Home | History | Annotate | Download | only in common
      1 /*
      2  * WPA/RSN - Shared functions for supplicant and authenticator
      3  * Copyright (c) 2002-2013, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "crypto/md5.h"
     13 #include "crypto/sha1.h"
     14 #include "crypto/sha256.h"
     15 #include "crypto/aes_wrap.h"
     16 #include "crypto/crypto.h"
     17 #include "drivers/driver.h"
     18 #include "ieee802_11_defs.h"
     19 #include "defs.h"
     20 #include "wpa_common.h"
     21 
     22 
     23 /**
     24  * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
     25  * @key: EAPOL-Key Key Confirmation Key (KCK)
     26  * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
     27  * @buf: Pointer to the beginning of the EAPOL header (version field)
     28  * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
     29  * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
     30  * Returns: 0 on success, -1 on failure
     31  *
     32  * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
     33  * to be cleared (all zeroes) when calling this function.
     34  *
     35  * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
     36  * description of the Key MIC calculation. It includes packet data from the
     37  * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
     38  * happened during final editing of the standard and the correct behavior is
     39  * defined in the last draft (IEEE 802.11i/D10).
     40  */
     41 int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,
     42 		      u8 *mic)
     43 {
     44 	u8 hash[SHA1_MAC_LEN];
     45 
     46 	switch (ver) {
     47 #ifndef CONFIG_FIPS
     48 	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
     49 		return hmac_md5(key, 16, buf, len, mic);
     50 #endif /* CONFIG_FIPS */
     51 	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
     52 		if (hmac_sha1(key, 16, buf, len, hash))
     53 			return -1;
     54 		os_memcpy(mic, hash, MD5_MAC_LEN);
     55 		break;
     56 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
     57 	case WPA_KEY_INFO_TYPE_AES_128_CMAC:
     58 		return omac1_aes_128(key, buf, len, mic);
     59 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
     60 #ifdef CONFIG_HS20
     61 	case WPA_KEY_INFO_TYPE_AKM_DEFINED:
     62 		/* FIX: This should be based on negotiated AKM */
     63 		return omac1_aes_128(key, buf, len, mic);
     64 #endif /* CONFIG_HS20 */
     65 	default:
     66 		return -1;
     67 	}
     68 
     69 	return 0;
     70 }
     71 
     72 
     73 /**
     74  * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
     75  * @pmk: Pairwise master key
     76  * @pmk_len: Length of PMK
     77  * @label: Label to use in derivation
     78  * @addr1: AA or SA
     79  * @addr2: SA or AA
     80  * @nonce1: ANonce or SNonce
     81  * @nonce2: SNonce or ANonce
     82  * @ptk: Buffer for pairwise transient key
     83  * @ptk_len: Length of PTK
     84  * @use_sha256: Whether to use SHA256-based KDF
     85  *
     86  * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
     87  * PTK = PRF-X(PMK, "Pairwise key expansion",
     88  *             Min(AA, SA) || Max(AA, SA) ||
     89  *             Min(ANonce, SNonce) || Max(ANonce, SNonce))
     90  *
     91  * STK = PRF-X(SMK, "Peer key expansion",
     92  *             Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
     93  *             Min(INonce, PNonce) || Max(INonce, PNonce))
     94  */
     95 void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
     96 		    const u8 *addr1, const u8 *addr2,
     97 		    const u8 *nonce1, const u8 *nonce2,
     98 		    u8 *ptk, size_t ptk_len, int use_sha256)
     99 {
    100 	u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
    101 
    102 	if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
    103 		os_memcpy(data, addr1, ETH_ALEN);
    104 		os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
    105 	} else {
    106 		os_memcpy(data, addr2, ETH_ALEN);
    107 		os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
    108 	}
    109 
    110 	if (os_memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
    111 		os_memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
    112 		os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
    113 			  WPA_NONCE_LEN);
    114 	} else {
    115 		os_memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
    116 		os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
    117 			  WPA_NONCE_LEN);
    118 	}
    119 
    120 #ifdef CONFIG_IEEE80211W
    121 	if (use_sha256)
    122 		sha256_prf(pmk, pmk_len, label, data, sizeof(data),
    123 			   ptk, ptk_len);
    124 	else
    125 #endif /* CONFIG_IEEE80211W */
    126 		sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk,
    127 			 ptk_len);
    128 
    129 	wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR,
    130 		   MAC2STR(addr1), MAC2STR(addr2));
    131 	wpa_hexdump(MSG_DEBUG, "WPA: Nonce1", nonce1, WPA_NONCE_LEN);
    132 	wpa_hexdump(MSG_DEBUG, "WPA: Nonce2", nonce2, WPA_NONCE_LEN);
    133 	wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
    134 	wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len);
    135 }
    136 
    137 
    138 #ifdef CONFIG_IEEE80211R
    139 int wpa_ft_mic(const u8 *kck, const u8 *sta_addr, const u8 *ap_addr,
    140 	       u8 transaction_seqnum, const u8 *mdie, size_t mdie_len,
    141 	       const u8 *ftie, size_t ftie_len,
    142 	       const u8 *rsnie, size_t rsnie_len,
    143 	       const u8 *ric, size_t ric_len, u8 *mic)
    144 {
    145 	u8 *buf, *pos;
    146 	size_t buf_len;
    147 
    148 	buf_len = 2 * ETH_ALEN + 1 + mdie_len + ftie_len + rsnie_len + ric_len;
    149 	buf = os_malloc(buf_len);
    150 	if (buf == NULL)
    151 		return -1;
    152 
    153 	pos = buf;
    154 	os_memcpy(pos, sta_addr, ETH_ALEN);
    155 	pos += ETH_ALEN;
    156 	os_memcpy(pos, ap_addr, ETH_ALEN);
    157 	pos += ETH_ALEN;
    158 	*pos++ = transaction_seqnum;
    159 	if (rsnie) {
    160 		os_memcpy(pos, rsnie, rsnie_len);
    161 		pos += rsnie_len;
    162 	}
    163 	if (mdie) {
    164 		os_memcpy(pos, mdie, mdie_len);
    165 		pos += mdie_len;
    166 	}
    167 	if (ftie) {
    168 		struct rsn_ftie *_ftie;
    169 		os_memcpy(pos, ftie, ftie_len);
    170 		if (ftie_len < 2 + sizeof(*_ftie)) {
    171 			os_free(buf);
    172 			return -1;
    173 		}
    174 		_ftie = (struct rsn_ftie *) (pos + 2);
    175 		os_memset(_ftie->mic, 0, sizeof(_ftie->mic));
    176 		pos += ftie_len;
    177 	}
    178 	if (ric) {
    179 		os_memcpy(pos, ric, ric_len);
    180 		pos += ric_len;
    181 	}
    182 
    183 	wpa_hexdump(MSG_MSGDUMP, "FT: MIC data", buf, pos - buf);
    184 	if (omac1_aes_128(kck, buf, pos - buf, mic)) {
    185 		os_free(buf);
    186 		return -1;
    187 	}
    188 
    189 	os_free(buf);
    190 
    191 	return 0;
    192 }
    193 
    194 
    195 static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len,
    196 			     struct wpa_ft_ies *parse)
    197 {
    198 	const u8 *end, *pos;
    199 
    200 	parse->ftie = ie;
    201 	parse->ftie_len = ie_len;
    202 
    203 	pos = ie + sizeof(struct rsn_ftie);
    204 	end = ie + ie_len;
    205 
    206 	while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
    207 		switch (pos[0]) {
    208 		case FTIE_SUBELEM_R1KH_ID:
    209 			if (pos[1] != FT_R1KH_ID_LEN) {
    210 				wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID "
    211 					   "length in FTIE: %d", pos[1]);
    212 				return -1;
    213 			}
    214 			parse->r1kh_id = pos + 2;
    215 			break;
    216 		case FTIE_SUBELEM_GTK:
    217 			parse->gtk = pos + 2;
    218 			parse->gtk_len = pos[1];
    219 			break;
    220 		case FTIE_SUBELEM_R0KH_ID:
    221 			if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) {
    222 				wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID "
    223 					   "length in FTIE: %d", pos[1]);
    224 				return -1;
    225 			}
    226 			parse->r0kh_id = pos + 2;
    227 			parse->r0kh_id_len = pos[1];
    228 			break;
    229 #ifdef CONFIG_IEEE80211W
    230 		case FTIE_SUBELEM_IGTK:
    231 			parse->igtk = pos + 2;
    232 			parse->igtk_len = pos[1];
    233 			break;
    234 #endif /* CONFIG_IEEE80211W */
    235 		}
    236 
    237 		pos += 2 + pos[1];
    238 	}
    239 
    240 	return 0;
    241 }
    242 
    243 
    244 int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
    245 		     struct wpa_ft_ies *parse)
    246 {
    247 	const u8 *end, *pos;
    248 	struct wpa_ie_data data;
    249 	int ret;
    250 	const struct rsn_ftie *ftie;
    251 	int prot_ie_count = 0;
    252 
    253 	os_memset(parse, 0, sizeof(*parse));
    254 	if (ies == NULL)
    255 		return 0;
    256 
    257 	pos = ies;
    258 	end = ies + ies_len;
    259 	while (pos + 2 <= end && pos + 2 + pos[1] <= end) {
    260 		switch (pos[0]) {
    261 		case WLAN_EID_RSN:
    262 			parse->rsn = pos + 2;
    263 			parse->rsn_len = pos[1];
    264 			ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
    265 						   parse->rsn_len + 2,
    266 						   &data);
    267 			if (ret < 0) {
    268 				wpa_printf(MSG_DEBUG, "FT: Failed to parse "
    269 					   "RSN IE: %d", ret);
    270 				return -1;
    271 			}
    272 			if (data.num_pmkid == 1 && data.pmkid)
    273 				parse->rsn_pmkid = data.pmkid;
    274 			break;
    275 		case WLAN_EID_MOBILITY_DOMAIN:
    276 			parse->mdie = pos + 2;
    277 			parse->mdie_len = pos[1];
    278 			break;
    279 		case WLAN_EID_FAST_BSS_TRANSITION:
    280 			if (pos[1] < sizeof(*ftie))
    281 				return -1;
    282 			ftie = (const struct rsn_ftie *) (pos + 2);
    283 			prot_ie_count = ftie->mic_control[1];
    284 			if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0)
    285 				return -1;
    286 			break;
    287 		case WLAN_EID_TIMEOUT_INTERVAL:
    288 			parse->tie = pos + 2;
    289 			parse->tie_len = pos[1];
    290 			break;
    291 		case WLAN_EID_RIC_DATA:
    292 			if (parse->ric == NULL)
    293 				parse->ric = pos;
    294 			break;
    295 		}
    296 
    297 		pos += 2 + pos[1];
    298 	}
    299 
    300 	if (prot_ie_count == 0)
    301 		return 0; /* no MIC */
    302 
    303 	/*
    304 	 * Check that the protected IE count matches with IEs included in the
    305 	 * frame.
    306 	 */
    307 	if (parse->rsn)
    308 		prot_ie_count--;
    309 	if (parse->mdie)
    310 		prot_ie_count--;
    311 	if (parse->ftie)
    312 		prot_ie_count--;
    313 	if (prot_ie_count < 0) {
    314 		wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in "
    315 			   "the protected IE count");
    316 		return -1;
    317 	}
    318 
    319 	if (prot_ie_count == 0 && parse->ric) {
    320 		wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not "
    321 			   "included in protected IE count");
    322 		return -1;
    323 	}
    324 
    325 	/* Determine the end of the RIC IE(s) */
    326 	pos = parse->ric;
    327 	while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end &&
    328 	       prot_ie_count) {
    329 		prot_ie_count--;
    330 		pos += 2 + pos[1];
    331 	}
    332 	parse->ric_len = pos - parse->ric;
    333 	if (prot_ie_count) {
    334 		wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
    335 			   "frame", (int) prot_ie_count);
    336 		return -1;
    337 	}
    338 
    339 	return 0;
    340 }
    341 #endif /* CONFIG_IEEE80211R */
    342 
    343 
    344 static int rsn_selector_to_bitfield(const u8 *s)
    345 {
    346 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE)
    347 		return WPA_CIPHER_NONE;
    348 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP40)
    349 		return WPA_CIPHER_WEP40;
    350 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP)
    351 		return WPA_CIPHER_TKIP;
    352 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP)
    353 		return WPA_CIPHER_CCMP;
    354 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP104)
    355 		return WPA_CIPHER_WEP104;
    356 #ifdef CONFIG_IEEE80211W
    357 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC)
    358 		return WPA_CIPHER_AES_128_CMAC;
    359 #endif /* CONFIG_IEEE80211W */
    360 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP)
    361 		return WPA_CIPHER_GCMP;
    362 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256)
    363 		return WPA_CIPHER_CCMP_256;
    364 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256)
    365 		return WPA_CIPHER_GCMP_256;
    366 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128)
    367 		return WPA_CIPHER_BIP_GMAC_128;
    368 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256)
    369 		return WPA_CIPHER_BIP_GMAC_256;
    370 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256)
    371 		return WPA_CIPHER_BIP_CMAC_256;
    372 	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
    373 		return WPA_CIPHER_GTK_NOT_USED;
    374 	return 0;
    375 }
    376 
    377 
    378 static int rsn_key_mgmt_to_bitfield(const u8 *s)
    379 {
    380 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X)
    381 		return WPA_KEY_MGMT_IEEE8021X;
    382 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X)
    383 		return WPA_KEY_MGMT_PSK;
    384 #ifdef CONFIG_IEEE80211R
    385 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X)
    386 		return WPA_KEY_MGMT_FT_IEEE8021X;
    387 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK)
    388 		return WPA_KEY_MGMT_FT_PSK;
    389 #endif /* CONFIG_IEEE80211R */
    390 #ifdef CONFIG_IEEE80211W
    391 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
    392 		return WPA_KEY_MGMT_IEEE8021X_SHA256;
    393 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
    394 		return WPA_KEY_MGMT_PSK_SHA256;
    395 #endif /* CONFIG_IEEE80211W */
    396 #ifdef CONFIG_SAE
    397 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE)
    398 		return WPA_KEY_MGMT_SAE;
    399 	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE)
    400 		return WPA_KEY_MGMT_FT_SAE;
    401 #endif /* CONFIG_SAE */
    402 	return 0;
    403 }
    404 
    405 
    406 static int wpa_cipher_valid_group(int cipher)
    407 {
    408 	return wpa_cipher_valid_pairwise(cipher) ||
    409 		cipher == WPA_CIPHER_WEP104 ||
    410 		cipher == WPA_CIPHER_WEP40 ||
    411 		cipher == WPA_CIPHER_GTK_NOT_USED;
    412 }
    413 
    414 
    415 #ifdef CONFIG_IEEE80211W
    416 int wpa_cipher_valid_mgmt_group(int cipher)
    417 {
    418 	return cipher == WPA_CIPHER_AES_128_CMAC ||
    419 		cipher == WPA_CIPHER_BIP_GMAC_128 ||
    420 		cipher == WPA_CIPHER_BIP_GMAC_256 ||
    421 		cipher == WPA_CIPHER_BIP_CMAC_256;
    422 }
    423 #endif /* CONFIG_IEEE80211W */
    424 
    425 
    426 /**
    427  * wpa_parse_wpa_ie_rsn - Parse RSN IE
    428  * @rsn_ie: Buffer containing RSN IE
    429  * @rsn_ie_len: RSN IE buffer length (including IE number and length octets)
    430  * @data: Pointer to structure that will be filled in with parsed data
    431  * Returns: 0 on success, <0 on failure
    432  */
    433 int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
    434 			 struct wpa_ie_data *data)
    435 {
    436 	const struct rsn_ie_hdr *hdr;
    437 	const u8 *pos;
    438 	int left;
    439 	int i, count;
    440 
    441 	os_memset(data, 0, sizeof(*data));
    442 	data->proto = WPA_PROTO_RSN;
    443 	data->pairwise_cipher = WPA_CIPHER_CCMP;
    444 	data->group_cipher = WPA_CIPHER_CCMP;
    445 	data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
    446 	data->capabilities = 0;
    447 	data->pmkid = NULL;
    448 	data->num_pmkid = 0;
    449 #ifdef CONFIG_IEEE80211W
    450 	data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
    451 #else /* CONFIG_IEEE80211W */
    452 	data->mgmt_group_cipher = 0;
    453 #endif /* CONFIG_IEEE80211W */
    454 
    455 	if (rsn_ie_len == 0) {
    456 		/* No RSN IE - fail silently */
    457 		return -1;
    458 	}
    459 
    460 	if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
    461 		wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
    462 			   __func__, (unsigned long) rsn_ie_len);
    463 		return -1;
    464 	}
    465 
    466 	hdr = (const struct rsn_ie_hdr *) rsn_ie;
    467 
    468 	if (hdr->elem_id != WLAN_EID_RSN ||
    469 	    hdr->len != rsn_ie_len - 2 ||
    470 	    WPA_GET_LE16(hdr->version) != RSN_VERSION) {
    471 		wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
    472 			   __func__);
    473 		return -2;
    474 	}
    475 
    476 	pos = (const u8 *) (hdr + 1);
    477 	left = rsn_ie_len - sizeof(*hdr);
    478 
    479 	if (left >= RSN_SELECTOR_LEN) {
    480 		data->group_cipher = rsn_selector_to_bitfield(pos);
    481 		if (!wpa_cipher_valid_group(data->group_cipher)) {
    482 			wpa_printf(MSG_DEBUG, "%s: invalid group cipher 0x%x",
    483 				   __func__, data->group_cipher);
    484 			return -1;
    485 		}
    486 		pos += RSN_SELECTOR_LEN;
    487 		left -= RSN_SELECTOR_LEN;
    488 	} else if (left > 0) {
    489 		wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
    490 			   __func__, left);
    491 		return -3;
    492 	}
    493 
    494 	if (left >= 2) {
    495 		data->pairwise_cipher = 0;
    496 		count = WPA_GET_LE16(pos);
    497 		pos += 2;
    498 		left -= 2;
    499 		if (count == 0 || left < count * RSN_SELECTOR_LEN) {
    500 			wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
    501 				   "count %u left %u", __func__, count, left);
    502 			return -4;
    503 		}
    504 		for (i = 0; i < count; i++) {
    505 			data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
    506 			pos += RSN_SELECTOR_LEN;
    507 			left -= RSN_SELECTOR_LEN;
    508 		}
    509 #ifdef CONFIG_IEEE80211W
    510 		if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
    511 			wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
    512 				   "pairwise cipher", __func__);
    513 			return -1;
    514 		}
    515 #endif /* CONFIG_IEEE80211W */
    516 	} else if (left == 1) {
    517 		wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
    518 			   __func__);
    519 		return -5;
    520 	}
    521 
    522 	if (left >= 2) {
    523 		data->key_mgmt = 0;
    524 		count = WPA_GET_LE16(pos);
    525 		pos += 2;
    526 		left -= 2;
    527 		if (count == 0 || left < count * RSN_SELECTOR_LEN) {
    528 			wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
    529 				   "count %u left %u", __func__, count, left);
    530 			return -6;
    531 		}
    532 		for (i = 0; i < count; i++) {
    533 			data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
    534 			pos += RSN_SELECTOR_LEN;
    535 			left -= RSN_SELECTOR_LEN;
    536 		}
    537 	} else if (left == 1) {
    538 		wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
    539 			   __func__);
    540 		return -7;
    541 	}
    542 
    543 	if (left >= 2) {
    544 		data->capabilities = WPA_GET_LE16(pos);
    545 		pos += 2;
    546 		left -= 2;
    547 	}
    548 
    549 	if (left >= 2) {
    550 		data->num_pmkid = WPA_GET_LE16(pos);
    551 		pos += 2;
    552 		left -= 2;
    553 		if (left < (int) data->num_pmkid * PMKID_LEN) {
    554 			wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
    555 				   "(num_pmkid=%lu left=%d)",
    556 				   __func__, (unsigned long) data->num_pmkid,
    557 				   left);
    558 			data->num_pmkid = 0;
    559 			return -9;
    560 		} else {
    561 			data->pmkid = pos;
    562 			pos += data->num_pmkid * PMKID_LEN;
    563 			left -= data->num_pmkid * PMKID_LEN;
    564 		}
    565 	}
    566 
    567 #ifdef CONFIG_IEEE80211W
    568 	if (left >= 4) {
    569 		data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
    570 		if (!wpa_cipher_valid_mgmt_group(data->mgmt_group_cipher)) {
    571 			wpa_printf(MSG_DEBUG, "%s: Unsupported management "
    572 				   "group cipher 0x%x", __func__,
    573 				   data->mgmt_group_cipher);
    574 			return -10;
    575 		}
    576 		pos += RSN_SELECTOR_LEN;
    577 		left -= RSN_SELECTOR_LEN;
    578 	}
    579 #endif /* CONFIG_IEEE80211W */
    580 
    581 	if (left > 0) {
    582 		wpa_hexdump(MSG_DEBUG,
    583 			    "wpa_parse_wpa_ie_rsn: ignore trailing bytes",
    584 			    pos, left);
    585 	}
    586 
    587 	return 0;
    588 }
    589 
    590 
    591 static int wpa_selector_to_bitfield(const u8 *s)
    592 {
    593 	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
    594 		return WPA_CIPHER_NONE;
    595 	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
    596 		return WPA_CIPHER_WEP40;
    597 	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
    598 		return WPA_CIPHER_TKIP;
    599 	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
    600 		return WPA_CIPHER_CCMP;
    601 	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
    602 		return WPA_CIPHER_WEP104;
    603 	return 0;
    604 }
    605 
    606 
    607 static int wpa_key_mgmt_to_bitfield(const u8 *s)
    608 {
    609 	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
    610 		return WPA_KEY_MGMT_IEEE8021X;
    611 	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
    612 		return WPA_KEY_MGMT_PSK;
    613 	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
    614 		return WPA_KEY_MGMT_WPA_NONE;
    615 	return 0;
    616 }
    617 
    618 
    619 int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
    620 			 struct wpa_ie_data *data)
    621 {
    622 	const struct wpa_ie_hdr *hdr;
    623 	const u8 *pos;
    624 	int left;
    625 	int i, count;
    626 
    627 	os_memset(data, 0, sizeof(*data));
    628 	data->proto = WPA_PROTO_WPA;
    629 	data->pairwise_cipher = WPA_CIPHER_TKIP;
    630 	data->group_cipher = WPA_CIPHER_TKIP;
    631 	data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
    632 	data->capabilities = 0;
    633 	data->pmkid = NULL;
    634 	data->num_pmkid = 0;
    635 	data->mgmt_group_cipher = 0;
    636 
    637 	if (wpa_ie_len == 0) {
    638 		/* No WPA IE - fail silently */
    639 		return -1;
    640 	}
    641 
    642 	if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
    643 		wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
    644 			   __func__, (unsigned long) wpa_ie_len);
    645 		return -1;
    646 	}
    647 
    648 	hdr = (const struct wpa_ie_hdr *) wpa_ie;
    649 
    650 	if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
    651 	    hdr->len != wpa_ie_len - 2 ||
    652 	    RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
    653 	    WPA_GET_LE16(hdr->version) != WPA_VERSION) {
    654 		wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
    655 			   __func__);
    656 		return -2;
    657 	}
    658 
    659 	pos = (const u8 *) (hdr + 1);
    660 	left = wpa_ie_len - sizeof(*hdr);
    661 
    662 	if (left >= WPA_SELECTOR_LEN) {
    663 		data->group_cipher = wpa_selector_to_bitfield(pos);
    664 		pos += WPA_SELECTOR_LEN;
    665 		left -= WPA_SELECTOR_LEN;
    666 	} else if (left > 0) {
    667 		wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
    668 			   __func__, left);
    669 		return -3;
    670 	}
    671 
    672 	if (left >= 2) {
    673 		data->pairwise_cipher = 0;
    674 		count = WPA_GET_LE16(pos);
    675 		pos += 2;
    676 		left -= 2;
    677 		if (count == 0 || left < count * WPA_SELECTOR_LEN) {
    678 			wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
    679 				   "count %u left %u", __func__, count, left);
    680 			return -4;
    681 		}
    682 		for (i = 0; i < count; i++) {
    683 			data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
    684 			pos += WPA_SELECTOR_LEN;
    685 			left -= WPA_SELECTOR_LEN;
    686 		}
    687 	} else if (left == 1) {
    688 		wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
    689 			   __func__);
    690 		return -5;
    691 	}
    692 
    693 	if (left >= 2) {
    694 		data->key_mgmt = 0;
    695 		count = WPA_GET_LE16(pos);
    696 		pos += 2;
    697 		left -= 2;
    698 		if (count == 0 || left < count * WPA_SELECTOR_LEN) {
    699 			wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
    700 				   "count %u left %u", __func__, count, left);
    701 			return -6;
    702 		}
    703 		for (i = 0; i < count; i++) {
    704 			data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
    705 			pos += WPA_SELECTOR_LEN;
    706 			left -= WPA_SELECTOR_LEN;
    707 		}
    708 	} else if (left == 1) {
    709 		wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
    710 			   __func__);
    711 		return -7;
    712 	}
    713 
    714 	if (left >= 2) {
    715 		data->capabilities = WPA_GET_LE16(pos);
    716 		pos += 2;
    717 		left -= 2;
    718 	}
    719 
    720 	if (left > 0) {
    721 		wpa_hexdump(MSG_DEBUG,
    722 			    "wpa_parse_wpa_ie_wpa: ignore trailing bytes",
    723 			    pos, left);
    724 	}
    725 
    726 	return 0;
    727 }
    728 
    729 
    730 #ifdef CONFIG_IEEE80211R
    731 
    732 /**
    733  * wpa_derive_pmk_r0 - Derive PMK-R0 and PMKR0Name
    734  *
    735  * IEEE Std 802.11r-2008 - 8.5.1.5.3
    736  */
    737 void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
    738 		       const u8 *ssid, size_t ssid_len,
    739 		       const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len,
    740 		       const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name)
    741 {
    742 	u8 buf[1 + WPA_MAX_SSID_LEN + MOBILITY_DOMAIN_ID_LEN + 1 +
    743 	       FT_R0KH_ID_MAX_LEN + ETH_ALEN];
    744 	u8 *pos, r0_key_data[48], hash[32];
    745 	const u8 *addr[2];
    746 	size_t len[2];
    747 
    748 	/*
    749 	 * R0-Key-Data = KDF-384(XXKey, "FT-R0",
    750 	 *                       SSIDlength || SSID || MDID || R0KHlength ||
    751 	 *                       R0KH-ID || S0KH-ID)
    752 	 * XXKey is either the second 256 bits of MSK or PSK.
    753 	 * PMK-R0 = L(R0-Key-Data, 0, 256)
    754 	 * PMK-R0Name-Salt = L(R0-Key-Data, 256, 128)
    755 	 */
    756 	if (ssid_len > WPA_MAX_SSID_LEN || r0kh_id_len > FT_R0KH_ID_MAX_LEN)
    757 		return;
    758 	pos = buf;
    759 	*pos++ = ssid_len;
    760 	os_memcpy(pos, ssid, ssid_len);
    761 	pos += ssid_len;
    762 	os_memcpy(pos, mdid, MOBILITY_DOMAIN_ID_LEN);
    763 	pos += MOBILITY_DOMAIN_ID_LEN;
    764 	*pos++ = r0kh_id_len;
    765 	os_memcpy(pos, r0kh_id, r0kh_id_len);
    766 	pos += r0kh_id_len;
    767 	os_memcpy(pos, s0kh_id, ETH_ALEN);
    768 	pos += ETH_ALEN;
    769 
    770 	sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf,
    771 		   r0_key_data, sizeof(r0_key_data));
    772 	os_memcpy(pmk_r0, r0_key_data, PMK_LEN);
    773 
    774 	/*
    775 	 * PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt)
    776 	 */
    777 	addr[0] = (const u8 *) "FT-R0N";
    778 	len[0] = 6;
    779 	addr[1] = r0_key_data + PMK_LEN;
    780 	len[1] = 16;
    781 
    782 	sha256_vector(2, addr, len, hash);
    783 	os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN);
    784 }
    785 
    786 
    787 /**
    788  * wpa_derive_pmk_r1_name - Derive PMKR1Name
    789  *
    790  * IEEE Std 802.11r-2008 - 8.5.1.5.4
    791  */
    792 void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
    793 			    const u8 *s1kh_id, u8 *pmk_r1_name)
    794 {
    795 	u8 hash[32];
    796 	const u8 *addr[4];
    797 	size_t len[4];
    798 
    799 	/*
    800 	 * PMKR1Name = Truncate-128(SHA-256("FT-R1N" || PMKR0Name ||
    801 	 *                                  R1KH-ID || S1KH-ID))
    802 	 */
    803 	addr[0] = (const u8 *) "FT-R1N";
    804 	len[0] = 6;
    805 	addr[1] = pmk_r0_name;
    806 	len[1] = WPA_PMK_NAME_LEN;
    807 	addr[2] = r1kh_id;
    808 	len[2] = FT_R1KH_ID_LEN;
    809 	addr[3] = s1kh_id;
    810 	len[3] = ETH_ALEN;
    811 
    812 	sha256_vector(4, addr, len, hash);
    813 	os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
    814 }
    815 
    816 
    817 /**
    818  * wpa_derive_pmk_r1 - Derive PMK-R1 and PMKR1Name from PMK-R0
    819  *
    820  * IEEE Std 802.11r-2008 - 8.5.1.5.4
    821  */
    822 void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name,
    823 		       const u8 *r1kh_id, const u8 *s1kh_id,
    824 		       u8 *pmk_r1, u8 *pmk_r1_name)
    825 {
    826 	u8 buf[FT_R1KH_ID_LEN + ETH_ALEN];
    827 	u8 *pos;
    828 
    829 	/* PMK-R1 = KDF-256(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID) */
    830 	pos = buf;
    831 	os_memcpy(pos, r1kh_id, FT_R1KH_ID_LEN);
    832 	pos += FT_R1KH_ID_LEN;
    833 	os_memcpy(pos, s1kh_id, ETH_ALEN);
    834 	pos += ETH_ALEN;
    835 
    836 	sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN);
    837 
    838 	wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name);
    839 }
    840 
    841 
    842 /**
    843  * wpa_pmk_r1_to_ptk - Derive PTK and PTKName from PMK-R1
    844  *
    845  * IEEE Std 802.11r-2008 - 8.5.1.5.5
    846  */
    847 void wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce,
    848 		       const u8 *sta_addr, const u8 *bssid,
    849 		       const u8 *pmk_r1_name,
    850 		       u8 *ptk, size_t ptk_len, u8 *ptk_name)
    851 {
    852 	u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN];
    853 	u8 *pos, hash[32];
    854 	const u8 *addr[6];
    855 	size_t len[6];
    856 
    857 	/*
    858 	 * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce ||
    859 	 *                  BSSID || STA-ADDR)
    860 	 */
    861 	pos = buf;
    862 	os_memcpy(pos, snonce, WPA_NONCE_LEN);
    863 	pos += WPA_NONCE_LEN;
    864 	os_memcpy(pos, anonce, WPA_NONCE_LEN);
    865 	pos += WPA_NONCE_LEN;
    866 	os_memcpy(pos, bssid, ETH_ALEN);
    867 	pos += ETH_ALEN;
    868 	os_memcpy(pos, sta_addr, ETH_ALEN);
    869 	pos += ETH_ALEN;
    870 
    871 	sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, ptk, ptk_len);
    872 
    873 	/*
    874 	 * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce ||
    875 	 *                                ANonce || BSSID || STA-ADDR))
    876 	 */
    877 	addr[0] = pmk_r1_name;
    878 	len[0] = WPA_PMK_NAME_LEN;
    879 	addr[1] = (const u8 *) "FT-PTKN";
    880 	len[1] = 7;
    881 	addr[2] = snonce;
    882 	len[2] = WPA_NONCE_LEN;
    883 	addr[3] = anonce;
    884 	len[3] = WPA_NONCE_LEN;
    885 	addr[4] = bssid;
    886 	len[4] = ETH_ALEN;
    887 	addr[5] = sta_addr;
    888 	len[5] = ETH_ALEN;
    889 
    890 	sha256_vector(6, addr, len, hash);
    891 	os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN);
    892 }
    893 
    894 #endif /* CONFIG_IEEE80211R */
    895 
    896 
    897 /**
    898  * rsn_pmkid - Calculate PMK identifier
    899  * @pmk: Pairwise master key
    900  * @pmk_len: Length of pmk in bytes
    901  * @aa: Authenticator address
    902  * @spa: Supplicant address
    903  * @pmkid: Buffer for PMKID
    904  * @use_sha256: Whether to use SHA256-based KDF
    905  *
    906  * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
    907  * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
    908  */
    909 void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
    910 	       u8 *pmkid, int use_sha256)
    911 {
    912 	char *title = "PMK Name";
    913 	const u8 *addr[3];
    914 	const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
    915 	unsigned char hash[SHA256_MAC_LEN];
    916 
    917 	addr[0] = (u8 *) title;
    918 	addr[1] = aa;
    919 	addr[2] = spa;
    920 
    921 #ifdef CONFIG_IEEE80211W
    922 	if (use_sha256)
    923 		hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
    924 	else
    925 #endif /* CONFIG_IEEE80211W */
    926 		hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
    927 	os_memcpy(pmkid, hash, PMKID_LEN);
    928 }
    929 
    930 
    931 /**
    932  * wpa_cipher_txt - Convert cipher suite to a text string
    933  * @cipher: Cipher suite (WPA_CIPHER_* enum)
    934  * Returns: Pointer to a text string of the cipher suite name
    935  */
    936 const char * wpa_cipher_txt(int cipher)
    937 {
    938 	switch (cipher) {
    939 	case WPA_CIPHER_NONE:
    940 		return "NONE";
    941 	case WPA_CIPHER_WEP40:
    942 		return "WEP-40";
    943 	case WPA_CIPHER_WEP104:
    944 		return "WEP-104";
    945 	case WPA_CIPHER_TKIP:
    946 		return "TKIP";
    947 	case WPA_CIPHER_CCMP:
    948 		return "CCMP";
    949 	case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP:
    950 		return "CCMP+TKIP";
    951 	case WPA_CIPHER_GCMP:
    952 		return "GCMP";
    953 	case WPA_CIPHER_GCMP_256:
    954 		return "GCMP-256";
    955 	case WPA_CIPHER_CCMP_256:
    956 		return "CCMP-256";
    957 	case WPA_CIPHER_GTK_NOT_USED:
    958 		return "GTK_NOT_USED";
    959 	default:
    960 		return "UNKNOWN";
    961 	}
    962 }
    963 
    964 
    965 /**
    966  * wpa_key_mgmt_txt - Convert key management suite to a text string
    967  * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
    968  * @proto: WPA/WPA2 version (WPA_PROTO_*)
    969  * Returns: Pointer to a text string of the key management suite name
    970  */
    971 const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
    972 {
    973 	switch (key_mgmt) {
    974 	case WPA_KEY_MGMT_IEEE8021X:
    975 		if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
    976 			return "WPA2+WPA/IEEE 802.1X/EAP";
    977 		return proto == WPA_PROTO_RSN ?
    978 			"WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
    979 	case WPA_KEY_MGMT_PSK:
    980 		if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
    981 			return "WPA2-PSK+WPA-PSK";
    982 		return proto == WPA_PROTO_RSN ?
    983 			"WPA2-PSK" : "WPA-PSK";
    984 	case WPA_KEY_MGMT_NONE:
    985 		return "NONE";
    986 	case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
    987 		return "IEEE 802.1X (no WPA)";
    988 #ifdef CONFIG_IEEE80211R
    989 	case WPA_KEY_MGMT_FT_IEEE8021X:
    990 		return "FT-EAP";
    991 	case WPA_KEY_MGMT_FT_PSK:
    992 		return "FT-PSK";
    993 #endif /* CONFIG_IEEE80211R */
    994 #ifdef CONFIG_IEEE80211W
    995 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
    996 		return "WPA2-EAP-SHA256";
    997 	case WPA_KEY_MGMT_PSK_SHA256:
    998 		return "WPA2-PSK-SHA256";
    999 #endif /* CONFIG_IEEE80211W */
   1000 	default:
   1001 		return "UNKNOWN";
   1002 	}
   1003 }
   1004 
   1005 
   1006 u32 wpa_akm_to_suite(int akm)
   1007 {
   1008 	if (akm & WPA_KEY_MGMT_FT_IEEE8021X)
   1009 		return WLAN_AKM_SUITE_FT_8021X;
   1010 	if (akm & WPA_KEY_MGMT_FT_PSK)
   1011 		return WLAN_AKM_SUITE_FT_PSK;
   1012 	if (akm & WPA_KEY_MGMT_IEEE8021X)
   1013 		return WLAN_AKM_SUITE_8021X;
   1014 	if (akm & WPA_KEY_MGMT_IEEE8021X_SHA256)
   1015 		return WLAN_AKM_SUITE_8021X_SHA256;
   1016 	if (akm & WPA_KEY_MGMT_IEEE8021X)
   1017 		return WLAN_AKM_SUITE_8021X;
   1018 	if (akm & WPA_KEY_MGMT_PSK_SHA256)
   1019 		return WLAN_AKM_SUITE_PSK_SHA256;
   1020 	if (akm & WPA_KEY_MGMT_PSK)
   1021 		return WLAN_AKM_SUITE_PSK;
   1022 	if (akm & WPA_KEY_MGMT_CCKM)
   1023 		return WLAN_AKM_SUITE_CCKM;
   1024 	if (akm & WPA_KEY_MGMT_OSEN)
   1025 		return WLAN_AKM_SUITE_OSEN;
   1026 	return 0;
   1027 }
   1028 
   1029 
   1030 int wpa_compare_rsn_ie(int ft_initial_assoc,
   1031 		       const u8 *ie1, size_t ie1len,
   1032 		       const u8 *ie2, size_t ie2len)
   1033 {
   1034 	if (ie1 == NULL || ie2 == NULL)
   1035 		return -1;
   1036 
   1037 	if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
   1038 		return 0; /* identical IEs */
   1039 
   1040 #ifdef CONFIG_IEEE80211R
   1041 	if (ft_initial_assoc) {
   1042 		struct wpa_ie_data ie1d, ie2d;
   1043 		/*
   1044 		 * The PMKID-List in RSN IE is different between Beacon/Probe
   1045 		 * Response/(Re)Association Request frames and EAPOL-Key
   1046 		 * messages in FT initial mobility domain association. Allow
   1047 		 * for this, but verify that other parts of the RSN IEs are
   1048 		 * identical.
   1049 		 */
   1050 		if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 ||
   1051 		    wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0)
   1052 			return -1;
   1053 		if (ie1d.proto == ie2d.proto &&
   1054 		    ie1d.pairwise_cipher == ie2d.pairwise_cipher &&
   1055 		    ie1d.group_cipher == ie2d.group_cipher &&
   1056 		    ie1d.key_mgmt == ie2d.key_mgmt &&
   1057 		    ie1d.capabilities == ie2d.capabilities &&
   1058 		    ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher)
   1059 			return 0;
   1060 	}
   1061 #endif /* CONFIG_IEEE80211R */
   1062 
   1063 	return -1;
   1064 }
   1065 
   1066 
   1067 #ifdef CONFIG_IEEE80211R
   1068 int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid)
   1069 {
   1070 	u8 *start, *end, *rpos, *rend;
   1071 	int added = 0;
   1072 
   1073 	start = ies;
   1074 	end = ies + ies_len;
   1075 
   1076 	while (start < end) {
   1077 		if (*start == WLAN_EID_RSN)
   1078 			break;
   1079 		start += 2 + start[1];
   1080 	}
   1081 	if (start >= end) {
   1082 		wpa_printf(MSG_ERROR, "FT: Could not find RSN IE in "
   1083 			   "IEs data");
   1084 		return -1;
   1085 	}
   1086 	wpa_hexdump(MSG_DEBUG, "FT: RSN IE before modification",
   1087 		    start, 2 + start[1]);
   1088 
   1089 	/* Find start of PMKID-Count */
   1090 	rpos = start + 2;
   1091 	rend = rpos + start[1];
   1092 
   1093 	/* Skip Version and Group Data Cipher Suite */
   1094 	rpos += 2 + 4;
   1095 	/* Skip Pairwise Cipher Suite Count and List */
   1096 	rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
   1097 	/* Skip AKM Suite Count and List */
   1098 	rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
   1099 
   1100 	if (rpos == rend) {
   1101 		/* Add RSN Capabilities */
   1102 		os_memmove(rpos + 2, rpos, end - rpos);
   1103 		*rpos++ = 0;
   1104 		*rpos++ = 0;
   1105 	} else {
   1106 		/* Skip RSN Capabilities */
   1107 		rpos += 2;
   1108 		if (rpos > rend) {
   1109 			wpa_printf(MSG_ERROR, "FT: Could not parse RSN IE in "
   1110 				   "IEs data");
   1111 			return -1;
   1112 		}
   1113 	}
   1114 
   1115 	if (rpos == rend) {
   1116 		/* No PMKID-Count field included; add it */
   1117 		os_memmove(rpos + 2 + PMKID_LEN, rpos, end - rpos);
   1118 		WPA_PUT_LE16(rpos, 1);
   1119 		rpos += 2;
   1120 		os_memcpy(rpos, pmkid, PMKID_LEN);
   1121 		added += 2 + PMKID_LEN;
   1122 		start[1] += 2 + PMKID_LEN;
   1123 	} else {
   1124 		/* PMKID-Count was included; use it */
   1125 		if (WPA_GET_LE16(rpos) != 0) {
   1126 			wpa_printf(MSG_ERROR, "FT: Unexpected PMKID "
   1127 				   "in RSN IE in EAPOL-Key data");
   1128 			return -1;
   1129 		}
   1130 		WPA_PUT_LE16(rpos, 1);
   1131 		rpos += 2;
   1132 		os_memmove(rpos + PMKID_LEN, rpos, end - rpos);
   1133 		os_memcpy(rpos, pmkid, PMKID_LEN);
   1134 		added += PMKID_LEN;
   1135 		start[1] += PMKID_LEN;
   1136 	}
   1137 
   1138 	wpa_hexdump(MSG_DEBUG, "FT: RSN IE after modification "
   1139 		    "(PMKID inserted)", start, 2 + start[1]);
   1140 
   1141 	return added;
   1142 }
   1143 #endif /* CONFIG_IEEE80211R */
   1144 
   1145 
   1146 int wpa_cipher_key_len(int cipher)
   1147 {
   1148 	switch (cipher) {
   1149 	case WPA_CIPHER_CCMP_256:
   1150 	case WPA_CIPHER_GCMP_256:
   1151 	case WPA_CIPHER_BIP_GMAC_256:
   1152 	case WPA_CIPHER_BIP_CMAC_256:
   1153 		return 32;
   1154 	case WPA_CIPHER_CCMP:
   1155 	case WPA_CIPHER_GCMP:
   1156 	case WPA_CIPHER_AES_128_CMAC:
   1157 	case WPA_CIPHER_BIP_GMAC_128:
   1158 		return 16;
   1159 	case WPA_CIPHER_TKIP:
   1160 		return 32;
   1161 	case WPA_CIPHER_WEP104:
   1162 		return 13;
   1163 	case WPA_CIPHER_WEP40:
   1164 		return 5;
   1165 	}
   1166 
   1167 	return 0;
   1168 }
   1169 
   1170 
   1171 int wpa_cipher_rsc_len(int cipher)
   1172 {
   1173 	switch (cipher) {
   1174 	case WPA_CIPHER_CCMP_256:
   1175 	case WPA_CIPHER_GCMP_256:
   1176 	case WPA_CIPHER_CCMP:
   1177 	case WPA_CIPHER_GCMP:
   1178 	case WPA_CIPHER_TKIP:
   1179 		return 6;
   1180 	case WPA_CIPHER_WEP104:
   1181 	case WPA_CIPHER_WEP40:
   1182 		return 0;
   1183 	}
   1184 
   1185 	return 0;
   1186 }
   1187 
   1188 
   1189 int wpa_cipher_to_alg(int cipher)
   1190 {
   1191 	switch (cipher) {
   1192 	case WPA_CIPHER_CCMP_256:
   1193 		return WPA_ALG_CCMP_256;
   1194 	case WPA_CIPHER_GCMP_256:
   1195 		return WPA_ALG_GCMP_256;
   1196 	case WPA_CIPHER_CCMP:
   1197 		return WPA_ALG_CCMP;
   1198 	case WPA_CIPHER_GCMP:
   1199 		return WPA_ALG_GCMP;
   1200 	case WPA_CIPHER_TKIP:
   1201 		return WPA_ALG_TKIP;
   1202 	case WPA_CIPHER_WEP104:
   1203 	case WPA_CIPHER_WEP40:
   1204 		return WPA_ALG_WEP;
   1205 	case WPA_CIPHER_AES_128_CMAC:
   1206 		return WPA_ALG_IGTK;
   1207 	case WPA_CIPHER_BIP_GMAC_128:
   1208 		return WPA_ALG_BIP_GMAC_128;
   1209 	case WPA_CIPHER_BIP_GMAC_256:
   1210 		return WPA_ALG_BIP_GMAC_256;
   1211 	case WPA_CIPHER_BIP_CMAC_256:
   1212 		return WPA_ALG_BIP_CMAC_256;
   1213 	}
   1214 	return WPA_ALG_NONE;
   1215 }
   1216 
   1217 
   1218 int wpa_cipher_valid_pairwise(int cipher)
   1219 {
   1220 	return cipher == WPA_CIPHER_CCMP_256 ||
   1221 		cipher == WPA_CIPHER_GCMP_256 ||
   1222 		cipher == WPA_CIPHER_CCMP ||
   1223 		cipher == WPA_CIPHER_GCMP ||
   1224 		cipher == WPA_CIPHER_TKIP;
   1225 }
   1226 
   1227 
   1228 u32 wpa_cipher_to_suite(int proto, int cipher)
   1229 {
   1230 	if (cipher & WPA_CIPHER_CCMP_256)
   1231 		return RSN_CIPHER_SUITE_CCMP_256;
   1232 	if (cipher & WPA_CIPHER_GCMP_256)
   1233 		return RSN_CIPHER_SUITE_GCMP_256;
   1234 	if (cipher & WPA_CIPHER_CCMP)
   1235 		return (proto == WPA_PROTO_RSN ?
   1236 			RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
   1237 	if (cipher & WPA_CIPHER_GCMP)
   1238 		return RSN_CIPHER_SUITE_GCMP;
   1239 	if (cipher & WPA_CIPHER_TKIP)
   1240 		return (proto == WPA_PROTO_RSN ?
   1241 			RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
   1242 	if (cipher & WPA_CIPHER_WEP104)
   1243 		return (proto == WPA_PROTO_RSN ?
   1244 			RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
   1245 	if (cipher & WPA_CIPHER_WEP40)
   1246 		return (proto == WPA_PROTO_RSN ?
   1247 			RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
   1248 	if (cipher & WPA_CIPHER_NONE)
   1249 		return (proto == WPA_PROTO_RSN ?
   1250 			RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
   1251 	if (cipher & WPA_CIPHER_GTK_NOT_USED)
   1252 		return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
   1253 	if (cipher & WPA_CIPHER_AES_128_CMAC)
   1254 		return RSN_CIPHER_SUITE_AES_128_CMAC;
   1255 	if (cipher & WPA_CIPHER_BIP_GMAC_128)
   1256 		return RSN_CIPHER_SUITE_BIP_GMAC_128;
   1257 	if (cipher & WPA_CIPHER_BIP_GMAC_256)
   1258 		return RSN_CIPHER_SUITE_BIP_GMAC_256;
   1259 	if (cipher & WPA_CIPHER_BIP_CMAC_256)
   1260 		return RSN_CIPHER_SUITE_BIP_CMAC_256;
   1261 	return 0;
   1262 }
   1263 
   1264 
   1265 int rsn_cipher_put_suites(u8 *start, int ciphers)
   1266 {
   1267 	u8 *pos = start;
   1268 
   1269 	if (ciphers & WPA_CIPHER_CCMP_256) {
   1270 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256);
   1271 		pos += RSN_SELECTOR_LEN;
   1272 	}
   1273 	if (ciphers & WPA_CIPHER_GCMP_256) {
   1274 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256);
   1275 		pos += RSN_SELECTOR_LEN;
   1276 	}
   1277 	if (ciphers & WPA_CIPHER_CCMP) {
   1278 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
   1279 		pos += RSN_SELECTOR_LEN;
   1280 	}
   1281 	if (ciphers & WPA_CIPHER_GCMP) {
   1282 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP);
   1283 		pos += RSN_SELECTOR_LEN;
   1284 	}
   1285 	if (ciphers & WPA_CIPHER_TKIP) {
   1286 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
   1287 		pos += RSN_SELECTOR_LEN;
   1288 	}
   1289 	if (ciphers & WPA_CIPHER_NONE) {
   1290 		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
   1291 		pos += RSN_SELECTOR_LEN;
   1292 	}
   1293 
   1294 	return (pos - start) / RSN_SELECTOR_LEN;
   1295 }
   1296 
   1297 
   1298 int wpa_cipher_put_suites(u8 *start, int ciphers)
   1299 {
   1300 	u8 *pos = start;
   1301 
   1302 	if (ciphers & WPA_CIPHER_CCMP) {
   1303 		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
   1304 		pos += WPA_SELECTOR_LEN;
   1305 	}
   1306 	if (ciphers & WPA_CIPHER_TKIP) {
   1307 		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
   1308 		pos += WPA_SELECTOR_LEN;
   1309 	}
   1310 	if (ciphers & WPA_CIPHER_NONE) {
   1311 		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
   1312 		pos += WPA_SELECTOR_LEN;
   1313 	}
   1314 
   1315 	return (pos - start) / RSN_SELECTOR_LEN;
   1316 }
   1317 
   1318 
   1319 int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
   1320 {
   1321 	if (ciphers & WPA_CIPHER_CCMP_256)
   1322 		return WPA_CIPHER_CCMP_256;
   1323 	if (ciphers & WPA_CIPHER_GCMP_256)
   1324 		return WPA_CIPHER_GCMP_256;
   1325 	if (ciphers & WPA_CIPHER_CCMP)
   1326 		return WPA_CIPHER_CCMP;
   1327 	if (ciphers & WPA_CIPHER_GCMP)
   1328 		return WPA_CIPHER_GCMP;
   1329 	if (ciphers & WPA_CIPHER_TKIP)
   1330 		return WPA_CIPHER_TKIP;
   1331 	if (none_allowed && (ciphers & WPA_CIPHER_NONE))
   1332 		return WPA_CIPHER_NONE;
   1333 	return -1;
   1334 }
   1335 
   1336 
   1337 int wpa_pick_group_cipher(int ciphers)
   1338 {
   1339 	if (ciphers & WPA_CIPHER_CCMP_256)
   1340 		return WPA_CIPHER_CCMP_256;
   1341 	if (ciphers & WPA_CIPHER_GCMP_256)
   1342 		return WPA_CIPHER_GCMP_256;
   1343 	if (ciphers & WPA_CIPHER_CCMP)
   1344 		return WPA_CIPHER_CCMP;
   1345 	if (ciphers & WPA_CIPHER_GCMP)
   1346 		return WPA_CIPHER_GCMP;
   1347 	if (ciphers & WPA_CIPHER_GTK_NOT_USED)
   1348 		return WPA_CIPHER_GTK_NOT_USED;
   1349 	if (ciphers & WPA_CIPHER_TKIP)
   1350 		return WPA_CIPHER_TKIP;
   1351 	if (ciphers & WPA_CIPHER_WEP104)
   1352 		return WPA_CIPHER_WEP104;
   1353 	if (ciphers & WPA_CIPHER_WEP40)
   1354 		return WPA_CIPHER_WEP40;
   1355 	return -1;
   1356 }
   1357 
   1358 
   1359 int wpa_parse_cipher(const char *value)
   1360 {
   1361 	int val = 0, last;
   1362 	char *start, *end, *buf;
   1363 
   1364 	buf = os_strdup(value);
   1365 	if (buf == NULL)
   1366 		return -1;
   1367 	start = buf;
   1368 
   1369 	while (*start != '\0') {
   1370 		while (*start == ' ' || *start == '\t')
   1371 			start++;
   1372 		if (*start == '\0')
   1373 			break;
   1374 		end = start;
   1375 		while (*end != ' ' && *end != '\t' && *end != '\0')
   1376 			end++;
   1377 		last = *end == '\0';
   1378 		*end = '\0';
   1379 		if (os_strcmp(start, "CCMP-256") == 0)
   1380 			val |= WPA_CIPHER_CCMP_256;
   1381 		else if (os_strcmp(start, "GCMP-256") == 0)
   1382 			val |= WPA_CIPHER_GCMP_256;
   1383 		else if (os_strcmp(start, "CCMP") == 0)
   1384 			val |= WPA_CIPHER_CCMP;
   1385 		else if (os_strcmp(start, "GCMP") == 0)
   1386 			val |= WPA_CIPHER_GCMP;
   1387 		else if (os_strcmp(start, "TKIP") == 0)
   1388 			val |= WPA_CIPHER_TKIP;
   1389 		else if (os_strcmp(start, "WEP104") == 0)
   1390 			val |= WPA_CIPHER_WEP104;
   1391 		else if (os_strcmp(start, "WEP40") == 0)
   1392 			val |= WPA_CIPHER_WEP40;
   1393 		else if (os_strcmp(start, "NONE") == 0)
   1394 			val |= WPA_CIPHER_NONE;
   1395 		else if (os_strcmp(start, "GTK_NOT_USED") == 0)
   1396 			val |= WPA_CIPHER_GTK_NOT_USED;
   1397 		else {
   1398 			os_free(buf);
   1399 			return -1;
   1400 		}
   1401 
   1402 		if (last)
   1403 			break;
   1404 		start = end + 1;
   1405 	}
   1406 	os_free(buf);
   1407 
   1408 	return val;
   1409 }
   1410 
   1411 
   1412 int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
   1413 {
   1414 	char *pos = start;
   1415 	int ret;
   1416 
   1417 	if (ciphers & WPA_CIPHER_CCMP_256) {
   1418 		ret = os_snprintf(pos, end - pos, "%sCCMP-256",
   1419 				  pos == start ? "" : delim);
   1420 		if (ret < 0 || ret >= end - pos)
   1421 			return -1;
   1422 		pos += ret;
   1423 	}
   1424 	if (ciphers & WPA_CIPHER_GCMP_256) {
   1425 		ret = os_snprintf(pos, end - pos, "%sGCMP-256",
   1426 				  pos == start ? "" : delim);
   1427 		if (ret < 0 || ret >= end - pos)
   1428 			return -1;
   1429 		pos += ret;
   1430 	}
   1431 	if (ciphers & WPA_CIPHER_CCMP) {
   1432 		ret = os_snprintf(pos, end - pos, "%sCCMP",
   1433 				  pos == start ? "" : delim);
   1434 		if (ret < 0 || ret >= end - pos)
   1435 			return -1;
   1436 		pos += ret;
   1437 	}
   1438 	if (ciphers & WPA_CIPHER_GCMP) {
   1439 		ret = os_snprintf(pos, end - pos, "%sGCMP",
   1440 				  pos == start ? "" : delim);
   1441 		if (ret < 0 || ret >= end - pos)
   1442 			return -1;
   1443 		pos += ret;
   1444 	}
   1445 	if (ciphers & WPA_CIPHER_TKIP) {
   1446 		ret = os_snprintf(pos, end - pos, "%sTKIP",
   1447 				  pos == start ? "" : delim);
   1448 		if (ret < 0 || ret >= end - pos)
   1449 			return -1;
   1450 		pos += ret;
   1451 	}
   1452 	if (ciphers & WPA_CIPHER_WEP104) {
   1453 		ret = os_snprintf(pos, end - pos, "%sWEP104",
   1454 				  pos == start ? "" : delim);
   1455 		if (ret < 0 || ret >= end - pos)
   1456 			return -1;
   1457 		pos += ret;
   1458 	}
   1459 	if (ciphers & WPA_CIPHER_WEP40) {
   1460 		ret = os_snprintf(pos, end - pos, "%sWEP40",
   1461 				  pos == start ? "" : delim);
   1462 		if (ret < 0 || ret >= end - pos)
   1463 			return -1;
   1464 		pos += ret;
   1465 	}
   1466 	if (ciphers & WPA_CIPHER_NONE) {
   1467 		ret = os_snprintf(pos, end - pos, "%sNONE",
   1468 				  pos == start ? "" : delim);
   1469 		if (ret < 0 || ret >= end - pos)
   1470 			return -1;
   1471 		pos += ret;
   1472 	}
   1473 
   1474 	return pos - start;
   1475 }
   1476 
   1477 
   1478 int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
   1479 {
   1480 	int pairwise = 0;
   1481 
   1482 	/* Select group cipher based on the enabled pairwise cipher suites */
   1483 	if (wpa & 1)
   1484 		pairwise |= wpa_pairwise;
   1485 	if (wpa & 2)
   1486 		pairwise |= rsn_pairwise;
   1487 
   1488 	if (pairwise & WPA_CIPHER_TKIP)
   1489 		return WPA_CIPHER_TKIP;
   1490 	if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
   1491 		return WPA_CIPHER_GCMP;
   1492 	if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP |
   1493 			 WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256)
   1494 		return WPA_CIPHER_GCMP_256;
   1495 	if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP |
   1496 			 WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256)
   1497 		return WPA_CIPHER_CCMP_256;
   1498 	return WPA_CIPHER_CCMP;
   1499 }
   1500 
   1501 
   1502 static int wpa_check_wowlan_trigger(const char *start, const char *trigger,
   1503 				    int capa_trigger, u8 *param_trigger)
   1504 {
   1505 	if (os_strcmp(start, trigger) != 0)
   1506 		return 0;
   1507 	if (!capa_trigger)
   1508 		return 0;
   1509 
   1510 	*param_trigger = 1;
   1511 	return 1;
   1512 }
   1513 
   1514 
   1515 struct wowlan_triggers *wpa_get_wowlan_triggers(const char *wowlan_triggers,
   1516 						struct wpa_driver_capa *capa)
   1517 {
   1518 	struct wowlan_triggers *triggers;
   1519 	char *start, *end, *buf;
   1520 	int last;
   1521 
   1522 	if (!wowlan_triggers)
   1523 		return NULL;
   1524 
   1525 	buf = os_strdup(wowlan_triggers);
   1526 	if (buf == NULL)
   1527 		return NULL;
   1528 
   1529 	triggers = os_zalloc(sizeof(*triggers));
   1530 	if (triggers == NULL)
   1531 		goto out;
   1532 
   1533 #define CHECK_TRIGGER(trigger) \
   1534 	wpa_check_wowlan_trigger(start, #trigger,			\
   1535 				  capa->wowlan_triggers.trigger,	\
   1536 				  &triggers->trigger)
   1537 
   1538 	start = buf;
   1539 	while (*start != '\0') {
   1540 		while (isblank(*start))
   1541 			start++;
   1542 		if (*start == '\0')
   1543 			break;
   1544 		end = start;
   1545 		while (!isblank(*end) && *end != '\0')
   1546 			end++;
   1547 		last = *end == '\0';
   1548 		*end = '\0';
   1549 
   1550 		if (!CHECK_TRIGGER(any) &&
   1551 		    !CHECK_TRIGGER(disconnect) &&
   1552 		    !CHECK_TRIGGER(magic_pkt) &&
   1553 		    !CHECK_TRIGGER(gtk_rekey_failure) &&
   1554 		    !CHECK_TRIGGER(eap_identity_req) &&
   1555 		    !CHECK_TRIGGER(four_way_handshake) &&
   1556 		    !CHECK_TRIGGER(rfkill_release)) {
   1557 			wpa_printf(MSG_DEBUG,
   1558 				   "Unknown/unsupported wowlan trigger '%s'",
   1559 				   start);
   1560 			os_free(triggers);
   1561 			triggers = NULL;
   1562 			goto out;
   1563 		}
   1564 
   1565 		if (last)
   1566 			break;
   1567 		start = end + 1;
   1568 	}
   1569 #undef CHECK_TRIGGER
   1570 
   1571 out:
   1572 	os_free(buf);
   1573 	return triggers;
   1574 }
   1575