00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015 #include "utils/includes.h"
00016
00017 #include "utils/common.h"
00018 #include "common/ieee802_11_defs.h"
00019 #include "eapol_auth/eapol_auth_sm.h"
00020 #include "ap_config.h"
00021 #include "ieee802_11.h"
00022 #include "wpa_auth.h"
00023 #include "pmksa_cache_auth.h"
00024 #include "wpa_auth_ie.h"
00025 #include "wpa_auth_i.h"
00026
00027
00028 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
00029 {
00030 struct wpa_ie_hdr *hdr;
00031 int num_suites;
00032 u8 *pos, *count;
00033
00034 hdr = (struct wpa_ie_hdr *) buf;
00035 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
00036 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
00037 WPA_PUT_LE16(hdr->version, WPA_VERSION);
00038 pos = (u8 *) (hdr + 1);
00039
00040 if (conf->wpa_group == WPA_CIPHER_CCMP) {
00041 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
00042 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
00043 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
00044 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
00045 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
00046 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
00047 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
00048 } else {
00049 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
00050 conf->wpa_group);
00051 return -1;
00052 }
00053 pos += WPA_SELECTOR_LEN;
00054
00055 num_suites = 0;
00056 count = pos;
00057 pos += 2;
00058
00059 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
00060 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
00061 pos += WPA_SELECTOR_LEN;
00062 num_suites++;
00063 }
00064 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
00065 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
00066 pos += WPA_SELECTOR_LEN;
00067 num_suites++;
00068 }
00069 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
00070 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
00071 pos += WPA_SELECTOR_LEN;
00072 num_suites++;
00073 }
00074
00075 if (num_suites == 0) {
00076 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
00077 conf->wpa_pairwise);
00078 return -1;
00079 }
00080 WPA_PUT_LE16(count, num_suites);
00081
00082 num_suites = 0;
00083 count = pos;
00084 pos += 2;
00085
00086 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
00087 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
00088 pos += WPA_SELECTOR_LEN;
00089 num_suites++;
00090 }
00091 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
00092 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
00093 pos += WPA_SELECTOR_LEN;
00094 num_suites++;
00095 }
00096
00097 if (num_suites == 0) {
00098 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
00099 conf->wpa_key_mgmt);
00100 return -1;
00101 }
00102 WPA_PUT_LE16(count, num_suites);
00103
00104
00105
00106 hdr->len = (pos - buf) - 2;
00107
00108 return pos - buf;
00109 }
00110
00111
00112 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
00113 const u8 *pmkid)
00114 {
00115 struct rsn_ie_hdr *hdr;
00116 int num_suites;
00117 u8 *pos, *count;
00118 u16 capab;
00119
00120 hdr = (struct rsn_ie_hdr *) buf;
00121 hdr->elem_id = WLAN_EID_RSN;
00122 WPA_PUT_LE16(hdr->version, RSN_VERSION);
00123 pos = (u8 *) (hdr + 1);
00124
00125 if (conf->wpa_group == WPA_CIPHER_CCMP) {
00126 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00127 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
00128 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00129 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
00130 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
00131 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
00132 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
00133 } else {
00134 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
00135 conf->wpa_group);
00136 return -1;
00137 }
00138 pos += RSN_SELECTOR_LEN;
00139
00140 num_suites = 0;
00141 count = pos;
00142 pos += 2;
00143
00144 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
00145 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00146 pos += RSN_SELECTOR_LEN;
00147 num_suites++;
00148 }
00149 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
00150 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00151 pos += RSN_SELECTOR_LEN;
00152 num_suites++;
00153 }
00154 if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
00155 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
00156 pos += RSN_SELECTOR_LEN;
00157 num_suites++;
00158 }
00159
00160 if (num_suites == 0) {
00161 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
00162 conf->rsn_pairwise);
00163 return -1;
00164 }
00165 WPA_PUT_LE16(count, num_suites);
00166
00167 num_suites = 0;
00168 count = pos;
00169 pos += 2;
00170
00171 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
00172 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
00173 pos += RSN_SELECTOR_LEN;
00174 num_suites++;
00175 }
00176 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
00177 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
00178 pos += RSN_SELECTOR_LEN;
00179 num_suites++;
00180 }
00181 #ifdef CONFIG_IEEE80211R
00182 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
00183 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
00184 pos += RSN_SELECTOR_LEN;
00185 num_suites++;
00186 }
00187 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
00188 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
00189 pos += RSN_SELECTOR_LEN;
00190 num_suites++;
00191 }
00192 #endif
00193 #ifdef CONFIG_IEEE80211W
00194 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
00195 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
00196 pos += RSN_SELECTOR_LEN;
00197 num_suites++;
00198 }
00199 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
00200 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
00201 pos += RSN_SELECTOR_LEN;
00202 num_suites++;
00203 }
00204 #endif
00205
00206 if (num_suites == 0) {
00207 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
00208 conf->wpa_key_mgmt);
00209 return -1;
00210 }
00211 WPA_PUT_LE16(count, num_suites);
00212
00213
00214 capab = 0;
00215 if (conf->rsn_preauth)
00216 capab |= WPA_CAPABILITY_PREAUTH;
00217 if (conf->peerkey)
00218 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
00219 if (conf->wmm_enabled) {
00220
00221 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
00222 }
00223 #ifdef CONFIG_IEEE80211W
00224 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
00225 capab |= WPA_CAPABILITY_MFPC;
00226 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
00227 capab |= WPA_CAPABILITY_MFPR;
00228 }
00229 #endif
00230 WPA_PUT_LE16(pos, capab);
00231 pos += 2;
00232
00233 if (pmkid) {
00234 if (pos + 2 + PMKID_LEN > buf + len)
00235 return -1;
00236
00237 WPA_PUT_LE16(pos, 1);
00238 pos += 2;
00239 os_memcpy(pos, pmkid, PMKID_LEN);
00240 pos += PMKID_LEN;
00241 }
00242
00243 #ifdef CONFIG_IEEE80211W
00244 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
00245 if (pos + 2 + 4 > buf + len)
00246 return -1;
00247 if (pmkid == NULL) {
00248
00249 WPA_PUT_LE16(pos, 0);
00250 pos += 2;
00251 }
00252
00253
00254 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
00255 pos += RSN_SELECTOR_LEN;
00256 }
00257 #endif
00258
00259 hdr->len = (pos - buf) - 2;
00260
00261 return pos - buf;
00262 }
00263
00264
00265 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
00266 {
00267 u8 *pos, buf[128];
00268 int res;
00269
00270 pos = buf;
00271
00272 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
00273 res = wpa_write_rsn_ie(&wpa_auth->conf,
00274 pos, buf + sizeof(buf) - pos, NULL);
00275 if (res < 0)
00276 return res;
00277 pos += res;
00278 }
00279 #ifdef CONFIG_IEEE80211R
00280 if (wpa_auth->conf.wpa_key_mgmt &
00281 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) {
00282 res = wpa_write_mdie(&wpa_auth->conf, pos,
00283 buf + sizeof(buf) - pos);
00284 if (res < 0)
00285 return res;
00286 pos += res;
00287 }
00288 #endif
00289 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
00290 res = wpa_write_wpa_ie(&wpa_auth->conf,
00291 pos, buf + sizeof(buf) - pos);
00292 if (res < 0)
00293 return res;
00294 pos += res;
00295 }
00296
00297 os_free(wpa_auth->wpa_ie);
00298 wpa_auth->wpa_ie = os_malloc(pos - buf);
00299 if (wpa_auth->wpa_ie == NULL)
00300 return -1;
00301 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
00302 wpa_auth->wpa_ie_len = pos - buf;
00303
00304 return 0;
00305 }
00306
00307
00308 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
00309 const u8 *data2, size_t data2_len)
00310 {
00311 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
00312 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
00313 RSN_SELECTOR_PUT(pos, kde);
00314 pos += RSN_SELECTOR_LEN;
00315 os_memcpy(pos, data, data_len);
00316 pos += data_len;
00317 if (data2) {
00318 os_memcpy(pos, data2, data2_len);
00319 pos += data2_len;
00320 }
00321 return pos;
00322 }
00323
00324
00325 static int wpa_selector_to_bitfield(const u8 *s)
00326 {
00327 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
00328 return WPA_CIPHER_NONE;
00329 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
00330 return WPA_CIPHER_WEP40;
00331 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
00332 return WPA_CIPHER_TKIP;
00333 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
00334 return WPA_CIPHER_CCMP;
00335 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
00336 return WPA_CIPHER_WEP104;
00337 return 0;
00338 }
00339
00340
00341 static int wpa_key_mgmt_to_bitfield(const u8 *s)
00342 {
00343 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
00344 return WPA_KEY_MGMT_IEEE8021X;
00345 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
00346 return WPA_KEY_MGMT_PSK;
00347 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
00348 return WPA_KEY_MGMT_WPA_NONE;
00349 return 0;
00350 }
00351
00352
00353 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
00354 struct wpa_ie_data *data)
00355 {
00356 const struct wpa_ie_hdr *hdr;
00357 const u8 *pos;
00358 int left;
00359 int i, count;
00360
00361 os_memset(data, 0, sizeof(*data));
00362 data->pairwise_cipher = WPA_CIPHER_TKIP;
00363 data->group_cipher = WPA_CIPHER_TKIP;
00364 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
00365 data->mgmt_group_cipher = 0;
00366
00367 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
00368 return -1;
00369
00370 hdr = (const struct wpa_ie_hdr *) wpa_ie;
00371
00372 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
00373 hdr->len != wpa_ie_len - 2 ||
00374 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
00375 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
00376 return -2;
00377 }
00378
00379 pos = (const u8 *) (hdr + 1);
00380 left = wpa_ie_len - sizeof(*hdr);
00381
00382 if (left >= WPA_SELECTOR_LEN) {
00383 data->group_cipher = wpa_selector_to_bitfield(pos);
00384 pos += WPA_SELECTOR_LEN;
00385 left -= WPA_SELECTOR_LEN;
00386 } else if (left > 0)
00387 return -3;
00388
00389 if (left >= 2) {
00390 data->pairwise_cipher = 0;
00391 count = WPA_GET_LE16(pos);
00392 pos += 2;
00393 left -= 2;
00394 if (count == 0 || left < count * WPA_SELECTOR_LEN)
00395 return -4;
00396 for (i = 0; i < count; i++) {
00397 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
00398 pos += WPA_SELECTOR_LEN;
00399 left -= WPA_SELECTOR_LEN;
00400 }
00401 } else if (left == 1)
00402 return -5;
00403
00404 if (left >= 2) {
00405 data->key_mgmt = 0;
00406 count = WPA_GET_LE16(pos);
00407 pos += 2;
00408 left -= 2;
00409 if (count == 0 || left < count * WPA_SELECTOR_LEN)
00410 return -6;
00411 for (i = 0; i < count; i++) {
00412 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
00413 pos += WPA_SELECTOR_LEN;
00414 left -= WPA_SELECTOR_LEN;
00415 }
00416 } else if (left == 1)
00417 return -7;
00418
00419 if (left >= 2) {
00420 data->capabilities = WPA_GET_LE16(pos);
00421 pos += 2;
00422 left -= 2;
00423 }
00424
00425 if (left > 0) {
00426 return -8;
00427 }
00428
00429 return 0;
00430 }
00431
00432
00433 struct wpa_auth_okc_iter_data {
00434 struct rsn_pmksa_cache_entry *pmksa;
00435 const u8 *aa;
00436 const u8 *spa;
00437 const u8 *pmkid;
00438 };
00439
00440
00441 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
00442 {
00443 struct wpa_auth_okc_iter_data *data = ctx;
00444 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
00445 data->pmkid);
00446 if (data->pmksa)
00447 return 1;
00448 return 0;
00449 }
00450
00451
00452 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
00453 struct wpa_state_machine *sm,
00454 const u8 *wpa_ie, size_t wpa_ie_len,
00455 const u8 *mdie, size_t mdie_len)
00456 {
00457 struct wpa_ie_data data;
00458 int ciphers, key_mgmt, res, version;
00459 u32 selector;
00460 size_t i;
00461 const u8 *pmkid = NULL;
00462
00463 if (wpa_auth == NULL || sm == NULL)
00464 return WPA_NOT_ENABLED;
00465
00466 if (wpa_ie == NULL || wpa_ie_len < 1)
00467 return WPA_INVALID_IE;
00468
00469 if (wpa_ie[0] == WLAN_EID_RSN)
00470 version = WPA_PROTO_RSN;
00471 else
00472 version = WPA_PROTO_WPA;
00473
00474 if (!(wpa_auth->conf.wpa & version)) {
00475 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
00476 version, MAC2STR(sm->addr));
00477 return WPA_INVALID_PROTO;
00478 }
00479
00480 if (version == WPA_PROTO_RSN) {
00481 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
00482
00483 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
00484 if (0) {
00485 }
00486 #ifdef CONFIG_IEEE80211R
00487 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
00488 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
00489 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
00490 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
00491 #endif
00492 #ifdef CONFIG_IEEE80211W
00493 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
00494 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
00495 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
00496 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
00497 #endif
00498 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00499 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
00500 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
00501 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
00502 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
00503
00504 selector = RSN_CIPHER_SUITE_CCMP;
00505 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
00506 selector = RSN_CIPHER_SUITE_CCMP;
00507 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
00508 selector = RSN_CIPHER_SUITE_TKIP;
00509 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
00510 selector = RSN_CIPHER_SUITE_WEP104;
00511 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
00512 selector = RSN_CIPHER_SUITE_WEP40;
00513 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
00514 selector = RSN_CIPHER_SUITE_NONE;
00515 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
00516
00517 selector = RSN_CIPHER_SUITE_CCMP;
00518 if (data.group_cipher & WPA_CIPHER_CCMP)
00519 selector = RSN_CIPHER_SUITE_CCMP;
00520 else if (data.group_cipher & WPA_CIPHER_TKIP)
00521 selector = RSN_CIPHER_SUITE_TKIP;
00522 else if (data.group_cipher & WPA_CIPHER_WEP104)
00523 selector = RSN_CIPHER_SUITE_WEP104;
00524 else if (data.group_cipher & WPA_CIPHER_WEP40)
00525 selector = RSN_CIPHER_SUITE_WEP40;
00526 else if (data.group_cipher & WPA_CIPHER_NONE)
00527 selector = RSN_CIPHER_SUITE_NONE;
00528 wpa_auth->dot11RSNAGroupCipherSelected = selector;
00529 } else {
00530 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
00531
00532 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
00533 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00534 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
00535 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
00536 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
00537 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
00538
00539 selector = WPA_CIPHER_SUITE_TKIP;
00540 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
00541 selector = WPA_CIPHER_SUITE_CCMP;
00542 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
00543 selector = WPA_CIPHER_SUITE_TKIP;
00544 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
00545 selector = WPA_CIPHER_SUITE_WEP104;
00546 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
00547 selector = WPA_CIPHER_SUITE_WEP40;
00548 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
00549 selector = WPA_CIPHER_SUITE_NONE;
00550 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
00551
00552 selector = WPA_CIPHER_SUITE_TKIP;
00553 if (data.group_cipher & WPA_CIPHER_CCMP)
00554 selector = WPA_CIPHER_SUITE_CCMP;
00555 else if (data.group_cipher & WPA_CIPHER_TKIP)
00556 selector = WPA_CIPHER_SUITE_TKIP;
00557 else if (data.group_cipher & WPA_CIPHER_WEP104)
00558 selector = WPA_CIPHER_SUITE_WEP104;
00559 else if (data.group_cipher & WPA_CIPHER_WEP40)
00560 selector = WPA_CIPHER_SUITE_WEP40;
00561 else if (data.group_cipher & WPA_CIPHER_NONE)
00562 selector = WPA_CIPHER_SUITE_NONE;
00563 wpa_auth->dot11RSNAGroupCipherSelected = selector;
00564 }
00565 if (res) {
00566 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
00567 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
00568 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
00569 return WPA_INVALID_IE;
00570 }
00571
00572 if (data.group_cipher != wpa_auth->conf.wpa_group) {
00573 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
00574 MACSTR, data.group_cipher, MAC2STR(sm->addr));
00575 return WPA_INVALID_GROUP;
00576 }
00577
00578 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
00579 if (!key_mgmt) {
00580 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
00581 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
00582 return WPA_INVALID_AKMP;
00583 }
00584 if (0) {
00585 }
00586 #ifdef CONFIG_IEEE80211R
00587 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
00588 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
00589 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
00590 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
00591 #endif
00592 #ifdef CONFIG_IEEE80211W
00593 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
00594 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
00595 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
00596 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
00597 #endif
00598 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00599 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
00600 else
00601 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
00602
00603 if (version == WPA_PROTO_RSN)
00604 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
00605 else
00606 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
00607 if (!ciphers) {
00608 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
00609 "from " MACSTR,
00610 version == WPA_PROTO_RSN ? "RSN" : "WPA",
00611 data.pairwise_cipher, MAC2STR(sm->addr));
00612 return WPA_INVALID_PAIRWISE;
00613 }
00614
00615 #ifdef CONFIG_IEEE80211W
00616 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
00617 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
00618 wpa_printf(MSG_DEBUG, "Management frame protection "
00619 "required, but client did not enable it");
00620 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
00621 }
00622
00623 if (ciphers & WPA_CIPHER_TKIP) {
00624 wpa_printf(MSG_DEBUG, "Management frame protection "
00625 "cannot use TKIP");
00626 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
00627 }
00628
00629 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
00630 wpa_printf(MSG_DEBUG, "Unsupported management group "
00631 "cipher %d", data.mgmt_group_cipher);
00632 return WPA_INVALID_MGMT_GROUP_CIPHER;
00633 }
00634 }
00635
00636 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
00637 !(data.capabilities & WPA_CAPABILITY_MFPC))
00638 sm->mgmt_frame_prot = 0;
00639 else
00640 sm->mgmt_frame_prot = 1;
00641 #endif
00642
00643 #ifdef CONFIG_IEEE80211R
00644 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
00645 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
00646 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
00647 "MDIE not included");
00648 return WPA_INVALID_MDIE;
00649 }
00650 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
00651 MOBILITY_DOMAIN_ID_LEN) != 0) {
00652 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
00653 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
00654 return WPA_INVALID_MDIE;
00655 }
00656 }
00657 #endif
00658
00659 if (ciphers & WPA_CIPHER_CCMP)
00660 sm->pairwise = WPA_CIPHER_CCMP;
00661 else
00662 sm->pairwise = WPA_CIPHER_TKIP;
00663
00664
00665 if (wpa_ie[0] == WLAN_EID_RSN)
00666 sm->wpa = WPA_VERSION_WPA2;
00667 else
00668 sm->wpa = WPA_VERSION_WPA;
00669
00670 sm->pmksa = NULL;
00671 for (i = 0; i < data.num_pmkid; i++) {
00672 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
00673 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
00674 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
00675 &data.pmkid[i * PMKID_LEN]);
00676 if (sm->pmksa) {
00677 pmkid = sm->pmksa->pmkid;
00678 break;
00679 }
00680 }
00681 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
00682 i < data.num_pmkid; i++) {
00683 struct wpa_auth_okc_iter_data idata;
00684 idata.pmksa = NULL;
00685 idata.aa = wpa_auth->addr;
00686 idata.spa = sm->addr;
00687 idata.pmkid = &data.pmkid[i * PMKID_LEN];
00688 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
00689 if (idata.pmksa) {
00690 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00691 "OKC match for PMKID");
00692 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
00693 idata.pmksa,
00694 wpa_auth->addr,
00695 idata.pmkid);
00696 pmkid = idata.pmkid;
00697 break;
00698 }
00699 }
00700 if (sm->pmksa) {
00701 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00702 "PMKID found from PMKSA cache "
00703 "eap_type=%d vlan_id=%d",
00704 sm->pmksa->eap_type_authsrv,
00705 sm->pmksa->vlan_id);
00706 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
00707 }
00708
00709 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
00710 os_free(sm->wpa_ie);
00711 sm->wpa_ie = os_malloc(wpa_ie_len);
00712 if (sm->wpa_ie == NULL)
00713 return WPA_ALLOC_FAIL;
00714 }
00715 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
00716 sm->wpa_ie_len = wpa_ie_len;
00717
00718 return WPA_IE_OK;
00719 }
00720
00721
00729 static int wpa_parse_generic(const u8 *pos, const u8 *end,
00730 struct wpa_eapol_ie_parse *ie)
00731 {
00732 if (pos[1] == 0)
00733 return 1;
00734
00735 if (pos[1] >= 6 &&
00736 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
00737 pos[2 + WPA_SELECTOR_LEN] == 1 &&
00738 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
00739 ie->wpa_ie = pos;
00740 ie->wpa_ie_len = pos[1] + 2;
00741 return 0;
00742 }
00743
00744 if (pos + 1 + RSN_SELECTOR_LEN < end &&
00745 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
00746 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
00747 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
00748 return 0;
00749 }
00750
00751 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00752 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
00753 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
00754 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
00755 return 0;
00756 }
00757
00758 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00759 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
00760 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
00761 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
00762 return 0;
00763 }
00764
00765 #ifdef CONFIG_PEERKEY
00766 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00767 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
00768 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
00769 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
00770 return 0;
00771 }
00772
00773 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00774 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
00775 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
00776 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
00777 return 0;
00778 }
00779
00780 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00781 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
00782 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
00783 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
00784 return 0;
00785 }
00786
00787 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00788 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
00789 ie->error = pos + 2 + RSN_SELECTOR_LEN;
00790 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
00791 return 0;
00792 }
00793 #endif
00794
00795 #ifdef CONFIG_IEEE80211W
00796 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00797 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
00798 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
00799 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
00800 return 0;
00801 }
00802 #endif
00803
00804 return 0;
00805 }
00806
00807
00815 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
00816 {
00817 const u8 *pos, *end;
00818 int ret = 0;
00819
00820 os_memset(ie, 0, sizeof(*ie));
00821 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
00822 if (pos[0] == 0xdd &&
00823 ((pos == buf + len - 1) || pos[1] == 0)) {
00824
00825 break;
00826 }
00827 if (pos + 2 + pos[1] > end) {
00828 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
00829 "underflow (ie=%d len=%d pos=%d)",
00830 pos[0], pos[1], (int) (pos - buf));
00831 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
00832 buf, len);
00833 ret = -1;
00834 break;
00835 }
00836 if (*pos == WLAN_EID_RSN) {
00837 ie->rsn_ie = pos;
00838 ie->rsn_ie_len = pos[1] + 2;
00839 #ifdef CONFIG_IEEE80211R
00840 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
00841 ie->mdie = pos;
00842 ie->mdie_len = pos[1] + 2;
00843 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
00844 ie->ftie = pos;
00845 ie->ftie_len = pos[1] + 2;
00846 #endif
00847 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
00848 ret = wpa_parse_generic(pos, end, ie);
00849 if (ret < 0)
00850 break;
00851 if (ret > 0) {
00852 ret = 0;
00853 break;
00854 }
00855 } else {
00856 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
00857 "Key Data IE", pos, 2 + pos[1]);
00858 }
00859 }
00860
00861 return ret;
00862 }
00863
00864
00865 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
00866 {
00867 return sm ? sm->mgmt_frame_prot : 0;
00868 }