wpa_auth_ie.c

Go to the documentation of this file.
00001 
00016 #include "includes.h"
00017 
00018 #include "common.h"
00019 #include "config.h"
00020 #include "ieee802_11.h"
00021 #include "eapol_sm.h"
00022 #include "wpa.h"
00023 #include "pmksa_cache.h"
00024 #include "wpa_auth_ie.h"
00025 #include "wpa_auth_i.h"
00026 
00027 
00028 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
00029 {
00030         struct wpa_ie_hdr *hdr;
00031         int num_suites;
00032         u8 *pos, *count;
00033 
00034         hdr = (struct wpa_ie_hdr *) buf;
00035         hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
00036         RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
00037         WPA_PUT_LE16(hdr->version, WPA_VERSION);
00038         pos = (u8 *) (hdr + 1);
00039 
00040         if (conf->wpa_group == WPA_CIPHER_CCMP) {
00041                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
00042         } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
00043                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
00044         } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
00045                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
00046         } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
00047                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
00048         } else {
00049                 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
00050                            conf->wpa_group);
00051                 return -1;
00052         }
00053         pos += WPA_SELECTOR_LEN;
00054 
00055         num_suites = 0;
00056         count = pos;
00057         pos += 2;
00058 
00059         if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
00060                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
00061                 pos += WPA_SELECTOR_LEN;
00062                 num_suites++;
00063         }
00064         if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
00065                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
00066                 pos += WPA_SELECTOR_LEN;
00067                 num_suites++;
00068         }
00069         if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
00070                 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
00071                 pos += WPA_SELECTOR_LEN;
00072                 num_suites++;
00073         }
00074 
00075         if (num_suites == 0) {
00076                 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
00077                            conf->wpa_pairwise);
00078                 return -1;
00079         }
00080         WPA_PUT_LE16(count, num_suites);
00081 
00082         num_suites = 0;
00083         count = pos;
00084         pos += 2;
00085 
00086         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
00087                 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
00088                 pos += WPA_SELECTOR_LEN;
00089                 num_suites++;
00090         }
00091         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
00092                 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
00093                 pos += WPA_SELECTOR_LEN;
00094                 num_suites++;
00095         }
00096 
00097         if (num_suites == 0) {
00098                 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
00099                            conf->wpa_key_mgmt);
00100                 return -1;
00101         }
00102         WPA_PUT_LE16(count, num_suites);
00103 
00104         /* WPA Capabilities; use defaults, so no need to include it */
00105 
00106         hdr->len = (pos - buf) - 2;
00107 
00108         return pos - buf;
00109 }
00110 
00111 
00112 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
00113                      const u8 *pmkid)
00114 {
00115         struct rsn_ie_hdr *hdr;
00116         int num_suites;
00117         u8 *pos, *count;
00118         u16 capab;
00119 
00120         hdr = (struct rsn_ie_hdr *) buf;
00121         hdr->elem_id = WLAN_EID_RSN;
00122         WPA_PUT_LE16(hdr->version, RSN_VERSION);
00123         pos = (u8 *) (hdr + 1);
00124 
00125         if (conf->wpa_group == WPA_CIPHER_CCMP) {
00126                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00127         } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
00128                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00129         } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
00130                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
00131         } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
00132                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
00133         } else {
00134                 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
00135                            conf->wpa_group);
00136                 return -1;
00137         }
00138         pos += RSN_SELECTOR_LEN;
00139 
00140         num_suites = 0;
00141         count = pos;
00142         pos += 2;
00143 
00144         if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
00145                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
00146                 pos += RSN_SELECTOR_LEN;
00147                 num_suites++;
00148         }
00149         if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
00150                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
00151                 pos += RSN_SELECTOR_LEN;
00152                 num_suites++;
00153         }
00154         if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
00155                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
00156                 pos += RSN_SELECTOR_LEN;
00157                 num_suites++;
00158         }
00159 
00160         if (num_suites == 0) {
00161                 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
00162                            conf->rsn_pairwise);
00163                 return -1;
00164         }
00165         WPA_PUT_LE16(count, num_suites);
00166 
00167         num_suites = 0;
00168         count = pos;
00169         pos += 2;
00170 
00171         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
00172                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
00173                 pos += RSN_SELECTOR_LEN;
00174                 num_suites++;
00175         }
00176         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
00177                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
00178                 pos += RSN_SELECTOR_LEN;
00179                 num_suites++;
00180         }
00181 #ifdef CONFIG_IEEE80211R
00182         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
00183                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
00184                 pos += RSN_SELECTOR_LEN;
00185                 num_suites++;
00186         }
00187         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
00188                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
00189                 pos += RSN_SELECTOR_LEN;
00190                 num_suites++;
00191         }
00192 #endif /* CONFIG_IEEE80211R */
00193 #ifdef CONFIG_IEEE80211W
00194         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
00195                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
00196                 pos += RSN_SELECTOR_LEN;
00197                 num_suites++;
00198         }
00199         if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
00200                 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
00201                 pos += RSN_SELECTOR_LEN;
00202                 num_suites++;
00203         }
00204 #endif /* CONFIG_IEEE80211W */
00205 
00206         if (num_suites == 0) {
00207                 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
00208                            conf->wpa_key_mgmt);
00209                 return -1;
00210         }
00211         WPA_PUT_LE16(count, num_suites);
00212 
00213         /* RSN Capabilities */
00214         capab = 0;
00215         if (conf->rsn_preauth)
00216                 capab |= WPA_CAPABILITY_PREAUTH;
00217         if (conf->peerkey)
00218                 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
00219         if (conf->wmm_enabled) {
00220                 /* 4 PTKSA replay counters when using WMM */
00221                 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
00222         }
00223 #ifdef CONFIG_IEEE80211W
00224         if (conf->ieee80211w != WPA_NO_IEEE80211W) {
00225                 capab |= WPA_CAPABILITY_MFPC;
00226                 if (conf->ieee80211w == IEEE80211W_REQUIRED)
00227                         capab |= WPA_CAPABILITY_MFPR;
00228         }
00229 #endif /* CONFIG_IEEE80211W */
00230         WPA_PUT_LE16(pos, capab);
00231         pos += 2;
00232 
00233         if (pmkid) {
00234                 if (pos + 2 + PMKID_LEN > buf + len)
00235                         return -1;
00236                 /* PMKID Count */
00237                 WPA_PUT_LE16(pos, 1);
00238                 pos += 2;
00239                 os_memcpy(pos, pmkid, PMKID_LEN);
00240                 pos += PMKID_LEN;
00241         }
00242 
00243 #ifdef CONFIG_IEEE80211W
00244         if (conf->ieee80211w != WPA_NO_IEEE80211W) {
00245                 if (pos + 2 + 4 > buf + len)
00246                         return -1;
00247                 if (pmkid == NULL) {
00248                         /* PMKID Count */
00249                         WPA_PUT_LE16(pos, 0);
00250                         pos += 2;
00251                 }
00252 
00253                 /* Management Group Cipher Suite */
00254                 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
00255                 pos += RSN_SELECTOR_LEN;
00256         }
00257 #endif /* CONFIG_IEEE80211W */
00258 
00259         hdr->len = (pos - buf) - 2;
00260 
00261         return pos - buf;
00262 }
00263 
00264 
00265 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
00266 {
00267         u8 *pos, buf[128];
00268         int res;
00269 
00270         pos = buf;
00271 
00272         if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
00273                 res = wpa_write_rsn_ie(&wpa_auth->conf,
00274                                        pos, buf + sizeof(buf) - pos, NULL);
00275                 if (res < 0)
00276                         return res;
00277                 pos += res;
00278         }
00279 #ifdef CONFIG_IEEE80211R
00280         if (wpa_auth->conf.wpa_key_mgmt &
00281             (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) {
00282                 res = wpa_write_mdie(&wpa_auth->conf, pos,
00283                                      buf + sizeof(buf) - pos);
00284                 if (res < 0)
00285                         return res;
00286                 pos += res;
00287         }
00288 #endif /* CONFIG_IEEE80211R */
00289         if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
00290                 res = wpa_write_wpa_ie(&wpa_auth->conf,
00291                                        pos, buf + sizeof(buf) - pos);
00292                 if (res < 0)
00293                         return res;
00294                 pos += res;
00295         }
00296 
00297         os_free(wpa_auth->wpa_ie);
00298         wpa_auth->wpa_ie = os_malloc(pos - buf);
00299         if (wpa_auth->wpa_ie == NULL)
00300                 return -1;
00301         os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
00302         wpa_auth->wpa_ie_len = pos - buf;
00303 
00304         return 0;
00305 }
00306 
00307 
00308 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
00309                  const u8 *data2, size_t data2_len)
00310 {
00311         *pos++ = WLAN_EID_VENDOR_SPECIFIC;
00312         *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
00313         RSN_SELECTOR_PUT(pos, kde);
00314         pos += RSN_SELECTOR_LEN;
00315         os_memcpy(pos, data, data_len);
00316         pos += data_len;
00317         if (data2) {
00318                 os_memcpy(pos, data2, data2_len);
00319                 pos += data2_len;
00320         }
00321         return pos;
00322 }
00323 
00324 
00325 static int wpa_selector_to_bitfield(const u8 *s)
00326 {
00327         if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
00328                 return WPA_CIPHER_NONE;
00329         if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
00330                 return WPA_CIPHER_WEP40;
00331         if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
00332                 return WPA_CIPHER_TKIP;
00333         if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
00334                 return WPA_CIPHER_CCMP;
00335         if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
00336                 return WPA_CIPHER_WEP104;
00337         return 0;
00338 }
00339 
00340 
00341 static int wpa_key_mgmt_to_bitfield(const u8 *s)
00342 {
00343         if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
00344                 return WPA_KEY_MGMT_IEEE8021X;
00345         if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
00346                 return WPA_KEY_MGMT_PSK;
00347         if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
00348                 return WPA_KEY_MGMT_WPA_NONE;
00349         return 0;
00350 }
00351 
00352 
00353 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
00354                                 struct wpa_ie_data *data)
00355 {
00356         const struct wpa_ie_hdr *hdr;
00357         const u8 *pos;
00358         int left;
00359         int i, count;
00360 
00361         os_memset(data, 0, sizeof(*data));
00362         data->pairwise_cipher = WPA_CIPHER_TKIP;
00363         data->group_cipher = WPA_CIPHER_TKIP;
00364         data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
00365         data->mgmt_group_cipher = 0;
00366 
00367         if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
00368                 return -1;
00369 
00370         hdr = (const struct wpa_ie_hdr *) wpa_ie;
00371 
00372         if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
00373             hdr->len != wpa_ie_len - 2 ||
00374             RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
00375             WPA_GET_LE16(hdr->version) != WPA_VERSION) {
00376                 return -2;
00377         }
00378 
00379         pos = (const u8 *) (hdr + 1);
00380         left = wpa_ie_len - sizeof(*hdr);
00381 
00382         if (left >= WPA_SELECTOR_LEN) {
00383                 data->group_cipher = wpa_selector_to_bitfield(pos);
00384                 pos += WPA_SELECTOR_LEN;
00385                 left -= WPA_SELECTOR_LEN;
00386         } else if (left > 0)
00387                   return -3;
00388 
00389         if (left >= 2) {
00390                 data->pairwise_cipher = 0;
00391                 count = WPA_GET_LE16(pos);
00392                 pos += 2;
00393                 left -= 2;
00394                 if (count == 0 || left < count * WPA_SELECTOR_LEN)
00395                         return -4;
00396                 for (i = 0; i < count; i++) {
00397                         data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
00398                         pos += WPA_SELECTOR_LEN;
00399                         left -= WPA_SELECTOR_LEN;
00400                 }
00401         } else if (left == 1)
00402                 return -5;
00403 
00404         if (left >= 2) {
00405                 data->key_mgmt = 0;
00406                 count = WPA_GET_LE16(pos);
00407                 pos += 2;
00408                 left -= 2;
00409                 if (count == 0 || left < count * WPA_SELECTOR_LEN)
00410                         return -6;
00411                 for (i = 0; i < count; i++) {
00412                         data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
00413                         pos += WPA_SELECTOR_LEN;
00414                         left -= WPA_SELECTOR_LEN;
00415                 }
00416         } else if (left == 1)
00417                 return -7;
00418 
00419         if (left >= 2) {
00420                 data->capabilities = WPA_GET_LE16(pos);
00421                 pos += 2;
00422                 left -= 2;
00423         }
00424 
00425         if (left > 0) {
00426                 return -8;
00427         }
00428 
00429         return 0;
00430 }
00431 
00432 
00433 struct wpa_auth_okc_iter_data {
00434         struct rsn_pmksa_cache_entry *pmksa;
00435         const u8 *aa;
00436         const u8 *spa;
00437         const u8 *pmkid;
00438 };
00439 
00440 
00441 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
00442 {
00443         struct wpa_auth_okc_iter_data *data = ctx;
00444         data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
00445                                           data->pmkid);
00446         if (data->pmksa)
00447                 return 1;
00448         return 0;
00449 }
00450 
00451 
00452 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
00453                         struct wpa_state_machine *sm,
00454                         const u8 *wpa_ie, size_t wpa_ie_len,
00455                         const u8 *mdie, size_t mdie_len)
00456 {
00457         struct wpa_ie_data data;
00458         int ciphers, key_mgmt, res, version;
00459         u32 selector;
00460         size_t i;
00461         const u8 *pmkid = NULL;
00462 
00463         if (wpa_auth == NULL || sm == NULL)
00464                 return WPA_NOT_ENABLED;
00465 
00466         if (wpa_ie == NULL || wpa_ie_len < 1)
00467                 return WPA_INVALID_IE;
00468 
00469         if (wpa_ie[0] == WLAN_EID_RSN)
00470                 version = WPA_PROTO_RSN;
00471         else
00472                 version = WPA_PROTO_WPA;
00473 
00474         if (!(wpa_auth->conf.wpa & version)) {
00475                 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
00476                            version, MAC2STR(sm->addr));
00477                 return WPA_INVALID_PROTO;
00478         }
00479 
00480         if (version == WPA_PROTO_RSN) {
00481                 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
00482 
00483                 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
00484                 if (0) {
00485                 }
00486 #ifdef CONFIG_IEEE80211R
00487                 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
00488                         selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
00489                 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
00490                         selector = RSN_AUTH_KEY_MGMT_FT_PSK;
00491 #endif /* CONFIG_IEEE80211R */
00492 #ifdef CONFIG_IEEE80211W
00493                 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
00494                         selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
00495                 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
00496                         selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
00497 #endif /* CONFIG_IEEE80211W */
00498                 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00499                         selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
00500                 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
00501                         selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
00502                 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
00503 
00504                 selector = RSN_CIPHER_SUITE_CCMP;
00505                 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
00506                         selector = RSN_CIPHER_SUITE_CCMP;
00507                 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
00508                         selector = RSN_CIPHER_SUITE_TKIP;
00509                 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
00510                         selector = RSN_CIPHER_SUITE_WEP104;
00511                 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
00512                         selector = RSN_CIPHER_SUITE_WEP40;
00513                 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
00514                         selector = RSN_CIPHER_SUITE_NONE;
00515                 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
00516 
00517                 selector = RSN_CIPHER_SUITE_CCMP;
00518                 if (data.group_cipher & WPA_CIPHER_CCMP)
00519                         selector = RSN_CIPHER_SUITE_CCMP;
00520                 else if (data.group_cipher & WPA_CIPHER_TKIP)
00521                         selector = RSN_CIPHER_SUITE_TKIP;
00522                 else if (data.group_cipher & WPA_CIPHER_WEP104)
00523                         selector = RSN_CIPHER_SUITE_WEP104;
00524                 else if (data.group_cipher & WPA_CIPHER_WEP40)
00525                         selector = RSN_CIPHER_SUITE_WEP40;
00526                 else if (data.group_cipher & WPA_CIPHER_NONE)
00527                         selector = RSN_CIPHER_SUITE_NONE;
00528                 wpa_auth->dot11RSNAGroupCipherSelected = selector;
00529         } else {
00530                 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
00531 
00532                 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
00533                 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00534                         selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
00535                 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
00536                         selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
00537                 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
00538 
00539                 selector = WPA_CIPHER_SUITE_TKIP;
00540                 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
00541                         selector = WPA_CIPHER_SUITE_CCMP;
00542                 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
00543                         selector = WPA_CIPHER_SUITE_TKIP;
00544                 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
00545                         selector = WPA_CIPHER_SUITE_WEP104;
00546                 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
00547                         selector = WPA_CIPHER_SUITE_WEP40;
00548                 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
00549                         selector = WPA_CIPHER_SUITE_NONE;
00550                 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
00551 
00552                 selector = WPA_CIPHER_SUITE_TKIP;
00553                 if (data.group_cipher & WPA_CIPHER_CCMP)
00554                         selector = WPA_CIPHER_SUITE_CCMP;
00555                 else if (data.group_cipher & WPA_CIPHER_TKIP)
00556                         selector = WPA_CIPHER_SUITE_TKIP;
00557                 else if (data.group_cipher & WPA_CIPHER_WEP104)
00558                         selector = WPA_CIPHER_SUITE_WEP104;
00559                 else if (data.group_cipher & WPA_CIPHER_WEP40)
00560                         selector = WPA_CIPHER_SUITE_WEP40;
00561                 else if (data.group_cipher & WPA_CIPHER_NONE)
00562                         selector = WPA_CIPHER_SUITE_NONE;
00563                 wpa_auth->dot11RSNAGroupCipherSelected = selector;
00564         }
00565         if (res) {
00566                 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
00567                            MACSTR " (res=%d)", MAC2STR(sm->addr), res);
00568                 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
00569                 return WPA_INVALID_IE;
00570         }
00571 
00572         if (data.group_cipher != wpa_auth->conf.wpa_group) {
00573                 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
00574                            MACSTR, data.group_cipher, MAC2STR(sm->addr));
00575                 return WPA_INVALID_GROUP;
00576         }
00577 
00578         key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
00579         if (!key_mgmt) {
00580                 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
00581                            MACSTR, data.key_mgmt, MAC2STR(sm->addr));
00582                 return WPA_INVALID_AKMP;
00583         }
00584         if (0) {
00585         }
00586 #ifdef CONFIG_IEEE80211R
00587         else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
00588                 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
00589         else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
00590                 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
00591 #endif /* CONFIG_IEEE80211R */
00592 #ifdef CONFIG_IEEE80211W
00593         else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
00594                 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
00595         else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
00596                 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
00597 #endif /* CONFIG_IEEE80211W */
00598         else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
00599                 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
00600         else
00601                 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
00602 
00603         if (version == WPA_PROTO_RSN)
00604                 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
00605         else
00606                 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
00607         if (!ciphers) {
00608                 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
00609                            "from " MACSTR,
00610                            version == WPA_PROTO_RSN ? "RSN" : "WPA",
00611                            data.pairwise_cipher, MAC2STR(sm->addr));
00612                 return WPA_INVALID_PAIRWISE;
00613         }
00614 
00615 #ifdef CONFIG_IEEE80211W
00616         if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
00617                 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
00618                         wpa_printf(MSG_DEBUG, "Management frame protection "
00619                                    "required, but client did not enable it");
00620                         return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
00621                 }
00622 
00623                 if (ciphers & WPA_CIPHER_TKIP) {
00624                         wpa_printf(MSG_DEBUG, "Management frame protection "
00625                                    "cannot use TKIP");
00626                         return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
00627                 }
00628 
00629                 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
00630                         wpa_printf(MSG_DEBUG, "Unsupported management group "
00631                                    "cipher %d", data.mgmt_group_cipher);
00632                         return WPA_INVALID_MGMT_GROUP_CIPHER;
00633                 }
00634         }
00635 
00636         if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
00637             !(data.capabilities & WPA_CAPABILITY_MFPC))
00638                 sm->mgmt_frame_prot = 0;
00639         else
00640                 sm->mgmt_frame_prot = 1;
00641 #endif /* CONFIG_IEEE80211W */
00642 
00643 #ifdef CONFIG_IEEE80211R
00644         if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
00645                 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
00646                         wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
00647                                    "MDIE not included");
00648                         return WPA_INVALID_MDIE;
00649                 }
00650                 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
00651                               MOBILITY_DOMAIN_ID_LEN) != 0) {
00652                         wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
00653                                     "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
00654                         return WPA_INVALID_MDIE;
00655                 }
00656         }
00657 #endif /* CONFIG_IEEE80211R */
00658 
00659         if (ciphers & WPA_CIPHER_CCMP)
00660                 sm->pairwise = WPA_CIPHER_CCMP;
00661         else
00662                 sm->pairwise = WPA_CIPHER_TKIP;
00663 
00664         /* TODO: clear WPA/WPA2 state if STA changes from one to another */
00665         if (wpa_ie[0] == WLAN_EID_RSN)
00666                 sm->wpa = WPA_VERSION_WPA2;
00667         else
00668                 sm->wpa = WPA_VERSION_WPA;
00669 
00670         sm->pmksa = NULL;
00671         for (i = 0; i < data.num_pmkid; i++) {
00672                 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
00673                             &data.pmkid[i * PMKID_LEN], PMKID_LEN);
00674                 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
00675                                                  &data.pmkid[i * PMKID_LEN]);
00676                 if (sm->pmksa) {
00677                         pmkid = sm->pmksa->pmkid;
00678                         break;
00679                 }
00680         }
00681         for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
00682                      i < data.num_pmkid; i++) {
00683                 struct wpa_auth_okc_iter_data idata;
00684                 idata.pmksa = NULL;
00685                 idata.aa = wpa_auth->addr;
00686                 idata.spa = sm->addr;
00687                 idata.pmkid = &data.pmkid[i * PMKID_LEN];
00688                 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
00689                 if (idata.pmksa) {
00690                         wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00691                                          "OKC match for PMKID");
00692                         sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
00693                                                         idata.pmksa,
00694                                                         wpa_auth->addr,
00695                                                         idata.pmkid);
00696                         pmkid = idata.pmkid;
00697                         break;
00698                 }
00699         }
00700         if (sm->pmksa) {
00701                 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
00702                                  "PMKID found from PMKSA cache "
00703                                  "eap_type=%d vlan_id=%d",
00704                                  sm->pmksa->eap_type_authsrv,
00705                                  sm->pmksa->vlan_id);
00706                 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
00707         }
00708 
00709         if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
00710                 os_free(sm->wpa_ie);
00711                 sm->wpa_ie = os_malloc(wpa_ie_len);
00712                 if (sm->wpa_ie == NULL)
00713                         return WPA_ALLOC_FAIL;
00714         }
00715         os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
00716         sm->wpa_ie_len = wpa_ie_len;
00717 
00718         return WPA_IE_OK;
00719 }
00720 
00721 
00730 static int wpa_parse_generic(const u8 *pos, const u8 *end,
00731                              struct wpa_eapol_ie_parse *ie)
00732 {
00733         if (pos[1] == 0)
00734                 return 1;
00735 
00736         if (pos[1] >= 6 &&
00737             RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
00738             pos[2 + WPA_SELECTOR_LEN] == 1 &&
00739             pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
00740                 ie->wpa_ie = pos;
00741                 ie->wpa_ie_len = pos[1] + 2;
00742                 return 0;
00743         }
00744 
00745         if (pos + 1 + RSN_SELECTOR_LEN < end &&
00746             pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
00747             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
00748                 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
00749                 return 0;
00750         }
00751 
00752         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00753             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
00754                 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
00755                 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
00756                 return 0;
00757         }
00758 
00759         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00760             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
00761                 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
00762                 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
00763                 return 0;
00764         }
00765 
00766 #ifdef CONFIG_PEERKEY
00767         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00768             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
00769                 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
00770                 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
00771                 return 0;
00772         }
00773 
00774         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00775             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
00776                 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
00777                 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
00778                 return 0;
00779         }
00780 
00781         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00782             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
00783                 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
00784                 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
00785                 return 0;
00786         }
00787 
00788         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00789             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
00790                 ie->error = pos + 2 + RSN_SELECTOR_LEN;
00791                 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
00792                 return 0;
00793         }
00794 #endif /* CONFIG_PEERKEY */
00795 
00796 #ifdef CONFIG_IEEE80211W
00797         if (pos[1] > RSN_SELECTOR_LEN + 2 &&
00798             RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
00799                 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
00800                 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
00801                 return 0;
00802         }
00803 #endif /* CONFIG_IEEE80211W */
00804 
00805         return 0;
00806 }
00807 
00808 
00817 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
00818 {
00819         const u8 *pos, *end;
00820         int ret = 0;
00821 
00822         os_memset(ie, 0, sizeof(*ie));
00823         for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
00824                 if (pos[0] == 0xdd &&
00825                     ((pos == buf + len - 1) || pos[1] == 0)) {
00826                         /* Ignore padding */
00827                         break;
00828                 }
00829                 if (pos + 2 + pos[1] > end) {
00830                         wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
00831                                    "underflow (ie=%d len=%d pos=%d)",
00832                                    pos[0], pos[1], (int) (pos - buf));
00833                         wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
00834                                         buf, len);
00835                         ret = -1;
00836                         break;
00837                 }
00838                 if (*pos == WLAN_EID_RSN) {
00839                         ie->rsn_ie = pos;
00840                         ie->rsn_ie_len = pos[1] + 2;
00841 #ifdef CONFIG_IEEE80211R
00842                 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
00843                         ie->mdie = pos;
00844                         ie->mdie_len = pos[1] + 2;
00845 #endif /* CONFIG_IEEE80211R */
00846                 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
00847                         ret = wpa_parse_generic(pos, end, ie);
00848                         if (ret < 0)
00849                                 break;
00850                         if (ret > 0) {
00851                                 ret = 0;
00852                                 break;
00853                         }
00854                 } else {
00855                         wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
00856                                     "Key Data IE", pos, 2 + pos[1]);
00857                 }
00858         }
00859 
00860         return ret;
00861 }
00862 
00863 
00864 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
00865 {
00866         return sm ? sm->mgmt_frame_prot : 0;
00867 }
00868 
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines

Generated on Sat Nov 21 23:16:49 2009 for hostapd by  doxygen 1.6.1