2 * Received Data frame processing
3 * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
18 #include "crypto/aes_wrap.h"
19 #include "crypto/crypto.h"
20 #include "common/defs.h"
21 #include "common/ieee802_11_defs.h"
22 #include "common/eapol_common.h"
23 #include "common/wpa_common.h"
24 #include "rsn_supp/wpa_ie.h"
28 static const char * data_stype(u16 stype)
31 case WLAN_FC_STYPE_DATA:
33 case WLAN_FC_STYPE_DATA_CFACK:
35 case WLAN_FC_STYPE_DATA_CFPOLL:
37 case WLAN_FC_STYPE_DATA_CFACKPOLL:
38 return "DATA-CFACKPOLL";
39 case WLAN_FC_STYPE_NULLFUNC:
41 case WLAN_FC_STYPE_CFACK:
43 case WLAN_FC_STYPE_CFPOLL:
45 case WLAN_FC_STYPE_CFACKPOLL:
47 case WLAN_FC_STYPE_QOS_DATA:
49 case WLAN_FC_STYPE_QOS_DATA_CFACK:
50 return "QOSDATA-CFACK";
51 case WLAN_FC_STYPE_QOS_DATA_CFPOLL:
52 return "QOSDATA-CFPOLL";
53 case WLAN_FC_STYPE_QOS_DATA_CFACKPOLL:
54 return "QOSDATA-CFACKPOLL";
55 case WLAN_FC_STYPE_QOS_NULL:
57 case WLAN_FC_STYPE_QOS_CFPOLL:
59 case WLAN_FC_STYPE_QOS_CFACKPOLL:
60 return "QOS-CFACKPOLL";
66 static int check_mic(const u8 *kck, int ver, const u8 *data, size_t len)
70 struct ieee802_1x_hdr *hdr;
71 struct wpa_eapol_key *key;
77 os_memcpy(buf, data, len);
78 hdr = (struct ieee802_1x_hdr *) buf;
79 key = (struct wpa_eapol_key *) (hdr + 1);
81 os_memcpy(rx_mic, key->key_mic, 16);
82 os_memset(key->key_mic, 0, 16);
84 if (wpa_eapol_key_mic(kck, ver, buf, len, key->key_mic) == 0 &&
85 os_memcmp(rx_mic, key->key_mic, 16) == 0)
94 static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
95 const u8 *src, const u8 *data, size_t len)
97 struct wlantest_bss *bss;
98 struct wlantest_sta *sta;
99 const struct ieee802_1x_hdr *eapol;
100 const struct wpa_eapol_key *hdr;
102 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
103 MAC2STR(src), MAC2STR(dst));
104 bss = bss_get(wt, src);
107 sta = sta_get(bss, dst);
111 eapol = (const struct ieee802_1x_hdr *) data;
112 hdr = (const struct wpa_eapol_key *) (eapol + 1);
113 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
117 static int try_pmk(struct wlantest_bss *bss, struct wlantest_sta *sta,
118 u16 ver, const u8 *data, size_t len,
119 struct wlantest_pmk *pmk)
122 size_t ptk_len = sta->pairwise_cipher == WPA_CIPHER_TKIP ? 64 : 48;
123 wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
124 "Pairwise key expansion",
125 bss->bssid, sta->addr, sta->anonce, sta->snonce,
126 (u8 *) &ptk, ptk_len,
127 wpa_key_mgmt_sha256(sta->key_mgmt));
128 if (check_mic(ptk.kck, ver, data, len) < 0)
131 wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR,
132 MAC2STR(sta->addr), MAC2STR(bss->bssid));
133 os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
134 wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, 16);
135 wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, 16);
136 wpa_hexdump(MSG_DEBUG, "PTK:TK1", sta->ptk.tk1, 16);
138 wpa_hexdump(MSG_DEBUG, "PTK:TK2", sta->ptk.u.tk2, 16);
140 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
141 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
146 static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
147 struct wlantest_sta *sta, u16 ver,
148 const u8 *data, size_t len)
150 struct wlantest_pmk *pmk;
152 dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
153 if (try_pmk(bss, sta, ver, data, len, pmk) == 0)
157 dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
158 if (try_pmk(bss, sta, ver, data, len, pmk) == 0)
164 static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
165 const u8 *src, const u8 *data, size_t len)
167 struct wlantest_bss *bss;
168 struct wlantest_sta *sta;
169 const struct ieee802_1x_hdr *eapol;
170 const struct wpa_eapol_key *hdr;
172 u16 key_info, key_data_len;
173 struct wpa_eapol_ie_parse ie;
175 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
176 MAC2STR(src), MAC2STR(dst));
177 bss = bss_get(wt, dst);
180 sta = sta_get(bss, src);
184 eapol = (const struct ieee802_1x_hdr *) data;
185 hdr = (const struct wpa_eapol_key *) (eapol + 1);
186 os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
187 key_info = WPA_GET_BE16(hdr->key_info);
188 key_data_len = WPA_GET_BE16(hdr->key_data_length);
189 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
192 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/4");
196 if (check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
198 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC");
201 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
203 key_data = (const u8 *) (hdr + 1);
205 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
206 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
211 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
212 ie.wpa_ie, ie.wpa_ie_len);
213 if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
214 wpa_printf(MSG_INFO, "Mismatch in WPA IE between "
215 "EAPOL-Key 2/4 and (Re)Association "
216 "Request from " MACSTR, MAC2STR(sta->addr));
217 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
218 ie.wpa_ie, ie.wpa_ie_len);
219 wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association "
222 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
227 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
228 ie.rsn_ie, ie.rsn_ie_len);
229 if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
230 wpa_printf(MSG_INFO, "Mismatch in RSN IE between "
231 "EAPOL-Key 2/4 and (Re)Association "
232 "Request from " MACSTR, MAC2STR(sta->addr));
233 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
234 ie.rsn_ie, ie.rsn_ie_len);
235 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
238 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
244 static u8 * decrypt_eapol_key_data_rc4(const u8 *kek,
245 const struct wpa_eapol_key *hdr,
249 u16 keydatalen = WPA_GET_BE16(hdr->key_data_length);
251 buf = os_malloc(keydatalen);
255 os_memcpy(ek, hdr->key_iv, 16);
256 os_memcpy(ek + 16, kek, 16);
257 os_memcpy(buf, hdr + 1, keydatalen);
258 if (rc4_skip(ek, 32, 256, buf, keydatalen)) {
259 wpa_printf(MSG_INFO, "RC4 failed");
269 static u8 * decrypt_eapol_key_data_aes(const u8 *kek,
270 const struct wpa_eapol_key *hdr,
274 u16 keydatalen = WPA_GET_BE16(hdr->key_data_length);
276 if (keydatalen % 8) {
277 wpa_printf(MSG_INFO, "Unsupported AES-WRAP len %d",
281 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
282 buf = os_malloc(keydatalen);
285 if (aes_unwrap(kek, keydatalen / 8, (u8 *) (hdr + 1), buf)) {
287 wpa_printf(MSG_INFO, "AES unwrap failed - "
288 "could not decrypt EAPOL-Key key data");
297 static u8 * decrypt_eapol_key_data(const u8 *kek, u16 ver,
298 const struct wpa_eapol_key *hdr,
302 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
303 return decrypt_eapol_key_data_rc4(kek, hdr, len);
304 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
305 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
306 return decrypt_eapol_key_data_aes(kek, hdr, len);
308 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
315 static void learn_kde_keys(struct wlantest_bss *bss, const u8 *buf, size_t len,
318 struct wpa_eapol_ie_parse ie;
320 if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) {
321 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
326 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
327 ie.wpa_ie, ie.wpa_ie_len);
331 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
332 ie.rsn_ie, ie.rsn_ie_len);
336 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE",
338 if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) {
340 id = ie.gtk[0] & 0x03;
341 wpa_printf(MSG_DEBUG, "GTK KeyID=%u tx=%u",
342 id, !!(ie.gtk[0] & 0x04));
343 if ((ie.gtk[0] & 0xf8) || ie.gtk[1])
344 wpa_printf(MSG_INFO, "GTK KDE: Reserved field "
346 ie.gtk[0], ie.gtk[1]);
347 wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2,
349 bss->gtk_len[id] = ie.gtk_len - 2;
350 os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2);
351 bss->rsc[id][0] = rsc[5];
352 bss->rsc[id][1] = rsc[4];
353 bss->rsc[id][2] = rsc[3];
354 bss->rsc[id][3] = rsc[2];
355 bss->rsc[id][4] = rsc[1];
356 bss->rsc[id][5] = rsc[0];
357 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
359 wpa_printf(MSG_INFO, "Invalid GTK KDE length %u",
360 (unsigned) ie.gtk_len);
365 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE",
366 ie.igtk, ie.igtk_len);
367 if (ie.igtk_len == 24) {
369 id = WPA_GET_LE16(ie.igtk);
371 wpa_printf(MSG_INFO, "Unexpected IGTK KeyID "
374 wpa_printf(MSG_DEBUG, "IGTK KeyID %u", id);
375 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
376 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
378 os_memcpy(bss->igtk[id], ie.igtk + 8, 16);
379 bss->igtk_set[id] = 1;
382 wpa_printf(MSG_INFO, "Invalid IGTK KDE length %u",
383 (unsigned) ie.igtk_len);
389 static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
390 const u8 *src, const u8 *data, size_t len)
392 struct wlantest_bss *bss;
393 struct wlantest_sta *sta;
394 const struct ieee802_1x_hdr *eapol;
395 const struct wpa_eapol_key *hdr;
399 u8 *decrypted_buf = NULL;
401 size_t decrypted_len = 0;
402 struct wpa_eapol_ie_parse ie;
404 wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
405 MAC2STR(src), MAC2STR(dst));
406 bss = bss_get(wt, src);
409 sta = sta_get(bss, dst);
413 eapol = (const struct ieee802_1x_hdr *) data;
414 hdr = (const struct wpa_eapol_key *) (eapol + 1);
415 key_info = WPA_GET_BE16(hdr->key_info);
417 if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
418 wpa_printf(MSG_INFO, "EAPOL-Key ANonce mismatch between 1/4 "
422 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
424 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
429 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 3/4");
433 if (check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
435 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
438 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
440 key_data = (const u8 *) (hdr + 1);
441 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
442 if (sta->proto & WPA_PROTO_RSN)
443 wpa_printf(MSG_INFO, "EAPOL-Key 3/4 without "
445 decrypted = key_data;
446 decrypted_len = WPA_GET_BE16(hdr->key_data_length);
448 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
449 decrypted_buf = decrypt_eapol_key_data(sta->ptk.kek, ver, hdr,
451 if (decrypted_buf == NULL) {
452 wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key "
456 decrypted = decrypted_buf;
457 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
458 decrypted, decrypted_len);
460 if (wt->write_pcap_dumper && decrypted != key_data) {
461 /* Fill in a dummy Data frame header */
462 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)];
463 struct ieee80211_hdr *h;
464 struct wpa_eapol_key *k;
469 plain_len = decrypted_len;
471 while (p + 1 < decrypted + decrypted_len) {
472 if (p[0] == 0xdd && p[1] == 0x00) {
474 plain_len = p - decrypted;
480 os_memset(buf, 0, sizeof(buf));
481 h = (struct ieee80211_hdr *) buf;
482 h->frame_control = host_to_le16(0x0208);
483 os_memcpy(h->addr1, dst, ETH_ALEN);
484 os_memcpy(h->addr2, src, ETH_ALEN);
485 os_memcpy(h->addr3, src, ETH_ALEN);
486 pos = (u8 *) (h + 1);
487 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
489 os_memcpy(pos, eapol, sizeof(*eapol));
490 pos += sizeof(*eapol);
491 os_memcpy(pos, hdr, sizeof(*hdr));
492 k = (struct wpa_eapol_key *) pos;
493 WPA_PUT_BE16(k->key_info,
494 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
495 WPA_PUT_BE16(k->key_data_length, plain_len);
496 write_pcap_decrypted(wt, buf, sizeof(buf),
497 decrypted, plain_len);
500 if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) {
501 wpa_printf(MSG_INFO, "Failed to parse EAPOL-Key Key Data");
502 os_free(decrypted_buf);
507 os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) ||
508 (ie.wpa_ie == NULL && bss->wpaie[0])) {
509 wpa_printf(MSG_INFO, "Mismatch in WPA IE between "
510 "EAPOL-Key 3/4 and Beacon/Probe Response "
511 "from " MACSTR, MAC2STR(bss->bssid));
512 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
513 ie.wpa_ie, ie.wpa_ie_len);
514 wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe "
517 bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
521 os_memcmp(ie.rsn_ie, bss->rsnie, ie.rsn_ie_len) != 0) ||
522 (ie.rsn_ie == NULL && bss->rsnie[0])) {
523 wpa_printf(MSG_INFO, "Mismatch in RSN IE between "
524 "EAPOL-Key 3/4 and Beacon/Probe Response "
525 "from " MACSTR, MAC2STR(bss->bssid));
526 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
527 ie.rsn_ie, ie.rsn_ie_len);
528 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
531 bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
534 learn_kde_keys(bss, decrypted, decrypted_len, hdr->key_rsc);
535 os_free(decrypted_buf);
539 static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
540 const u8 *src, const u8 *data, size_t len)
542 struct wlantest_bss *bss;
543 struct wlantest_sta *sta;
544 const struct ieee802_1x_hdr *eapol;
545 const struct wpa_eapol_key *hdr;
548 wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
549 MAC2STR(src), MAC2STR(dst));
550 bss = bss_get(wt, dst);
553 sta = sta_get(bss, src);
557 eapol = (const struct ieee802_1x_hdr *) data;
558 hdr = (const struct wpa_eapol_key *) (eapol + 1);
559 key_info = WPA_GET_BE16(hdr->key_info);
562 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 4/4");
567 check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
569 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
572 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
576 static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
577 const u8 *src, const u8 *data, size_t len)
579 struct wlantest_bss *bss;
580 struct wlantest_sta *sta;
581 const struct ieee802_1x_hdr *eapol;
582 const struct wpa_eapol_key *hdr;
586 size_t decrypted_len = 0;
588 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR,
589 MAC2STR(src), MAC2STR(dst));
590 bss = bss_get(wt, src);
593 sta = sta_get(bss, dst);
597 eapol = (const struct ieee802_1x_hdr *) data;
598 hdr = (const struct wpa_eapol_key *) (eapol + 1);
599 key_info = WPA_GET_BE16(hdr->key_info);
602 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 1/2");
607 check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
609 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC");
612 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2");
614 key_data = (const u8 *) (hdr + 1);
615 if (sta->proto & WPA_PROTO_RSN &&
616 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
617 wpa_printf(MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit");
620 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
621 decrypted = decrypt_eapol_key_data(sta->ptk.kek, ver, hdr,
623 if (decrypted == NULL) {
624 wpa_printf(MSG_INFO, "Failed to decrypt EAPOL-Key Key Data");
627 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
628 decrypted, decrypted_len);
629 if (wt->write_pcap_dumper) {
630 /* Fill in a dummy Data frame header */
631 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr)];
632 struct ieee80211_hdr *h;
633 struct wpa_eapol_key *k;
637 plain_len = decrypted_len;
639 while (pos + 1 < decrypted + decrypted_len) {
640 if (pos[0] == 0xdd && pos[1] == 0x00) {
642 plain_len = pos - decrypted;
648 os_memset(buf, 0, sizeof(buf));
649 h = (struct ieee80211_hdr *) buf;
650 h->frame_control = host_to_le16(0x0208);
651 os_memcpy(h->addr1, dst, ETH_ALEN);
652 os_memcpy(h->addr2, src, ETH_ALEN);
653 os_memcpy(h->addr3, src, ETH_ALEN);
654 pos = (u8 *) (h + 1);
655 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
657 os_memcpy(pos, eapol, sizeof(*eapol));
658 pos += sizeof(*eapol);
659 os_memcpy(pos, hdr, sizeof(*hdr));
660 k = (struct wpa_eapol_key *) pos;
661 WPA_PUT_BE16(k->key_info,
662 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
663 WPA_PUT_BE16(k->key_data_length, plain_len);
664 write_pcap_decrypted(wt, buf, sizeof(buf),
665 decrypted, plain_len);
667 if (sta->proto & WPA_PROTO_RSN)
668 learn_kde_keys(bss, decrypted, decrypted_len, hdr->key_rsc);
670 int len = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16;
671 if (decrypted_len == len) {
672 const u8 *rsc = hdr->key_rsc;
674 id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
675 WPA_KEY_INFO_KEY_INDEX_SHIFT;
676 wpa_printf(MSG_DEBUG, "GTK key index %d", id);
677 wpa_hexdump(MSG_DEBUG, "GTK", decrypted,
679 bss->gtk_len[id] = decrypted_len;
680 os_memcpy(bss->gtk[id], decrypted, decrypted_len);
681 bss->rsc[id][0] = rsc[5];
682 bss->rsc[id][1] = rsc[4];
683 bss->rsc[id][2] = rsc[3];
684 bss->rsc[id][3] = rsc[2];
685 bss->rsc[id][4] = rsc[1];
686 bss->rsc[id][5] = rsc[0];
687 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
689 wpa_printf(MSG_INFO, "Unexpected WPA Key Data length "
690 "in Group Key msg 1/2 from " MACSTR,
698 static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
699 const u8 *src, const u8 *data, size_t len)
701 struct wlantest_bss *bss;
702 struct wlantest_sta *sta;
703 const struct ieee802_1x_hdr *eapol;
704 const struct wpa_eapol_key *hdr;
707 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR,
708 MAC2STR(src), MAC2STR(dst));
709 bss = bss_get(wt, dst);
712 sta = sta_get(bss, src);
716 eapol = (const struct ieee802_1x_hdr *) data;
717 hdr = (const struct wpa_eapol_key *) (eapol + 1);
718 key_info = WPA_GET_BE16(hdr->key_info);
721 wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 2/2");
726 check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
728 wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC");
731 wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2");
735 static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
736 const u8 *src, const u8 *data, size_t len,
739 const struct ieee802_1x_hdr *eapol;
740 const struct wpa_eapol_key *hdr;
742 u16 key_info, key_length, ver, key_data_length;
744 eapol = (const struct ieee802_1x_hdr *) data;
745 hdr = (const struct wpa_eapol_key *) (eapol + 1);
747 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
748 (const u8 *) hdr, len - sizeof(*eapol));
749 if (len < sizeof(*hdr)) {
750 wpa_printf(MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
755 if (hdr->type == EAPOL_KEY_TYPE_RC4) {
756 /* TODO: EAPOL-Key RC4 for WEP */
760 if (hdr->type != EAPOL_KEY_TYPE_RSN &&
761 hdr->type != EAPOL_KEY_TYPE_WPA) {
762 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key type %u",
767 key_info = WPA_GET_BE16(hdr->key_info);
768 key_length = WPA_GET_BE16(hdr->key_length);
769 key_data_length = WPA_GET_BE16(hdr->key_data_length);
770 key_data = (const u8 *) (hdr + 1);
771 if (key_data + key_data_length > data + len) {
772 wpa_printf(MSG_INFO, "Truncated EAPOL-Key from " MACSTR,
776 if (key_data + key_data_length < data + len) {
777 wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data "
778 "field", key_data + key_data_length,
779 data + len - key_data - key_data_length);
783 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
784 wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
786 ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
787 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
788 WPA_KEY_INFO_KEY_INDEX_SHIFT,
789 (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
790 (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
791 (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
792 (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
793 (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
794 (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
795 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
796 (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
799 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
800 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
801 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
802 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key Key Descriptor "
807 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
808 hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
809 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
810 hdr->key_nonce, WPA_NONCE_LEN);
811 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
813 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
814 hdr->key_rsc, WPA_KEY_RSC_LEN);
815 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
817 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data",
818 key_data, key_data_length);
820 if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
823 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
826 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
827 /* 4-Way Handshake */
828 switch (key_info & (WPA_KEY_INFO_SECURE |
831 WPA_KEY_INFO_INSTALL)) {
832 case WPA_KEY_INFO_ACK:
833 rx_data_eapol_key_1_of_4(wt, dst, src, data, len);
835 case WPA_KEY_INFO_MIC:
836 rx_data_eapol_key_2_of_4(wt, dst, src, data, len);
838 case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK |
839 WPA_KEY_INFO_INSTALL:
840 /* WPA does not include Secure bit in 3/4 */
841 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
843 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
844 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
845 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
847 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
848 rx_data_eapol_key_4_of_4(wt, dst, src, data, len);
851 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
855 /* Group Key Handshake */
856 switch (key_info & (WPA_KEY_INFO_SECURE |
859 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
861 rx_data_eapol_key_1_of_2(wt, dst, src, data, len);
863 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
864 rx_data_eapol_key_2_of_2(wt, dst, src, data, len);
867 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
874 static void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src,
875 const u8 *data, size_t len, int prot)
877 const struct ieee802_1x_hdr *hdr;
881 wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
882 if (len < sizeof(*hdr)) {
883 wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
888 hdr = (const struct ieee802_1x_hdr *) data;
889 length = be_to_host16(hdr->length);
890 wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
892 MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
893 hdr->version, hdr->type, length);
894 if (sizeof(*hdr) + length > len) {
895 wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
900 if (sizeof(*hdr) + length < len) {
901 wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
902 (int) (len - sizeof(*hdr) - length));
904 p = (const u8 *) (hdr + 1);
907 case IEEE802_1X_TYPE_EAP_PACKET:
908 wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
910 case IEEE802_1X_TYPE_EAPOL_START:
911 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
913 case IEEE802_1X_TYPE_EAPOL_LOGOFF:
914 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
916 case IEEE802_1X_TYPE_EAPOL_KEY:
917 rx_data_eapol_key(wt, dst, src, data, sizeof(*hdr) + length,
920 case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
921 wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
925 wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
931 static void rx_data_eth(struct wlantest *wt, const u8 *dst, const u8 *src,
932 u16 ethertype, const u8 *data, size_t len, int prot)
934 if (ethertype == ETH_P_PAE)
935 rx_data_eapol(wt, dst, src, data, len, prot);
939 static void rx_data_process(struct wlantest *wt, const u8 *dst, const u8 *src,
940 const u8 *data, size_t len, int prot)
945 if (len >= 8 && os_memcmp(data, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) {
946 rx_data_eth(wt, dst, src, WPA_GET_BE16(data + 6),
947 data + 8, len - 8, prot);
951 wpa_hexdump(MSG_DEBUG, "Unrecognized LLC", data, len > 8 ? 8 : len);
955 static void rx_data_bss_prot_group(struct wlantest *wt,
956 const struct ieee80211_hdr *hdr,
957 const u8 *qos, const u8 *dst, const u8 *src,
958 const u8 *data, size_t len)
960 struct wlantest_bss *bss;
966 bss = bss_get(wt, hdr->addr2);
970 wpa_printf(MSG_INFO, "Too short group addressed data frame");
974 if (bss->group_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
976 wpa_printf(MSG_INFO, "Expected TKIP/CCMP frame from "
977 MACSTR " did not have ExtIV bit set to 1",
978 MAC2STR(bss->bssid));
982 if (bss->group_cipher == WPA_CIPHER_TKIP) {
983 if (data[3] & 0x1f) {
984 wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
985 "non-zero reserved bit",
986 MAC2STR(bss->bssid));
988 if (data[1] != ((data[0] | 0x20) & 0x7f)) {
989 wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
990 "incorrect WEPSeed[1] (was 0x%x, expected "
992 MAC2STR(bss->bssid), data[1],
993 (data[0] | 0x20) & 0x7f);
995 } else if (bss->group_cipher == WPA_CIPHER_CCMP) {
996 if (data[2] != 0 || (data[3] & 0x1f) != 0) {
997 wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
998 "non-zero reserved bit",
999 MAC2STR(bss->bssid));
1003 keyid = data[3] >> 6;
1004 if (bss->gtk_len[keyid] == 0) {
1005 wpa_printf(MSG_MSGDUMP, "No GTK known to decrypt the frame "
1006 "(A2=" MACSTR " KeyID=%d)",
1007 MAC2STR(hdr->addr2), keyid);
1011 if (bss->group_cipher == WPA_CIPHER_TKIP)
1012 tkip_get_pn(pn, data);
1014 ccmp_get_pn(pn, data);
1015 if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) {
1016 wpa_printf(MSG_INFO, "CCMP/TKIP replay detected: SA=" MACSTR,
1017 MAC2STR(hdr->addr2));
1018 wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
1019 wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6);
1022 if (bss->group_cipher == WPA_CIPHER_TKIP)
1023 decrypted = tkip_decrypt(bss->gtk[keyid], hdr, data, len,
1026 decrypted = ccmp_decrypt(bss->gtk[keyid], hdr, data, len,
1029 rx_data_process(wt, dst, src, decrypted, dlen, 1);
1030 os_memcpy(bss->rsc[keyid], pn, 6);
1031 write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0),
1038 static void rx_data_bss_prot(struct wlantest *wt,
1039 const struct ieee80211_hdr *hdr, const u8 *qos,
1040 const u8 *dst, const u8 *src, const u8 *data,
1043 struct wlantest_bss *bss;
1044 struct wlantest_sta *sta;
1046 u16 fc = le_to_host16(hdr->frame_control);
1052 if (hdr->addr1[0] & 0x01) {
1053 rx_data_bss_prot_group(wt, hdr, qos, dst, src, data, len);
1057 if (fc & WLAN_FC_TODS) {
1058 bss = bss_get(wt, hdr->addr1);
1061 sta = sta_get(bss, hdr->addr2);
1063 bss = bss_get(wt, hdr->addr2);
1066 sta = sta_get(bss, hdr->addr1);
1068 if (sta == NULL || !sta->ptk_set) {
1069 wpa_printf(MSG_MSGDUMP, "No PTK known to decrypt the frame");
1074 wpa_printf(MSG_INFO, "Too short encrypted data frame");
1078 if (sta->pairwise_cipher & (WPA_CIPHER_TKIP | WPA_CIPHER_CCMP) &&
1079 !(data[3] & 0x20)) {
1080 wpa_printf(MSG_INFO, "Expected TKIP/CCMP frame from "
1081 MACSTR " did not have ExtIV bit set to 1",
1086 if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
1087 if (data[3] & 0x1f) {
1088 wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
1089 "non-zero reserved bit",
1090 MAC2STR(hdr->addr2));
1092 if (data[1] != ((data[0] | 0x20) & 0x7f)) {
1093 wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
1094 "incorrect WEPSeed[1] (was 0x%x, expected "
1096 MAC2STR(hdr->addr2), data[1],
1097 (data[0] | 0x20) & 0x7f);
1099 } else if (sta->pairwise_cipher == WPA_CIPHER_CCMP) {
1100 if (data[2] != 0 || (data[3] & 0x1f) != 0) {
1101 wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
1102 "non-zero reserved bit",
1103 MAC2STR(hdr->addr2));
1107 keyid = data[3] >> 6;
1109 wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
1110 "individually addressed Data frame from " MACSTR,
1111 keyid, MAC2STR(hdr->addr2));
1115 tid = qos[0] & 0x0f;
1118 if (fc & WLAN_FC_TODS)
1119 rsc = sta->rsc_tods[tid];
1121 rsc = sta->rsc_fromds[tid];
1124 if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
1125 tkip_get_pn(pn, data);
1127 ccmp_get_pn(pn, data);
1128 if (os_memcmp(pn, rsc, 6) <= 0) {
1129 wpa_printf(MSG_INFO, "CCMP/TKIP replay detected: SA=" MACSTR,
1130 MAC2STR(hdr->addr2));
1131 wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
1132 wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
1135 if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
1136 decrypted = tkip_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
1138 decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
1140 rx_data_process(wt, dst, src, decrypted, dlen, 1);
1141 os_memcpy(rsc, pn, 6);
1142 write_pcap_decrypted(wt, (const u8 *) hdr, 24 + (qos ? 2 : 0),
1149 static void rx_data_bss(struct wlantest *wt, const struct ieee80211_hdr *hdr,
1150 const u8 *qos, const u8 *dst, const u8 *src,
1151 const u8 *data, size_t len)
1153 u16 fc = le_to_host16(hdr->frame_control);
1154 int prot = !!(fc & WLAN_FC_ISWEP);
1157 u8 ack = (qos[0] & 0x60) >> 5;
1158 wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
1159 " len=%u%s tid=%u%s%s",
1160 MAC2STR(src), MAC2STR(dst), (unsigned int) len,
1161 prot ? " Prot" : "", qos[0] & 0x0f,
1162 (qos[0] & 0x10) ? " EOSP" : "",
1164 (ack == 1 ? " NoAck" :
1165 (ack == 2 ? " NoExpAck" : " BA")));
1167 wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
1169 MAC2STR(src), MAC2STR(dst), (unsigned int) len,
1170 prot ? " Prot" : "");
1174 rx_data_bss_prot(wt, hdr, qos, dst, src, data, len);
1176 rx_data_process(wt, dst, src, data, len, 0);
1180 void rx_data(struct wlantest *wt, const u8 *data, size_t len)
1182 const struct ieee80211_hdr *hdr;
1185 const u8 *qos = NULL;
1190 hdr = (const struct ieee80211_hdr *) data;
1191 fc = le_to_host16(hdr->frame_control);
1192 stype = WLAN_FC_GET_STYPE(fc);
1194 if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
1195 (WLAN_FC_TODS | WLAN_FC_FROMDS))
1198 qos = data + hdrlen;
1205 switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
1207 wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s IBSS DA=" MACSTR " SA="
1208 MACSTR " BSSID=" MACSTR,
1209 data_stype(WLAN_FC_GET_STYPE(fc)),
1210 fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
1211 fc & WLAN_FC_ISWEP ? " Prot" : "",
1212 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1213 MAC2STR(hdr->addr3));
1215 case WLAN_FC_FROMDS:
1216 wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s FromDS DA=" MACSTR
1217 " BSSID=" MACSTR " SA=" MACSTR,
1218 data_stype(WLAN_FC_GET_STYPE(fc)),
1219 fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
1220 fc & WLAN_FC_ISWEP ? " Prot" : "",
1221 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1222 MAC2STR(hdr->addr3));
1223 rx_data_bss(wt, hdr, qos, hdr->addr1, hdr->addr2,
1224 data + hdrlen, len - hdrlen);
1227 wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s ToDS BSSID=" MACSTR
1228 " SA=" MACSTR " DA=" MACSTR,
1229 data_stype(WLAN_FC_GET_STYPE(fc)),
1230 fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
1231 fc & WLAN_FC_ISWEP ? " Prot" : "",
1232 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1233 MAC2STR(hdr->addr3));
1234 rx_data_bss(wt, hdr, qos, hdr->addr3, hdr->addr2,
1235 data + hdrlen, len - hdrlen);
1237 case WLAN_FC_TODS | WLAN_FC_FROMDS:
1238 wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s WDS RA=" MACSTR " TA="
1239 MACSTR " DA=" MACSTR " SA=" MACSTR,
1240 data_stype(WLAN_FC_GET_STYPE(fc)),
1241 fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
1242 fc & WLAN_FC_ISWEP ? " Prot" : "",
1243 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1244 MAC2STR(hdr->addr3),
1245 MAC2STR((const u8 *) (hdr + 1)));