2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
19 #include "ieee802_11.h"
22 #include "pmksa_cache.h"
23 #include "wpa_auth_ie.h"
24 #include "wpa_auth_i.h"
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 struct wpa_ie_hdr *hdr;
33 hdr = (struct wpa_ie_hdr *) buf;
34 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
35 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
36 WPA_PUT_LE16(hdr->version, WPA_VERSION);
37 pos = (u8 *) (hdr + 1);
39 if (conf->wpa_group == WPA_CIPHER_CCMP) {
40 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
41 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
42 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
43 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
44 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP104);
45 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
46 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_WEP40);
48 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
52 pos += WPA_SELECTOR_LEN;
58 if (conf->wpa_pairwise & WPA_CIPHER_CCMP) {
59 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
60 pos += WPA_SELECTOR_LEN;
63 if (conf->wpa_pairwise & WPA_CIPHER_TKIP) {
64 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
65 pos += WPA_SELECTOR_LEN;
68 if (conf->wpa_pairwise & WPA_CIPHER_NONE) {
69 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
70 pos += WPA_SELECTOR_LEN;
74 if (num_suites == 0) {
75 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
79 WPA_PUT_LE16(count, num_suites);
85 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
86 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
87 pos += WPA_SELECTOR_LEN;
90 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
91 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
92 pos += WPA_SELECTOR_LEN;
96 if (num_suites == 0) {
97 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
101 WPA_PUT_LE16(count, num_suites);
103 /* WPA Capabilities; use defaults, so no need to include it */
105 hdr->len = (pos - buf) - 2;
111 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
114 struct rsn_ie_hdr *hdr;
119 hdr = (struct rsn_ie_hdr *) buf;
120 hdr->elem_id = WLAN_EID_RSN;
121 WPA_PUT_LE16(hdr->version, RSN_VERSION);
122 pos = (u8 *) (hdr + 1);
124 if (conf->wpa_group == WPA_CIPHER_CCMP) {
125 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
126 } else if (conf->wpa_group == WPA_CIPHER_TKIP) {
127 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
128 } else if (conf->wpa_group == WPA_CIPHER_WEP104) {
129 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP104);
130 } else if (conf->wpa_group == WPA_CIPHER_WEP40) {
131 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_WEP40);
133 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
137 pos += RSN_SELECTOR_LEN;
143 if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
144 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
145 pos += RSN_SELECTOR_LEN;
148 if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
149 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
150 pos += RSN_SELECTOR_LEN;
153 if (conf->rsn_pairwise & WPA_CIPHER_NONE) {
154 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
155 pos += RSN_SELECTOR_LEN;
159 if (num_suites == 0) {
160 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
164 WPA_PUT_LE16(count, num_suites);
170 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
171 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
172 pos += RSN_SELECTOR_LEN;
175 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
176 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
177 pos += RSN_SELECTOR_LEN;
180 #ifdef CONFIG_IEEE80211R
181 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
182 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
183 pos += RSN_SELECTOR_LEN;
186 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
187 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
188 pos += RSN_SELECTOR_LEN;
191 #endif /* CONFIG_IEEE80211R */
193 if (num_suites == 0) {
194 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
198 WPA_PUT_LE16(count, num_suites);
200 /* RSN Capabilities */
202 if (conf->rsn_preauth)
203 capab |= WPA_CAPABILITY_PREAUTH;
205 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
206 if (conf->wme_enabled) {
207 /* 4 PTKSA replay counters when using WME */
208 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
210 #ifdef CONFIG_IEEE80211W
211 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
212 capab |= WPA_CAPABILITY_MFPC;
213 if (conf->ieee80211w == IEEE80211W_REQUIRED)
214 capab |= WPA_CAPABILITY_MFPR;
216 #endif /* CONFIG_IEEE80211W */
217 WPA_PUT_LE16(pos, capab);
221 if (pos + 2 + PMKID_LEN > buf + len)
224 WPA_PUT_LE16(pos, 1);
226 os_memcpy(pos, pmkid, PMKID_LEN);
230 #ifdef CONFIG_IEEE80211W
231 if (conf->ieee80211w != WPA_NO_IEEE80211W) {
232 if (pos + 2 + 4 > buf + len)
236 WPA_PUT_LE16(pos, 0);
240 /* Management Group Cipher Suite */
241 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
242 pos += RSN_SELECTOR_LEN;
244 #endif /* CONFIG_IEEE80211W */
246 hdr->len = (pos - buf) - 2;
252 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
259 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
260 res = wpa_write_rsn_ie(&wpa_auth->conf,
261 pos, buf + sizeof(buf) - pos, NULL);
266 #ifdef CONFIG_IEEE80211R
267 if (wpa_auth->conf.wpa_key_mgmt &
268 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) {
269 res = wpa_write_mdie(&wpa_auth->conf, pos,
270 buf + sizeof(buf) - pos);
275 #endif /* CONFIG_IEEE80211R */
276 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
277 res = wpa_write_wpa_ie(&wpa_auth->conf,
278 pos, buf + sizeof(buf) - pos);
284 os_free(wpa_auth->wpa_ie);
285 wpa_auth->wpa_ie = os_malloc(pos - buf);
286 if (wpa_auth->wpa_ie == NULL)
288 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
289 wpa_auth->wpa_ie_len = pos - buf;
295 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
296 const u8 *data2, size_t data2_len)
298 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
299 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
300 RSN_SELECTOR_PUT(pos, kde);
301 pos += RSN_SELECTOR_LEN;
302 os_memcpy(pos, data, data_len);
305 os_memcpy(pos, data2, data2_len);
312 static int wpa_selector_to_bitfield(const u8 *s)
314 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
315 return WPA_CIPHER_NONE;
316 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
317 return WPA_CIPHER_WEP40;
318 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
319 return WPA_CIPHER_TKIP;
320 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
321 return WPA_CIPHER_CCMP;
322 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
323 return WPA_CIPHER_WEP104;
328 static int wpa_key_mgmt_to_bitfield(const u8 *s)
330 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
331 return WPA_KEY_MGMT_IEEE8021X;
332 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
333 return WPA_KEY_MGMT_PSK;
334 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
335 return WPA_KEY_MGMT_WPA_NONE;
340 static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
341 struct wpa_ie_data *data)
343 const struct wpa_ie_hdr *hdr;
348 os_memset(data, 0, sizeof(*data));
349 data->pairwise_cipher = WPA_CIPHER_TKIP;
350 data->group_cipher = WPA_CIPHER_TKIP;
351 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
352 data->mgmt_group_cipher = 0;
354 if (wpa_ie_len < sizeof(struct wpa_ie_hdr))
357 hdr = (const struct wpa_ie_hdr *) wpa_ie;
359 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
360 hdr->len != wpa_ie_len - 2 ||
361 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
362 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
366 pos = (const u8 *) (hdr + 1);
367 left = wpa_ie_len - sizeof(*hdr);
369 if (left >= WPA_SELECTOR_LEN) {
370 data->group_cipher = wpa_selector_to_bitfield(pos);
371 pos += WPA_SELECTOR_LEN;
372 left -= WPA_SELECTOR_LEN;
377 data->pairwise_cipher = 0;
378 count = WPA_GET_LE16(pos);
381 if (count == 0 || left < count * WPA_SELECTOR_LEN)
383 for (i = 0; i < count; i++) {
384 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
385 pos += WPA_SELECTOR_LEN;
386 left -= WPA_SELECTOR_LEN;
388 } else if (left == 1)
393 count = WPA_GET_LE16(pos);
396 if (count == 0 || left < count * WPA_SELECTOR_LEN)
398 for (i = 0; i < count; i++) {
399 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
400 pos += WPA_SELECTOR_LEN;
401 left -= WPA_SELECTOR_LEN;
403 } else if (left == 1)
407 data->capabilities = WPA_GET_LE16(pos);
420 struct wpa_auth_okc_iter_data {
421 struct rsn_pmksa_cache_entry *pmksa;
428 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
430 struct wpa_auth_okc_iter_data *data = ctx;
431 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
439 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
440 struct wpa_state_machine *sm,
441 const u8 *wpa_ie, size_t wpa_ie_len,
442 const u8 *mdie, size_t mdie_len)
444 struct wpa_ie_data data;
445 int ciphers, key_mgmt, res, version;
448 const u8 *pmkid = NULL;
450 if (wpa_auth == NULL || sm == NULL)
451 return WPA_NOT_ENABLED;
453 if (wpa_ie == NULL || wpa_ie_len < 1)
454 return WPA_INVALID_IE;
456 if (wpa_ie[0] == WLAN_EID_RSN)
457 version = WPA_PROTO_RSN;
459 version = WPA_PROTO_WPA;
461 if (version == WPA_PROTO_RSN) {
462 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
464 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
467 #ifdef CONFIG_IEEE80211R
468 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
469 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
470 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
471 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
472 #endif /* CONFIG_IEEE80211R */
473 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
474 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
475 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
476 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
477 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
479 selector = RSN_CIPHER_SUITE_CCMP;
480 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
481 selector = RSN_CIPHER_SUITE_CCMP;
482 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
483 selector = RSN_CIPHER_SUITE_TKIP;
484 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
485 selector = RSN_CIPHER_SUITE_WEP104;
486 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
487 selector = RSN_CIPHER_SUITE_WEP40;
488 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
489 selector = RSN_CIPHER_SUITE_NONE;
490 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
492 selector = RSN_CIPHER_SUITE_CCMP;
493 if (data.group_cipher & WPA_CIPHER_CCMP)
494 selector = RSN_CIPHER_SUITE_CCMP;
495 else if (data.group_cipher & WPA_CIPHER_TKIP)
496 selector = RSN_CIPHER_SUITE_TKIP;
497 else if (data.group_cipher & WPA_CIPHER_WEP104)
498 selector = RSN_CIPHER_SUITE_WEP104;
499 else if (data.group_cipher & WPA_CIPHER_WEP40)
500 selector = RSN_CIPHER_SUITE_WEP40;
501 else if (data.group_cipher & WPA_CIPHER_NONE)
502 selector = RSN_CIPHER_SUITE_NONE;
503 wpa_auth->dot11RSNAGroupCipherSelected = selector;
505 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
507 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
508 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
509 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
510 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
511 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
512 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
514 selector = WPA_CIPHER_SUITE_TKIP;
515 if (data.pairwise_cipher & WPA_CIPHER_CCMP)
516 selector = WPA_CIPHER_SUITE_CCMP;
517 else if (data.pairwise_cipher & WPA_CIPHER_TKIP)
518 selector = WPA_CIPHER_SUITE_TKIP;
519 else if (data.pairwise_cipher & WPA_CIPHER_WEP104)
520 selector = WPA_CIPHER_SUITE_WEP104;
521 else if (data.pairwise_cipher & WPA_CIPHER_WEP40)
522 selector = WPA_CIPHER_SUITE_WEP40;
523 else if (data.pairwise_cipher & WPA_CIPHER_NONE)
524 selector = WPA_CIPHER_SUITE_NONE;
525 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
527 selector = WPA_CIPHER_SUITE_TKIP;
528 if (data.group_cipher & WPA_CIPHER_CCMP)
529 selector = WPA_CIPHER_SUITE_CCMP;
530 else if (data.group_cipher & WPA_CIPHER_TKIP)
531 selector = WPA_CIPHER_SUITE_TKIP;
532 else if (data.group_cipher & WPA_CIPHER_WEP104)
533 selector = WPA_CIPHER_SUITE_WEP104;
534 else if (data.group_cipher & WPA_CIPHER_WEP40)
535 selector = WPA_CIPHER_SUITE_WEP40;
536 else if (data.group_cipher & WPA_CIPHER_NONE)
537 selector = WPA_CIPHER_SUITE_NONE;
538 wpa_auth->dot11RSNAGroupCipherSelected = selector;
541 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
542 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
543 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
544 return WPA_INVALID_IE;
547 if (data.group_cipher != wpa_auth->conf.wpa_group) {
548 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
549 MACSTR, data.group_cipher, MAC2STR(sm->addr));
550 return WPA_INVALID_GROUP;
553 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
555 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
556 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
557 return WPA_INVALID_AKMP;
561 #ifdef CONFIG_IEEE80211R
562 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
563 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
564 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
565 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
566 #endif /* CONFIG_IEEE80211R */
567 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
568 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
570 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
572 if (version == WPA_PROTO_RSN)
573 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
575 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
577 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
579 version == WPA_PROTO_RSN ? "RSN" : "WPA",
580 data.pairwise_cipher, MAC2STR(sm->addr));
581 return WPA_INVALID_PAIRWISE;
584 #ifdef CONFIG_IEEE80211W
585 if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
586 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
587 wpa_printf(MSG_DEBUG, "Management frame protection "
588 "required, but client did not enable it");
589 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
592 if (ciphers & WPA_CIPHER_TKIP) {
593 wpa_printf(MSG_DEBUG, "Management frame protection "
595 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
598 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
599 wpa_printf(MSG_DEBUG, "Unsupported management group "
600 "cipher %d", data.mgmt_group_cipher);
601 return WPA_INVALID_MGMT_GROUP_CIPHER;
605 if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
606 !(data.capabilities & WPA_CAPABILITY_MFPC))
607 sm->mgmt_frame_prot = 0;
609 sm->mgmt_frame_prot = 1;
610 #endif /* CONFIG_IEEE80211W */
612 #ifdef CONFIG_IEEE80211R
613 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
614 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK) {
615 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
616 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
617 "MDIE not included");
618 return WPA_INVALID_MDIE;
620 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
621 MOBILITY_DOMAIN_ID_LEN) != 0) {
622 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
623 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
624 return WPA_INVALID_MDIE;
627 #endif /* CONFIG_IEEE80211R */
629 if (ciphers & WPA_CIPHER_CCMP)
630 sm->pairwise = WPA_CIPHER_CCMP;
632 sm->pairwise = WPA_CIPHER_TKIP;
634 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
635 if (wpa_ie[0] == WLAN_EID_RSN)
636 sm->wpa = WPA_VERSION_WPA2;
638 sm->wpa = WPA_VERSION_WPA;
641 for (i = 0; i < data.num_pmkid; i++) {
642 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
643 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
644 sm->pmksa = pmksa_cache_get(wpa_auth->pmksa, sm->addr,
645 &data.pmkid[i * PMKID_LEN]);
647 pmkid = sm->pmksa->pmkid;
651 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
652 i < data.num_pmkid; i++) {
653 struct wpa_auth_okc_iter_data idata;
655 idata.aa = wpa_auth->addr;
656 idata.spa = sm->addr;
657 idata.pmkid = &data.pmkid[i * PMKID_LEN];
658 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
660 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
661 "OKC match for PMKID");
662 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
671 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
672 "PMKID found from PMKSA cache "
673 "eap_type=%d vlan_id=%d",
674 sm->pmksa->eap_type_authsrv,
676 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
679 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
681 sm->wpa_ie = os_malloc(wpa_ie_len);
682 if (sm->wpa_ie == NULL)
683 return WPA_ALLOC_FAIL;
685 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
686 sm->wpa_ie_len = wpa_ie_len;
693 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
694 * @pos: Pointer to the IE header
695 * @end: Pointer to the end of the Key Data buffer
696 * @ie: Pointer to parsed IE data
697 * Returns: 0 on success, 1 if end mark is found, -1 on failure
699 static int wpa_parse_generic(const u8 *pos, const u8 *end,
700 struct wpa_eapol_ie_parse *ie)
706 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
707 pos[2 + WPA_SELECTOR_LEN] == 1 &&
708 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
710 ie->wpa_ie_len = pos[1] + 2;
714 if (pos + 1 + RSN_SELECTOR_LEN < end &&
715 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
716 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
717 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
721 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
722 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
723 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
724 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
728 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
729 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
730 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
731 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
735 #ifdef CONFIG_PEERKEY
736 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
737 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
738 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
739 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
743 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
744 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
745 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
746 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
750 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
751 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
752 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
753 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
757 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
758 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
759 ie->error = pos + 2 + RSN_SELECTOR_LEN;
760 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
763 #endif /* CONFIG_PEERKEY */
765 #ifdef CONFIG_IEEE80211W
766 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
767 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
768 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
769 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
772 #endif /* CONFIG_IEEE80211W */
779 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
780 * @buf: Pointer to the Key Data buffer
781 * @len: Key Data Length
782 * @ie: Pointer to parsed IE data
783 * Returns: 0 on success, -1 on failure
785 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
790 os_memset(ie, 0, sizeof(*ie));
791 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
792 if (pos[0] == 0xdd &&
793 ((pos == buf + len - 1) || pos[1] == 0)) {
797 if (pos + 2 + pos[1] > end) {
798 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
799 "underflow (ie=%d len=%d pos=%d)",
800 pos[0], pos[1], (int) (pos - buf));
801 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
806 if (*pos == WLAN_EID_RSN) {
808 ie->rsn_ie_len = pos[1] + 2;
809 #ifdef CONFIG_IEEE80211R
810 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
812 ie->mdie_len = pos[1] + 2;
813 #endif /* CONFIG_IEEE80211R */
814 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
815 ret = wpa_parse_generic(pos, end, ie);
823 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
824 "Key Data IE", pos, 2 + pos[1]);
832 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
834 return sm ? sm->mgmt_frame_prot : 0;