1 /* 2 * wpa_supplicant - PASN processing 3 * 4 * Copyright (C) 2019 Intel Corporation 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "includes.h" 11 12 #include "common/ieee802_11_defs.h" 13 #include "common/ieee802_11_common.h" 14 #include "common/dragonfly.h" 15 #include "common/ptksa_cache.h" 16 #include "utils/eloop.h" 17 #include "drivers/driver.h" 18 #include "crypto/crypto.h" 19 #include "crypto/random.h" 20 #include "eap_common/eap_defs.h" 21 #include "rsn_supp/wpa.h" 22 #include "rsn_supp/pmksa_cache.h" 23 #include "wpa_supplicant_i.h" 24 #include "driver_i.h" 25 #include "bss.h" 26 #include "config.h" 27 28 static const int dot11RSNAConfigPMKLifetime = 43200; 29 30 struct wpa_pasn_auth_work { 31 u8 bssid[ETH_ALEN]; 32 int akmp; 33 int cipher; 34 u16 group; 35 int network_id; 36 struct wpabuf *comeback; 37 }; 38 39 40 static void wpas_pasn_free_auth_work(struct wpa_pasn_auth_work *awork) 41 { 42 wpabuf_free(awork->comeback); 43 awork->comeback = NULL; 44 os_free(awork); 45 } 46 47 48 static void wpas_pasn_auth_work_timeout(void *eloop_ctx, void *timeout_ctx) 49 { 50 struct wpa_supplicant *wpa_s = eloop_ctx; 51 52 wpa_printf(MSG_DEBUG, "PASN: Auth work timeout - stopping auth"); 53 54 wpas_pasn_auth_stop(wpa_s); 55 } 56 57 58 static void wpas_pasn_cancel_auth_work(struct wpa_supplicant *wpa_s) 59 { 60 wpa_printf(MSG_DEBUG, "PASN: Cancel pasn-start-auth work"); 61 62 /* Remove pending/started work */ 63 radio_remove_works(wpa_s, "pasn-start-auth", 0); 64 } 65 66 67 static void wpas_pasn_auth_status(struct wpa_supplicant *wpa_s, const u8 *bssid, 68 int akmp, int cipher, u8 status, 69 struct wpabuf *comeback, 70 u16 comeback_after) 71 { 72 if (comeback) { 73 size_t comeback_len = wpabuf_len(comeback); 74 size_t buflen = comeback_len * 2 + 1; 75 char *comeback_txt = os_malloc(buflen); 76 77 if (comeback_txt) { 78 wpa_snprintf_hex(comeback_txt, buflen, 79 wpabuf_head(comeback), comeback_len); 80 81 wpa_msg(wpa_s, MSG_INFO, PASN_AUTH_STATUS MACSTR 82 " akmp=%s, status=%u comeback_after=%u comeback=%s", 83 MAC2STR(bssid), 84 wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN), 85 status, comeback_after, comeback_txt); 86 87 os_free(comeback_txt); 88 return; 89 } 90 } 91 92 wpa_msg(wpa_s, MSG_INFO, 93 PASN_AUTH_STATUS MACSTR " akmp=%s, status=%u", 94 MAC2STR(bssid), wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN), 95 status); 96 } 97 98 99 #ifdef CONFIG_SAE 100 101 static struct wpabuf * wpas_pasn_wd_sae_commit(struct wpa_supplicant *wpa_s) 102 { 103 struct wpas_pasn *pasn = &wpa_s->pasn; 104 struct wpabuf *buf = NULL; 105 int ret; 106 107 ret = sae_set_group(&pasn->sae, pasn->group); 108 if (ret) { 109 wpa_printf(MSG_DEBUG, "PASN: Failed to set SAE group"); 110 return NULL; 111 } 112 113 ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt, 114 wpa_s->own_addr, pasn->bssid, 115 NULL, NULL); 116 if (ret) { 117 wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit"); 118 return NULL; 119 } 120 121 /* Need to add the entire Authentication frame body */ 122 buf = wpabuf_alloc(6 + SAE_COMMIT_MAX_LEN); 123 if (!buf) { 124 wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer"); 125 return NULL; 126 } 127 128 wpabuf_put_le16(buf, WLAN_AUTH_SAE); 129 wpabuf_put_le16(buf, 1); 130 wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT); 131 132 sae_write_commit(&pasn->sae, buf, NULL, 0); 133 pasn->sae.state = SAE_COMMITTED; 134 135 return buf; 136 } 137 138 139 static int wpas_pasn_wd_sae_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd) 140 { 141 struct wpas_pasn *pasn = &wpa_s->pasn; 142 const u8 *data; 143 size_t buf_len; 144 u16 len, res, alg, seq, status; 145 int groups[] = { pasn->group, 0 }; 146 int ret; 147 148 if (!wd) 149 return -1; 150 151 data = wpabuf_head_u8(wd); 152 buf_len = wpabuf_len(wd); 153 154 /* first handle the commit message */ 155 if (buf_len < 2) { 156 wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (commit)"); 157 return -1; 158 } 159 160 len = WPA_GET_LE16(data); 161 if (len < 6 || buf_len - 2 < len) { 162 wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for commit"); 163 return -1; 164 } 165 166 buf_len -= 2; 167 data += 2; 168 169 alg = WPA_GET_LE16(data); 170 seq = WPA_GET_LE16(data + 2); 171 status = WPA_GET_LE16(data + 4); 172 173 wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u", 174 alg, seq, status); 175 176 if (alg != WLAN_AUTH_SAE || seq != 1 || 177 status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) { 178 wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit"); 179 return -1; 180 } 181 182 res = sae_parse_commit(&pasn->sae, data + 6, len - 6, NULL, 0, groups, 183 1); 184 if (res != WLAN_STATUS_SUCCESS) { 185 wpa_printf(MSG_DEBUG, "PASN: SAE failed parsing commit"); 186 return -1; 187 } 188 189 /* Process the commit message and derive the PMK */ 190 ret = sae_process_commit(&pasn->sae); 191 if (ret) { 192 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); 193 return -1; 194 } 195 196 buf_len -= len; 197 data += len; 198 199 /* Handle the confirm message */ 200 if (buf_len < 2) { 201 wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (confirm)"); 202 return -1; 203 } 204 205 len = WPA_GET_LE16(data); 206 if (len < 6 || buf_len - 2 < len) { 207 wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for confirm"); 208 return -1; 209 } 210 211 buf_len -= 2; 212 data += 2; 213 214 alg = WPA_GET_LE16(data); 215 seq = WPA_GET_LE16(data + 2); 216 status = WPA_GET_LE16(data + 4); 217 218 wpa_printf(MSG_DEBUG, "PASN: SAE confirm: alg=%u, seq=%u, status=%u", 219 alg, seq, status); 220 221 if (alg != WLAN_AUTH_SAE || seq != 2 || status != WLAN_STATUS_SUCCESS) { 222 wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE confirm"); 223 return -1; 224 } 225 226 res = sae_check_confirm(&pasn->sae, data + 6, len - 6); 227 if (res != WLAN_STATUS_SUCCESS) { 228 wpa_printf(MSG_DEBUG, "PASN: SAE failed checking confirm"); 229 return -1; 230 } 231 232 wpa_printf(MSG_DEBUG, "PASN: SAE completed successfully"); 233 pasn->sae.state = SAE_ACCEPTED; 234 235 return 0; 236 } 237 238 239 static struct wpabuf * wpas_pasn_wd_sae_confirm(struct wpa_supplicant *wpa_s) 240 { 241 struct wpas_pasn *pasn = &wpa_s->pasn; 242 struct wpabuf *buf = NULL; 243 244 /* Need to add the entire authentication frame body */ 245 buf = wpabuf_alloc(6 + SAE_CONFIRM_MAX_LEN); 246 if (!buf) { 247 wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer"); 248 return NULL; 249 } 250 251 wpabuf_put_le16(buf, WLAN_AUTH_SAE); 252 wpabuf_put_le16(buf, 2); 253 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 254 255 sae_write_confirm(&pasn->sae, buf); 256 pasn->sae.state = SAE_CONFIRMED; 257 258 return buf; 259 } 260 261 262 static int wpas_pasn_sae_setup_pt(struct wpa_supplicant *wpa_s, 263 struct wpa_ssid *ssid, int group) 264 { 265 const char *password = ssid->sae_password; 266 int groups[2] = { group, 0 }; 267 268 if (!password) 269 password = ssid->passphrase; 270 271 if (!password) { 272 wpa_printf(MSG_DEBUG, "PASN: SAE without a password"); 273 return -1; 274 } 275 276 if (ssid->pt) 277 return 0; /* PT already derived */ 278 279 ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len, 280 (const u8 *) password, os_strlen(password), 281 ssid->sae_password_id); 282 283 return ssid->pt ? 0 : -1; 284 } 285 286 #endif /* CONFIG_SAE */ 287 288 289 #ifdef CONFIG_FILS 290 291 static struct wpabuf * wpas_pasn_fils_build_auth(struct wpa_supplicant *wpa_s) 292 { 293 struct wpas_pasn *pasn = &wpa_s->pasn; 294 struct wpabuf *buf = NULL; 295 struct wpabuf *erp_msg; 296 int ret; 297 298 erp_msg = eapol_sm_build_erp_reauth_start(wpa_s->eapol); 299 if (!erp_msg) { 300 wpa_printf(MSG_DEBUG, 301 "PASN: FILS: ERP EAP-Initiate/Re-auth unavailable"); 302 return NULL; 303 } 304 305 if (random_get_bytes(pasn->fils.nonce, FILS_NONCE_LEN) < 0 || 306 random_get_bytes(pasn->fils.session, FILS_SESSION_LEN) < 0) 307 goto fail; 308 309 wpa_hexdump(MSG_DEBUG, "PASN: FILS: Nonce", pasn->fils.nonce, 310 FILS_NONCE_LEN); 311 312 wpa_hexdump(MSG_DEBUG, "PASN: FILS: Session", pasn->fils.session, 313 FILS_SESSION_LEN); 314 315 buf = wpabuf_alloc(1500); 316 if (!buf) 317 goto fail; 318 319 /* Add the authentication algorithm */ 320 wpabuf_put_le16(buf, WLAN_AUTH_FILS_SK); 321 322 /* Authentication Transaction seq# */ 323 wpabuf_put_le16(buf, 1); 324 325 /* Status Code */ 326 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 327 328 /* Own RSNE */ 329 wpa_pasn_add_rsne(buf, NULL, pasn->akmp, pasn->cipher); 330 331 /* FILS Nonce */ 332 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); 333 wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN); 334 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE); 335 wpabuf_put_data(buf, pasn->fils.nonce, FILS_NONCE_LEN); 336 337 /* FILS Session */ 338 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); 339 wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN); 340 wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION); 341 wpabuf_put_data(buf, pasn->fils.session, FILS_SESSION_LEN); 342 343 /* Wrapped Data (ERP) */ 344 wpabuf_put_u8(buf, WLAN_EID_EXTENSION); 345 wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg)); 346 wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA); 347 wpabuf_put_buf(buf, erp_msg); 348 349 /* 350 * Calculate pending PMKID here so that we do not need to maintain a 351 * copy of the EAP-Initiate/Reauth message. 352 */ 353 ret = fils_pmkid_erp(pasn->akmp, wpabuf_head(erp_msg), 354 wpabuf_len(erp_msg), 355 pasn->fils.erp_pmkid); 356 if (ret) { 357 wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to get ERP PMKID"); 358 goto fail; 359 } 360 361 wpabuf_free(erp_msg); 362 erp_msg = NULL; 363 364 wpa_hexdump_buf(MSG_DEBUG, "PASN: FILS: Authentication frame", buf); 365 return buf; 366 fail: 367 wpabuf_free(erp_msg); 368 wpabuf_free(buf); 369 return NULL; 370 } 371 372 373 static void wpas_pasn_initiate_eapol(struct wpa_supplicant *wpa_s) 374 { 375 struct wpas_pasn *pasn = &wpa_s->pasn; 376 struct eapol_config eapol_conf; 377 struct wpa_ssid *ssid = pasn->ssid; 378 379 wpa_printf(MSG_DEBUG, "PASN: FILS: Initiating EAPOL"); 380 381 eapol_sm_notify_eap_success(wpa_s->eapol, false); 382 eapol_sm_notify_eap_fail(wpa_s->eapol, false); 383 eapol_sm_notify_portControl(wpa_s->eapol, Auto); 384 385 os_memset(&eapol_conf, 0, sizeof(eapol_conf)); 386 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; 387 eapol_conf.workaround = ssid->eap_workaround; 388 389 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); 390 } 391 392 393 static struct wpabuf * wpas_pasn_wd_fils_auth(struct wpa_supplicant *wpa_s) 394 { 395 struct wpas_pasn *pasn = &wpa_s->pasn; 396 struct wpa_bss *bss; 397 const u8 *indic; 398 u16 fils_info; 399 400 wpa_printf(MSG_DEBUG, "PASN: FILS: wrapped data - completed=%u", 401 pasn->fils.completed); 402 403 /* Nothing to add as we are done */ 404 if (pasn->fils.completed) 405 return NULL; 406 407 if (!pasn->ssid) { 408 wpa_printf(MSG_DEBUG, "PASN: FILS: No network block"); 409 return NULL; 410 } 411 412 bss = wpa_bss_get_bssid(wpa_s, pasn->bssid); 413 if (!bss) { 414 wpa_printf(MSG_DEBUG, "PASN: FILS: BSS not found"); 415 return NULL; 416 } 417 418 indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION); 419 if (!indic || indic[1] < 2) { 420 wpa_printf(MSG_DEBUG, "PASN: Missing FILS Indication IE"); 421 return NULL; 422 } 423 424 fils_info = WPA_GET_LE16(indic + 2); 425 if (!(fils_info & BIT(9))) { 426 wpa_printf(MSG_DEBUG, 427 "PASN: FILS auth without PFS not supported"); 428 return NULL; 429 } 430 431 wpas_pasn_initiate_eapol(wpa_s); 432 433 return wpas_pasn_fils_build_auth(wpa_s); 434 } 435 436 437 static int wpas_pasn_wd_fils_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd) 438 { 439 struct wpas_pasn *pasn = &wpa_s->pasn; 440 struct ieee802_11_elems elems; 441 struct wpa_ie_data rsne_data; 442 u8 rmsk[ERP_MAX_KEY_LEN]; 443 size_t rmsk_len; 444 u8 anonce[FILS_NONCE_LEN]; 445 const u8 *data; 446 size_t buf_len; 447 struct wpabuf *fils_wd = NULL; 448 u16 alg, seq, status; 449 int ret; 450 451 if (!wd) 452 return -1; 453 454 data = wpabuf_head(wd); 455 buf_len = wpabuf_len(wd); 456 457 wpa_hexdump(MSG_DEBUG, "PASN: FILS: Authentication frame len=%zu", 458 data, buf_len); 459 460 /* first handle the header */ 461 if (buf_len < 6) { 462 wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short"); 463 return -1; 464 } 465 466 alg = WPA_GET_LE16(data); 467 seq = WPA_GET_LE16(data + 2); 468 status = WPA_GET_LE16(data + 4); 469 470 wpa_printf(MSG_DEBUG, "PASN: FILS: commit: alg=%u, seq=%u, status=%u", 471 alg, seq, status); 472 473 if (alg != WLAN_AUTH_FILS_SK || seq != 2 || 474 status != WLAN_STATUS_SUCCESS) { 475 wpa_printf(MSG_DEBUG, 476 "PASN: FILS: Dropping peer authentication"); 477 return -1; 478 } 479 480 data += 6; 481 buf_len -= 6; 482 483 if (ieee802_11_parse_elems(data, buf_len, &elems, 1) == ParseFailed) { 484 wpa_printf(MSG_DEBUG, "PASN: FILS: Could not parse elements"); 485 return -1; 486 } 487 488 if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce || 489 !elems.wrapped_data) { 490 wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs"); 491 return -1; 492 } 493 494 ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2, 495 &rsne_data); 496 if (ret) { 497 wpa_printf(MSG_DEBUG, "PASN: FILS: Failed parsing RNSE"); 498 return -1; 499 } 500 501 ret = wpa_pasn_validate_rsne(&rsne_data); 502 if (ret) { 503 wpa_printf(MSG_DEBUG, "PASN: FILS: Failed validating RSNE"); 504 return -1; 505 } 506 507 if (rsne_data.num_pmkid) { 508 wpa_printf(MSG_DEBUG, 509 "PASN: FILS: Not expecting PMKID in RSNE"); 510 return -1; 511 } 512 513 wpa_hexdump(MSG_DEBUG, "PASN: FILS: ANonce", elems.fils_nonce, 514 FILS_NONCE_LEN); 515 os_memcpy(anonce, elems.fils_nonce, FILS_NONCE_LEN); 516 517 wpa_hexdump(MSG_DEBUG, "PASN: FILS: FILS Session", elems.fils_session, 518 FILS_SESSION_LEN); 519 520 if (os_memcmp(pasn->fils.session, elems.fils_session, 521 FILS_SESSION_LEN)) { 522 wpa_printf(MSG_DEBUG, "PASN: FILS: Session mismatch"); 523 return -1; 524 } 525 526 fils_wd = ieee802_11_defrag(&elems, WLAN_EID_EXTENSION, 527 WLAN_EID_EXT_WRAPPED_DATA); 528 529 if (!fils_wd) { 530 wpa_printf(MSG_DEBUG, 531 "PASN: FILS: Failed getting wrapped data"); 532 return -1; 533 } 534 535 eapol_sm_process_erp_finish(wpa_s->eapol, wpabuf_head(fils_wd), 536 wpabuf_len(fils_wd)); 537 538 wpabuf_free(fils_wd); 539 fils_wd = NULL; 540 541 if (eapol_sm_failed(wpa_s->eapol)) { 542 wpa_printf(MSG_DEBUG, "PASN: FILS: ERP finish failed"); 543 return -1; 544 } 545 546 rmsk_len = ERP_MAX_KEY_LEN; 547 ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len); 548 549 if (ret == PMK_LEN) { 550 rmsk_len = PMK_LEN; 551 ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len); 552 } 553 554 if (ret) { 555 wpa_printf(MSG_DEBUG, "PASN: FILS: Failed getting RMSK"); 556 return -1; 557 } 558 559 ret = fils_rmsk_to_pmk(pasn->akmp, rmsk, rmsk_len, 560 pasn->fils.nonce, anonce, NULL, 0, 561 pasn->pmk, &pasn->pmk_len); 562 563 forced_memzero(rmsk, sizeof(rmsk)); 564 565 if (ret) { 566 wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PMK"); 567 return -1; 568 } 569 570 wpa_hexdump(MSG_DEBUG, "PASN: FILS: PMKID", pasn->fils.erp_pmkid, 571 PMKID_LEN); 572 573 wpa_printf(MSG_DEBUG, "PASN: FILS: ERP processing succeeded"); 574 575 wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk, 576 pasn->pmk_len, pasn->fils.erp_pmkid, 577 pasn->bssid, pasn->akmp); 578 579 pasn->fils.completed = true; 580 return 0; 581 } 582 583 #endif /* CONFIG_FILS */ 584 585 586 static struct wpabuf * wpas_pasn_get_wrapped_data(struct wpa_supplicant *wpa_s) 587 { 588 struct wpas_pasn *pasn = &wpa_s->pasn; 589 590 if (pasn->using_pmksa) 591 return NULL; 592 593 switch (pasn->akmp) { 594 case WPA_KEY_MGMT_PASN: 595 /* no wrapped data */ 596 return NULL; 597 case WPA_KEY_MGMT_SAE: 598 #ifdef CONFIG_SAE 599 if (pasn->trans_seq == 0) 600 return wpas_pasn_wd_sae_commit(wpa_s); 601 if (pasn->trans_seq == 2) 602 return wpas_pasn_wd_sae_confirm(wpa_s); 603 #endif /* CONFIG_SAE */ 604 wpa_printf(MSG_ERROR, 605 "PASN: SAE: Cannot derive wrapped data"); 606 return NULL; 607 case WPA_KEY_MGMT_FILS_SHA256: 608 case WPA_KEY_MGMT_FILS_SHA384: 609 #ifdef CONFIG_FILS 610 return wpas_pasn_wd_fils_auth(wpa_s); 611 #endif /* CONFIG_FILS */ 612 case WPA_KEY_MGMT_FT_PSK: 613 case WPA_KEY_MGMT_FT_IEEE8021X: 614 case WPA_KEY_MGMT_FT_IEEE8021X_SHA384: 615 /* 616 * Wrapped data with these AKMs is optional and is only needed 617 * for further validation of FT security parameters. For now do 618 * not use them. 619 */ 620 return NULL; 621 default: 622 wpa_printf(MSG_ERROR, 623 "PASN: TODO: Wrapped data for akmp=0x%x", 624 pasn->akmp); 625 return NULL; 626 } 627 } 628 629 630 static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn) 631 { 632 if (pasn->using_pmksa) 633 return WPA_PASN_WRAPPED_DATA_NO; 634 635 /* Note: Valid AKMP is expected to already be validated */ 636 switch (pasn->akmp) { 637 case WPA_KEY_MGMT_SAE: 638 return WPA_PASN_WRAPPED_DATA_SAE; 639 case WPA_KEY_MGMT_FILS_SHA256: 640 case WPA_KEY_MGMT_FILS_SHA384: 641 return WPA_PASN_WRAPPED_DATA_FILS_SK; 642 case WPA_KEY_MGMT_FT_PSK: 643 case WPA_KEY_MGMT_FT_IEEE8021X: 644 case WPA_KEY_MGMT_FT_IEEE8021X_SHA384: 645 /* 646 * Wrapped data with these AKMs is optional and is only needed 647 * for further validation of FT security parameters. For now do 648 * not use them. 649 */ 650 return WPA_PASN_WRAPPED_DATA_NO; 651 case WPA_KEY_MGMT_PASN: 652 default: 653 return WPA_PASN_WRAPPED_DATA_NO; 654 } 655 } 656 657 658 static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s, 659 const struct wpabuf *comeback) 660 { 661 struct wpas_pasn *pasn = &wpa_s->pasn; 662 struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL; 663 const u8 *pmkid; 664 u8 wrapped_data; 665 int ret; 666 u16 capab; 667 668 wpa_printf(MSG_DEBUG, "PASN: Building frame 1"); 669 670 if (pasn->trans_seq) 671 return NULL; 672 673 buf = wpabuf_alloc(1500); 674 if (!buf) 675 goto fail; 676 677 /* Get public key */ 678 pubkey = crypto_ecdh_get_pubkey(pasn->ecdh, 0); 679 pubkey = wpabuf_zeropad(pubkey, crypto_ecdh_prime_len(pasn->ecdh)); 680 if (!pubkey) { 681 wpa_printf(MSG_DEBUG, "PASN: Failed to get pubkey"); 682 goto fail; 683 } 684 685 wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); 686 687 wpa_pasn_build_auth_header(buf, pasn->bssid, 688 wpa_s->own_addr, pasn->bssid, 689 pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); 690 691 pmkid = NULL; 692 if (wpa_key_mgmt_ft(pasn->akmp)) { 693 ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp, 694 pasn->bssid, 695 pasn->pmk_r1, 696 &pasn->pmk_r1_len, 697 pasn->pmk_r1_name); 698 if (ret) { 699 wpa_printf(MSG_DEBUG, 700 "PASN: FT: Failed to derive keys"); 701 goto fail; 702 } 703 704 pmkid = pasn->pmk_r1_name; 705 } else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) { 706 struct rsn_pmksa_cache_entry *pmksa; 707 708 pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid, 709 NULL, NULL, pasn->akmp); 710 if (pmksa) 711 pmkid = pmksa->pmkid; 712 713 /* 714 * Note: Even when PMKSA is available, also add wrapped data as 715 * it is possible that the PMKID is no longer valid at the AP. 716 */ 717 wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s); 718 } 719 720 if (wpa_pasn_add_rsne(buf, pmkid, pasn->akmp, pasn->cipher) < 0) 721 goto fail; 722 723 if (!wrapped_data_buf) 724 wrapped_data = WPA_PASN_WRAPPED_DATA_NO; 725 726 wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data, 727 pubkey, true, comeback, -1); 728 729 if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0) 730 goto fail; 731 732 /* Add own RNSXE */ 733 capab = 0; 734 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); 735 if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF) 736 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF); 737 if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT) 738 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); 739 if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG) 740 capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); 741 wpa_pasn_add_rsnxe(buf, capab); 742 743 ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher, 744 wpabuf_head_u8(buf) + IEEE80211_HDRLEN, 745 wpabuf_len(buf) - IEEE80211_HDRLEN, 746 pasn->hash); 747 if (ret) { 748 wpa_printf(MSG_DEBUG, "PASN: Failed to compute hash"); 749 goto fail; 750 } 751 752 pasn->trans_seq++; 753 754 wpabuf_free(wrapped_data_buf); 755 wpabuf_free(pubkey); 756 757 wpa_printf(MSG_DEBUG, "PASN: Frame 1: Success"); 758 return buf; 759 fail: 760 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 761 wpabuf_free(wrapped_data_buf); 762 wpabuf_free(pubkey); 763 wpabuf_free(buf); 764 return NULL; 765 } 766 767 768 static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s) 769 { 770 struct wpas_pasn *pasn = &wpa_s->pasn; 771 struct wpabuf *buf, *wrapped_data_buf = NULL; 772 u8 mic[WPA_PASN_MAX_MIC_LEN]; 773 u8 mic_len, data_len; 774 const u8 *data; 775 u8 *ptr; 776 u8 wrapped_data; 777 int ret; 778 779 wpa_printf(MSG_DEBUG, "PASN: Building frame 3"); 780 781 if (pasn->trans_seq != 2) 782 return NULL; 783 784 buf = wpabuf_alloc(1500); 785 if (!buf) 786 goto fail; 787 788 wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); 789 790 wpa_pasn_build_auth_header(buf, pasn->bssid, 791 wpa_s->own_addr, pasn->bssid, 792 pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); 793 794 wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s); 795 796 if (!wrapped_data_buf) 797 wrapped_data = WPA_PASN_WRAPPED_DATA_NO; 798 799 wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data, 800 NULL, false, NULL, -1); 801 802 if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0) 803 goto fail; 804 wpabuf_free(wrapped_data_buf); 805 wrapped_data_buf = NULL; 806 807 /* Add the MIC */ 808 mic_len = pasn_mic_len(pasn->akmp, pasn->cipher); 809 wpabuf_put_u8(buf, WLAN_EID_MIC); 810 wpabuf_put_u8(buf, mic_len); 811 ptr = wpabuf_put(buf, mic_len); 812 813 os_memset(ptr, 0, mic_len); 814 815 data = wpabuf_head_u8(buf) + IEEE80211_HDRLEN; 816 data_len = wpabuf_len(buf) - IEEE80211_HDRLEN; 817 818 ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher, 819 wpa_s->own_addr, pasn->bssid, 820 pasn->hash, mic_len * 2, data, data_len, mic); 821 if (ret) { 822 wpa_printf(MSG_DEBUG, "PASN: frame 3: Failed MIC calculation"); 823 goto fail; 824 } 825 826 #ifdef CONFIG_TESTING_OPTIONS 827 if (wpa_s->conf->pasn_corrupt_mic) { 828 wpa_printf(MSG_DEBUG, "PASN: frame 3: Corrupt MIC"); 829 mic[0] = ~mic[0]; 830 } 831 #endif /* CONFIG_TESTING_OPTIONS */ 832 833 os_memcpy(ptr, mic, mic_len); 834 835 pasn->trans_seq++; 836 837 wpa_printf(MSG_DEBUG, "PASN: frame 3: Success"); 838 return buf; 839 fail: 840 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 841 wpabuf_free(wrapped_data_buf); 842 wpabuf_free(buf); 843 return NULL; 844 } 845 846 847 static void wpas_pasn_reset(struct wpa_supplicant *wpa_s) 848 { 849 struct wpas_pasn *pasn = &wpa_s->pasn; 850 851 wpa_printf(MSG_DEBUG, "PASN: Reset"); 852 853 crypto_ecdh_deinit(pasn->ecdh); 854 pasn->ecdh = NULL; 855 856 wpas_pasn_cancel_auth_work(wpa_s); 857 wpa_s->pasn_auth_work = NULL; 858 859 eloop_cancel_timeout(wpas_pasn_auth_work_timeout, wpa_s, NULL); 860 861 pasn->akmp = 0; 862 pasn->cipher = 0; 863 pasn->group = 0; 864 pasn->trans_seq = 0; 865 pasn->pmk_len = 0; 866 pasn->using_pmksa = false; 867 868 forced_memzero(pasn->pmk, sizeof(pasn->pmk)); 869 forced_memzero(&pasn->ptk, sizeof(pasn->ptk)); 870 forced_memzero(&pasn->hash, sizeof(pasn->hash)); 871 872 wpabuf_free(pasn->beacon_rsne_rsnxe); 873 pasn->beacon_rsne_rsnxe = NULL; 874 875 wpabuf_free(pasn->comeback); 876 pasn->comeback = NULL; 877 pasn->comeback_after = 0; 878 879 #ifdef CONFIG_SAE 880 sae_clear_data(&pasn->sae); 881 #endif /* CONFIG_SAE */ 882 883 #ifdef CONFIG_FILS 884 os_memset(&pasn->fils, 0, sizeof(pasn->fils)); 885 #endif /* CONFIG_FILS*/ 886 887 #ifdef CONFIG_IEEE80211R 888 forced_memzero(pasn->pmk_r1, sizeof(pasn->pmk_r1)); 889 pasn->pmk_r1_len = 0; 890 os_memset(pasn->pmk_r1_name, 0, sizeof(pasn->pmk_r1_name)); 891 #endif /* CONFIG_IEEE80211R */ 892 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 893 } 894 895 896 static int wpas_pasn_set_pmk(struct wpa_supplicant *wpa_s, 897 struct wpa_ie_data *rsn_data, 898 struct wpa_pasn_params_data *pasn_data, 899 struct wpabuf *wrapped_data) 900 { 901 static const u8 pasn_default_pmk[] = {'P', 'M', 'K', 'z'}; 902 struct wpas_pasn *pasn = &wpa_s->pasn; 903 904 os_memset(pasn->pmk, 0, sizeof(pasn->pmk)); 905 pasn->pmk_len = 0; 906 907 if (pasn->akmp == WPA_KEY_MGMT_PASN) { 908 wpa_printf(MSG_DEBUG, "PASN: Using default PMK"); 909 910 pasn->pmk_len = WPA_PASN_PMK_LEN; 911 os_memcpy(pasn->pmk, pasn_default_pmk, 912 sizeof(pasn_default_pmk)); 913 return 0; 914 } 915 916 if (wpa_key_mgmt_ft(pasn->akmp)) { 917 #ifdef CONFIG_IEEE80211R 918 wpa_printf(MSG_DEBUG, "PASN: FT: Using PMK-R1"); 919 pasn->pmk_len = pasn->pmk_r1_len; 920 os_memcpy(pasn->pmk, pasn->pmk_r1, pasn->pmk_r1_len); 921 pasn->using_pmksa = true; 922 return 0; 923 #else /* CONFIG_IEEE80211R */ 924 wpa_printf(MSG_DEBUG, "PASN: FT: Not supported"); 925 return -1; 926 #endif /* CONFIG_IEEE80211R */ 927 } 928 929 if (rsn_data->num_pmkid) { 930 struct rsn_pmksa_cache_entry *pmksa; 931 932 pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid, 933 rsn_data->pmkid, NULL, 934 pasn->akmp); 935 if (pmksa) { 936 wpa_printf(MSG_DEBUG, "PASN: Using PMKSA"); 937 938 pasn->pmk_len = pmksa->pmk_len; 939 os_memcpy(pasn->pmk, pmksa->pmk, pmksa->pmk_len); 940 pasn->using_pmksa = true; 941 942 return 0; 943 } 944 } 945 946 #ifdef CONFIG_SAE 947 if (pasn->akmp == WPA_KEY_MGMT_SAE) { 948 int ret; 949 950 ret = wpas_pasn_wd_sae_rx(wpa_s, wrapped_data); 951 if (ret) { 952 wpa_printf(MSG_DEBUG, 953 "PASN: Failed processing SAE wrapped data"); 954 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 955 return -1; 956 } 957 958 wpa_printf(MSG_DEBUG, "PASN: Success deriving PMK with SAE"); 959 pasn->pmk_len = PMK_LEN; 960 os_memcpy(pasn->pmk, pasn->sae.pmk, PMK_LEN); 961 962 wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk, 963 pasn->pmk_len, pasn->sae.pmkid, 964 pasn->bssid, pasn->akmp); 965 return 0; 966 } 967 #endif /* CONFIG_SAE */ 968 969 #ifdef CONFIG_FILS 970 if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 || 971 pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) { 972 int ret; 973 974 ret = wpas_pasn_wd_fils_rx(wpa_s, wrapped_data); 975 if (ret) { 976 wpa_printf(MSG_DEBUG, 977 "PASN: Failed processing FILS wrapped data"); 978 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 979 return -1; 980 } 981 982 return 0; 983 } 984 #endif /* CONFIG_FILS */ 985 986 /* TODO: Derive PMK based on wrapped data */ 987 wpa_printf(MSG_DEBUG, "PASN: Missing implementation to derive PMK"); 988 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 989 return -1; 990 } 991 992 993 static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid, 994 int akmp, int cipher, u16 group, int freq, 995 const u8 *beacon_rsne, u8 beacon_rsne_len, 996 const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, 997 int network_id, struct wpabuf *comeback) 998 { 999 struct wpas_pasn *pasn = &wpa_s->pasn; 1000 struct wpa_ssid *ssid = NULL; 1001 struct wpabuf *frame; 1002 int ret; 1003 1004 /* TODO: Currently support only ECC groups */ 1005 if (!dragonfly_suitable_group(group, 1)) { 1006 wpa_printf(MSG_DEBUG, 1007 "PASN: Reject unsuitable group %u", group); 1008 return -1; 1009 } 1010 1011 ssid = wpa_config_get_network(wpa_s->conf, network_id); 1012 1013 switch (akmp) { 1014 case WPA_KEY_MGMT_PASN: 1015 break; 1016 #ifdef CONFIG_SAE 1017 case WPA_KEY_MGMT_SAE: 1018 if (!ssid) { 1019 wpa_printf(MSG_DEBUG, 1020 "PASN: No network profile found for SAE"); 1021 return -1; 1022 } 1023 1024 if (!ieee802_11_rsnx_capab(beacon_rsnxe, 1025 WLAN_RSNX_CAPAB_SAE_H2E)) { 1026 wpa_printf(MSG_DEBUG, 1027 "PASN: AP does not support SAE H2E"); 1028 return -1; 1029 } 1030 1031 if (wpas_pasn_sae_setup_pt(wpa_s, ssid, group) < 0) { 1032 wpa_printf(MSG_DEBUG, 1033 "PASN: Failed to derive PT"); 1034 return -1; 1035 } 1036 1037 pasn->sae.state = SAE_NOTHING; 1038 pasn->sae.send_confirm = 0; 1039 pasn->ssid = ssid; 1040 break; 1041 #endif /* CONFIG_SAE */ 1042 #ifdef CONFIG_FILS 1043 case WPA_KEY_MGMT_FILS_SHA256: 1044 case WPA_KEY_MGMT_FILS_SHA384: 1045 pasn->ssid = ssid; 1046 break; 1047 #endif /* CONFIG_FILS */ 1048 #ifdef CONFIG_IEEE80211R 1049 case WPA_KEY_MGMT_FT_PSK: 1050 case WPA_KEY_MGMT_FT_IEEE8021X: 1051 case WPA_KEY_MGMT_FT_IEEE8021X_SHA384: 1052 break; 1053 #endif /* CONFIG_IEEE80211R */ 1054 default: 1055 wpa_printf(MSG_ERROR, "PASN: Unsupported AKMP=0x%x", akmp); 1056 return -1; 1057 } 1058 1059 pasn->ecdh = crypto_ecdh_init(group); 1060 if (!pasn->ecdh) { 1061 wpa_printf(MSG_DEBUG, "PASN: Failed to init ECDH"); 1062 goto fail; 1063 } 1064 1065 pasn->beacon_rsne_rsnxe = wpabuf_alloc(beacon_rsne_len + 1066 beacon_rsnxe_len); 1067 if (!pasn->beacon_rsne_rsnxe) { 1068 wpa_printf(MSG_DEBUG, "PASN: Failed storing beacon RSNE/RSNXE"); 1069 goto fail; 1070 } 1071 1072 wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsne, beacon_rsne_len); 1073 if (beacon_rsnxe && beacon_rsnxe_len) 1074 wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsnxe, 1075 beacon_rsnxe_len); 1076 1077 pasn->akmp = akmp; 1078 pasn->cipher = cipher; 1079 pasn->group = group; 1080 pasn->freq = freq; 1081 1082 #ifdef CONFIG_TESTING_OPTIONS 1083 if (wpa_s->conf->force_kdk_derivation || 1084 #else 1085 if ( 1086 #endif 1087 (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF && 1088 ieee802_11_rsnx_capab(beacon_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) 1089 pasn->kdk_len = WPA_KDK_MAX_LEN; 1090 else 1091 pasn->kdk_len = 0; 1092 wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len); 1093 1094 os_memcpy(pasn->bssid, bssid, ETH_ALEN); 1095 1096 wpa_printf(MSG_DEBUG, 1097 "PASN: Init: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u", 1098 MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher, 1099 pasn->group); 1100 1101 frame = wpas_pasn_build_auth_1(wpa_s, comeback); 1102 if (!frame) { 1103 wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame"); 1104 goto fail; 1105 } 1106 1107 ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0, 1108 pasn->freq, 1000); 1109 1110 wpabuf_free(frame); 1111 if (ret) { 1112 wpa_printf(MSG_DEBUG, "PASN: Failed sending 1st auth frame"); 1113 goto fail; 1114 } 1115 1116 eloop_register_timeout(2, 0, wpas_pasn_auth_work_timeout, wpa_s, NULL); 1117 return 0; 1118 1119 fail: 1120 return -1; 1121 } 1122 1123 1124 static struct wpa_bss * wpas_pasn_allowed(struct wpa_supplicant *wpa_s, 1125 const u8 *bssid, int akmp, int cipher) 1126 { 1127 struct wpa_bss *bss; 1128 const u8 *rsne; 1129 struct wpa_ie_data rsne_data; 1130 int ret; 1131 1132 if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) { 1133 wpa_printf(MSG_DEBUG, 1134 "PASN: Not doing authentication with current BSS"); 1135 return NULL; 1136 } 1137 1138 bss = wpa_bss_get_bssid(wpa_s, bssid); 1139 if (!bss) { 1140 wpa_printf(MSG_DEBUG, "PASN: BSS not found"); 1141 return NULL; 1142 } 1143 1144 rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN); 1145 if (!rsne) { 1146 wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE"); 1147 return NULL; 1148 } 1149 1150 ret = wpa_parse_wpa_ie(rsne, *(rsne + 1) + 2, &rsne_data); 1151 if (ret) { 1152 wpa_printf(MSG_DEBUG, "PASN: Failed parsing RSNE data"); 1153 return NULL; 1154 } 1155 1156 if (!(rsne_data.key_mgmt & akmp) || 1157 !(rsne_data.pairwise_cipher & cipher)) { 1158 wpa_printf(MSG_DEBUG, 1159 "PASN: AP does not support requested AKMP or cipher"); 1160 return NULL; 1161 } 1162 1163 return bss; 1164 } 1165 1166 1167 static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit) 1168 { 1169 struct wpa_supplicant *wpa_s = work->wpa_s; 1170 struct wpa_pasn_auth_work *awork = work->ctx; 1171 struct wpa_bss *bss; 1172 const u8 *rsne, *rsnxe; 1173 int ret; 1174 1175 wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit); 1176 1177 if (deinit) { 1178 if (work->started) { 1179 eloop_cancel_timeout(wpas_pasn_auth_work_timeout, 1180 wpa_s, NULL); 1181 wpa_s->pasn_auth_work = NULL; 1182 } 1183 1184 wpas_pasn_free_auth_work(awork); 1185 return; 1186 } 1187 1188 /* 1189 * It is possible that by the time the callback is called, the PASN 1190 * authentication is not allowed, e.g., a connection with the AP was 1191 * established. 1192 */ 1193 bss = wpas_pasn_allowed(wpa_s, awork->bssid, awork->akmp, 1194 awork->cipher); 1195 if (!bss) { 1196 wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: Not allowed"); 1197 goto fail; 1198 } 1199 1200 rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN); 1201 if (!rsne) { 1202 wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE"); 1203 goto fail; 1204 } 1205 1206 rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX); 1207 1208 ret = wpas_pasn_start(wpa_s, awork->bssid, awork->akmp, awork->cipher, 1209 awork->group, bss->freq, rsne, *(rsne + 1) + 2, 1210 rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0, 1211 awork->network_id, awork->comeback); 1212 if (ret) { 1213 wpa_printf(MSG_DEBUG, 1214 "PASN: Failed to start PASN authentication"); 1215 goto fail; 1216 } 1217 1218 /* comeback token is no longer needed at this stage */ 1219 wpabuf_free(awork->comeback); 1220 awork->comeback = NULL; 1221 1222 wpa_s->pasn_auth_work = work; 1223 return; 1224 fail: 1225 wpas_pasn_free_auth_work(awork); 1226 work->ctx = NULL; 1227 radio_work_done(work); 1228 } 1229 1230 1231 int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid, 1232 int akmp, int cipher, u16 group, int network_id, 1233 const u8 *comeback, size_t comeback_len) 1234 { 1235 struct wpa_pasn_auth_work *awork; 1236 struct wpa_bss *bss; 1237 1238 wpa_printf(MSG_DEBUG, "PASN: Start: " MACSTR " akmp=0x%x, cipher=0x%x", 1239 MAC2STR(bssid), akmp, cipher); 1240 1241 /* 1242 * TODO: Consider modifying the offchannel logic to handle additional 1243 * Management frames other then Action frames. For now allow PASN only 1244 * with drivers that support off-channel TX. 1245 */ 1246 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) { 1247 wpa_printf(MSG_DEBUG, 1248 "PASN: Driver does not support offchannel TX"); 1249 return -1; 1250 } 1251 1252 if (radio_work_pending(wpa_s, "pasn-start-auth")) { 1253 wpa_printf(MSG_DEBUG, 1254 "PASN: send_auth: Work is already pending"); 1255 return -1; 1256 } 1257 1258 if (wpa_s->pasn_auth_work) { 1259 wpa_printf(MSG_DEBUG, "PASN: send_auth: Already in progress"); 1260 return -1; 1261 } 1262 1263 bss = wpas_pasn_allowed(wpa_s, bssid, akmp, cipher); 1264 if (!bss) 1265 return -1; 1266 1267 wpas_pasn_reset(wpa_s); 1268 1269 awork = os_zalloc(sizeof(*awork)); 1270 if (!awork) 1271 return -1; 1272 1273 os_memcpy(awork->bssid, bssid, ETH_ALEN); 1274 awork->akmp = akmp; 1275 awork->cipher = cipher; 1276 awork->group = group; 1277 awork->network_id = network_id; 1278 1279 if (comeback && comeback_len) { 1280 awork->comeback = wpabuf_alloc_copy(comeback, comeback_len); 1281 if (!awork->comeback) { 1282 wpas_pasn_free_auth_work(awork); 1283 return -1; 1284 } 1285 } 1286 1287 if (radio_add_work(wpa_s, bss->freq, "pasn-start-auth", 1, 1288 wpas_pasn_auth_start_cb, awork) < 0) { 1289 wpas_pasn_free_auth_work(awork); 1290 return -1; 1291 } 1292 1293 wpa_printf(MSG_DEBUG, "PASN: Auth work successfully added"); 1294 return 0; 1295 } 1296 1297 1298 void wpas_pasn_auth_stop(struct wpa_supplicant *wpa_s) 1299 { 1300 struct wpas_pasn *pasn = &wpa_s->pasn; 1301 1302 if (!wpa_s->pasn.ecdh) 1303 return; 1304 1305 wpa_printf(MSG_DEBUG, "PASN: Stopping authentication"); 1306 1307 wpas_pasn_auth_status(wpa_s, pasn->bssid, pasn->akmp, pasn->cipher, 1308 pasn->status, pasn->comeback, 1309 pasn->comeback_after); 1310 1311 wpas_pasn_reset(wpa_s); 1312 } 1313 1314 1315 static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s, 1316 struct wpas_pasn *pasn, 1317 struct wpa_pasn_params_data *params) 1318 { 1319 int akmp = pasn->akmp; 1320 int cipher = pasn->cipher; 1321 u16 group = pasn->group; 1322 u8 bssid[ETH_ALEN]; 1323 int network_id = pasn->ssid ? pasn->ssid->id : 0; 1324 1325 wpa_printf(MSG_DEBUG, "PASN: Immediate retry"); 1326 os_memcpy(bssid, pasn->bssid, ETH_ALEN); 1327 wpas_pasn_reset(wpa_s); 1328 1329 return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group, 1330 network_id, 1331 params->comeback, params->comeback_len); 1332 } 1333 1334 1335 int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s, 1336 const struct ieee80211_mgmt *mgmt, size_t len) 1337 { 1338 struct wpas_pasn *pasn = &wpa_s->pasn; 1339 struct ieee802_11_elems elems; 1340 struct wpa_ie_data rsn_data; 1341 struct wpa_pasn_params_data pasn_params; 1342 struct wpabuf *wrapped_data = NULL, *secret = NULL, *frame = NULL; 1343 u8 mic[WPA_PASN_MAX_MIC_LEN], out_mic[WPA_PASN_MAX_MIC_LEN]; 1344 u8 mic_len; 1345 u16 status; 1346 int ret, inc_y; 1347 u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) | 1348 (WLAN_FC_STYPE_AUTH << 4)); 1349 1350 if (!wpa_s->pasn_auth_work || !mgmt || 1351 len < offsetof(struct ieee80211_mgmt, u.auth.variable)) 1352 return -2; 1353 1354 /* Not an Authentication frame; do nothing */ 1355 if ((mgmt->frame_control & fc) != fc) 1356 return -2; 1357 1358 /* Not our frame; do nothing */ 1359 if (os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN) != 0 || 1360 os_memcmp(mgmt->sa, pasn->bssid, ETH_ALEN) != 0 || 1361 os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0) 1362 return -2; 1363 1364 /* Not PASN; do nothing */ 1365 if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN)) 1366 return -2; 1367 1368 if (mgmt->u.auth.auth_transaction != 1369 host_to_le16(pasn->trans_seq + 1)) { 1370 wpa_printf(MSG_DEBUG, 1371 "PASN: RX: Invalid transaction sequence: (%u != %u)", 1372 le_to_host16(mgmt->u.auth.auth_transaction), 1373 pasn->trans_seq + 1); 1374 return -1; 1375 } 1376 1377 status = le_to_host16(mgmt->u.auth.status_code); 1378 1379 if (status != WLAN_STATUS_SUCCESS && 1380 status != WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) { 1381 wpa_printf(MSG_DEBUG, 1382 "PASN: Authentication rejected - status=%u", status); 1383 pasn->status = status; 1384 wpas_pasn_auth_stop(wpa_s); 1385 return -1; 1386 } 1387 1388 if (ieee802_11_parse_elems(mgmt->u.auth.variable, 1389 len - offsetof(struct ieee80211_mgmt, 1390 u.auth.variable), 1391 &elems, 0) == ParseFailed) { 1392 wpa_printf(MSG_DEBUG, 1393 "PASN: Failed parsing Authentication frame"); 1394 goto fail; 1395 } 1396 1397 /* Check that the MIC IE exists. Save it and zero out the memory */ 1398 mic_len = pasn_mic_len(pasn->akmp, pasn->cipher); 1399 if (status == WLAN_STATUS_SUCCESS) { 1400 if (!elems.mic || elems.mic_len != mic_len) { 1401 wpa_printf(MSG_DEBUG, 1402 "PASN: Invalid MIC. Expecting len=%u", 1403 mic_len); 1404 goto fail; 1405 } else { 1406 os_memcpy(mic, elems.mic, mic_len); 1407 /* TODO: Clean this up.. Should not be modifying the 1408 * received message buffer. */ 1409 os_memset((u8 *) elems.mic, 0, mic_len); 1410 } 1411 } 1412 1413 if (!elems.pasn_params || !elems.pasn_params_len) { 1414 wpa_printf(MSG_DEBUG, 1415 "PASN: Missing PASN Parameters IE"); 1416 goto fail; 1417 } 1418 1419 ret = wpa_pasn_parse_parameter_ie(elems.pasn_params - 3, 1420 elems.pasn_params_len + 3, 1421 true, &pasn_params); 1422 if (ret) { 1423 wpa_printf(MSG_DEBUG, 1424 "PASN: Failed validation PASN of Parameters IE"); 1425 goto fail; 1426 } 1427 1428 if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) { 1429 wpa_printf(MSG_DEBUG, 1430 "PASN: Authentication temporarily rejected"); 1431 1432 if (pasn_params.comeback && pasn_params.comeback_len) { 1433 wpa_printf(MSG_DEBUG, 1434 "PASN: Comeback token available. After=%u", 1435 pasn_params.after); 1436 1437 if (!pasn_params.after) 1438 return wpas_pasn_immediate_retry(wpa_s, pasn, 1439 &pasn_params); 1440 1441 pasn->comeback = wpabuf_alloc_copy( 1442 pasn_params.comeback, pasn_params.comeback_len); 1443 if (pasn->comeback) 1444 pasn->comeback_after = pasn_params.after; 1445 } 1446 1447 pasn->status = status; 1448 goto fail; 1449 } 1450 1451 ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2, 1452 &rsn_data); 1453 if (ret) { 1454 wpa_printf(MSG_DEBUG, "PASN: Failed parsing RNSE"); 1455 goto fail; 1456 } 1457 1458 ret = wpa_pasn_validate_rsne(&rsn_data); 1459 if (ret) { 1460 wpa_printf(MSG_DEBUG, "PASN: Failed validating RSNE"); 1461 goto fail; 1462 } 1463 1464 if (pasn->akmp != rsn_data.key_mgmt || 1465 pasn->cipher != rsn_data.pairwise_cipher) { 1466 wpa_printf(MSG_DEBUG, "PASN: Mismatch in AKMP/cipher"); 1467 goto fail; 1468 } 1469 1470 if (pasn->group != pasn_params.group) { 1471 wpa_printf(MSG_DEBUG, "PASN: Mismatch in group"); 1472 goto fail; 1473 } 1474 1475 if (!pasn_params.pubkey || !pasn_params.pubkey_len) { 1476 wpa_printf(MSG_DEBUG, "PASN: Invalid public key"); 1477 goto fail; 1478 } 1479 1480 if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_UNCOMPRESSED) { 1481 inc_y = 1; 1482 } else if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_0 || 1483 pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_1) { 1484 inc_y = 0; 1485 } else { 1486 wpa_printf(MSG_DEBUG, 1487 "PASN: Invalid first octet in pubkey=0x%x", 1488 pasn_params.pubkey[0]); 1489 goto fail; 1490 } 1491 1492 secret = crypto_ecdh_set_peerkey(pasn->ecdh, inc_y, 1493 pasn_params.pubkey + 1, 1494 pasn_params.pubkey_len - 1); 1495 1496 if (!secret) { 1497 wpa_printf(MSG_DEBUG, "PASN: Failed to derive shared secret"); 1498 goto fail; 1499 } 1500 1501 if (pasn_params.wrapped_data_format != WPA_PASN_WRAPPED_DATA_NO) { 1502 wrapped_data = ieee802_11_defrag(&elems, 1503 WLAN_EID_EXTENSION, 1504 WLAN_EID_EXT_WRAPPED_DATA); 1505 1506 if (!wrapped_data) { 1507 wpa_printf(MSG_DEBUG, "PASN: Missing wrapped data"); 1508 goto fail; 1509 } 1510 } 1511 1512 ret = wpas_pasn_set_pmk(wpa_s, &rsn_data, &pasn_params, wrapped_data); 1513 if (ret) { 1514 wpa_printf(MSG_DEBUG, "PASN: Failed to set PMK"); 1515 goto fail; 1516 } 1517 1518 ret = pasn_pmk_to_ptk(pasn->pmk, pasn->pmk_len, 1519 wpa_s->own_addr, pasn->bssid, 1520 wpabuf_head(secret), wpabuf_len(secret), 1521 &pasn->ptk, pasn->akmp, pasn->cipher, 1522 pasn->kdk_len); 1523 if (ret) { 1524 wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK"); 1525 goto fail; 1526 } 1527 1528 wpabuf_free(wrapped_data); 1529 wrapped_data = NULL; 1530 wpabuf_free(secret); 1531 secret = NULL; 1532 1533 /* Verify the MIC */ 1534 ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher, 1535 pasn->bssid, wpa_s->own_addr, 1536 wpabuf_head(pasn->beacon_rsne_rsnxe), 1537 wpabuf_len(pasn->beacon_rsne_rsnxe), 1538 (u8 *) &mgmt->u.auth, 1539 len - offsetof(struct ieee80211_mgmt, u.auth), 1540 out_mic); 1541 1542 wpa_hexdump_key(MSG_DEBUG, "PASN: Frame MIC", mic, mic_len); 1543 if (ret || os_memcmp(mic, out_mic, mic_len) != 0) { 1544 wpa_printf(MSG_DEBUG, "PASN: Failed MIC verification"); 1545 goto fail; 1546 } 1547 1548 pasn->trans_seq++; 1549 1550 wpa_printf(MSG_DEBUG, "PASN: Success verifying Authentication frame"); 1551 1552 frame = wpas_pasn_build_auth_3(wpa_s); 1553 if (!frame) { 1554 wpa_printf(MSG_DEBUG, "PASN: Failed building 3rd auth frame"); 1555 goto fail; 1556 } 1557 1558 ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0, 1559 pasn->freq, 100); 1560 wpabuf_free(frame); 1561 if (ret) { 1562 wpa_printf(MSG_DEBUG, "PASN: Failed sending 3st auth frame"); 1563 goto fail; 1564 } 1565 1566 wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK"); 1567 1568 ptksa_cache_add(wpa_s->ptksa, pasn->bssid, pasn->cipher, 1569 dot11RSNAConfigPMKLifetime, &pasn->ptk); 1570 1571 forced_memzero(&pasn->ptk, sizeof(pasn->ptk)); 1572 1573 pasn->status = WLAN_STATUS_SUCCESS; 1574 return 0; 1575 fail: 1576 wpa_printf(MSG_DEBUG, "PASN: Failed RX processing - terminating"); 1577 wpabuf_free(wrapped_data); 1578 wpabuf_free(secret); 1579 1580 /* 1581 * TODO: In case of an error the standard allows to silently drop 1582 * the frame and terminate the authentication exchange. However, better 1583 * reply to the AP with an error status. 1584 */ 1585 if (status == WLAN_STATUS_SUCCESS) 1586 pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE; 1587 else 1588 pasn->status = status; 1589 1590 wpas_pasn_auth_stop(wpa_s); 1591 return -1; 1592 } 1593 1594 1595 int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s, 1596 const u8 *data, size_t data_len, u8 acked) 1597 1598 { 1599 struct wpas_pasn *pasn = &wpa_s->pasn; 1600 const struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) data; 1601 u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) | 1602 (WLAN_FC_STYPE_AUTH << 4)); 1603 1604 wpa_printf(MSG_DEBUG, "PASN: auth_tx_status: acked=%u", acked); 1605 1606 if (!wpa_s->pasn_auth_work) { 1607 wpa_printf(MSG_DEBUG, 1608 "PASN: auth_tx_status: no work in progress"); 1609 return -1; 1610 } 1611 1612 if (!mgmt || 1613 data_len < offsetof(struct ieee80211_mgmt, u.auth.variable)) 1614 return -1; 1615 1616 /* Not an authentication frame; do nothing */ 1617 if ((mgmt->frame_control & fc) != fc) 1618 return -1; 1619 1620 /* Not our frame; do nothing */ 1621 if (os_memcmp(mgmt->da, pasn->bssid, ETH_ALEN) || 1622 os_memcmp(mgmt->sa, wpa_s->own_addr, ETH_ALEN) || 1623 os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN)) 1624 return -1; 1625 1626 /* Not PASN; do nothing */ 1627 if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN)) 1628 return -1; 1629 1630 if (mgmt->u.auth.auth_transaction != host_to_le16(pasn->trans_seq)) { 1631 wpa_printf(MSG_ERROR, 1632 "PASN: Invalid transaction sequence: (%u != %u)", 1633 pasn->trans_seq, 1634 le_to_host16(mgmt->u.auth.auth_transaction)); 1635 return 0; 1636 } 1637 1638 wpa_printf(MSG_ERROR, 1639 "PASN: auth with trans_seq=%u, acked=%u", pasn->trans_seq, 1640 acked); 1641 1642 /* 1643 * Even if the frame was not acked, do not treat this is an error, and 1644 * try to complete the flow, relying on the PASN timeout callback to 1645 * clean up. 1646 */ 1647 if (pasn->trans_seq == 3) { 1648 wpa_printf(MSG_DEBUG, "PASN: auth complete with: " MACSTR, 1649 MAC2STR(pasn->bssid)); 1650 /* 1651 * Either frame was not ACKed or it was ACKed but the trans_seq 1652 * != 1, i.e., not expecting an RX frame, so we are done. 1653 */ 1654 wpas_pasn_auth_stop(wpa_s); 1655 } 1656 1657 return 0; 1658 } 1659 1660 1661 int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid) 1662 { 1663 struct wpa_bss *bss; 1664 struct wpabuf *buf; 1665 struct ieee80211_mgmt *deauth; 1666 int ret; 1667 1668 if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) { 1669 wpa_printf(MSG_DEBUG, 1670 "PASN: Cannot deauthenticate from current BSS"); 1671 return -1; 1672 } 1673 1674 wpa_printf(MSG_DEBUG, "PASN: deauth: Flushing all PTKSA entries for " 1675 MACSTR, MAC2STR(bssid)); 1676 ptksa_cache_flush(wpa_s->ptksa, bssid, WPA_CIPHER_NONE); 1677 1678 bss = wpa_bss_get_bssid(wpa_s, bssid); 1679 if (!bss) { 1680 wpa_printf(MSG_DEBUG, "PASN: deauth: BSS not found"); 1681 return -1; 1682 } 1683 1684 buf = wpabuf_alloc(64); 1685 if (!buf) { 1686 wpa_printf(MSG_DEBUG, "PASN: deauth: Failed wpabuf allocate"); 1687 return -1; 1688 } 1689 1690 deauth = wpabuf_put(buf, offsetof(struct ieee80211_mgmt, 1691 u.deauth.variable)); 1692 1693 deauth->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) | 1694 (WLAN_FC_STYPE_DEAUTH << 4)); 1695 1696 os_memcpy(deauth->da, bssid, ETH_ALEN); 1697 os_memcpy(deauth->sa, wpa_s->own_addr, ETH_ALEN); 1698 os_memcpy(deauth->bssid, bssid, ETH_ALEN); 1699 deauth->u.deauth.reason_code = 1700 host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID); 1701 1702 /* 1703 * Since we do not expect any response from the AP, implement the 1704 * Deauthentication frame transmission using direct call to the driver 1705 * without a radio work. 1706 */ 1707 ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 1708 bss->freq, 0); 1709 1710 wpabuf_free(buf); 1711 wpa_printf(MSG_DEBUG, "PASN: deauth: send_mlme ret=%d", ret); 1712 1713 return ret; 1714 } 1715