xref: /freebsd/contrib/wpa/wpa_supplicant/wpas_kay.c (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1 /*
2  * IEEE 802.1X-2010 KaY Interface
3  * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "eap_peer/eap.h"
13 #include "eap_peer/eap_i.h"
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "pae/ieee802_1x_key.h"
16 #include "pae/ieee802_1x_kay.h"
17 #include "wpa_supplicant_i.h"
18 #include "config.h"
19 #include "config_ssid.h"
20 #include "driver_i.h"
21 #include "wpas_kay.h"
22 
23 
24 #define DEFAULT_KEY_LEN		16
25 /* secure Connectivity Association Key Name (CKN) */
26 #define DEFAULT_CKN_LEN		16
27 
28 
29 static int wpas_macsec_init(void *priv, struct macsec_init_params *params)
30 {
31 	return wpa_drv_macsec_init(priv, params);
32 }
33 
34 
35 static int wpas_macsec_deinit(void *priv)
36 {
37 	return wpa_drv_macsec_deinit(priv);
38 }
39 
40 
41 static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap)
42 {
43 	return wpa_drv_macsec_get_capability(priv, cap);
44 }
45 
46 
47 static int wpas_enable_protect_frames(void *wpa_s, bool enabled)
48 {
49 	return wpa_drv_enable_protect_frames(wpa_s, enabled);
50 }
51 
52 
53 static int wpas_enable_encrypt(void *wpa_s, bool enabled)
54 {
55 	return wpa_drv_enable_encrypt(wpa_s, enabled);
56 }
57 
58 
59 static int wpas_set_replay_protect(void *wpa_s, bool enabled, u32 window)
60 {
61 	return wpa_drv_set_replay_protect(wpa_s, enabled, window);
62 }
63 
64 
65 static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs)
66 {
67 	return wpa_drv_set_current_cipher_suite(wpa_s, cs);
68 }
69 
70 
71 static int wpas_enable_controlled_port(void *wpa_s, bool enabled)
72 {
73 	return wpa_drv_enable_controlled_port(wpa_s, enabled);
74 }
75 
76 
77 static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
78 {
79 	return wpa_drv_get_receive_lowest_pn(wpa_s, sa);
80 }
81 
82 
83 static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
84 {
85 	return wpa_drv_get_transmit_next_pn(wpa_s, sa);
86 }
87 
88 
89 static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
90 {
91 	return wpa_drv_set_transmit_next_pn(wpa_s, sa);
92 }
93 
94 
95 static int wpas_set_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
96 {
97 	return wpa_drv_set_receive_lowest_pn(wpa_s, sa);
98 }
99 
100 
101 static unsigned int conf_offset_val(enum confidentiality_offset co)
102 {
103 	switch (co) {
104 	case CONFIDENTIALITY_OFFSET_30:
105 		return 30;
106 		break;
107 	case CONFIDENTIALITY_OFFSET_50:
108 		return 50;
109 	default:
110 		return 0;
111 	}
112 }
113 
114 
115 static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc,
116 				  enum validate_frames vf,
117 				  enum confidentiality_offset co)
118 {
119 	return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf);
120 }
121 
122 
123 static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc)
124 {
125 	return wpa_drv_delete_receive_sc(wpa_s, sc);
126 }
127 
128 
129 static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa)
130 {
131 	return wpa_drv_create_receive_sa(wpa_s, sa);
132 }
133 
134 
135 static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa)
136 {
137 	return wpa_drv_delete_receive_sa(wpa_s, sa);
138 }
139 
140 
141 static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa)
142 {
143 	return wpa_drv_enable_receive_sa(wpa_s, sa);
144 }
145 
146 
147 static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa)
148 {
149 	return wpa_drv_disable_receive_sa(wpa_s, sa);
150 }
151 
152 
153 static int
154 wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc,
155 			enum confidentiality_offset co)
156 {
157 	return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co));
158 }
159 
160 
161 static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc)
162 {
163 	return wpa_drv_delete_transmit_sc(wpa_s, sc);
164 }
165 
166 
167 static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa)
168 {
169 	return wpa_drv_create_transmit_sa(wpa_s, sa);
170 }
171 
172 
173 static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa)
174 {
175 	return wpa_drv_delete_transmit_sa(wpa_s, sa);
176 }
177 
178 
179 static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
180 {
181 	return wpa_drv_enable_transmit_sa(wpa_s, sa);
182 }
183 
184 
185 static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
186 {
187 	return wpa_drv_disable_transmit_sa(wpa_s, sa);
188 }
189 
190 
191 int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
192 {
193 	struct ieee802_1x_kay_ctx *kay_ctx;
194 	struct ieee802_1x_kay *res = NULL;
195 	enum macsec_policy policy;
196 
197 	ieee802_1x_dealloc_kay_sm(wpa_s);
198 
199 	if (!ssid || ssid->macsec_policy == 0)
200 		return 0;
201 
202 	if (ssid->macsec_policy == 1) {
203 		if (ssid->macsec_integ_only == 1)
204 			policy = SHOULD_SECURE;
205 		else
206 			policy = SHOULD_ENCRYPT;
207 	} else {
208 		policy = DO_NOT_SECURE;
209 	}
210 
211 	kay_ctx = os_zalloc(sizeof(*kay_ctx));
212 	if (!kay_ctx)
213 		return -1;
214 
215 	kay_ctx->ctx = wpa_s;
216 
217 	kay_ctx->macsec_init = wpas_macsec_init;
218 	kay_ctx->macsec_deinit = wpas_macsec_deinit;
219 	kay_ctx->macsec_get_capability = wpas_macsec_get_capability;
220 	kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
221 	kay_ctx->enable_encrypt = wpas_enable_encrypt;
222 	kay_ctx->set_replay_protect = wpas_set_replay_protect;
223 	kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
224 	kay_ctx->enable_controlled_port = wpas_enable_controlled_port;
225 	kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
226 	kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
227 	kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
228 	kay_ctx->set_receive_lowest_pn = wpas_set_receive_lowest_pn;
229 	kay_ctx->create_receive_sc = wpas_create_receive_sc;
230 	kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
231 	kay_ctx->create_receive_sa = wpas_create_receive_sa;
232 	kay_ctx->delete_receive_sa = wpas_delete_receive_sa;
233 	kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
234 	kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
235 	kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
236 	kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
237 	kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
238 	kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa;
239 	kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
240 	kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
241 
242 	res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_replay_protect,
243 				  ssid->macsec_replay_window, ssid->macsec_port,
244 				  ssid->mka_priority, wpa_s->ifname,
245 				  wpa_s->own_addr);
246 	/* ieee802_1x_kay_init() frees kay_ctx on failure */
247 	if (res == NULL)
248 		return -1;
249 
250 	wpa_s->kay = res;
251 
252 	return 0;
253 }
254 
255 
256 void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
257 {
258 	if (!wpa_s->kay)
259 		return;
260 
261 	ieee802_1x_kay_deinit(wpa_s->kay);
262 	wpa_s->kay = NULL;
263 }
264 
265 
266 static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
267 					  const u8 *addr, u8 *sid, size_t *len)
268 {
269 	const u8 *session_id;
270 	size_t id_len, need_len;
271 
272 	session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len);
273 	if (session_id == NULL) {
274 		wpa_printf(MSG_DEBUG,
275 			   "Failed to get SessionID from EAPOL state machines");
276 		return -1;
277 	}
278 
279 	need_len = 1 + 2 * 32 /* random size */;
280 	if (need_len > id_len) {
281 		wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
282 		return -1;
283 	}
284 
285 	os_memcpy(sid, session_id, need_len);
286 	*len = need_len;
287 
288 	return 0;
289 }
290 
291 
292 static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr,
293 				   u8 *msk, size_t *len)
294 {
295 	u8 key[EAP_MSK_LEN];
296 	size_t keylen;
297 	struct eapol_sm *sm;
298 	int res;
299 
300 	sm = wpa_s->eapol;
301 	if (sm == NULL)
302 		return -1;
303 
304 	keylen = EAP_MSK_LEN;
305 	res = eapol_sm_get_key(sm, key, keylen);
306 	if (res) {
307 		wpa_printf(MSG_DEBUG,
308 			   "Failed to get MSK from EAPOL state machines");
309 		return -1;
310 	}
311 
312 	if (keylen > *len)
313 		keylen = *len;
314 	os_memcpy(msk, key, keylen);
315 	*len = keylen;
316 
317 	return 0;
318 }
319 
320 
321 void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
322 				      const u8 *peer_addr)
323 {
324 	u8 *sid;
325 	size_t sid_len = 128;
326 	struct mka_key_name *ckn;
327 	struct mka_key *cak;
328 	struct mka_key *msk;
329 	void *res = NULL;
330 
331 	if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
332 		return NULL;
333 
334 	wpa_printf(MSG_DEBUG,
335 		   "IEEE 802.1X: External notification - Create MKA for "
336 		   MACSTR, MAC2STR(peer_addr));
337 
338 	msk = os_zalloc(sizeof(*msk));
339 	sid = os_zalloc(sid_len);
340 	ckn = os_zalloc(sizeof(*ckn));
341 	cak = os_zalloc(sizeof(*cak));
342 	if (!msk || !sid || !ckn || !cak)
343 		goto fail;
344 
345 	msk->len = DEFAULT_KEY_LEN;
346 	if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) {
347 		wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK");
348 		goto fail;
349 	}
350 
351 	if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len))
352 	{
353 		wpa_printf(MSG_ERROR,
354 			   "IEEE 802.1X: Could not get EAP Session Id");
355 		goto fail;
356 	}
357 
358 	/* Derive CAK from MSK */
359 	cak->len = DEFAULT_KEY_LEN;
360 	if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
361 				    peer_addr, cak->key, cak->len)) {
362 		wpa_printf(MSG_ERROR,
363 			   "IEEE 802.1X: Deriving CAK failed");
364 		goto fail;
365 	}
366 	wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len);
367 
368 	/* Derive CKN from MSK */
369 	ckn->len = DEFAULT_CKN_LEN;
370 	if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
371 				    peer_addr, sid, sid_len, ckn->name)) {
372 		wpa_printf(MSG_ERROR,
373 			   "IEEE 802.1X: Deriving CKN failed");
374 		goto fail;
375 	}
376 	wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len);
377 
378 	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0,
379 					EAP_EXCHANGE, false);
380 
381 fail:
382 	if (msk) {
383 		os_memset(msk, 0, sizeof(*msk));
384 		os_free(msk);
385 	}
386 	os_free(sid);
387 	os_free(ckn);
388 	if (cak) {
389 		os_memset(cak, 0, sizeof(*cak));
390 		os_free(cak);
391 	}
392 
393 	return res;
394 }
395 
396 
397 void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
398 				       struct wpa_ssid *ssid)
399 {
400 	struct mka_key *cak;
401 	struct mka_key_name *ckn;
402 	void *res = NULL;
403 
404 	if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
405 		goto end;
406 
407 	ckn = os_zalloc(sizeof(*ckn));
408 	if (!ckn)
409 		goto end;
410 
411 	cak = os_zalloc(sizeof(*cak));
412 	if (!cak)
413 		goto free_ckn;
414 
415 	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
416 		goto free_cak;
417 
418 	if (wpa_s->kay->policy == DO_NOT_SECURE)
419 		goto dealloc;
420 
421 	cak->len = ssid->mka_cak_len;
422 	os_memcpy(cak->key, ssid->mka_cak, cak->len);
423 
424 	ckn->len = ssid->mka_ckn_len;
425 	os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
426 
427 	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, false);
428 	if (res)
429 		goto free_cak;
430 
431 dealloc:
432 	/* Failed to create MKA */
433 	ieee802_1x_dealloc_kay_sm(wpa_s);
434 free_cak:
435 	os_free(cak);
436 free_ckn:
437 	os_free(ckn);
438 end:
439 	return res;
440 }
441