2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
22 #ifdef CONFIG_RSN_TESTING
24 #endif /* CONFIG_RSN_TESTING */
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 struct wpa_ie_hdr *hdr;
33 hdr = (struct wpa_ie_hdr *) buf;
34 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
35 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
36 WPA_PUT_LE16(hdr->version, WPA_VERSION);
37 pos = (u8 *) (hdr + 1);
39 if (conf->wpa_group == WPA_CIPHER_CCMP) {
40 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
41 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
42 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
43 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
44 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
45 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
46 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
48 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
52 pos += WPA_SELECTOR_LEN;
58 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
59 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
60 pos += WPA_SELECTOR_LEN;
63 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
64 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
65 pos += WPA_SELECTOR_LEN;
68 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
69 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
70 pos += WPA_SELECTOR_LEN;
74 if (num_suites == 0) {
75 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
79 WPA_PUT_LE16(count, num_suites);
85 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
86 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
87 pos += WPA_SELECTOR_LEN;
90 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
91 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
92 pos += WPA_SELECTOR_LEN;
96 if (num_suites == 0) {
97 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
101 WPA_PUT_LE16(count, num_suites);
103 /* WPA Capabilities; use defaults, so no need to include it */
105 hdr->len = (pos - buf) - 2;
111 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
114 struct rsn_ie_hdr *hdr;
119 hdr = (struct rsn_ie_hdr *) buf;
120 hdr->elem_id = WLAN_EID_RSN;
121 WPA_PUT_LE16(hdr->version, RSN_VERSION);
122 pos = (u8 *) (hdr + 1);
124 if (conf->wpa_group == WPA_CIPHER_CCMP) {
125 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
126 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
127 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
128 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
129 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
130 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
131 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
133 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
137 pos += RSN_SELECTOR_LEN;
143 #ifdef CONFIG_RSN_TESTING
145 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
146 pos += RSN_SELECTOR_LEN;
149 #endif /* CONFIG_RSN_TESTING */
151 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
152 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
153 pos += RSN_SELECTOR_LEN;
156 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
157 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
158 pos += RSN_SELECTOR_LEN;
161 if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
162 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
163 pos += RSN_SELECTOR_LEN;
167 #ifdef CONFIG_RSN_TESTING
169 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
170 pos += RSN_SELECTOR_LEN;
173 #endif /* CONFIG_RSN_TESTING */
175 if (num_suites == 0) {
176 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
180 WPA_PUT_LE16(count, num_suites);
186 #ifdef CONFIG_RSN_TESTING
188 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
189 pos += RSN_SELECTOR_LEN;
192 #endif /* CONFIG_RSN_TESTING */
194 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
195 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
196 pos += RSN_SELECTOR_LEN;
199 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
200 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
201 pos += RSN_SELECTOR_LEN;
204 #ifdef CONFIG_IEEE80211R
205 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
206 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
207 pos += RSN_SELECTOR_LEN;
210 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
211 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
212 pos += RSN_SELECTOR_LEN;
215 #endif /* CONFIG_IEEE80211R */
216 #ifdef CONFIG_IEEE80211W
217 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
218 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
219 pos += RSN_SELECTOR_LEN;
222 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
223 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
224 pos += RSN_SELECTOR_LEN;
227 #endif /* CONFIG_IEEE80211W */
229 #ifdef CONFIG_RSN_TESTING
231 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
232 pos += RSN_SELECTOR_LEN;
235 #endif /* CONFIG_RSN_TESTING */
237 if (num_suites == 0) {
238 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
242 WPA_PUT_LE16(count, num_suites);
244 /* RSN Capabilities */
246 if (conf->rsn_preauth)
247 capab |= WPA_CAPABILITY_PREAUTH;
249 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
250 if (conf->wmm_enabled) {
251 /* 4 PTKSA replay counters when using WMM */
252 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
254 #ifdef CONFIG_IEEE80211W
255 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
256 capab |= WPA_CAPABILITY_MFPC;
257 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
258 capab |= WPA_CAPABILITY_MFPR;
260 #endif /* CONFIG_IEEE80211W */
261 #ifdef CONFIG_RSN_TESTING
263 capab |= BIT(8) | BIT(14) | BIT(15);
264 #endif /* CONFIG_RSN_TESTING */
265 WPA_PUT_LE16(pos, capab);
269 if (pos + 2 + PMKID_LEN > buf + len)
272 WPA_PUT_LE16(pos, 1);
274 os_memcpy(pos, pmkid, PMKID_LEN);
278 #ifdef CONFIG_IEEE80211W
279 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
280 if (pos + 2 + 4 > buf + len)
284 WPA_PUT_LE16(pos, 0);
288 /* Management Group Cipher Suite */
289 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
290 pos += RSN_SELECTOR_LEN;
292 #endif /* CONFIG_IEEE80211W */
294 #ifdef CONFIG_RSN_TESTING
297 * Fill in any defined fields and add extra data to the end of
300 int pmkid_count_set = pmkid != NULL;
301 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
304 WPA_PUT_LE16(pos, 0);
306 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
307 /* Management Group Cipher Suite */
308 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
309 pos += RSN_SELECTOR_LEN;
312 os_memset(pos, 0x12, 17);
315 #endif /* CONFIG_RSN_TESTING */
317 hdr->len = (pos - buf) - 2;
323 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
330 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
331 res = wpa_write_rsn_ie(&wpa_auth->conf,
332 pos, buf + sizeof(buf) - pos, NULL);
337 #ifdef CONFIG_IEEE80211R
338 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
339 res = wpa_write_mdie(&wpa_auth->conf, pos,
340 buf + sizeof(buf) - pos);
345 #endif /* CONFIG_IEEE80211R */
346 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
347 res = wpa_write_wpa_ie(&wpa_auth->conf,
348 pos, buf + sizeof(buf) - pos);
354 os_free(wpa_auth->wpa_ie);
355 wpa_auth->wpa_ie = os_malloc(pos - buf);
356 if (wpa_auth->wpa_ie == NULL)
358 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
359 wpa_auth->wpa_ie_len = pos - buf;
365 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
366 const u8 *data2, size_t data2_len)
368 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
369 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
370 RSN_SELECTOR_PUT(pos, kde);
371 pos += RSN_SELECTOR_LEN;
372 os_memcpy(pos, data, data_len);
375 os_memcpy(pos, data2, data2_len);
382 struct wpa_auth_okc_iter_data {
383 struct rsn_pmksa_cache_entry *pmksa;
390 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
392 struct wpa_auth_okc_iter_data *data = ctx;
393 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
401 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
402 struct wpa_state_machine *sm,
403 const u8 *wpa_ie, size_t wpa_ie_len,
404 const u8 *mdie, size_t mdie_len)
406 struct wpa_ie_data data;
407 int ciphers, key_mgmt, res, version;
410 const u8 *pmkid = NULL;
412 if (wpa_auth == NULL || sm == NULL)
413 return WPA_NOT_ENABLED;
415 if (wpa_ie == NULL || wpa_ie_len < 1)
416 return WPA_INVALID_IE;
418 if (wpa_ie[0] == WLAN_EID_RSN)
419 version = WPA_PROTO_RSN;
421 version = WPA_PROTO_WPA;
423 if (!(wpa_auth->conf.wpa & version)) {
424 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
425 version, MAC2STR(sm->addr));
426 return WPA_INVALID_PROTO;
429 if (version == WPA_PROTO_RSN) {
430 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
432 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
435 #ifdef CONFIG_IEEE80211R
436 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
437 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
438 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
439 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
440 #endif /* CONFIG_IEEE80211R */
441 #ifdef CONFIG_IEEE80211W
442 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
443 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
444 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
445 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
446 #endif /* CONFIG_IEEE80211W */
447 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
448 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
449 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
450 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
451 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
453 selector = RSN_CIPHER_SUITE_CCMP;
454 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
455 selector = RSN_CIPHER_SUITE_CCMP;
456 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
457 selector = RSN_CIPHER_SUITE_TKIP;
458 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
459 selector = RSN_CIPHER_SUITE_WEP104;
460 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
461 selector = RSN_CIPHER_SUITE_WEP40;
462 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
463 selector = RSN_CIPHER_SUITE_NONE;
464 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
466 selector = RSN_CIPHER_SUITE_CCMP;
467 if (data.group_cipher & WPA_CIPHER_CCMP)
468 selector = RSN_CIPHER_SUITE_CCMP;
469 else if (data.group_cipher & WPA_CIPHER_TKIP)
470 selector = RSN_CIPHER_SUITE_TKIP;
471 else if (data.group_cipher & WPA_CIPHER_WEP104)
472 selector = RSN_CIPHER_SUITE_WEP104;
473 else if (data.group_cipher & WPA_CIPHER_WEP40)
474 selector = RSN_CIPHER_SUITE_WEP40;
475 else if (data.group_cipher & WPA_CIPHER_NONE)
476 selector = RSN_CIPHER_SUITE_NONE;
477 wpa_auth->dot11RSNAGroupCipherSelected = selector;
479 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
481 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
482 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
483 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
484 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
485 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
486 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
488 selector = WPA_CIPHER_SUITE_TKIP;
489 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
490 selector = WPA_CIPHER_SUITE_CCMP;
491 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
492 selector = WPA_CIPHER_SUITE_TKIP;
493 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
494 selector = WPA_CIPHER_SUITE_WEP104;
495 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
496 selector = WPA_CIPHER_SUITE_WEP40;
497 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
498 selector = WPA_CIPHER_SUITE_NONE;
499 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
501 selector = WPA_CIPHER_SUITE_TKIP;
502 if (data.group_cipher & WPA_CIPHER_CCMP)
503 selector = WPA_CIPHER_SUITE_CCMP;
504 else if (data.group_cipher & WPA_CIPHER_TKIP)
505 selector = WPA_CIPHER_SUITE_TKIP;
506 else if (data.group_cipher & WPA_CIPHER_WEP104)
507 selector = WPA_CIPHER_SUITE_WEP104;
508 else if (data.group_cipher & WPA_CIPHER_WEP40)
509 selector = WPA_CIPHER_SUITE_WEP40;
510 else if (data.group_cipher & WPA_CIPHER_NONE)
511 selector = WPA_CIPHER_SUITE_NONE;
512 wpa_auth->dot11RSNAGroupCipherSelected = selector;
515 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
516 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
517 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
518 return WPA_INVALID_IE;
521 if (data.group_cipher != wpa_auth->conf.wpa_group) {
522 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
523 MACSTR, data.group_cipher, MAC2STR(sm->addr));
524 return WPA_INVALID_GROUP;
527 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
529 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
530 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
531 return WPA_INVALID_AKMP;
535 #ifdef CONFIG_IEEE80211R
536 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
537 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
538 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
539 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
540 #endif /* CONFIG_IEEE80211R */
541 #ifdef CONFIG_IEEE80211W
542 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
543 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
544 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
545 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
546 #endif /* CONFIG_IEEE80211W */
547 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
548 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
550 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
552 if (version == WPA_PROTO_RSN)
553 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
555 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
557 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
559 version == WPA_PROTO_RSN ? "RSN" : "WPA",
560 data.pairwise_cipher, MAC2STR(sm->addr));
561 return WPA_INVALID_PAIRWISE;
564 #ifdef CONFIG_IEEE80211W
565 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
566 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
567 wpa_printf(MSG_DEBUG, "Management frame protection "
568 "required, but client did not enable it");
569 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
572 if (ciphers & WPA_CIPHER_TKIP) {
573 wpa_printf(MSG_DEBUG, "Management frame protection "
575 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
578 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
579 wpa_printf(MSG_DEBUG, "Unsupported management group "
580 "cipher %d", data.mgmt_group_cipher);
581 return WPA_INVALID_MGMT_GROUP_CIPHER;
585 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
586 !(data.capabilities & WPA_CAPABILITY_MFPC))
587 sm->mgmt_frame_prot = 0;
589 sm->mgmt_frame_prot = 1;
590 #endif /* CONFIG_IEEE80211W */
592 #ifdef CONFIG_IEEE80211R
593 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
594 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
595 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
596 "MDIE not included");
597 return WPA_INVALID_MDIE;
599 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
600 MOBILITY_DOMAIN_ID_LEN) != 0) {
601 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
602 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
603 return WPA_INVALID_MDIE;
606 #endif /* CONFIG_IEEE80211R */
608 if (ciphers & WPA_CIPHER_CCMP)
609 sm->pairwise = WPA_CIPHER_CCMP;
611 sm->pairwise = WPA_CIPHER_TKIP;
613 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
614 if (wpa_ie[0] == WLAN_EID_RSN)
615 sm->wpa = WPA_VERSION_WPA2;
617 sm->wpa = WPA_VERSION_WPA;
620 for (i = 0; i < data.num_pmkid; i++) {
621 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
622 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
623 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
624 &data.pmkid[i * PMKID_LEN]);
626 pmkid = sm->pmksa->pmkid;
630 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
631 i < data.num_pmkid; i++) {
632 struct wpa_auth_okc_iter_data idata;
634 idata.aa = wpa_auth->addr;
635 idata.spa = sm->addr;
636 idata.pmkid = &data.pmkid[i * PMKID_LEN];
637 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
639 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
640 "OKC match for PMKID");
641 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
650 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
651 "PMKID found from PMKSA cache "
652 "eap_type=%d vlan_id=%d",
653 sm->pmksa->eap_type_authsrv,
655 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
658 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
660 sm->wpa_ie = os_malloc(wpa_ie_len);
661 if (sm->wpa_ie == NULL)
662 return WPA_ALLOC_FAIL;
664 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
665 sm->wpa_ie_len = wpa_ie_len;
672 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
673 * @pos: Pointer to the IE header
674 * @end: Pointer to the end of the Key Data buffer
675 * @ie: Pointer to parsed IE data
676 * Returns: 0 on success, 1 if end mark is found, -1 on failure
678 static int wpa_parse_generic(const u8 *pos, const u8 *end,
679 struct wpa_eapol_ie_parse *ie)
685 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
686 pos[2 + WPA_SELECTOR_LEN] == 1 &&
687 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
689 ie->wpa_ie_len = pos[1] + 2;
693 if (pos + 1 + RSN_SELECTOR_LEN < end &&
694 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
695 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
696 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
700 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
701 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
702 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
703 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
707 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
708 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
709 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
710 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
714 #ifdef CONFIG_PEERKEY
715 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
716 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
717 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
718 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
722 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
723 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
724 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
725 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
729 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
730 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
731 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
732 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
736 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
737 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
738 ie->error = pos + 2 + RSN_SELECTOR_LEN;
739 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
742 #endif /* CONFIG_PEERKEY */
744 #ifdef CONFIG_IEEE80211W
745 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
746 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
747 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
748 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
751 #endif /* CONFIG_IEEE80211W */
758 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
759 * @buf: Pointer to the Key Data buffer
760 * @len: Key Data Length
761 * @ie: Pointer to parsed IE data
762 * Returns: 0 on success, -1 on failure
764 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
769 os_memset(ie, 0, sizeof(*ie));
770 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
771 if (pos[0] == 0xdd &&
772 ((pos == buf + len - 1) || pos[1] == 0)) {
776 if (pos + 2 + pos[1] > end) {
777 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
778 "underflow (ie=%d len=%d pos=%d)",
779 pos[0], pos[1], (int) (pos - buf));
780 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
785 if (*pos == WLAN_EID_RSN) {
787 ie->rsn_ie_len = pos[1] + 2;
788 #ifdef CONFIG_IEEE80211R
789 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
791 ie->mdie_len = pos[1] + 2;
792 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
794 ie->ftie_len = pos[1] + 2;
795 #endif /* CONFIG_IEEE80211R */
796 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
797 ret = wpa_parse_generic(pos, end, ie);
805 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
806 "Key Data IE", pos, 2 + pos[1]);
814 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
816 return sm ? sm->mgmt_frame_prot : 0;