1 /* 2 * hostapd - WPA/RSN IE and KDE definitions 3 * Copyright (c) 2004-2018, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "common/ieee802_11_defs.h" 13 #include "drivers/driver.h" 14 #include "eapol_auth/eapol_auth_sm.h" 15 #include "ap_config.h" 16 #include "ieee802_11.h" 17 #include "wpa_auth.h" 18 #include "pmksa_cache_auth.h" 19 #include "wpa_auth_ie.h" 20 #include "wpa_auth_i.h" 21 22 23 #ifdef CONFIG_RSN_TESTING 24 int rsn_testing = 0; 25 #endif /* CONFIG_RSN_TESTING */ 26 27 28 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) 29 { 30 struct wpa_ie_hdr *hdr; 31 int num_suites; 32 u8 *pos, *count; 33 u32 suite; 34 35 hdr = (struct wpa_ie_hdr *) buf; 36 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC; 37 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE); 38 WPA_PUT_LE16(hdr->version, WPA_VERSION); 39 pos = (u8 *) (hdr + 1); 40 41 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group); 42 if (suite == 0) { 43 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 44 conf->wpa_group); 45 return -1; 46 } 47 RSN_SELECTOR_PUT(pos, suite); 48 pos += WPA_SELECTOR_LEN; 49 50 count = pos; 51 pos += 2; 52 53 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise); 54 if (num_suites == 0) { 55 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 56 conf->wpa_pairwise); 57 return -1; 58 } 59 pos += num_suites * WPA_SELECTOR_LEN; 60 WPA_PUT_LE16(count, num_suites); 61 62 num_suites = 0; 63 count = pos; 64 pos += 2; 65 66 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 67 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X); 68 pos += WPA_SELECTOR_LEN; 69 num_suites++; 70 } 71 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 72 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X); 73 pos += WPA_SELECTOR_LEN; 74 num_suites++; 75 } 76 77 if (num_suites == 0) { 78 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 79 conf->wpa_key_mgmt); 80 return -1; 81 } 82 WPA_PUT_LE16(count, num_suites); 83 84 /* WPA Capabilities; use defaults, so no need to include it */ 85 86 hdr->len = (pos - buf) - 2; 87 88 return pos - buf; 89 } 90 91 92 static u16 wpa_own_rsn_capab(struct wpa_auth_config *conf) 93 { 94 u16 capab = 0; 95 96 if (conf->rsn_preauth) 97 capab |= WPA_CAPABILITY_PREAUTH; 98 if (conf->wmm_enabled) { 99 /* 4 PTKSA replay counters when using WMM */ 100 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); 101 } 102 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 103 capab |= WPA_CAPABILITY_MFPC; 104 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 105 capab |= WPA_CAPABILITY_MFPR; 106 } 107 #ifdef CONFIG_OCV 108 if (conf->ocv) 109 capab |= WPA_CAPABILITY_OCVC; 110 #endif /* CONFIG_OCV */ 111 #ifdef CONFIG_RSN_TESTING 112 if (rsn_testing) 113 capab |= BIT(8) | BIT(15); 114 #endif /* CONFIG_RSN_TESTING */ 115 if (conf->extended_key_id) 116 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST; 117 118 return capab; 119 } 120 121 122 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, 123 const u8 *pmkid) 124 { 125 struct rsn_ie_hdr *hdr; 126 int num_suites, res; 127 u8 *pos, *count; 128 u32 suite; 129 130 hdr = (struct rsn_ie_hdr *) buf; 131 hdr->elem_id = WLAN_EID_RSN; 132 WPA_PUT_LE16(hdr->version, RSN_VERSION); 133 pos = (u8 *) (hdr + 1); 134 135 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group); 136 if (suite == 0) { 137 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", 138 conf->wpa_group); 139 return -1; 140 } 141 RSN_SELECTOR_PUT(pos, suite); 142 pos += RSN_SELECTOR_LEN; 143 144 num_suites = 0; 145 count = pos; 146 pos += 2; 147 148 #ifdef CONFIG_RSN_TESTING 149 if (rsn_testing) { 150 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 151 pos += RSN_SELECTOR_LEN; 152 num_suites++; 153 } 154 #endif /* CONFIG_RSN_TESTING */ 155 156 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise); 157 num_suites += res; 158 pos += res * RSN_SELECTOR_LEN; 159 160 #ifdef CONFIG_RSN_TESTING 161 if (rsn_testing) { 162 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 163 pos += RSN_SELECTOR_LEN; 164 num_suites++; 165 } 166 #endif /* CONFIG_RSN_TESTING */ 167 168 if (num_suites == 0) { 169 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", 170 conf->rsn_pairwise); 171 return -1; 172 } 173 WPA_PUT_LE16(count, num_suites); 174 175 num_suites = 0; 176 count = pos; 177 pos += 2; 178 179 #ifdef CONFIG_RSN_TESTING 180 if (rsn_testing) { 181 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1)); 182 pos += RSN_SELECTOR_LEN; 183 num_suites++; 184 } 185 #endif /* CONFIG_RSN_TESTING */ 186 187 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { 188 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X); 189 pos += RSN_SELECTOR_LEN; 190 num_suites++; 191 } 192 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { 193 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X); 194 pos += RSN_SELECTOR_LEN; 195 num_suites++; 196 } 197 #ifdef CONFIG_IEEE80211R_AP 198 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) { 199 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X); 200 pos += RSN_SELECTOR_LEN; 201 num_suites++; 202 } 203 #ifdef CONFIG_SHA384 204 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) { 205 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384); 206 pos += RSN_SELECTOR_LEN; 207 num_suites++; 208 } 209 #endif /* CONFIG_SHA384 */ 210 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) { 211 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK); 212 pos += RSN_SELECTOR_LEN; 213 num_suites++; 214 } 215 #endif /* CONFIG_IEEE80211R_AP */ 216 #ifdef CONFIG_SHA384 217 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) { 218 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA384); 219 pos += RSN_SELECTOR_LEN; 220 num_suites++; 221 } 222 #endif /* CONFIG_SHA384 */ 223 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) { 224 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256); 225 pos += RSN_SELECTOR_LEN; 226 num_suites++; 227 } 228 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { 229 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256); 230 pos += RSN_SELECTOR_LEN; 231 num_suites++; 232 } 233 #ifdef CONFIG_SAE 234 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) { 235 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE); 236 pos += RSN_SELECTOR_LEN; 237 num_suites++; 238 } 239 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) { 240 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE_EXT_KEY); 241 pos += RSN_SELECTOR_LEN; 242 num_suites++; 243 } 244 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) { 245 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE); 246 pos += RSN_SELECTOR_LEN; 247 num_suites++; 248 } 249 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) { 250 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY); 251 pos += RSN_SELECTOR_LEN; 252 num_suites++; 253 } 254 #endif /* CONFIG_SAE */ 255 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) { 256 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B); 257 pos += RSN_SELECTOR_LEN; 258 num_suites++; 259 } 260 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { 261 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192); 262 pos += RSN_SELECTOR_LEN; 263 num_suites++; 264 } 265 #ifdef CONFIG_FILS 266 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) { 267 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256); 268 pos += RSN_SELECTOR_LEN; 269 num_suites++; 270 } 271 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) { 272 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384); 273 pos += RSN_SELECTOR_LEN; 274 num_suites++; 275 } 276 #ifdef CONFIG_IEEE80211R_AP 277 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) { 278 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256); 279 pos += RSN_SELECTOR_LEN; 280 num_suites++; 281 } 282 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) { 283 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384); 284 pos += RSN_SELECTOR_LEN; 285 num_suites++; 286 } 287 #endif /* CONFIG_IEEE80211R_AP */ 288 #endif /* CONFIG_FILS */ 289 #ifdef CONFIG_OWE 290 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) { 291 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE); 292 pos += RSN_SELECTOR_LEN; 293 num_suites++; 294 } 295 #endif /* CONFIG_OWE */ 296 #ifdef CONFIG_DPP 297 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) { 298 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP); 299 pos += RSN_SELECTOR_LEN; 300 num_suites++; 301 } 302 #endif /* CONFIG_DPP */ 303 #ifdef CONFIG_HS20 304 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) { 305 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN); 306 pos += RSN_SELECTOR_LEN; 307 num_suites++; 308 } 309 #endif /* CONFIG_HS20 */ 310 #ifdef CONFIG_PASN 311 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) { 312 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN); 313 pos += RSN_SELECTOR_LEN; 314 num_suites++; 315 } 316 #endif /* CONFIG_PASN */ 317 318 #ifdef CONFIG_RSN_TESTING 319 if (rsn_testing) { 320 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2)); 321 pos += RSN_SELECTOR_LEN; 322 num_suites++; 323 } 324 #endif /* CONFIG_RSN_TESTING */ 325 326 if (num_suites == 0) { 327 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", 328 conf->wpa_key_mgmt); 329 return -1; 330 } 331 WPA_PUT_LE16(count, num_suites); 332 333 /* RSN Capabilities */ 334 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf)); 335 pos += 2; 336 337 if (pmkid) { 338 if (2 + PMKID_LEN > buf + len - pos) 339 return -1; 340 /* PMKID Count */ 341 WPA_PUT_LE16(pos, 1); 342 pos += 2; 343 os_memcpy(pos, pmkid, PMKID_LEN); 344 pos += PMKID_LEN; 345 } 346 347 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION && 348 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) { 349 if (2 + 4 > buf + len - pos) 350 return -1; 351 if (pmkid == NULL) { 352 /* PMKID Count */ 353 WPA_PUT_LE16(pos, 0); 354 pos += 2; 355 } 356 357 /* Management Group Cipher Suite */ 358 switch (conf->group_mgmt_cipher) { 359 case WPA_CIPHER_AES_128_CMAC: 360 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 361 break; 362 case WPA_CIPHER_BIP_GMAC_128: 363 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128); 364 break; 365 case WPA_CIPHER_BIP_GMAC_256: 366 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256); 367 break; 368 case WPA_CIPHER_BIP_CMAC_256: 369 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256); 370 break; 371 default: 372 wpa_printf(MSG_DEBUG, 373 "Invalid group management cipher (0x%x)", 374 conf->group_mgmt_cipher); 375 return -1; 376 } 377 pos += RSN_SELECTOR_LEN; 378 } 379 380 #ifdef CONFIG_RSN_TESTING 381 if (rsn_testing) { 382 /* 383 * Fill in any defined fields and add extra data to the end of 384 * the element. 385 */ 386 int pmkid_count_set = pmkid != NULL; 387 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) 388 pmkid_count_set = 1; 389 /* PMKID Count */ 390 WPA_PUT_LE16(pos, 0); 391 pos += 2; 392 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) { 393 /* Management Group Cipher Suite */ 394 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); 395 pos += RSN_SELECTOR_LEN; 396 } 397 398 os_memset(pos, 0x12, 17); 399 pos += 17; 400 } 401 #endif /* CONFIG_RSN_TESTING */ 402 403 hdr->len = (pos - buf) - 2; 404 405 return pos - buf; 406 } 407 408 409 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) 410 { 411 u8 *pos = buf; 412 u32 capab = 0, tmp; 413 size_t flen; 414 415 if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) && 416 (conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT || 417 conf->sae_pwe == SAE_PWE_BOTH || conf->sae_pk || 418 wpa_key_mgmt_sae_ext_key(conf->wpa_key_mgmt))) { 419 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); 420 #ifdef CONFIG_SAE_PK 421 if (conf->sae_pk) 422 capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK); 423 #endif /* CONFIG_SAE_PK */ 424 } 425 426 if (conf->secure_ltf) 427 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF); 428 if (conf->secure_rtt) 429 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); 430 if (conf->prot_range_neg) 431 capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR); 432 if (conf->ssid_protection) 433 capab |= BIT(WLAN_RSNX_CAPAB_SSID_PROTECTION); 434 435 if (!capab) 436 return 0; /* no supported extended RSN capabilities */ 437 tmp = capab; 438 flen = 0; 439 while (tmp) { 440 flen++; 441 tmp >>= 8; 442 } 443 if (len < 2 + flen) 444 return -1; 445 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */ 446 447 *pos++ = WLAN_EID_RSNX; 448 *pos++ = flen; 449 while (capab) { 450 *pos++ = capab & 0xff; 451 capab >>= 8; 452 } 453 454 return pos - buf; 455 } 456 457 458 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid) 459 { 460 u8 *len; 461 u16 capab; 462 463 *eid++ = WLAN_EID_VENDOR_SPECIFIC; 464 len = eid++; /* to be filled */ 465 WPA_PUT_BE24(eid, OUI_WFA); 466 eid += 3; 467 *eid++ = HS20_OSEN_OUI_TYPE; 468 469 /* Group Data Cipher Suite */ 470 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED); 471 eid += RSN_SELECTOR_LEN; 472 473 /* Pairwise Cipher Suite Count and List */ 474 WPA_PUT_LE16(eid, 1); 475 eid += 2; 476 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP); 477 eid += RSN_SELECTOR_LEN; 478 479 /* AKM Suite Count and List */ 480 WPA_PUT_LE16(eid, 1); 481 eid += 2; 482 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN); 483 eid += RSN_SELECTOR_LEN; 484 485 /* RSN Capabilities */ 486 capab = 0; 487 if (conf->wmm_enabled) { 488 /* 4 PTKSA replay counters when using WMM */ 489 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); 490 } 491 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 492 capab |= WPA_CAPABILITY_MFPC; 493 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 494 capab |= WPA_CAPABILITY_MFPR; 495 } 496 #ifdef CONFIG_OCV 497 if (conf->ocv) 498 capab |= WPA_CAPABILITY_OCVC; 499 #endif /* CONFIG_OCV */ 500 WPA_PUT_LE16(eid, capab); 501 eid += 2; 502 503 *len = eid - len - 1; 504 505 return eid; 506 } 507 508 509 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth) 510 { 511 u8 *pos, buf[128]; 512 int res; 513 514 #ifdef CONFIG_TESTING_OPTIONS 515 if (wpa_auth->conf.own_ie_override_len) { 516 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing", 517 wpa_auth->conf.own_ie_override, 518 wpa_auth->conf.own_ie_override_len); 519 os_free(wpa_auth->wpa_ie); 520 wpa_auth->wpa_ie = 521 os_malloc(wpa_auth->conf.own_ie_override_len); 522 if (wpa_auth->wpa_ie == NULL) 523 return -1; 524 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override, 525 wpa_auth->conf.own_ie_override_len); 526 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len; 527 return 0; 528 } 529 #endif /* CONFIG_TESTING_OPTIONS */ 530 531 pos = buf; 532 533 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) { 534 pos = wpa_write_osen(&wpa_auth->conf, pos); 535 } 536 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) { 537 res = wpa_write_rsn_ie(&wpa_auth->conf, 538 pos, buf + sizeof(buf) - pos, NULL); 539 if (res < 0) 540 return res; 541 pos += res; 542 res = wpa_write_rsnxe(&wpa_auth->conf, pos, 543 buf + sizeof(buf) - pos); 544 if (res < 0) 545 return res; 546 pos += res; 547 } 548 #ifdef CONFIG_IEEE80211R_AP 549 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) { 550 res = wpa_write_mdie(&wpa_auth->conf, pos, 551 buf + sizeof(buf) - pos); 552 if (res < 0) 553 return res; 554 pos += res; 555 } 556 #endif /* CONFIG_IEEE80211R_AP */ 557 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) { 558 res = wpa_write_wpa_ie(&wpa_auth->conf, 559 pos, buf + sizeof(buf) - pos); 560 if (res < 0) 561 return res; 562 pos += res; 563 } 564 565 os_free(wpa_auth->wpa_ie); 566 wpa_auth->wpa_ie = os_malloc(pos - buf); 567 if (wpa_auth->wpa_ie == NULL) 568 return -1; 569 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf); 570 wpa_auth->wpa_ie_len = pos - buf; 571 572 return 0; 573 } 574 575 576 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, 577 const u8 *data2, size_t data2_len) 578 { 579 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 580 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; 581 RSN_SELECTOR_PUT(pos, kde); 582 pos += RSN_SELECTOR_LEN; 583 os_memcpy(pos, data, data_len); 584 pos += data_len; 585 if (data2) { 586 os_memcpy(pos, data2, data2_len); 587 pos += data2_len; 588 } 589 return pos; 590 } 591 592 593 struct wpa_auth_okc_iter_data { 594 struct rsn_pmksa_cache_entry *pmksa; 595 const u8 *aa; 596 const u8 *spa; 597 const u8 *pmkid; 598 }; 599 600 601 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx) 602 { 603 struct wpa_auth_okc_iter_data *data = ctx; 604 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa, 605 data->pmkid); 606 if (data->pmksa) 607 return 1; 608 return 0; 609 } 610 611 612 enum wpa_validate_result 613 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, 614 struct wpa_state_machine *sm, int freq, 615 const u8 *wpa_ie, size_t wpa_ie_len, 616 const u8 *rsnxe, size_t rsnxe_len, 617 const u8 *mdie, size_t mdie_len, 618 const u8 *owe_dh, size_t owe_dh_len, 619 struct wpa_state_machine *assoc_sm) 620 { 621 struct wpa_auth_config *conf = &wpa_auth->conf; 622 struct wpa_ie_data data; 623 int ciphers, key_mgmt, res, version; 624 u32 selector; 625 size_t i; 626 const u8 *pmkid = NULL; 627 628 if (wpa_auth == NULL || sm == NULL) 629 return WPA_NOT_ENABLED; 630 631 if (wpa_ie == NULL || wpa_ie_len < 1) 632 return WPA_INVALID_IE; 633 634 if (wpa_ie[0] == WLAN_EID_RSN) 635 version = WPA_PROTO_RSN; 636 else 637 version = WPA_PROTO_WPA; 638 639 if (!(wpa_auth->conf.wpa & version)) { 640 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR, 641 version, MAC2STR(sm->addr)); 642 return WPA_INVALID_PROTO; 643 } 644 645 if (version == WPA_PROTO_RSN) { 646 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); 647 if (!data.has_pairwise) 648 data.pairwise_cipher = wpa_default_rsn_cipher(freq); 649 if (!data.has_group) 650 data.group_cipher = wpa_default_rsn_cipher(freq); 651 652 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie && 653 !wpa_key_mgmt_only_ft(data.key_mgmt)) { 654 /* Workaround for some HP and Epson printers that seem 655 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP 656 * advertised RSNE to Association Request frame. */ 657 wpa_printf(MSG_DEBUG, 658 "RSN: FT set in RSNE AKM but MDE is missing from " 659 MACSTR 660 " - ignore FT AKM(s) because there's also a non-FT AKM", 661 MAC2STR(sm->addr)); 662 data.key_mgmt &= ~WPA_KEY_MGMT_FT; 663 } 664 665 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 666 if (0) { 667 } 668 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 669 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 670 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) 671 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 672 #ifdef CONFIG_FILS 673 #ifdef CONFIG_IEEE80211R_AP 674 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 675 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 676 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 677 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 678 #endif /* CONFIG_IEEE80211R_AP */ 679 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384) 680 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384; 681 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256) 682 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256; 683 #endif /* CONFIG_FILS */ 684 #ifdef CONFIG_IEEE80211R_AP 685 #ifdef CONFIG_SHA384 686 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 687 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384; 688 #endif /* CONFIG_SHA384 */ 689 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 690 selector = RSN_AUTH_KEY_MGMT_FT_802_1X; 691 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) 692 selector = RSN_AUTH_KEY_MGMT_FT_PSK; 693 #endif /* CONFIG_IEEE80211R_AP */ 694 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 695 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256; 696 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 697 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256; 698 #ifdef CONFIG_SAE 699 else if (data.key_mgmt & WPA_KEY_MGMT_SAE) 700 selector = RSN_AUTH_KEY_MGMT_SAE; 701 else if (data.key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) 702 selector = RSN_AUTH_KEY_MGMT_SAE_EXT_KEY; 703 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE) 704 selector = RSN_AUTH_KEY_MGMT_FT_SAE; 705 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) 706 selector = RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY; 707 #endif /* CONFIG_SAE */ 708 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 709 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 710 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 711 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 712 #ifdef CONFIG_OWE 713 else if (data.key_mgmt & WPA_KEY_MGMT_OWE) 714 selector = RSN_AUTH_KEY_MGMT_OWE; 715 #endif /* CONFIG_OWE */ 716 #ifdef CONFIG_DPP 717 else if (data.key_mgmt & WPA_KEY_MGMT_DPP) 718 selector = RSN_AUTH_KEY_MGMT_DPP; 719 #endif /* CONFIG_DPP */ 720 #ifdef CONFIG_HS20 721 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN) 722 selector = RSN_AUTH_KEY_MGMT_OSEN; 723 #endif /* CONFIG_HS20 */ 724 #ifdef CONFIG_SHA384 725 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) 726 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA384; 727 #endif /* CONFIG_SHA384 */ 728 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 729 730 selector = wpa_cipher_to_suite(WPA_PROTO_RSN, 731 data.pairwise_cipher); 732 if (!selector) 733 selector = RSN_CIPHER_SUITE_CCMP; 734 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 735 736 selector = wpa_cipher_to_suite(WPA_PROTO_RSN, 737 data.group_cipher); 738 if (!selector) 739 selector = RSN_CIPHER_SUITE_CCMP; 740 wpa_auth->dot11RSNAGroupCipherSelected = selector; 741 } else { 742 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data); 743 744 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 745 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) 746 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 747 else if (data.key_mgmt & WPA_KEY_MGMT_PSK) 748 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 749 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector; 750 751 selector = wpa_cipher_to_suite(WPA_PROTO_WPA, 752 data.pairwise_cipher); 753 if (!selector) 754 selector = RSN_CIPHER_SUITE_TKIP; 755 wpa_auth->dot11RSNAPairwiseCipherSelected = selector; 756 757 selector = wpa_cipher_to_suite(WPA_PROTO_WPA, 758 data.group_cipher); 759 if (!selector) 760 selector = WPA_CIPHER_SUITE_TKIP; 761 wpa_auth->dot11RSNAGroupCipherSelected = selector; 762 } 763 if (res) { 764 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from " 765 MACSTR " (res=%d)", MAC2STR(sm->addr), res); 766 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len); 767 return WPA_INVALID_IE; 768 } 769 770 if (data.group_cipher != wpa_auth->conf.wpa_group) { 771 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from " 772 MACSTR, data.group_cipher, MAC2STR(sm->addr)); 773 return WPA_INVALID_GROUP; 774 } 775 776 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt; 777 if (!key_mgmt) { 778 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " 779 MACSTR, data.key_mgmt, MAC2STR(sm->addr)); 780 return WPA_INVALID_AKMP; 781 } 782 if (0) { 783 } 784 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) 785 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; 786 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) 787 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B; 788 #ifdef CONFIG_FILS 789 #ifdef CONFIG_IEEE80211R_AP 790 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) 791 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; 792 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) 793 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; 794 #endif /* CONFIG_IEEE80211R_AP */ 795 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384) 796 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384; 797 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256) 798 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256; 799 #endif /* CONFIG_FILS */ 800 #ifdef CONFIG_IEEE80211R_AP 801 #ifdef CONFIG_SHA384 802 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) 803 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384; 804 #endif /* CONFIG_SHA384 */ 805 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) 806 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 807 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) 808 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; 809 #endif /* CONFIG_IEEE80211R_AP */ 810 #ifdef CONFIG_SHA384 811 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) 812 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA384; 813 #endif /* CONFIG_SHA384 */ 814 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) 815 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; 816 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256) 817 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256; 818 #ifdef CONFIG_SAE 819 else if (key_mgmt & WPA_KEY_MGMT_SAE) 820 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE; 821 else if (key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) 822 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE_EXT_KEY; 823 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE) 824 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE; 825 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) 826 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE_EXT_KEY; 827 #endif /* CONFIG_SAE */ 828 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) 829 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; 830 #ifdef CONFIG_OWE 831 else if (key_mgmt & WPA_KEY_MGMT_OWE) 832 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE; 833 #endif /* CONFIG_OWE */ 834 #ifdef CONFIG_DPP 835 else if (key_mgmt & WPA_KEY_MGMT_DPP) 836 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP; 837 #endif /* CONFIG_DPP */ 838 #ifdef CONFIG_HS20 839 else if (key_mgmt & WPA_KEY_MGMT_OSEN) 840 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; 841 #endif /* CONFIG_HS20 */ 842 else 843 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK; 844 845 if (version == WPA_PROTO_RSN) 846 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise; 847 else 848 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise; 849 if (!ciphers) { 850 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) " 851 "from " MACSTR, 852 version == WPA_PROTO_RSN ? "RSN" : "WPA", 853 data.pairwise_cipher, MAC2STR(sm->addr)); 854 return WPA_INVALID_PAIRWISE; 855 } 856 857 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) { 858 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) { 859 wpa_printf(MSG_DEBUG, "Management frame protection " 860 "required, but client did not enable it"); 861 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 862 } 863 864 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher) 865 { 866 wpa_printf(MSG_DEBUG, "Unsupported management group " 867 "cipher %d", data.mgmt_group_cipher); 868 return WPA_INVALID_MGMT_GROUP_CIPHER; 869 } 870 } 871 872 #ifdef CONFIG_SAE 873 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL && 874 wpa_auth->conf.sae_require_mfp && 875 wpa_key_mgmt_sae(sm->wpa_key_mgmt) && 876 !(data.capabilities & WPA_CAPABILITY_MFPC)) { 877 wpa_printf(MSG_DEBUG, 878 "Management frame protection required with SAE, but client did not enable it"); 879 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 880 } 881 #endif /* CONFIG_SAE */ 882 883 #ifdef CONFIG_OCV 884 if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC) && 885 !(data.capabilities & WPA_CAPABILITY_MFPC)) { 886 /* Some legacy MFP incapable STAs wrongly copy OCVC bit from 887 * AP RSN capabilities. To improve interoperability with such 888 * legacy STAs allow connection without enabling OCV when the 889 * workaround mode (ocv=2) is enabled. 890 */ 891 if (wpa_auth->conf.ocv == 2) { 892 wpa_printf(MSG_DEBUG, 893 "Allow connecting MFP incapable and OCV capable STA without enabling OCV"); 894 wpa_auth_set_ocv(sm, 0); 895 } else { 896 wpa_printf(MSG_DEBUG, 897 "Management frame protection required with OCV, but client did not enable it"); 898 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 899 } 900 } else { 901 wpa_auth_set_ocv(sm, (data.capabilities & WPA_CAPABILITY_OCVC) ? 902 wpa_auth->conf.ocv : 0); 903 } 904 #endif /* CONFIG_OCV */ 905 906 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION || 907 !(data.capabilities & WPA_CAPABILITY_MFPC)) 908 sm->mgmt_frame_prot = 0; 909 else 910 sm->mgmt_frame_prot = 1; 911 sm->mfpr = !!(data.capabilities & WPA_CAPABILITY_MFPR); 912 913 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) { 914 wpa_printf(MSG_DEBUG, 915 "Management frame protection cannot use TKIP"); 916 return WPA_MGMT_FRAME_PROTECTION_VIOLATION; 917 } 918 919 #ifdef CONFIG_IEEE80211R_AP 920 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { 921 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) { 922 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but " 923 "MDIE not included"); 924 return WPA_INVALID_MDIE; 925 } 926 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain, 927 MOBILITY_DOMAIN_ID_LEN) != 0) { 928 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown " 929 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN); 930 return WPA_INVALID_MDIE; 931 } 932 } else if (mdie != NULL) { 933 wpa_printf(MSG_DEBUG, 934 "RSN: Trying to use non-FT AKM suite, but MDIE included"); 935 return WPA_INVALID_AKMP; 936 } 937 #endif /* CONFIG_IEEE80211R_AP */ 938 939 #ifdef CONFIG_OWE 940 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) { 941 wpa_printf(MSG_DEBUG, 942 "OWE: No Diffie-Hellman Parameter element"); 943 return WPA_INVALID_AKMP; 944 } 945 #endif /* CONFIG_OWE */ 946 947 #ifdef CONFIG_DPP2 948 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && 949 ((conf->dpp_pfs == 1 && !owe_dh) || 950 (conf->dpp_pfs == 2 && owe_dh))) { 951 wpa_printf(MSG_DEBUG, "DPP: PFS %s", 952 conf->dpp_pfs == 1 ? "required" : "not allowed"); 953 return WPA_DENIED_OTHER_REASON; 954 } 955 #endif /* CONFIG_DPP2 */ 956 957 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0); 958 if (sm->pairwise < 0) 959 return WPA_INVALID_PAIRWISE; 960 961 /* TODO: clear WPA/WPA2 state if STA changes from one to another */ 962 if (wpa_ie[0] == WLAN_EID_RSN) 963 sm->wpa = WPA_VERSION_WPA2; 964 else 965 sm->wpa = WPA_VERSION_WPA; 966 967 if (assoc_sm) { 968 /* For ML association link STA cannot choose a different 969 * AKM or pairwise cipher from association STA */ 970 if (sm->wpa_key_mgmt != assoc_sm->wpa_key_mgmt) 971 return WPA_INVALID_AKMP; 972 if (sm->pairwise != assoc_sm->pairwise) 973 return WPA_INVALID_PAIRWISE; 974 } 975 976 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS) 977 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 || 978 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) && 979 (sm->auth_alg == WLAN_AUTH_FILS_SK || 980 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS || 981 sm->auth_alg == WLAN_AUTH_FILS_PK) && 982 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid || 983 os_memcmp_const(data.pmkid, sm->pmk_r1_name, 984 WPA_PMK_NAME_LEN) != 0)) { 985 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 986 "No PMKR1Name match for FILS+FT"); 987 return WPA_INVALID_PMKID; 988 } 989 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */ 990 991 sm->pmksa = NULL; 992 for (i = 0; i < data.num_pmkid; i++) { 993 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID", 994 &data.pmkid[i * PMKID_LEN], PMKID_LEN); 995 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr, 996 &data.pmkid[i * PMKID_LEN]); 997 if (sm->pmksa) { 998 pmkid = sm->pmksa->pmkid; 999 break; 1000 } 1001 } 1002 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc && 1003 i < data.num_pmkid; i++) { 1004 struct wpa_auth_okc_iter_data idata; 1005 idata.pmksa = NULL; 1006 idata.aa = wpa_auth->addr; 1007 idata.spa = sm->addr; 1008 idata.pmkid = &data.pmkid[i * PMKID_LEN]; 1009 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata); 1010 if (idata.pmksa) { 1011 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1012 "OKC match for PMKID"); 1013 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa, 1014 idata.pmksa, 1015 wpa_auth->addr, 1016 idata.pmkid); 1017 pmkid = idata.pmkid; 1018 break; 1019 } 1020 } 1021 if (sm->pmksa && pmkid) { 1022 struct vlan_description *vlan; 1023 1024 vlan = sm->pmksa->vlan_desc; 1025 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1026 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s", 1027 sm->pmksa->eap_type_authsrv, 1028 vlan ? vlan->untagged : 0, 1029 (vlan && vlan->tagged[0]) ? "+" : ""); 1030 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN); 1031 } 1032 1033 #ifdef CONFIG_SAE 1034 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE || 1035 sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE_EXT_KEY) { 1036 u64 drv_flags = 0; 1037 u64 drv_flags2 = 0; 1038 bool ap_sae_offload = false; 1039 1040 if (wpa_auth->cb->get_drv_flags && 1041 wpa_auth->cb->get_drv_flags(wpa_auth->cb_ctx, &drv_flags, 1042 &drv_flags2) == 0) 1043 ap_sae_offload = 1044 !!(drv_flags2 & 1045 WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP); 1046 1047 if (!ap_sae_offload && data.num_pmkid && !sm->pmksa) { 1048 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1049 "No PMKSA cache entry found for SAE"); 1050 return WPA_INVALID_PMKID; 1051 } 1052 } 1053 #endif /* CONFIG_SAE */ 1054 1055 #ifdef CONFIG_DPP 1056 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) { 1057 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, 1058 "No PMKSA cache entry found for DPP"); 1059 return WPA_INVALID_PMKID; 1060 } 1061 #endif /* CONFIG_DPP */ 1062 1063 if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 && 1064 sm->pairwise != WPA_CIPHER_TKIP && 1065 (data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) { 1066 sm->use_ext_key_id = true; 1067 if (conf->extended_key_id == 2 && 1068 !wpa_key_mgmt_ft(sm->wpa_key_mgmt) && 1069 !wpa_key_mgmt_fils(sm->wpa_key_mgmt)) 1070 sm->keyidx_active = 1; 1071 else 1072 sm->keyidx_active = 0; 1073 wpa_printf(MSG_DEBUG, 1074 "RSN: Extended Key ID supported (start with %d)", 1075 sm->keyidx_active); 1076 } else { 1077 sm->use_ext_key_id = false; 1078 } 1079 1080 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) { 1081 os_free(sm->wpa_ie); 1082 sm->wpa_ie = os_malloc(wpa_ie_len); 1083 if (sm->wpa_ie == NULL) 1084 return WPA_ALLOC_FAIL; 1085 } 1086 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len); 1087 sm->wpa_ie_len = wpa_ie_len; 1088 1089 if (rsnxe && rsnxe_len) { 1090 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) { 1091 os_free(sm->rsnxe); 1092 sm->rsnxe = os_malloc(rsnxe_len); 1093 if (!sm->rsnxe) 1094 return WPA_ALLOC_FAIL; 1095 } 1096 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len); 1097 sm->rsnxe_len = rsnxe_len; 1098 } else { 1099 os_free(sm->rsnxe); 1100 sm->rsnxe = NULL; 1101 sm->rsnxe_len = 0; 1102 } 1103 1104 return WPA_IE_OK; 1105 } 1106 1107 1108 #ifdef CONFIG_HS20 1109 int wpa_validate_osen(struct wpa_authenticator *wpa_auth, 1110 struct wpa_state_machine *sm, 1111 const u8 *osen_ie, size_t osen_ie_len) 1112 { 1113 if (wpa_auth == NULL || sm == NULL) 1114 return -1; 1115 1116 /* TODO: parse OSEN element */ 1117 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; 1118 sm->mgmt_frame_prot = 1; 1119 sm->pairwise = WPA_CIPHER_CCMP; 1120 sm->wpa = WPA_VERSION_WPA2; 1121 1122 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) { 1123 os_free(sm->wpa_ie); 1124 sm->wpa_ie = os_malloc(osen_ie_len); 1125 if (sm->wpa_ie == NULL) 1126 return -1; 1127 } 1128 1129 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len); 1130 sm->wpa_ie_len = osen_ie_len; 1131 1132 return 0; 1133 } 1134 1135 #endif /* CONFIG_HS20 */ 1136 1137 1138 int wpa_auth_uses_mfp(struct wpa_state_machine *sm) 1139 { 1140 return sm ? sm->mgmt_frame_prot : 0; 1141 } 1142 1143 1144 #ifdef CONFIG_OCV 1145 1146 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv) 1147 { 1148 if (sm) 1149 sm->ocv_enabled = ocv; 1150 } 1151 1152 1153 int wpa_auth_uses_ocv(struct wpa_state_machine *sm) 1154 { 1155 return sm ? sm->ocv_enabled : 0; 1156 } 1157 1158 #endif /* CONFIG_OCV */ 1159 1160 1161 #ifdef CONFIG_OWE 1162 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm, 1163 u8 *pos, size_t max_len, 1164 const u8 *req_ies, size_t req_ies_len) 1165 { 1166 int res; 1167 struct wpa_auth_config *conf; 1168 1169 if (!sm) 1170 return pos; 1171 conf = &sm->wpa_auth->conf; 1172 1173 #ifdef CONFIG_TESTING_OPTIONS 1174 if (conf->own_ie_override_len) { 1175 if (max_len < conf->own_ie_override_len) 1176 return NULL; 1177 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing", 1178 conf->own_ie_override, conf->own_ie_override_len); 1179 os_memcpy(pos, conf->own_ie_override, 1180 conf->own_ie_override_len); 1181 return pos + conf->own_ie_override_len; 1182 } 1183 #endif /* CONFIG_TESTING_OPTIONS */ 1184 1185 res = wpa_write_rsn_ie(conf, pos, max_len, 1186 sm->pmksa ? sm->pmksa->pmkid : NULL); 1187 if (res < 0) 1188 return pos; 1189 return pos + res; 1190 } 1191 #endif /* CONFIG_OWE */ 1192 1193 1194 #ifdef CONFIG_FILS 1195 1196 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm, 1197 u8 *pos, size_t max_len, 1198 const u8 *req_ies, size_t req_ies_len) 1199 { 1200 int res; 1201 1202 if (!sm || 1203 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 | 1204 WPA_KEY_MGMT_FT_FILS_SHA384)) 1205 return pos; 1206 1207 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL); 1208 if (res < 0) 1209 return pos; 1210 return pos + res; 1211 } 1212 1213 1214 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth, 1215 u8 *fd_rsn_info) 1216 { 1217 struct wpa_auth_config *conf; 1218 u32 selectors = 0; 1219 u8 *pos = fd_rsn_info; 1220 int i, res; 1221 u32 cipher, suite, selector, mask; 1222 u8 tmp[10 * RSN_SELECTOR_LEN]; 1223 1224 if (!wpa_auth) 1225 return false; 1226 conf = &wpa_auth->conf; 1227 1228 if (!(conf->wpa & WPA_PROTO_RSN)) 1229 return false; 1230 1231 /* RSN Capability (B0..B15) */ 1232 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf)); 1233 pos += 2; 1234 1235 /* Group Data Cipher Suite Selector (B16..B21) */ 1236 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group); 1237 if (suite == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED) 1238 cipher = 63; /* No cipher suite selected */ 1239 else if ((suite >> 8) == 0x000fac && ((suite & 0xff) <= 13)) 1240 cipher = suite & 0xff; 1241 else 1242 cipher = 62; /* vendor specific */ 1243 selectors |= cipher; 1244 1245 /* Group Management Cipher Suite Selector (B22..B27) */ 1246 cipher = 63; /* Default to no cipher suite selected */ 1247 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 1248 switch (conf->group_mgmt_cipher) { 1249 case WPA_CIPHER_AES_128_CMAC: 1250 cipher = RSN_CIPHER_SUITE_AES_128_CMAC & 0xff; 1251 break; 1252 case WPA_CIPHER_BIP_GMAC_128: 1253 cipher = RSN_CIPHER_SUITE_BIP_GMAC_128 & 0xff; 1254 break; 1255 case WPA_CIPHER_BIP_GMAC_256: 1256 cipher = RSN_CIPHER_SUITE_BIP_GMAC_256 & 0xff; 1257 break; 1258 case WPA_CIPHER_BIP_CMAC_256: 1259 cipher = RSN_CIPHER_SUITE_BIP_CMAC_256 & 0xff; 1260 break; 1261 } 1262 } 1263 selectors |= cipher << 6; 1264 1265 /* Pairwise Cipher Suite Selector (B28..B33) */ 1266 cipher = 63; /* Default to no cipher suite selected */ 1267 res = rsn_cipher_put_suites(tmp, conf->rsn_pairwise); 1268 if (res == 1 && tmp[0] == 0x00 && tmp[1] == 0x0f && tmp[2] == 0xac && 1269 tmp[3] <= 13) 1270 cipher = tmp[3]; 1271 selectors |= cipher << 12; 1272 1273 /* AKM Suite Selector (B34..B39) */ 1274 selector = 0; /* default to AKM from RSNE in Beacon/Probe Response */ 1275 mask = WPA_KEY_MGMT_FILS_SHA256 | WPA_KEY_MGMT_FILS_SHA384 | 1276 WPA_KEY_MGMT_FT_FILS_SHA384; 1277 if ((conf->wpa_key_mgmt & mask) && (conf->wpa_key_mgmt & ~mask) == 0) { 1278 suite = conf->wpa_key_mgmt & mask; 1279 if (suite == WPA_KEY_MGMT_FILS_SHA256) 1280 selector = 1; /* 00-0f-ac:14 */ 1281 else if (suite == WPA_KEY_MGMT_FILS_SHA384) 1282 selector = 2; /* 00-0f-ac:15 */ 1283 else if (suite == (WPA_KEY_MGMT_FILS_SHA256 | 1284 WPA_KEY_MGMT_FILS_SHA384)) 1285 selector = 3; /* 00-0f-ac:14 or 00-0f-ac:15 */ 1286 else if (suite == WPA_KEY_MGMT_FT_FILS_SHA384) 1287 selector = 4; /* 00-0f-ac:17 */ 1288 } 1289 selectors |= selector << 18; 1290 1291 for (i = 0; i < 3; i++) { 1292 *pos++ = selectors & 0xff; 1293 selectors >>= 8; 1294 } 1295 1296 return true; 1297 } 1298 1299 #endif /* CONFIG_FILS */ 1300
Indexes created Sun Jun 28 00:24:58 UTC 2026