1 /* 2 * hostapd - WPA/RSN IE and KDE definitions 3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "common/ieee802_11_defs.h" 13 #include "eapol_auth/eapol_auth_sm.h" 14 #include "ap_config.h" 15 #include "ieee802_11.h" 16 #include "wpa_auth.h" 17 #include "pmksa_cache_auth.h" 18 #include "wpa_auth_ie.h" 19 #include "wpa_auth_i.h" 20 21 22 #ifdef CONFIG_RSN_TESTING 23 int rsn_testing = 0; 24 #endif /* CONFIG_RSN_TESTING */ 25 26 27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) 28 { 29 struct wpa_ie_hdr *hdr; 30 int num_suites; 31 u8 *pos, *count; 32 u32 suite; 33 34 hdr = (struct wpa_ie_hdr *) buf; 35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC; 36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE); 37 WPA_PUT_LE16(hdr->version, WPA_VERSION); 38 pos = (u8 *) (hdr + 1); 39 40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group); 41 if (suite == 0) { 42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 43 conf->wpa_group); 44 return -1; 45 } 46 RSN_SELECTOR_PUT(pos, suite); 47 pos += WPA_SELECTOR_LEN; 48 49 count = pos; 50 pos += 2; 51 52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise); 53 if (num_suites == 0) { 54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 55 conf->wpa_pairwise); 56 return -1; 57 } 58 pos += num_suites * WPA_SELECTOR_LEN; 59 WPA_PUT_LE16(count, num_suites); 60 61 num_suites = 0; 62 count = pos; 63 pos += 2; 64 65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 67 pos += WPA_SELECTOR_LEN; 68 num_suites++; 69 } 70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 72 pos += WPA_SELECTOR_LEN; 73 num_suites++; 74 } 75 76 if (num_suites == 0) { 77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 78 conf->wpa_key_mgmt); 79 return -1; 80 } 81 WPA_PUT_LE16(count, num_suites); 82 83 /* WPA Capabilities; use defaults, so no need to include it */ 84 85 hdr->len = (pos - buf) - 2; 86 87 return pos - buf; 88 } 89 90 91 static u16 wpa_own_rsn_capab(struct wpa_auth_config *conf) 92 { 93 u16 capab = 0; 94 95 if (conf->rsn_preauth) 96 capab |= WPA_CAPABILITY_PREAUTH; 97 if (conf->wmm_enabled) { 98 /* 4 PTKSA replay counters when using WMM */ 99 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); 100 } 101 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 102 capab |= WPA_CAPABILITY_MFPC; 103 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 104 capab |= WPA_CAPABILITY_MFPR; 105 } 106 #ifdef CONFIG_OCV 107 if (conf->ocv) 108 capab |= WPA_CAPABILITY_OCVC; 109 #endif /* CONFIG_OCV */ 110 #ifdef CONFIG_RSN_TESTING 111 if (rsn_testing) 112 capab |= BIT(8) | BIT(15); 113 #endif /* CONFIG_RSN_TESTING */ 114 if (conf->extended_key_id) 115 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST; 116 117 return capab; 118 } 119 120 121 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, 122 const u8 *pmkid) 123 { 124 struct rsn_ie_hdr *hdr; 125 int num_suites, res; 126 u8 *pos, *count; 127 u32 suite; 128 129 hdr = (struct rsn_ie_hdr *) buf; 130 hdr->elem_id = WLAN_EID_RSN; 131 WPA_PUT_LE16(hdr->version, RSN_VERSION); 132 pos = (u8 *) (hdr + 1); 133 134 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group); 135 if (suite == 0) { 136 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 137 conf->wpa_group); 138 return -1; 139 } 140 RSN_SELECTOR_PUT(pos, suite); 141 pos += RSN_SELECTOR_LEN; 142 143 num_suites = 0; 144 count = pos; 145 pos += 2; 146 147 #ifdef CONFIG_RSN_TESTING 148 if (rsn_testing) { 149 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 150 pos += RSN_SELECTOR_LEN; 151 num_suites++; 152 } 153 #endif /* CONFIG_RSN_TESTING */ 154 155 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise); 156 num_suites += res; 157 pos += res * RSN_SELECTOR_LEN; 158 159 #ifdef CONFIG_RSN_TESTING 160 if (rsn_testing) { 161 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 162 pos += RSN_SELECTOR_LEN; 163 num_suites++; 164 } 165 #endif /* CONFIG_RSN_TESTING */ 166 167 if (num_suites == 0) { 168 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 169 conf->rsn_pairwise); 170 return -1; 171 } 172 WPA_PUT_LE16(count, num_suites); 173 174 num_suites = 0; 175 count = pos; 176 pos += 2; 177 178 #ifdef CONFIG_RSN_TESTING 179 if (rsn_testing) { 180 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 181 pos += RSN_SELECTOR_LEN; 182 num_suites++; 183 } 184 #endif /* CONFIG_RSN_TESTING */ 185 186 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 187 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X); 188 pos += RSN_SELECTOR_LEN; 189 num_suites++; 190 } 191 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 192 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X); 193 pos += RSN_SELECTOR_LEN; 194 num_suites++; 195 } 196 #ifdef CONFIG_IEEE80211R_AP 197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { 198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X); 199 pos += RSN_SELECTOR_LEN; 200 num_suites++; 201 } 202 #ifdef CONFIG_SHA384 203 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) { 204 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384); 205 pos += RSN_SELECTOR_LEN; 206 num_suites++; 207 } 208 #endif /* CONFIG_SHA384 */ 209 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { 210 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK); 211 pos += RSN_SELECTOR_LEN; 212 num_suites++; 213 } 214 #endif /* CONFIG_IEEE80211R_AP */ 215 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { 216 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256); 217 pos += RSN_SELECTOR_LEN; 218 num_suites++; 219 } 220 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { 221 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256); 222 pos += RSN_SELECTOR_LEN; 223 num_suites++; 224 } 225 #ifdef CONFIG_SAE 226 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) { 227 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE); 228 pos += RSN_SELECTOR_LEN; 229 num_suites++; 230 } 231 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { 232 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE); 233 pos += RSN_SELECTOR_LEN; 234 num_suites++; 235 } 236 #endif /* CONFIG_SAE */ 237 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { 238 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B); 239 pos += RSN_SELECTOR_LEN; 240 num_suites++; 241 } 242 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { 243 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192); 244 pos += RSN_SELECTOR_LEN; 245 num_suites++; 246 } 247 #ifdef CONFIG_FILS 248 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) { 249 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256); 250 pos += RSN_SELECTOR_LEN; 251 num_suites++; 252 } 253 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) { 254 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384); 255 pos += RSN_SELECTOR_LEN; 256 num_suites++; 257 } 258 #ifdef CONFIG_IEEE80211R_AP 259 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) { 260 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256); 261 pos += RSN_SELECTOR_LEN; 262 num_suites++; 263 } 264 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) { 265 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384); 266 pos += RSN_SELECTOR_LEN; 267 num_suites++; 268 } 269 #endif /* CONFIG_IEEE80211R_AP */ 270 #endif /* CONFIG_FILS */ 271 #ifdef CONFIG_OWE 272 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) { 273 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE); 274 pos += RSN_SELECTOR_LEN; 275 num_suites++; 276 } 277 #endif /* CONFIG_OWE */ 278 #ifdef CONFIG_DPP 279 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) { 280 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP); 281 pos += RSN_SELECTOR_LEN; 282 num_suites++; 283 } 284 #endif /* CONFIG_DPP */ 285 #ifdef CONFIG_HS20 286 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) { 287 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN); 288 pos += RSN_SELECTOR_LEN; 289 num_suites++; 290 } 291 #endif /* CONFIG_HS20 */ 292 #ifdef CONFIG_PASN 293 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) { 294 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN); 295 pos += RSN_SELECTOR_LEN; 296 num_suites++; 297 } 298 #endif /* CONFIG_PASN */ 299 300 #ifdef CONFIG_RSN_TESTING 301 if (rsn_testing) { 302 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 303 pos += RSN_SELECTOR_LEN; 304 num_suites++; 305 } 306 #endif /* CONFIG_RSN_TESTING */ 307 308 if (num_suites == 0) { 309 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 310 conf->wpa_key_mgmt); 311 return -1; 312 } 313 WPA_PUT_LE16(count, num_suites); 314 315 /* RSN Capabilities */ 316 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf)); 317 pos += 2; 318 319 if (pmkid) { 320 if (2 + PMKID_LEN > buf + len - pos) 321 return -1; 322 /* PMKID Count */ 323 WPA_PUT_LE16(pos, 1); 324 pos += 2; 325 os_memcpy(pos, pmkid, PMKID_LEN); 326 pos += PMKID_LEN; 327 } 328 329 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION && 330 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) { 331 if (2 + 4 > buf + len - pos) 332 return -1; 333 if (pmkid == NULL) { 334 /* PMKID Count */ 335 WPA_PUT_LE16(pos, 0); 336 pos += 2; 337 } 338 339 /* Management Group Cipher Suite */ 340 switch (conf->group_mgmt_cipher) { 341 case WPA_CIPHER_AES_128_CMAC: 342 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 343 break; 344 case WPA_CIPHER_BIP_GMAC_128: 345 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128); 346 break; 347 case WPA_CIPHER_BIP_GMAC_256: 348 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256); 349 break; 350 case WPA_CIPHER_BIP_CMAC_256: 351 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256); 352 break; 353 default: 354 wpa_printf(MSG_DEBUG, 355 "Invalid group management cipher (0x%x)", 356 conf->group_mgmt_cipher); 357 return -1; 358 } 359 pos += RSN_SELECTOR_LEN; 360 } 361 362 #ifdef CONFIG_RSN_TESTING 363 if (rsn_testing) { 364 /* 365 * Fill in any defined fields and add extra data to the end of 366 * the element. 367 */ 368 int pmkid_count_set = pmkid != NULL; 369 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) 370 pmkid_count_set = 1; 371 /* PMKID Count */ 372 WPA_PUT_LE16(pos, 0); 373 pos += 2; 374 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) { 375 /* Management Group Cipher Suite */ 376 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 377 pos += RSN_SELECTOR_LEN; 378 } 379 380 os_memset(pos, 0x12, 17); 381 pos += 17; 382 } 383 #endif /* CONFIG_RSN_TESTING */ 384 385 hdr->len = (pos - buf) - 2; 386 387 return pos - buf; 388 } 389 390 391 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) 392 { 393 u8 *pos = buf; 394 u16 capab = 0; 395 size_t flen; 396 397 if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) && 398 (conf->sae_pwe == 1 || conf->sae_pwe == 2 || conf->sae_pk)) { 399 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); 400 #ifdef CONFIG_SAE_PK 401 if (conf->sae_pk) 402 capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK); 403 #endif /* CONFIG_SAE_PK */ 404 } 405 406 if (conf->secure_ltf) 407 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF); 408 if (conf->secure_rtt) 409 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); 410 if (conf->prot_range_neg) 411 capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); 412 413 flen = (capab & 0xff00) ? 2 : 1; 414 if (!capab) 415 return 0; /* no supported extended RSN capabilities */ 416 if (len < 2 + flen) 417 return -1; 418 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */ 419 420 *pos++ = WLAN_EID_RSNX; 421 *pos++ = flen; 422 *pos++ = capab & 0x00ff; 423 capab >>= 8; 424 if (capab) 425 *pos++ = capab; 426 427 return pos - buf; 428 } 429 430 431 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid) 432 { 433 u8 *len; 434 u16 capab; 435 436 *eid++ = WLAN_EID_VENDOR_SPECIFIC; 437 len = eid++; /* to be filled */ 438 WPA_PUT_BE24(eid, OUI_WFA); 439 eid += 3; 440 *eid++ = HS20_OSEN_OUI_TYPE; 441 442 /* Group Data Cipher Suite */ 443 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED); 444 eid += RSN_SELECTOR_LEN; 445 446 /* Pairwise Cipher Suite Count and List */ 447 WPA_PUT_LE16(eid, 1); 448 eid += 2; 449 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP); 450 eid += RSN_SELECTOR_LEN; 451 452 /* AKM Suite Count and List */ 453 WPA_PUT_LE16(eid, 1); 454 eid += 2; 455 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN); 456 eid += RSN_SELECTOR_LEN; 457 458 /* RSN Capabilities */ 459 capab = 0; 460 if (conf->wmm_enabled) { 461 /* 4 PTKSA replay counters when using WMM */ 462 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); 463 } 464 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 465 capab |= WPA_CAPABILITY_MFPC; 466 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 467 capab |= WPA_CAPABILITY_MFPR; 468 } 469 #ifdef CONFIG_OCV 470 if (conf->ocv) 471 capab |= WPA_CAPABILITY_OCVC; 472 #endif /* CONFIG_OCV */ 473 WPA_PUT_LE16(eid, capab); 474 eid += 2; 475 476 *len = eid - len - 1; 477 478 return eid; 479 } 480 481 482 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth) 483 { 484 u8 *pos, buf[128]; 485 int res; 486 487 #ifdef CONFIG_TESTING_OPTIONS 488 if (wpa_auth->conf.own_ie_override_len) { 489 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing", 490 wpa_auth->conf.own_ie_override, 491 wpa_auth->conf.own_ie_override_len); 492 os_free(wpa_auth->wpa_ie); 493 wpa_auth->wpa_ie = 494 os_malloc(wpa_auth->conf.own_ie_override_len); 495 if (wpa_auth->wpa_ie == NULL) 496 return -1; 497 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override, 498 wpa_auth->conf.own_ie_override_len); 499 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len; 500 return 0; 501 } 502 #endif /* CONFIG_TESTING_OPTIONS */ 503 504 pos = buf; 505 506 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) { 507 pos = wpa_write_osen(&wpa_auth->conf, pos); 508 } 509 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) { 510 res = wpa_write_rsn_ie(&wpa_auth->conf, 511 pos, buf + sizeof(buf) - pos, NULL); 512 if (res < 0) 513 return res; 514 pos += res; 515 res = wpa_write_rsnxe(&wpa_auth->conf, pos, 516 buf + sizeof(buf) - pos); 517 if (res < 0) 518 return res; 519 pos += res; 520 } 521 #ifdef CONFIG_IEEE80211R_AP 522 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) { 523 res = wpa_write_mdie(&wpa_auth->conf, pos, 524 buf + sizeof(buf) - pos); 525 if (res < 0) 526 return res; 527 pos += res; 528 } 529 #endif /* CONFIG_IEEE80211R_AP */ 530 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) { 531 res = wpa_write_wpa_ie(&wpa_auth->conf, 532 pos, buf + sizeof(buf) - pos); 533 if (res < 0) 534 return res; 535 pos += res; 536 } 537 538 os_free(wpa_auth->wpa_ie); 539 wpa_auth->wpa_ie = os_malloc(pos - buf); 540 if (wpa_auth->wpa_ie == NULL) 541 return -1; 542 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf); 543 wpa_auth->wpa_ie_len = pos - buf; 544 545 return 0; 546 } 547 548 549 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, 550 const u8 *data2, size_t data2_len) 551 { 552 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 553 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; 554 RSN_SELECTOR_PUT(pos, kde); 555 pos += RSN_SELECTOR_LEN; 556 os_memcpy(pos, data, data_len); 557 pos += data_len; 558 if (data2) { 559 os_memcpy(pos, data2, data2_len); 560 pos += data2_len; 561 } 562 return pos; 563 } 564 565 566 struct wpa_auth_okc_iter_data { 567 struct rsn_pmksa_cache_entry *pmksa; 568 const u8 *aa; 569 const u8 *spa; 570 const u8 *pmkid; 571 }; 572 573 574 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx) 575 { 576 struct wpa_auth_okc_iter_data *data = ctx; 577 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa, 578 data->pmkid); 579 if (data->pmksa) 580 return 1; 581 return 0; 582 } 583 584 585 enum wpa_validate_result 586 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 587 struct wpa_state_machine *sm, int freq, 588 const u8 *wpa_ie, size_t wpa_ie_len, 589 const u8 *rsnxe, size_t rsnxe_len, 590 const u8 *mdie, size_t mdie_len, 591 const u8 *owe_dh, size_t owe_dh_len) 592 { 593 struct wpa_auth_config *conf = &wpa_auth->conf; 594 struct wpa_ie_data data; 595 int ciphers, key_mgmt, res, version; 596 u32 selector; 597 size_t i; 598 const u8 *pmkid = NULL; 599 600 if (wpa_auth == NULL || sm == NULL) 601 return WPA_NOT_ENABLED; 602 603 if (wpa_ie == NULL || wpa_ie_len < 1) 604 return WPA_INVALID_IE; 605 606 if (wpa_ie[0] == WLAN_EID_RSN) 607 version = WPA_PROTO_RSN; 608 else 609 version = WPA_PROTO_WPA; 610 611 if (!(wpa_auth->conf.wpa & version)) { 612 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR, 613 version, MAC2STR(sm->addr)); 614 return WPA_INVALID_PROTO; 615 } 616 617 if (version == WPA_PROTO_RSN) { 618 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); 619 if (!data.has_pairwise) 620 data.pairwise_cipher = wpa_default_rsn_cipher(freq); 621 if (!data.has_group) 622 data.group_cipher = wpa_default_rsn_cipher(freq); 623 624 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie && 625 !wpa_key_mgmt_only_ft(data.key_mgmt)) { 626 /* Workaround for some HP and Epson printers that seem 627 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP 628 * advertised RSNE to Association Request frame. */ 629 wpa_printf(MSG_DEBUG, 630 "RSN: FT set in RSNE AKM but MDE is missing from " 631 MACSTR 632 " - ignore FT AKM(s) because there's also a non-FT AKM", 633 MAC2STR(sm->addr)); 634 data.key_mgmt &= ~WPA_KEY_MGMT_FT; 635 } 636 637 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 638 if (0) { 639 } 640 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 641 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 642 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) 643 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 644 #ifdef CONFIG_FILS 645 #ifdef CONFIG_IEEE80211R_AP 646 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 647 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 648 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 649 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 650 #endif /* CONFIG_IEEE80211R_AP */ 651 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384) 652 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384; 653 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256) 654 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256; 655 #endif /* CONFIG_FILS */ 656 #ifdef CONFIG_IEEE80211R_AP 657 #ifdef CONFIG_SHA384 658 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 659 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384; 660 #endif /* CONFIG_SHA384 */ 661 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 662 selector = RSN_AUTH_KEY_MGMT_FT_802_1X; 663 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) 664 selector = RSN_AUTH_KEY_MGMT_FT_PSK; 665 #endif /* CONFIG_IEEE80211R_AP */ 666 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 667 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256; 668 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 669 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256; 670 #ifdef CONFIG_SAE 671 else if (data.key_mgmt & WPA_KEY_MGMT_SAE) 672 selector = RSN_AUTH_KEY_MGMT_SAE; 673 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE) 674 selector = RSN_AUTH_KEY_MGMT_FT_SAE; 675 #endif /* CONFIG_SAE */ 676 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 677 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 678 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 679 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 680 #ifdef CONFIG_OWE 681 else if (data.key_mgmt & WPA_KEY_MGMT_OWE) 682 selector = RSN_AUTH_KEY_MGMT_OWE; 683 #endif /* CONFIG_OWE */ 684 #ifdef CONFIG_DPP 685 else if (data.key_mgmt & WPA_KEY_MGMT_DPP) 686 selector = RSN_AUTH_KEY_MGMT_DPP; 687 #endif /* CONFIG_DPP */ 688 #ifdef CONFIG_HS20 689 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN) 690 selector = RSN_AUTH_KEY_MGMT_OSEN; 691 #endif /* CONFIG_HS20 */ 692 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 693 694 selector = wpa_cipher_to_suite(WPA_PROTO_RSN, 695 data.pairwise_cipher); 696 if (!selector) 697 selector = RSN_CIPHER_SUITE_CCMP; 698 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 699 700 selector = wpa_cipher_to_suite(WPA_PROTO_RSN, 701 data.group_cipher); 702 if (!selector) 703 selector = RSN_CIPHER_SUITE_CCMP; 704 wpa_auth->dot11RSNAGroupCipherSelected = selector; 705 } else { 706 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data); 707 708 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 709 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 710 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 711 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 712 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 713 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 714 715 selector = wpa_cipher_to_suite(WPA_PROTO_WPA, 716 data.pairwise_cipher); 717 if (!selector) 718 selector = RSN_CIPHER_SUITE_TKIP; 719 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 720 721 selector = wpa_cipher_to_suite(WPA_PROTO_WPA, 722 data.group_cipher); 723 if (!selector) 724 selector = WPA_CIPHER_SUITE_TKIP; 725 wpa_auth->dot11RSNAGroupCipherSelected = selector; 726 } 727 if (res) { 728 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from " 729 MACSTR " (res=%d)", MAC2STR(sm->addr), res); 730 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len); 731 return WPA_INVALID_IE; 732 } 733 734 if (data.group_cipher != wpa_auth->conf.wpa_group) { 735 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from " 736 MACSTR, data.group_cipher, MAC2STR(sm->addr)); 737 return WPA_INVALID_GROUP; 738 } 739 740 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt; 741 if (!key_mgmt) { 742 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " 743 MACSTR, data.key_mgmt, MAC2STR(sm->addr)); 744 return WPA_INVALID_AKMP; 745 } 746 if (0) { 747 } 748 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 749 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; 750 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) 751 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B; 752 #ifdef CONFIG_FILS 753 #ifdef CONFIG_IEEE80211R_AP 754 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 755 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; 756 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 757 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; 758 #endif /* CONFIG_IEEE80211R_AP */ 759 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384) 760 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384; 761 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256) 762 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256; 763 #endif /* CONFIG_FILS */ 764 #ifdef CONFIG_IEEE80211R_AP 765 #ifdef CONFIG_SHA384 766 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 767 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384; 768 #endif /* CONFIG_SHA384 */ 769 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 770 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 771 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 772 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 773 #endif /* CONFIG_IEEE80211R_AP */ 774 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 775 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; 776 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 777 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256; 778 #ifdef CONFIG_SAE 779 else if (key_mgmt & WPA_KEY_MGMT_SAE) 780 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE; 781 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE) 782 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE; 783 #endif /* CONFIG_SAE */ 784 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) 785 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; 786 #ifdef CONFIG_OWE 787 else if (key_mgmt & WPA_KEY_MGMT_OWE) 788 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE; 789 #endif /* CONFIG_OWE */ 790 #ifdef CONFIG_DPP 791 else if (key_mgmt & WPA_KEY_MGMT_DPP) 792 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP; 793 #endif /* CONFIG_DPP */ 794 #ifdef CONFIG_HS20 795 else if (key_mgmt & WPA_KEY_MGMT_OSEN) 796 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; 797 #endif /* CONFIG_HS20 */ 798 else 799 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK; 800 801 if (version == WPA_PROTO_RSN) 802 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise; 803 else 804 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise; 805 if (!ciphers) { 806 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) " 807 "from " MACSTR, 808 version == WPA_PROTO_RSN ? "RSN" : "WPA", 809 data.pairwise_cipher, MAC2STR(sm->addr)); 810 return WPA_INVALID_PAIRWISE; 811 } 812 813 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) { 814 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) { 815 wpa_printf(MSG_DEBUG, "Management frame protection " 816 "required, but client did not enable it"); 817 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 818 } 819 820 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher) 821 { 822 wpa_printf(MSG_DEBUG, "Unsupported management group " 823 "cipher %d", data.mgmt_group_cipher); 824 return WPA_INVALID_MGMT_GROUP_CIPHER; 825 } 826 } 827 828 #ifdef CONFIG_SAE 829 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL && 830 wpa_auth->conf.sae_require_mfp && 831 wpa_key_mgmt_sae(sm->wpa_key_mgmt) && 832 !(data.capabilities & WPA_CAPABILITY_MFPC)) { 833 wpa_printf(MSG_DEBUG, 834 "Management frame protection required with SAE, but client did not enable it"); 835 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 836 } 837 #endif /* CONFIG_SAE */ 838 839 #ifdef CONFIG_OCV 840 if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC) && 841 !(data.capabilities & WPA_CAPABILITY_MFPC)) { 842 /* Some legacy MFP incapable STAs wrongly copy OCVC bit from 843 * AP RSN capabilities. To improve interoperability with such 844 * legacy STAs allow connection without enabling OCV when the 845 * workaround mode (ocv=2) is enabled. 846 */ 847 if (wpa_auth->conf.ocv == 2) { 848 wpa_printf(MSG_DEBUG, 849 "Allow connecting MFP incapable and OCV capable STA without enabling OCV"); 850 wpa_auth_set_ocv(sm, 0); 851 } else { 852 wpa_printf(MSG_DEBUG, 853 "Management frame protection required with OCV, but client did not enable it"); 854 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 855 } 856 } else { 857 wpa_auth_set_ocv(sm, (data.capabilities & WPA_CAPABILITY_OCVC) ? 858 wpa_auth->conf.ocv : 0); 859 } 860 #endif /* CONFIG_OCV */ 861 862 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION || 863 !(data.capabilities & WPA_CAPABILITY_MFPC)) 864 sm->mgmt_frame_prot = 0; 865 else 866 sm->mgmt_frame_prot = 1; 867 868 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) { 869 wpa_printf(MSG_DEBUG, 870 "Management frame protection cannot use TKIP"); 871 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 872 } 873 874 #ifdef CONFIG_IEEE80211R_AP 875 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 876 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) { 877 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but " 878 "MDIE not included"); 879 return WPA_INVALID_MDIE; 880 } 881 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain, 882 MOBILITY_DOMAIN_ID_LEN) != 0) { 883 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown " 884 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); 885 return WPA_INVALID_MDIE; 886 } 887 } else if (mdie != NULL) { 888 wpa_printf(MSG_DEBUG, 889 "RSN: Trying to use non-FT AKM suite, but MDIE included"); 890 return WPA_INVALID_AKMP; 891 } 892 #endif /* CONFIG_IEEE80211R_AP */ 893 894 #ifdef CONFIG_OWE 895 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) { 896 wpa_printf(MSG_DEBUG, 897 "OWE: No Diffie-Hellman Parameter element"); 898 return WPA_INVALID_AKMP; 899 } 900 #endif /* CONFIG_OWE */ 901 902 #ifdef CONFIG_DPP2 903 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && 904 ((conf->dpp_pfs == 1 && !owe_dh) || 905 (conf->dpp_pfs == 2 && owe_dh))) { 906 wpa_printf(MSG_DEBUG, "DPP: PFS %s", 907 conf->dpp_pfs == 1 ? "required" : "not allowed"); 908 return WPA_DENIED_OTHER_REASON; 909 } 910 #endif /* CONFIG_DPP2 */ 911 912 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0); 913 if (sm->pairwise < 0) 914 return WPA_INVALID_PAIRWISE; 915 916 /* TODO: clear WPA/WPA2 state if STA changes from one to another */ 917 if (wpa_ie[0] == WLAN_EID_RSN) 918 sm->wpa = WPA_VERSION_WPA2; 919 else 920 sm->wpa = WPA_VERSION_WPA; 921 922 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS) 923 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 || 924 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) && 925 (sm->auth_alg == WLAN_AUTH_FILS_SK || 926 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS || 927 sm->auth_alg == WLAN_AUTH_FILS_PK) && 928 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid || 929 os_memcmp_const(data.pmkid, sm->pmk_r1_name, 930 WPA_PMK_NAME_LEN) != 0)) { 931 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 932 "No PMKR1Name match for FILS+FT"); 933 return WPA_INVALID_PMKID; 934 } 935 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */ 936 937 sm->pmksa = NULL; 938 for (i = 0; i < data.num_pmkid; i++) { 939 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID", 940 &data.pmkid[i * PMKID_LEN], PMKID_LEN); 941 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr, 942 &data.pmkid[i * PMKID_LEN]); 943 if (sm->pmksa) { 944 pmkid = sm->pmksa->pmkid; 945 break; 946 } 947 } 948 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc && 949 i < data.num_pmkid; i++) { 950 struct wpa_auth_okc_iter_data idata; 951 idata.pmksa = NULL; 952 idata.aa = wpa_auth->addr; 953 idata.spa = sm->addr; 954 idata.pmkid = &data.pmkid[i * PMKID_LEN]; 955 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata); 956 if (idata.pmksa) { 957 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 958 "OKC match for PMKID"); 959 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa, 960 idata.pmksa, 961 wpa_auth->addr, 962 idata.pmkid); 963 pmkid = idata.pmkid; 964 break; 965 } 966 } 967 if (sm->pmksa && pmkid) { 968 struct vlan_description *vlan; 969 970 vlan = sm->pmksa->vlan_desc; 971 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 972 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s", 973 sm->pmksa->eap_type_authsrv, 974 vlan ? vlan->untagged : 0, 975 (vlan && vlan->tagged[0]) ? "+" : ""); 976 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN); 977 } 978 979 #ifdef CONFIG_SAE 980 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid && 981 !sm->pmksa) { 982 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 983 "No PMKSA cache entry found for SAE"); 984 return WPA_INVALID_PMKID; 985 } 986 #endif /* CONFIG_SAE */ 987 988 #ifdef CONFIG_DPP 989 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) { 990 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 991 "No PMKSA cache entry found for DPP"); 992 return WPA_INVALID_PMKID; 993 } 994 #endif /* CONFIG_DPP */ 995 996 if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 && 997 sm->pairwise != WPA_CIPHER_TKIP && 998 (data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) { 999 sm->use_ext_key_id = true; 1000 if (conf->extended_key_id == 2 && 1001 !wpa_key_mgmt_ft(sm->wpa_key_mgmt) && 1002 !wpa_key_mgmt_fils(sm->wpa_key_mgmt)) 1003 sm->keyidx_active = 1; 1004 else 1005 sm->keyidx_active = 0; 1006 wpa_printf(MSG_DEBUG, 1007 "RSN: Extended Key ID supported (start with %d)", 1008 sm->keyidx_active); 1009 } else { 1010 sm->use_ext_key_id = false; 1011 } 1012 1013 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) { 1014 os_free(sm->wpa_ie); 1015 sm->wpa_ie = os_malloc(wpa_ie_len); 1016 if (sm->wpa_ie == NULL) 1017 return WPA_ALLOC_FAIL; 1018 } 1019 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len); 1020 sm->wpa_ie_len = wpa_ie_len; 1021 1022 if (rsnxe && rsnxe_len) { 1023 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) { 1024 os_free(sm->rsnxe); 1025 sm->rsnxe = os_malloc(rsnxe_len); 1026 if (!sm->rsnxe) 1027 return WPA_ALLOC_FAIL; 1028 } 1029 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len); 1030 sm->rsnxe_len = rsnxe_len; 1031 } else { 1032 os_free(sm->rsnxe); 1033 sm->rsnxe = NULL; 1034 sm->rsnxe_len = 0; 1035 } 1036 1037 return WPA_IE_OK; 1038 } 1039 1040 1041 #ifdef CONFIG_HS20 1042 int wpa_validate_osen(struct wpa_authenticator *wpa_auth, 1043 struct wpa_state_machine *sm, 1044 const u8 *osen_ie, size_t osen_ie_len) 1045 { 1046 if (wpa_auth == NULL || sm == NULL) 1047 return -1; 1048 1049 /* TODO: parse OSEN element */ 1050 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; 1051 sm->mgmt_frame_prot = 1; 1052 sm->pairwise = WPA_CIPHER_CCMP; 1053 sm->wpa = WPA_VERSION_WPA2; 1054 1055 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) { 1056 os_free(sm->wpa_ie); 1057 sm->wpa_ie = os_malloc(osen_ie_len); 1058 if (sm->wpa_ie == NULL) 1059 return -1; 1060 } 1061 1062 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len); 1063 sm->wpa_ie_len = osen_ie_len; 1064 1065 return 0; 1066 } 1067 1068 #endif /* CONFIG_HS20 */ 1069 1070 1071 int wpa_auth_uses_mfp(struct wpa_state_machine *sm) 1072 { 1073 return sm ? sm->mgmt_frame_prot : 0; 1074 } 1075 1076 1077 #ifdef CONFIG_OCV 1078 1079 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv) 1080 { 1081 if (sm) 1082 sm->ocv_enabled = ocv; 1083 } 1084 1085 1086 int wpa_auth_uses_ocv(struct wpa_state_machine *sm) 1087 { 1088 return sm ? sm->ocv_enabled : 0; 1089 } 1090 1091 #endif /* CONFIG_OCV */ 1092 1093 1094 #ifdef CONFIG_OWE 1095 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm, 1096 u8 *pos, size_t max_len, 1097 const u8 *req_ies, size_t req_ies_len) 1098 { 1099 int res; 1100 struct wpa_auth_config *conf; 1101 1102 if (!sm) 1103 return pos; 1104 conf = &sm->wpa_auth->conf; 1105 1106 #ifdef CONFIG_TESTING_OPTIONS 1107 if (conf->own_ie_override_len) { 1108 if (max_len < conf->own_ie_override_len) 1109 return NULL; 1110 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing", 1111 conf->own_ie_override, conf->own_ie_override_len); 1112 os_memcpy(pos, conf->own_ie_override, 1113 conf->own_ie_override_len); 1114 return pos + conf->own_ie_override_len; 1115 } 1116 #endif /* CONFIG_TESTING_OPTIONS */ 1117 1118 res = wpa_write_rsn_ie(conf, pos, max_len, 1119 sm->pmksa ? sm->pmksa->pmkid : NULL); 1120 if (res < 0) 1121 return pos; 1122 return pos + res; 1123 } 1124 #endif /* CONFIG_OWE */ 1125 1126 1127 #ifdef CONFIG_FILS 1128 1129 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm, 1130 u8 *pos, size_t max_len, 1131 const u8 *req_ies, size_t req_ies_len) 1132 { 1133 int res; 1134 1135 if (!sm || 1136 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 | 1137 WPA_KEY_MGMT_FT_FILS_SHA384)) 1138 return pos; 1139 1140 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL); 1141 if (res < 0) 1142 return pos; 1143 return pos + res; 1144 } 1145 1146 1147 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth, 1148 u8 *fd_rsn_info) 1149 { 1150 struct wpa_auth_config *conf; 1151 u32 selectors = 0; 1152 u8 *pos = fd_rsn_info; 1153 int i, res; 1154 u32 cipher, suite, selector, mask; 1155 u8 tmp[10 * RSN_SELECTOR_LEN]; 1156 1157 if (!wpa_auth) 1158 return false; 1159 conf = &wpa_auth->conf; 1160 1161 if (!(conf->wpa & WPA_PROTO_RSN)) 1162 return false; 1163 1164 /* RSN Capability (B0..B15) */ 1165 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf)); 1166 pos += 2; 1167 1168 /* Group Data Cipher Suite Selector (B16..B21) */ 1169 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group); 1170 if (suite == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED) 1171 cipher = 63; /* No cipher suite selected */ 1172 else if ((suite >> 8) == 0x000fac && ((suite & 0xff) <= 13)) 1173 cipher = suite & 0xff; 1174 else 1175 cipher = 62; /* vendor specific */ 1176 selectors |= cipher; 1177 1178 /* Group Management Cipher Suite Selector (B22..B27) */ 1179 cipher = 63; /* Default to no cipher suite selected */ 1180 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 1181 switch (conf->group_mgmt_cipher) { 1182 case WPA_CIPHER_AES_128_CMAC: 1183 cipher = RSN_CIPHER_SUITE_AES_128_CMAC & 0xff; 1184 break; 1185 case WPA_CIPHER_BIP_GMAC_128: 1186 cipher = RSN_CIPHER_SUITE_BIP_GMAC_128 & 0xff; 1187 break; 1188 case WPA_CIPHER_BIP_GMAC_256: 1189 cipher = RSN_CIPHER_SUITE_BIP_GMAC_256 & 0xff; 1190 break; 1191 case WPA_CIPHER_BIP_CMAC_256: 1192 cipher = RSN_CIPHER_SUITE_BIP_CMAC_256 & 0xff; 1193 break; 1194 } 1195 } 1196 selectors |= cipher << 6; 1197 1198 /* Pairwise Cipher Suite Selector (B28..B33) */ 1199 cipher = 63; /* Default to no cipher suite selected */ 1200 res = rsn_cipher_put_suites(tmp, conf->rsn_pairwise); 1201 if (res == 1 && tmp[0] == 0x00 && tmp[1] == 0x0f && tmp[2] == 0xac && 1202 tmp[3] <= 13) 1203 cipher = tmp[3]; 1204 selectors |= cipher << 12; 1205 1206 /* AKM Suite Selector (B34..B39) */ 1207 selector = 0; /* default to AKM from RSNE in Beacon/Probe Response */ 1208 mask = WPA_KEY_MGMT_FILS_SHA256 | WPA_KEY_MGMT_FILS_SHA384 | 1209 WPA_KEY_MGMT_FT_FILS_SHA384; 1210 if ((conf->wpa_key_mgmt & mask) && (conf->wpa_key_mgmt & ~mask) == 0) { 1211 suite = conf->wpa_key_mgmt & mask; 1212 if (suite == WPA_KEY_MGMT_FILS_SHA256) 1213 selector = 1; /* 00-0f-ac:14 */ 1214 else if (suite == WPA_KEY_MGMT_FILS_SHA384) 1215 selector = 2; /* 00-0f-ac:15 */ 1216 else if (suite == (WPA_KEY_MGMT_FILS_SHA256 | 1217 WPA_KEY_MGMT_FILS_SHA384)) 1218 selector = 3; /* 00-0f-ac:14 or 00-0f-ac:15 */ 1219 else if (suite == WPA_KEY_MGMT_FT_FILS_SHA384) 1220 selector = 4; /* 00-0f-ac:17 */ 1221 } 1222 selectors |= selector << 18; 1223 1224 for (i = 0; i < 3; i++) { 1225 *pos++ = selectors & 0xff; 1226 selectors >>= 8; 1227 } 1228 1229 return true; 1230 } 1231 1232 #endif /* CONFIG_FILS */ 1233