4d99217 | 692 | add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data"); |
161d0339 JM |
693 | os_free(decrypted_buf); |
694 | return; | |
695 | } | |
696 | ||
697 | if ((ie.wpa_ie && | |
698 | os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) || | |
699 | (ie.wpa_ie == NULL && bss->wpaie[0])) { | |
e4d99217 JM |
700 | add_note(wt, MSG_INFO, |
701 | "Mismatch in WPA IE between EAPOL-Key 3/4 and " | |
702 | "Beacon/Probe Response from " MACSTR, | |
703 | MAC2STR(bss->bssid)); | |
161d0339 JM |
704 | wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key", |
705 | ie.wpa_ie, ie.wpa_ie_len); | |
706 | wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe " | |
707 | "Response", | |
708 | bss->wpaie, | |
709 | bss->wpaie[0] ? 2 + bss->wpaie[1] : 0); | |
710 | } | |
711 | ||
712 | if ((ie.rsn_ie && | |
713 | os_memcmp(ie.rsn_ie, bss->rsnie, ie.rsn_ie_len) != 0) || | |
714 | (ie.rsn_ie == NULL && bss->rsnie[0])) { | |
e4d99217 JM |
715 | add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key " |
716 | "3/4 and Beacon/Probe Response from " MACSTR, | |
717 | MAC2STR(bss->bssid)); | |
161d0339 JM |
718 | wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", |
719 | ie.rsn_ie, ie.rsn_ie_len); | |
7d273679 | 720 | wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response", |
161d0339 JM |
721 | bss->rsnie, |
722 | bss->rsnie[0] ? 2 + bss->rsnie[1] : 0); | |
723 | } | |
724 | ||
e4d99217 | 725 | learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, hdr->key_rsc); |
161d0339 JM |
726 | os_free(decrypted_buf); |
727 | } | |
728 | ||
729 | ||
730 | static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst, | |
731 | const u8 *src, const u8 *data, size_t len) | |
732 | { | |
733 | struct wlantest_bss *bss; | |
734 | struct wlantest_sta *sta; | |
735 | const struct ieee802_1x_hdr *eapol; | |
736 | const struct wpa_eapol_key *hdr; | |
737 | u16 key_info; | |
d0b251d2 | 738 | const u8 *kck; |
98cd3d1c | 739 | size_t kck_len; |
161d0339 JM |
740 | |
741 | wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR, | |
742 | MAC2STR(src), MAC2STR(dst)); | |
743 | bss = bss_get(wt, dst); | |
744 | if (bss == NULL) | |
745 | return; | |
746 | sta = sta_get(bss, src); | |
747 | if (sta == NULL) | |
748 | return; | |
749 | ||
750 | eapol = (const struct ieee802_1x_hdr *) data; | |
751 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
752 | if (!is_zero(hdr->key_rsc, 8)) { | |
c41e1d7c JM |
753 | add_note(wt, MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used " |
754 | "non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
755 | } |
756 | key_info = WPA_GET_BE16(hdr->key_info); | |
757 | ||
d0b251d2 | 758 | if (!sta->ptk_set && !sta->tptk_set) { |
c41e1d7c JM |
759 | add_note(wt, MSG_DEBUG, |
760 | "No PTK known to process EAPOL-Key 4/4"); | |
161d0339 JM |
761 | return; |
762 | } | |
763 | ||
d0b251d2 | 764 | kck = sta->ptk.kck; |
98cd3d1c | 765 | kck_len = sta->ptk.kck_len; |
d0b251d2 | 766 | if (sta->tptk_set) { |
c41e1d7c JM |
767 | add_note(wt, MSG_DEBUG, |
768 | "Use TPTK for validation EAPOL-Key MIC"); | |
d0b251d2 | 769 | kck = sta->tptk.kck; |
98cd3d1c | 770 | kck_len = sta->tptk.kck_len; |
d0b251d2 | 771 | } |
98cd3d1c JM |
772 | if (check_mic(kck, kck_len, sta->key_mgmt, |
773 | key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) { | |
c41e1d7c | 774 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC"); |
161d0339 JM |
775 | return; |
776 | } | |
c41e1d7c | 777 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4"); |
d0b251d2 | 778 | if (sta->tptk_set) { |
c41e1d7c | 779 | add_note(wt, MSG_DEBUG, "Update PTK (rekeying)"); |
d0b251d2 JM |
780 | os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk)); |
781 | sta->ptk_set = 1; | |
782 | sta->tptk_set = 0; | |
783 | os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods)); | |
784 | os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds)); | |
785 | } | |
161d0339 JM |
786 | } |
787 | ||
788 | ||
789 | static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst, | |
790 | const u8 *src, const u8 *data, size_t len) | |
791 | { | |
792 | struct wlantest_bss *bss; | |
793 | struct wlantest_sta *sta; | |
794 | const struct ieee802_1x_hdr *eapol; | |
795 | const struct wpa_eapol_key *hdr; | |
161d0339 JM |
796 | u16 key_info, ver; |
797 | u8 *decrypted; | |
798 | size_t decrypted_len = 0; | |
6d014ffc | 799 | size_t mic_len; |
161d0339 JM |
800 | |
801 | wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR, | |
802 | MAC2STR(src), MAC2STR(dst)); | |
803 | bss = bss_get(wt, src); | |
804 | if (bss == NULL) | |
805 | return; | |
806 | sta = sta_get(bss, dst); | |
807 | if (sta == NULL) | |
808 | return; | |
567da5bb | 809 | mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN); |
161d0339 JM |
810 | |
811 | eapol = (const struct ieee802_1x_hdr *) data; | |
812 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
813 | key_info = WPA_GET_BE16(hdr->key_info); | |
814 | ||
815 | if (!sta->ptk_set) { | |
c41e1d7c JM |
816 | add_note(wt, MSG_DEBUG, |
817 | "No PTK known to process EAPOL-Key 1/2"); | |
161d0339 JM |
818 | return; |
819 | } | |
820 | ||
821 | if (sta->ptk_set && | |
98cd3d1c | 822 | check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt, |
929a2ea5 | 823 | key_info & WPA_KEY_INFO_TYPE_MASK, |
161d0339 | 824 | data, len) < 0) { |
c41e1d7c | 825 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC"); |
161d0339 JM |
826 | return; |
827 | } | |
c41e1d7c | 828 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2"); |
161d0339 | 829 | |
161d0339 JM |
830 | if (sta->proto & WPA_PROTO_RSN && |
831 | !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | |
c41e1d7c | 832 | add_note(wt, MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit"); |
161d0339 JM |
833 | return; |
834 | } | |
835 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
6d014ffc JM |
836 | decrypted = decrypt_eapol_key_data(wt, sta->key_mgmt, |
837 | sta->ptk.kek, sta->ptk.kek_len, | |
98cd3d1c | 838 | ver, hdr, &decrypted_len); |
161d0339 | 839 | if (decrypted == NULL) { |
c41e1d7c | 840 | add_note(wt, MSG_INFO, "Failed to decrypt EAPOL-Key Key Data"); |
161d0339 JM |
841 | return; |
842 | } | |
843 | wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data", | |
844 | decrypted, decrypted_len); | |
dd4722df | 845 | if (wt->write_pcap_dumper || wt->pcapng) { |
161d0339 | 846 | /* Fill in a dummy Data frame header */ |
19e7ddf7 | 847 | u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64]; |
161d0339 JM |
848 | struct ieee80211_hdr *h; |
849 | struct wpa_eapol_key *k; | |
850 | u8 *pos; | |
851 | size_t plain_len; | |
852 | ||
853 | plain_len = decrypted_len; | |
854 | pos = decrypted; | |
855 | while (pos + 1 < decrypted + decrypted_len) { | |
856 | if (pos[0] == 0xdd && pos[1] == 0x00) { | |
857 | /* Remove padding */ | |
858 | plain_len = pos - decrypted; | |
859 | break; | |
860 | } | |
861 | pos += 2 + pos[1]; | |
862 | } | |
863 | ||
864 | os_memset(buf, 0, sizeof(buf)); | |
865 | h = (struct ieee80211_hdr *) buf; | |
866 | h->frame_control = host_to_le16(0x0208); | |
867 | os_memcpy(h->addr1, dst, ETH_ALEN); | |
868 | os_memcpy(h->addr2, src, ETH_ALEN); | |
869 | os_memcpy(h->addr3, src, ETH_ALEN); | |
870 | pos = (u8 *) (h + 1); | |
871 | os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8); | |
872 | pos += 8; | |
873 | os_memcpy(pos, eapol, sizeof(*eapol)); | |
874 | pos += sizeof(*eapol); | |
6d014ffc | 875 | os_memcpy(pos, hdr, sizeof(*hdr) + mic_len); |
161d0339 | 876 | k = (struct wpa_eapol_key *) pos; |
6d014ffc | 877 | pos += sizeof(struct wpa_eapol_key) + mic_len; |
161d0339 JM |
878 | WPA_PUT_BE16(k->key_info, |
879 | key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA); | |
6d014ffc | 880 | WPA_PUT_BE16(pos, plain_len); |
19e7ddf7 JM |
881 | write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) + |
882 | sizeof(*hdr) + mic_len + 2, | |
161d0339 JM |
883 | decrypted, plain_len); |
884 | } | |
885 | if (sta->proto & WPA_PROTO_RSN) | |
e4d99217 | 886 | learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, |
fd848ab9 | 887 | hdr->key_rsc); |
161d0339 | 888 | else { |
30e09b0d JM |
889 | int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16; |
890 | if (decrypted_len == klen) { | |
161d0339 JM |
891 | const u8 *rsc = hdr->key_rsc; |
892 | int id; | |
893 | id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
894 | WPA_KEY_INFO_KEY_INDEX_SHIFT; | |
c41e1d7c | 895 | add_note(wt, MSG_DEBUG, "GTK key index %d", id); |
161d0339 JM |
896 | wpa_hexdump(MSG_DEBUG, "GTK", decrypted, |
897 | decrypted_len); | |
898 | bss->gtk_len[id] = decrypted_len; | |
899 | os_memcpy(bss->gtk[id], decrypted, decrypted_len); | |
900 | bss->rsc[id][0] = rsc[5]; | |
901 | bss->rsc[id][1] = rsc[4]; | |
902 | bss->rsc[id][2] = rsc[3]; | |
903 | bss->rsc[id][3] = rsc[2]; | |
904 | bss->rsc[id][4] = rsc[1]; | |
905 | bss->rsc[id][5] = rsc[0]; | |
906 | wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6); | |
907 | } else { | |
c41e1d7c JM |
908 | add_note(wt, MSG_INFO, "Unexpected WPA Key Data length " |
909 | "in Group Key msg 1/2 from " MACSTR, | |
910 | MAC2STR(src)); | |
161d0339 JM |
911 | } |
912 | } | |
913 | os_free(decrypted); | |
914 | } | |
915 | ||
916 | ||
917 | static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst, | |
918 | const u8 *src, const u8 *data, size_t len) | |
919 | { | |
920 | struct wlantest_bss *bss; | |
921 | struct wlantest_sta *sta; | |
922 | const struct ieee802_1x_hdr *eapol; | |
923 | const struct wpa_eapol_key *hdr; | |
924 | u16 key_info; | |
925 | ||
926 | wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR, | |
927 | MAC2STR(src), MAC2STR(dst)); | |
928 | bss = bss_get(wt, dst); | |
929 | if (bss == NULL) | |
930 | return; | |
931 | sta = sta_get(bss, src); | |
932 | if (sta == NULL) | |
933 | return; | |
934 | ||
935 | eapol = (const struct ieee802_1x_hdr *) data; | |
936 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
937 | if (!is_zero(hdr->key_rsc, 8)) { | |
c41e1d7c JM |
938 | add_note(wt, MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used " |
939 | "non-zero Key RSC", MAC2STR(src)); | |
161d0339 JM |
940 | } |
941 | key_info = WPA_GET_BE16(hdr->key_info); | |
942 | ||
943 | if (!sta->ptk_set) { | |
c41e1d7c JM |
944 | add_note(wt, MSG_DEBUG, |
945 | "No PTK known to process EAPOL-Key 2/2"); | |
161d0339 JM |
946 | return; |
947 | } | |
948 | ||
949 | if (sta->ptk_set && | |
98cd3d1c | 950 | check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt, |
929a2ea5 | 951 | key_info & WPA_KEY_INFO_TYPE_MASK, |
161d0339 | 952 | data, len) < 0) { |
c41e1d7c | 953 | add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC"); |
161d0339 JM |
954 | return; |
955 | } | |
c41e1d7c | 956 | add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2"); |
161d0339 JM |
957 | } |
958 | ||
959 | ||
6d014ffc JM |
960 | static void rx_data_eapol_key(struct wlantest *wt, const u8 *bssid, |
961 | const u8 *sta_addr, const u8 *dst, | |
161d0339 JM |
962 | const u8 *src, const u8 *data, size_t len, |
963 | int prot) | |
964 | { | |
965 | const struct ieee802_1x_hdr *eapol; | |
966 | const struct wpa_eapol_key *hdr; | |
967 | const u8 *key_data; | |
968 | u16 key_info, key_length, ver, key_data_length; | |
6d014ffc JM |
969 | size_t mic_len = 16; |
970 | const u8 *mic; | |
971 | struct wlantest_bss *bss; | |
972 | struct wlantest_sta *sta; | |
973 | ||
974 | bss = bss_get(wt, bssid); | |
975 | if (bss) { | |
976 | sta = sta_get(bss, sta_addr); | |
977 | if (sta) | |
567da5bb | 978 | mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN); |
6d014ffc | 979 | } |
161d0339 JM |
980 | |
981 | eapol = (const struct ieee802_1x_hdr *) data; | |
982 | hdr = (const struct wpa_eapol_key *) (eapol + 1); | |
983 | ||
984 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key", | |
985 | (const u8 *) hdr, len - sizeof(*eapol)); | |
6d014ffc | 986 | if (len < sizeof(*hdr) + mic_len + 2) { |
c41e1d7c JM |
987 | add_note(wt, MSG_INFO, "Too short EAPOL-Key frame from " MACSTR, |
988 | MAC2STR(src)); | |
161d0339 JM |
989 | return; |
990 | } | |
6d014ffc | 991 | mic = (const u8 *) (hdr + 1); |
161d0339 JM |
992 | |
993 | if (hdr->type == EAPOL_KEY_TYPE_RC4) { | |
994 | /* TODO: EAPOL-Key RC4 for WEP */ | |
995 | wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from " | |
996 | MACSTR, MAC2STR(src)); | |
997 | return; | |
998 | } | |
999 | ||
1000 | if (hdr->type != EAPOL_KEY_TYPE_RSN && | |
1001 | hdr->type != EAPOL_KEY_TYPE_WPA) { | |
1002 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type " | |
1003 | "%u from " MACSTR, hdr->type, MAC2STR(src)); | |
1004 | return; | |
1005 | } | |
1006 | ||
1007 | key_info = WPA_GET_BE16(hdr->key_info); | |
1008 | key_length = WPA_GET_BE16(hdr->key_length); | |
6d014ffc JM |
1009 | key_data_length = WPA_GET_BE16(mic + mic_len); |
1010 | key_data = mic + mic_len + 2; | |
161d0339 | 1011 | if (key_data + key_data_length > data + len) { |
c41e1d7c JM |
1012 | add_note(wt, MSG_INFO, "Truncated EAPOL-Key from " MACSTR, |
1013 | MAC2STR(src)); | |
161d0339 JM |
1014 | return; |
1015 | } | |
1016 | if (key_data + key_data_length < data + len) { | |
1017 | wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data " | |
1018 | "field", key_data + key_data_length, | |
1019 | data + len - key_data - key_data_length); | |
1020 | } | |
1021 | ||
1022 | ||
1023 | ver = key_info & WPA_KEY_INFO_TYPE_MASK; | |
1024 | wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s " | |
1025 | "datalen=%u", | |
1026 | ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G', | |
1027 | (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> | |
1028 | WPA_KEY_INFO_KEY_INDEX_SHIFT, | |
1029 | (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "", | |
1030 | (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "", | |
1031 | (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "", | |
1032 | (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "", | |
1033 | (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "", | |
1034 | (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "", | |
1035 | (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "", | |
1036 | (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "", | |
1037 | key_data_length); | |
1038 | ||
1039 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
1040 | ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && | |
f6ff5160 JM |
1041 | ver != WPA_KEY_INFO_TYPE_AES_128_CMAC && |
1042 | ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) { | |
161d0339 JM |
1043 | wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor " |
1044 | "Version %u from " MACSTR, ver, MAC2STR(src)); | |
1045 | return; | |
1046 | } | |
1047 | ||
1048 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter", | |
1049 | hdr->replay_counter, WPA_REPLAY_COUNTER_LEN); | |
1050 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce", | |
1051 | hdr->key_nonce, WPA_NONCE_LEN); | |
1052 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV", | |
1053 | hdr->key_iv, 16); | |
1054 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC", | |
1055 | hdr->key_rsc, WPA_KEY_RSC_LEN); | |
1056 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC", | |
6d014ffc | 1057 | mic, mic_len); |
161d0339 JM |
1058 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data", |
1059 | key_data, key_data_length); | |
1060 | ||
1061 | if (hdr->type == EAPOL_KEY_TYPE_RSN && | |
1062 | (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) != | |
1063 | 0) { | |
1064 | wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved " | |
1065 | "Key Info bits 0x%x from " MACSTR, | |
1066 | key_info, MAC2STR(src)); | |
1067 | } | |
1068 | ||
1069 | if (hdr->type == EAPOL_KEY_TYPE_WPA && | |
1070 | (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA | | |
1071 | WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) { | |
1072 | wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved " | |
1073 | "Key Info bits 0x%x from " MACSTR, | |
1074 | key_info, MAC2STR(src)); | |
1075 | } | |
1076 | ||
1077 | if (key_length > 32) { | |
1078 | wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d " | |
1079 | "from " MACSTR, key_length, MAC2STR(src)); | |
1080 | } | |
1081 | ||
1082 | if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && | |
1083 | !is_zero(hdr->key_iv, 16)) { | |
1084 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV " | |
1085 | "(reserved with ver=%d) field from " MACSTR, | |
1086 | ver, MAC2STR(src)); | |
1087 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)", | |
1088 | hdr->key_iv, 16); | |
1089 | } | |
1090 | ||
1091 | if (!is_zero(hdr->key_id, 8)) { | |
1092 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID " | |
1093 | "(reserved) field from " MACSTR, MAC2STR(src)); | |
1094 | wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)", | |
1095 | hdr->key_id, 8); | |
1096 | } | |
1097 | ||
1098 | if (hdr->key_rsc[6] || hdr->key_rsc[7]) { | |
1099 | wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets " | |
1100 | "(last two are unused)" MACSTR, MAC2STR(src)); | |
1101 | } | |
1102 | ||
1103 | if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST)) | |
1104 | return; | |
1105 | ||
1106 | if (key_info & WPA_KEY_INFO_SMK_MESSAGE) | |
1107 | return; | |
1108 | ||
1109 | if (key_info & WPA_KEY_INFO_KEY_TYPE) { | |
1110 | /* 4-Way Handshake */ | |
1111 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
1112 | WPA_KEY_INFO_MIC | | |
1113 | WPA_KEY_INFO_ACK | | |
1114 | WPA_KEY_INFO_INSTALL)) { | |
1115 | case WPA_KEY_INFO_ACK: | |
1116 | rx_data_eapol_key_1_of_4(wt, dst, src, data, len); | |
1117 | break; | |
1118 | case WPA_KEY_INFO_MIC: | |
1119 | if (key_data_length == 0) | |
1120 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
1121 | len); | |
1122 | else | |
1123 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
1124 | len); | |
1125 | break; | |
1126 | case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK | | |
1127 | WPA_KEY_INFO_INSTALL: | |
1128 | /* WPA does not include Secure bit in 3/4 */ | |
1129 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); | |
1130 | break; | |
1131 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
1132 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL: | |
555ff857 JM |
1133 | case WPA_KEY_INFO_SECURE | |
1134 | WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL: | |
161d0339 JM |
1135 | rx_data_eapol_key_3_of_4(wt, dst, src, data, len); |
1136 | break; | |
1137 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
555ff857 | 1138 | case WPA_KEY_INFO_SECURE: |
d0b251d2 JM |
1139 | if (key_data_length == 0) |
1140 | rx_data_eapol_key_4_of_4(wt, dst, src, data, | |
1141 | len); | |
1142 | else | |
1143 | rx_data_eapol_key_2_of_4(wt, dst, src, data, | |
1144 | len); | |
161d0339 JM |
1145 | break; |
1146 | default: | |
1147 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
1148 | break; | |
1149 | } | |
1150 | } else { | |
1151 | /* Group Key Handshake */ | |
1152 | switch (key_info & (WPA_KEY_INFO_SECURE | | |
1153 | WPA_KEY_INFO_MIC | | |
1154 | WPA_KEY_INFO_ACK)) { | |
1155 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | | |
1156 | WPA_KEY_INFO_ACK: | |
555ff857 | 1157 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ACK: |
161d0339 JM |
1158 | rx_data_eapol_key_1_of_2(wt, dst, src, data, len); |
1159 | break; | |
1160 | case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC: | |
555ff857 | 1161 | case WPA_KEY_INFO_SECURE: |
161d0339 JM |
1162 | rx_data_eapol_key_2_of_2(wt, dst, src, data, len); |
1163 | break; | |
1164 | default: | |
1165 | wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame"); | |
1166 | break; | |
1167 | } | |
1168 | } | |
1169 | } | |
1170 | ||
1171 | ||
6d014ffc JM |
1172 | void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, |
1173 | const u8 *dst, const u8 *src, | |
161d0339 JM |
1174 | const u8 *data, size_t len, int prot) |
1175 | { | |
1176 | const struct ieee802_1x_hdr *hdr; | |
1177 | u16 length; | |
1178 | const u8 *p; | |
1179 | ||
1180 | wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len); | |
1181 | if (len < sizeof(*hdr)) { | |
1182 | wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR, | |
1183 | MAC2STR(src)); | |
1184 | return; | |
1185 | } | |
1186 | ||
1187 | hdr = (const struct ieee802_1x_hdr *) data; | |
1188 | length = be_to_host16(hdr->length); | |
1189 | wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u " | |
1190 | "type=%u len=%u", | |
1191 | MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "", | |
1192 | hdr->version, hdr->type, length); | |
1193 | if (hdr->version < 1 || hdr->version > 3) { | |
1194 | wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from " | |
1195 | MACSTR, hdr->version, MAC2STR(src)); | |
1196 | } | |
1197 | if (sizeof(*hdr) + length > len) { | |
1198 | wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR, | |
1199 | MAC2STR(src)); | |
1200 | return; | |
1201 | } | |
1202 | ||
1203 | if (sizeof(*hdr) + length < len) { | |
1204 | wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes", | |
1205 | (int) (len - sizeof(*hdr) - length)); | |
1206 | } | |
1207 | p = (const u8 *) (hdr + 1); | |
1208 | ||
1209 | switch (hdr->type) { | |
1210 | case IEEE802_1X_TYPE_EAP_PACKET: | |
1211 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length); | |
1212 | break; | |
1213 | case IEEE802_1X_TYPE_EAPOL_START: | |
1214 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length); | |
1215 | break; | |
1216 | case IEEE802_1X_TYPE_EAPOL_LOGOFF: | |
1217 | wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length); | |
1218 | break; | |
1219 | case IEEE802_1X_TYPE_EAPOL_KEY: | |
6d014ffc JM |
1220 | rx_data_eapol_key(wt, bssid, sta_addr, dst, src, data, |
1221 | sizeof(*hdr) + length, prot); | |
161d0339 JM |
1222 | break; |
1223 | case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT: | |
1224 | wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert", | |
1225 | p, length); | |
1226 | break; | |
1227 | default: | |
1228 | wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length); | |
1229 | break; | |
1230 | } | |
1231 | } |