1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
16 #include "wpa_auth.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
20
21
22 #ifdef CONFIG_RSN_TESTING
23 int rsn_testing = 0;
24 #endif /* CONFIG_RSN_TESTING */
25
26
wpa_write_wpa_ie(struct wpa_auth_config * conf,u8 * buf,size_t len)27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
28 {
29 struct wpa_ie_hdr *hdr;
30 int num_suites;
31 u8 *pos, *count;
32 u32 suite;
33
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
39
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
41 if (suite == 0) {
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
43 conf->wpa_group);
44 return -1;
45 }
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
48
49 count = pos;
50 pos += 2;
51
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
55 conf->wpa_pairwise);
56 return -1;
57 }
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
60
61 num_suites = 0;
62 count = pos;
63 pos += 2;
64
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
68 num_suites++;
69 }
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
73 num_suites++;
74 }
75
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
78 conf->wpa_key_mgmt);
79 return -1;
80 }
81 WPA_PUT_LE16(count, num_suites);
82
83 /* WPA Capabilities; use defaults, so no need to include it */
84
85 hdr->len = (pos - buf) - 2;
86
87 return pos - buf;
88 }
89
90
wpa_write_rsn_ie(struct wpa_auth_config * conf,u8 * buf,size_t len,const u8 * pmkid)91 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
92 const u8 *pmkid)
93 {
94 struct rsn_ie_hdr *hdr;
95 int num_suites, res;
96 u8 *pos, *count;
97 u16 capab;
98 u32 suite;
99
100 hdr = (struct rsn_ie_hdr *) buf;
101 hdr->elem_id = WLAN_EID_RSN;
102 WPA_PUT_LE16(hdr->version, RSN_VERSION);
103 pos = (u8 *) (hdr + 1);
104
105 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
106 if (suite == 0) {
107 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
108 conf->wpa_group);
109 return -1;
110 }
111 RSN_SELECTOR_PUT(pos, suite);
112 pos += RSN_SELECTOR_LEN;
113
114 num_suites = 0;
115 count = pos;
116 pos += 2;
117
118 #ifdef CONFIG_RSN_TESTING
119 if (rsn_testing) {
120 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 pos += RSN_SELECTOR_LEN;
122 num_suites++;
123 }
124 #endif /* CONFIG_RSN_TESTING */
125
126 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
127 num_suites += res;
128 pos += res * RSN_SELECTOR_LEN;
129
130 #ifdef CONFIG_RSN_TESTING
131 if (rsn_testing) {
132 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 pos += RSN_SELECTOR_LEN;
134 num_suites++;
135 }
136 #endif /* CONFIG_RSN_TESTING */
137
138 if (num_suites == 0) {
139 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
140 conf->rsn_pairwise);
141 return -1;
142 }
143 WPA_PUT_LE16(count, num_suites);
144
145 num_suites = 0;
146 count = pos;
147 pos += 2;
148
149 #ifdef CONFIG_RSN_TESTING
150 if (rsn_testing) {
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
153 num_suites++;
154 }
155 #endif /* CONFIG_RSN_TESTING */
156
157 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
158 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 pos += RSN_SELECTOR_LEN;
160 num_suites++;
161 }
162 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
163 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 pos += RSN_SELECTOR_LEN;
165 num_suites++;
166 }
167 #ifdef CONFIG_IEEE80211R_AP
168 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
169 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 pos += RSN_SELECTOR_LEN;
171 num_suites++;
172 }
173 #ifdef CONFIG_SHA384
174 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
175 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
176 pos += RSN_SELECTOR_LEN;
177 num_suites++;
178 }
179 #endif /* CONFIG_SHA384 */
180 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
181 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
182 pos += RSN_SELECTOR_LEN;
183 num_suites++;
184 }
185 #endif /* CONFIG_IEEE80211R_AP */
186 #ifdef CONFIG_IEEE80211W
187 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
188 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
189 pos += RSN_SELECTOR_LEN;
190 num_suites++;
191 }
192 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
193 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
194 pos += RSN_SELECTOR_LEN;
195 num_suites++;
196 }
197 #endif /* CONFIG_IEEE80211W */
198 #ifdef CONFIG_SAE
199 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
200 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
201 pos += RSN_SELECTOR_LEN;
202 num_suites++;
203 }
204 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
205 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
206 pos += RSN_SELECTOR_LEN;
207 num_suites++;
208 }
209 #endif /* CONFIG_SAE */
210 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
211 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
212 pos += RSN_SELECTOR_LEN;
213 num_suites++;
214 }
215 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
216 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
217 pos += RSN_SELECTOR_LEN;
218 num_suites++;
219 }
220 #ifdef CONFIG_FILS
221 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
222 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
223 pos += RSN_SELECTOR_LEN;
224 num_suites++;
225 }
226 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
227 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
228 pos += RSN_SELECTOR_LEN;
229 num_suites++;
230 }
231 #ifdef CONFIG_IEEE80211R_AP
232 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
233 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
234 pos += RSN_SELECTOR_LEN;
235 num_suites++;
236 }
237 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
238 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
239 pos += RSN_SELECTOR_LEN;
240 num_suites++;
241 }
242 #endif /* CONFIG_IEEE80211R_AP */
243 #endif /* CONFIG_FILS */
244 #ifdef CONFIG_OWE
245 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
246 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
247 pos += RSN_SELECTOR_LEN;
248 num_suites++;
249 }
250 #endif /* CONFIG_OWE */
251 #ifdef CONFIG_DPP
252 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
253 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
254 pos += RSN_SELECTOR_LEN;
255 num_suites++;
256 }
257 #endif /* CONFIG_DPP */
258 #ifdef CONFIG_HS20
259 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
260 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
261 pos += RSN_SELECTOR_LEN;
262 num_suites++;
263 }
264 #endif /* CONFIG_HS20 */
265
266 #ifdef CONFIG_RSN_TESTING
267 if (rsn_testing) {
268 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
269 pos += RSN_SELECTOR_LEN;
270 num_suites++;
271 }
272 #endif /* CONFIG_RSN_TESTING */
273
274 if (num_suites == 0) {
275 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
276 conf->wpa_key_mgmt);
277 return -1;
278 }
279 WPA_PUT_LE16(count, num_suites);
280
281 /* RSN Capabilities */
282 capab = 0;
283 if (conf->rsn_preauth)
284 capab |= WPA_CAPABILITY_PREAUTH;
285 if (conf->wmm_enabled) {
286 /* 4 PTKSA replay counters when using WMM */
287 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
288 }
289 #ifdef CONFIG_IEEE80211W
290 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
291 capab |= WPA_CAPABILITY_MFPC;
292 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
293 capab |= WPA_CAPABILITY_MFPR;
294 }
295 #endif /* CONFIG_IEEE80211W */
296 #ifdef CONFIG_OCV
297 if (conf->ocv)
298 capab |= WPA_CAPABILITY_OCVC;
299 #endif /* CONFIG_OCV */
300 #ifdef CONFIG_RSN_TESTING
301 if (rsn_testing)
302 capab |= BIT(8) | BIT(15);
303 #endif /* CONFIG_RSN_TESTING */
304 WPA_PUT_LE16(pos, capab);
305 pos += 2;
306
307 if (pmkid) {
308 if (2 + PMKID_LEN > buf + len - pos)
309 return -1;
310 /* PMKID Count */
311 WPA_PUT_LE16(pos, 1);
312 pos += 2;
313 os_memcpy(pos, pmkid, PMKID_LEN);
314 pos += PMKID_LEN;
315 }
316
317 #ifdef CONFIG_IEEE80211W
318 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
319 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
320 if (2 + 4 > buf + len - pos)
321 return -1;
322 if (pmkid == NULL) {
323 /* PMKID Count */
324 WPA_PUT_LE16(pos, 0);
325 pos += 2;
326 }
327
328 /* Management Group Cipher Suite */
329 switch (conf->group_mgmt_cipher) {
330 case WPA_CIPHER_AES_128_CMAC:
331 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
332 break;
333 case WPA_CIPHER_BIP_GMAC_128:
334 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
335 break;
336 case WPA_CIPHER_BIP_GMAC_256:
337 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
338 break;
339 case WPA_CIPHER_BIP_CMAC_256:
340 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
341 break;
342 default:
343 wpa_printf(MSG_DEBUG,
344 "Invalid group management cipher (0x%x)",
345 conf->group_mgmt_cipher);
346 return -1;
347 }
348 pos += RSN_SELECTOR_LEN;
349 }
350 #endif /* CONFIG_IEEE80211W */
351
352 #ifdef CONFIG_RSN_TESTING
353 if (rsn_testing) {
354 /*
355 * Fill in any defined fields and add extra data to the end of
356 * the element.
357 */
358 int pmkid_count_set = pmkid != NULL;
359 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
360 pmkid_count_set = 1;
361 /* PMKID Count */
362 WPA_PUT_LE16(pos, 0);
363 pos += 2;
364 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
365 /* Management Group Cipher Suite */
366 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
367 pos += RSN_SELECTOR_LEN;
368 }
369
370 os_memset(pos, 0x12, 17);
371 pos += 17;
372 }
373 #endif /* CONFIG_RSN_TESTING */
374
375 hdr->len = (pos - buf) - 2;
376
377 return pos - buf;
378 }
379
380
wpa_write_osen(struct wpa_auth_config * conf,u8 * eid)381 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
382 {
383 u8 *len;
384 u16 capab;
385
386 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
387 len = eid++; /* to be filled */
388 WPA_PUT_BE24(eid, OUI_WFA);
389 eid += 3;
390 *eid++ = HS20_OSEN_OUI_TYPE;
391
392 /* Group Data Cipher Suite */
393 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
394 eid += RSN_SELECTOR_LEN;
395
396 /* Pairwise Cipher Suite Count and List */
397 WPA_PUT_LE16(eid, 1);
398 eid += 2;
399 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
400 eid += RSN_SELECTOR_LEN;
401
402 /* AKM Suite Count and List */
403 WPA_PUT_LE16(eid, 1);
404 eid += 2;
405 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
406 eid += RSN_SELECTOR_LEN;
407
408 /* RSN Capabilities */
409 capab = 0;
410 if (conf->wmm_enabled) {
411 /* 4 PTKSA replay counters when using WMM */
412 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
413 }
414 #ifdef CONFIG_IEEE80211W
415 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
416 capab |= WPA_CAPABILITY_MFPC;
417 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
418 capab |= WPA_CAPABILITY_MFPR;
419 }
420 #endif /* CONFIG_IEEE80211W */
421 #ifdef CONFIG_OCV
422 if (conf->ocv)
423 capab |= WPA_CAPABILITY_OCVC;
424 #endif /* CONFIG_OCV */
425 WPA_PUT_LE16(eid, capab);
426 eid += 2;
427
428 *len = eid - len - 1;
429
430 return eid;
431 }
432
433
wpa_auth_gen_wpa_ie(struct wpa_authenticator * wpa_auth)434 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
435 {
436 u8 *pos, buf[128];
437 int res;
438
439 #ifdef CONFIG_TESTING_OPTIONS
440 if (wpa_auth->conf.own_ie_override_len) {
441 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
442 wpa_auth->conf.own_ie_override,
443 wpa_auth->conf.own_ie_override_len);
444 os_free(wpa_auth->wpa_ie);
445 wpa_auth->wpa_ie =
446 os_malloc(wpa_auth->conf.own_ie_override_len);
447 if (wpa_auth->wpa_ie == NULL)
448 return -1;
449 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
450 wpa_auth->conf.own_ie_override_len);
451 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
452 return 0;
453 }
454 #endif /* CONFIG_TESTING_OPTIONS */
455
456 pos = buf;
457
458 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
459 pos = wpa_write_osen(&wpa_auth->conf, pos);
460 }
461 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
462 res = wpa_write_rsn_ie(&wpa_auth->conf,
463 pos, buf + sizeof(buf) - pos, NULL);
464 if (res < 0)
465 return res;
466 pos += res;
467 }
468 #ifdef CONFIG_IEEE80211R_AP
469 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
470 res = wpa_write_mdie(&wpa_auth->conf, pos,
471 buf + sizeof(buf) - pos);
472 if (res < 0)
473 return res;
474 pos += res;
475 }
476 #endif /* CONFIG_IEEE80211R_AP */
477 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
478 res = wpa_write_wpa_ie(&wpa_auth->conf,
479 pos, buf + sizeof(buf) - pos);
480 if (res < 0)
481 return res;
482 pos += res;
483 }
484
485 os_free(wpa_auth->wpa_ie);
486 wpa_auth->wpa_ie = os_malloc(pos - buf);
487 if (wpa_auth->wpa_ie == NULL)
488 return -1;
489 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
490 wpa_auth->wpa_ie_len = pos - buf;
491
492 return 0;
493 }
494
495
wpa_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len,const u8 * data2,size_t data2_len)496 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
497 const u8 *data2, size_t data2_len)
498 {
499 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
500 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
501 RSN_SELECTOR_PUT(pos, kde);
502 pos += RSN_SELECTOR_LEN;
503 os_memcpy(pos, data, data_len);
504 pos += data_len;
505 if (data2) {
506 os_memcpy(pos, data2, data2_len);
507 pos += data2_len;
508 }
509 return pos;
510 }
511
512
513 struct wpa_auth_okc_iter_data {
514 struct rsn_pmksa_cache_entry *pmksa;
515 const u8 *aa;
516 const u8 *spa;
517 const u8 *pmkid;
518 };
519
520
wpa_auth_okc_iter(struct wpa_authenticator * a,void * ctx)521 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
522 {
523 struct wpa_auth_okc_iter_data *data = ctx;
524 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
525 data->pmkid);
526 if (data->pmksa)
527 return 1;
528 return 0;
529 }
530
531
wpa_validate_wpa_ie(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,int freq,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * mdie,size_t mdie_len,const u8 * owe_dh,size_t owe_dh_len)532 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
533 struct wpa_state_machine *sm, int freq,
534 const u8 *wpa_ie, size_t wpa_ie_len,
535 const u8 *mdie, size_t mdie_len,
536 const u8 *owe_dh, size_t owe_dh_len)
537 {
538 struct wpa_ie_data data;
539 int ciphers, key_mgmt, res, version;
540 u32 selector;
541 size_t i;
542 const u8 *pmkid = NULL;
543
544 if (wpa_auth == NULL || sm == NULL)
545 return WPA_NOT_ENABLED;
546
547 if (wpa_ie == NULL || wpa_ie_len < 1)
548 return WPA_INVALID_IE;
549
550 if (wpa_ie[0] == WLAN_EID_RSN)
551 version = WPA_PROTO_RSN;
552 else
553 version = WPA_PROTO_WPA;
554
555 if (!(wpa_auth->conf.wpa & version)) {
556 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
557 version, MAC2STR(sm->addr));
558 return WPA_INVALID_PROTO;
559 }
560
561 if (version == WPA_PROTO_RSN) {
562 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
563 if (!data.has_pairwise)
564 data.pairwise_cipher = wpa_default_rsn_cipher(freq);
565 if (!data.has_group)
566 data.group_cipher = wpa_default_rsn_cipher(freq);
567
568 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
569 !wpa_key_mgmt_only_ft(data.key_mgmt)) {
570 /* Workaround for some HP and Epson printers that seem
571 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
572 * advertised RSNE to Association Request frame. */
573 wpa_printf(MSG_DEBUG,
574 "RSN: FT set in RSNE AKM but MDE is missing from "
575 MACSTR
576 " - ignore FT AKM(s) because there's also a non-FT AKM",
577 MAC2STR(sm->addr));
578 data.key_mgmt &= ~WPA_KEY_MGMT_FT;
579 }
580
581 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
582 if (0) {
583 }
584 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
585 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
586 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
587 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
588 #ifdef CONFIG_FILS
589 #ifdef CONFIG_IEEE80211R_AP
590 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
591 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
592 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
593 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
594 #endif /* CONFIG_IEEE80211R_AP */
595 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
596 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
597 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
598 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
599 #endif /* CONFIG_FILS */
600 #ifdef CONFIG_IEEE80211R_AP
601 #ifdef CONFIG_SHA384
602 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
603 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
604 #endif /* CONFIG_SHA384 */
605 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
606 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
607 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
608 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
609 #endif /* CONFIG_IEEE80211R_AP */
610 #ifdef CONFIG_IEEE80211W
611 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
612 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
613 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
614 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
615 #endif /* CONFIG_IEEE80211W */
616 #ifdef CONFIG_SAE
617 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
618 selector = RSN_AUTH_KEY_MGMT_SAE;
619 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
620 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
621 #endif /* CONFIG_SAE */
622 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
623 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
624 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
625 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
626 #ifdef CONFIG_OWE
627 else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
628 selector = RSN_AUTH_KEY_MGMT_OWE;
629 #endif /* CONFIG_OWE */
630 #ifdef CONFIG_DPP
631 else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
632 selector = RSN_AUTH_KEY_MGMT_DPP;
633 #endif /* CONFIG_DPP */
634 #ifdef CONFIG_HS20
635 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
636 selector = RSN_AUTH_KEY_MGMT_OSEN;
637 #endif /* CONFIG_HS20 */
638 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
639
640 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
641 data.pairwise_cipher);
642 if (!selector)
643 selector = RSN_CIPHER_SUITE_CCMP;
644 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
645
646 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
647 data.group_cipher);
648 if (!selector)
649 selector = RSN_CIPHER_SUITE_CCMP;
650 wpa_auth->dot11RSNAGroupCipherSelected = selector;
651 } else {
652 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
653
654 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
655 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
656 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
657 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
658 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
659 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
660
661 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
662 data.pairwise_cipher);
663 if (!selector)
664 selector = RSN_CIPHER_SUITE_TKIP;
665 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
666
667 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
668 data.group_cipher);
669 if (!selector)
670 selector = WPA_CIPHER_SUITE_TKIP;
671 wpa_auth->dot11RSNAGroupCipherSelected = selector;
672 }
673 if (res) {
674 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
675 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
676 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
677 return WPA_INVALID_IE;
678 }
679
680 if (data.group_cipher != wpa_auth->conf.wpa_group) {
681 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
682 MACSTR, data.group_cipher, MAC2STR(sm->addr));
683 return WPA_INVALID_GROUP;
684 }
685
686 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
687 if (!key_mgmt) {
688 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
689 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
690 return WPA_INVALID_AKMP;
691 }
692 if (0) {
693 }
694 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
695 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
696 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
697 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
698 #ifdef CONFIG_FILS
699 #ifdef CONFIG_IEEE80211R_AP
700 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
701 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
702 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
703 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
704 #endif /* CONFIG_IEEE80211R_AP */
705 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
706 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
707 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
708 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
709 #endif /* CONFIG_FILS */
710 #ifdef CONFIG_IEEE80211R_AP
711 #ifdef CONFIG_SHA384
712 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
713 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
714 #endif /* CONFIG_SHA384 */
715 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
716 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
717 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
718 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
719 #endif /* CONFIG_IEEE80211R_AP */
720 #ifdef CONFIG_IEEE80211W
721 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
722 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
723 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
724 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
725 #endif /* CONFIG_IEEE80211W */
726 #ifdef CONFIG_SAE
727 else if (key_mgmt & WPA_KEY_MGMT_SAE)
728 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
729 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
730 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
731 #endif /* CONFIG_SAE */
732 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
733 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
734 #ifdef CONFIG_OWE
735 else if (key_mgmt & WPA_KEY_MGMT_OWE)
736 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
737 #endif /* CONFIG_OWE */
738 #ifdef CONFIG_DPP
739 else if (key_mgmt & WPA_KEY_MGMT_DPP)
740 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
741 #endif /* CONFIG_DPP */
742 #ifdef CONFIG_HS20
743 else if (key_mgmt & WPA_KEY_MGMT_OSEN)
744 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
745 #endif /* CONFIG_HS20 */
746 else
747 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
748
749 if (version == WPA_PROTO_RSN)
750 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
751 else
752 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
753 if (!ciphers) {
754 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
755 "from " MACSTR,
756 version == WPA_PROTO_RSN ? "RSN" : "WPA",
757 data.pairwise_cipher, MAC2STR(sm->addr));
758 return WPA_INVALID_PAIRWISE;
759 }
760
761 #ifdef CONFIG_IEEE80211W
762 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
763 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
764 wpa_printf(MSG_DEBUG, "Management frame protection "
765 "required, but client did not enable it");
766 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
767 }
768
769 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
770 {
771 wpa_printf(MSG_DEBUG, "Unsupported management group "
772 "cipher %d", data.mgmt_group_cipher);
773 return WPA_INVALID_MGMT_GROUP_CIPHER;
774 }
775 }
776
777 #ifdef CONFIG_SAE
778 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
779 wpa_auth->conf.sae_require_mfp &&
780 wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
781 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
782 wpa_printf(MSG_DEBUG,
783 "Management frame protection required with SAE, but client did not enable it");
784 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
785 }
786 #endif /* CONFIG_SAE */
787
788 #ifdef CONFIG_OCV
789 if ((data.capabilities & WPA_CAPABILITY_OCVC) &&
790 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
791 wpa_printf(MSG_DEBUG,
792 "Management frame protection required with OCV, but client did not enable it");
793 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
794 }
795 wpa_auth_set_ocv(sm, wpa_auth->conf.ocv &&
796 (data.capabilities & WPA_CAPABILITY_OCVC));
797 #endif /* CONFIG_OCV */
798
799 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
800 !(data.capabilities & WPA_CAPABILITY_MFPC))
801 sm->mgmt_frame_prot = 0;
802 else
803 sm->mgmt_frame_prot = 1;
804
805 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
806 wpa_printf(MSG_DEBUG,
807 "Management frame protection cannot use TKIP");
808 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
809 }
810 #endif /* CONFIG_IEEE80211W */
811
812 #ifdef CONFIG_IEEE80211R_AP
813 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
814 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
815 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
816 "MDIE not included");
817 return WPA_INVALID_MDIE;
818 }
819 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
820 MOBILITY_DOMAIN_ID_LEN) != 0) {
821 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
822 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
823 return WPA_INVALID_MDIE;
824 }
825 } else if (mdie != NULL) {
826 wpa_printf(MSG_DEBUG,
827 "RSN: Trying to use non-FT AKM suite, but MDIE included");
828 return WPA_INVALID_AKMP;
829 }
830 #endif /* CONFIG_IEEE80211R_AP */
831
832 #ifdef CONFIG_OWE
833 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
834 wpa_printf(MSG_DEBUG,
835 "OWE: No Diffie-Hellman Parameter element");
836 return WPA_INVALID_AKMP;
837 }
838 #ifdef CONFIG_DPP
839 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
840 /* Diffie-Hellman Parameter element can be used with DPP as
841 * well, so allow this to proceed. */
842 } else
843 #endif /* CONFIG_DPP */
844 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
845 wpa_printf(MSG_DEBUG,
846 "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");
847 return WPA_INVALID_AKMP;
848 }
849 #endif /* CONFIG_OWE */
850
851 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
852 if (sm->pairwise < 0)
853 return WPA_INVALID_PAIRWISE;
854
855 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
856 if (wpa_ie[0] == WLAN_EID_RSN)
857 sm->wpa = WPA_VERSION_WPA2;
858 else
859 sm->wpa = WPA_VERSION_WPA;
860
861 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
862 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
863 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
864 (sm->auth_alg == WLAN_AUTH_FILS_SK ||
865 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
866 sm->auth_alg == WLAN_AUTH_FILS_PK) &&
867 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
868 os_memcmp_const(data.pmkid, sm->pmk_r1_name,
869 WPA_PMK_NAME_LEN) != 0)) {
870 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
871 "No PMKR1Name match for FILS+FT");
872 return WPA_INVALID_PMKID;
873 }
874 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
875
876 sm->pmksa = NULL;
877 for (i = 0; i < data.num_pmkid; i++) {
878 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
879 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
880 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
881 &data.pmkid[i * PMKID_LEN]);
882 if (sm->pmksa) {
883 pmkid = sm->pmksa->pmkid;
884 break;
885 }
886 }
887 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
888 i < data.num_pmkid; i++) {
889 struct wpa_auth_okc_iter_data idata;
890 idata.pmksa = NULL;
891 idata.aa = wpa_auth->addr;
892 idata.spa = sm->addr;
893 idata.pmkid = &data.pmkid[i * PMKID_LEN];
894 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
895 if (idata.pmksa) {
896 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
897 "OKC match for PMKID");
898 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
899 idata.pmksa,
900 wpa_auth->addr,
901 idata.pmkid);
902 pmkid = idata.pmkid;
903 break;
904 }
905 }
906 if (sm->pmksa && pmkid) {
907 struct vlan_description *vlan;
908
909 vlan = sm->pmksa->vlan_desc;
910 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
911 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
912 sm->pmksa->eap_type_authsrv,
913 vlan ? vlan->untagged : 0,
914 (vlan && vlan->tagged[0]) ? "+" : "");
915 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
916 }
917
918 #ifdef CONFIG_SAE
919 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
920 !sm->pmksa) {
921 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
922 "No PMKSA cache entry found for SAE");
923 return WPA_INVALID_PMKID;
924 }
925 #endif /* CONFIG_SAE */
926
927 #ifdef CONFIG_DPP
928 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
929 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
930 "No PMKSA cache entry found for DPP");
931 return WPA_INVALID_PMKID;
932 }
933 #endif /* CONFIG_DPP */
934
935 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
936 os_free(sm->wpa_ie);
937 sm->wpa_ie = os_malloc(wpa_ie_len);
938 if (sm->wpa_ie == NULL)
939 return WPA_ALLOC_FAIL;
940 }
941 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
942 sm->wpa_ie_len = wpa_ie_len;
943
944 return WPA_IE_OK;
945 }
946
947
948 #ifdef CONFIG_HS20
wpa_validate_osen(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * osen_ie,size_t osen_ie_len)949 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
950 struct wpa_state_machine *sm,
951 const u8 *osen_ie, size_t osen_ie_len)
952 {
953 if (wpa_auth == NULL || sm == NULL)
954 return -1;
955
956 /* TODO: parse OSEN element */
957 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
958 sm->mgmt_frame_prot = 1;
959 sm->pairwise = WPA_CIPHER_CCMP;
960 sm->wpa = WPA_VERSION_WPA2;
961
962 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
963 os_free(sm->wpa_ie);
964 sm->wpa_ie = os_malloc(osen_ie_len);
965 if (sm->wpa_ie == NULL)
966 return -1;
967 }
968
969 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
970 sm->wpa_ie_len = osen_ie_len;
971
972 return 0;
973 }
974
975 #endif /* CONFIG_HS20 */
976
977
978 /**
979 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
980 * @pos: Pointer to the IE header
981 * @end: Pointer to the end of the Key Data buffer
982 * @ie: Pointer to parsed IE data
983 * Returns: 0 on success, 1 if end mark is found, -1 on failure
984 */
wpa_parse_generic(const u8 * pos,const u8 * end,struct wpa_eapol_ie_parse * ie)985 static int wpa_parse_generic(const u8 *pos, const u8 *end,
986 struct wpa_eapol_ie_parse *ie)
987 {
988 if (pos[1] == 0)
989 return 1;
990
991 if (pos[1] >= 6 &&
992 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
993 pos[2 + WPA_SELECTOR_LEN] == 1 &&
994 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
995 ie->wpa_ie = pos;
996 ie->wpa_ie_len = pos[1] + 2;
997 return 0;
998 }
999
1000 if (pos[1] >= 4 && WPA_GET_BE32(pos + 2) == OSEN_IE_VENDOR_TYPE) {
1001 ie->osen = pos;
1002 ie->osen_len = pos[1] + 2;
1003 return 0;
1004 }
1005
1006 if (1 + RSN_SELECTOR_LEN < end - pos &&
1007 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
1008 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
1009 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
1010 return 0;
1011 }
1012
1013 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1014 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
1015 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
1016 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
1017 return 0;
1018 }
1019
1020 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1021 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
1022 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
1023 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
1024 return 0;
1025 }
1026
1027 #ifdef CONFIG_IEEE80211W
1028 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1029 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
1030 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
1031 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
1032 return 0;
1033 }
1034 #endif /* CONFIG_IEEE80211W */
1035
1036 #ifdef CONFIG_P2P
1037 if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
1038 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
1039 ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
1040 wpa_hexdump(MSG_DEBUG, "WPA: IP Address Request in EAPOL-Key",
1041 ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
1042 return 0;
1043 }
1044
1045 if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
1046 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
1047 ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
1048 wpa_hexdump(MSG_DEBUG,
1049 "WPA: IP Address Allocation in EAPOL-Key",
1050 ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
1051 return 0;
1052 }
1053 #endif /* CONFIG_P2P */
1054
1055 #ifdef CONFIG_OCV
1056 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
1057 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) {
1058 ie->oci = pos + 2 + RSN_SELECTOR_LEN;
1059 ie->oci_len = pos[1] - RSN_SELECTOR_LEN;
1060 return 0;
1061 }
1062 #endif /* CONFIG_OCV */
1063
1064 return 0;
1065 }
1066
1067
1068 /**
1069 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
1070 * @buf: Pointer to the Key Data buffer
1071 * @len: Key Data Length
1072 * @ie: Pointer to parsed IE data
1073 * Returns: 0 on success, -1 on failure
1074 */
wpa_parse_kde_ies(const u8 * buf,size_t len,struct wpa_eapol_ie_parse * ie)1075 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
1076 {
1077 const u8 *pos, *end;
1078 int ret = 0;
1079
1080 os_memset(ie, 0, sizeof(*ie));
1081 for (pos = buf, end = pos + len; end - pos > 1; pos += 2 + pos[1]) {
1082 if (pos[0] == 0xdd &&
1083 ((pos == buf + len - 1) || pos[1] == 0)) {
1084 /* Ignore padding */
1085 break;
1086 }
1087 if (2 + pos[1] > end - pos) {
1088 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
1089 "underflow (ie=%d len=%d pos=%d)",
1090 pos[0], pos[1], (int) (pos - buf));
1091 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
1092 buf, len);
1093 ret = -1;
1094 break;
1095 }
1096 if (*pos == WLAN_EID_RSN) {
1097 ie->rsn_ie = pos;
1098 ie->rsn_ie_len = pos[1] + 2;
1099 #ifdef CONFIG_IEEE80211R_AP
1100 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
1101 ie->mdie = pos;
1102 ie->mdie_len = pos[1] + 2;
1103 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
1104 ie->ftie = pos;
1105 ie->ftie_len = pos[1] + 2;
1106 #endif /* CONFIG_IEEE80211R_AP */
1107 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
1108 ret = wpa_parse_generic(pos, end, ie);
1109 if (ret < 0)
1110 break;
1111 if (ret > 0) {
1112 ret = 0;
1113 break;
1114 }
1115 } else {
1116 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
1117 "Key Data IE", pos, 2 + pos[1]);
1118 }
1119 }
1120
1121 return ret;
1122 }
1123
1124
wpa_auth_uses_mfp(struct wpa_state_machine * sm)1125 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
1126 {
1127 return sm ? sm->mgmt_frame_prot : 0;
1128 }
1129
1130
1131 #ifdef CONFIG_OCV
1132
wpa_auth_set_ocv(struct wpa_state_machine * sm,int ocv)1133 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
1134 {
1135 if (sm)
1136 sm->ocv_enabled = ocv;
1137 }
1138
1139
wpa_auth_uses_ocv(struct wpa_state_machine * sm)1140 int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
1141 {
1142 return sm ? sm->ocv_enabled : 0;
1143 }
1144
1145 #endif /* CONFIG_OCV */
1146
1147
1148 #ifdef CONFIG_OWE
wpa_auth_write_assoc_resp_owe(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1149 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
1150 u8 *pos, size_t max_len,
1151 const u8 *req_ies, size_t req_ies_len)
1152 {
1153 int res;
1154 struct wpa_auth_config *conf;
1155
1156 if (!sm)
1157 return pos;
1158 conf = &sm->wpa_auth->conf;
1159
1160 #ifdef CONFIG_TESTING_OPTIONS
1161 if (conf->own_ie_override_len) {
1162 if (max_len < conf->own_ie_override_len)
1163 return NULL;
1164 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
1165 conf->own_ie_override, conf->own_ie_override_len);
1166 os_memcpy(pos, conf->own_ie_override,
1167 conf->own_ie_override_len);
1168 return pos + conf->own_ie_override_len;
1169 }
1170 #endif /* CONFIG_TESTING_OPTIONS */
1171
1172 res = wpa_write_rsn_ie(conf, pos, max_len,
1173 sm->pmksa ? sm->pmksa->pmkid : NULL);
1174 if (res < 0)
1175 return pos;
1176 return pos + res;
1177 }
1178 #endif /* CONFIG_OWE */
1179
1180
1181 #ifdef CONFIG_FILS
wpa_auth_write_assoc_resp_fils(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1182 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
1183 u8 *pos, size_t max_len,
1184 const u8 *req_ies, size_t req_ies_len)
1185 {
1186 int res;
1187
1188 if (!sm ||
1189 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
1190 WPA_KEY_MGMT_FT_FILS_SHA384))
1191 return pos;
1192
1193 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
1194 if (res < 0)
1195 return pos;
1196 return pos + res;
1197 }
1198 #endif /* CONFIG_FILS */
1199