1 /* 2 * WPA/RSN - Shared functions for supplicant and authenticator 3 * Copyright (c) 2002-2013, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "crypto/md5.h" 13 #include "crypto/sha1.h" 14 #include "crypto/sha256.h" 15 #include "crypto/aes_wrap.h" 16 #include "crypto/crypto.h" 17 #include "drivers/driver.h" 18 #include "ieee802_11_defs.h" 19 #include "defs.h" 20 #include "wpa_common.h" 21 22 23 /** 24 * wpa_eapol_key_mic - Calculate EAPOL-Key MIC 25 * @key: EAPOL-Key Key Confirmation Key (KCK) 26 * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*) 27 * @buf: Pointer to the beginning of the EAPOL header (version field) 28 * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame) 29 * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written 30 * Returns: 0 on success, -1 on failure 31 * 32 * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has 33 * to be cleared (all zeroes) when calling this function. 34 * 35 * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the 36 * description of the Key MIC calculation. It includes packet data from the 37 * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change 38 * happened during final editing of the standard and the correct behavior is 39 * defined in the last draft (IEEE 802.11i/D10). 40 */ 41 int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len, 42 u8 *mic) 43 { 44 u8 hash[SHA1_MAC_LEN]; 45 46 switch (ver) { 47 #ifndef CONFIG_FIPS 48 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: 49 return hmac_md5(key, 16, buf, len, mic); 50 #endif /* CONFIG_FIPS */ 51 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: 52 if (hmac_sha1(key, 16, buf, len, hash)) 53 return -1; 54 os_memcpy(mic, hash, MD5_MAC_LEN); 55 break; 56 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W) 57 case WPA_KEY_INFO_TYPE_AES_128_CMAC: 58 return omac1_aes_128(key, buf, len, mic); 59 #endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */ 60 #ifdef CONFIG_HS20 61 case WPA_KEY_INFO_TYPE_AKM_DEFINED: 62 /* FIX: This should be based on negotiated AKM */ 63 return omac1_aes_128(key, buf, len, mic); 64 #endif /* CONFIG_HS20 */ 65 default: 66 return -1; 67 } 68 69 return 0; 70 } 71 72 73 /** 74 * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces 75 * @pmk: Pairwise master key 76 * @pmk_len: Length of PMK 77 * @label: Label to use in derivation 78 * @addr1: AA or SA 79 * @addr2: SA or AA 80 * @nonce1: ANonce or SNonce 81 * @nonce2: SNonce or ANonce 82 * @ptk: Buffer for pairwise transient key 83 * @ptk_len: Length of PTK 84 * @use_sha256: Whether to use SHA256-based KDF 85 * 86 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy 87 * PTK = PRF-X(PMK, "Pairwise key expansion", 88 * Min(AA, SA) || Max(AA, SA) || 89 * Min(ANonce, SNonce) || Max(ANonce, SNonce)) 90 * 91 * STK = PRF-X(SMK, "Peer key expansion", 92 * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) || 93 * Min(INonce, PNonce) || Max(INonce, PNonce)) 94 */ 95 void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, 96 const u8 *addr1, const u8 *addr2, 97 const u8 *nonce1, const u8 *nonce2, 98 u8 *ptk, size_t ptk_len, int use_sha256) 99 { 100 u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN]; 101 102 if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) { 103 os_memcpy(data, addr1, ETH_ALEN); 104 os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN); 105 } else { 106 os_memcpy(data, addr2, ETH_ALEN); 107 os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN); 108 } 109 110 if (os_memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) { 111 os_memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN); 112 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2, 113 WPA_NONCE_LEN); 114 } else { 115 os_memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN); 116 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1, 117 WPA_NONCE_LEN); 118 } 119 120 #ifdef CONFIG_IEEE80211W 121 if (use_sha256) 122 sha256_prf(pmk, pmk_len, label, data, sizeof(data), 123 ptk, ptk_len); 124 else 125 #endif /* CONFIG_IEEE80211W */ 126 sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, 127 ptk_len); 128 129 wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR, 130 MAC2STR(addr1), MAC2STR(addr2)); 131 wpa_hexdump(MSG_DEBUG, "WPA: Nonce1", nonce1, WPA_NONCE_LEN); 132 wpa_hexdump(MSG_DEBUG, "WPA: Nonce2", nonce2, WPA_NONCE_LEN); 133 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len); 134 wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", ptk, ptk_len); 135 } 136 137 138 #ifdef CONFIG_IEEE80211R 139 int wpa_ft_mic(const u8 *kck, const u8 *sta_addr, const u8 *ap_addr, 140 u8 transaction_seqnum, const u8 *mdie, size_t mdie_len, 141 const u8 *ftie, size_t ftie_len, 142 const u8 *rsnie, size_t rsnie_len, 143 const u8 *ric, size_t ric_len, u8 *mic) 144 { 145 u8 *buf, *pos; 146 size_t buf_len; 147 148 buf_len = 2 * ETH_ALEN + 1 + mdie_len + ftie_len + rsnie_len + ric_len; 149 buf = os_malloc(buf_len); 150 if (buf == NULL) 151 return -1; 152 153 pos = buf; 154 os_memcpy(pos, sta_addr, ETH_ALEN); 155 pos += ETH_ALEN; 156 os_memcpy(pos, ap_addr, ETH_ALEN); 157 pos += ETH_ALEN; 158 *pos++ = transaction_seqnum; 159 if (rsnie) { 160 os_memcpy(pos, rsnie, rsnie_len); 161 pos += rsnie_len; 162 } 163 if (mdie) { 164 os_memcpy(pos, mdie, mdie_len); 165 pos += mdie_len; 166 } 167 if (ftie) { 168 struct rsn_ftie *_ftie; 169 os_memcpy(pos, ftie, ftie_len); 170 if (ftie_len < 2 + sizeof(*_ftie)) { 171 os_free(buf); 172 return -1; 173 } 174 _ftie = (struct rsn_ftie *) (pos + 2); 175 os_memset(_ftie->mic, 0, sizeof(_ftie->mic)); 176 pos += ftie_len; 177 } 178 if (ric) { 179 os_memcpy(pos, ric, ric_len); 180 pos += ric_len; 181 } 182 183 wpa_hexdump(MSG_MSGDUMP, "FT: MIC data", buf, pos - buf); 184 if (omac1_aes_128(kck, buf, pos - buf, mic)) { 185 os_free(buf); 186 return -1; 187 } 188 189 os_free(buf); 190 191 return 0; 192 } 193 194 195 static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len, 196 struct wpa_ft_ies *parse) 197 { 198 const u8 *end, *pos; 199 200 parse->ftie = ie; 201 parse->ftie_len = ie_len; 202 203 pos = ie + sizeof(struct rsn_ftie); 204 end = ie + ie_len; 205 206 while (pos + 2 <= end && pos + 2 + pos[1] <= end) { 207 switch (pos[0]) { 208 case FTIE_SUBELEM_R1KH_ID: 209 if (pos[1] != FT_R1KH_ID_LEN) { 210 wpa_printf(MSG_DEBUG, "FT: Invalid R1KH-ID " 211 "length in FTIE: %d", pos[1]); 212 return -1; 213 } 214 parse->r1kh_id = pos + 2; 215 break; 216 case FTIE_SUBELEM_GTK: 217 parse->gtk = pos + 2; 218 parse->gtk_len = pos[1]; 219 break; 220 case FTIE_SUBELEM_R0KH_ID: 221 if (pos[1] < 1 || pos[1] > FT_R0KH_ID_MAX_LEN) { 222 wpa_printf(MSG_DEBUG, "FT: Invalid R0KH-ID " 223 "length in FTIE: %d", pos[1]); 224 return -1; 225 } 226 parse->r0kh_id = pos + 2; 227 parse->r0kh_id_len = pos[1]; 228 break; 229 #ifdef CONFIG_IEEE80211W 230 case FTIE_SUBELEM_IGTK: 231 parse->igtk = pos + 2; 232 parse->igtk_len = pos[1]; 233 break; 234 #endif /* CONFIG_IEEE80211W */ 235 } 236 237 pos += 2 + pos[1]; 238 } 239 240 return 0; 241 } 242 243 244 int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, 245 struct wpa_ft_ies *parse) 246 { 247 const u8 *end, *pos; 248 struct wpa_ie_data data; 249 int ret; 250 const struct rsn_ftie *ftie; 251 int prot_ie_count = 0; 252 253 os_memset(parse, 0, sizeof(*parse)); 254 if (ies == NULL) 255 return 0; 256 257 pos = ies; 258 end = ies + ies_len; 259 while (pos + 2 <= end && pos + 2 + pos[1] <= end) { 260 switch (pos[0]) { 261 case WLAN_EID_RSN: 262 parse->rsn = pos + 2; 263 parse->rsn_len = pos[1]; 264 ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2, 265 parse->rsn_len + 2, 266 &data); 267 if (ret < 0) { 268 wpa_printf(MSG_DEBUG, "FT: Failed to parse " 269 "RSN IE: %d", ret); 270 return -1; 271 } 272 if (data.num_pmkid == 1 && data.pmkid) 273 parse->rsn_pmkid = data.pmkid; 274 break; 275 case WLAN_EID_MOBILITY_DOMAIN: 276 parse->mdie = pos + 2; 277 parse->mdie_len = pos[1]; 278 break; 279 case WLAN_EID_FAST_BSS_TRANSITION: 280 if (pos[1] < sizeof(*ftie)) 281 return -1; 282 ftie = (const struct rsn_ftie *) (pos + 2); 283 prot_ie_count = ftie->mic_control[1]; 284 if (wpa_ft_parse_ftie(pos + 2, pos[1], parse) < 0) 285 return -1; 286 break; 287 case WLAN_EID_TIMEOUT_INTERVAL: 288 parse->tie = pos + 2; 289 parse->tie_len = pos[1]; 290 break; 291 case WLAN_EID_RIC_DATA: 292 if (parse->ric == NULL) 293 parse->ric = pos; 294 break; 295 } 296 297 pos += 2 + pos[1]; 298 } 299 300 if (prot_ie_count == 0) 301 return 0; /* no MIC */ 302 303 /* 304 * Check that the protected IE count matches with IEs included in the 305 * frame. 306 */ 307 if (parse->rsn) 308 prot_ie_count--; 309 if (parse->mdie) 310 prot_ie_count--; 311 if (parse->ftie) 312 prot_ie_count--; 313 if (prot_ie_count < 0) { 314 wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in " 315 "the protected IE count"); 316 return -1; 317 } 318 319 if (prot_ie_count == 0 && parse->ric) { 320 wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not " 321 "included in protected IE count"); 322 return -1; 323 } 324 325 /* Determine the end of the RIC IE(s) */ 326 pos = parse->ric; 327 while (pos && pos + 2 <= end && pos + 2 + pos[1] <= end && 328 prot_ie_count) { 329 prot_ie_count--; 330 pos += 2 + pos[1]; 331 } 332 parse->ric_len = pos - parse->ric; 333 if (prot_ie_count) { 334 wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from " 335 "frame", (int) prot_ie_count); 336 return -1; 337 } 338 339 return 0; 340 } 341 #endif /* CONFIG_IEEE80211R */ 342 343 344 static int rsn_selector_to_bitfield(const u8 *s) 345 { 346 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE) 347 return WPA_CIPHER_NONE; 348 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP40) 349 return WPA_CIPHER_WEP40; 350 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP) 351 return WPA_CIPHER_TKIP; 352 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP) 353 return WPA_CIPHER_CCMP; 354 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP104) 355 return WPA_CIPHER_WEP104; 356 #ifdef CONFIG_IEEE80211W 357 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC) 358 return WPA_CIPHER_AES_128_CMAC; 359 #endif /* CONFIG_IEEE80211W */ 360 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP) 361 return WPA_CIPHER_GCMP; 362 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256) 363 return WPA_CIPHER_CCMP_256; 364 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256) 365 return WPA_CIPHER_GCMP_256; 366 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128) 367 return WPA_CIPHER_BIP_GMAC_128; 368 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256) 369 return WPA_CIPHER_BIP_GMAC_256; 370 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256) 371 return WPA_CIPHER_BIP_CMAC_256; 372 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED) 373 return WPA_CIPHER_GTK_NOT_USED; 374 return 0; 375 } 376 377 378 static int rsn_key_mgmt_to_bitfield(const u8 *s) 379 { 380 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X) 381 return WPA_KEY_MGMT_IEEE8021X; 382 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X) 383 return WPA_KEY_MGMT_PSK; 384 #ifdef CONFIG_IEEE80211R 385 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X) 386 return WPA_KEY_MGMT_FT_IEEE8021X; 387 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK) 388 return WPA_KEY_MGMT_FT_PSK; 389 #endif /* CONFIG_IEEE80211R */ 390 #ifdef CONFIG_IEEE80211W 391 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256) 392 return WPA_KEY_MGMT_IEEE8021X_SHA256; 393 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256) 394 return WPA_KEY_MGMT_PSK_SHA256; 395 #endif /* CONFIG_IEEE80211W */ 396 #ifdef CONFIG_SAE 397 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE) 398 return WPA_KEY_MGMT_SAE; 399 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE) 400 return WPA_KEY_MGMT_FT_SAE; 401 #endif /* CONFIG_SAE */ 402 return 0; 403 } 404 405 406 static int wpa_cipher_valid_group(int cipher) 407 { 408 return wpa_cipher_valid_pairwise(cipher) || 409 cipher == WPA_CIPHER_WEP104 || 410 cipher == WPA_CIPHER_WEP40 || 411 cipher == WPA_CIPHER_GTK_NOT_USED; 412 } 413 414 415 #ifdef CONFIG_IEEE80211W 416 int wpa_cipher_valid_mgmt_group(int cipher) 417 { 418 return cipher == WPA_CIPHER_AES_128_CMAC || 419 cipher == WPA_CIPHER_BIP_GMAC_128 || 420 cipher == WPA_CIPHER_BIP_GMAC_256 || 421 cipher == WPA_CIPHER_BIP_CMAC_256; 422 } 423 #endif /* CONFIG_IEEE80211W */ 424 425 426 /** 427 * wpa_parse_wpa_ie_rsn - Parse RSN IE 428 * @rsn_ie: Buffer containing RSN IE 429 * @rsn_ie_len: RSN IE buffer length (including IE number and length octets) 430 * @data: Pointer to structure that will be filled in with parsed data 431 * Returns: 0 on success, <0 on failure 432 */ 433 int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len, 434 struct wpa_ie_data *data) 435 { 436 const struct rsn_ie_hdr *hdr; 437 const u8 *pos; 438 int left; 439 int i, count; 440 441 os_memset(data, 0, sizeof(*data)); 442 data->proto = WPA_PROTO_RSN; 443 data->pairwise_cipher = WPA_CIPHER_CCMP; 444 data->group_cipher = WPA_CIPHER_CCMP; 445 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 446 data->capabilities = 0; 447 data->pmkid = NULL; 448 data->num_pmkid = 0; 449 #ifdef CONFIG_IEEE80211W 450 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; 451 #else /* CONFIG_IEEE80211W */ 452 data->mgmt_group_cipher = 0; 453 #endif /* CONFIG_IEEE80211W */ 454 455 if (rsn_ie_len == 0) { 456 /* No RSN IE - fail silently */ 457 return -1; 458 } 459 460 if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) { 461 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu", 462 __func__, (unsigned long) rsn_ie_len); 463 return -1; 464 } 465 466 hdr = (const struct rsn_ie_hdr *) rsn_ie; 467 468 if (hdr->elem_id != WLAN_EID_RSN || 469 hdr->len != rsn_ie_len - 2 || 470 WPA_GET_LE16(hdr->version) != RSN_VERSION) { 471 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", 472 __func__); 473 return -2; 474 } 475 476 pos = (const u8 *) (hdr + 1); 477 left = rsn_ie_len - sizeof(*hdr); 478 479 if (left >= RSN_SELECTOR_LEN) { 480 data->group_cipher = rsn_selector_to_bitfield(pos); 481 if (!wpa_cipher_valid_group(data->group_cipher)) { 482 wpa_printf(MSG_DEBUG, "%s: invalid group cipher 0x%x", 483 __func__, data->group_cipher); 484 return -1; 485 } 486 pos += RSN_SELECTOR_LEN; 487 left -= RSN_SELECTOR_LEN; 488 } else if (left > 0) { 489 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", 490 __func__, left); 491 return -3; 492 } 493 494 if (left >= 2) { 495 data->pairwise_cipher = 0; 496 count = WPA_GET_LE16(pos); 497 pos += 2; 498 left -= 2; 499 if (count == 0 || left < count * RSN_SELECTOR_LEN) { 500 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " 501 "count %u left %u", __func__, count, left); 502 return -4; 503 } 504 for (i = 0; i < count; i++) { 505 data->pairwise_cipher |= rsn_selector_to_bitfield(pos); 506 pos += RSN_SELECTOR_LEN; 507 left -= RSN_SELECTOR_LEN; 508 } 509 #ifdef CONFIG_IEEE80211W 510 if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) { 511 wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as " 512 "pairwise cipher", __func__); 513 return -1; 514 } 515 #endif /* CONFIG_IEEE80211W */ 516 } else if (left == 1) { 517 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", 518 __func__); 519 return -5; 520 } 521 522 if (left >= 2) { 523 data->key_mgmt = 0; 524 count = WPA_GET_LE16(pos); 525 pos += 2; 526 left -= 2; 527 if (count == 0 || left < count * RSN_SELECTOR_LEN) { 528 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " 529 "count %u left %u", __func__, count, left); 530 return -6; 531 } 532 for (i = 0; i < count; i++) { 533 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos); 534 pos += RSN_SELECTOR_LEN; 535 left -= RSN_SELECTOR_LEN; 536 } 537 } else if (left == 1) { 538 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", 539 __func__); 540 return -7; 541 } 542 543 if (left >= 2) { 544 data->capabilities = WPA_GET_LE16(pos); 545 pos += 2; 546 left -= 2; 547 } 548 549 if (left >= 2) { 550 data->num_pmkid = WPA_GET_LE16(pos); 551 pos += 2; 552 left -= 2; 553 if (left < (int) data->num_pmkid * PMKID_LEN) { 554 wpa_printf(MSG_DEBUG, "%s: PMKID underflow " 555 "(num_pmkid=%lu left=%d)", 556 __func__, (unsigned long) data->num_pmkid, 557 left); 558 data->num_pmkid = 0; 559 return -9; 560 } else { 561 data->pmkid = pos; 562 pos += data->num_pmkid * PMKID_LEN; 563 left -= data->num_pmkid * PMKID_LEN; 564 } 565 } 566 567 #ifdef CONFIG_IEEE80211W 568 if (left >= 4) { 569 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos); 570 if (!wpa_cipher_valid_mgmt_group(data->mgmt_group_cipher)) { 571 wpa_printf(MSG_DEBUG, "%s: Unsupported management " 572 "group cipher 0x%x", __func__, 573 data->mgmt_group_cipher); 574 return -10; 575 } 576 pos += RSN_SELECTOR_LEN; 577 left -= RSN_SELECTOR_LEN; 578 } 579 #endif /* CONFIG_IEEE80211W */ 580 581 if (left > 0) { 582 wpa_hexdump(MSG_DEBUG, 583 "wpa_parse_wpa_ie_rsn: ignore trailing bytes", 584 pos, left); 585 } 586 587 return 0; 588 } 589 590 591 static int wpa_selector_to_bitfield(const u8 *s) 592 { 593 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE) 594 return WPA_CIPHER_NONE; 595 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40) 596 return WPA_CIPHER_WEP40; 597 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP) 598 return WPA_CIPHER_TKIP; 599 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP) 600 return WPA_CIPHER_CCMP; 601 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104) 602 return WPA_CIPHER_WEP104; 603 return 0; 604 } 605 606 607 static int wpa_key_mgmt_to_bitfield(const u8 *s) 608 { 609 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X) 610 return WPA_KEY_MGMT_IEEE8021X; 611 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X) 612 return WPA_KEY_MGMT_PSK; 613 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE) 614 return WPA_KEY_MGMT_WPA_NONE; 615 return 0; 616 } 617 618 619 int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len, 620 struct wpa_ie_data *data) 621 { 622 const struct wpa_ie_hdr *hdr; 623 const u8 *pos; 624 int left; 625 int i, count; 626 627 os_memset(data, 0, sizeof(*data)); 628 data->proto = WPA_PROTO_WPA; 629 data->pairwise_cipher = WPA_CIPHER_TKIP; 630 data->group_cipher = WPA_CIPHER_TKIP; 631 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 632 data->capabilities = 0; 633 data->pmkid = NULL; 634 data->num_pmkid = 0; 635 data->mgmt_group_cipher = 0; 636 637 if (wpa_ie_len == 0) { 638 /* No WPA IE - fail silently */ 639 return -1; 640 } 641 642 if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) { 643 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu", 644 __func__, (unsigned long) wpa_ie_len); 645 return -1; 646 } 647 648 hdr = (const struct wpa_ie_hdr *) wpa_ie; 649 650 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC || 651 hdr->len != wpa_ie_len - 2 || 652 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE || 653 WPA_GET_LE16(hdr->version) != WPA_VERSION) { 654 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", 655 __func__); 656 return -2; 657 } 658 659 pos = (const u8 *) (hdr + 1); 660 left = wpa_ie_len - sizeof(*hdr); 661 662 if (left >= WPA_SELECTOR_LEN) { 663 data->group_cipher = wpa_selector_to_bitfield(pos); 664 pos += WPA_SELECTOR_LEN; 665 left -= WPA_SELECTOR_LEN; 666 } else if (left > 0) { 667 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", 668 __func__, left); 669 return -3; 670 } 671 672 if (left >= 2) { 673 data->pairwise_cipher = 0; 674 count = WPA_GET_LE16(pos); 675 pos += 2; 676 left -= 2; 677 if (count == 0 || left < count * WPA_SELECTOR_LEN) { 678 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " 679 "count %u left %u", __func__, count, left); 680 return -4; 681 } 682 for (i = 0; i < count; i++) { 683 data->pairwise_cipher |= wpa_selector_to_bitfield(pos); 684 pos += WPA_SELECTOR_LEN; 685 left -= WPA_SELECTOR_LEN; 686 } 687 } else if (left == 1) { 688 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", 689 __func__); 690 return -5; 691 } 692 693 if (left >= 2) { 694 data->key_mgmt = 0; 695 count = WPA_GET_LE16(pos); 696 pos += 2; 697 left -= 2; 698 if (count == 0 || left < count * WPA_SELECTOR_LEN) { 699 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " 700 "count %u left %u", __func__, count, left); 701 return -6; 702 } 703 for (i = 0; i < count; i++) { 704 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos); 705 pos += WPA_SELECTOR_LEN; 706 left -= WPA_SELECTOR_LEN; 707 } 708 } else if (left == 1) { 709 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", 710 __func__); 711 return -7; 712 } 713 714 if (left >= 2) { 715 data->capabilities = WPA_GET_LE16(pos); 716 pos += 2; 717 left -= 2; 718 } 719 720 if (left > 0) { 721 wpa_hexdump(MSG_DEBUG, 722 "wpa_parse_wpa_ie_wpa: ignore trailing bytes", 723 pos, left); 724 } 725 726 return 0; 727 } 728 729 730 #ifdef CONFIG_IEEE80211R 731 732 /** 733 * wpa_derive_pmk_r0 - Derive PMK-R0 and PMKR0Name 734 * 735 * IEEE Std 802.11r-2008 - 8.5.1.5.3 736 */ 737 void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len, 738 const u8 *ssid, size_t ssid_len, 739 const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len, 740 const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name) 741 { 742 u8 buf[1 + WPA_MAX_SSID_LEN + MOBILITY_DOMAIN_ID_LEN + 1 + 743 FT_R0KH_ID_MAX_LEN + ETH_ALEN]; 744 u8 *pos, r0_key_data[48], hash[32]; 745 const u8 *addr[2]; 746 size_t len[2]; 747 748 /* 749 * R0-Key-Data = KDF-384(XXKey, "FT-R0", 750 * SSIDlength || SSID || MDID || R0KHlength || 751 * R0KH-ID || S0KH-ID) 752 * XXKey is either the second 256 bits of MSK or PSK. 753 * PMK-R0 = L(R0-Key-Data, 0, 256) 754 * PMK-R0Name-Salt = L(R0-Key-Data, 256, 128) 755 */ 756 if (ssid_len > WPA_MAX_SSID_LEN || r0kh_id_len > FT_R0KH_ID_MAX_LEN) 757 return; 758 pos = buf; 759 *pos++ = ssid_len; 760 os_memcpy(pos, ssid, ssid_len); 761 pos += ssid_len; 762 os_memcpy(pos, mdid, MOBILITY_DOMAIN_ID_LEN); 763 pos += MOBILITY_DOMAIN_ID_LEN; 764 *pos++ = r0kh_id_len; 765 os_memcpy(pos, r0kh_id, r0kh_id_len); 766 pos += r0kh_id_len; 767 os_memcpy(pos, s0kh_id, ETH_ALEN); 768 pos += ETH_ALEN; 769 770 sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf, 771 r0_key_data, sizeof(r0_key_data)); 772 os_memcpy(pmk_r0, r0_key_data, PMK_LEN); 773 774 /* 775 * PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt) 776 */ 777 addr[0] = (const u8 *) "FT-R0N"; 778 len[0] = 6; 779 addr[1] = r0_key_data + PMK_LEN; 780 len[1] = 16; 781 782 sha256_vector(2, addr, len, hash); 783 os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN); 784 } 785 786 787 /** 788 * wpa_derive_pmk_r1_name - Derive PMKR1Name 789 * 790 * IEEE Std 802.11r-2008 - 8.5.1.5.4 791 */ 792 void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id, 793 const u8 *s1kh_id, u8 *pmk_r1_name) 794 { 795 u8 hash[32]; 796 const u8 *addr[4]; 797 size_t len[4]; 798 799 /* 800 * PMKR1Name = Truncate-128(SHA-256("FT-R1N" || PMKR0Name || 801 * R1KH-ID || S1KH-ID)) 802 */ 803 addr[0] = (const u8 *) "FT-R1N"; 804 len[0] = 6; 805 addr[1] = pmk_r0_name; 806 len[1] = WPA_PMK_NAME_LEN; 807 addr[2] = r1kh_id; 808 len[2] = FT_R1KH_ID_LEN; 809 addr[3] = s1kh_id; 810 len[3] = ETH_ALEN; 811 812 sha256_vector(4, addr, len, hash); 813 os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN); 814 } 815 816 817 /** 818 * wpa_derive_pmk_r1 - Derive PMK-R1 and PMKR1Name from PMK-R0 819 * 820 * IEEE Std 802.11r-2008 - 8.5.1.5.4 821 */ 822 void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name, 823 const u8 *r1kh_id, const u8 *s1kh_id, 824 u8 *pmk_r1, u8 *pmk_r1_name) 825 { 826 u8 buf[FT_R1KH_ID_LEN + ETH_ALEN]; 827 u8 *pos; 828 829 /* PMK-R1 = KDF-256(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID) */ 830 pos = buf; 831 os_memcpy(pos, r1kh_id, FT_R1KH_ID_LEN); 832 pos += FT_R1KH_ID_LEN; 833 os_memcpy(pos, s1kh_id, ETH_ALEN); 834 pos += ETH_ALEN; 835 836 sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN); 837 838 wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name); 839 } 840 841 842 /** 843 * wpa_pmk_r1_to_ptk - Derive PTK and PTKName from PMK-R1 844 * 845 * IEEE Std 802.11r-2008 - 8.5.1.5.5 846 */ 847 void wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce, 848 const u8 *sta_addr, const u8 *bssid, 849 const u8 *pmk_r1_name, 850 u8 *ptk, size_t ptk_len, u8 *ptk_name) 851 { 852 u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN]; 853 u8 *pos, hash[32]; 854 const u8 *addr[6]; 855 size_t len[6]; 856 857 /* 858 * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce || 859 * BSSID || STA-ADDR) 860 */ 861 pos = buf; 862 os_memcpy(pos, snonce, WPA_NONCE_LEN); 863 pos += WPA_NONCE_LEN; 864 os_memcpy(pos, anonce, WPA_NONCE_LEN); 865 pos += WPA_NONCE_LEN; 866 os_memcpy(pos, bssid, ETH_ALEN); 867 pos += ETH_ALEN; 868 os_memcpy(pos, sta_addr, ETH_ALEN); 869 pos += ETH_ALEN; 870 871 sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, ptk, ptk_len); 872 873 /* 874 * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce || 875 * ANonce || BSSID || STA-ADDR)) 876 */ 877 addr[0] = pmk_r1_name; 878 len[0] = WPA_PMK_NAME_LEN; 879 addr[1] = (const u8 *) "FT-PTKN"; 880 len[1] = 7; 881 addr[2] = snonce; 882 len[2] = WPA_NONCE_LEN; 883 addr[3] = anonce; 884 len[3] = WPA_NONCE_LEN; 885 addr[4] = bssid; 886 len[4] = ETH_ALEN; 887 addr[5] = sta_addr; 888 len[5] = ETH_ALEN; 889 890 sha256_vector(6, addr, len, hash); 891 os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN); 892 } 893 894 #endif /* CONFIG_IEEE80211R */ 895 896 897 /** 898 * rsn_pmkid - Calculate PMK identifier 899 * @pmk: Pairwise master key 900 * @pmk_len: Length of pmk in bytes 901 * @aa: Authenticator address 902 * @spa: Supplicant address 903 * @pmkid: Buffer for PMKID 904 * @use_sha256: Whether to use SHA256-based KDF 905 * 906 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy 907 * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA) 908 */ 909 void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, 910 u8 *pmkid, int use_sha256) 911 { 912 char *title = "PMK Name"; 913 const u8 *addr[3]; 914 const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN }; 915 unsigned char hash[SHA256_MAC_LEN]; 916 917 addr[0] = (u8 *) title; 918 addr[1] = aa; 919 addr[2] = spa; 920 921 #ifdef CONFIG_IEEE80211W 922 if (use_sha256) 923 hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash); 924 else 925 #endif /* CONFIG_IEEE80211W */ 926 hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash); 927 os_memcpy(pmkid, hash, PMKID_LEN); 928 } 929 930 931 /** 932 * wpa_cipher_txt - Convert cipher suite to a text string 933 * @cipher: Cipher suite (WPA_CIPHER_* enum) 934 * Returns: Pointer to a text string of the cipher suite name 935 */ 936 const char * wpa_cipher_txt(int cipher) 937 { 938 switch (cipher) { 939 case WPA_CIPHER_NONE: 940 return "NONE"; 941 case WPA_CIPHER_WEP40: 942 return "WEP-40"; 943 case WPA_CIPHER_WEP104: 944 return "WEP-104"; 945 case WPA_CIPHER_TKIP: 946 return "TKIP"; 947 case WPA_CIPHER_CCMP: 948 return "CCMP"; 949 case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP: 950 return "CCMP+TKIP"; 951 case WPA_CIPHER_GCMP: 952 return "GCMP"; 953 case WPA_CIPHER_GCMP_256: 954 return "GCMP-256"; 955 case WPA_CIPHER_CCMP_256: 956 return "CCMP-256"; 957 case WPA_CIPHER_GTK_NOT_USED: 958 return "GTK_NOT_USED"; 959 default: 960 return "UNKNOWN"; 961 } 962 } 963 964 965 /** 966 * wpa_key_mgmt_txt - Convert key management suite to a text string 967 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum) 968 * @proto: WPA/WPA2 version (WPA_PROTO_*) 969 * Returns: Pointer to a text string of the key management suite name 970 */ 971 const char * wpa_key_mgmt_txt(int key_mgmt, int proto) 972 { 973 switch (key_mgmt) { 974 case WPA_KEY_MGMT_IEEE8021X: 975 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA)) 976 return "WPA2+WPA/IEEE 802.1X/EAP"; 977 return proto == WPA_PROTO_RSN ? 978 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP"; 979 case WPA_KEY_MGMT_PSK: 980 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA)) 981 return "WPA2-PSK+WPA-PSK"; 982 return proto == WPA_PROTO_RSN ? 983 "WPA2-PSK" : "WPA-PSK"; 984 case WPA_KEY_MGMT_NONE: 985 return "NONE"; 986 case WPA_KEY_MGMT_IEEE8021X_NO_WPA: 987 return "IEEE 802.1X (no WPA)"; 988 #ifdef CONFIG_IEEE80211R 989 case WPA_KEY_MGMT_FT_IEEE8021X: 990 return "FT-EAP"; 991 case WPA_KEY_MGMT_FT_PSK: 992 return "FT-PSK"; 993 #endif /* CONFIG_IEEE80211R */ 994 #ifdef CONFIG_IEEE80211W 995 case WPA_KEY_MGMT_IEEE8021X_SHA256: 996 return "WPA2-EAP-SHA256"; 997 case WPA_KEY_MGMT_PSK_SHA256: 998 return "WPA2-PSK-SHA256"; 999 #endif /* CONFIG_IEEE80211W */ 1000 default: 1001 return "UNKNOWN"; 1002 } 1003 } 1004 1005 1006 u32 wpa_akm_to_suite(int akm) 1007 { 1008 if (akm & WPA_KEY_MGMT_FT_IEEE8021X) 1009 return WLAN_AKM_SUITE_FT_8021X; 1010 if (akm & WPA_KEY_MGMT_FT_PSK) 1011 return WLAN_AKM_SUITE_FT_PSK; 1012 if (akm & WPA_KEY_MGMT_IEEE8021X) 1013 return WLAN_AKM_SUITE_8021X; 1014 if (akm & WPA_KEY_MGMT_IEEE8021X_SHA256) 1015 return WLAN_AKM_SUITE_8021X_SHA256; 1016 if (akm & WPA_KEY_MGMT_IEEE8021X) 1017 return WLAN_AKM_SUITE_8021X; 1018 if (akm & WPA_KEY_MGMT_PSK_SHA256) 1019 return WLAN_AKM_SUITE_PSK_SHA256; 1020 if (akm & WPA_KEY_MGMT_PSK) 1021 return WLAN_AKM_SUITE_PSK; 1022 if (akm & WPA_KEY_MGMT_CCKM) 1023 return WLAN_AKM_SUITE_CCKM; 1024 if (akm & WPA_KEY_MGMT_OSEN) 1025 return WLAN_AKM_SUITE_OSEN; 1026 return 0; 1027 } 1028 1029 1030 int wpa_compare_rsn_ie(int ft_initial_assoc, 1031 const u8 *ie1, size_t ie1len, 1032 const u8 *ie2, size_t ie2len) 1033 { 1034 if (ie1 == NULL || ie2 == NULL) 1035 return -1; 1036 1037 if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0) 1038 return 0; /* identical IEs */ 1039 1040 #ifdef CONFIG_IEEE80211R 1041 if (ft_initial_assoc) { 1042 struct wpa_ie_data ie1d, ie2d; 1043 /* 1044 * The PMKID-List in RSN IE is different between Beacon/Probe 1045 * Response/(Re)Association Request frames and EAPOL-Key 1046 * messages in FT initial mobility domain association. Allow 1047 * for this, but verify that other parts of the RSN IEs are 1048 * identical. 1049 */ 1050 if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 || 1051 wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0) 1052 return -1; 1053 if (ie1d.proto == ie2d.proto && 1054 ie1d.pairwise_cipher == ie2d.pairwise_cipher && 1055 ie1d.group_cipher == ie2d.group_cipher && 1056 ie1d.key_mgmt == ie2d.key_mgmt && 1057 ie1d.capabilities == ie2d.capabilities && 1058 ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher) 1059 return 0; 1060 } 1061 #endif /* CONFIG_IEEE80211R */ 1062 1063 return -1; 1064 } 1065 1066 1067 #ifdef CONFIG_IEEE80211R 1068 int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid) 1069 { 1070 u8 *start, *end, *rpos, *rend; 1071 int added = 0; 1072 1073 start = ies; 1074 end = ies + ies_len; 1075 1076 while (start < end) { 1077 if (*start == WLAN_EID_RSN) 1078 break; 1079 start += 2 + start[1]; 1080 } 1081 if (start >= end) { 1082 wpa_printf(MSG_ERROR, "FT: Could not find RSN IE in " 1083 "IEs data"); 1084 return -1; 1085 } 1086 wpa_hexdump(MSG_DEBUG, "FT: RSN IE before modification", 1087 start, 2 + start[1]); 1088 1089 /* Find start of PMKID-Count */ 1090 rpos = start + 2; 1091 rend = rpos + start[1]; 1092 1093 /* Skip Version and Group Data Cipher Suite */ 1094 rpos += 2 + 4; 1095 /* Skip Pairwise Cipher Suite Count and List */ 1096 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN; 1097 /* Skip AKM Suite Count and List */ 1098 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN; 1099 1100 if (rpos == rend) { 1101 /* Add RSN Capabilities */ 1102 os_memmove(rpos + 2, rpos, end - rpos); 1103 *rpos++ = 0; 1104 *rpos++ = 0; 1105 } else { 1106 /* Skip RSN Capabilities */ 1107 rpos += 2; 1108 if (rpos > rend) { 1109 wpa_printf(MSG_ERROR, "FT: Could not parse RSN IE in " 1110 "IEs data"); 1111 return -1; 1112 } 1113 } 1114 1115 if (rpos == rend) { 1116 /* No PMKID-Count field included; add it */ 1117 os_memmove(rpos + 2 + PMKID_LEN, rpos, end - rpos); 1118 WPA_PUT_LE16(rpos, 1); 1119 rpos += 2; 1120 os_memcpy(rpos, pmkid, PMKID_LEN); 1121 added += 2 + PMKID_LEN; 1122 start[1] += 2 + PMKID_LEN; 1123 } else { 1124 /* PMKID-Count was included; use it */ 1125 if (WPA_GET_LE16(rpos) != 0) { 1126 wpa_printf(MSG_ERROR, "FT: Unexpected PMKID " 1127 "in RSN IE in EAPOL-Key data"); 1128 return -1; 1129 } 1130 WPA_PUT_LE16(rpos, 1); 1131 rpos += 2; 1132 os_memmove(rpos + PMKID_LEN, rpos, end - rpos); 1133 os_memcpy(rpos, pmkid, PMKID_LEN); 1134 added += PMKID_LEN; 1135 start[1] += PMKID_LEN; 1136 } 1137 1138 wpa_hexdump(MSG_DEBUG, "FT: RSN IE after modification " 1139 "(PMKID inserted)", start, 2 + start[1]); 1140 1141 return added; 1142 } 1143 #endif /* CONFIG_IEEE80211R */ 1144 1145 1146 int wpa_cipher_key_len(int cipher) 1147 { 1148 switch (cipher) { 1149 case WPA_CIPHER_CCMP_256: 1150 case WPA_CIPHER_GCMP_256: 1151 case WPA_CIPHER_BIP_GMAC_256: 1152 case WPA_CIPHER_BIP_CMAC_256: 1153 return 32; 1154 case WPA_CIPHER_CCMP: 1155 case WPA_CIPHER_GCMP: 1156 case WPA_CIPHER_AES_128_CMAC: 1157 case WPA_CIPHER_BIP_GMAC_128: 1158 return 16; 1159 case WPA_CIPHER_TKIP: 1160 return 32; 1161 case WPA_CIPHER_WEP104: 1162 return 13; 1163 case WPA_CIPHER_WEP40: 1164 return 5; 1165 } 1166 1167 return 0; 1168 } 1169 1170 1171 int wpa_cipher_rsc_len(int cipher) 1172 { 1173 switch (cipher) { 1174 case WPA_CIPHER_CCMP_256: 1175 case WPA_CIPHER_GCMP_256: 1176 case WPA_CIPHER_CCMP: 1177 case WPA_CIPHER_GCMP: 1178 case WPA_CIPHER_TKIP: 1179 return 6; 1180 case WPA_CIPHER_WEP104: 1181 case WPA_CIPHER_WEP40: 1182 return 0; 1183 } 1184 1185 return 0; 1186 } 1187 1188 1189 int wpa_cipher_to_alg(int cipher) 1190 { 1191 switch (cipher) { 1192 case WPA_CIPHER_CCMP_256: 1193 return WPA_ALG_CCMP_256; 1194 case WPA_CIPHER_GCMP_256: 1195 return WPA_ALG_GCMP_256; 1196 case WPA_CIPHER_CCMP: 1197 return WPA_ALG_CCMP; 1198 case WPA_CIPHER_GCMP: 1199 return WPA_ALG_GCMP; 1200 case WPA_CIPHER_TKIP: 1201 return WPA_ALG_TKIP; 1202 case WPA_CIPHER_WEP104: 1203 case WPA_CIPHER_WEP40: 1204 return WPA_ALG_WEP; 1205 case WPA_CIPHER_AES_128_CMAC: 1206 return WPA_ALG_IGTK; 1207 case WPA_CIPHER_BIP_GMAC_128: 1208 return WPA_ALG_BIP_GMAC_128; 1209 case WPA_CIPHER_BIP_GMAC_256: 1210 return WPA_ALG_BIP_GMAC_256; 1211 case WPA_CIPHER_BIP_CMAC_256: 1212 return WPA_ALG_BIP_CMAC_256; 1213 } 1214 return WPA_ALG_NONE; 1215 } 1216 1217 1218 int wpa_cipher_valid_pairwise(int cipher) 1219 { 1220 return cipher == WPA_CIPHER_CCMP_256 || 1221 cipher == WPA_CIPHER_GCMP_256 || 1222 cipher == WPA_CIPHER_CCMP || 1223 cipher == WPA_CIPHER_GCMP || 1224 cipher == WPA_CIPHER_TKIP; 1225 } 1226 1227 1228 u32 wpa_cipher_to_suite(int proto, int cipher) 1229 { 1230 if (cipher & WPA_CIPHER_CCMP_256) 1231 return RSN_CIPHER_SUITE_CCMP_256; 1232 if (cipher & WPA_CIPHER_GCMP_256) 1233 return RSN_CIPHER_SUITE_GCMP_256; 1234 if (cipher & WPA_CIPHER_CCMP) 1235 return (proto == WPA_PROTO_RSN ? 1236 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP); 1237 if (cipher & WPA_CIPHER_GCMP) 1238 return RSN_CIPHER_SUITE_GCMP; 1239 if (cipher & WPA_CIPHER_TKIP) 1240 return (proto == WPA_PROTO_RSN ? 1241 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP); 1242 if (cipher & WPA_CIPHER_WEP104) 1243 return (proto == WPA_PROTO_RSN ? 1244 RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104); 1245 if (cipher & WPA_CIPHER_WEP40) 1246 return (proto == WPA_PROTO_RSN ? 1247 RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40); 1248 if (cipher & WPA_CIPHER_NONE) 1249 return (proto == WPA_PROTO_RSN ? 1250 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE); 1251 if (cipher & WPA_CIPHER_GTK_NOT_USED) 1252 return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED; 1253 if (cipher & WPA_CIPHER_AES_128_CMAC) 1254 return RSN_CIPHER_SUITE_AES_128_CMAC; 1255 if (cipher & WPA_CIPHER_BIP_GMAC_128) 1256 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1257 if (cipher & WPA_CIPHER_BIP_GMAC_256) 1258 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1259 if (cipher & WPA_CIPHER_BIP_CMAC_256) 1260 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1261 return 0; 1262 } 1263 1264 1265 int rsn_cipher_put_suites(u8 *start, int ciphers) 1266 { 1267 u8 *pos = start; 1268 1269 if (ciphers & WPA_CIPHER_CCMP_256) { 1270 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256); 1271 pos += RSN_SELECTOR_LEN; 1272 } 1273 if (ciphers & WPA_CIPHER_GCMP_256) { 1274 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256); 1275 pos += RSN_SELECTOR_LEN; 1276 } 1277 if (ciphers & WPA_CIPHER_CCMP) { 1278 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP); 1279 pos += RSN_SELECTOR_LEN; 1280 } 1281 if (ciphers & WPA_CIPHER_GCMP) { 1282 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP); 1283 pos += RSN_SELECTOR_LEN; 1284 } 1285 if (ciphers & WPA_CIPHER_TKIP) { 1286 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP); 1287 pos += RSN_SELECTOR_LEN; 1288 } 1289 if (ciphers & WPA_CIPHER_NONE) { 1290 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE); 1291 pos += RSN_SELECTOR_LEN; 1292 } 1293 1294 return (pos - start) / RSN_SELECTOR_LEN; 1295 } 1296 1297 1298 int wpa_cipher_put_suites(u8 *start, int ciphers) 1299 { 1300 u8 *pos = start; 1301 1302 if (ciphers & WPA_CIPHER_CCMP) { 1303 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP); 1304 pos += WPA_SELECTOR_LEN; 1305 } 1306 if (ciphers & WPA_CIPHER_TKIP) { 1307 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP); 1308 pos += WPA_SELECTOR_LEN; 1309 } 1310 if (ciphers & WPA_CIPHER_NONE) { 1311 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE); 1312 pos += WPA_SELECTOR_LEN; 1313 } 1314 1315 return (pos - start) / RSN_SELECTOR_LEN; 1316 } 1317 1318 1319 int wpa_pick_pairwise_cipher(int ciphers, int none_allowed) 1320 { 1321 if (ciphers & WPA_CIPHER_CCMP_256) 1322 return WPA_CIPHER_CCMP_256; 1323 if (ciphers & WPA_CIPHER_GCMP_256) 1324 return WPA_CIPHER_GCMP_256; 1325 if (ciphers & WPA_CIPHER_CCMP) 1326 return WPA_CIPHER_CCMP; 1327 if (ciphers & WPA_CIPHER_GCMP) 1328 return WPA_CIPHER_GCMP; 1329 if (ciphers & WPA_CIPHER_TKIP) 1330 return WPA_CIPHER_TKIP; 1331 if (none_allowed && (ciphers & WPA_CIPHER_NONE)) 1332 return WPA_CIPHER_NONE; 1333 return -1; 1334 } 1335 1336 1337 int wpa_pick_group_cipher(int ciphers) 1338 { 1339 if (ciphers & WPA_CIPHER_CCMP_256) 1340 return WPA_CIPHER_CCMP_256; 1341 if (ciphers & WPA_CIPHER_GCMP_256) 1342 return WPA_CIPHER_GCMP_256; 1343 if (ciphers & WPA_CIPHER_CCMP) 1344 return WPA_CIPHER_CCMP; 1345 if (ciphers & WPA_CIPHER_GCMP) 1346 return WPA_CIPHER_GCMP; 1347 if (ciphers & WPA_CIPHER_GTK_NOT_USED) 1348 return WPA_CIPHER_GTK_NOT_USED; 1349 if (ciphers & WPA_CIPHER_TKIP) 1350 return WPA_CIPHER_TKIP; 1351 if (ciphers & WPA_CIPHER_WEP104) 1352 return WPA_CIPHER_WEP104; 1353 if (ciphers & WPA_CIPHER_WEP40) 1354 return WPA_CIPHER_WEP40; 1355 return -1; 1356 } 1357 1358 1359 int wpa_parse_cipher(const char *value) 1360 { 1361 int val = 0, last; 1362 char *start, *end, *buf; 1363 1364 buf = os_strdup(value); 1365 if (buf == NULL) 1366 return -1; 1367 start = buf; 1368 1369 while (*start != '\0') { 1370 while (*start == ' ' || *start == '\t') 1371 start++; 1372 if (*start == '\0') 1373 break; 1374 end = start; 1375 while (*end != ' ' && *end != '\t' && *end != '\0') 1376 end++; 1377 last = *end == '\0'; 1378 *end = '\0'; 1379 if (os_strcmp(start, "CCMP-256") == 0) 1380 val |= WPA_CIPHER_CCMP_256; 1381 else if (os_strcmp(start, "GCMP-256") == 0) 1382 val |= WPA_CIPHER_GCMP_256; 1383 else if (os_strcmp(start, "CCMP") == 0) 1384 val |= WPA_CIPHER_CCMP; 1385 else if (os_strcmp(start, "GCMP") == 0) 1386 val |= WPA_CIPHER_GCMP; 1387 else if (os_strcmp(start, "TKIP") == 0) 1388 val |= WPA_CIPHER_TKIP; 1389 else if (os_strcmp(start, "WEP104") == 0) 1390 val |= WPA_CIPHER_WEP104; 1391 else if (os_strcmp(start, "WEP40") == 0) 1392 val |= WPA_CIPHER_WEP40; 1393 else if (os_strcmp(start, "NONE") == 0) 1394 val |= WPA_CIPHER_NONE; 1395 else if (os_strcmp(start, "GTK_NOT_USED") == 0) 1396 val |= WPA_CIPHER_GTK_NOT_USED; 1397 else { 1398 os_free(buf); 1399 return -1; 1400 } 1401 1402 if (last) 1403 break; 1404 start = end + 1; 1405 } 1406 os_free(buf); 1407 1408 return val; 1409 } 1410 1411 1412 int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim) 1413 { 1414 char *pos = start; 1415 int ret; 1416 1417 if (ciphers & WPA_CIPHER_CCMP_256) { 1418 ret = os_snprintf(pos, end - pos, "%sCCMP-256", 1419 pos == start ? "" : delim); 1420 if (ret < 0 || ret >= end - pos) 1421 return -1; 1422 pos += ret; 1423 } 1424 if (ciphers & WPA_CIPHER_GCMP_256) { 1425 ret = os_snprintf(pos, end - pos, "%sGCMP-256", 1426 pos == start ? "" : delim); 1427 if (ret < 0 || ret >= end - pos) 1428 return -1; 1429 pos += ret; 1430 } 1431 if (ciphers & WPA_CIPHER_CCMP) { 1432 ret = os_snprintf(pos, end - pos, "%sCCMP", 1433 pos == start ? "" : delim); 1434 if (ret < 0 || ret >= end - pos) 1435 return -1; 1436 pos += ret; 1437 } 1438 if (ciphers & WPA_CIPHER_GCMP) { 1439 ret = os_snprintf(pos, end - pos, "%sGCMP", 1440 pos == start ? "" : delim); 1441 if (ret < 0 || ret >= end - pos) 1442 return -1; 1443 pos += ret; 1444 } 1445 if (ciphers & WPA_CIPHER_TKIP) { 1446 ret = os_snprintf(pos, end - pos, "%sTKIP", 1447 pos == start ? "" : delim); 1448 if (ret < 0 || ret >= end - pos) 1449 return -1; 1450 pos += ret; 1451 } 1452 if (ciphers & WPA_CIPHER_WEP104) { 1453 ret = os_snprintf(pos, end - pos, "%sWEP104", 1454 pos == start ? "" : delim); 1455 if (ret < 0 || ret >= end - pos) 1456 return -1; 1457 pos += ret; 1458 } 1459 if (ciphers & WPA_CIPHER_WEP40) { 1460 ret = os_snprintf(pos, end - pos, "%sWEP40", 1461 pos == start ? "" : delim); 1462 if (ret < 0 || ret >= end - pos) 1463 return -1; 1464 pos += ret; 1465 } 1466 if (ciphers & WPA_CIPHER_NONE) { 1467 ret = os_snprintf(pos, end - pos, "%sNONE", 1468 pos == start ? "" : delim); 1469 if (ret < 0 || ret >= end - pos) 1470 return -1; 1471 pos += ret; 1472 } 1473 1474 return pos - start; 1475 } 1476 1477 1478 int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise) 1479 { 1480 int pairwise = 0; 1481 1482 /* Select group cipher based on the enabled pairwise cipher suites */ 1483 if (wpa & 1) 1484 pairwise |= wpa_pairwise; 1485 if (wpa & 2) 1486 pairwise |= rsn_pairwise; 1487 1488 if (pairwise & WPA_CIPHER_TKIP) 1489 return WPA_CIPHER_TKIP; 1490 if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP) 1491 return WPA_CIPHER_GCMP; 1492 if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP | 1493 WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256) 1494 return WPA_CIPHER_GCMP_256; 1495 if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP | 1496 WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256) 1497 return WPA_CIPHER_CCMP_256; 1498 return WPA_CIPHER_CCMP; 1499 } 1500 1501 1502 static int wpa_check_wowlan_trigger(const char *start, const char *trigger, 1503 int capa_trigger, u8 *param_trigger) 1504 { 1505 if (os_strcmp(start, trigger) != 0) 1506 return 0; 1507 if (!capa_trigger) 1508 return 0; 1509 1510 *param_trigger = 1; 1511 return 1; 1512 } 1513 1514 1515 struct wowlan_triggers *wpa_get_wowlan_triggers(const char *wowlan_triggers, 1516 struct wpa_driver_capa *capa) 1517 { 1518 struct wowlan_triggers *triggers; 1519 char *start, *end, *buf; 1520 int last; 1521 1522 if (!wowlan_triggers) 1523 return NULL; 1524 1525 buf = os_strdup(wowlan_triggers); 1526 if (buf == NULL) 1527 return NULL; 1528 1529 triggers = os_zalloc(sizeof(*triggers)); 1530 if (triggers == NULL) 1531 goto out; 1532 1533 #define CHECK_TRIGGER(trigger) \ 1534 wpa_check_wowlan_trigger(start, #trigger, \ 1535 capa->wowlan_triggers.trigger, \ 1536 &triggers->trigger) 1537 1538 start = buf; 1539 while (*start != '\0') { 1540 while (isblank(*start)) 1541 start++; 1542 if (*start == '\0') 1543 break; 1544 end = start; 1545 while (!isblank(*end) && *end != '\0') 1546 end++; 1547 last = *end == '\0'; 1548 *end = '\0'; 1549 1550 if (!CHECK_TRIGGER(any) && 1551 !CHECK_TRIGGER(disconnect) && 1552 !CHECK_TRIGGER(magic_pkt) && 1553 !CHECK_TRIGGER(gtk_rekey_failure) && 1554 !CHECK_TRIGGER(eap_identity_req) && 1555 !CHECK_TRIGGER(four_way_handshake) && 1556 !CHECK_TRIGGER(rfkill_release)) { 1557 wpa_printf(MSG_DEBUG, 1558 "Unknown/unsupported wowlan trigger '%s'", 1559 start); 1560 os_free(triggers); 1561 triggers = NULL; 1562 goto out; 1563 } 1564 1565 if (last) 1566 break; 1567 start = end + 1; 1568 } 1569 #undef CHECK_TRIGGER 1570 1571 out: 1572 os_free(buf); 1573 return triggers; 1574 } 1575
