2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
22 #ifdef CONFIG_RSN_TESTING
24 #endif /* CONFIG_RSN_TESTING */
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 struct wpa_ie_hdr *hdr;
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
81 WPA_PUT_LE16(count, num_suites);
83 /* WPA Capabilities; use defaults, so no need to include it */
85 hdr->len = (pos - buf) - 2;
91 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
94 struct rsn_ie_hdr *hdr;
100 hdr = (struct rsn_ie_hdr *) buf;
101 hdr->elem_id = WLAN_EID_RSN;
102 WPA_PUT_LE16(hdr->version, RSN_VERSION);
103 pos = (u8 *) (hdr + 1);
105 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
107 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
111 RSN_SELECTOR_PUT(pos, suite);
112 pos += RSN_SELECTOR_LEN;
118 #ifdef CONFIG_RSN_TESTING
120 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 pos += RSN_SELECTOR_LEN;
124 #endif /* CONFIG_RSN_TESTING */
126 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
128 pos += res * RSN_SELECTOR_LEN;
130 #ifdef CONFIG_RSN_TESTING
132 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 pos += RSN_SELECTOR_LEN;
136 #endif /* CONFIG_RSN_TESTING */
138 if (num_suites == 0) {
139 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
143 WPA_PUT_LE16(count, num_suites);
149 #ifdef CONFIG_RSN_TESTING
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
155 #endif /* CONFIG_RSN_TESTING */
157 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
158 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 pos += RSN_SELECTOR_LEN;
162 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
163 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 pos += RSN_SELECTOR_LEN;
167 #ifdef CONFIG_IEEE80211R
168 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
169 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 pos += RSN_SELECTOR_LEN;
173 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
174 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
175 pos += RSN_SELECTOR_LEN;
178 #endif /* CONFIG_IEEE80211R */
179 #ifdef CONFIG_IEEE80211W
180 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
181 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
182 pos += RSN_SELECTOR_LEN;
185 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
186 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
187 pos += RSN_SELECTOR_LEN;
190 #endif /* CONFIG_IEEE80211W */
192 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
193 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
194 pos += RSN_SELECTOR_LEN;
197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
199 pos += RSN_SELECTOR_LEN;
202 #endif /* CONFIG_SAE */
203 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
204 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
205 pos += RSN_SELECTOR_LEN;
208 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
209 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
210 pos += RSN_SELECTOR_LEN;
214 #ifdef CONFIG_RSN_TESTING
216 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
217 pos += RSN_SELECTOR_LEN;
220 #endif /* CONFIG_RSN_TESTING */
222 if (num_suites == 0) {
223 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
227 WPA_PUT_LE16(count, num_suites);
229 /* RSN Capabilities */
231 if (conf->rsn_preauth)
232 capab |= WPA_CAPABILITY_PREAUTH;
234 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
235 if (conf->wmm_enabled) {
236 /* 4 PTKSA replay counters when using WMM */
237 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
239 #ifdef CONFIG_IEEE80211W
240 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
241 capab |= WPA_CAPABILITY_MFPC;
242 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
243 capab |= WPA_CAPABILITY_MFPR;
245 #endif /* CONFIG_IEEE80211W */
246 #ifdef CONFIG_RSN_TESTING
248 capab |= BIT(8) | BIT(14) | BIT(15);
249 #endif /* CONFIG_RSN_TESTING */
250 WPA_PUT_LE16(pos, capab);
254 if (pos + 2 + PMKID_LEN > buf + len)
257 WPA_PUT_LE16(pos, 1);
259 os_memcpy(pos, pmkid, PMKID_LEN);
263 #ifdef CONFIG_IEEE80211W
264 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
265 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
266 if (pos + 2 + 4 > buf + len)
270 WPA_PUT_LE16(pos, 0);
274 /* Management Group Cipher Suite */
275 switch (conf->group_mgmt_cipher) {
276 case WPA_CIPHER_AES_128_CMAC:
277 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
279 case WPA_CIPHER_BIP_GMAC_128:
280 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
282 case WPA_CIPHER_BIP_GMAC_256:
283 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
285 case WPA_CIPHER_BIP_CMAC_256:
286 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
289 wpa_printf(MSG_DEBUG,
290 "Invalid group management cipher (0x%x)",
291 conf->group_mgmt_cipher);
294 pos += RSN_SELECTOR_LEN;
296 #endif /* CONFIG_IEEE80211W */
298 #ifdef CONFIG_RSN_TESTING
301 * Fill in any defined fields and add extra data to the end of
304 int pmkid_count_set = pmkid != NULL;
305 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
308 WPA_PUT_LE16(pos, 0);
310 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
311 /* Management Group Cipher Suite */
312 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
313 pos += RSN_SELECTOR_LEN;
316 os_memset(pos, 0x12, 17);
319 #endif /* CONFIG_RSN_TESTING */
321 hdr->len = (pos - buf) - 2;
327 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
332 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
333 len = eid++; /* to be filled */
334 WPA_PUT_BE24(eid, OUI_WFA);
336 *eid++ = HS20_OSEN_OUI_TYPE;
338 /* Group Data Cipher Suite */
339 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
340 eid += RSN_SELECTOR_LEN;
342 /* Pairwise Cipher Suite Count and List */
343 WPA_PUT_LE16(eid, 1);
345 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
346 eid += RSN_SELECTOR_LEN;
348 /* AKM Suite Count and List */
349 WPA_PUT_LE16(eid, 1);
351 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
352 eid += RSN_SELECTOR_LEN;
354 /* RSN Capabilities */
356 if (conf->wmm_enabled) {
357 /* 4 PTKSA replay counters when using WMM */
358 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
360 #ifdef CONFIG_IEEE80211W
361 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
362 capab |= WPA_CAPABILITY_MFPC;
363 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
364 capab |= WPA_CAPABILITY_MFPR;
366 #endif /* CONFIG_IEEE80211W */
367 WPA_PUT_LE16(eid, capab);
370 *len = eid - len - 1;
376 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
383 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
384 pos = wpa_write_osen(&wpa_auth->conf, pos);
386 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
387 res = wpa_write_rsn_ie(&wpa_auth->conf,
388 pos, buf + sizeof(buf) - pos, NULL);
393 #ifdef CONFIG_IEEE80211R
394 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
395 res = wpa_write_mdie(&wpa_auth->conf, pos,
396 buf + sizeof(buf) - pos);
401 #endif /* CONFIG_IEEE80211R */
402 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
403 res = wpa_write_wpa_ie(&wpa_auth->conf,
404 pos, buf + sizeof(buf) - pos);
410 os_free(wpa_auth->wpa_ie);
411 wpa_auth->wpa_ie = os_malloc(pos - buf);
412 if (wpa_auth->wpa_ie == NULL)
414 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
415 wpa_auth->wpa_ie_len = pos - buf;
421 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
422 const u8 *data2, size_t data2_len)
424 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
425 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
426 RSN_SELECTOR_PUT(pos, kde);
427 pos += RSN_SELECTOR_LEN;
428 os_memcpy(pos, data, data_len);
431 os_memcpy(pos, data2, data2_len);
438 struct wpa_auth_okc_iter_data {
439 struct rsn_pmksa_cache_entry *pmksa;
446 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
448 struct wpa_auth_okc_iter_data *data = ctx;
449 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
457 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
458 struct wpa_state_machine *sm,
459 const u8 *wpa_ie, size_t wpa_ie_len,
460 const u8 *mdie, size_t mdie_len)
462 struct wpa_ie_data data;
463 int ciphers, key_mgmt, res, version;
466 const u8 *pmkid = NULL;
468 if (wpa_auth == NULL || sm == NULL)
469 return WPA_NOT_ENABLED;
471 if (wpa_ie == NULL || wpa_ie_len < 1)
472 return WPA_INVALID_IE;
474 if (wpa_ie[0] == WLAN_EID_RSN)
475 version = WPA_PROTO_RSN;
477 version = WPA_PROTO_WPA;
479 if (!(wpa_auth->conf.wpa & version)) {
480 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
481 version, MAC2STR(sm->addr));
482 return WPA_INVALID_PROTO;
485 if (version == WPA_PROTO_RSN) {
486 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
488 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
491 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
492 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
493 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
494 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
495 #ifdef CONFIG_IEEE80211R
496 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
497 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
498 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
499 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
500 #endif /* CONFIG_IEEE80211R */
501 #ifdef CONFIG_IEEE80211W
502 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
503 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
504 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
505 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
506 #endif /* CONFIG_IEEE80211W */
508 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
509 selector = RSN_AUTH_KEY_MGMT_SAE;
510 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
511 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
512 #endif /* CONFIG_SAE */
513 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
514 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
515 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
516 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
517 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
519 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
520 data.pairwise_cipher);
522 selector = RSN_CIPHER_SUITE_CCMP;
523 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
525 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
528 selector = RSN_CIPHER_SUITE_CCMP;
529 wpa_auth->dot11RSNAGroupCipherSelected = selector;
531 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
533 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
534 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
535 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
536 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
537 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
538 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
540 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
541 data.pairwise_cipher);
543 selector = RSN_CIPHER_SUITE_TKIP;
544 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
546 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
549 selector = WPA_CIPHER_SUITE_TKIP;
550 wpa_auth->dot11RSNAGroupCipherSelected = selector;
553 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
554 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
555 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
556 return WPA_INVALID_IE;
559 if (data.group_cipher != wpa_auth->conf.wpa_group) {
560 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
561 MACSTR, data.group_cipher, MAC2STR(sm->addr));
562 return WPA_INVALID_GROUP;
565 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
567 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
568 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
569 return WPA_INVALID_AKMP;
573 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
574 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
575 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
576 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
577 #ifdef CONFIG_IEEE80211R
578 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
579 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
580 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
581 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
582 #endif /* CONFIG_IEEE80211R */
583 #ifdef CONFIG_IEEE80211W
584 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
585 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
586 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
587 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
588 #endif /* CONFIG_IEEE80211W */
590 else if (key_mgmt & WPA_KEY_MGMT_SAE)
591 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
592 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
593 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
594 #endif /* CONFIG_SAE */
595 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
596 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
598 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
600 if (version == WPA_PROTO_RSN)
601 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
603 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
605 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
607 version == WPA_PROTO_RSN ? "RSN" : "WPA",
608 data.pairwise_cipher, MAC2STR(sm->addr));
609 return WPA_INVALID_PAIRWISE;
612 #ifdef CONFIG_IEEE80211W
613 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
614 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
615 wpa_printf(MSG_DEBUG, "Management frame protection "
616 "required, but client did not enable it");
617 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
620 if (ciphers & WPA_CIPHER_TKIP) {
621 wpa_printf(MSG_DEBUG, "Management frame protection "
623 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
626 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
628 wpa_printf(MSG_DEBUG, "Unsupported management group "
629 "cipher %d", data.mgmt_group_cipher);
630 return WPA_INVALID_MGMT_GROUP_CIPHER;
634 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
635 !(data.capabilities & WPA_CAPABILITY_MFPC))
636 sm->mgmt_frame_prot = 0;
638 sm->mgmt_frame_prot = 1;
639 #endif /* CONFIG_IEEE80211W */
641 #ifdef CONFIG_IEEE80211R
642 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
643 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
644 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
645 "MDIE not included");
646 return WPA_INVALID_MDIE;
648 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
649 MOBILITY_DOMAIN_ID_LEN) != 0) {
650 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
651 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
652 return WPA_INVALID_MDIE;
655 #endif /* CONFIG_IEEE80211R */
657 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
658 if (sm->pairwise < 0)
659 return WPA_INVALID_PAIRWISE;
661 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
662 if (wpa_ie[0] == WLAN_EID_RSN)
663 sm->wpa = WPA_VERSION_WPA2;
665 sm->wpa = WPA_VERSION_WPA;
668 for (i = 0; i < data.num_pmkid; i++) {
669 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
670 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
671 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
672 &data.pmkid[i * PMKID_LEN]);
674 pmkid = sm->pmksa->pmkid;
678 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
679 i < data.num_pmkid; i++) {
680 struct wpa_auth_okc_iter_data idata;
682 idata.aa = wpa_auth->addr;
683 idata.spa = sm->addr;
684 idata.pmkid = &data.pmkid[i * PMKID_LEN];
685 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
687 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
688 "OKC match for PMKID");
689 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
697 if (sm->pmksa && pmkid) {
698 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
699 "PMKID found from PMKSA cache "
700 "eap_type=%d vlan_id=%d",
701 sm->pmksa->eap_type_authsrv,
703 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
706 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
708 sm->wpa_ie = os_malloc(wpa_ie_len);
709 if (sm->wpa_ie == NULL)
710 return WPA_ALLOC_FAIL;
712 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
713 sm->wpa_ie_len = wpa_ie_len;
720 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
721 struct wpa_state_machine *sm,
722 const u8 *osen_ie, size_t osen_ie_len)
724 if (wpa_auth == NULL || sm == NULL)
727 /* TODO: parse OSEN element */
728 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
729 sm->mgmt_frame_prot = 1;
730 sm->pairwise = WPA_CIPHER_CCMP;
731 sm->wpa = WPA_VERSION_WPA2;
733 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
735 sm->wpa_ie = os_malloc(osen_ie_len);
736 if (sm->wpa_ie == NULL)
740 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
741 sm->wpa_ie_len = osen_ie_len;
746 #endif /* CONFIG_HS20 */
750 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
751 * @pos: Pointer to the IE header
752 * @end: Pointer to the end of the Key Data buffer
753 * @ie: Pointer to parsed IE data
754 * Returns: 0 on success, 1 if end mark is found, -1 on failure
756 static int wpa_parse_generic(const u8 *pos, const u8 *end,
757 struct wpa_eapol_ie_parse *ie)
763 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
764 pos[2 + WPA_SELECTOR_LEN] == 1 &&
765 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
767 ie->wpa_ie_len = pos[1] + 2;
771 if (pos[1] >= 4 && WPA_GET_BE32(pos + 2) == OSEN_IE_VENDOR_TYPE) {
773 ie->osen_len = pos[1] + 2;
777 if (pos + 1 + RSN_SELECTOR_LEN < end &&
778 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
779 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
780 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
784 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
785 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
786 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
787 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
791 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
792 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
793 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
794 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
798 #ifdef CONFIG_PEERKEY
799 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
800 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
801 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
802 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
806 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
807 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
808 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
809 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
813 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
814 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
815 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
816 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
820 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
821 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
822 ie->error = pos + 2 + RSN_SELECTOR_LEN;
823 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
826 #endif /* CONFIG_PEERKEY */
828 #ifdef CONFIG_IEEE80211W
829 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
830 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
831 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
832 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
835 #endif /* CONFIG_IEEE80211W */
838 if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
839 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
840 ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
841 wpa_hexdump(MSG_DEBUG, "WPA: IP Address Request in EAPOL-Key",
842 ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
846 if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
847 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
848 ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
849 wpa_hexdump(MSG_DEBUG,
850 "WPA: IP Address Allocation in EAPOL-Key",
851 ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
854 #endif /* CONFIG_P2P */
861 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
862 * @buf: Pointer to the Key Data buffer
863 * @len: Key Data Length
864 * @ie: Pointer to parsed IE data
865 * Returns: 0 on success, -1 on failure
867 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
872 os_memset(ie, 0, sizeof(*ie));
873 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
874 if (pos[0] == 0xdd &&
875 ((pos == buf + len - 1) || pos[1] == 0)) {
879 if (pos + 2 + pos[1] > end) {
880 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
881 "underflow (ie=%d len=%d pos=%d)",
882 pos[0], pos[1], (int) (pos - buf));
883 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
888 if (*pos == WLAN_EID_RSN) {
890 ie->rsn_ie_len = pos[1] + 2;
891 #ifdef CONFIG_IEEE80211R
892 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
894 ie->mdie_len = pos[1] + 2;
895 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
897 ie->ftie_len = pos[1] + 2;
898 #endif /* CONFIG_IEEE80211R */
899 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
900 ret = wpa_parse_generic(pos, end, ie);
908 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
909 "Key Data IE", pos, 2 + pos[1]);
917 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
919 return sm ? sm->mgmt_frame_prot : 0;