1 /* 2 * IEEE 802.1X-2010 KaY Interface 3 * Copyright (c) 2013-2014, Qualcomm Atheros, Inc. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 #include <openssl/ssl.h> 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "eap_peer/eap.h" 13 #include "eap_peer/eap_i.h" 14 #include "eapol_supp/eapol_supp_sm.h" 15 #include "pae/ieee802_1x_key.h" 16 #include "pae/ieee802_1x_kay.h" 17 #include "wpa_supplicant_i.h" 18 #include "config.h" 19 #include "config_ssid.h" 20 #include "driver_i.h" 21 #include "wpas_kay.h" 22 23 24 #define DEFAULT_KEY_LEN 16 25 /* secure Connectivity Association Key Name (CKN) */ 26 #define DEFAULT_CKN_LEN 16 27 28 29 static int wpas_macsec_init(void *priv, struct macsec_init_params *params) 30 { 31 return wpa_drv_macsec_init(priv, params); 32 } 33 34 35 static int wpas_macsec_deinit(void *priv) 36 { 37 return wpa_drv_macsec_deinit(priv); 38 } 39 40 41 static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled) 42 { 43 return wpa_drv_enable_protect_frames(wpa_s, enabled); 44 } 45 46 47 static int wpas_set_replay_protect(void *wpa_s, Boolean enabled, u32 window) 48 { 49 return wpa_drv_set_replay_protect(wpa_s, enabled, window); 50 } 51 52 53 static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs) 54 { 55 return wpa_drv_set_current_cipher_suite(wpa_s, cs); 56 } 57 58 59 static int wpas_enable_controlled_port(void *wpa_s, Boolean enabled) 60 { 61 return wpa_drv_enable_controlled_port(wpa_s, enabled); 62 } 63 64 65 static int wpas_get_receive_lowest_pn(void *wpa_s, u32 channel, 66 u8 an, u32 *lowest_pn) 67 { 68 return wpa_drv_get_receive_lowest_pn(wpa_s, channel, an, lowest_pn); 69 } 70 71 72 static int wpas_get_transmit_next_pn(void *wpa_s, u32 channel, 73 u8 an, u32 *next_pn) 74 { 75 return wpa_drv_get_transmit_next_pn(wpa_s, channel, an, next_pn); 76 } 77 78 79 static int wpas_set_transmit_next_pn(void *wpa_s, u32 channel, 80 u8 an, u32 next_pn) 81 { 82 return wpa_drv_set_transmit_next_pn(wpa_s, channel, an, next_pn); 83 } 84 85 86 static int wpas_get_available_receive_sc(void *wpa_s, u32 *channel) 87 { 88 return wpa_drv_get_available_receive_sc(wpa_s, channel); 89 } 90 91 92 static unsigned int conf_offset_val(enum confidentiality_offset co) 93 { 94 switch (co) { 95 case CONFIDENTIALITY_OFFSET_30: 96 return 30; 97 break; 98 case CONFIDENTIALITY_OFFSET_50: 99 return 50; 100 default: 101 return 0; 102 } 103 } 104 105 106 static int wpas_create_receive_sc(void *wpa_s, u32 channel, 107 struct ieee802_1x_mka_sci *sci, 108 enum validate_frames vf, 109 enum confidentiality_offset co) 110 { 111 return wpa_drv_create_receive_sc(wpa_s, channel, sci->addr, 112 be_to_host16(sci->port), 113 conf_offset_val(co), vf); 114 } 115 116 117 static int wpas_delete_receive_sc(void *wpa_s, u32 channel) 118 { 119 return wpa_drv_delete_receive_sc(wpa_s, channel); 120 } 121 122 123 static int wpas_create_receive_sa(void *wpa_s, u32 channel, u8 an, 124 u32 lowest_pn, const u8 *sak) 125 { 126 return wpa_drv_create_receive_sa(wpa_s, channel, an, lowest_pn, sak); 127 } 128 129 130 static int wpas_enable_receive_sa(void *wpa_s, u32 channel, u8 an) 131 { 132 return wpa_drv_enable_receive_sa(wpa_s, channel, an); 133 } 134 135 136 static int wpas_disable_receive_sa(void *wpa_s, u32 channel, u8 an) 137 { 138 return wpa_drv_disable_receive_sa(wpa_s, channel, an); 139 } 140 141 142 static int wpas_get_available_transmit_sc(void *wpa_s, u32 *channel) 143 { 144 return wpa_drv_get_available_transmit_sc(wpa_s, channel); 145 } 146 147 148 static int 149 wpas_create_transmit_sc(void *wpa_s, u32 channel, 150 const struct ieee802_1x_mka_sci *sci, 151 enum confidentiality_offset co) 152 { 153 return wpa_drv_create_transmit_sc(wpa_s, channel, sci->addr, 154 be_to_host16(sci->port), 155 conf_offset_val(co)); 156 } 157 158 159 static int wpas_delete_transmit_sc(void *wpa_s, u32 channel) 160 { 161 return wpa_drv_delete_transmit_sc(wpa_s, channel); 162 } 163 164 165 static int wpas_create_transmit_sa(void *wpa_s, u32 channel, u8 an, 166 u32 next_pn, Boolean confidentiality, 167 const u8 *sak) 168 { 169 return wpa_drv_create_transmit_sa(wpa_s, channel, an, next_pn, 170 confidentiality, sak); 171 } 172 173 174 static int wpas_enable_transmit_sa(void *wpa_s, u32 channel, u8 an) 175 { 176 return wpa_drv_enable_transmit_sa(wpa_s, channel, an); 177 } 178 179 180 static int wpas_disable_transmit_sa(void *wpa_s, u32 channel, u8 an) 181 { 182 return wpa_drv_disable_transmit_sa(wpa_s, channel, an); 183 } 184 185 186 int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 187 { 188 struct ieee802_1x_kay_ctx *kay_ctx; 189 struct ieee802_1x_kay *res = NULL; 190 enum macsec_policy policy; 191 192 ieee802_1x_dealloc_kay_sm(wpa_s); 193 194 if (!ssid || ssid->macsec_policy == 0) 195 return 0; 196 197 policy = ssid->macsec_policy == 1 ? SHOULD_SECURE : DO_NOT_SECURE; 198 199 kay_ctx = os_zalloc(sizeof(*kay_ctx)); 200 if (!kay_ctx) 201 return -1; 202 203 kay_ctx->ctx = wpa_s; 204 205 kay_ctx->macsec_init = wpas_macsec_init; 206 kay_ctx->macsec_deinit = wpas_macsec_deinit; 207 kay_ctx->enable_protect_frames = wpas_enable_protect_frames; 208 kay_ctx->set_replay_protect = wpas_set_replay_protect; 209 kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite; 210 kay_ctx->enable_controlled_port = wpas_enable_controlled_port; 211 kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn; 212 kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn; 213 kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn; 214 kay_ctx->get_available_receive_sc = wpas_get_available_receive_sc; 215 kay_ctx->create_receive_sc = wpas_create_receive_sc; 216 kay_ctx->delete_receive_sc = wpas_delete_receive_sc; 217 kay_ctx->create_receive_sa = wpas_create_receive_sa; 218 kay_ctx->enable_receive_sa = wpas_enable_receive_sa; 219 kay_ctx->disable_receive_sa = wpas_disable_receive_sa; 220 kay_ctx->get_available_transmit_sc = wpas_get_available_transmit_sc; 221 kay_ctx->create_transmit_sc = wpas_create_transmit_sc; 222 kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc; 223 kay_ctx->create_transmit_sa = wpas_create_transmit_sa; 224 kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa; 225 kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa; 226 227 res = ieee802_1x_kay_init(kay_ctx, policy, wpa_s->ifname, 228 wpa_s->own_addr); 229 if (res == NULL) { 230 os_free(kay_ctx); 231 return -1; 232 } 233 234 wpa_s->kay = res; 235 236 return 0; 237 } 238 239 240 void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s) 241 { 242 if (!wpa_s->kay) 243 return; 244 245 ieee802_1x_kay_deinit(wpa_s->kay); 246 wpa_s->kay = NULL; 247 } 248 249 250 static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s, 251 const u8 *addr, u8 *sid, size_t *len) 252 { 253 const u8 *session_id; 254 size_t id_len, need_len; 255 256 session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len); 257 if (session_id == NULL) { 258 wpa_printf(MSG_DEBUG, 259 "Failed to get SessionID from EAPOL state machines"); 260 return -1; 261 } 262 263 need_len = 1 + 2 * SSL3_RANDOM_SIZE; 264 if (need_len > id_len) { 265 wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough"); 266 return -1; 267 } 268 269 os_memcpy(sid, session_id, need_len); 270 *len = need_len; 271 272 return 0; 273 } 274 275 276 static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr, 277 u8 *msk, size_t *len) 278 { 279 u8 key[EAP_MSK_LEN]; 280 size_t keylen; 281 struct eapol_sm *sm; 282 int res; 283 284 sm = wpa_s->eapol; 285 if (sm == NULL) 286 return -1; 287 288 keylen = EAP_MSK_LEN; 289 res = eapol_sm_get_key(sm, key, keylen); 290 if (res) { 291 wpa_printf(MSG_DEBUG, 292 "Failed to get MSK from EAPOL state machines"); 293 return -1; 294 } 295 296 if (keylen > *len) 297 keylen = *len; 298 os_memcpy(msk, key, keylen); 299 *len = keylen; 300 301 return 0; 302 } 303 304 305 void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s, 306 const u8 *peer_addr) 307 { 308 u8 *sid; 309 size_t sid_len = 128; 310 struct mka_key_name *ckn; 311 struct mka_key *cak; 312 struct mka_key *msk; 313 void *res = NULL; 314 315 if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE) 316 return NULL; 317 318 wpa_printf(MSG_DEBUG, 319 "IEEE 802.1X: External notification - Create MKA for " 320 MACSTR, MAC2STR(peer_addr)); 321 322 msk = os_zalloc(sizeof(*msk)); 323 sid = os_zalloc(sid_len); 324 ckn = os_zalloc(sizeof(*ckn)); 325 cak = os_zalloc(sizeof(*cak)); 326 if (!msk || !sid || !ckn || !cak) 327 goto fail; 328 329 msk->len = DEFAULT_KEY_LEN; 330 if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) { 331 wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK"); 332 goto fail; 333 } 334 335 if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len)) 336 { 337 wpa_printf(MSG_ERROR, 338 "IEEE 802.1X: Could not get EAP Session Id"); 339 goto fail; 340 } 341 342 /* Derive CAK from MSK */ 343 cak->len = DEFAULT_KEY_LEN; 344 if (ieee802_1x_cak_128bits_aes_cmac(msk->key, wpa_s->own_addr, 345 peer_addr, cak->key)) { 346 wpa_printf(MSG_ERROR, 347 "IEEE 802.1X: Deriving CAK failed"); 348 goto fail; 349 } 350 wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len); 351 352 /* Derive CKN from MSK */ 353 ckn->len = DEFAULT_CKN_LEN; 354 if (ieee802_1x_ckn_128bits_aes_cmac(msk->key, wpa_s->own_addr, 355 peer_addr, sid, sid_len, 356 ckn->name)) { 357 wpa_printf(MSG_ERROR, 358 "IEEE 802.1X: Deriving CKN failed"); 359 goto fail; 360 } 361 wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len); 362 363 res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, 364 EAP_EXCHANGE, FALSE); 365 366 fail: 367 if (msk) { 368 os_memset(msk, 0, sizeof(*msk)); 369 os_free(msk); 370 } 371 os_free(sid); 372 os_free(ckn); 373 if (cak) { 374 os_memset(cak, 0, sizeof(*cak)); 375 os_free(cak); 376 } 377 378 return res; 379 } 380