1 /*
2 * WPA/RSN - Shared functions for supplicant and authenticator
3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/md5.h"
13 #include "crypto/sha1.h"
14 #include "crypto/sha256.h"
15 #include "crypto/aes_wrap.h"
16 #include "crypto/crypto.h"
17 #include "drivers/driver.h"
18 #include "ieee802_11_defs.h"
19 #include "defs.h"
20 #include "wpa_common.h"
21
22
23 /**
24 * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
25 * @key: EAPOL-Key Key Confirmation Key (KCK)
26 * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
27 * @buf: Pointer to the beginning of the EAPOL header (version field)
28 * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
29 * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
30 * Returns: 0 on success, -1 on failure
31 *
32 * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
33 * to be cleared (all zeroes) when calling this function.
34 *
35 * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
36 * description of the Key MIC calculation. It includes packet data from the
37 * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
38 * happened during final editing of the standard and the correct behavior is
39 * defined in the last draft (IEEE 802.11i/D10).
40 */
wpa_eapol_key_mic(const u8 * key,int ver,const u8 * buf,size_t len,u8 * mic)41 int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,
42 u8 *mic)
43 {
44 u8 hash[SHA1_MAC_LEN];
45
46 switch (ver) {
47 #ifndef CONFIG_FIPS
48 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
49 return hmac_md5(key, 16, buf, len, mic);
50 #endif /* CONFIG_FIPS */
51 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
52 if (hmac_sha1(key, 16, buf, len, hash))
53 return -1;
54 os_memcpy(mic, hash, MD5_MAC_LEN);
55 break;
56 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
57 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
58 return omac1_aes_128(key, buf, len, mic);
59 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
60 #ifdef CONFIG_HS20
61 case WPA_KEY_INFO_TYPE_AKM_DEFINED:
62 /* FIX: This should be based on negotiated AKM */
63 return omac1_aes_128(key, buf, len, mic);
64 #endif /* CONFIG_HS20 */
65 default:
66 return -1;
67 }
68
69 return 0;
70 }
71
72
73 /**
74 * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
75 * @pmk: Pairwise master key
76 * @pmk_len: Length of PMK
77 * @label: Label to use in derivation
78 * @addr1: AA or SA
79 * @addr2: SA or AA
80 * @nonce1: ANonce or SNonce
81 * @nonce2: SNonce or ANonce
82 * @ptk: Buffer for pairwise transient key
83 * @ptk_len: Length of PTK
84 * @use_sha256: Whether to use SHA256-based KDF
85 *
86 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
87 * PTK = PRF-X(PMK, "Pairwise key expansion",
88 * Min(AA, SA) || Max(AA, SA) ||
89 * Min(ANonce, SNonce) || Max(ANonce, SNonce))
90 *
91 * STK = PRF-X(SMK, "Peer key expansion",
92 * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
93 * Min(INonce, PNonce) || Max(INonce, PNonce))
94 */
wpa_pmk_to_ptk(const u8 * pmk,size_t pmk_len,const char * label,const u8 * addr1,const u8 * addr2,const u8 * nonce1,const u8 * nonce2,u8 * ptk,size_t ptk_len,int use_sha256)95 void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
96 const u8 *addr1, const u8 *addr2,
97 const u8 *nonce1, const u8 *nonce2,
98 u8 *ptk, size_t ptk_len, int use_sha256)
99 {
100 u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
101
102 if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
103 os_memcpy(data, addr1, ETH_ALEN);
104 os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
105 } else {
106 os_memcpy(data, addr2, ETH_ALEN);
107 os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
108 }
109
110 if (os_memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
111 os_memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
112 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
113 WPA_NONCE_LEN);
114 } else {
115 os_memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
116 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
117 WPA_NONCE_LEN);
118 }
119
120 #ifdef CONFIG_IEEE80211W
121 if (use_sha256)
122 sha256_prf(pmk, pmk_len, label, data, sizeof(data),
123 ptk, ptk_len);
124 else
125 #endif /* CONFIG_IEEE80211W */
126 sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk,
127 ptk_len);
128
129 wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR,
130 MAC2STR(addr1), MAC2STR(addr2));
131 wpa_hexdump(MSG_DEBUG, "WPA: Nonce1", nonce1, WPA_NONCE_LEN);
132 wpa_hexdump(MSG_DEBUG, "WPA: Nonce2", nonce2, WPA_NONCE_LEN);
133 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
134 wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
135 }
136
137
138 #ifdef CONFIG_IEEE80211R
wpa_ft_mic(const u8 * kck,const u8 * sta_addr,const u8 * ap_addr,u8 transaction_seqnum,const u8 * mdie,size_t mdie_len,const u8 * ftie,size_t ftie_len,const u8 * rsnie,size_t rsnie_len,const u8 * ric,size_t ric_len,u8 * mic)139 int wpa_ft_mic(const u8 *kck, const u8 *sta_addr, const u8 *ap_addr,
140 u8 transaction_seqnum, const u8 *mdie, size_t mdie_len,
141 const u8 *ftie, size_t ftie_len,
142 const u8 *rsnie, size_t rsnie_len,
143 const u8 *ric, size_t ric_len, u8 *mic)
144 {
145 u8 *buf, *pos;
146 size_t buf_len;
147
148 buf_len = 2 * ETH_ALEN + 1 + mdie_len + ftie_len + rsnie_len + ric_len;
149 buf = os_malloc(buf_len);
150 if (buf == NULL)
151 return -1;
152
153 pos = buf;
154 os_memcpy(pos, sta_addr, ETH_ALEN);
155 pos += ETH_ALEN;
156 os_memcpy(pos, ap_addr, ETH_ALEN);
157 pos += ETH_ALEN;
158 *pos++ = transaction_seqnum;
159 if (rsnie) {
160 os_memcpy(pos, rsnie, rsnie_len);
161 pos += rsnie_len;
162 }
163 if (mdie) {
164 os_memcpy(pos, mdie, mdie_len);
165 pos += mdie_len;
166 }
167 if (ftie) {
168 struct rsn_ftie *_ftie;
169 os_memcpy(pos, ftie, ftie_len);
170 if (ftie_len < 2 + sizeof(*_ftie)) {
171 os_free(buf);
172 return -1;
173 }
174 _ftie = (struct rsn_ftie *) (pos + 2);
175 os_memset(_ftie->mic, 0, sizeof(_ftie->mic));
176 pos += ftie_len;
177 }
178 if (ric) {
179 os_memcpy(pos, ric, ric_len);
180 pos += ric_len;
181 }
182
183 wpa_hexdump(MSG_MSGDUMP, "FT: MIC data", buf, pos - buf);
184 if (omac1_aes_128(kck, buf, pos - buf, mic)) {
185 os_free(buf);
186 return -1;
187 }
188
189 os_free(buf);
190
191 return 0;
192 }
193
194
wpa_ft_parse_ftie(const u8 * ie,size_t ie_len,struct wpa_ft_ies * parse)195 static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len,
196 struct wpa_ft_ies *parse)
197 {
198 const u8 *end, *pos;
199
200 parse->ftie = ie;
201 parse->ftie_len = ie_len;
202
203 pos = ie + sizeof(struct rsn_ftie);
204 end = ie + ie_len;
205
206 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
207 switch (pos[0]) {
208 case FTIE_SUBELEM_R1KH_ID:
209 if (pos[1] != FT_R1KH_ID_LEN) {
210 wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID "
211 "length in FTIE: %d", pos[1]);
212 return -1;
213 }
214 parse->r1kh_id = pos + 2;
215 break;
216 case FTIE_SUBELEM_GTK:
217 parse->gtk = pos + 2;
218 parse->gtk_len = pos[1];
219 break;
220 case FTIE_SUBELEM_R0KH_ID:
221 if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) {
222 wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID "
223 "length in FTIE: %d", pos[1]);
224 return -1;
225 }
226 parse->r0kh_id = pos + 2;
227 parse->r0kh_id_len = pos[1];
228 break;
229 #ifdef CONFIG_IEEE80211W
230 case FTIE_SUBELEM_IGTK:
231 parse->igtk = pos + 2;
232 parse->igtk_len = pos[1];
233 break;
234 #endif /* CONFIG_IEEE80211W */
235 }
236
237 pos += 2 + pos[1];
238 }
239
240 return 0;
241 }
242
243
wpa_ft_parse_ies(const u8 * ies,size_t ies_len,struct wpa_ft_ies * parse)244 int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
245 struct wpa_ft_ies *parse)
246 {
247 const u8 *end, *pos;
248 struct wpa_ie_data data;
249 int ret;
250 const struct rsn_ftie *ftie;
251 int prot_ie_count = 0;
252
253 os_memset(parse, 0, sizeof(*parse));
254 if (ies == NULL)
255 return 0;
256
257 pos = ies;
258 end = ies + ies_len;
259 while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
260 switch (pos[0]) {
261 case WLAN_EID_RSN:
262 parse->rsn = pos + 2;
263 parse->rsn_len = pos[1];
264 ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
265 parse->rsn_len + 2,
266 &data);
267 if (ret < 0) {
268 wpa_printf(MSG_DEBUG, "FT: Failed to parse "
269 "RSN IE: %d", ret);
270 return -1;
271 }
272 if (data.num_pmkid == 1 && data.pmkid)
273 parse->rsn_pmkid = data.pmkid;
274 break;
275 case WLAN_EID_MOBILITY_DOMAIN:
276 parse->mdie = pos + 2;
277 parse->mdie_len = pos[1];
278 break;
279 case WLAN_EID_FAST_BSS_TRANSITION:
280 if (pos[1] < sizeof(*ftie))
281 return -1;
282 ftie = (const struct rsn_ftie *) (pos + 2);
283 prot_ie_count = ftie->mic_control[1];
284 if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0)
285 return -1;
286 break;
287 case WLAN_EID_TIMEOUT_INTERVAL:
288 parse->tie = pos + 2;
289 parse->tie_len = pos[1];
290 break;
291 case WLAN_EID_RIC_DATA:
292 if (parse->ric == NULL)
293 parse->ric = pos;
294 break;
295 }
296
297 pos += 2 + pos[1];
298 }
299
300 if (prot_ie_count == 0)
301 return 0; /* no MIC */
302
303 /*
304 * Check that the protected IE count matches with IEs included in the
305 * frame.
306 */
307 if (parse->rsn)
308 prot_ie_count--;
309 if (parse->mdie)
310 prot_ie_count--;
311 if (parse->ftie)
312 prot_ie_count--;
313 if (prot_ie_count < 0) {
314 wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in "
315 "the protected IE count");
316 return -1;
317 }
318
319 if (prot_ie_count == 0 && parse->ric) {
320 wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not "
321 "included in protected IE count");
322 return -1;
323 }
324
325 /* Determine the end of the RIC IE(s) */
326 pos = parse->ric;
327 while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end &&
328 prot_ie_count) {
329 prot_ie_count--;
330 pos += 2 + pos[1];
331 }
332 parse->ric_len = pos - parse->ric;
333 if (prot_ie_count) {
334 wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
335 "frame", (int) prot_ie_count);
336 return -1;
337 }
338
339 return 0;
340 }
341 #endif /* CONFIG_IEEE80211R */
342
343
rsn_selector_to_bitfield(const u8 * s)344 static int rsn_selector_to_bitfield(const u8 *s)
345 {
346 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE)
347 return WPA_CIPHER_NONE;
348 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP40)
349 return WPA_CIPHER_WEP40;
350 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP)
351 return WPA_CIPHER_TKIP;
352 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP)
353 return WPA_CIPHER_CCMP;
354 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP104)
355 return WPA_CIPHER_WEP104;
356 #ifdef CONFIG_IEEE80211W
357 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC)
358 return WPA_CIPHER_AES_128_CMAC;
359 #endif /* CONFIG_IEEE80211W */
360 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP)
361 return WPA_CIPHER_GCMP;
362 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256)
363 return WPA_CIPHER_CCMP_256;
364 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256)
365 return WPA_CIPHER_GCMP_256;
366 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128)
367 return WPA_CIPHER_BIP_GMAC_128;
368 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256)
369 return WPA_CIPHER_BIP_GMAC_256;
370 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256)
371 return WPA_CIPHER_BIP_CMAC_256;
372 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
373 return WPA_CIPHER_GTK_NOT_USED;
374 return 0;
375 }
376
377
rsn_key_mgmt_to_bitfield(const u8 * s)378 static int rsn_key_mgmt_to_bitfield(const u8 *s)
379 {
380 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X)
381 return WPA_KEY_MGMT_IEEE8021X;
382 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X)
383 return WPA_KEY_MGMT_PSK;
384 #ifdef CONFIG_IEEE80211R
385 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X)
386 return WPA_KEY_MGMT_FT_IEEE8021X;
387 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK)
388 return WPA_KEY_MGMT_FT_PSK;
389 #endif /* CONFIG_IEEE80211R */
390 #ifdef CONFIG_IEEE80211W
391 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
392 return WPA_KEY_MGMT_IEEE8021X_SHA256;
393 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
394 return WPA_KEY_MGMT_PSK_SHA256;
395 #endif /* CONFIG_IEEE80211W */
396 #ifdef CONFIG_SAE
397 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE)
398 return WPA_KEY_MGMT_SAE;
399 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE)
400 return WPA_KEY_MGMT_FT_SAE;
401 #endif /* CONFIG_SAE */
402 return 0;
403 }
404
405
wpa_cipher_valid_group(int cipher)406 static int wpa_cipher_valid_group(int cipher)
407 {
408 return wpa_cipher_valid_pairwise(cipher) ||
409 cipher == WPA_CIPHER_WEP104 ||
410 cipher == WPA_CIPHER_WEP40 ||
411 cipher == WPA_CIPHER_GTK_NOT_USED;
412 }
413
414
415 #ifdef CONFIG_IEEE80211W
wpa_cipher_valid_mgmt_group(int cipher)416 int wpa_cipher_valid_mgmt_group(int cipher)
417 {
418 return cipher == WPA_CIPHER_AES_128_CMAC ||
419 cipher == WPA_CIPHER_BIP_GMAC_128 ||
420 cipher == WPA_CIPHER_BIP_GMAC_256 ||
421 cipher == WPA_CIPHER_BIP_CMAC_256;
422 }
423 #endif /* CONFIG_IEEE80211W */
424
425
426 /**
427 * wpa_parse_wpa_ie_rsn - Parse RSN IE
428 * @rsn_ie: Buffer containing RSN IE
429 * @rsn_ie_len: RSN IE buffer length (including IE number and length octets)
430 * @data: Pointer to structure that will be filled in with parsed data
431 * Returns: 0 on success, <0 on failure
432 */
wpa_parse_wpa_ie_rsn(const u8 * rsn_ie,size_t rsn_ie_len,struct wpa_ie_data * data)433 int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
434 struct wpa_ie_data *data)
435 {
436 const struct rsn_ie_hdr *hdr;
437 const u8 *pos;
438 int left;
439 int i, count;
440
441 os_memset(data, 0, sizeof(*data));
442 data->proto = WPA_PROTO_RSN;
443 data->pairwise_cipher = WPA_CIPHER_CCMP;
444 data->group_cipher = WPA_CIPHER_CCMP;
445 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
446 data->capabilities = 0;
447 data->pmkid = NULL;
448 data->num_pmkid = 0;
449 #ifdef CONFIG_IEEE80211W
450 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
451 #else /* CONFIG_IEEE80211W */
452 data->mgmt_group_cipher = 0;
453 #endif /* CONFIG_IEEE80211W */
454
455 if (rsn_ie_len == 0) {
456 /* No RSN IE - fail silently */
457 return -1;
458 }
459
460 if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
461 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
462 __func__, (unsigned long) rsn_ie_len);
463 return -1;
464 }
465
466 hdr = (const struct rsn_ie_hdr *) rsn_ie;
467
468 if (hdr->elem_id != WLAN_EID_RSN ||
469 hdr->len != rsn_ie_len - 2 ||
470 WPA_GET_LE16(hdr->version) != RSN_VERSION) {
471 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
472 __func__);
473 return -2;
474 }
475
476 pos = (const u8 *) (hdr + 1);
477 left = rsn_ie_len - sizeof(*hdr);
478
479 if (left >= RSN_SELECTOR_LEN) {
480 data->group_cipher = rsn_selector_to_bitfield(pos);
481 if (!wpa_cipher_valid_group(data->group_cipher)) {
482 wpa_printf(MSG_DEBUG, "%s: invalid group cipher 0x%x",
483 __func__, data->group_cipher);
484 return -1;
485 }
486 pos += RSN_SELECTOR_LEN;
487 left -= RSN_SELECTOR_LEN;
488 } else if (left > 0) {
489 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
490 __func__, left);
491 return -3;
492 }
493
494 if (left >= 2) {
495 data->pairwise_cipher = 0;
496 count = WPA_GET_LE16(pos);
497 pos += 2;
498 left -= 2;
499 if (count == 0 || left < count * RSN_SELECTOR_LEN) {
500 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
501 "count %u left %u", __func__, count, left);
502 return -4;
503 }
504 for (i = 0; i < count; i++) {
505 data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
506 pos += RSN_SELECTOR_LEN;
507 left -= RSN_SELECTOR_LEN;
508 }
509 #ifdef CONFIG_IEEE80211W
510 if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
511 wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
512 "pairwise cipher", __func__);
513 return -1;
514 }
515 #endif /* CONFIG_IEEE80211W */
516 } else if (left == 1) {
517 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
518 __func__);
519 return -5;
520 }
521
522 if (left >= 2) {
523 data->key_mgmt = 0;
524 count = WPA_GET_LE16(pos);
525 pos += 2;
526 left -= 2;
527 if (count == 0 || left < count * RSN_SELECTOR_LEN) {
528 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
529 "count %u left %u", __func__, count, left);
530 return -6;
531 }
532 for (i = 0; i < count; i++) {
533 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
534 pos += RSN_SELECTOR_LEN;
535 left -= RSN_SELECTOR_LEN;
536 }
537 } else if (left == 1) {
538 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
539 __func__);
540 return -7;
541 }
542
543 if (left >= 2) {
544 data->capabilities = WPA_GET_LE16(pos);
545 pos += 2;
546 left -= 2;
547 }
548
549 if (left >= 2) {
550 data->num_pmkid = WPA_GET_LE16(pos);
551 pos += 2;
552 left -= 2;
553 if (left < (int) data->num_pmkid * PMKID_LEN) {
554 wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
555 "(num_pmkid=%lu left=%d)",
556 __func__, (unsigned long) data->num_pmkid,
557 left);
558 data->num_pmkid = 0;
559 return -9;
560 } else {
561 data->pmkid = pos;
562 pos += data->num_pmkid * PMKID_LEN;
563 left -= data->num_pmkid * PMKID_LEN;
564 }
565 }
566
567 #ifdef CONFIG_IEEE80211W
568 if (left >= 4) {
569 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
570 if (!wpa_cipher_valid_mgmt_group(data->mgmt_group_cipher)) {
571 wpa_printf(MSG_DEBUG, "%s: Unsupported management "
572 "group cipher 0x%x", __func__,
573 data->mgmt_group_cipher);
574 return -10;
575 }
576 pos += RSN_SELECTOR_LEN;
577 left -= RSN_SELECTOR_LEN;
578 }
579 #endif /* CONFIG_IEEE80211W */
580
581 if (left > 0) {
582 wpa_hexdump(MSG_DEBUG,
583 "wpa_parse_wpa_ie_rsn: ignore trailing bytes",
584 pos, left);
585 }
586
587 return 0;
588 }
589
590
wpa_selector_to_bitfield(const u8 * s)591 static int wpa_selector_to_bitfield(const u8 *s)
592 {
593 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
594 return WPA_CIPHER_NONE;
595 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
596 return WPA_CIPHER_WEP40;
597 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
598 return WPA_CIPHER_TKIP;
599 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
600 return WPA_CIPHER_CCMP;
601 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
602 return WPA_CIPHER_WEP104;
603 return 0;
604 }
605
606
wpa_key_mgmt_to_bitfield(const u8 * s)607 static int wpa_key_mgmt_to_bitfield(const u8 *s)
608 {
609 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
610 return WPA_KEY_MGMT_IEEE8021X;
611 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
612 return WPA_KEY_MGMT_PSK;
613 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
614 return WPA_KEY_MGMT_WPA_NONE;
615 return 0;
616 }
617
618
wpa_parse_wpa_ie_wpa(const u8 * wpa_ie,size_t wpa_ie_len,struct wpa_ie_data * data)619 int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
620 struct wpa_ie_data *data)
621 {
622 const struct wpa_ie_hdr *hdr;
623 const u8 *pos;
624 int left;
625 int i, count;
626
627 os_memset(data, 0, sizeof(*data));
628 data->proto = WPA_PROTO_WPA;
629 data->pairwise_cipher = WPA_CIPHER_TKIP;
630 data->group_cipher = WPA_CIPHER_TKIP;
631 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
632 data->capabilities = 0;
633 data->pmkid = NULL;
634 data->num_pmkid = 0;
635 data->mgmt_group_cipher = 0;
636
637 if (wpa_ie_len == 0) {
638 /* No WPA IE - fail silently */
639 return -1;
640 }
641
642 if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
643 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
644 __func__, (unsigned long) wpa_ie_len);
645 return -1;
646 }
647
648 hdr = (const struct wpa_ie_hdr *) wpa_ie;
649
650 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
651 hdr->len != wpa_ie_len - 2 ||
652 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
653 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
654 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
655 __func__);
656 return -2;
657 }
658
659 pos = (const u8 *) (hdr + 1);
660 left = wpa_ie_len - sizeof(*hdr);
661
662 if (left >= WPA_SELECTOR_LEN) {
663 data->group_cipher = wpa_selector_to_bitfield(pos);
664 pos += WPA_SELECTOR_LEN;
665 left -= WPA_SELECTOR_LEN;
666 } else if (left > 0) {
667 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
668 __func__, left);
669 return -3;
670 }
671
672 if (left >= 2) {
673 data->pairwise_cipher = 0;
674 count = WPA_GET_LE16(pos);
675 pos += 2;
676 left -= 2;
677 if (count == 0 || left < count * WPA_SELECTOR_LEN) {
678 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
679 "count %u left %u", __func__, count, left);
680 return -4;
681 }
682 for (i = 0; i < count; i++) {
683 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
684 pos += WPA_SELECTOR_LEN;
685 left -= WPA_SELECTOR_LEN;
686 }
687 } else if (left == 1) {
688 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
689 __func__);
690 return -5;
691 }
692
693 if (left >= 2) {
694 data->key_mgmt = 0;
695 count = WPA_GET_LE16(pos);
696 pos += 2;
697 left -= 2;
698 if (count == 0 || left < count * WPA_SELECTOR_LEN) {
699 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
700 "count %u left %u", __func__, count, left);
701 return -6;
702 }
703 for (i = 0; i < count; i++) {
704 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
705 pos += WPA_SELECTOR_LEN;
706 left -= WPA_SELECTOR_LEN;
707 }
708 } else if (left == 1) {
709 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
710 __func__);
711 return -7;
712 }
713
714 if (left >= 2) {
715 data->capabilities = WPA_GET_LE16(pos);
716 pos += 2;
717 left -= 2;
718 }
719
720 if (left > 0) {
721 wpa_hexdump(MSG_DEBUG,
722 "wpa_parse_wpa_ie_wpa: ignore trailing bytes",
723 pos, left);
724 }
725
726 return 0;
727 }
728
729
730 #ifdef CONFIG_IEEE80211R
731
732 /**
733 * wpa_derive_pmk_r0 - Derive PMK-R0 and PMKR0Name
734 *
735 * IEEE Std 802.11r-2008 - 8.5.1.5.3
736 */
wpa_derive_pmk_r0(const u8 * xxkey,size_t xxkey_len,const u8 * ssid,size_t ssid_len,const u8 * mdid,const u8 * r0kh_id,size_t r0kh_id_len,const u8 * s0kh_id,u8 * pmk_r0,u8 * pmk_r0_name)737 void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
738 const u8 *ssid, size_t ssid_len,
739 const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len,
740 const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name)
741 {
742 u8 buf[1 + WPA_MAX_SSID_LEN + MOBILITY_DOMAIN_ID_LEN + 1 +
743 FT_R0KH_ID_MAX_LEN + ETH_ALEN];
744 u8 *pos, r0_key_data[48], hash[32];
745 const u8 *addr[2];
746 size_t len[2];
747
748 /*
749 * R0-Key-Data = KDF-384(XXKey, "FT-R0",
750 * SSIDlength || SSID || MDID || R0KHlength ||
751 * R0KH-ID || S0KH-ID)
752 * XXKey is either the second 256 bits of MSK or PSK.
753 * PMK-R0 = L(R0-Key-Data, 0, 256)
754 * PMK-R0Name-Salt = L(R0-Key-Data, 256, 128)
755 */
756 if (ssid_len > WPA_MAX_SSID_LEN || r0kh_id_len > FT_R0KH_ID_MAX_LEN)
757 return;
758 pos = buf;
759 *pos++ = ssid_len;
760 os_memcpy(pos, ssid, ssid_len);
761 pos += ssid_len;
762 os_memcpy(pos, mdid, MOBILITY_DOMAIN_ID_LEN);
763 pos += MOBILITY_DOMAIN_ID_LEN;
764 *pos++ = r0kh_id_len;
765 os_memcpy(pos, r0kh_id, r0kh_id_len);
766 pos += r0kh_id_len;
767 os_memcpy(pos, s0kh_id, ETH_ALEN);
768 pos += ETH_ALEN;
769
770 sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf,
771 r0_key_data, sizeof(r0_key_data));
772 os_memcpy(pmk_r0, r0_key_data, PMK_LEN);
773
774 /*
775 * PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt)
776 */
777 addr[0] = (const u8 *) "FT-R0N";
778 len[0] = 6;
779 addr[1] = r0_key_data + PMK_LEN;
780 len[1] = 16;
781
782 sha256_vector(2, addr, len, hash);
783 os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN);
784 }
785
786
787 /**
788 * wpa_derive_pmk_r1_name - Derive PMKR1Name
789 *
790 * IEEE Std 802.11r-2008 - 8.5.1.5.4
791 */
wpa_derive_pmk_r1_name(const u8 * pmk_r0_name,const u8 * r1kh_id,const u8 * s1kh_id,u8 * pmk_r1_name)792 void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
793 const u8 *s1kh_id, u8 *pmk_r1_name)
794 {
795 u8 hash[32];
796 const u8 *addr[4];
797 size_t len[4];
798
799 /*
800 * PMKR1Name = Truncate-128(SHA-256("FT-R1N" || PMKR0Name ||
801 * R1KH-ID || S1KH-ID))
802 */
803 addr[0] = (const u8 *) "FT-R1N";
804 len[0] = 6;
805 addr[1] = pmk_r0_name;
806 len[1] = WPA_PMK_NAME_LEN;
807 addr[2] = r1kh_id;
808 len[2] = FT_R1KH_ID_LEN;
809 addr[3] = s1kh_id;
810 len[3] = ETH_ALEN;
811
812 sha256_vector(4, addr, len, hash);
813 os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
814 }
815
816
817 /**
818 * wpa_derive_pmk_r1 - Derive PMK-R1 and PMKR1Name from PMK-R0
819 *
820 * IEEE Std 802.11r-2008 - 8.5.1.5.4
821 */
wpa_derive_pmk_r1(const u8 * pmk_r0,const u8 * pmk_r0_name,const u8 * r1kh_id,const u8 * s1kh_id,u8 * pmk_r1,u8 * pmk_r1_name)822 void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name,
823 const u8 *r1kh_id, const u8 *s1kh_id,
824 u8 *pmk_r1, u8 *pmk_r1_name)
825 {
826 u8 buf[FT_R1KH_ID_LEN + ETH_ALEN];
827 u8 *pos;
828
829 /* PMK-R1 = KDF-256(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID) */
830 pos = buf;
831 os_memcpy(pos, r1kh_id, FT_R1KH_ID_LEN);
832 pos += FT_R1KH_ID_LEN;
833 os_memcpy(pos, s1kh_id, ETH_ALEN);
834 pos += ETH_ALEN;
835
836 sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN);
837
838 wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name);
839 }
840
841
842 /**
843 * wpa_pmk_r1_to_ptk - Derive PTK and PTKName from PMK-R1
844 *
845 * IEEE Std 802.11r-2008 - 8.5.1.5.5
846 */
wpa_pmk_r1_to_ptk(const u8 * pmk_r1,const u8 * snonce,const u8 * anonce,const u8 * sta_addr,const u8 * bssid,const u8 * pmk_r1_name,u8 * ptk,size_t ptk_len,u8 * ptk_name)847 void wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce,
848 const u8 *sta_addr, const u8 *bssid,
849 const u8 *pmk_r1_name,
850 u8 *ptk, size_t ptk_len, u8 *ptk_name)
851 {
852 u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN];
853 u8 *pos, hash[32];
854 const u8 *addr[6];
855 size_t len[6];
856
857 /*
858 * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce ||
859 * BSSID || STA-ADDR)
860 */
861 pos = buf;
862 os_memcpy(pos, snonce, WPA_NONCE_LEN);
863 pos += WPA_NONCE_LEN;
864 os_memcpy(pos, anonce, WPA_NONCE_LEN);
865 pos += WPA_NONCE_LEN;
866 os_memcpy(pos, bssid, ETH_ALEN);
867 pos += ETH_ALEN;
868 os_memcpy(pos, sta_addr, ETH_ALEN);
869 pos += ETH_ALEN;
870
871 sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, ptk, ptk_len);
872
873 /*
874 * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce ||
875 * ANonce || BSSID || STA-ADDR))
876 */
877 addr[0] = pmk_r1_name;
878 len[0] = WPA_PMK_NAME_LEN;
879 addr[1] = (const u8 *) "FT-PTKN";
880 len[1] = 7;
881 addr[2] = snonce;
882 len[2] = WPA_NONCE_LEN;
883 addr[3] = anonce;
884 len[3] = WPA_NONCE_LEN;
885 addr[4] = bssid;
886 len[4] = ETH_ALEN;
887 addr[5] = sta_addr;
888 len[5] = ETH_ALEN;
889
890 sha256_vector(6, addr, len, hash);
891 os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN);
892 }
893
894 #endif /* CONFIG_IEEE80211R */
895
896
897 /**
898 * rsn_pmkid - Calculate PMK identifier
899 * @pmk: Pairwise master key
900 * @pmk_len: Length of pmk in bytes
901 * @aa: Authenticator address
902 * @spa: Supplicant address
903 * @pmkid: Buffer for PMKID
904 * @use_sha256: Whether to use SHA256-based KDF
905 *
906 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
907 * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
908 */
rsn_pmkid(const u8 * pmk,size_t pmk_len,const u8 * aa,const u8 * spa,u8 * pmkid,int use_sha256)909 void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
910 u8 *pmkid, int use_sha256)
911 {
912 char *title = "PMK Name";
913 const u8 *addr[3];
914 const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
915 unsigned char hash[SHA256_MAC_LEN];
916
917 addr[0] = (u8 *) title;
918 addr[1] = aa;
919 addr[2] = spa;
920
921 #ifdef CONFIG_IEEE80211W
922 if (use_sha256)
923 hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
924 else
925 #endif /* CONFIG_IEEE80211W */
926 hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
927 os_memcpy(pmkid, hash, PMKID_LEN);
928 }
929
930
931 /**
932 * wpa_cipher_txt - Convert cipher suite to a text string
933 * @cipher: Cipher suite (WPA_CIPHER_* enum)
934 * Returns: Pointer to a text string of the cipher suite name
935 */
wpa_cipher_txt(int cipher)936 const char * wpa_cipher_txt(int cipher)
937 {
938 switch (cipher) {
939 case WPA_CIPHER_NONE:
940 return "NONE";
941 case WPA_CIPHER_WEP40:
942 return "WEP-40";
943 case WPA_CIPHER_WEP104:
944 return "WEP-104";
945 case WPA_CIPHER_TKIP:
946 return "TKIP";
947 case WPA_CIPHER_CCMP:
948 return "CCMP";
949 case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP:
950 return "CCMP+TKIP";
951 case WPA_CIPHER_GCMP:
952 return "GCMP";
953 case WPA_CIPHER_GCMP_256:
954 return "GCMP-256";
955 case WPA_CIPHER_CCMP_256:
956 return "CCMP-256";
957 case WPA_CIPHER_GTK_NOT_USED:
958 return "GTK_NOT_USED";
959 default:
960 return "UNKNOWN";
961 }
962 }
963
964
965 /**
966 * wpa_key_mgmt_txt - Convert key management suite to a text string
967 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
968 * @proto: WPA/WPA2 version (WPA_PROTO_*)
969 * Returns: Pointer to a text string of the key management suite name
970 */
wpa_key_mgmt_txt(int key_mgmt,int proto)971 const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
972 {
973 switch (key_mgmt) {
974 case WPA_KEY_MGMT_IEEE8021X:
975 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
976 return "WPA2+WPA/IEEE 802.1X/EAP";
977 return proto == WPA_PROTO_RSN ?
978 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
979 case WPA_KEY_MGMT_PSK:
980 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
981 return "WPA2-PSK+WPA-PSK";
982 return proto == WPA_PROTO_RSN ?
983 "WPA2-PSK" : "WPA-PSK";
984 case WPA_KEY_MGMT_NONE:
985 return "NONE";
986 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
987 return "IEEE 802.1X (no WPA)";
988 #ifdef CONFIG_IEEE80211R
989 case WPA_KEY_MGMT_FT_IEEE8021X:
990 return "FT-EAP";
991 case WPA_KEY_MGMT_FT_PSK:
992 return "FT-PSK";
993 #endif /* CONFIG_IEEE80211R */
994 #ifdef CONFIG_IEEE80211W
995 case WPA_KEY_MGMT_IEEE8021X_SHA256:
996 return "WPA2-EAP-SHA256";
997 case WPA_KEY_MGMT_PSK_SHA256:
998 return "WPA2-PSK-SHA256";
999 #endif /* CONFIG_IEEE80211W */
1000 default:
1001 return "UNKNOWN";
1002 }
1003 }
1004
1005
wpa_akm_to_suite(int akm)1006 u32 wpa_akm_to_suite(int akm)
1007 {
1008 if (akm & WPA_KEY_MGMT_FT_IEEE8021X)
1009 return WLAN_AKM_SUITE_FT_8021X;
1010 if (akm & WPA_KEY_MGMT_FT_PSK)
1011 return WLAN_AKM_SUITE_FT_PSK;
1012 if (akm & WPA_KEY_MGMT_IEEE8021X)
1013 return WLAN_AKM_SUITE_8021X;
1014 if (akm & WPA_KEY_MGMT_IEEE8021X_SHA256)
1015 return WLAN_AKM_SUITE_8021X_SHA256;
1016 if (akm & WPA_KEY_MGMT_IEEE8021X)
1017 return WLAN_AKM_SUITE_8021X;
1018 if (akm & WPA_KEY_MGMT_PSK_SHA256)
1019 return WLAN_AKM_SUITE_PSK_SHA256;
1020 if (akm & WPA_KEY_MGMT_PSK)
1021 return WLAN_AKM_SUITE_PSK;
1022 if (akm & WPA_KEY_MGMT_CCKM)
1023 return WLAN_AKM_SUITE_CCKM;
1024 if (akm & WPA_KEY_MGMT_OSEN)
1025 return WLAN_AKM_SUITE_OSEN;
1026 return 0;
1027 }
1028
1029
wpa_compare_rsn_ie(int ft_initial_assoc,const u8 * ie1,size_t ie1len,const u8 * ie2,size_t ie2len)1030 int wpa_compare_rsn_ie(int ft_initial_assoc,
1031 const u8 *ie1, size_t ie1len,
1032 const u8 *ie2, size_t ie2len)
1033 {
1034 if (ie1 == NULL || ie2 == NULL)
1035 return -1;
1036
1037 if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
1038 return 0; /* identical IEs */
1039
1040 #ifdef CONFIG_IEEE80211R
1041 if (ft_initial_assoc) {
1042 struct wpa_ie_data ie1d, ie2d;
1043 /*
1044 * The PMKID-List in RSN IE is different between Beacon/Probe
1045 * Response/(Re)Association Request frames and EAPOL-Key
1046 * messages in FT initial mobility domain association. Allow
1047 * for this, but verify that other parts of the RSN IEs are
1048 * identical.
1049 */
1050 if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 ||
1051 wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0)
1052 return -1;
1053 if (ie1d.proto == ie2d.proto &&
1054 ie1d.pairwise_cipher == ie2d.pairwise_cipher &&
1055 ie1d.group_cipher == ie2d.group_cipher &&
1056 ie1d.key_mgmt == ie2d.key_mgmt &&
1057 ie1d.capabilities == ie2d.capabilities &&
1058 ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher)
1059 return 0;
1060 }
1061 #endif /* CONFIG_IEEE80211R */
1062
1063 return -1;
1064 }
1065
1066
1067 #ifdef CONFIG_IEEE80211R
wpa_insert_pmkid(u8 * ies,size_t ies_len,const u8 * pmkid)1068 int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid)
1069 {
1070 u8 *start, *end, *rpos, *rend;
1071 int added = 0;
1072
1073 start = ies;
1074 end = ies + ies_len;
1075
1076 while (start < end) {
1077 if (*start == WLAN_EID_RSN)
1078 break;
1079 start += 2 + start[1];
1080 }
1081 if (start >= end) {
1082 wpa_printf(MSG_ERROR, "FT: Could not find RSN IE in "
1083 "IEs data");
1084 return -1;
1085 }
1086 wpa_hexdump(MSG_DEBUG, "FT: RSN IE before modification",
1087 start, 2 + start[1]);
1088
1089 /* Find start of PMKID-Count */
1090 rpos = start + 2;
1091 rend = rpos + start[1];
1092
1093 /* Skip Version and Group Data Cipher Suite */
1094 rpos += 2 + 4;
1095 /* Skip Pairwise Cipher Suite Count and List */
1096 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
1097 /* Skip AKM Suite Count and List */
1098 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
1099
1100 if (rpos == rend) {
1101 /* Add RSN Capabilities */
1102 os_memmove(rpos + 2, rpos, end - rpos);
1103 *rpos++ = 0;
1104 *rpos++ = 0;
1105 } else {
1106 /* Skip RSN Capabilities */
1107 rpos += 2;
1108 if (rpos > rend) {
1109 wpa_printf(MSG_ERROR, "FT: Could not parse RSN IE in "
1110 "IEs data");
1111 return -1;
1112 }
1113 }
1114
1115 if (rpos == rend) {
1116 /* No PMKID-Count field included; add it */
1117 os_memmove(rpos + 2 + PMKID_LEN, rpos, end - rpos);
1118 WPA_PUT_LE16(rpos, 1);
1119 rpos += 2;
1120 os_memcpy(rpos, pmkid, PMKID_LEN);
1121 added += 2 + PMKID_LEN;
1122 start[1] += 2 + PMKID_LEN;
1123 } else {
1124 /* PMKID-Count was included; use it */
1125 if (WPA_GET_LE16(rpos) != 0) {
1126 wpa_printf(MSG_ERROR, "FT: Unexpected PMKID "
1127 "in RSN IE in EAPOL-Key data");
1128 return -1;
1129 }
1130 WPA_PUT_LE16(rpos, 1);
1131 rpos += 2;
1132 os_memmove(rpos + PMKID_LEN, rpos, end - rpos);
1133 os_memcpy(rpos, pmkid, PMKID_LEN);
1134 added += PMKID_LEN;
1135 start[1] += PMKID_LEN;
1136 }
1137
1138 wpa_hexdump(MSG_DEBUG, "FT: RSN IE after modification "
1139 "(PMKID inserted)", start, 2 + start[1]);
1140
1141 return added;
1142 }
1143 #endif /* CONFIG_IEEE80211R */
1144
1145
wpa_cipher_key_len(int cipher)1146 int wpa_cipher_key_len(int cipher)
1147 {
1148 switch (cipher) {
1149 case WPA_CIPHER_CCMP_256:
1150 case WPA_CIPHER_GCMP_256:
1151 case WPA_CIPHER_BIP_GMAC_256:
1152 case WPA_CIPHER_BIP_CMAC_256:
1153 return 32;
1154 case WPA_CIPHER_CCMP:
1155 case WPA_CIPHER_GCMP:
1156 case WPA_CIPHER_AES_128_CMAC:
1157 case WPA_CIPHER_BIP_GMAC_128:
1158 return 16;
1159 case WPA_CIPHER_TKIP:
1160 return 32;
1161 case WPA_CIPHER_WEP104:
1162 return 13;
1163 case WPA_CIPHER_WEP40:
1164 return 5;
1165 }
1166
1167 return 0;
1168 }
1169
1170
wpa_cipher_rsc_len(int cipher)1171 int wpa_cipher_rsc_len(int cipher)
1172 {
1173 switch (cipher) {
1174 case WPA_CIPHER_CCMP_256:
1175 case WPA_CIPHER_GCMP_256:
1176 case WPA_CIPHER_CCMP:
1177 case WPA_CIPHER_GCMP:
1178 case WPA_CIPHER_TKIP:
1179 return 6;
1180 case WPA_CIPHER_WEP104:
1181 case WPA_CIPHER_WEP40:
1182 return 0;
1183 }
1184
1185 return 0;
1186 }
1187
1188
wpa_cipher_to_alg(int cipher)1189 int wpa_cipher_to_alg(int cipher)
1190 {
1191 switch (cipher) {
1192 case WPA_CIPHER_CCMP_256:
1193 return WPA_ALG_CCMP_256;
1194 case WPA_CIPHER_GCMP_256:
1195 return WPA_ALG_GCMP_256;
1196 case WPA_CIPHER_CCMP:
1197 return WPA_ALG_CCMP;
1198 case WPA_CIPHER_GCMP:
1199 return WPA_ALG_GCMP;
1200 case WPA_CIPHER_TKIP:
1201 return WPA_ALG_TKIP;
1202 case WPA_CIPHER_WEP104:
1203 case WPA_CIPHER_WEP40:
1204 return WPA_ALG_WEP;
1205 case WPA_CIPHER_AES_128_CMAC:
1206 return WPA_ALG_IGTK;
1207 case WPA_CIPHER_BIP_GMAC_128:
1208 return WPA_ALG_BIP_GMAC_128;
1209 case WPA_CIPHER_BIP_GMAC_256:
1210 return WPA_ALG_BIP_GMAC_256;
1211 case WPA_CIPHER_BIP_CMAC_256:
1212 return WPA_ALG_BIP_CMAC_256;
1213 }
1214 return WPA_ALG_NONE;
1215 }
1216
1217
wpa_cipher_valid_pairwise(int cipher)1218 int wpa_cipher_valid_pairwise(int cipher)
1219 {
1220 return cipher == WPA_CIPHER_CCMP_256 ||
1221 cipher == WPA_CIPHER_GCMP_256 ||
1222 cipher == WPA_CIPHER_CCMP ||
1223 cipher == WPA_CIPHER_GCMP ||
1224 cipher == WPA_CIPHER_TKIP;
1225 }
1226
1227
wpa_cipher_to_suite(int proto,int cipher)1228 u32 wpa_cipher_to_suite(int proto, int cipher)
1229 {
1230 if (cipher & WPA_CIPHER_CCMP_256)
1231 return RSN_CIPHER_SUITE_CCMP_256;
1232 if (cipher & WPA_CIPHER_GCMP_256)
1233 return RSN_CIPHER_SUITE_GCMP_256;
1234 if (cipher & WPA_CIPHER_CCMP)
1235 return (proto == WPA_PROTO_RSN ?
1236 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
1237 if (cipher & WPA_CIPHER_GCMP)
1238 return RSN_CIPHER_SUITE_GCMP;
1239 if (cipher & WPA_CIPHER_TKIP)
1240 return (proto == WPA_PROTO_RSN ?
1241 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
1242 if (cipher & WPA_CIPHER_WEP104)
1243 return (proto == WPA_PROTO_RSN ?
1244 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
1245 if (cipher & WPA_CIPHER_WEP40)
1246 return (proto == WPA_PROTO_RSN ?
1247 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
1248 if (cipher & WPA_CIPHER_NONE)
1249 return (proto == WPA_PROTO_RSN ?
1250 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
1251 if (cipher & WPA_CIPHER_GTK_NOT_USED)
1252 return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
1253 if (cipher & WPA_CIPHER_AES_128_CMAC)
1254 return RSN_CIPHER_SUITE_AES_128_CMAC;
1255 if (cipher & WPA_CIPHER_BIP_GMAC_128)
1256 return RSN_CIPHER_SUITE_BIP_GMAC_128;
1257 if (cipher & WPA_CIPHER_BIP_GMAC_256)
1258 return RSN_CIPHER_SUITE_BIP_GMAC_256;
1259 if (cipher & WPA_CIPHER_BIP_CMAC_256)
1260 return RSN_CIPHER_SUITE_BIP_CMAC_256;
1261 return 0;
1262 }
1263
1264
rsn_cipher_put_suites(u8 * start,int ciphers)1265 int rsn_cipher_put_suites(u8 *start, int ciphers)
1266 {
1267 u8 *pos = start;
1268
1269 if (ciphers & WPA_CIPHER_CCMP_256) {
1270 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256);
1271 pos += RSN_SELECTOR_LEN;
1272 }
1273 if (ciphers & WPA_CIPHER_GCMP_256) {
1274 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256);
1275 pos += RSN_SELECTOR_LEN;
1276 }
1277 if (ciphers & WPA_CIPHER_CCMP) {
1278 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1279 pos += RSN_SELECTOR_LEN;
1280 }
1281 if (ciphers & WPA_CIPHER_GCMP) {
1282 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP);
1283 pos += RSN_SELECTOR_LEN;
1284 }
1285 if (ciphers & WPA_CIPHER_TKIP) {
1286 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
1287 pos += RSN_SELECTOR_LEN;
1288 }
1289 if (ciphers & WPA_CIPHER_NONE) {
1290 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
1291 pos += RSN_SELECTOR_LEN;
1292 }
1293
1294 return (pos - start) / RSN_SELECTOR_LEN;
1295 }
1296
1297
wpa_cipher_put_suites(u8 * start,int ciphers)1298 int wpa_cipher_put_suites(u8 *start, int ciphers)
1299 {
1300 u8 *pos = start;
1301
1302 if (ciphers & WPA_CIPHER_CCMP) {
1303 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
1304 pos += WPA_SELECTOR_LEN;
1305 }
1306 if (ciphers & WPA_CIPHER_TKIP) {
1307 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
1308 pos += WPA_SELECTOR_LEN;
1309 }
1310 if (ciphers & WPA_CIPHER_NONE) {
1311 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
1312 pos += WPA_SELECTOR_LEN;
1313 }
1314
1315 return (pos - start) / RSN_SELECTOR_LEN;
1316 }
1317
1318
wpa_pick_pairwise_cipher(int ciphers,int none_allowed)1319 int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
1320 {
1321 if (ciphers & WPA_CIPHER_CCMP_256)
1322 return WPA_CIPHER_CCMP_256;
1323 if (ciphers & WPA_CIPHER_GCMP_256)
1324 return WPA_CIPHER_GCMP_256;
1325 if (ciphers & WPA_CIPHER_CCMP)
1326 return WPA_CIPHER_CCMP;
1327 if (ciphers & WPA_CIPHER_GCMP)
1328 return WPA_CIPHER_GCMP;
1329 if (ciphers & WPA_CIPHER_TKIP)
1330 return WPA_CIPHER_TKIP;
1331 if (none_allowed && (ciphers & WPA_CIPHER_NONE))
1332 return WPA_CIPHER_NONE;
1333 return -1;
1334 }
1335
1336
wpa_pick_group_cipher(int ciphers)1337 int wpa_pick_group_cipher(int ciphers)
1338 {
1339 if (ciphers & WPA_CIPHER_CCMP_256)
1340 return WPA_CIPHER_CCMP_256;
1341 if (ciphers & WPA_CIPHER_GCMP_256)
1342 return WPA_CIPHER_GCMP_256;
1343 if (ciphers & WPA_CIPHER_CCMP)
1344 return WPA_CIPHER_CCMP;
1345 if (ciphers & WPA_CIPHER_GCMP)
1346 return WPA_CIPHER_GCMP;
1347 if (ciphers & WPA_CIPHER_GTK_NOT_USED)
1348 return WPA_CIPHER_GTK_NOT_USED;
1349 if (ciphers & WPA_CIPHER_TKIP)
1350 return WPA_CIPHER_TKIP;
1351 if (ciphers & WPA_CIPHER_WEP104)
1352 return WPA_CIPHER_WEP104;
1353 if (ciphers & WPA_CIPHER_WEP40)
1354 return WPA_CIPHER_WEP40;
1355 return -1;
1356 }
1357
1358
wpa_parse_cipher(const char * value)1359 int wpa_parse_cipher(const char *value)
1360 {
1361 int val = 0, last;
1362 char *start, *end, *buf;
1363
1364 buf = os_strdup(value);
1365 if (buf == NULL)
1366 return -1;
1367 start = buf;
1368
1369 while (*start != '\0') {
1370 while (*start == ' ' || *start == '\t')
1371 start++;
1372 if (*start == '\0')
1373 break;
1374 end = start;
1375 while (*end != ' ' && *end != '\t' && *end != '\0')
1376 end++;
1377 last = *end == '\0';
1378 *end = '\0';
1379 if (os_strcmp(start, "CCMP-256") == 0)
1380 val |= WPA_CIPHER_CCMP_256;
1381 else if (os_strcmp(start, "GCMP-256") == 0)
1382 val |= WPA_CIPHER_GCMP_256;
1383 else if (os_strcmp(start, "CCMP") == 0)
1384 val |= WPA_CIPHER_CCMP;
1385 else if (os_strcmp(start, "GCMP") == 0)
1386 val |= WPA_CIPHER_GCMP;
1387 else if (os_strcmp(start, "TKIP") == 0)
1388 val |= WPA_CIPHER_TKIP;
1389 else if (os_strcmp(start, "WEP104") == 0)
1390 val |= WPA_CIPHER_WEP104;
1391 else if (os_strcmp(start, "WEP40") == 0)
1392 val |= WPA_CIPHER_WEP40;
1393 else if (os_strcmp(start, "NONE") == 0)
1394 val |= WPA_CIPHER_NONE;
1395 else if (os_strcmp(start, "GTK_NOT_USED") == 0)
1396 val |= WPA_CIPHER_GTK_NOT_USED;
1397 else {
1398 os_free(buf);
1399 return -1;
1400 }
1401
1402 if (last)
1403 break;
1404 start = end + 1;
1405 }
1406 os_free(buf);
1407
1408 return val;
1409 }
1410
1411
wpa_write_ciphers(char * start,char * end,int ciphers,const char * delim)1412 int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
1413 {
1414 char *pos = start;
1415 int ret;
1416
1417 if (ciphers & WPA_CIPHER_CCMP_256) {
1418 ret = os_snprintf(pos, end - pos, "%sCCMP-256",
1419 pos == start ? "" : delim);
1420 if (ret < 0 || ret >= end - pos)
1421 return -1;
1422 pos += ret;
1423 }
1424 if (ciphers & WPA_CIPHER_GCMP_256) {
1425 ret = os_snprintf(pos, end - pos, "%sGCMP-256",
1426 pos == start ? "" : delim);
1427 if (ret < 0 || ret >= end - pos)
1428 return -1;
1429 pos += ret;
1430 }
1431 if (ciphers & WPA_CIPHER_CCMP) {
1432 ret = os_snprintf(pos, end - pos, "%sCCMP",
1433 pos == start ? "" : delim);
1434 if (ret < 0 || ret >= end - pos)
1435 return -1;
1436 pos += ret;
1437 }
1438 if (ciphers & WPA_CIPHER_GCMP) {
1439 ret = os_snprintf(pos, end - pos, "%sGCMP",
1440 pos == start ? "" : delim);
1441 if (ret < 0 || ret >= end - pos)
1442 return -1;
1443 pos += ret;
1444 }
1445 if (ciphers & WPA_CIPHER_TKIP) {
1446 ret = os_snprintf(pos, end - pos, "%sTKIP",
1447 pos == start ? "" : delim);
1448 if (ret < 0 || ret >= end - pos)
1449 return -1;
1450 pos += ret;
1451 }
1452 if (ciphers & WPA_CIPHER_WEP104) {
1453 ret = os_snprintf(pos, end - pos, "%sWEP104",
1454 pos == start ? "" : delim);
1455 if (ret < 0 || ret >= end - pos)
1456 return -1;
1457 pos += ret;
1458 }
1459 if (ciphers & WPA_CIPHER_WEP40) {
1460 ret = os_snprintf(pos, end - pos, "%sWEP40",
1461 pos == start ? "" : delim);
1462 if (ret < 0 || ret >= end - pos)
1463 return -1;
1464 pos += ret;
1465 }
1466 if (ciphers & WPA_CIPHER_NONE) {
1467 ret = os_snprintf(pos, end - pos, "%sNONE",
1468 pos == start ? "" : delim);
1469 if (ret < 0 || ret >= end - pos)
1470 return -1;
1471 pos += ret;
1472 }
1473
1474 return pos - start;
1475 }
1476
1477
wpa_select_ap_group_cipher(int wpa,int wpa_pairwise,int rsn_pairwise)1478 int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
1479 {
1480 int pairwise = 0;
1481
1482 /* Select group cipher based on the enabled pairwise cipher suites */
1483 if (wpa & 1)
1484 pairwise |= wpa_pairwise;
1485 if (wpa & 2)
1486 pairwise |= rsn_pairwise;
1487
1488 if (pairwise & WPA_CIPHER_TKIP)
1489 return WPA_CIPHER_TKIP;
1490 if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
1491 return WPA_CIPHER_GCMP;
1492 if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP |
1493 WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256)
1494 return WPA_CIPHER_GCMP_256;
1495 if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP |
1496 WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256)
1497 return WPA_CIPHER_CCMP_256;
1498 return WPA_CIPHER_CCMP;
1499 }
1500
1501
wpa_check_wowlan_trigger(const char * start,const char * trigger,int capa_trigger,u8 * param_trigger)1502 static int wpa_check_wowlan_trigger(const char *start, const char *trigger,
1503 int capa_trigger, u8 *param_trigger)
1504 {
1505 if (os_strcmp(start, trigger) != 0)
1506 return 0;
1507 if (!capa_trigger)
1508 return 0;
1509
1510 *param_trigger = 1;
1511 return 1;
1512 }
1513
1514
wpa_get_wowlan_triggers(const char * wowlan_triggers,struct wpa_driver_capa * capa)1515 struct wowlan_triggers *wpa_get_wowlan_triggers(const char *wowlan_triggers,
1516 struct wpa_driver_capa *capa)
1517 {
1518 struct wowlan_triggers *triggers;
1519 char *start, *end, *buf;
1520 int last;
1521
1522 if (!wowlan_triggers)
1523 return NULL;
1524
1525 buf = os_strdup(wowlan_triggers);
1526 if (buf == NULL)
1527 return NULL;
1528
1529 triggers = os_zalloc(sizeof(*triggers));
1530 if (triggers == NULL)
1531 goto out;
1532
1533 #define CHECK_TRIGGER(trigger) \
1534 wpa_check_wowlan_trigger(start, #trigger, \
1535 capa->wowlan_triggers.trigger, \
1536 &triggers->trigger)
1537
1538 start = buf;
1539 while (*start != '\0') {
1540 while (isblank(*start))
1541 start++;
1542 if (*start == '\0')
1543 break;
1544 end = start;
1545 while (!isblank(*end) && *end != '\0')
1546 end++;
1547 last = *end == '\0';
1548 *end = '\0';
1549
1550 if (!CHECK_TRIGGER(any) &&
1551 !CHECK_TRIGGER(disconnect) &&
1552 !CHECK_TRIGGER(magic_pkt) &&
1553 !CHECK_TRIGGER(gtk_rekey_failure) &&
1554 !CHECK_TRIGGER(eap_identity_req) &&
1555 !CHECK_TRIGGER(four_way_handshake) &&
1556 !CHECK_TRIGGER(rfkill_release)) {
1557 wpa_printf(MSG_DEBUG,
1558 "Unknown/unsupported wowlan trigger '%s'",
1559 start);
1560 os_free(triggers);
1561 triggers = NULL;
1562 goto out;
1563 }
1564
1565 if (last)
1566 break;
1567 start = end + 1;
1568 }
1569 #undef CHECK_TRIGGER
1570
1571 out:
1572 os_free(buf);
1573 return triggers;
1574 }
1575