search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dbus: Fix init-failure-detection
[hostap-gosc2009.git] / src / ap / wpa_auth_ie.c
blob29c96034099c4f19d905bacd51368419183033b0
1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "utils/includes.h"
16
17 #include "utils/common.h"
18 #include "common/ieee802_11_defs.h"
19 #include "eapol_auth/eapol_auth_sm.h"
20 #include "ap_config.h"
21 #include "ieee802_11.h"
22 #include "wpa_auth.h"
23 #include "pmksa_cache_auth.h"
24 #include "wpa_auth_ie.h"
25 #include "wpa_auth_i.h"
26
27
28 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 {
30 struct wpa_ie_hdr *hdr;
31 int num_suites;
32 u8 *pos, *count;
33
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
39
40 if (conf->wpa_group == WPA_CIPHER_CCMP) {
41 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
42 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
43 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
44 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
45 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
46 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
47 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
48 } else {
49 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
50 conf->wpa_group);
51 return -1;
52 }
53 pos += WPA_SELECTOR_LEN;
54
55 num_suites = 0;
56 count = pos;
57 pos += 2;
58
59 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
60 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
61 pos += WPA_SELECTOR_LEN;
62 num_suites++;
63 }
64 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
65 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
66 pos += WPA_SELECTOR_LEN;
67 num_suites++;
68 }
69 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
70 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
71 pos += WPA_SELECTOR_LEN;
72 num_suites++;
73 }
74
75 if (num_suites == 0) {
76 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
77 conf->wpa_pairwise);
78 return -1;
79 }
80 WPA_PUT_LE16(count, num_suites);
81
82 num_suites = 0;
83 count = pos;
84 pos += 2;
85
86 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
87 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
88 pos += WPA_SELECTOR_LEN;
89 num_suites++;
90 }
91 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
92 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
93 pos += WPA_SELECTOR_LEN;
94 num_suites++;
95 }
96
97 if (num_suites == 0) {
98 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
99 conf->wpa_key_mgmt);
100 return -1;
101 }
102 WPA_PUT_LE16(count, num_suites);
103
104 /* WPA Capabilities; use defaults, so no need to include it */
105
106 hdr->len = (pos - buf) - 2;
107
108 return pos - buf;
109 }
110
111
112 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
113 const u8 *pmkid)
114 {
115 struct rsn_ie_hdr *hdr;
116 int num_suites;
117 u8 *pos, *count;
118 u16 capab;
119
120 hdr = (struct rsn_ie_hdr *) buf;
121 hdr->elem_id = WLAN_EID_RSN;
122 WPA_PUT_LE16(hdr->version, RSN_VERSION);
123 pos = (u8 *) (hdr + 1);
124
125 if (conf->wpa_group == WPA_CIPHER_CCMP) {
126 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
127 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
128 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
129 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
130 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
131 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
132 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
133 } else {
134 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
135 conf->wpa_group);
136 return -1;
137 }
138 pos += RSN_SELECTOR_LEN;
139
140 num_suites = 0;
141 count = pos;
142 pos += 2;
143
144 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
145 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
146 pos += RSN_SELECTOR_LEN;
147 num_suites++;
148 }
149 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
150 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
151 pos += RSN_SELECTOR_LEN;
152 num_suites++;
153 }
154 if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
155 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
156 pos += RSN_SELECTOR_LEN;
157 num_suites++;
158 }
159
160 if (num_suites == 0) {
161 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
162 conf->rsn_pairwise);
163 return -1;
164 }
165 WPA_PUT_LE16(count, num_suites);
166
167 num_suites = 0;
168 count = pos;
169 pos += 2;
170
171 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
172 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
173 pos += RSN_SELECTOR_LEN;
174 num_suites++;
175 }
176 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
177 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
178 pos += RSN_SELECTOR_LEN;
179 num_suites++;
180 }
181 #ifdef CONFIG_IEEE80211R
182 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
183 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
184 pos += RSN_SELECTOR_LEN;
185 num_suites++;
186 }
187 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
188 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
189 pos += RSN_SELECTOR_LEN;
190 num_suites++;
191 }
192 #endif /* CONFIG_IEEE80211R */
193 #ifdef CONFIG_IEEE80211W
194 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
195 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
196 pos += RSN_SELECTOR_LEN;
197 num_suites++;
198 }
199 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
200 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
201 pos += RSN_SELECTOR_LEN;
202 num_suites++;
203 }
204 #endif /* CONFIG_IEEE80211W */
205
206 if (num_suites == 0) {
207 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
208 conf->wpa_key_mgmt);
209 return -1;
210 }
211 WPA_PUT_LE16(count, num_suites);
212
213 /* RSN Capabilities */
214 capab = 0;
215 if (conf->rsn_preauth)
216 capab |= WPA_CAPABILITY_PREAUTH;
217 if (conf->peerkey)
218 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
219 if (conf->wmm_enabled) {
220 /* 4 PTKSA replay counters when using WMM */
221 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
222 }
223 #ifdef CONFIG_IEEE80211W
224 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
225 capab |= WPA_CAPABILITY_MFPC;
226 if (conf->ieee80211w == IEEE80211W_REQUIRED)
227 capab |= WPA_CAPABILITY_MFPR;
228 }
229 #endif /* CONFIG_IEEE80211W */
230 WPA_PUT_LE16(pos, capab);
231 pos += 2;
232
233 if (pmkid) {
234 if (pos + 2 + PMKID_LEN > buf + len)
235 return -1;
236 /* PMKID Count */
237 WPA_PUT_LE16(pos, 1);
238 pos += 2;
239 os_memcpy(pos, pmkid, PMKID_LEN);
240 pos += PMKID_LEN;
241 }
242
243 #ifdef CONFIG_IEEE80211W
244 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
245 if (pos + 2 + 4 > buf + len)
246 return -1;
247 if (pmkid == NULL) {
248 /* PMKID Count */
249 WPA_PUT_LE16(pos, 0);
250 pos += 2;
251 }
252
253 /* Management Group Cipher Suite */
254 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
255 pos += RSN_SELECTOR_LEN;
256 }
257 #endif /* CONFIG_IEEE80211W */
258
259 hdr->len = (pos - buf) - 2;
260
261 return pos - buf;
262 }
263
264
265 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
266 {
267 u8 *pos, buf[128];
268 int res;
269
270 pos = buf;
271
272 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
273 res = wpa_write_rsn_ie(&wpa_auth->conf,
274 pos, buf + sizeof(buf) - pos, NULL);
275 if (res < 0)
276 return res;
277 pos += res;
278 }
279 #ifdef CONFIG_IEEE80211R
280 if (wpa_auth->conf.wpa_key_mgmt &
281 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) {
282 res = wpa_write_mdie(&wpa_auth->conf, pos,
283 buf + sizeof(buf) - pos);
284 if (res < 0)
285 return res;
286 pos += res;
287 }
288 #endif /* CONFIG_IEEE80211R */
289 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
290 res = wpa_write_wpa_ie(&wpa_auth->conf,
291 pos, buf + sizeof(buf) - pos);
292 if (res < 0)
293 return res;
294 pos += res;
295 }
296
297 os_free(wpa_auth->wpa_ie);
298 wpa_auth->wpa_ie = os_malloc(pos - buf);
299 if (wpa_auth->wpa_ie == NULL)
300 return -1;
301 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
302 wpa_auth->wpa_ie_len = pos - buf;
303
304 return 0;
305 }
306
307
308 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
309 const u8 *data2, size_t data2_len)
310 {
311 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
312 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
313 RSN_SELECTOR_PUT(pos, kde);
314 pos += RSN_SELECTOR_LEN;
315 os_memcpy(pos, data, data_len);
316 pos += data_len;
317 if (data2) {
318 os_memcpy(pos, data2, data2_len);
319 pos += data2_len;
320 }
321 return pos;
322 }
323
324
325 static int wpa_selector_to_bitfield(const u8 *s)
326 {
327 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
328 return WPA_CIPHER_NONE;
329 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
330 return WPA_CIPHER_WEP40;
331 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
332 return WPA_CIPHER_TKIP;
333 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
334 return WPA_CIPHER_CCMP;
335 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
336 return WPA_CIPHER_WEP104;
337 return 0;
338 }
339
340
341 static int wpa_key_mgmt_to_bitfield(const u8 *s)
342 {
343 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
344 return WPA_KEY_MGMT_IEEE8021X;
345 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
346 return WPA_KEY_MGMT_PSK;
347 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
348 return WPA_KEY_MGMT_WPA_NONE;
349 return 0;
350 }
351
352
353 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
354 struct wpa_ie_data *data)
355 {
356 const struct wpa_ie_hdr *hdr;
357 const u8 *pos;
358 int left;
359 int i, count;
360
361 os_memset(data, 0, sizeof(*data));
362 data->pairwise_cipher = WPA_CIPHER_TKIP;
363 data->group_cipher = WPA_CIPHER_TKIP;
364 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
365 data->mgmt_group_cipher = 0;
366
367 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
368 return -1;
369
370 hdr = (const struct wpa_ie_hdr *) wpa_ie;
371
372 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
373 hdr->len != wpa_ie_len - 2 ||
374 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
375 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
376 return -2;
377 }
378
379 pos = (const u8 *) (hdr + 1);
380 left = wpa_ie_len - sizeof(*hdr);
381
382 if (left >= WPA_SELECTOR_LEN) {
383 data->group_cipher = wpa_selector_to_bitfield(pos);
384 pos += WPA_SELECTOR_LEN;
385 left -= WPA_SELECTOR_LEN;
386 } else if (left > 0)
387 return -3;
388
389 if (left >= 2) {
390 data->pairwise_cipher = 0;
391 count = WPA_GET_LE16(pos);
392 pos += 2;
393 left -= 2;
394 if (count == 0 || left < count * WPA_SELECTOR_LEN)
395 return -4;
396 for (i = 0; i < count; i++) {
397 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
398 pos += WPA_SELECTOR_LEN;
399 left -= WPA_SELECTOR_LEN;
400 }
401 } else if (left == 1)
402 return -5;
403
404 if (left >= 2) {
405 data->key_mgmt = 0;
406 count = WPA_GET_LE16(pos);
407 pos += 2;
408 left -= 2;
409 if (count == 0 || left < count * WPA_SELECTOR_LEN)
410 return -6;
411 for (i = 0; i < count; i++) {
412 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
413 pos += WPA_SELECTOR_LEN;
414 left -= WPA_SELECTOR_LEN;
415 }
416 } else if (left == 1)
417 return -7;
418
419 if (left >= 2) {
420 data->capabilities = WPA_GET_LE16(pos);
421 pos += 2;
422 left -= 2;
423 }
424
425 if (left > 0) {
426 return -8;
427 }
428
429 return 0;
430 }
431
432
433 struct wpa_auth_okc_iter_data {
434 struct rsn_pmksa_cache_entry *pmksa;
435 const u8 *aa;
436 const u8 *spa;
437 const u8 *pmkid;
438 };
439
440
441 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
442 {
443 struct wpa_auth_okc_iter_data *data = ctx;
444 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
445 data->pmkid);
446 if (data->pmksa)
447 return 1;
448 return 0;
449 }
450
451
452 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
453 struct wpa_state_machine *sm,
454 const u8 *wpa_ie, size_t wpa_ie_len,
455 const u8 *mdie, size_t mdie_len)
456 {
457 struct wpa_ie_data data;
458 int ciphers, key_mgmt, res, version;
459 u32 selector;
460 size_t i;
461 const u8 *pmkid = NULL;
462
463 if (wpa_auth == NULL || sm == NULL)
464 return WPA_NOT_ENABLED;
465
466 if (wpa_ie == NULL || wpa_ie_len < 1)
467 return WPA_INVALID_IE;
468
469 if (wpa_ie[0] == WLAN_EID_RSN)
470 version = WPA_PROTO_RSN;
471 else
472 version = WPA_PROTO_WPA;
473
474 if (!(wpa_auth->conf.wpa & version)) {
475 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
476 version, MAC2STR(sm->addr));
477 return WPA_INVALID_PROTO;
478 }
479
480 if (version == WPA_PROTO_RSN) {
481 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
482
483 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
484 if (0) {
485 }
486 #ifdef CONFIG_IEEE80211R
487 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
488 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
489 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
490 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
491 #endif /* CONFIG_IEEE80211R */
492 #ifdef CONFIG_IEEE80211W
493 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
494 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
495 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
496 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
497 #endif /* CONFIG_IEEE80211W */
498 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
499 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
500 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
501 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
502 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
503
504 selector = RSN_CIPHER_SUITE_CCMP;
505 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
506 selector = RSN_CIPHER_SUITE_CCMP;
507 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
508 selector = RSN_CIPHER_SUITE_TKIP;
509 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
510 selector = RSN_CIPHER_SUITE_WEP104;
511 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
512 selector = RSN_CIPHER_SUITE_WEP40;
513 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
514 selector = RSN_CIPHER_SUITE_NONE;
515 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
516
517 selector = RSN_CIPHER_SUITE_CCMP;
518 if (data.group_cipher & WPA_CIPHER_CCMP)
519 selector = RSN_CIPHER_SUITE_CCMP;
520 else if (data.group_cipher & WPA_CIPHER_TKIP)
521 selector = RSN_CIPHER_SUITE_TKIP;
522 else if (data.group_cipher & WPA_CIPHER_WEP104)
523 selector = RSN_CIPHER_SUITE_WEP104;
524 else if (data.group_cipher & WPA_CIPHER_WEP40)
525 selector = RSN_CIPHER_SUITE_WEP40;
526 else if (data.group_cipher & WPA_CIPHER_NONE)
527 selector = RSN_CIPHER_SUITE_NONE;
528 wpa_auth->dot11RSNAGroupCipherSelected = selector;
529 } else {
530 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
531
532 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
533 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
534 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
535 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
536 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
537 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
538
539 selector = WPA_CIPHER_SUITE_TKIP;
540 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
541 selector = WPA_CIPHER_SUITE_CCMP;
542 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
543 selector = WPA_CIPHER_SUITE_TKIP;
544 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
545 selector = WPA_CIPHER_SUITE_WEP104;
546 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
547 selector = WPA_CIPHER_SUITE_WEP40;
548 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
549 selector = WPA_CIPHER_SUITE_NONE;
550 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
551
552 selector = WPA_CIPHER_SUITE_TKIP;
553 if (data.group_cipher & WPA_CIPHER_CCMP)
554 selector = WPA_CIPHER_SUITE_CCMP;
555 else if (data.group_cipher & WPA_CIPHER_TKIP)
556 selector = WPA_CIPHER_SUITE_TKIP;
557 else if (data.group_cipher & WPA_CIPHER_WEP104)
558 selector = WPA_CIPHER_SUITE_WEP104;
559 else if (data.group_cipher & WPA_CIPHER_WEP40)
560 selector = WPA_CIPHER_SUITE_WEP40;
561 else if (data.group_cipher & WPA_CIPHER_NONE)
562 selector = WPA_CIPHER_SUITE_NONE;
563 wpa_auth->dot11RSNAGroupCipherSelected = selector;
564 }
565 if (res) {
566 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
567 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
568 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
569 return WPA_INVALID_IE;
570 }
571
572 if (data.group_cipher != wpa_auth->conf.wpa_group) {
573 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
574 MACSTR, data.group_cipher, MAC2STR(sm->addr));
575 return WPA_INVALID_GROUP;
576 }
577
578 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
579 if (!key_mgmt) {
580 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
581 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
582 return WPA_INVALID_AKMP;
583 }
584 if (0) {
585 }
586 #ifdef CONFIG_IEEE80211R
587 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
588 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
589 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
590 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
591 #endif /* CONFIG_IEEE80211R */
592 #ifdef CONFIG_IEEE80211W
593 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
594 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
595 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
596 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
597 #endif /* CONFIG_IEEE80211W */
598 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
599 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
600 else
601 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
602
603 if (version == WPA_PROTO_RSN)
604 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
605 else
606 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
607 if (!ciphers) {
608 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
609 "from " MACSTR,
610 version == WPA_PROTO_RSN ? "RSN" : "WPA",
611 data.pairwise_cipher, MAC2STR(sm->addr));
612 return WPA_INVALID_PAIRWISE;
613 }
614
615 #ifdef CONFIG_IEEE80211W
616 if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
617 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
618 wpa_printf(MSG_DEBUG, "Management frame protection "
619 "required, but client did not enable it");
620 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
621 }
622
623 if (ciphers & WPA_CIPHER_TKIP) {
624 wpa_printf(MSG_DEBUG, "Management frame protection "
625 "cannot use TKIP");
626 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
627 }
628
629 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
630 wpa_printf(MSG_DEBUG, "Unsupported management group "
631 "cipher %d", data.mgmt_group_cipher);
632 return WPA_INVALID_MGMT_GROUP_CIPHER;
633 }
634 }
635
636 if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
637 !(data.capabilities & WPA_CAPABILITY_MFPC))
638 sm->mgmt_frame_prot = 0;
639 else
640 sm->mgmt_frame_prot = 1;
641 #endif /* CONFIG_IEEE80211W */
642
643 #ifdef CONFIG_IEEE80211R
644 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
645 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
646 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
647 "MDIE not included");
648 return WPA_INVALID_MDIE;
649 }
650 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
651 MOBILITY_DOMAIN_ID_LEN) != 0) {
652 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
653 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
654 return WPA_INVALID_MDIE;
655 }
656 }
657 #endif /* CONFIG_IEEE80211R */
658
659 if (ciphers & WPA_CIPHER_CCMP)
660 sm->pairwise = WPA_CIPHER_CCMP;
661 else
662 sm->pairwise = WPA_CIPHER_TKIP;
663
664 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
665 if (wpa_ie[0] == WLAN_EID_RSN)
666 sm->wpa = WPA_VERSION_WPA2;
667 else
668 sm->wpa = WPA_VERSION_WPA;
669
670 sm->pmksa = NULL;
671 for (i = 0; i < data.num_pmkid; i++) {
672 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
673 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
674 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
675 &data.pmkid[i * PMKID_LEN]);
676 if (sm->pmksa) {
677 pmkid = sm->pmksa->pmkid;
678 break;
679 }
680 }
681 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
682 i < data.num_pmkid; i++) {
683 struct wpa_auth_okc_iter_data idata;
684 idata.pmksa = NULL;
685 idata.aa = wpa_auth->addr;
686 idata.spa = sm->addr;
687 idata.pmkid = &data.pmkid[i * PMKID_LEN];
688 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
689 if (idata.pmksa) {
690 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
691 "OKC match for PMKID");
692 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
693 idata.pmksa,
694 wpa_auth->addr,
695 idata.pmkid);
696 pmkid = idata.pmkid;
697 break;
698 }
699 }
700 if (sm->pmksa) {
701 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
702 "PMKID found from PMKSA cache "
703 "eap_type=%d vlan_id=%d",
704 sm->pmksa->eap_type_authsrv,
705 sm->pmksa->vlan_id);
706 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
707 }
708
709 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
710 os_free(sm->wpa_ie);
711 sm->wpa_ie = os_malloc(wpa_ie_len);
712 if (sm->wpa_ie == NULL)
713 return WPA_ALLOC_FAIL;
714 }
715 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
716 sm->wpa_ie_len = wpa_ie_len;
717
718 return WPA_IE_OK;
719 }
720
721
722 /**
723 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
724 * @pos: Pointer to the IE header
725 * @end: Pointer to the end of the Key Data buffer
726 * @ie: Pointer to parsed IE data
727 * Returns: 0 on success, 1 if end mark is found, -1 on failure
728 */
729 static int wpa_parse_generic(const u8 *pos, const u8 *end,
730 struct wpa_eapol_ie_parse *ie)
731 {
732 if (pos[1] == 0)
733 return 1;
734
735 if (pos[1] >= 6 &&
736 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
737 pos[2 + WPA_SELECTOR_LEN] == 1 &&
738 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
739 ie->wpa_ie = pos;
740 ie->wpa_ie_len = pos[1] + 2;
741 return 0;
742 }
743
744 if (pos + 1 + RSN_SELECTOR_LEN < end &&
745 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
746 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
747 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
748 return 0;
749 }
750
751 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
752 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
753 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
754 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
755 return 0;
756 }
757
758 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
759 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
760 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
761 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
762 return 0;
763 }
764
765 #ifdef CONFIG_PEERKEY
766 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
767 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
768 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
769 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
770 return 0;
771 }
772
773 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
774 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
775 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
776 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
777 return 0;
778 }
779
780 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
781 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
782 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
783 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
784 return 0;
785 }
786
787 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
788 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
789 ie->error = pos + 2 + RSN_SELECTOR_LEN;
790 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
791 return 0;
792 }
793 #endif /* CONFIG_PEERKEY */
794
795 #ifdef CONFIG_IEEE80211W
796 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
797 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
798 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
799 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
800 return 0;
801 }
802 #endif /* CONFIG_IEEE80211W */
803
804 return 0;
805 }
806
807
808 /**
809 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
810 * @buf: Pointer to the Key Data buffer
811 * @len: Key Data Length
812 * @ie: Pointer to parsed IE data
813 * Returns: 0 on success, -1 on failure
814 */
815 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
816 {
817 const u8 *pos, *end;
818 int ret = 0;
819
820 os_memset(ie, 0, sizeof(*ie));
821 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
822 if (pos[0] == 0xdd &&
823 ((pos == buf + len - 1) || pos[1] == 0)) {
824 /* Ignore padding */
825 break;
826 }
827 if (pos + 2 + pos[1] > end) {
828 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
829 "underflow (ie=%d len=%d pos=%d)",
830 pos[0], pos[1], (int) (pos - buf));
831 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
832 buf, len);
833 ret = -1;
834 break;
835 }
836 if (*pos == WLAN_EID_RSN) {
837 ie->rsn_ie = pos;
838 ie->rsn_ie_len = pos[1] + 2;
839 #ifdef CONFIG_IEEE80211R
840 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
841 ie->mdie = pos;
842 ie->mdie_len = pos[1] + 2;
843 #endif /* CONFIG_IEEE80211R */
844 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
845 ret = wpa_parse_generic(pos, end, ie);
846 if (ret < 0)
847 break;
848 if (ret > 0) {
849 ret = 0;
850 break;
851 }
852 } else {
853 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
854 "Key Data IE", pos, 2 + pos[1]);
855 }
856 }
857
858 return ret;
859 }
860
861
862 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
863 {
864 return sm ? sm->mgmt_frame_prot : 0;
865 }