1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
16 #include "wpa_auth.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
20
21
22 #ifdef CONFIG_RSN_TESTING
23 int rsn_testing = 0;
24 #endif /* CONFIG_RSN_TESTING */
25
26
wpa_write_wpa_ie(struct wpa_auth_config * conf,u8 * buf,size_t len)27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
28 {
29 struct wpa_ie_hdr *hdr;
30 int num_suites;
31 u8 *pos, *count;
32 u32 suite;
33
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
39
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
41 if (suite == 0) {
42 wpa_warning_log1(MSG_DEBUG, "Invalid group cipher (%d).",
43 conf->wpa_group);
44 return -1;
45 }
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
48
49 count = pos;
50 pos += 2;
51
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_warning_log1(MSG_DEBUG, "Invalid pairwise cipher (%d).",
55 conf->wpa_pairwise);
56 return -1;
57 }
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
60
61 num_suites = 0;
62 count = pos;
63 pos += 2;
64
65 #ifndef EXT_WPA_KEY_MGMT_CROP
66 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
67 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
68 pos += WPA_SELECTOR_LEN;
69 num_suites++;
70 }
71 #endif /* EXT_WPA_KEY_MGMY_CROP */
72 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
73 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
74 pos += WPA_SELECTOR_LEN;
75 num_suites++;
76 }
77
78 if (num_suites == 0) {
79 wpa_warning_log1(MSG_DEBUG, "Invalid key management type (%d).",
80 conf->wpa_key_mgmt);
81 return -1;
82 }
83 WPA_PUT_LE16(count, num_suites);
84
85 /* WPA Capabilities; use defaults, so no need to include it */
86
87 hdr->len = (pos - buf) - 2;
88
89 return pos - buf;
90 }
91
92
wpa_own_rsn_capab(struct wpa_auth_config * conf)93 static u16 wpa_own_rsn_capab(struct wpa_auth_config *conf)
94 {
95 u16 capab = 0;
96
97 if (conf->rsn_preauth)
98 capab |= WPA_CAPABILITY_PREAUTH;
99 if (conf->wmm_enabled) {
100 /* 4 PTKSA replay counters when using WMM */
101 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
102 }
103 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
104 capab |= WPA_CAPABILITY_MFPC;
105 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
106 capab |= WPA_CAPABILITY_MFPR;
107 }
108 #ifdef CONFIG_OCV
109 if (conf->ocv)
110 capab |= WPA_CAPABILITY_OCVC;
111 #endif /* CONFIG_OCV */
112 #ifdef CONFIG_RSN_TESTING
113 if (rsn_testing)
114 capab |= BIT(8) | BIT(15);
115 #endif /* CONFIG_RSN_TESTING */
116 if (conf->extended_key_id)
117 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
118
119 return capab;
120 }
121
122
wpa_write_rsn_ie(struct wpa_auth_config * conf,u8 * buf,size_t len,const u8 * pmkid)123 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
124 const u8 *pmkid)
125 {
126 struct rsn_ie_hdr *hdr;
127 int num_suites, res;
128 u8 *pos, *count;
129 u32 suite;
130
131 hdr = (struct rsn_ie_hdr *) buf;
132 hdr->elem_id = WLAN_EID_RSN;
133 WPA_PUT_LE16(hdr->version, RSN_VERSION);
134 pos = (u8 *) (hdr + 1);
135
136 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
137 if (suite == 0) {
138 wpa_warning_log1(MSG_DEBUG, "Invalid group cipher (%d).",
139 conf->wpa_group);
140 return -1;
141 }
142 RSN_SELECTOR_PUT(pos, suite);
143 pos += RSN_SELECTOR_LEN;
144
145 num_suites = 0;
146 count = pos;
147 pos += 2;
148
149 #ifdef CONFIG_RSN_TESTING
150 if (rsn_testing) {
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
153 num_suites++;
154 }
155 #endif /* CONFIG_RSN_TESTING */
156
157 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
158 num_suites += res;
159 pos += res * RSN_SELECTOR_LEN;
160
161 #ifdef CONFIG_RSN_TESTING
162 if (rsn_testing) {
163 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
164 pos += RSN_SELECTOR_LEN;
165 num_suites++;
166 }
167 #endif /* CONFIG_RSN_TESTING */
168
169 if (num_suites == 0) {
170 wpa_warning_log1(MSG_DEBUG, "Invalid pairwise cipher (%d).",
171 conf->rsn_pairwise);
172 return -1;
173 }
174 WPA_PUT_LE16(count, num_suites);
175
176 num_suites = 0;
177 count = pos;
178 pos += 2;
179
180 #ifdef CONFIG_RSN_TESTING
181 if (rsn_testing) {
182 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
183 pos += RSN_SELECTOR_LEN;
184 num_suites++;
185 }
186 #endif /* CONFIG_RSN_TESTING */
187 #ifndef EXT_WPA_KEY_MGMT_CROP
188 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
189 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
190 pos += RSN_SELECTOR_LEN;
191 num_suites++;
192 }
193 #endif /* EXT_WPA_KEY_MGMT_CROP */
194 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
195 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
196 pos += RSN_SELECTOR_LEN;
197 num_suites++;
198 }
199 #ifdef CONFIG_IEEE80211R_AP
200 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
201 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
202 pos += RSN_SELECTOR_LEN;
203 num_suites++;
204 }
205 #ifdef CONFIG_SHA384
206 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
207 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
208 pos += RSN_SELECTOR_LEN;
209 num_suites++;
210 }
211 #endif /* CONFIG_SHA384 */
212 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
213 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
214 pos += RSN_SELECTOR_LEN;
215 num_suites++;
216 }
217 #endif /* CONFIG_IEEE80211R_AP */
218 #ifndef EXT_WPA_KEY_MGMT_CROP
219 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
220 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
221 pos += RSN_SELECTOR_LEN;
222 num_suites++;
223 }
224 #endif /* EXT_WPA_KEY_MGMT_CROP */
225 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
226 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
227 pos += RSN_SELECTOR_LEN;
228 num_suites++;
229 }
230 #ifdef CONFIG_SAE
231 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
232 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
233 pos += RSN_SELECTOR_LEN;
234 num_suites++;
235 }
236 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
237 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
238 pos += RSN_SELECTOR_LEN;
239 num_suites++;
240 }
241 #endif /* CONFIG_SAE */
242 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
243 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
244 pos += RSN_SELECTOR_LEN;
245 num_suites++;
246 }
247 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
248 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
249 pos += RSN_SELECTOR_LEN;
250 num_suites++;
251 }
252 #ifdef CONFIG_FILS
253 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
254 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
255 pos += RSN_SELECTOR_LEN;
256 num_suites++;
257 }
258 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
259 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
260 pos += RSN_SELECTOR_LEN;
261 num_suites++;
262 }
263 #ifdef CONFIG_IEEE80211R_AP
264 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
265 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
266 pos += RSN_SELECTOR_LEN;
267 num_suites++;
268 }
269 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
270 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
271 pos += RSN_SELECTOR_LEN;
272 num_suites++;
273 }
274 #endif /* CONFIG_IEEE80211R_AP */
275 #endif /* CONFIG_FILS */
276 #ifdef CONFIG_OWE
277 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
278 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
279 pos += RSN_SELECTOR_LEN;
280 num_suites++;
281 }
282 #endif /* CONFIG_OWE */
283 #ifdef CONFIG_DPP
284 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
285 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
286 pos += RSN_SELECTOR_LEN;
287 num_suites++;
288 }
289 #endif /* CONFIG_DPP */
290 #ifdef CONFIG_HS20
291 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
292 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
293 pos += RSN_SELECTOR_LEN;
294 num_suites++;
295 }
296 #endif /* CONFIG_HS20 */
297 #ifdef CONFIG_PASN
298 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) {
299 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN);
300 pos += RSN_SELECTOR_LEN;
301 num_suites++;
302 }
303 #endif /* CONFIG_PASN */
304
305 #ifdef CONFIG_RSN_TESTING
306 if (rsn_testing) {
307 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
308 pos += RSN_SELECTOR_LEN;
309 num_suites++;
310 }
311 #endif /* CONFIG_RSN_TESTING */
312
313 if (num_suites == 0) {
314 #ifndef CONFIG_PRINT_NOUSE
315 wpa_warning_log1(MSG_DEBUG, "Invalid key management type (%d).",
316 conf->wpa_key_mgmt);
317 #endif /* CONFIG_PRINT_NOUSE */
318 return -1;
319 }
320 WPA_PUT_LE16(count, num_suites);
321
322 /* RSN Capabilities */
323 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf));
324 pos += 2;
325
326 if (pmkid) {
327 if (2 + PMKID_LEN > buf + len - pos)
328 return -1;
329 /* PMKID Count */
330 WPA_PUT_LE16(pos, 1);
331 pos += 2;
332 os_memcpy(pos, pmkid, PMKID_LEN);
333 pos += PMKID_LEN;
334 }
335
336 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
337 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
338 if (2 + 4 > buf + len - pos)
339 return -1;
340 if (pmkid == NULL) {
341 /* PMKID Count */
342 WPA_PUT_LE16(pos, 0);
343 pos += 2;
344 }
345
346 /* Management Group Cipher Suite */
347 switch (conf->group_mgmt_cipher) {
348 case WPA_CIPHER_AES_128_CMAC:
349 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
350 break;
351 case WPA_CIPHER_BIP_GMAC_128:
352 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
353 break;
354 case WPA_CIPHER_BIP_GMAC_256:
355 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
356 break;
357 case WPA_CIPHER_BIP_CMAC_256:
358 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
359 break;
360 default:
361 wpa_warning_log1(MSG_DEBUG,
362 "Invalid group management cipher (0x%x)",
363 conf->group_mgmt_cipher);
364 return -1;
365 }
366 pos += RSN_SELECTOR_LEN;
367 }
368
369 #ifdef CONFIG_RSN_TESTING
370 if (rsn_testing) {
371 /*
372 * Fill in any defined fields and add extra data to the end of
373 * the element.
374 */
375 int pmkid_count_set = pmkid != NULL;
376 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
377 pmkid_count_set = 1;
378 /* PMKID Count */
379 WPA_PUT_LE16(pos, 0);
380 pos += 2;
381 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
382 /* Management Group Cipher Suite */
383 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
384 pos += RSN_SELECTOR_LEN;
385 }
386
387 os_memset(pos, 0x12, 17);
388 pos += 17;
389 }
390 #endif /* CONFIG_RSN_TESTING */
391
392 hdr->len = (pos - buf) - 2;
393
394 return pos - buf;
395 }
396
397
wpa_write_rsnxe(struct wpa_auth_config * conf,u8 * buf,size_t len)398 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
399 {
400 u8 *pos = buf;
401 u16 capab = 0;
402 size_t flen;
403
404 if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) &&
405 (conf->sae_pwe == 1 || conf->sae_pwe == 2 || conf->sae_pk)) {
406 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
407 #ifdef CONFIG_SAE_PK
408 if (conf->sae_pk)
409 capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
410 #endif /* CONFIG_SAE_PK */
411 }
412
413 if (conf->secure_ltf)
414 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
415 if (conf->secure_rtt)
416 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
417 if (conf->prot_range_neg)
418 capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
419
420 flen = (capab & 0xff00) ? 2 : 1;
421 if (!capab)
422 return 0; /* no supported extended RSN capabilities */
423 if (len < 2 + flen)
424 return -1;
425 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
426
427 *pos++ = WLAN_EID_RSNX;
428 *pos++ = flen;
429 *pos++ = capab & 0x00ff;
430 capab >>= 8;
431 if (capab)
432 *pos++ = capab;
433
434 return pos - buf;
435 }
436
437 #ifndef EXT_CODE_CROP
wpa_write_osen(struct wpa_auth_config * conf,u8 * eid)438 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
439 {
440 u8 *len;
441 u16 capab;
442
443 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
444 len = eid++; /* to be filled */
445 WPA_PUT_BE24(eid, OUI_WFA);
446 eid += 3;
447 *eid++ = HS20_OSEN_OUI_TYPE;
448
449 /* Group Data Cipher Suite */
450 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
451 eid += RSN_SELECTOR_LEN;
452
453 /* Pairwise Cipher Suite Count and List */
454 WPA_PUT_LE16(eid, 1);
455 eid += 2;
456 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
457 eid += RSN_SELECTOR_LEN;
458
459 /* AKM Suite Count and List */
460 WPA_PUT_LE16(eid, 1);
461 eid += 2;
462 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
463 eid += RSN_SELECTOR_LEN;
464
465 /* RSN Capabilities */
466 capab = 0;
467 if (conf->wmm_enabled) {
468 /* 4 PTKSA replay counters when using WMM */
469 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
470 }
471 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
472 capab |= WPA_CAPABILITY_MFPC;
473 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
474 capab |= WPA_CAPABILITY_MFPR;
475 }
476 #ifdef CONFIG_OCV
477 if (conf->ocv)
478 capab |= WPA_CAPABILITY_OCVC;
479 #endif /* CONFIG_OCV */
480 WPA_PUT_LE16(eid, capab);
481 eid += 2;
482
483 *len = eid - len - 1;
484
485 return eid;
486 }
487
488 #endif /* EXT_CODE_CROP */
wpa_auth_gen_wpa_ie(struct wpa_authenticator * wpa_auth)489 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
490 {
491 u8 *pos, buf[128];
492 int res;
493
494 #ifdef CONFIG_TESTING_OPTIONS
495 if (wpa_auth->conf.own_ie_override_len) {
496 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
497 wpa_auth->conf.own_ie_override,
498 wpa_auth->conf.own_ie_override_len);
499 os_free(wpa_auth->wpa_ie);
500 wpa_auth->wpa_ie =
501 os_malloc(wpa_auth->conf.own_ie_override_len);
502 if (wpa_auth->wpa_ie == NULL)
503 return -1;
504 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
505 wpa_auth->conf.own_ie_override_len);
506 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
507 return 0;
508 }
509 #endif /* CONFIG_TESTING_OPTIONS */
510
511 pos = buf;
512
513 #ifndef EXT_CODE_CROP
514 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
515 pos = wpa_write_osen(&wpa_auth->conf, pos);
516 }
517 #endif /* EXT_CODE_CROP */
518 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
519 res = wpa_write_rsn_ie(&wpa_auth->conf,
520 pos, buf + sizeof(buf) - pos, NULL);
521 if (res < 0)
522 return res;
523 pos += res;
524 res = wpa_write_rsnxe(&wpa_auth->conf, pos,
525 buf + sizeof(buf) - pos);
526 if (res < 0)
527 return res;
528 pos += res;
529 }
530 #ifdef CONFIG_IEEE80211R_AP
531 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
532 res = wpa_write_mdie(&wpa_auth->conf, pos,
533 buf + sizeof(buf) - pos);
534 if (res < 0)
535 return res;
536 pos += res;
537 }
538 #endif /* CONFIG_IEEE80211R_AP */
539 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
540 res = wpa_write_wpa_ie(&wpa_auth->conf,
541 pos, buf + sizeof(buf) - pos);
542 if (res < 0)
543 return res;
544 pos += res;
545 }
546
547 os_free(wpa_auth->wpa_ie);
548 wpa_auth->wpa_ie = os_malloc(pos - buf);
549 if (wpa_auth->wpa_ie == NULL)
550 return -1;
551 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
552 wpa_auth->wpa_ie_len = pos - buf;
553
554 return 0;
555 }
556
557
wpa_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len,const u8 * data2,size_t data2_len)558 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
559 const u8 *data2, size_t data2_len)
560 {
561 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
562 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
563 RSN_SELECTOR_PUT(pos, kde);
564 pos += RSN_SELECTOR_LEN;
565 os_memcpy(pos, data, data_len);
566 pos += data_len;
567 if (data2) {
568 os_memcpy(pos, data2, data2_len);
569 pos += data2_len;
570 }
571 return pos;
572 }
573
574
575 struct wpa_auth_okc_iter_data {
576 struct rsn_pmksa_cache_entry *pmksa;
577 const u8 *aa;
578 const u8 *spa;
579 const u8 *pmkid;
580 };
581
582 #ifndef EXT_CODE_CROP
wpa_auth_okc_iter(struct wpa_authenticator * a,void * ctx)583 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
584 {
585 struct wpa_auth_okc_iter_data *data = ctx;
586 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
587 data->pmkid);
588 if (data->pmksa)
589 return 1;
590 return 0;
591 }
592 #endif /* EXT_CODE_CROP */
593
594 enum wpa_validate_result
wpa_validate_wpa_ie(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,int freq,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsnxe,size_t rsnxe_len,const u8 * mdie,size_t mdie_len,const u8 * owe_dh,size_t owe_dh_len)595 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
596 #ifndef EXT_CODE_CROP
597 struct wpa_state_machine *sm, int freq,
598 #else
599 struct wpa_state_machine *sm,
600 #endif /* EXT_CODE_CROP */
601 const u8 *wpa_ie, size_t wpa_ie_len,
602 const u8 *rsnxe, size_t rsnxe_len,
603 #ifdef CONFIG_OWE
604 const u8 *mdie, size_t mdie_len,
605 const u8 *owe_dh, size_t owe_dh_len)
606 #else
607 const u8 *mdie, size_t mdie_len)
608 #endif /* CONFIG_OWE */
609 {
610 struct wpa_auth_config *conf = &wpa_auth->conf;
611 struct wpa_ie_data data;
612 int ciphers, key_mgmt, res, version;
613 u32 selector;
614 #if defined(CONFIG_HOSTAPD_WPA3) && defined(CONFIG_HOSTAPD_WPA3_PMKSA)
615 size_t i;
616 #endif /* CONFIG_HOSTAPD_WPA3 && CONFIG_HOSTAPD_WPA3_PMKSA */
617 #ifndef LOS_CONFIG_HOSTAPD_PMKSA_CROP
618 const u8 *pmkid = NULL;
619 #endif /* LOS_CONFIG_HOSTAPD_PMKSA_CROP */
620
621 if (wpa_auth == NULL || sm == NULL)
622 return WPA_NOT_ENABLED;
623
624 if (wpa_ie == NULL || wpa_ie_len < 1)
625 return WPA_INVALID_IE;
626
627 if (wpa_ie[0] == WLAN_EID_RSN)
628 version = WPA_PROTO_RSN;
629 else
630 version = WPA_PROTO_WPA;
631
632 if (!(wpa_auth->conf.wpa & version)) {
633 wpa_warning_log1(MSG_DEBUG, "Invalid WPA proto (%d) from ", version);
634 wpa_warning_log4(MSG_DEBUG, "%02x:xx:xx:%02x:%02x:%02x",
635 (sm->addr)[0], (sm->addr)[3], (sm->addr)[4], (sm->addr)[5]);
636 return WPA_INVALID_PROTO;
637 }
638
639 if (version == WPA_PROTO_RSN) {
640 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
641 #ifndef EXT_CODE_CROP
642 if (!data.has_pairwise)
643 data.pairwise_cipher = wpa_default_rsn_cipher(freq);
644 if (!data.has_group)
645 data.group_cipher = wpa_default_rsn_cipher(freq);
646 #else
647 if (!data.has_pairwise)
648 data.pairwise_cipher = WPA_CIPHER_CCMP;
649 if (!data.has_group)
650 data.group_cipher = WPA_CIPHER_CCMP;
651 #endif /* EXT_CODE_CROP */
652 #ifndef EXT_WPA_KEY_MGMT_CROP
653 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
654 !wpa_key_mgmt_only_ft(data.key_mgmt)) {
655 /* Workaround for some HP and Epson printers that seem
656 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
657 * advertised RSNE to Association Request frame. */
658 wpa_printf(MSG_DEBUG,
659 "RSN: FT set in RSNE AKM but MDE is missing from "
660 MACSTR
661 " - ignore FT AKM(s) because there's also a non-FT AKM",
662 MAC2STR(sm->addr));
663 data.key_mgmt &= ~WPA_KEY_MGMT_FT;
664 }
665 #endif /* EXT_WPA_KEY_MGMT_CROP */
666
667 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
668 if (0) {
669 }
670 #ifdef CONFIG_SUITEB192
671 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
672 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
673 #endif /* CONFIG_SUITEB192 */
674 #ifdef CONFIG_SUITEB
675 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
676 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
677 #endif /* CONFIG_SUITEB */
678 #ifdef CONFIG_FILS
679 #ifdef CONFIG_IEEE80211R_AP
680 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
681 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
682 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
683 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
684 #endif /* CONFIG_IEEE80211R_AP */
685 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
686 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
687 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
688 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
689 #endif /* CONFIG_FILS */
690 #ifdef CONFIG_IEEE80211R_AP
691 #ifdef CONFIG_SHA384
692 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
693 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
694 #endif /* CONFIG_SHA384 */
695 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
696 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
697 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
698 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
699 #endif /* CONFIG_IEEE80211R_AP */
700 #ifndef EXT_WPA_KEY_MGMT_CROP
701 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
702 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
703 #endif /* EXT_WPA_KEY_MGMT_CROP */
704 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
705 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
706 #ifdef CONFIG_SAE
707 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
708 selector = RSN_AUTH_KEY_MGMT_SAE;
709 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
710 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
711 #endif /* CONFIG_SAE */
712 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
713 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
714 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
715 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
716 #ifdef CONFIG_OWE
717 else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
718 selector = RSN_AUTH_KEY_MGMT_OWE;
719 #endif /* CONFIG_OWE */
720 #ifdef CONFIG_DPP
721 else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
722 selector = RSN_AUTH_KEY_MGMT_DPP;
723 #endif /* CONFIG_DPP */
724 #ifdef CONFIG_HS20
725 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
726 selector = RSN_AUTH_KEY_MGMT_OSEN;
727 #endif /* CONFIG_HS20 */
728 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
729
730 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
731 data.pairwise_cipher);
732 if (!selector)
733 selector = RSN_CIPHER_SUITE_CCMP;
734 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
735
736 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
737 data.group_cipher);
738 if (!selector)
739 selector = RSN_CIPHER_SUITE_CCMP;
740 wpa_auth->dot11RSNAGroupCipherSelected = selector;
741 } else {
742 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
743
744 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
745 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
746 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
747 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
748 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
749 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
750
751 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
752 data.pairwise_cipher);
753 if (!selector)
754 selector = RSN_CIPHER_SUITE_TKIP;
755 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
756
757 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
758 data.group_cipher);
759 if (!selector)
760 selector = WPA_CIPHER_SUITE_TKIP;
761 wpa_auth->dot11RSNAGroupCipherSelected = selector;
762 }
763 if (res) {
764 wpa_warning_log4(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
765 "%02x:xx:xx:%02x:%02x:%02x", (sm->addr)[0], (sm->addr)[3], (sm->addr)[4], (sm->addr)[5]);
766 wpa_warning_log1(MSG_DEBUG, "Failed to parse WPA/RSN IE from "" (res=%d)", res);
767 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
768 return WPA_INVALID_IE;
769 }
770
771 if (data.group_cipher != wpa_auth->conf.wpa_group) {
772 wpa_warning_log1(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from ", data.group_cipher);
773 wpa_warning_log4(MSG_DEBUG, "%02x:xx:xx:%02x:%02x:%02x", (sm->addr)[0], (sm->addr)[3], (sm->addr)[4], (sm->addr)[5]);
774 return WPA_INVALID_GROUP;
775 }
776
777 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
778 if (!key_mgmt) {
779 wpa_warning_log1(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from ", data.key_mgmt);
780 wpa_warning_log4(MSG_DEBUG, "%02x:xx:xx:%02x:%02x:%02x", (sm->addr)[0], (sm->addr)[3], (sm->addr)[4], (sm->addr)[5]);
781 return WPA_INVALID_AKMP;
782 }
783 if (0) {
784 }
785 #ifdef CONFIG_SUITEB192
786 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
787 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
788 #endif /* CONFIG_SUITEB192 */
789 #ifdef CONFIG_SUITEB
790 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
791 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
792 #endif /* CONFIG_SUITEB */
793 #ifdef CONFIG_FILS
794 #ifdef CONFIG_IEEE80211R_AP
795 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
796 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
797 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
798 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
799 #endif /* CONFIG_IEEE80211R_AP */
800 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
801 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
802 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
803 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
804 #endif /* CONFIG_FILS */
805 #ifdef CONFIG_IEEE80211R_AP
806 #ifdef CONFIG_SHA384
807 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
808 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
809 #endif /* CONFIG_SHA384 */
810 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
811 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
812 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
813 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
814 #endif /* CONFIG_IEEE80211R_AP */
815 #ifndef EXT_WPA_KEY_MGMT_CROP
816 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
817 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
818 #endif /* EXT_WPA_KEY_MGMT_CROP */
819 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
820 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
821 #ifdef CONFIG_SAE
822 else if (key_mgmt & WPA_KEY_MGMT_SAE)
823 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
824 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
825 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
826 #endif /* CONFIG_SAE */
827 #ifndef EXT_WPA_KEY_MGMT_CROP
828 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
829 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
830 #endif /* EXT_WPA_KEY_MGMT_CROP */
831 #ifdef CONFIG_OWE
832 else if (key_mgmt & WPA_KEY_MGMT_OWE)
833 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
834 #endif /* CONFIG_OWE */
835 #ifdef CONFIG_DPP
836 else if (key_mgmt & WPA_KEY_MGMT_DPP)
837 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
838 #endif /* CONFIG_DPP */
839 #ifdef CONFIG_HS20
840 else if (key_mgmt & WPA_KEY_MGMT_OSEN)
841 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
842 #endif /* CONFIG_HS20 */
843 else
844 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
845
846 if (version == WPA_PROTO_RSN)
847 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
848 else
849 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
850 if (!ciphers) {
851 wpa_warning_buf(MSG_DEBUG, "Invalid %s pairwise",
852 version == WPA_PROTO_RSN ? "RSN" : "WPA",
853 version == WPA_PROTO_RSN ? strlen("RSN") : strlen("WPA"));
854 wpa_warning_log1(MSG_DEBUG, "cipher (0x%x) ", data.pairwise_cipher);
855 wpa_warning_log4(MSG_DEBUG, "from " "%02x:xx:xx:%02x:%02x:%02x",
856 (sm->addr)[0], (sm->addr)[3], (sm->addr)[4], (sm->addr)[5]);
857 return WPA_INVALID_PAIRWISE;
858 }
859
860 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
861 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
862 wpa_warning_log0(MSG_DEBUG, "Management frame protection "
863 "required, but client did not enable it");
864 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
865 }
866
867 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
868 {
869 wpa_warning_log1(MSG_DEBUG, "Unsupported management group "
870 "cipher %d", data.mgmt_group_cipher);
871 return WPA_INVALID_MGMT_GROUP_CIPHER;
872 }
873 }
874
875 #ifdef CONFIG_SAE
876 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
877 wpa_auth->conf.sae_require_mfp &&
878 wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
879 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
880 wpa_warning_log0(MSG_DEBUG,
881 "Management frame protection required with SAE, but client did not enable it");
882 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
883 }
884 #endif /* CONFIG_SAE */
885
886 #ifdef CONFIG_OCV
887 if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC) &&
888 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
889 /* Some legacy MFP incapable STAs wrongly copy OCVC bit from
890 * AP RSN capabilities. To improve interoperability with such
891 * legacy STAs allow connection without enabling OCV when the
892 * workaround mode (ocv=2) is enabled.
893 */
894 if (wpa_auth->conf.ocv == 2) {
895 wpa_printf(MSG_DEBUG,
896 "Allow connecting MFP incapable and OCV capable STA without enabling OCV");
897 wpa_auth_set_ocv(sm, 0);
898 } else {
899 wpa_printf(MSG_DEBUG,
900 "Management frame protection required with OCV, but client did not enable it");
901 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
902 }
903 } else {
904 wpa_auth_set_ocv(sm, (data.capabilities & WPA_CAPABILITY_OCVC) ?
905 wpa_auth->conf.ocv : 0);
906 }
907 #endif /* CONFIG_OCV */
908
909 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
910 !(data.capabilities & WPA_CAPABILITY_MFPC))
911 sm->mgmt_frame_prot = 0;
912 else
913 sm->mgmt_frame_prot = 1;
914
915 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
916 wpa_warning_log0(MSG_DEBUG,
917 "Management frame protection cannot use TKIP");
918 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
919 }
920
921 #ifdef CONFIG_IEEE80211R_AP
922 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
923 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
924 wpa_warning_log0(MSG_DEBUG, "RSN: Trying to use FT, but "
925 "MDIE not included");
926 return WPA_INVALID_MDIE;
927 }
928 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
929 MOBILITY_DOMAIN_ID_LEN) != 0) {
930 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
931 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
932 return WPA_INVALID_MDIE;
933 }
934 } else if (mdie != NULL) {
935 wpa_warning_log0(MSG_DEBUG,
936 "RSN: Trying to use non-FT AKM suite, but MDIE included");
937 return WPA_INVALID_AKMP;
938 }
939 #endif /* CONFIG_IEEE80211R_AP */
940
941 #ifdef CONFIG_OWE
942 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
943 wpa_warning_log0(MSG_DEBUG,
944 "OWE: No Diffie-Hellman Parameter element");
945 return WPA_INVALID_AKMP;
946 }
947 #endif /* CONFIG_OWE */
948
949 #ifdef CONFIG_DPP2
950 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
951 ((conf->dpp_pfs == 1 && !owe_dh) ||
952 (conf->dpp_pfs == 2 && owe_dh))) {
953 wpa_printf(MSG_DEBUG, "DPP: PFS %s",
954 conf->dpp_pfs == 1 ? "required" : "not allowed");
955 return WPA_DENIED_OTHER_REASON;
956 }
957 #endif /* CONFIG_DPP2 */
958
959 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
960 if (sm->pairwise < 0)
961 return WPA_INVALID_PAIRWISE;
962
963 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
964 if (wpa_ie[0] == WLAN_EID_RSN)
965 sm->wpa = WPA_VERSION_WPA2;
966 else
967 sm->wpa = WPA_VERSION_WPA;
968
969 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
970 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
971 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
972 (sm->auth_alg == WLAN_AUTH_FILS_SK ||
973 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
974 sm->auth_alg == WLAN_AUTH_FILS_PK) &&
975 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
976 os_memcmp_const(data.pmkid, sm->pmk_r1_name,
977 WPA_PMK_NAME_LEN) != 0)) {
978 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
979 "No PMKR1Name match for FILS+FT");
980 return WPA_INVALID_PMKID;
981 }
982 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
983 #if defined(CONFIG_HOSTAPD_WPA3) && defined(CONFIG_HOSTAPD_WPA3_PMKSA)
984 sm->pmksa = NULL;
985 for (i = 0; i < data.num_pmkid; i++) {
986 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
987 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
988 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
989 &data.pmkid[i * PMKID_LEN]);
990 #ifndef LOS_CONFIG_HOSTAPD_PMKSA_CROP
991 if (sm->pmksa) {
992 pmkid = sm->pmksa->pmkid;
993 break;
994 }
995 #endif /* LOS_CONFIG_HOSTAPD_PMKSA_CROP */
996 }
997 #endif /* CONFIG_HOSTAPD_WPA3 && CONFIG_HOSTAPD_WPA3_PMKSA */
998 #ifndef LOS_CONFIG_HOSTAPD_PMKSA_CROP
999 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
1000 i < data.num_pmkid; i++) {
1001 struct wpa_auth_okc_iter_data idata;
1002 idata.pmksa = NULL;
1003 idata.aa = wpa_auth->addr;
1004 idata.spa = sm->addr;
1005 idata.pmkid = &data.pmkid[i * PMKID_LEN];
1006 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
1007 if (idata.pmksa) {
1008 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1009 "OKC match for PMKID");
1010 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
1011 idata.pmksa,
1012 wpa_auth->addr,
1013 idata.pmkid);
1014 pmkid = idata.pmkid;
1015 break;
1016 }
1017 }
1018 if (sm->pmksa && pmkid) {
1019 #ifndef LOS_CONFIG_NO_VLAN
1020 struct vlan_description *vlan;
1021
1022 vlan = sm->pmksa->vlan_desc;
1023 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1024 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
1025 sm->pmksa->eap_type_authsrv,
1026 vlan ? vlan->untagged : 0,
1027 (vlan && vlan->tagged[0]) ? "+" : "");
1028 #endif
1029 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
1030 }
1031 #endif /* LOS_CONFIG_HOSTAPD_PMKSA_CROP */
1032 #if defined(CONFIG_HOSTAPD_WPA3) && defined(CONFIG_HOSTAPD_WPA3_PMKSA)
1033 #ifdef CONFIG_SAE
1034 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
1035 !sm->pmksa) {
1036 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1037 "No PMKSA cache entry found for SAE");
1038 return WPA_INVALID_PMKID;
1039 }
1040 #endif /* CONFIG_SAE */
1041 #endif /* CONFIG_HOSTAPD_WPA3 && CONFIG_HOSTAPD_WPA3_PMKSA */
1042
1043 #ifdef CONFIG_DPP
1044 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
1045 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1046 "No PMKSA cache entry found for DPP");
1047 return WPA_INVALID_PMKID;
1048 }
1049 #endif /* CONFIG_DPP */
1050
1051 if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 &&
1052 sm->pairwise != WPA_CIPHER_TKIP &&
1053 (data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) {
1054 sm->use_ext_key_id = true;
1055 if (conf->extended_key_id == 2 &&
1056 !wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
1057 !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
1058 sm->keyidx_active = 1;
1059 else
1060 sm->keyidx_active = 0;
1061 wpa_printf(MSG_DEBUG,
1062 "RSN: Extended Key ID supported (start with %d)",
1063 sm->keyidx_active);
1064 } else {
1065 sm->use_ext_key_id = false;
1066 }
1067
1068 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
1069 os_free(sm->wpa_ie);
1070 sm->wpa_ie = os_malloc(wpa_ie_len);
1071 if (sm->wpa_ie == NULL)
1072 return WPA_ALLOC_FAIL;
1073 }
1074 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
1075 sm->wpa_ie_len = wpa_ie_len;
1076
1077 if (rsnxe && rsnxe_len) {
1078 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
1079 os_free(sm->rsnxe);
1080 sm->rsnxe = os_malloc(rsnxe_len);
1081 if (!sm->rsnxe)
1082 return WPA_ALLOC_FAIL;
1083 }
1084 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len);
1085 sm->rsnxe_len = rsnxe_len;
1086 } else {
1087 os_free(sm->rsnxe);
1088 sm->rsnxe = NULL;
1089 sm->rsnxe_len = 0;
1090 }
1091
1092 return WPA_IE_OK;
1093 }
1094
1095
1096 #ifdef CONFIG_HS20
wpa_validate_osen(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * osen_ie,size_t osen_ie_len)1097 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
1098 struct wpa_state_machine *sm,
1099 const u8 *osen_ie, size_t osen_ie_len)
1100 {
1101 if (wpa_auth == NULL || sm == NULL)
1102 return -1;
1103
1104 /* TODO: parse OSEN element */
1105 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
1106 sm->mgmt_frame_prot = 1;
1107 sm->pairwise = WPA_CIPHER_CCMP;
1108 sm->wpa = WPA_VERSION_WPA2;
1109
1110 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
1111 os_free(sm->wpa_ie);
1112 sm->wpa_ie = os_malloc(osen_ie_len);
1113 if (sm->wpa_ie == NULL)
1114 return -1;
1115 }
1116
1117 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
1118 sm->wpa_ie_len = osen_ie_len;
1119
1120 return 0;
1121 }
1122
1123 #endif /* CONFIG_HS20 */
1124
1125
wpa_auth_uses_mfp(struct wpa_state_machine * sm)1126 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
1127 {
1128 return sm ? sm->mgmt_frame_prot : 0;
1129 }
1130
1131
1132 #ifdef CONFIG_OCV
1133
wpa_auth_set_ocv(struct wpa_state_machine * sm,int ocv)1134 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
1135 {
1136 if (sm)
1137 sm->ocv_enabled = ocv;
1138 }
1139
1140
wpa_auth_uses_ocv(struct wpa_state_machine * sm)1141 int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
1142 {
1143 return sm ? sm->ocv_enabled : 0;
1144 }
1145
1146 #endif /* CONFIG_OCV */
1147
1148
1149 #ifdef CONFIG_OWE
wpa_auth_write_assoc_resp_owe(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1150 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
1151 u8 *pos, size_t max_len,
1152 const u8 *req_ies, size_t req_ies_len)
1153 {
1154 int res;
1155 struct wpa_auth_config *conf;
1156
1157 if (!sm)
1158 return pos;
1159 conf = &sm->wpa_auth->conf;
1160
1161 #ifdef CONFIG_TESTING_OPTIONS
1162 if (conf->own_ie_override_len) {
1163 if (max_len < conf->own_ie_override_len)
1164 return NULL;
1165 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
1166 conf->own_ie_override, conf->own_ie_override_len);
1167 os_memcpy(pos, conf->own_ie_override,
1168 conf->own_ie_override_len);
1169 return pos + conf->own_ie_override_len;
1170 }
1171 #endif /* CONFIG_TESTING_OPTIONS */
1172
1173 res = wpa_write_rsn_ie(conf, pos, max_len,
1174 sm->pmksa ? sm->pmksa->pmkid : NULL);
1175 if (res < 0)
1176 return pos;
1177 return pos + res;
1178 }
1179 #endif /* CONFIG_OWE */
1180
1181
1182 #ifdef CONFIG_FILS
1183
wpa_auth_write_assoc_resp_fils(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1184 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
1185 u8 *pos, size_t max_len,
1186 const u8 *req_ies, size_t req_ies_len)
1187 {
1188 int res;
1189
1190 if (!sm ||
1191 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
1192 WPA_KEY_MGMT_FT_FILS_SHA384))
1193 return pos;
1194
1195 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
1196 if (res < 0)
1197 return pos;
1198 return pos + res;
1199 }
1200
1201
wpa_auth_write_fd_rsn_info(struct wpa_authenticator * wpa_auth,u8 * fd_rsn_info)1202 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth,
1203 u8 *fd_rsn_info)
1204 {
1205 struct wpa_auth_config *conf;
1206 u32 selectors = 0;
1207 u8 *pos = fd_rsn_info;
1208 int i, res;
1209 u32 cipher, suite, selector, mask;
1210 u8 tmp[10 * RSN_SELECTOR_LEN];
1211
1212 if (!wpa_auth)
1213 return false;
1214 conf = &wpa_auth->conf;
1215
1216 if (!(conf->wpa & WPA_PROTO_RSN))
1217 return false;
1218
1219 /* RSN Capability (B0..B15) */
1220 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf));
1221 pos += 2;
1222
1223 /* Group Data Cipher Suite Selector (B16..B21) */
1224 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
1225 if (suite == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
1226 cipher = 63; /* No cipher suite selected */
1227 else if ((suite >> 8) == 0x000fac && ((suite & 0xff) <= 13))
1228 cipher = suite & 0xff;
1229 else
1230 cipher = 62; /* vendor specific */
1231 selectors |= cipher;
1232
1233 /* Group Management Cipher Suite Selector (B22..B27) */
1234 cipher = 63; /* Default to no cipher suite selected */
1235 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1236 switch (conf->group_mgmt_cipher) {
1237 case WPA_CIPHER_AES_128_CMAC:
1238 cipher = RSN_CIPHER_SUITE_AES_128_CMAC & 0xff;
1239 break;
1240 case WPA_CIPHER_BIP_GMAC_128:
1241 cipher = RSN_CIPHER_SUITE_BIP_GMAC_128 & 0xff;
1242 break;
1243 case WPA_CIPHER_BIP_GMAC_256:
1244 cipher = RSN_CIPHER_SUITE_BIP_GMAC_256 & 0xff;
1245 break;
1246 case WPA_CIPHER_BIP_CMAC_256:
1247 cipher = RSN_CIPHER_SUITE_BIP_CMAC_256 & 0xff;
1248 break;
1249 }
1250 }
1251 selectors |= cipher << 6;
1252
1253 /* Pairwise Cipher Suite Selector (B28..B33) */
1254 cipher = 63; /* Default to no cipher suite selected */
1255 res = rsn_cipher_put_suites(tmp, conf->rsn_pairwise);
1256 if (res == 1 && tmp[0] == 0x00 && tmp[1] == 0x0f && tmp[2] == 0xac &&
1257 tmp[3] <= 13)
1258 cipher = tmp[3];
1259 selectors |= cipher << 12;
1260
1261 /* AKM Suite Selector (B34..B39) */
1262 selector = 0; /* default to AKM from RSNE in Beacon/Probe Response */
1263 mask = WPA_KEY_MGMT_FILS_SHA256 | WPA_KEY_MGMT_FILS_SHA384 |
1264 WPA_KEY_MGMT_FT_FILS_SHA384;
1265 if ((conf->wpa_key_mgmt & mask) && (conf->wpa_key_mgmt & ~mask) == 0) {
1266 suite = conf->wpa_key_mgmt & mask;
1267 if (suite == WPA_KEY_MGMT_FILS_SHA256)
1268 selector = 1; /* 00-0f-ac:14 */
1269 else if (suite == WPA_KEY_MGMT_FILS_SHA384)
1270 selector = 2; /* 00-0f-ac:15 */
1271 else if (suite == (WPA_KEY_MGMT_FILS_SHA256 |
1272 WPA_KEY_MGMT_FILS_SHA384))
1273 selector = 3; /* 00-0f-ac:14 or 00-0f-ac:15 */
1274 else if (suite == WPA_KEY_MGMT_FT_FILS_SHA384)
1275 selector = 4; /* 00-0f-ac:17 */
1276 }
1277 selectors |= selector << 18;
1278
1279 for (i = 0; i < 3; i++) {
1280 *pos++ = selectors & 0xff;
1281 selectors >>= 8;
1282 }
1283
1284 return true;
1285 }
1286
1287 #endif /* CONFIG_FILS */
1288