1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
16 #include "wpa_auth.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
20
21
22 #ifdef CONFIG_RSN_TESTING
23 int rsn_testing = 0;
24 #endif /* CONFIG_RSN_TESTING */
25
26
wpa_write_wpa_ie(struct wpa_auth_config * conf,u8 * buf,size_t len)27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
28 {
29 struct wpa_ie_hdr *hdr;
30 int num_suites;
31 u8 *pos, *count;
32 u32 suite;
33
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
39
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
41 if (suite == 0) {
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
43 conf->wpa_group);
44 return -1;
45 }
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
48
49 count = pos;
50 pos += 2;
51
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
55 conf->wpa_pairwise);
56 return -1;
57 }
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
60
61 num_suites = 0;
62 count = pos;
63 pos += 2;
64
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
68 num_suites++;
69 }
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
73 num_suites++;
74 }
75
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
78 conf->wpa_key_mgmt);
79 return -1;
80 }
81 WPA_PUT_LE16(count, num_suites);
82
83 /* WPA Capabilities; use defaults, so no need to include it */
84
85 hdr->len = (pos - buf) - 2;
86
87 return pos - buf;
88 }
89
90
wpa_own_rsn_capab(struct wpa_auth_config * conf)91 static u16 wpa_own_rsn_capab(struct wpa_auth_config *conf)
92 {
93 u16 capab = 0;
94
95 if (conf->rsn_preauth)
96 capab |= WPA_CAPABILITY_PREAUTH;
97 if (conf->wmm_enabled) {
98 /* 4 PTKSA replay counters when using WMM */
99 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
100 }
101 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
102 capab |= WPA_CAPABILITY_MFPC;
103 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
104 capab |= WPA_CAPABILITY_MFPR;
105 }
106 #ifdef CONFIG_OCV
107 if (conf->ocv)
108 capab |= WPA_CAPABILITY_OCVC;
109 #endif /* CONFIG_OCV */
110 #ifdef CONFIG_RSN_TESTING
111 if (rsn_testing)
112 capab |= BIT(8) | BIT(15);
113 #endif /* CONFIG_RSN_TESTING */
114 if (conf->extended_key_id)
115 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
116
117 return capab;
118 }
119
120
wpa_write_rsn_ie(struct wpa_auth_config * conf,u8 * buf,size_t len,const u8 * pmkid)121 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
122 const u8 *pmkid)
123 {
124 struct rsn_ie_hdr *hdr;
125 int num_suites, res;
126 u8 *pos, *count;
127 u32 suite;
128
129 hdr = (struct rsn_ie_hdr *) buf;
130 hdr->elem_id = WLAN_EID_RSN;
131 WPA_PUT_LE16(hdr->version, RSN_VERSION);
132 pos = (u8 *) (hdr + 1);
133
134 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
135 if (suite == 0) {
136 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
137 conf->wpa_group);
138 return -1;
139 }
140 RSN_SELECTOR_PUT(pos, suite);
141 pos += RSN_SELECTOR_LEN;
142
143 num_suites = 0;
144 count = pos;
145 pos += 2;
146
147 #ifdef CONFIG_RSN_TESTING
148 if (rsn_testing) {
149 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
150 pos += RSN_SELECTOR_LEN;
151 num_suites++;
152 }
153 #endif /* CONFIG_RSN_TESTING */
154
155 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
156 num_suites += res;
157 pos += res * RSN_SELECTOR_LEN;
158
159 #ifdef CONFIG_RSN_TESTING
160 if (rsn_testing) {
161 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
162 pos += RSN_SELECTOR_LEN;
163 num_suites++;
164 }
165 #endif /* CONFIG_RSN_TESTING */
166
167 if (num_suites == 0) {
168 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
169 conf->rsn_pairwise);
170 return -1;
171 }
172 WPA_PUT_LE16(count, num_suites);
173
174 num_suites = 0;
175 count = pos;
176 pos += 2;
177
178 #ifdef CONFIG_RSN_TESTING
179 if (rsn_testing) {
180 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
181 pos += RSN_SELECTOR_LEN;
182 num_suites++;
183 }
184 #endif /* CONFIG_RSN_TESTING */
185
186 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
187 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
188 pos += RSN_SELECTOR_LEN;
189 num_suites++;
190 }
191 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
192 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
193 pos += RSN_SELECTOR_LEN;
194 num_suites++;
195 }
196 #ifdef CONFIG_IEEE80211R_AP
197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
199 pos += RSN_SELECTOR_LEN;
200 num_suites++;
201 }
202 #ifdef CONFIG_SHA384
203 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
204 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
205 pos += RSN_SELECTOR_LEN;
206 num_suites++;
207 }
208 #endif /* CONFIG_SHA384 */
209 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
210 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
211 pos += RSN_SELECTOR_LEN;
212 num_suites++;
213 }
214 #endif /* CONFIG_IEEE80211R_AP */
215 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
216 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
217 pos += RSN_SELECTOR_LEN;
218 num_suites++;
219 }
220 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
221 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
222 pos += RSN_SELECTOR_LEN;
223 num_suites++;
224 }
225 #ifdef CONFIG_SAE
226 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
227 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
228 pos += RSN_SELECTOR_LEN;
229 num_suites++;
230 }
231 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
232 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
233 pos += RSN_SELECTOR_LEN;
234 num_suites++;
235 }
236 #endif /* CONFIG_SAE */
237 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
238 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
239 pos += RSN_SELECTOR_LEN;
240 num_suites++;
241 }
242 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
243 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
244 pos += RSN_SELECTOR_LEN;
245 num_suites++;
246 }
247 #ifdef CONFIG_FILS
248 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
249 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
250 pos += RSN_SELECTOR_LEN;
251 num_suites++;
252 }
253 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
254 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
255 pos += RSN_SELECTOR_LEN;
256 num_suites++;
257 }
258 #ifdef CONFIG_IEEE80211R_AP
259 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
260 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
261 pos += RSN_SELECTOR_LEN;
262 num_suites++;
263 }
264 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
265 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
266 pos += RSN_SELECTOR_LEN;
267 num_suites++;
268 }
269 #endif /* CONFIG_IEEE80211R_AP */
270 #endif /* CONFIG_FILS */
271 #ifdef CONFIG_OWE
272 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
273 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
274 pos += RSN_SELECTOR_LEN;
275 num_suites++;
276 }
277 #endif /* CONFIG_OWE */
278 #ifdef CONFIG_DPP
279 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
280 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
281 pos += RSN_SELECTOR_LEN;
282 num_suites++;
283 }
284 #endif /* CONFIG_DPP */
285 #ifdef CONFIG_HS20
286 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
287 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
288 pos += RSN_SELECTOR_LEN;
289 num_suites++;
290 }
291 #endif /* CONFIG_HS20 */
292 #ifdef CONFIG_PASN
293 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) {
294 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN);
295 pos += RSN_SELECTOR_LEN;
296 num_suites++;
297 }
298 #endif /* CONFIG_PASN */
299
300 #ifdef CONFIG_RSN_TESTING
301 if (rsn_testing) {
302 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
303 pos += RSN_SELECTOR_LEN;
304 num_suites++;
305 }
306 #endif /* CONFIG_RSN_TESTING */
307
308 if (num_suites == 0) {
309 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
310 conf->wpa_key_mgmt);
311 return -1;
312 }
313 WPA_PUT_LE16(count, num_suites);
314
315 /* RSN Capabilities */
316 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf));
317 pos += 2;
318
319 if (pmkid) {
320 if (2 + PMKID_LEN > buf + len - pos)
321 return -1;
322 /* PMKID Count */
323 WPA_PUT_LE16(pos, 1);
324 pos += 2;
325 os_memcpy(pos, pmkid, PMKID_LEN);
326 pos += PMKID_LEN;
327 }
328
329 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
330 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
331 if (2 + 4 > buf + len - pos)
332 return -1;
333 if (pmkid == NULL) {
334 /* PMKID Count */
335 WPA_PUT_LE16(pos, 0);
336 pos += 2;
337 }
338
339 /* Management Group Cipher Suite */
340 switch (conf->group_mgmt_cipher) {
341 case WPA_CIPHER_AES_128_CMAC:
342 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
343 break;
344 case WPA_CIPHER_BIP_GMAC_128:
345 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
346 break;
347 case WPA_CIPHER_BIP_GMAC_256:
348 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
349 break;
350 case WPA_CIPHER_BIP_CMAC_256:
351 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
352 break;
353 default:
354 wpa_printf(MSG_DEBUG,
355 "Invalid group management cipher (0x%x)",
356 conf->group_mgmt_cipher);
357 return -1;
358 }
359 pos += RSN_SELECTOR_LEN;
360 }
361
362 #ifdef CONFIG_RSN_TESTING
363 if (rsn_testing) {
364 /*
365 * Fill in any defined fields and add extra data to the end of
366 * the element.
367 */
368 int pmkid_count_set = pmkid != NULL;
369 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
370 pmkid_count_set = 1;
371 /* PMKID Count */
372 WPA_PUT_LE16(pos, 0);
373 pos += 2;
374 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
375 /* Management Group Cipher Suite */
376 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
377 pos += RSN_SELECTOR_LEN;
378 }
379
380 os_memset(pos, 0x12, 17);
381 pos += 17;
382 }
383 #endif /* CONFIG_RSN_TESTING */
384
385 hdr->len = (pos - buf) - 2;
386
387 return pos - buf;
388 }
389
390
wpa_write_rsnxe(struct wpa_auth_config * conf,u8 * buf,size_t len)391 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
392 {
393 u8 *pos = buf;
394 u16 capab = 0;
395 size_t flen;
396
397 if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) &&
398 (conf->sae_pwe == 1 || conf->sae_pwe == 2 || conf->sae_pk)) {
399 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
400 #ifdef CONFIG_SAE_PK
401 if (conf->sae_pk)
402 capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
403 #endif /* CONFIG_SAE_PK */
404 }
405
406 if (conf->secure_ltf)
407 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
408 if (conf->secure_rtt)
409 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
410 if (conf->prot_range_neg)
411 capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
412
413 flen = (capab & 0xff00) ? 2 : 1;
414 if (!capab)
415 return 0; /* no supported extended RSN capabilities */
416 if (len < 2 + flen)
417 return -1;
418 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
419
420 *pos++ = WLAN_EID_RSNX;
421 *pos++ = flen;
422 *pos++ = capab & 0x00ff;
423 capab >>= 8;
424 if (capab)
425 *pos++ = capab;
426
427 return pos - buf;
428 }
429
430
wpa_write_osen(struct wpa_auth_config * conf,u8 * eid)431 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
432 {
433 u8 *len;
434 u16 capab;
435
436 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
437 len = eid++; /* to be filled */
438 WPA_PUT_BE24(eid, OUI_WFA);
439 eid += 3;
440 *eid++ = HS20_OSEN_OUI_TYPE;
441
442 /* Group Data Cipher Suite */
443 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
444 eid += RSN_SELECTOR_LEN;
445
446 /* Pairwise Cipher Suite Count and List */
447 WPA_PUT_LE16(eid, 1);
448 eid += 2;
449 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
450 eid += RSN_SELECTOR_LEN;
451
452 /* AKM Suite Count and List */
453 WPA_PUT_LE16(eid, 1);
454 eid += 2;
455 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
456 eid += RSN_SELECTOR_LEN;
457
458 /* RSN Capabilities */
459 capab = 0;
460 if (conf->wmm_enabled) {
461 /* 4 PTKSA replay counters when using WMM */
462 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
463 }
464 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
465 capab |= WPA_CAPABILITY_MFPC;
466 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
467 capab |= WPA_CAPABILITY_MFPR;
468 }
469 #ifdef CONFIG_OCV
470 if (conf->ocv)
471 capab |= WPA_CAPABILITY_OCVC;
472 #endif /* CONFIG_OCV */
473 WPA_PUT_LE16(eid, capab);
474 eid += 2;
475
476 *len = eid - len - 1;
477
478 return eid;
479 }
480
481
wpa_auth_gen_wpa_ie(struct wpa_authenticator * wpa_auth)482 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
483 {
484 u8 *pos, buf[128];
485 int res;
486
487 #ifdef CONFIG_TESTING_OPTIONS
488 if (wpa_auth->conf.own_ie_override_len) {
489 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
490 wpa_auth->conf.own_ie_override,
491 wpa_auth->conf.own_ie_override_len);
492 os_free(wpa_auth->wpa_ie);
493 wpa_auth->wpa_ie =
494 os_malloc(wpa_auth->conf.own_ie_override_len);
495 if (wpa_auth->wpa_ie == NULL)
496 return -1;
497 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
498 wpa_auth->conf.own_ie_override_len);
499 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
500 return 0;
501 }
502 #endif /* CONFIG_TESTING_OPTIONS */
503
504 pos = buf;
505
506 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
507 pos = wpa_write_osen(&wpa_auth->conf, pos);
508 }
509 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
510 res = wpa_write_rsn_ie(&wpa_auth->conf,
511 pos, buf + sizeof(buf) - pos, NULL);
512 if (res < 0)
513 return res;
514 pos += res;
515 res = wpa_write_rsnxe(&wpa_auth->conf, pos,
516 buf + sizeof(buf) - pos);
517 if (res < 0)
518 return res;
519 pos += res;
520 }
521 #ifdef CONFIG_IEEE80211R_AP
522 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
523 res = wpa_write_mdie(&wpa_auth->conf, pos,
524 buf + sizeof(buf) - pos);
525 if (res < 0)
526 return res;
527 pos += res;
528 }
529 #endif /* CONFIG_IEEE80211R_AP */
530 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
531 res = wpa_write_wpa_ie(&wpa_auth->conf,
532 pos, buf + sizeof(buf) - pos);
533 if (res < 0)
534 return res;
535 pos += res;
536 }
537
538 os_free(wpa_auth->wpa_ie);
539 wpa_auth->wpa_ie = os_malloc(pos - buf);
540 if (wpa_auth->wpa_ie == NULL)
541 return -1;
542 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
543 wpa_auth->wpa_ie_len = pos - buf;
544
545 return 0;
546 }
547
548
wpa_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len,const u8 * data2,size_t data2_len)549 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
550 const u8 *data2, size_t data2_len)
551 {
552 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
553 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
554 RSN_SELECTOR_PUT(pos, kde);
555 pos += RSN_SELECTOR_LEN;
556 os_memcpy(pos, data, data_len);
557 pos += data_len;
558 if (data2) {
559 os_memcpy(pos, data2, data2_len);
560 pos += data2_len;
561 }
562 return pos;
563 }
564
565
566 struct wpa_auth_okc_iter_data {
567 struct rsn_pmksa_cache_entry *pmksa;
568 const u8 *aa;
569 const u8 *spa;
570 const u8 *pmkid;
571 };
572
573
wpa_auth_okc_iter(struct wpa_authenticator * a,void * ctx)574 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
575 {
576 struct wpa_auth_okc_iter_data *data = ctx;
577 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
578 data->pmkid);
579 if (data->pmksa)
580 return 1;
581 return 0;
582 }
583
584
585 enum wpa_validate_result
wpa_validate_wpa_ie(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,int freq,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsnxe,size_t rsnxe_len,const u8 * mdie,size_t mdie_len,const u8 * owe_dh,size_t owe_dh_len)586 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
587 struct wpa_state_machine *sm, int freq,
588 const u8 *wpa_ie, size_t wpa_ie_len,
589 const u8 *rsnxe, size_t rsnxe_len,
590 const u8 *mdie, size_t mdie_len,
591 const u8 *owe_dh, size_t owe_dh_len)
592 {
593 struct wpa_auth_config *conf = &wpa_auth->conf;
594 struct wpa_ie_data data;
595 int ciphers, key_mgmt, res, version;
596 u32 selector;
597 size_t i;
598 const u8 *pmkid = NULL;
599
600 if (wpa_auth == NULL || sm == NULL)
601 return WPA_NOT_ENABLED;
602
603 if (wpa_ie == NULL || wpa_ie_len < 1)
604 return WPA_INVALID_IE;
605
606 if (wpa_ie[0] == WLAN_EID_RSN)
607 version = WPA_PROTO_RSN;
608 else
609 version = WPA_PROTO_WPA;
610
611 if (!(wpa_auth->conf.wpa & version)) {
612 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
613 version, MAC2STR(sm->addr));
614 return WPA_INVALID_PROTO;
615 }
616
617 if (version == WPA_PROTO_RSN) {
618 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
619 if (!data.has_pairwise)
620 data.pairwise_cipher = wpa_default_rsn_cipher(freq);
621 if (!data.has_group)
622 data.group_cipher = wpa_default_rsn_cipher(freq);
623
624 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
625 !wpa_key_mgmt_only_ft(data.key_mgmt)) {
626 /* Workaround for some HP and Epson printers that seem
627 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
628 * advertised RSNE to Association Request frame. */
629 wpa_printf(MSG_DEBUG,
630 "RSN: FT set in RSNE AKM but MDE is missing from "
631 MACSTR
632 " - ignore FT AKM(s) because there's also a non-FT AKM",
633 MAC2STR(sm->addr));
634 data.key_mgmt &= ~WPA_KEY_MGMT_FT;
635 }
636
637 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
638 if (0) {
639 }
640 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
641 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
642 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
643 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
644 #ifdef CONFIG_FILS
645 #ifdef CONFIG_IEEE80211R_AP
646 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
647 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
648 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
649 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
650 #endif /* CONFIG_IEEE80211R_AP */
651 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
652 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
653 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
654 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
655 #endif /* CONFIG_FILS */
656 #ifdef CONFIG_IEEE80211R_AP
657 #ifdef CONFIG_SHA384
658 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
659 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
660 #endif /* CONFIG_SHA384 */
661 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
662 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
663 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
664 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
665 #endif /* CONFIG_IEEE80211R_AP */
666 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
667 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
668 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
669 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
670 #ifdef CONFIG_SAE
671 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
672 selector = RSN_AUTH_KEY_MGMT_SAE;
673 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
674 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
675 #endif /* CONFIG_SAE */
676 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
677 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
678 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
679 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
680 #ifdef CONFIG_OWE
681 else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
682 selector = RSN_AUTH_KEY_MGMT_OWE;
683 #endif /* CONFIG_OWE */
684 #ifdef CONFIG_DPP
685 else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
686 selector = RSN_AUTH_KEY_MGMT_DPP;
687 #endif /* CONFIG_DPP */
688 #ifdef CONFIG_HS20
689 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
690 selector = RSN_AUTH_KEY_MGMT_OSEN;
691 #endif /* CONFIG_HS20 */
692 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
693
694 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
695 data.pairwise_cipher);
696 if (!selector)
697 selector = RSN_CIPHER_SUITE_CCMP;
698 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
699
700 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
701 data.group_cipher);
702 if (!selector)
703 selector = RSN_CIPHER_SUITE_CCMP;
704 wpa_auth->dot11RSNAGroupCipherSelected = selector;
705 } else {
706 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
707
708 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
709 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
710 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
711 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
712 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
713 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
714
715 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
716 data.pairwise_cipher);
717 if (!selector)
718 selector = RSN_CIPHER_SUITE_TKIP;
719 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
720
721 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
722 data.group_cipher);
723 if (!selector)
724 selector = WPA_CIPHER_SUITE_TKIP;
725 wpa_auth->dot11RSNAGroupCipherSelected = selector;
726 }
727 if (res) {
728 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
729 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
730 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
731 return WPA_INVALID_IE;
732 }
733
734 if (data.group_cipher != wpa_auth->conf.wpa_group) {
735 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
736 MACSTR, data.group_cipher, MAC2STR(sm->addr));
737 return WPA_INVALID_GROUP;
738 }
739
740 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
741 if (!key_mgmt) {
742 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
743 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
744 return WPA_INVALID_AKMP;
745 }
746 if (0) {
747 }
748 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
749 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
750 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
751 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
752 #ifdef CONFIG_FILS
753 #ifdef CONFIG_IEEE80211R_AP
754 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
755 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
756 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
757 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
758 #endif /* CONFIG_IEEE80211R_AP */
759 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
760 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
761 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
762 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
763 #endif /* CONFIG_FILS */
764 #ifdef CONFIG_IEEE80211R_AP
765 #ifdef CONFIG_SHA384
766 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
767 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
768 #endif /* CONFIG_SHA384 */
769 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
770 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
771 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
772 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
773 #endif /* CONFIG_IEEE80211R_AP */
774 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
775 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
776 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
777 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
778 #ifdef CONFIG_SAE
779 else if (key_mgmt & WPA_KEY_MGMT_SAE)
780 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
781 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
782 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
783 #endif /* CONFIG_SAE */
784 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
785 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
786 #ifdef CONFIG_OWE
787 else if (key_mgmt & WPA_KEY_MGMT_OWE)
788 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
789 #endif /* CONFIG_OWE */
790 #ifdef CONFIG_DPP
791 else if (key_mgmt & WPA_KEY_MGMT_DPP)
792 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
793 #endif /* CONFIG_DPP */
794 #ifdef CONFIG_HS20
795 else if (key_mgmt & WPA_KEY_MGMT_OSEN)
796 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
797 #endif /* CONFIG_HS20 */
798 else
799 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
800
801 if (version == WPA_PROTO_RSN)
802 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
803 else
804 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
805 if (!ciphers) {
806 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
807 "from " MACSTR,
808 version == WPA_PROTO_RSN ? "RSN" : "WPA",
809 data.pairwise_cipher, MAC2STR(sm->addr));
810 return WPA_INVALID_PAIRWISE;
811 }
812
813 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
814 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
815 wpa_printf(MSG_DEBUG, "Management frame protection "
816 "required, but client did not enable it");
817 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
818 }
819
820 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
821 {
822 wpa_printf(MSG_DEBUG, "Unsupported management group "
823 "cipher %d", data.mgmt_group_cipher);
824 return WPA_INVALID_MGMT_GROUP_CIPHER;
825 }
826 }
827
828 #ifdef CONFIG_SAE
829 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
830 wpa_auth->conf.sae_require_mfp &&
831 wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
832 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
833 wpa_printf(MSG_DEBUG,
834 "Management frame protection required with SAE, but client did not enable it");
835 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
836 }
837 #endif /* CONFIG_SAE */
838
839 #ifdef CONFIG_OCV
840 if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC) &&
841 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
842 /* Some legacy MFP incapable STAs wrongly copy OCVC bit from
843 * AP RSN capabilities. To improve interoperability with such
844 * legacy STAs allow connection without enabling OCV when the
845 * workaround mode (ocv=2) is enabled.
846 */
847 if (wpa_auth->conf.ocv == 2) {
848 wpa_printf(MSG_DEBUG,
849 "Allow connecting MFP incapable and OCV capable STA without enabling OCV");
850 wpa_auth_set_ocv(sm, 0);
851 } else {
852 wpa_printf(MSG_DEBUG,
853 "Management frame protection required with OCV, but client did not enable it");
854 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
855 }
856 } else {
857 wpa_auth_set_ocv(sm, (data.capabilities & WPA_CAPABILITY_OCVC) ?
858 wpa_auth->conf.ocv : 0);
859 }
860 #endif /* CONFIG_OCV */
861
862 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
863 !(data.capabilities & WPA_CAPABILITY_MFPC))
864 sm->mgmt_frame_prot = 0;
865 else
866 sm->mgmt_frame_prot = 1;
867
868 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
869 wpa_printf(MSG_DEBUG,
870 "Management frame protection cannot use TKIP");
871 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
872 }
873
874 #ifdef CONFIG_IEEE80211R_AP
875 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
876 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
877 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
878 "MDIE not included");
879 return WPA_INVALID_MDIE;
880 }
881 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
882 MOBILITY_DOMAIN_ID_LEN) != 0) {
883 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
884 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
885 return WPA_INVALID_MDIE;
886 }
887 } else if (mdie != NULL) {
888 wpa_printf(MSG_DEBUG,
889 "RSN: Trying to use non-FT AKM suite, but MDIE included");
890 return WPA_INVALID_AKMP;
891 }
892 #endif /* CONFIG_IEEE80211R_AP */
893
894 #ifdef CONFIG_OWE
895 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
896 wpa_printf(MSG_DEBUG,
897 "OWE: No Diffie-Hellman Parameter element");
898 return WPA_INVALID_AKMP;
899 }
900 #endif /* CONFIG_OWE */
901
902 #ifdef CONFIG_DPP2
903 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
904 ((conf->dpp_pfs == 1 && !owe_dh) ||
905 (conf->dpp_pfs == 2 && owe_dh))) {
906 wpa_printf(MSG_DEBUG, "DPP: PFS %s",
907 conf->dpp_pfs == 1 ? "required" : "not allowed");
908 return WPA_DENIED_OTHER_REASON;
909 }
910 #endif /* CONFIG_DPP2 */
911
912 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
913 if (sm->pairwise < 0)
914 return WPA_INVALID_PAIRWISE;
915
916 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
917 if (wpa_ie[0] == WLAN_EID_RSN)
918 sm->wpa = WPA_VERSION_WPA2;
919 else
920 sm->wpa = WPA_VERSION_WPA;
921
922 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
923 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
924 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
925 (sm->auth_alg == WLAN_AUTH_FILS_SK ||
926 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
927 sm->auth_alg == WLAN_AUTH_FILS_PK) &&
928 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
929 os_memcmp_const(data.pmkid, sm->pmk_r1_name,
930 WPA_PMK_NAME_LEN) != 0)) {
931 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
932 "No PMKR1Name match for FILS+FT");
933 return WPA_INVALID_PMKID;
934 }
935 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
936
937 sm->pmksa = NULL;
938 for (i = 0; i < data.num_pmkid; i++) {
939 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
940 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
941 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
942 &data.pmkid[i * PMKID_LEN]);
943 if (sm->pmksa) {
944 pmkid = sm->pmksa->pmkid;
945 break;
946 }
947 }
948 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
949 i < data.num_pmkid; i++) {
950 struct wpa_auth_okc_iter_data idata;
951 idata.pmksa = NULL;
952 idata.aa = wpa_auth->addr;
953 idata.spa = sm->addr;
954 idata.pmkid = &data.pmkid[i * PMKID_LEN];
955 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
956 if (idata.pmksa) {
957 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
958 "OKC match for PMKID");
959 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
960 idata.pmksa,
961 wpa_auth->addr,
962 idata.pmkid);
963 pmkid = idata.pmkid;
964 break;
965 }
966 }
967 if (sm->pmksa && pmkid) {
968 struct vlan_description *vlan;
969
970 vlan = sm->pmksa->vlan_desc;
971 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
972 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
973 sm->pmksa->eap_type_authsrv,
974 vlan ? vlan->untagged : 0,
975 (vlan && vlan->tagged[0]) ? "+" : "");
976 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
977 }
978
979 #ifdef CONFIG_SAE
980 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
981 !sm->pmksa) {
982 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
983 "No PMKSA cache entry found for SAE");
984 return WPA_INVALID_PMKID;
985 }
986 #endif /* CONFIG_SAE */
987
988 #ifdef CONFIG_DPP
989 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
990 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
991 "No PMKSA cache entry found for DPP");
992 return WPA_INVALID_PMKID;
993 }
994 #endif /* CONFIG_DPP */
995
996 if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 &&
997 sm->pairwise != WPA_CIPHER_TKIP &&
998 (data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) {
999 sm->use_ext_key_id = true;
1000 if (conf->extended_key_id == 2 &&
1001 !wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
1002 !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
1003 sm->keyidx_active = 1;
1004 else
1005 sm->keyidx_active = 0;
1006 wpa_printf(MSG_DEBUG,
1007 "RSN: Extended Key ID supported (start with %d)",
1008 sm->keyidx_active);
1009 } else {
1010 sm->use_ext_key_id = false;
1011 }
1012
1013 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
1014 os_free(sm->wpa_ie);
1015 sm->wpa_ie = os_malloc(wpa_ie_len);
1016 if (sm->wpa_ie == NULL)
1017 return WPA_ALLOC_FAIL;
1018 }
1019 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
1020 sm->wpa_ie_len = wpa_ie_len;
1021
1022 if (rsnxe && rsnxe_len) {
1023 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
1024 os_free(sm->rsnxe);
1025 sm->rsnxe = os_malloc(rsnxe_len);
1026 if (!sm->rsnxe)
1027 return WPA_ALLOC_FAIL;
1028 }
1029 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len);
1030 sm->rsnxe_len = rsnxe_len;
1031 } else {
1032 os_free(sm->rsnxe);
1033 sm->rsnxe = NULL;
1034 sm->rsnxe_len = 0;
1035 }
1036
1037 return WPA_IE_OK;
1038 }
1039
1040
1041 #ifdef CONFIG_HS20
wpa_validate_osen(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * osen_ie,size_t osen_ie_len)1042 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
1043 struct wpa_state_machine *sm,
1044 const u8 *osen_ie, size_t osen_ie_len)
1045 {
1046 if (wpa_auth == NULL || sm == NULL)
1047 return -1;
1048
1049 /* TODO: parse OSEN element */
1050 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
1051 sm->mgmt_frame_prot = 1;
1052 sm->pairwise = WPA_CIPHER_CCMP;
1053 sm->wpa = WPA_VERSION_WPA2;
1054
1055 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
1056 os_free(sm->wpa_ie);
1057 sm->wpa_ie = os_malloc(osen_ie_len);
1058 if (sm->wpa_ie == NULL)
1059 return -1;
1060 }
1061
1062 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
1063 sm->wpa_ie_len = osen_ie_len;
1064
1065 return 0;
1066 }
1067
1068 #endif /* CONFIG_HS20 */
1069
1070
wpa_auth_uses_mfp(struct wpa_state_machine * sm)1071 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
1072 {
1073 return sm ? sm->mgmt_frame_prot : 0;
1074 }
1075
1076
1077 #ifdef CONFIG_OCV
1078
wpa_auth_set_ocv(struct wpa_state_machine * sm,int ocv)1079 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
1080 {
1081 if (sm)
1082 sm->ocv_enabled = ocv;
1083 }
1084
1085
wpa_auth_uses_ocv(struct wpa_state_machine * sm)1086 int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
1087 {
1088 return sm ? sm->ocv_enabled : 0;
1089 }
1090
1091 #endif /* CONFIG_OCV */
1092
1093
1094 #ifdef CONFIG_OWE
wpa_auth_write_assoc_resp_owe(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1095 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
1096 u8 *pos, size_t max_len,
1097 const u8 *req_ies, size_t req_ies_len)
1098 {
1099 int res;
1100 struct wpa_auth_config *conf;
1101
1102 if (!sm)
1103 return pos;
1104 conf = &sm->wpa_auth->conf;
1105
1106 #ifdef CONFIG_TESTING_OPTIONS
1107 if (conf->own_ie_override_len) {
1108 if (max_len < conf->own_ie_override_len)
1109 return NULL;
1110 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
1111 conf->own_ie_override, conf->own_ie_override_len);
1112 os_memcpy(pos, conf->own_ie_override,
1113 conf->own_ie_override_len);
1114 return pos + conf->own_ie_override_len;
1115 }
1116 #endif /* CONFIG_TESTING_OPTIONS */
1117
1118 res = wpa_write_rsn_ie(conf, pos, max_len,
1119 sm->pmksa ? sm->pmksa->pmkid : NULL);
1120 if (res < 0)
1121 return pos;
1122 return pos + res;
1123 }
1124 #endif /* CONFIG_OWE */
1125
1126
1127 #ifdef CONFIG_FILS
1128
wpa_auth_write_assoc_resp_fils(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1129 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
1130 u8 *pos, size_t max_len,
1131 const u8 *req_ies, size_t req_ies_len)
1132 {
1133 int res;
1134
1135 if (!sm ||
1136 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
1137 WPA_KEY_MGMT_FT_FILS_SHA384))
1138 return pos;
1139
1140 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
1141 if (res < 0)
1142 return pos;
1143 return pos + res;
1144 }
1145
1146
wpa_auth_write_fd_rsn_info(struct wpa_authenticator * wpa_auth,u8 * fd_rsn_info)1147 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth,
1148 u8 *fd_rsn_info)
1149 {
1150 struct wpa_auth_config *conf;
1151 u32 selectors = 0;
1152 u8 *pos = fd_rsn_info;
1153 int i, res;
1154 u32 cipher, suite, selector, mask;
1155 u8 tmp[10 * RSN_SELECTOR_LEN];
1156
1157 if (!wpa_auth)
1158 return false;
1159 conf = &wpa_auth->conf;
1160
1161 if (!(conf->wpa & WPA_PROTO_RSN))
1162 return false;
1163
1164 /* RSN Capability (B0..B15) */
1165 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf));
1166 pos += 2;
1167
1168 /* Group Data Cipher Suite Selector (B16..B21) */
1169 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
1170 if (suite == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
1171 cipher = 63; /* No cipher suite selected */
1172 if ((suite >> 8) == 0x000fac && ((suite & 0xff) <= 13))
1173 cipher = suite & 0xff;
1174 else
1175 cipher = 62; /* vendor specific */
1176 selectors |= cipher;
1177
1178 /* Group Management Cipher Suite Selector (B22..B27) */
1179 cipher = 63; /* Default to no cipher suite selected */
1180 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1181 switch (conf->group_mgmt_cipher) {
1182 case WPA_CIPHER_AES_128_CMAC:
1183 cipher = RSN_CIPHER_SUITE_AES_128_CMAC & 0xff;
1184 break;
1185 case WPA_CIPHER_BIP_GMAC_128:
1186 cipher = RSN_CIPHER_SUITE_BIP_GMAC_128 & 0xff;
1187 break;
1188 case WPA_CIPHER_BIP_GMAC_256:
1189 cipher = RSN_CIPHER_SUITE_BIP_GMAC_256 & 0xff;
1190 break;
1191 case WPA_CIPHER_BIP_CMAC_256:
1192 cipher = RSN_CIPHER_SUITE_BIP_CMAC_256 & 0xff;
1193 break;
1194 }
1195 }
1196 selectors |= cipher << 6;
1197
1198 /* Pairwise Cipher Suite Selector (B28..B33) */
1199 cipher = 63; /* Default to no cipher suite selected */
1200 res = rsn_cipher_put_suites(tmp, conf->rsn_pairwise);
1201 if (res == 1 && tmp[0] == 0x00 && tmp[1] == 0x0f && tmp[2] == 0xac &&
1202 tmp[3] <= 13)
1203 cipher = tmp[3];
1204 selectors |= cipher << 12;
1205
1206 /* AKM Suite Selector (B34..B39) */
1207 selector = 0; /* default to AKM from RSNE in Beacon/Probe Response */
1208 mask = WPA_KEY_MGMT_FILS_SHA256 | WPA_KEY_MGMT_FILS_SHA384 |
1209 WPA_KEY_MGMT_FT_FILS_SHA384;
1210 if ((conf->wpa_key_mgmt & mask) && (conf->wpa_key_mgmt & ~mask) == 0) {
1211 suite = conf->wpa_key_mgmt & mask;
1212 if (suite == WPA_KEY_MGMT_FILS_SHA256)
1213 selector = 1; /* 00-0f-ac:14 */
1214 else if (suite == WPA_KEY_MGMT_FILS_SHA384)
1215 selector = 2; /* 00-0f-ac:15 */
1216 else if (suite == (WPA_KEY_MGMT_FILS_SHA256 |
1217 WPA_KEY_MGMT_FILS_SHA384))
1218 selector = 3; /* 00-0f-ac:14 or 00-0f-ac:15 */
1219 else if (suite == WPA_KEY_MGMT_FT_FILS_SHA384)
1220 selector = 4; /* 00-0f-ac:17 */
1221 }
1222 selectors |= selector << 18;
1223
1224 for (i = 0; i < 3; i++) {
1225 *pos++ = selectors & 0xff;
1226 selectors >>= 8;
1227 }
1228
1229 return true;
1230 }
1231
1232 #endif /* CONFIG_FILS */
1233