2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
18 #include "common/ieee802_11_defs.h"
19 #include "eapol_auth/eapol_auth_sm.h"
20 #include "ap_config.h"
21 #include "ieee802_11.h"
23 #include "pmksa_cache_auth.h"
24 #include "wpa_auth_ie.h"
25 #include "wpa_auth_i.h"
28 static int wpa_write_wpa_ie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
)
30 struct wpa_ie_hdr
*hdr
;
34 hdr
= (struct wpa_ie_hdr
*) buf
;
35 hdr
->elem_id
= WLAN_EID_VENDOR_SPECIFIC
;
36 RSN_SELECTOR_PUT(hdr
->oui
, WPA_OUI_TYPE
);
37 WPA_PUT_LE16(hdr
->version
, WPA_VERSION
);
38 pos
= (u8
*) (hdr
+ 1);
40 if (conf
->wpa_group
== WPA_CIPHER_CCMP
) {
41 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_CCMP
);
42 } else if (conf
->wpa_group
== WPA_CIPHER_TKIP
) {
43 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_TKIP
);
44 } else if (conf
->wpa_group
== WPA_CIPHER_WEP104
) {
45 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_WEP104
);
46 } else if (conf
->wpa_group
== WPA_CIPHER_WEP40
) {
47 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_WEP40
);
49 wpa_printf(MSG_DEBUG
, "Invalid group cipher (%d).",
53 pos
+= WPA_SELECTOR_LEN
;
59 if (conf
->wpa_pairwise
& WPA_CIPHER_CCMP
) {
60 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_CCMP
);
61 pos
+= WPA_SELECTOR_LEN
;
64 if (conf
->wpa_pairwise
& WPA_CIPHER_TKIP
) {
65 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_TKIP
);
66 pos
+= WPA_SELECTOR_LEN
;
69 if (conf
->wpa_pairwise
& WPA_CIPHER_NONE
) {
70 RSN_SELECTOR_PUT(pos
, WPA_CIPHER_SUITE_NONE
);
71 pos
+= WPA_SELECTOR_LEN
;
75 if (num_suites
== 0) {
76 wpa_printf(MSG_DEBUG
, "Invalid pairwise cipher (%d).",
80 WPA_PUT_LE16(count
, num_suites
);
86 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_IEEE8021X
) {
87 RSN_SELECTOR_PUT(pos
, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X
);
88 pos
+= WPA_SELECTOR_LEN
;
91 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_PSK
) {
92 RSN_SELECTOR_PUT(pos
, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X
);
93 pos
+= WPA_SELECTOR_LEN
;
97 if (num_suites
== 0) {
98 wpa_printf(MSG_DEBUG
, "Invalid key management type (%d).",
102 WPA_PUT_LE16(count
, num_suites
);
104 /* WPA Capabilities; use defaults, so no need to include it */
106 hdr
->len
= (pos
- buf
) - 2;
112 int wpa_write_rsn_ie(struct wpa_auth_config
*conf
, u8
*buf
, size_t len
,
115 struct rsn_ie_hdr
*hdr
;
120 hdr
= (struct rsn_ie_hdr
*) buf
;
121 hdr
->elem_id
= WLAN_EID_RSN
;
122 WPA_PUT_LE16(hdr
->version
, RSN_VERSION
);
123 pos
= (u8
*) (hdr
+ 1);
125 if (conf
->wpa_group
== WPA_CIPHER_CCMP
) {
126 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_CCMP
);
127 } else if (conf
->wpa_group
== WPA_CIPHER_TKIP
) {
128 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_TKIP
);
129 } else if (conf
->wpa_group
== WPA_CIPHER_WEP104
) {
130 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_WEP104
);
131 } else if (conf
->wpa_group
== WPA_CIPHER_WEP40
) {
132 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_WEP40
);
134 wpa_printf(MSG_DEBUG
, "Invalid group cipher (%d).",
138 pos
+= RSN_SELECTOR_LEN
;
144 if (conf
->rsn_pairwise
& WPA_CIPHER_CCMP
) {
145 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_CCMP
);
146 pos
+= RSN_SELECTOR_LEN
;
149 if (conf
->rsn_pairwise
& WPA_CIPHER_TKIP
) {
150 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_TKIP
);
151 pos
+= RSN_SELECTOR_LEN
;
154 if (conf
->rsn_pairwise
& WPA_CIPHER_NONE
) {
155 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_NONE
);
156 pos
+= RSN_SELECTOR_LEN
;
160 if (num_suites
== 0) {
161 wpa_printf(MSG_DEBUG
, "Invalid pairwise cipher (%d).",
165 WPA_PUT_LE16(count
, num_suites
);
171 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_IEEE8021X
) {
172 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X
);
173 pos
+= RSN_SELECTOR_LEN
;
176 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_PSK
) {
177 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X
);
178 pos
+= RSN_SELECTOR_LEN
;
181 #ifdef CONFIG_IEEE80211R
182 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_FT_IEEE8021X
) {
183 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_802_1X
);
184 pos
+= RSN_SELECTOR_LEN
;
187 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_FT_PSK
) {
188 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_FT_PSK
);
189 pos
+= RSN_SELECTOR_LEN
;
192 #endif /* CONFIG_IEEE80211R */
193 #ifdef CONFIG_IEEE80211W
194 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
195 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_802_1X_SHA256
);
196 pos
+= RSN_SELECTOR_LEN
;
199 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_PSK_SHA256
) {
200 RSN_SELECTOR_PUT(pos
, RSN_AUTH_KEY_MGMT_PSK_SHA256
);
201 pos
+= RSN_SELECTOR_LEN
;
204 #endif /* CONFIG_IEEE80211W */
206 if (num_suites
== 0) {
207 wpa_printf(MSG_DEBUG
, "Invalid key management type (%d).",
211 WPA_PUT_LE16(count
, num_suites
);
213 /* RSN Capabilities */
215 if (conf
->rsn_preauth
)
216 capab
|= WPA_CAPABILITY_PREAUTH
;
218 capab
|= WPA_CAPABILITY_PEERKEY_ENABLED
;
219 if (conf
->wmm_enabled
) {
220 /* 4 PTKSA replay counters when using WMM */
221 capab
|= (RSN_NUM_REPLAY_COUNTERS_16
<< 2);
223 #ifdef CONFIG_IEEE80211W
224 if (conf
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
225 capab
|= WPA_CAPABILITY_MFPC
;
226 if (conf
->ieee80211w
== MGMT_FRAME_PROTECTION_REQUIRED
)
227 capab
|= WPA_CAPABILITY_MFPR
;
229 #endif /* CONFIG_IEEE80211W */
230 WPA_PUT_LE16(pos
, capab
);
234 if (pos
+ 2 + PMKID_LEN
> buf
+ len
)
237 WPA_PUT_LE16(pos
, 1);
239 os_memcpy(pos
, pmkid
, PMKID_LEN
);
243 #ifdef CONFIG_IEEE80211W
244 if (conf
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
245 if (pos
+ 2 + 4 > buf
+ len
)
249 WPA_PUT_LE16(pos
, 0);
253 /* Management Group Cipher Suite */
254 RSN_SELECTOR_PUT(pos
, RSN_CIPHER_SUITE_AES_128_CMAC
);
255 pos
+= RSN_SELECTOR_LEN
;
257 #endif /* CONFIG_IEEE80211W */
259 hdr
->len
= (pos
- buf
) - 2;
265 int wpa_auth_gen_wpa_ie(struct wpa_authenticator
*wpa_auth
)
272 if (wpa_auth
->conf
.wpa
& WPA_PROTO_RSN
) {
273 res
= wpa_write_rsn_ie(&wpa_auth
->conf
,
274 pos
, buf
+ sizeof(buf
) - pos
, NULL
);
279 #ifdef CONFIG_IEEE80211R
280 if (wpa_auth
->conf
.wpa_key_mgmt
&
281 (WPA_KEY_MGMT_FT_IEEE8021X
| WPA_KEY_MGMT_FT_PSK
)) {
282 res
= wpa_write_mdie(&wpa_auth
->conf
, pos
,
283 buf
+ sizeof(buf
) - pos
);
288 #endif /* CONFIG_IEEE80211R */
289 if (wpa_auth
->conf
.wpa
& WPA_PROTO_WPA
) {
290 res
= wpa_write_wpa_ie(&wpa_auth
->conf
,
291 pos
, buf
+ sizeof(buf
) - pos
);
297 os_free(wpa_auth
->wpa_ie
);
298 wpa_auth
->wpa_ie
= os_malloc(pos
- buf
);
299 if (wpa_auth
->wpa_ie
== NULL
)
301 os_memcpy(wpa_auth
->wpa_ie
, buf
, pos
- buf
);
302 wpa_auth
->wpa_ie_len
= pos
- buf
;
308 u8
* wpa_add_kde(u8
*pos
, u32 kde
, const u8
*data
, size_t data_len
,
309 const u8
*data2
, size_t data2_len
)
311 *pos
++ = WLAN_EID_VENDOR_SPECIFIC
;
312 *pos
++ = RSN_SELECTOR_LEN
+ data_len
+ data2_len
;
313 RSN_SELECTOR_PUT(pos
, kde
);
314 pos
+= RSN_SELECTOR_LEN
;
315 os_memcpy(pos
, data
, data_len
);
318 os_memcpy(pos
, data2
, data2_len
);
325 static int wpa_selector_to_bitfield(const u8
*s
)
327 if (RSN_SELECTOR_GET(s
) == WPA_CIPHER_SUITE_NONE
)
328 return WPA_CIPHER_NONE
;
329 if (RSN_SELECTOR_GET(s
) == WPA_CIPHER_SUITE_WEP40
)
330 return WPA_CIPHER_WEP40
;
331 if (RSN_SELECTOR_GET(s
) == WPA_CIPHER_SUITE_TKIP
)
332 return WPA_CIPHER_TKIP
;
333 if (RSN_SELECTOR_GET(s
) == WPA_CIPHER_SUITE_CCMP
)
334 return WPA_CIPHER_CCMP
;
335 if (RSN_SELECTOR_GET(s
) == WPA_CIPHER_SUITE_WEP104
)
336 return WPA_CIPHER_WEP104
;
341 static int wpa_key_mgmt_to_bitfield(const u8
*s
)
343 if (RSN_SELECTOR_GET(s
) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X
)
344 return WPA_KEY_MGMT_IEEE8021X
;
345 if (RSN_SELECTOR_GET(s
) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X
)
346 return WPA_KEY_MGMT_PSK
;
347 if (RSN_SELECTOR_GET(s
) == WPA_AUTH_KEY_MGMT_NONE
)
348 return WPA_KEY_MGMT_WPA_NONE
;
353 static int wpa_parse_wpa_ie_wpa(const u8
*wpa_ie
, size_t wpa_ie_len
,
354 struct wpa_ie_data
*data
)
356 const struct wpa_ie_hdr
*hdr
;
361 os_memset(data
, 0, sizeof(*data
));
362 data
->pairwise_cipher
= WPA_CIPHER_TKIP
;
363 data
->group_cipher
= WPA_CIPHER_TKIP
;
364 data
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
365 data
->mgmt_group_cipher
= 0;
367 if (wpa_ie_len
< sizeof(struct wpa_ie_hdr
))
370 hdr
= (const struct wpa_ie_hdr
*) wpa_ie
;
372 if (hdr
->elem_id
!= WLAN_EID_VENDOR_SPECIFIC
||
373 hdr
->len
!= wpa_ie_len
- 2 ||
374 RSN_SELECTOR_GET(hdr
->oui
) != WPA_OUI_TYPE
||
375 WPA_GET_LE16(hdr
->version
) != WPA_VERSION
) {
379 pos
= (const u8
*) (hdr
+ 1);
380 left
= wpa_ie_len
- sizeof(*hdr
);
382 if (left
>= WPA_SELECTOR_LEN
) {
383 data
->group_cipher
= wpa_selector_to_bitfield(pos
);
384 pos
+= WPA_SELECTOR_LEN
;
385 left
-= WPA_SELECTOR_LEN
;
390 data
->pairwise_cipher
= 0;
391 count
= WPA_GET_LE16(pos
);
394 if (count
== 0 || left
< count
* WPA_SELECTOR_LEN
)
396 for (i
= 0; i
< count
; i
++) {
397 data
->pairwise_cipher
|= wpa_selector_to_bitfield(pos
);
398 pos
+= WPA_SELECTOR_LEN
;
399 left
-= WPA_SELECTOR_LEN
;
401 } else if (left
== 1)
406 count
= WPA_GET_LE16(pos
);
409 if (count
== 0 || left
< count
* WPA_SELECTOR_LEN
)
411 for (i
= 0; i
< count
; i
++) {
412 data
->key_mgmt
|= wpa_key_mgmt_to_bitfield(pos
);
413 pos
+= WPA_SELECTOR_LEN
;
414 left
-= WPA_SELECTOR_LEN
;
416 } else if (left
== 1)
420 data
->capabilities
= WPA_GET_LE16(pos
);
433 struct wpa_auth_okc_iter_data
{
434 struct rsn_pmksa_cache_entry
*pmksa
;
441 static int wpa_auth_okc_iter(struct wpa_authenticator
*a
, void *ctx
)
443 struct wpa_auth_okc_iter_data
*data
= ctx
;
444 data
->pmksa
= pmksa_cache_get_okc(a
->pmksa
, data
->aa
, data
->spa
,
452 int wpa_validate_wpa_ie(struct wpa_authenticator
*wpa_auth
,
453 struct wpa_state_machine
*sm
,
454 const u8
*wpa_ie
, size_t wpa_ie_len
,
455 const u8
*mdie
, size_t mdie_len
)
457 struct wpa_ie_data data
;
458 int ciphers
, key_mgmt
, res
, version
;
461 const u8
*pmkid
= NULL
;
463 if (wpa_auth
== NULL
|| sm
== NULL
)
464 return WPA_NOT_ENABLED
;
466 if (wpa_ie
== NULL
|| wpa_ie_len
< 1)
467 return WPA_INVALID_IE
;
469 if (wpa_ie
[0] == WLAN_EID_RSN
)
470 version
= WPA_PROTO_RSN
;
472 version
= WPA_PROTO_WPA
;
474 if (!(wpa_auth
->conf
.wpa
& version
)) {
475 wpa_printf(MSG_DEBUG
, "Invalid WPA proto (%d) from " MACSTR
,
476 version
, MAC2STR(sm
->addr
));
477 return WPA_INVALID_PROTO
;
480 if (version
== WPA_PROTO_RSN
) {
481 res
= wpa_parse_wpa_ie_rsn(wpa_ie
, wpa_ie_len
, &data
);
483 selector
= RSN_AUTH_KEY_MGMT_UNSPEC_802_1X
;
486 #ifdef CONFIG_IEEE80211R
487 else if (data
.key_mgmt
& WPA_KEY_MGMT_FT_IEEE8021X
)
488 selector
= RSN_AUTH_KEY_MGMT_FT_802_1X
;
489 else if (data
.key_mgmt
& WPA_KEY_MGMT_FT_PSK
)
490 selector
= RSN_AUTH_KEY_MGMT_FT_PSK
;
491 #endif /* CONFIG_IEEE80211R */
492 #ifdef CONFIG_IEEE80211W
493 else if (data
.key_mgmt
& WPA_KEY_MGMT_IEEE8021X_SHA256
)
494 selector
= RSN_AUTH_KEY_MGMT_802_1X_SHA256
;
495 else if (data
.key_mgmt
& WPA_KEY_MGMT_PSK_SHA256
)
496 selector
= RSN_AUTH_KEY_MGMT_PSK_SHA256
;
497 #endif /* CONFIG_IEEE80211W */
498 else if (data
.key_mgmt
& WPA_KEY_MGMT_IEEE8021X
)
499 selector
= RSN_AUTH_KEY_MGMT_UNSPEC_802_1X
;
500 else if (data
.key_mgmt
& WPA_KEY_MGMT_PSK
)
501 selector
= RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X
;
502 wpa_auth
->dot11RSNAAuthenticationSuiteSelected
= selector
;
504 selector
= RSN_CIPHER_SUITE_CCMP
;
505 if (data
.pairwise_cipher
& WPA_CIPHER_CCMP
)
506 selector
= RSN_CIPHER_SUITE_CCMP
;
507 else if (data
.pairwise_cipher
& WPA_CIPHER_TKIP
)
508 selector
= RSN_CIPHER_SUITE_TKIP
;
509 else if (data
.pairwise_cipher
& WPA_CIPHER_WEP104
)
510 selector
= RSN_CIPHER_SUITE_WEP104
;
511 else if (data
.pairwise_cipher
& WPA_CIPHER_WEP40
)
512 selector
= RSN_CIPHER_SUITE_WEP40
;
513 else if (data
.pairwise_cipher
& WPA_CIPHER_NONE
)
514 selector
= RSN_CIPHER_SUITE_NONE
;
515 wpa_auth
->dot11RSNAPairwiseCipherSelected
= selector
;
517 selector
= RSN_CIPHER_SUITE_CCMP
;
518 if (data
.group_cipher
& WPA_CIPHER_CCMP
)
519 selector
= RSN_CIPHER_SUITE_CCMP
;
520 else if (data
.group_cipher
& WPA_CIPHER_TKIP
)
521 selector
= RSN_CIPHER_SUITE_TKIP
;
522 else if (data
.group_cipher
& WPA_CIPHER_WEP104
)
523 selector
= RSN_CIPHER_SUITE_WEP104
;
524 else if (data
.group_cipher
& WPA_CIPHER_WEP40
)
525 selector
= RSN_CIPHER_SUITE_WEP40
;
526 else if (data
.group_cipher
& WPA_CIPHER_NONE
)
527 selector
= RSN_CIPHER_SUITE_NONE
;
528 wpa_auth
->dot11RSNAGroupCipherSelected
= selector
;
530 res
= wpa_parse_wpa_ie_wpa(wpa_ie
, wpa_ie_len
, &data
);
532 selector
= WPA_AUTH_KEY_MGMT_UNSPEC_802_1X
;
533 if (data
.key_mgmt
& WPA_KEY_MGMT_IEEE8021X
)
534 selector
= WPA_AUTH_KEY_MGMT_UNSPEC_802_1X
;
535 else if (data
.key_mgmt
& WPA_KEY_MGMT_PSK
)
536 selector
= WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X
;
537 wpa_auth
->dot11RSNAAuthenticationSuiteSelected
= selector
;
539 selector
= WPA_CIPHER_SUITE_TKIP
;
540 if (data
.pairwise_cipher
& WPA_CIPHER_CCMP
)
541 selector
= WPA_CIPHER_SUITE_CCMP
;
542 else if (data
.pairwise_cipher
& WPA_CIPHER_TKIP
)
543 selector
= WPA_CIPHER_SUITE_TKIP
;
544 else if (data
.pairwise_cipher
& WPA_CIPHER_WEP104
)
545 selector
= WPA_CIPHER_SUITE_WEP104
;
546 else if (data
.pairwise_cipher
& WPA_CIPHER_WEP40
)
547 selector
= WPA_CIPHER_SUITE_WEP40
;
548 else if (data
.pairwise_cipher
& WPA_CIPHER_NONE
)
549 selector
= WPA_CIPHER_SUITE_NONE
;
550 wpa_auth
->dot11RSNAPairwiseCipherSelected
= selector
;
552 selector
= WPA_CIPHER_SUITE_TKIP
;
553 if (data
.group_cipher
& WPA_CIPHER_CCMP
)
554 selector
= WPA_CIPHER_SUITE_CCMP
;
555 else if (data
.group_cipher
& WPA_CIPHER_TKIP
)
556 selector
= WPA_CIPHER_SUITE_TKIP
;
557 else if (data
.group_cipher
& WPA_CIPHER_WEP104
)
558 selector
= WPA_CIPHER_SUITE_WEP104
;
559 else if (data
.group_cipher
& WPA_CIPHER_WEP40
)
560 selector
= WPA_CIPHER_SUITE_WEP40
;
561 else if (data
.group_cipher
& WPA_CIPHER_NONE
)
562 selector
= WPA_CIPHER_SUITE_NONE
;
563 wpa_auth
->dot11RSNAGroupCipherSelected
= selector
;
566 wpa_printf(MSG_DEBUG
, "Failed to parse WPA/RSN IE from "
567 MACSTR
" (res=%d)", MAC2STR(sm
->addr
), res
);
568 wpa_hexdump(MSG_DEBUG
, "WPA/RSN IE", wpa_ie
, wpa_ie_len
);
569 return WPA_INVALID_IE
;
572 if (data
.group_cipher
!= wpa_auth
->conf
.wpa_group
) {
573 wpa_printf(MSG_DEBUG
, "Invalid WPA group cipher (0x%x) from "
574 MACSTR
, data
.group_cipher
, MAC2STR(sm
->addr
));
575 return WPA_INVALID_GROUP
;
578 key_mgmt
= data
.key_mgmt
& wpa_auth
->conf
.wpa_key_mgmt
;
580 wpa_printf(MSG_DEBUG
, "Invalid WPA key mgmt (0x%x) from "
581 MACSTR
, data
.key_mgmt
, MAC2STR(sm
->addr
));
582 return WPA_INVALID_AKMP
;
586 #ifdef CONFIG_IEEE80211R
587 else if (key_mgmt
& WPA_KEY_MGMT_FT_IEEE8021X
)
588 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
589 else if (key_mgmt
& WPA_KEY_MGMT_FT_PSK
)
590 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
591 #endif /* CONFIG_IEEE80211R */
592 #ifdef CONFIG_IEEE80211W
593 else if (key_mgmt
& WPA_KEY_MGMT_IEEE8021X_SHA256
)
594 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
595 else if (key_mgmt
& WPA_KEY_MGMT_PSK_SHA256
)
596 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
597 #endif /* CONFIG_IEEE80211W */
598 else if (key_mgmt
& WPA_KEY_MGMT_IEEE8021X
)
599 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
601 sm
->wpa_key_mgmt
= WPA_KEY_MGMT_PSK
;
603 if (version
== WPA_PROTO_RSN
)
604 ciphers
= data
.pairwise_cipher
& wpa_auth
->conf
.rsn_pairwise
;
606 ciphers
= data
.pairwise_cipher
& wpa_auth
->conf
.wpa_pairwise
;
608 wpa_printf(MSG_DEBUG
, "Invalid %s pairwise cipher (0x%x) "
610 version
== WPA_PROTO_RSN
? "RSN" : "WPA",
611 data
.pairwise_cipher
, MAC2STR(sm
->addr
));
612 return WPA_INVALID_PAIRWISE
;
615 #ifdef CONFIG_IEEE80211W
616 if (wpa_auth
->conf
.ieee80211w
== MGMT_FRAME_PROTECTION_REQUIRED
) {
617 if (!(data
.capabilities
& WPA_CAPABILITY_MFPC
)) {
618 wpa_printf(MSG_DEBUG
, "Management frame protection "
619 "required, but client did not enable it");
620 return WPA_MGMT_FRAME_PROTECTION_VIOLATION
;
623 if (ciphers
& WPA_CIPHER_TKIP
) {
624 wpa_printf(MSG_DEBUG
, "Management frame protection "
626 return WPA_MGMT_FRAME_PROTECTION_VIOLATION
;
629 if (data
.mgmt_group_cipher
!= WPA_CIPHER_AES_128_CMAC
) {
630 wpa_printf(MSG_DEBUG
, "Unsupported management group "
631 "cipher %d", data
.mgmt_group_cipher
);
632 return WPA_INVALID_MGMT_GROUP_CIPHER
;
636 if (wpa_auth
->conf
.ieee80211w
== NO_MGMT_FRAME_PROTECTION
||
637 !(data
.capabilities
& WPA_CAPABILITY_MFPC
))
638 sm
->mgmt_frame_prot
= 0;
640 sm
->mgmt_frame_prot
= 1;
641 #endif /* CONFIG_IEEE80211W */
643 #ifdef CONFIG_IEEE80211R
644 if (wpa_key_mgmt_ft(sm
->wpa_key_mgmt
)) {
645 if (mdie
== NULL
|| mdie_len
< MOBILITY_DOMAIN_ID_LEN
+ 1) {
646 wpa_printf(MSG_DEBUG
, "RSN: Trying to use FT, but "
647 "MDIE not included");
648 return WPA_INVALID_MDIE
;
650 if (os_memcmp(mdie
, wpa_auth
->conf
.mobility_domain
,
651 MOBILITY_DOMAIN_ID_LEN
) != 0) {
652 wpa_hexdump(MSG_DEBUG
, "RSN: Attempted to use unknown "
653 "MDIE", mdie
, MOBILITY_DOMAIN_ID_LEN
);
654 return WPA_INVALID_MDIE
;
657 #endif /* CONFIG_IEEE80211R */
659 if (ciphers
& WPA_CIPHER_CCMP
)
660 sm
->pairwise
= WPA_CIPHER_CCMP
;
662 sm
->pairwise
= WPA_CIPHER_TKIP
;
664 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
665 if (wpa_ie
[0] == WLAN_EID_RSN
)
666 sm
->wpa
= WPA_VERSION_WPA2
;
668 sm
->wpa
= WPA_VERSION_WPA
;
671 for (i
= 0; i
< data
.num_pmkid
; i
++) {
672 wpa_hexdump(MSG_DEBUG
, "RSN IE: STA PMKID",
673 &data
.pmkid
[i
* PMKID_LEN
], PMKID_LEN
);
674 sm
->pmksa
= pmksa_cache_auth_get(wpa_auth
->pmksa
, sm
->addr
,
675 &data
.pmkid
[i
* PMKID_LEN
]);
677 pmkid
= sm
->pmksa
->pmkid
;
681 for (i
= 0; sm
->pmksa
== NULL
&& wpa_auth
->conf
.okc
&&
682 i
< data
.num_pmkid
; i
++) {
683 struct wpa_auth_okc_iter_data idata
;
685 idata
.aa
= wpa_auth
->addr
;
686 idata
.spa
= sm
->addr
;
687 idata
.pmkid
= &data
.pmkid
[i
* PMKID_LEN
];
688 wpa_auth_for_each_auth(wpa_auth
, wpa_auth_okc_iter
, &idata
);
690 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
691 "OKC match for PMKID");
692 sm
->pmksa
= pmksa_cache_add_okc(wpa_auth
->pmksa
,
701 wpa_auth_vlogger(wpa_auth
, sm
->addr
, LOGGER_DEBUG
,
702 "PMKID found from PMKSA cache "
703 "eap_type=%d vlan_id=%d",
704 sm
->pmksa
->eap_type_authsrv
,
706 os_memcpy(wpa_auth
->dot11RSNAPMKIDUsed
, pmkid
, PMKID_LEN
);
709 if (sm
->wpa_ie
== NULL
|| sm
->wpa_ie_len
< wpa_ie_len
) {
711 sm
->wpa_ie
= os_malloc(wpa_ie_len
);
712 if (sm
->wpa_ie
== NULL
)
713 return WPA_ALLOC_FAIL
;
715 os_memcpy(sm
->wpa_ie
, wpa_ie
, wpa_ie_len
);
716 sm
->wpa_ie_len
= wpa_ie_len
;
723 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
724 * @pos: Pointer to the IE header
725 * @end: Pointer to the end of the Key Data buffer
726 * @ie: Pointer to parsed IE data
727 * Returns: 0 on success, 1 if end mark is found, -1 on failure
729 static int wpa_parse_generic(const u8
*pos
, const u8
*end
,
730 struct wpa_eapol_ie_parse
*ie
)
736 RSN_SELECTOR_GET(pos
+ 2) == WPA_OUI_TYPE
&&
737 pos
[2 + WPA_SELECTOR_LEN
] == 1 &&
738 pos
[2 + WPA_SELECTOR_LEN
+ 1] == 0) {
740 ie
->wpa_ie_len
= pos
[1] + 2;
744 if (pos
+ 1 + RSN_SELECTOR_LEN
< end
&&
745 pos
[1] >= RSN_SELECTOR_LEN
+ PMKID_LEN
&&
746 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_PMKID
) {
747 ie
->pmkid
= pos
+ 2 + RSN_SELECTOR_LEN
;
751 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
752 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_GROUPKEY
) {
753 ie
->gtk
= pos
+ 2 + RSN_SELECTOR_LEN
;
754 ie
->gtk_len
= pos
[1] - RSN_SELECTOR_LEN
;
758 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
759 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_MAC_ADDR
) {
760 ie
->mac_addr
= pos
+ 2 + RSN_SELECTOR_LEN
;
761 ie
->mac_addr_len
= pos
[1] - RSN_SELECTOR_LEN
;
765 #ifdef CONFIG_PEERKEY
766 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
767 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_SMK
) {
768 ie
->smk
= pos
+ 2 + RSN_SELECTOR_LEN
;
769 ie
->smk_len
= pos
[1] - RSN_SELECTOR_LEN
;
773 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
774 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_NONCE
) {
775 ie
->nonce
= pos
+ 2 + RSN_SELECTOR_LEN
;
776 ie
->nonce_len
= pos
[1] - RSN_SELECTOR_LEN
;
780 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
781 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_LIFETIME
) {
782 ie
->lifetime
= pos
+ 2 + RSN_SELECTOR_LEN
;
783 ie
->lifetime_len
= pos
[1] - RSN_SELECTOR_LEN
;
787 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
788 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_ERROR
) {
789 ie
->error
= pos
+ 2 + RSN_SELECTOR_LEN
;
790 ie
->error_len
= pos
[1] - RSN_SELECTOR_LEN
;
793 #endif /* CONFIG_PEERKEY */
795 #ifdef CONFIG_IEEE80211W
796 if (pos
[1] > RSN_SELECTOR_LEN
+ 2 &&
797 RSN_SELECTOR_GET(pos
+ 2) == RSN_KEY_DATA_IGTK
) {
798 ie
->igtk
= pos
+ 2 + RSN_SELECTOR_LEN
;
799 ie
->igtk_len
= pos
[1] - RSN_SELECTOR_LEN
;
802 #endif /* CONFIG_IEEE80211W */
809 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
810 * @buf: Pointer to the Key Data buffer
811 * @len: Key Data Length
812 * @ie: Pointer to parsed IE data
813 * Returns: 0 on success, -1 on failure
815 int wpa_parse_kde_ies(const u8
*buf
, size_t len
, struct wpa_eapol_ie_parse
*ie
)
820 os_memset(ie
, 0, sizeof(*ie
));
821 for (pos
= buf
, end
= pos
+ len
; pos
+ 1 < end
; pos
+= 2 + pos
[1]) {
822 if (pos
[0] == 0xdd &&
823 ((pos
== buf
+ len
- 1) || pos
[1] == 0)) {
827 if (pos
+ 2 + pos
[1] > end
) {
828 wpa_printf(MSG_DEBUG
, "WPA: EAPOL-Key Key Data "
829 "underflow (ie=%d len=%d pos=%d)",
830 pos
[0], pos
[1], (int) (pos
- buf
));
831 wpa_hexdump_key(MSG_DEBUG
, "WPA: Key Data",
836 if (*pos
== WLAN_EID_RSN
) {
838 ie
->rsn_ie_len
= pos
[1] + 2;
839 #ifdef CONFIG_IEEE80211R
840 } else if (*pos
== WLAN_EID_MOBILITY_DOMAIN
) {
842 ie
->mdie_len
= pos
[1] + 2;
843 } else if (*pos
== WLAN_EID_FAST_BSS_TRANSITION
) {
845 ie
->ftie_len
= pos
[1] + 2;
846 #endif /* CONFIG_IEEE80211R */
847 } else if (*pos
== WLAN_EID_VENDOR_SPECIFIC
) {
848 ret
= wpa_parse_generic(pos
, end
, ie
);
856 wpa_hexdump(MSG_DEBUG
, "WPA: Unrecognized EAPOL-Key "
857 "Key Data IE", pos
, 2 + pos
[1]);
865 int wpa_auth_uses_mfp(struct wpa_state_machine
*sm
)
867 return sm
? sm
->mgmt_frame_prot
: 0;