1*4126Szf162725 /* 2*4126Szf162725 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3*4126Szf162725 * Use is subject to license terms. 4*4126Szf162725 */ 5*4126Szf162725 6*4126Szf162725 /* 7*4126Szf162725 * Copyright (c) 2003-2004, Jouni Malinen <jkmaline@cc.hut.fi> 8*4126Szf162725 * Sun elects to license this software under the BSD license. 9*4126Szf162725 * See README for more details. 10*4126Szf162725 */ 11*4126Szf162725 12*4126Szf162725 #pragma ident "%Z%%M% %I% %E% SMI" 13*4126Szf162725 14*4126Szf162725 #include <stdio.h> 15*4126Szf162725 #include <stdlib.h> 16*4126Szf162725 #include <string.h> 17*4126Szf162725 #include <time.h> 18*4126Szf162725 #include <netinet/in.h> 19*4126Szf162725 #include <sys/ethernet.h> 20*4126Szf162725 #include <fcntl.h> 21*4126Szf162725 #include <unistd.h> 22*4126Szf162725 23*4126Szf162725 #include "wpa_impl.h" 24*4126Szf162725 #include "wpa_enc.h" 25*4126Szf162725 #include "driver.h" 26*4126Szf162725 #include "eloop.h" 27*4126Szf162725 #include "l2_packet.h" 28*4126Szf162725 29*4126Szf162725 static void pmksa_cache_set_expiration(struct wpa_supplicant *); 30*4126Szf162725 31*4126Szf162725 /* 32*4126Szf162725 * IEEE 802.11i/D3.0 33*4126Szf162725 */ 34*4126Szf162725 static const int WPA_SELECTOR_LEN = 4; 35*4126Szf162725 static const uint8_t WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 }; 36*4126Szf162725 static const uint16_t WPA_VERSION = 1; 37*4126Szf162725 static const uint8_t 38*4126Szf162725 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 }; 39*4126Szf162725 static const uint8_t 40*4126Szf162725 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 }; 41*4126Szf162725 static const uint8_t WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 }; 42*4126Szf162725 static const uint8_t WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 }; 43*4126Szf162725 static const uint8_t WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 }; 44*4126Szf162725 static const uint8_t WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 }; 45*4126Szf162725 static const uint8_t WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 }; 46*4126Szf162725 47*4126Szf162725 /* 48*4126Szf162725 * WPA IE version 1 49*4126Szf162725 * 00-50-f2:1 (OUI:OUI type) 50*4126Szf162725 * 0x01 0x00 (version; little endian) 51*4126Szf162725 * (all following fields are optional:) 52*4126Szf162725 * Group Suite Selector (4 octets) (default: TKIP) 53*4126Szf162725 * Pairwise Suite Count (2 octets, little endian) (default: 1) 54*4126Szf162725 * Pairwise Suite List (4 * n octets) (default: TKIP) 55*4126Szf162725 * Authenticated Key Management Suite Count (2 octets, little endian) 56*4126Szf162725 * (default: 1) 57*4126Szf162725 * Authenticated Key Management Suite List (4 * n octets) 58*4126Szf162725 * (default: unspec 802.1x) 59*4126Szf162725 * WPA Capabilities (2 octets, little endian) (default: 0) 60*4126Szf162725 */ 61*4126Szf162725 #pragma pack(1) 62*4126Szf162725 struct wpa_ie_hdr { 63*4126Szf162725 uint8_t elem_id; 64*4126Szf162725 uint8_t len; 65*4126Szf162725 uint8_t oui[3]; 66*4126Szf162725 uint8_t oui_type; 67*4126Szf162725 uint16_t version; 68*4126Szf162725 }; 69*4126Szf162725 #pragma pack() 70*4126Szf162725 71*4126Szf162725 /* 72*4126Szf162725 * IEEE 802.11i/D9.0 73*4126Szf162725 */ 74*4126Szf162725 static const int RSN_SELECTOR_LEN = 4; 75*4126Szf162725 static const uint16_t RSN_VERSION = 1; 76*4126Szf162725 static const uint8_t 77*4126Szf162725 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 }; 78*4126Szf162725 static const uint8_t 79*4126Szf162725 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 }; 80*4126Szf162725 static const uint8_t RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 }; 81*4126Szf162725 static const uint8_t RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 }; 82*4126Szf162725 static const uint8_t RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 }; 83*4126Szf162725 static const uint8_t RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 }; 84*4126Szf162725 static const uint8_t RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 }; 85*4126Szf162725 86*4126Szf162725 /* 87*4126Szf162725 * EAPOL-Key Key Data Encapsulation 88*4126Szf162725 * GroupKey and STAKey require encryption, otherwise, encryption is optional. 89*4126Szf162725 */ 90*4126Szf162725 static const uint8_t RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 }; 91*4126Szf162725 static const uint8_t RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 }; 92*4126Szf162725 93*4126Szf162725 /* 94*4126Szf162725 * 1/4: PMKID 95*4126Szf162725 * 2/4: RSN IE 96*4126Szf162725 * 3/4: one or two RSN IEs + GTK IE (encrypted) 97*4126Szf162725 * 4/4: empty 98*4126Szf162725 * 1/2: GTK IE (encrypted) 99*4126Szf162725 * 2/2: empty 100*4126Szf162725 */ 101*4126Szf162725 102*4126Szf162725 /* 103*4126Szf162725 * RSN IE version 1 104*4126Szf162725 * 0x01 0x00 (version; little endian) 105*4126Szf162725 * (all following fields are optional:) 106*4126Szf162725 * Group Suite Selector (4 octets) (default: CCMP) 107*4126Szf162725 * Pairwise Suite Count (2 octets, little endian) (default: 1) 108*4126Szf162725 * Pairwise Suite List (4 * n octets) (default: CCMP) 109*4126Szf162725 * Authenticated Key Management Suite Count (2 octets, little endian) 110*4126Szf162725 * (default: 1) 111*4126Szf162725 * Authenticated Key Management Suite List (4 * n octets) 112*4126Szf162725 * (default: unspec 802.1x) 113*4126Szf162725 * RSN Capabilities (2 octets, little endian) (default: 0) 114*4126Szf162725 * PMKID Count (2 octets) (default: 0) 115*4126Szf162725 * PMKID List (16 * n octets) 116*4126Szf162725 */ 117*4126Szf162725 #pragma pack(1) 118*4126Szf162725 struct rsn_ie_hdr { 119*4126Szf162725 uint8_t elem_id; /* WLAN_EID_RSN */ 120*4126Szf162725 uint8_t len; 121*4126Szf162725 uint16_t version; 122*4126Szf162725 }; 123*4126Szf162725 #pragma pack() 124*4126Szf162725 125*4126Szf162725 static int 126*4126Szf162725 random_get_pseudo_bytes(uint8_t *ptr, size_t len) 127*4126Szf162725 { 128*4126Szf162725 int fd; 129*4126Szf162725 size_t resid = len; 130*4126Szf162725 size_t bytes; 131*4126Szf162725 132*4126Szf162725 fd = open("/dev/urandom", O_RDONLY); 133*4126Szf162725 if (fd == -1) { 134*4126Szf162725 wpa_printf(MSG_ERROR, "Could not open /dev/urandom.\n"); 135*4126Szf162725 return (-1); 136*4126Szf162725 } 137*4126Szf162725 138*4126Szf162725 while (resid != 0) { 139*4126Szf162725 bytes = read(fd, ptr, resid); 140*4126Szf162725 ptr += bytes; 141*4126Szf162725 resid -= bytes; 142*4126Szf162725 } 143*4126Szf162725 144*4126Szf162725 (void) close(fd); 145*4126Szf162725 146*4126Szf162725 return (0); 147*4126Szf162725 } 148*4126Szf162725 149*4126Szf162725 static void 150*4126Szf162725 inc_byte_array(uint8_t *counter, size_t len) 151*4126Szf162725 { 152*4126Szf162725 int pos = len - 1; 153*4126Szf162725 while (pos >= 0) { 154*4126Szf162725 counter[pos]++; 155*4126Szf162725 if (counter[pos] != 0) 156*4126Szf162725 break; 157*4126Szf162725 pos--; 158*4126Szf162725 } 159*4126Szf162725 } 160*4126Szf162725 161*4126Szf162725 static int 162*4126Szf162725 wpa_selector_to_bitfield(uint8_t *s) 163*4126Szf162725 { 164*4126Szf162725 if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0) 165*4126Szf162725 return (WPA_CIPHER_NONE); 166*4126Szf162725 if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0) 167*4126Szf162725 return (WPA_CIPHER_WEP40); 168*4126Szf162725 if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0) 169*4126Szf162725 return (WPA_CIPHER_TKIP); 170*4126Szf162725 if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0) 171*4126Szf162725 return (WPA_CIPHER_CCMP); 172*4126Szf162725 if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0) 173*4126Szf162725 return (WPA_CIPHER_WEP104); 174*4126Szf162725 return (0); 175*4126Szf162725 } 176*4126Szf162725 177*4126Szf162725 static int 178*4126Szf162725 wpa_key_mgmt_to_bitfield(uint8_t *s) 179*4126Szf162725 { 180*4126Szf162725 if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0) 181*4126Szf162725 return (WPA_KEY_MGMT_IEEE8021X); 182*4126Szf162725 if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) == 183*4126Szf162725 0) 184*4126Szf162725 return (WPA_KEY_MGMT_PSK); 185*4126Szf162725 return (0); 186*4126Szf162725 } 187*4126Szf162725 188*4126Szf162725 static int 189*4126Szf162725 rsn_selector_to_bitfield(uint8_t *s) 190*4126Szf162725 { 191*4126Szf162725 if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0) 192*4126Szf162725 return (WPA_CIPHER_NONE); 193*4126Szf162725 if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0) 194*4126Szf162725 return (WPA_CIPHER_WEP40); 195*4126Szf162725 if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0) 196*4126Szf162725 return (WPA_CIPHER_TKIP); 197*4126Szf162725 if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0) 198*4126Szf162725 return (WPA_CIPHER_CCMP); 199*4126Szf162725 if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0) 200*4126Szf162725 return (WPA_CIPHER_WEP104); 201*4126Szf162725 return (0); 202*4126Szf162725 } 203*4126Szf162725 204*4126Szf162725 static int 205*4126Szf162725 rsn_key_mgmt_to_bitfield(uint8_t *s) 206*4126Szf162725 { 207*4126Szf162725 if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0) 208*4126Szf162725 return (WPA_KEY_MGMT_IEEE8021X); 209*4126Szf162725 if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) == 210*4126Szf162725 0) 211*4126Szf162725 return (WPA_KEY_MGMT_PSK); 212*4126Szf162725 return (0); 213*4126Szf162725 } 214*4126Szf162725 215*4126Szf162725 static void 216*4126Szf162725 pmksa_cache_free_entry(struct wpa_supplicant *wpa_s, 217*4126Szf162725 struct rsn_pmksa_cache *entry) 218*4126Szf162725 { 219*4126Szf162725 wpa_s->pmksa_count--; 220*4126Szf162725 if (wpa_s->cur_pmksa == entry) { 221*4126Szf162725 wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry"); 222*4126Szf162725 wpa_s->cur_pmksa = NULL; 223*4126Szf162725 } 224*4126Szf162725 free(entry); 225*4126Szf162725 } 226*4126Szf162725 227*4126Szf162725 /* ARGSUSED */ 228*4126Szf162725 static void 229*4126Szf162725 pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx) 230*4126Szf162725 { 231*4126Szf162725 struct wpa_supplicant *wpa_s = eloop_ctx; 232*4126Szf162725 time_t now; 233*4126Szf162725 234*4126Szf162725 (void) time(&now); 235*4126Szf162725 while (wpa_s->pmksa && wpa_s->pmksa->expiration <= now) { 236*4126Szf162725 struct rsn_pmksa_cache *entry = wpa_s->pmksa; 237*4126Szf162725 wpa_s->pmksa = entry->next; 238*4126Szf162725 wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for " 239*4126Szf162725 MACSTR, MAC2STR(entry->aa)); 240*4126Szf162725 pmksa_cache_free_entry(wpa_s, entry); 241*4126Szf162725 } 242*4126Szf162725 243*4126Szf162725 pmksa_cache_set_expiration(wpa_s); 244*4126Szf162725 } 245*4126Szf162725 246*4126Szf162725 static void 247*4126Szf162725 pmksa_cache_set_expiration(struct wpa_supplicant *wpa_s) 248*4126Szf162725 { 249*4126Szf162725 int sec; 250*4126Szf162725 eloop_cancel_timeout(pmksa_cache_expire, wpa_s, NULL); 251*4126Szf162725 if (wpa_s->pmksa == NULL) 252*4126Szf162725 return; 253*4126Szf162725 sec = wpa_s->pmksa->expiration - time(NULL); 254*4126Szf162725 if (sec < 0) 255*4126Szf162725 sec = 0; 256*4126Szf162725 (void) eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, 257*4126Szf162725 wpa_s, NULL); 258*4126Szf162725 } 259*4126Szf162725 260*4126Szf162725 void 261*4126Szf162725 pmksa_cache_free(struct wpa_supplicant *wpa_s) 262*4126Szf162725 { 263*4126Szf162725 struct rsn_pmksa_cache *entry, *prev; 264*4126Szf162725 265*4126Szf162725 entry = wpa_s->pmksa; 266*4126Szf162725 wpa_s->pmksa = NULL; 267*4126Szf162725 while (entry) { 268*4126Szf162725 prev = entry; 269*4126Szf162725 entry = entry->next; 270*4126Szf162725 free(prev); 271*4126Szf162725 } 272*4126Szf162725 pmksa_cache_set_expiration(wpa_s); 273*4126Szf162725 wpa_s->cur_pmksa = NULL; 274*4126Szf162725 } 275*4126Szf162725 276*4126Szf162725 struct rsn_pmksa_cache * 277*4126Szf162725 pmksa_cache_get(struct wpa_supplicant *wpa_s, 278*4126Szf162725 uint8_t *aa, uint8_t *pmkid) 279*4126Szf162725 { 280*4126Szf162725 struct rsn_pmksa_cache *entry = wpa_s->pmksa; 281*4126Szf162725 while (entry) { 282*4126Szf162725 if ((aa == NULL || 283*4126Szf162725 memcmp(entry->aa, aa, IEEE80211_ADDR_LEN) == 0) && 284*4126Szf162725 (pmkid == NULL || 285*4126Szf162725 memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)) 286*4126Szf162725 return (entry); 287*4126Szf162725 entry = entry->next; 288*4126Szf162725 } 289*4126Szf162725 return (NULL); 290*4126Szf162725 } 291*4126Szf162725 292*4126Szf162725 int 293*4126Szf162725 pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf, size_t len) 294*4126Szf162725 { 295*4126Szf162725 int i, j; 296*4126Szf162725 char *pos = buf; 297*4126Szf162725 struct rsn_pmksa_cache *entry; 298*4126Szf162725 time_t now; 299*4126Szf162725 300*4126Szf162725 (void) time(&now); 301*4126Szf162725 pos += snprintf(pos, buf + len - pos, 302*4126Szf162725 "Index / AA / PMKID / expiration (in seconds)\n"); 303*4126Szf162725 i = 0; 304*4126Szf162725 entry = wpa_s->pmksa; 305*4126Szf162725 while (entry) { 306*4126Szf162725 i++; 307*4126Szf162725 pos += snprintf(pos, buf + len - pos, "%d " MACSTR " ", 308*4126Szf162725 i, MAC2STR(entry->aa)); 309*4126Szf162725 for (j = 0; j < PMKID_LEN; j++) 310*4126Szf162725 pos += snprintf(pos, buf + len - pos, "%02x", 311*4126Szf162725 entry->pmkid[j]); 312*4126Szf162725 pos += snprintf(pos, buf + len - pos, " %d\n", 313*4126Szf162725 (int)(entry->expiration - now)); 314*4126Szf162725 entry = entry->next; 315*4126Szf162725 } 316*4126Szf162725 return (pos - buf); 317*4126Szf162725 } 318*4126Szf162725 319*4126Szf162725 void 320*4126Szf162725 pmksa_candidate_free(struct wpa_supplicant *wpa_s) 321*4126Szf162725 { 322*4126Szf162725 struct rsn_pmksa_candidate *entry, *prev; 323*4126Szf162725 324*4126Szf162725 entry = wpa_s->pmksa_candidates; 325*4126Szf162725 wpa_s->pmksa_candidates = NULL; 326*4126Szf162725 while (entry) { 327*4126Szf162725 prev = entry; 328*4126Szf162725 entry = entry->next; 329*4126Szf162725 free(prev); 330*4126Szf162725 } 331*4126Szf162725 } 332*4126Szf162725 333*4126Szf162725 /* ARGSUSED */ 334*4126Szf162725 static int 335*4126Szf162725 wpa_parse_wpa_ie_wpa(struct wpa_supplicant *wpa_s, uint8_t *wpa_ie, 336*4126Szf162725 size_t wpa_ie_len, struct wpa_ie_data *data) 337*4126Szf162725 { 338*4126Szf162725 struct wpa_ie_hdr *hdr; 339*4126Szf162725 uint8_t *pos; 340*4126Szf162725 int left; 341*4126Szf162725 int i, count; 342*4126Szf162725 343*4126Szf162725 data->proto = WPA_PROTO_WPA; 344*4126Szf162725 data->pairwise_cipher = WPA_CIPHER_TKIP; 345*4126Szf162725 data->group_cipher = WPA_CIPHER_TKIP; 346*4126Szf162725 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 347*4126Szf162725 data->capabilities = 0; 348*4126Szf162725 349*4126Szf162725 if (wpa_ie_len == 0) { 350*4126Szf162725 /* No WPA IE - fail silently */ 351*4126Szf162725 return (-1); 352*4126Szf162725 } 353*4126Szf162725 354*4126Szf162725 if (wpa_ie_len < sizeof (struct wpa_ie_hdr)) { 355*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie len too short %u", 356*4126Szf162725 "wpa_parse_wpa_ie_wpa", wpa_ie_len); 357*4126Szf162725 return (-1); 358*4126Szf162725 } 359*4126Szf162725 360*4126Szf162725 hdr = (struct wpa_ie_hdr *)wpa_ie; 361*4126Szf162725 362*4126Szf162725 if (hdr->elem_id != GENERIC_INFO_ELEM || 363*4126Szf162725 hdr->len != wpa_ie_len - 2 || 364*4126Szf162725 memcmp(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 || 365*4126Szf162725 LE_16(hdr->version) != WPA_VERSION) { 366*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", 367*4126Szf162725 "wpa_parse_wpa_ie_wpa"); 368*4126Szf162725 return (-1); 369*4126Szf162725 } 370*4126Szf162725 371*4126Szf162725 pos = (uint8_t *)(hdr + 1); 372*4126Szf162725 left = wpa_ie_len - sizeof (*hdr); 373*4126Szf162725 374*4126Szf162725 if (left >= WPA_SELECTOR_LEN) { 375*4126Szf162725 data->group_cipher = wpa_selector_to_bitfield(pos); 376*4126Szf162725 pos += WPA_SELECTOR_LEN; 377*4126Szf162725 left -= WPA_SELECTOR_LEN; 378*4126Szf162725 } else if (left > 0) { 379*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", 380*4126Szf162725 "wpa_parse_wpa_ie_wpa", left); 381*4126Szf162725 return (-1); 382*4126Szf162725 } 383*4126Szf162725 384*4126Szf162725 if (left >= 2) { 385*4126Szf162725 data->pairwise_cipher = 0; 386*4126Szf162725 count = pos[0] | (pos[1] << 8); 387*4126Szf162725 pos += 2; 388*4126Szf162725 left -= 2; 389*4126Szf162725 if (count == 0 || left < count * WPA_SELECTOR_LEN) { 390*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " 391*4126Szf162725 "count %u left %u", 392*4126Szf162725 "wpa_parse_wpa_ie_wpa", count, left); 393*4126Szf162725 return (-1); 394*4126Szf162725 } 395*4126Szf162725 for (i = 0; i < count; i++) { 396*4126Szf162725 data->pairwise_cipher |= wpa_selector_to_bitfield(pos); 397*4126Szf162725 pos += WPA_SELECTOR_LEN; 398*4126Szf162725 left -= WPA_SELECTOR_LEN; 399*4126Szf162725 } 400*4126Szf162725 } else if (left == 1) { 401*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", 402*4126Szf162725 "wpa_parse_wpa_ie_wpa"); 403*4126Szf162725 return (-1); 404*4126Szf162725 } 405*4126Szf162725 406*4126Szf162725 if (left >= 2) { 407*4126Szf162725 data->key_mgmt = 0; 408*4126Szf162725 count = pos[0] | (pos[1] << 8); 409*4126Szf162725 pos += 2; 410*4126Szf162725 left -= 2; 411*4126Szf162725 if (count == 0 || left < count * WPA_SELECTOR_LEN) { 412*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " 413*4126Szf162725 "count %u left %u", 414*4126Szf162725 "wpa_parse_wpa_ie_wpa", count, left); 415*4126Szf162725 return (-1); 416*4126Szf162725 } 417*4126Szf162725 for (i = 0; i < count; i++) { 418*4126Szf162725 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos); 419*4126Szf162725 pos += WPA_SELECTOR_LEN; 420*4126Szf162725 left -= WPA_SELECTOR_LEN; 421*4126Szf162725 } 422*4126Szf162725 } else if (left == 1) { 423*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", 424*4126Szf162725 "wpa_parse_wpa_ie_wpa"); 425*4126Szf162725 return (-1); 426*4126Szf162725 } 427*4126Szf162725 428*4126Szf162725 if (left >= 2) { 429*4126Szf162725 data->capabilities = pos[0] | (pos[1] << 8); 430*4126Szf162725 pos += 2; 431*4126Szf162725 left -= 2; 432*4126Szf162725 } 433*4126Szf162725 434*4126Szf162725 if (left > 0) { 435*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes", 436*4126Szf162725 "wpa_parse_wpa_ie_wpa", left); 437*4126Szf162725 return (-1); 438*4126Szf162725 } 439*4126Szf162725 440*4126Szf162725 return (0); 441*4126Szf162725 } 442*4126Szf162725 443*4126Szf162725 /* ARGSUSED */ 444*4126Szf162725 static int 445*4126Szf162725 wpa_parse_wpa_ie_rsn(struct wpa_supplicant *wpa_s, uint8_t *rsn_ie, 446*4126Szf162725 size_t rsn_ie_len, struct wpa_ie_data *data) 447*4126Szf162725 { 448*4126Szf162725 struct rsn_ie_hdr *hdr; 449*4126Szf162725 uint8_t *pos; 450*4126Szf162725 int left; 451*4126Szf162725 int i, count; 452*4126Szf162725 453*4126Szf162725 data->proto = WPA_PROTO_RSN; 454*4126Szf162725 data->pairwise_cipher = WPA_CIPHER_CCMP; 455*4126Szf162725 data->group_cipher = WPA_CIPHER_CCMP; 456*4126Szf162725 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 457*4126Szf162725 data->capabilities = 0; 458*4126Szf162725 459*4126Szf162725 if (rsn_ie_len == 0) { 460*4126Szf162725 /* No RSN IE - fail silently */ 461*4126Szf162725 return (-1); 462*4126Szf162725 } 463*4126Szf162725 464*4126Szf162725 if (rsn_ie_len < sizeof (struct rsn_ie_hdr)) { 465*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie len too short %u", 466*4126Szf162725 "wpa_parse_wpa_ie_rsn", rsn_ie_len); 467*4126Szf162725 return (-1); 468*4126Szf162725 } 469*4126Szf162725 470*4126Szf162725 hdr = (struct rsn_ie_hdr *)rsn_ie; 471*4126Szf162725 472*4126Szf162725 if (hdr->elem_id != RSN_INFO_ELEM || 473*4126Szf162725 hdr->len != rsn_ie_len - 2 || 474*4126Szf162725 LE_16(hdr->version) != RSN_VERSION) { 475*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", 476*4126Szf162725 "wpa_parse_wpa_ie_rsn"); 477*4126Szf162725 return (-1); 478*4126Szf162725 } 479*4126Szf162725 480*4126Szf162725 pos = (uint8_t *)(hdr + 1); 481*4126Szf162725 left = rsn_ie_len - sizeof (*hdr); 482*4126Szf162725 483*4126Szf162725 if (left >= RSN_SELECTOR_LEN) { 484*4126Szf162725 data->group_cipher = rsn_selector_to_bitfield(pos); 485*4126Szf162725 pos += RSN_SELECTOR_LEN; 486*4126Szf162725 left -= RSN_SELECTOR_LEN; 487*4126Szf162725 } else if (left > 0) { 488*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", 489*4126Szf162725 "wpa_parse_wpa_ie_rsn", left); 490*4126Szf162725 return (-1); 491*4126Szf162725 } 492*4126Szf162725 493*4126Szf162725 if (left >= 2) { 494*4126Szf162725 data->pairwise_cipher = 0; 495*4126Szf162725 count = pos[0] | (pos[1] << 8); 496*4126Szf162725 pos += 2; 497*4126Szf162725 left -= 2; 498*4126Szf162725 if (count == 0 || left < count * RSN_SELECTOR_LEN) { 499*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " 500*4126Szf162725 "count %u left %u", 501*4126Szf162725 "wpa_parse_wpa_ie_rsn", count, left); 502*4126Szf162725 return (-1); 503*4126Szf162725 } 504*4126Szf162725 for (i = 0; i < count; i++) { 505*4126Szf162725 data->pairwise_cipher |= rsn_selector_to_bitfield(pos); 506*4126Szf162725 pos += RSN_SELECTOR_LEN; 507*4126Szf162725 left -= RSN_SELECTOR_LEN; 508*4126Szf162725 } 509*4126Szf162725 } else if (left == 1) { 510*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", 511*4126Szf162725 "wpa_parse_wpa_ie_rsn"); 512*4126Szf162725 return (-1); 513*4126Szf162725 } 514*4126Szf162725 515*4126Szf162725 if (left >= 2) { 516*4126Szf162725 data->key_mgmt = 0; 517*4126Szf162725 count = pos[0] | (pos[1] << 8); 518*4126Szf162725 pos += 2; 519*4126Szf162725 left -= 2; 520*4126Szf162725 if (count == 0 || left < count * RSN_SELECTOR_LEN) { 521*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " 522*4126Szf162725 "count %u left %u", 523*4126Szf162725 "wpa_parse_wpa_ie_rsn", count, left); 524*4126Szf162725 return (-1); 525*4126Szf162725 } 526*4126Szf162725 for (i = 0; i < count; i++) { 527*4126Szf162725 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos); 528*4126Szf162725 pos += RSN_SELECTOR_LEN; 529*4126Szf162725 left -= RSN_SELECTOR_LEN; 530*4126Szf162725 } 531*4126Szf162725 } else if (left == 1) { 532*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", 533*4126Szf162725 "wpa_parse_wpa_ie_rsn"); 534*4126Szf162725 return (-1); 535*4126Szf162725 } 536*4126Szf162725 537*4126Szf162725 if (left >= 2) { 538*4126Szf162725 data->capabilities = pos[0] | (pos[1] << 8); 539*4126Szf162725 pos += 2; 540*4126Szf162725 left -= 2; 541*4126Szf162725 } 542*4126Szf162725 543*4126Szf162725 if (left > 0) { 544*4126Szf162725 /* 545*4126Szf162725 * RSN IE could include PMKID data, but Authenticator should 546*4126Szf162725 * never include it, so no need to parse it in the Supplicant. 547*4126Szf162725 */ 548*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored", 549*4126Szf162725 "wpa_parse_wpa_ie_rsn", left); 550*4126Szf162725 } 551*4126Szf162725 552*4126Szf162725 return (0); 553*4126Szf162725 } 554*4126Szf162725 555*4126Szf162725 int 556*4126Szf162725 wpa_parse_wpa_ie(struct wpa_supplicant *wpa_s, uint8_t *wpa_ie, 557*4126Szf162725 size_t wpa_ie_len, struct wpa_ie_data *data) 558*4126Szf162725 { 559*4126Szf162725 if (wpa_ie_len >= 1 && wpa_ie[0] == RSN_INFO_ELEM) 560*4126Szf162725 return (wpa_parse_wpa_ie_rsn(wpa_s, wpa_ie, wpa_ie_len, data)); 561*4126Szf162725 else 562*4126Szf162725 return (wpa_parse_wpa_ie_wpa(wpa_s, wpa_ie, wpa_ie_len, data)); 563*4126Szf162725 } 564*4126Szf162725 565*4126Szf162725 static int 566*4126Szf162725 wpa_gen_wpa_ie_wpa(struct wpa_supplicant *wpa_s, uint8_t *wpa_ie) 567*4126Szf162725 { 568*4126Szf162725 uint8_t *pos; 569*4126Szf162725 struct wpa_ie_hdr *hdr; 570*4126Szf162725 571*4126Szf162725 hdr = (struct wpa_ie_hdr *)wpa_ie; 572*4126Szf162725 hdr->elem_id = GENERIC_INFO_ELEM; 573*4126Szf162725 (void) memcpy(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN); 574*4126Szf162725 hdr->version = LE_16(WPA_VERSION); 575*4126Szf162725 pos = (uint8_t *)(hdr + 1); 576*4126Szf162725 577*4126Szf162725 if (wpa_s->group_cipher == WPA_CIPHER_CCMP) { 578*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN); 579*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_TKIP) { 580*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN); 581*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_WEP104) { 582*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN); 583*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_WEP40) { 584*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN); 585*4126Szf162725 } else { 586*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid group cipher (%d).", 587*4126Szf162725 wpa_s->group_cipher); 588*4126Szf162725 return (-1); 589*4126Szf162725 } 590*4126Szf162725 pos += WPA_SELECTOR_LEN; 591*4126Szf162725 592*4126Szf162725 *pos++ = 1; 593*4126Szf162725 *pos++ = 0; 594*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_CCMP) { 595*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN); 596*4126Szf162725 } else if (wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) { 597*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN); 598*4126Szf162725 } else if (wpa_s->pairwise_cipher == WPA_CIPHER_NONE) { 599*4126Szf162725 (void) memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN); 600*4126Szf162725 } else { 601*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).", 602*4126Szf162725 wpa_s->pairwise_cipher); 603*4126Szf162725 return (-1); 604*4126Szf162725 } 605*4126Szf162725 pos += WPA_SELECTOR_LEN; 606*4126Szf162725 607*4126Szf162725 *pos++ = 1; 608*4126Szf162725 *pos++ = 0; 609*4126Szf162725 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) { 610*4126Szf162725 (void) memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, 611*4126Szf162725 WPA_SELECTOR_LEN); 612*4126Szf162725 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) { 613*4126Szf162725 (void) memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, 614*4126Szf162725 WPA_SELECTOR_LEN); 615*4126Szf162725 } else { 616*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid key management type (%d).", 617*4126Szf162725 wpa_s->key_mgmt); 618*4126Szf162725 return (-1); 619*4126Szf162725 } 620*4126Szf162725 pos += WPA_SELECTOR_LEN; 621*4126Szf162725 622*4126Szf162725 /* 623*4126Szf162725 * WPA Capabilities; use defaults, so no need to include it 624*4126Szf162725 */ 625*4126Szf162725 hdr->len = (pos - wpa_ie) - 2; 626*4126Szf162725 627*4126Szf162725 return (pos - wpa_ie); 628*4126Szf162725 } 629*4126Szf162725 630*4126Szf162725 static int 631*4126Szf162725 wpa_gen_wpa_ie_rsn(struct wpa_supplicant *wpa_s, uint8_t *rsn_ie) 632*4126Szf162725 { 633*4126Szf162725 uint8_t *pos; 634*4126Szf162725 struct rsn_ie_hdr *hdr; 635*4126Szf162725 636*4126Szf162725 hdr = (struct rsn_ie_hdr *)rsn_ie; 637*4126Szf162725 hdr->elem_id = RSN_INFO_ELEM; 638*4126Szf162725 hdr->version = LE_16(RSN_VERSION); 639*4126Szf162725 pos = (uint8_t *)(hdr + 1); 640*4126Szf162725 641*4126Szf162725 if (wpa_s->group_cipher == WPA_CIPHER_CCMP) { 642*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN); 643*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_TKIP) { 644*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN); 645*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_WEP104) { 646*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN); 647*4126Szf162725 } else if (wpa_s->group_cipher == WPA_CIPHER_WEP40) { 648*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN); 649*4126Szf162725 } else { 650*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid group cipher (%d).", 651*4126Szf162725 wpa_s->group_cipher); 652*4126Szf162725 return (-1); 653*4126Szf162725 } 654*4126Szf162725 pos += RSN_SELECTOR_LEN; 655*4126Szf162725 656*4126Szf162725 *pos++ = 1; 657*4126Szf162725 *pos++ = 0; 658*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_CCMP) { 659*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN); 660*4126Szf162725 } else if (wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) { 661*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN); 662*4126Szf162725 } else if (wpa_s->pairwise_cipher == WPA_CIPHER_NONE) { 663*4126Szf162725 (void) memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN); 664*4126Szf162725 } else { 665*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid pairwise cipher (%d).", 666*4126Szf162725 wpa_s->pairwise_cipher); 667*4126Szf162725 return (-1); 668*4126Szf162725 } 669*4126Szf162725 pos += RSN_SELECTOR_LEN; 670*4126Szf162725 671*4126Szf162725 *pos++ = 1; 672*4126Szf162725 *pos++ = 0; 673*4126Szf162725 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) { 674*4126Szf162725 (void) memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, 675*4126Szf162725 RSN_SELECTOR_LEN); 676*4126Szf162725 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) { 677*4126Szf162725 (void) memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, 678*4126Szf162725 RSN_SELECTOR_LEN); 679*4126Szf162725 } else { 680*4126Szf162725 wpa_printf(MSG_WARNING, "Invalid key management type (%d).", 681*4126Szf162725 wpa_s->key_mgmt); 682*4126Szf162725 return (-1); 683*4126Szf162725 } 684*4126Szf162725 pos += RSN_SELECTOR_LEN; 685*4126Szf162725 686*4126Szf162725 /* RSN Capabilities */ 687*4126Szf162725 *pos++ = 0; 688*4126Szf162725 *pos++ = 0; 689*4126Szf162725 690*4126Szf162725 if (wpa_s->cur_pmksa) { 691*4126Szf162725 /* PMKID Count (2 octets, little endian) */ 692*4126Szf162725 *pos++ = 1; 693*4126Szf162725 *pos++ = 0; 694*4126Szf162725 /* PMKID */ 695*4126Szf162725 (void) memcpy(pos, wpa_s->cur_pmksa->pmkid, PMKID_LEN); 696*4126Szf162725 pos += PMKID_LEN; 697*4126Szf162725 } 698*4126Szf162725 699*4126Szf162725 hdr->len = (pos - rsn_ie) - 2; 700*4126Szf162725 701*4126Szf162725 return (pos - rsn_ie); 702*4126Szf162725 } 703*4126Szf162725 704*4126Szf162725 int 705*4126Szf162725 wpa_gen_wpa_ie(struct wpa_supplicant *wpa_s, uint8_t *wpa_ie) 706*4126Szf162725 { 707*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) 708*4126Szf162725 return (wpa_gen_wpa_ie_rsn(wpa_s, wpa_ie)); 709*4126Szf162725 else 710*4126Szf162725 return (wpa_gen_wpa_ie_wpa(wpa_s, wpa_ie)); 711*4126Szf162725 } 712*4126Szf162725 713*4126Szf162725 static void 714*4126Szf162725 wpa_pmk_to_ptk(uint8_t *pmk, uint8_t *addr1, uint8_t *addr2, 715*4126Szf162725 uint8_t *nonce1, uint8_t *nonce2, uint8_t *ptk, size_t ptk_len) 716*4126Szf162725 { 717*4126Szf162725 uint8_t data[2 * IEEE80211_ADDR_LEN + 2 * WPA_PMK_LEN]; 718*4126Szf162725 719*4126Szf162725 /* 720*4126Szf162725 * PTK = PRF-X(PMK, "Pairwise key expansion", 721*4126Szf162725 * Min(AA, SA) || Max(AA, SA) || 722*4126Szf162725 * Min(ANonce, SNonce) || Max(ANonce, SNonce)) 723*4126Szf162725 */ 724*4126Szf162725 725*4126Szf162725 if (memcmp(addr1, addr2, IEEE80211_ADDR_LEN) < 0) { 726*4126Szf162725 (void) memcpy(data, addr1, IEEE80211_ADDR_LEN); 727*4126Szf162725 (void) memcpy(data + IEEE80211_ADDR_LEN, addr2, 728*4126Szf162725 IEEE80211_ADDR_LEN); 729*4126Szf162725 } else { 730*4126Szf162725 (void) memcpy(data, addr2, IEEE80211_ADDR_LEN); 731*4126Szf162725 (void) memcpy(data + IEEE80211_ADDR_LEN, addr1, 732*4126Szf162725 IEEE80211_ADDR_LEN); 733*4126Szf162725 } 734*4126Szf162725 735*4126Szf162725 if (memcmp(nonce1, nonce2, WPA_PMK_LEN) < 0) { 736*4126Szf162725 (void) memcpy(data + 2 * IEEE80211_ADDR_LEN, nonce1, 737*4126Szf162725 WPA_PMK_LEN); 738*4126Szf162725 (void) memcpy(data + 2 * IEEE80211_ADDR_LEN + WPA_PMK_LEN, 739*4126Szf162725 nonce2, WPA_PMK_LEN); 740*4126Szf162725 } else { 741*4126Szf162725 (void) memcpy(data + 2 * IEEE80211_ADDR_LEN, nonce2, 742*4126Szf162725 WPA_PMK_LEN); 743*4126Szf162725 (void) memcpy(data + 2 * IEEE80211_ADDR_LEN + WPA_PMK_LEN, 744*4126Szf162725 nonce1, WPA_PMK_LEN); 745*4126Szf162725 } 746*4126Szf162725 747*4126Szf162725 sha1_prf(pmk, WPA_PMK_LEN, "Pairwise key expansion", data, 748*4126Szf162725 sizeof (data), ptk, ptk_len); 749*4126Szf162725 750*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: PMK", pmk, WPA_PMK_LEN); 751*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: PTK", ptk, ptk_len); 752*4126Szf162725 } 753*4126Szf162725 754*4126Szf162725 struct wpa_ssid * 755*4126Szf162725 wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s) 756*4126Szf162725 { 757*4126Szf162725 struct wpa_ssid *entry; 758*4126Szf162725 uint8_t ssid[MAX_ESSID_LENGTH]; 759*4126Szf162725 int ssid_len; 760*4126Szf162725 uint8_t bssid[IEEE80211_ADDR_LEN]; 761*4126Szf162725 762*4126Szf162725 (void) memset(ssid, 0, MAX_ESSID_LENGTH); 763*4126Szf162725 ssid_len = wpa_s->driver->get_ssid(wpa_s->ifname, (char *)ssid); 764*4126Szf162725 if (ssid_len < 0) { 765*4126Szf162725 wpa_printf(MSG_WARNING, "Could not read SSID from driver."); 766*4126Szf162725 return (NULL); 767*4126Szf162725 } 768*4126Szf162725 769*4126Szf162725 if (wpa_s->driver->get_bssid(wpa_s->ifname, (char *)bssid) < 0) { 770*4126Szf162725 wpa_printf(MSG_WARNING, "Could not read BSSID from driver."); 771*4126Szf162725 return (NULL); 772*4126Szf162725 } 773*4126Szf162725 774*4126Szf162725 entry = wpa_s->conf->ssid; 775*4126Szf162725 wpa_printf(MSG_DEBUG, "entry len=%d ssid=%s," 776*4126Szf162725 " driver len=%d ssid=%s", 777*4126Szf162725 entry->ssid_len, entry->ssid, ssid_len, ssid); 778*4126Szf162725 779*4126Szf162725 if (ssid_len == entry->ssid_len && 780*4126Szf162725 memcmp(ssid, entry->ssid, ssid_len) == 0 && 781*4126Szf162725 (!entry->bssid_set || 782*4126Szf162725 memcmp(bssid, entry->bssid, IEEE80211_ADDR_LEN) == 0)) 783*4126Szf162725 return (entry); 784*4126Szf162725 785*4126Szf162725 return (NULL); 786*4126Szf162725 } 787*4126Szf162725 788*4126Szf162725 static void 789*4126Szf162725 wpa_eapol_key_mic(uint8_t *key, int ver, uint8_t *buf, size_t len, uint8_t *mic) 790*4126Szf162725 { 791*4126Szf162725 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 792*4126Szf162725 hmac_md5(key, 16, buf, len, mic); 793*4126Szf162725 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 794*4126Szf162725 uint8_t hash[SHA1_MAC_LEN]; 795*4126Szf162725 hmac_sha1(key, 16, buf, len, hash); 796*4126Szf162725 (void) memcpy(mic, hash, MD5_MAC_LEN); 797*4126Szf162725 } 798*4126Szf162725 } 799*4126Szf162725 800*4126Szf162725 void 801*4126Szf162725 wpa_supplicant_key_request(struct wpa_supplicant *wpa_s, 802*4126Szf162725 int error, int pairwise) 803*4126Szf162725 { 804*4126Szf162725 int rlen; 805*4126Szf162725 struct ieee802_1x_hdr *hdr; 806*4126Szf162725 struct wpa_eapol_key *reply; 807*4126Szf162725 unsigned char *rbuf; 808*4126Szf162725 struct l2_ethhdr *ethhdr; 809*4126Szf162725 int key_info, ver; 810*4126Szf162725 uint8_t bssid[IEEE80211_ADDR_LEN]; 811*4126Szf162725 812*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_CCMP) 813*4126Szf162725 ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; 814*4126Szf162725 else 815*4126Szf162725 ver = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; 816*4126Szf162725 817*4126Szf162725 if (wpa_s->driver->get_bssid(wpa_s->ifname, (char *)bssid) < 0) { 818*4126Szf162725 wpa_printf(MSG_WARNING, "Failed to read BSSID for EAPOL-Key " 819*4126Szf162725 "request"); 820*4126Szf162725 return; 821*4126Szf162725 } 822*4126Szf162725 823*4126Szf162725 rlen = sizeof (*ethhdr) + sizeof (*hdr) + sizeof (*reply); 824*4126Szf162725 rbuf = malloc(rlen); 825*4126Szf162725 if (rbuf == NULL) 826*4126Szf162725 return; 827*4126Szf162725 828*4126Szf162725 (void) memset(rbuf, 0, rlen); 829*4126Szf162725 ethhdr = (struct l2_ethhdr *)rbuf; 830*4126Szf162725 (void) memcpy(ethhdr->h_dest, bssid, IEEE80211_ADDR_LEN); 831*4126Szf162725 (void) memcpy(ethhdr->h_source, wpa_s->own_addr, IEEE80211_ADDR_LEN); 832*4126Szf162725 ethhdr->h_proto = htons(ETHERTYPE_EAPOL); 833*4126Szf162725 834*4126Szf162725 hdr = (struct ieee802_1x_hdr *)(ethhdr + 1); 835*4126Szf162725 hdr->version = wpa_s->conf->eapol_version; 836*4126Szf162725 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 837*4126Szf162725 hdr->length = htons(sizeof (*reply)); 838*4126Szf162725 839*4126Szf162725 reply = (struct wpa_eapol_key *)(hdr + 1); 840*4126Szf162725 reply->type = wpa_s->proto == WPA_PROTO_RSN ? 841*4126Szf162725 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 842*4126Szf162725 key_info = WPA_KEY_INFO_REQUEST | ver; 843*4126Szf162725 if (wpa_s->ptk_set) 844*4126Szf162725 key_info |= WPA_KEY_INFO_MIC; 845*4126Szf162725 if (error) 846*4126Szf162725 key_info |= WPA_KEY_INFO_ERROR; 847*4126Szf162725 if (pairwise) 848*4126Szf162725 key_info |= WPA_KEY_INFO_KEY_TYPE; 849*4126Szf162725 reply->key_info = BE_16(key_info); 850*4126Szf162725 reply->key_length = 0; 851*4126Szf162725 (void) memcpy(reply->replay_counter, wpa_s->request_counter, 852*4126Szf162725 WPA_REPLAY_COUNTER_LEN); 853*4126Szf162725 inc_byte_array(wpa_s->request_counter, WPA_REPLAY_COUNTER_LEN); 854*4126Szf162725 855*4126Szf162725 reply->key_data_length = BE_16(0); 856*4126Szf162725 857*4126Szf162725 if (key_info & WPA_KEY_INFO_MIC) { 858*4126Szf162725 wpa_eapol_key_mic(wpa_s->ptk.mic_key, ver, (uint8_t *)hdr, 859*4126Szf162725 rlen - sizeof (*ethhdr), reply->key_mic); 860*4126Szf162725 } 861*4126Szf162725 862*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Sending EAPOL-Key Request (error=%d " 863*4126Szf162725 "pairwise=%d ptk_set=%d len=%d)", 864*4126Szf162725 error, pairwise, wpa_s->ptk_set, rlen); 865*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key Request", rbuf, rlen); 866*4126Szf162725 (void) l2_packet_send(wpa_s->l2, rbuf, rlen); 867*4126Szf162725 free(rbuf); 868*4126Szf162725 } 869*4126Szf162725 870*4126Szf162725 static void 871*4126Szf162725 wpa_supplicant_process_1_of_4(struct wpa_supplicant *wpa_s, 872*4126Szf162725 unsigned char *src_addr, struct wpa_eapol_key *key, int ver) 873*4126Szf162725 { 874*4126Szf162725 int rlen; 875*4126Szf162725 struct ieee802_1x_hdr *hdr; 876*4126Szf162725 struct wpa_eapol_key *reply; 877*4126Szf162725 unsigned char *rbuf; 878*4126Szf162725 struct l2_ethhdr *ethhdr; 879*4126Szf162725 struct wpa_ssid *ssid; 880*4126Szf162725 struct wpa_ptk *ptk; 881*4126Szf162725 uint8_t buf[8], wpa_ie_buf[80], *wpa_ie, *pmkid = NULL; 882*4126Szf162725 int wpa_ie_len; 883*4126Szf162725 884*4126Szf162725 wpa_s->wpa_state = WPA_4WAY_HANDSHAKE; 885*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of 4-Way Handshake from " 886*4126Szf162725 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 887*4126Szf162725 888*4126Szf162725 ssid = wpa_supplicant_get_ssid(wpa_s); 889*4126Szf162725 if (ssid == NULL) { 890*4126Szf162725 wpa_printf(MSG_WARNING, 891*4126Szf162725 "WPA: No SSID info found (msg 1 of 4)."); 892*4126Szf162725 return; 893*4126Szf162725 } 894*4126Szf162725 895*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) { 896*4126Szf162725 /* RSN: msg 1/4 should contain PMKID for the selected PMK */ 897*4126Szf162725 uint8_t *pos = (uint8_t *)(key + 1); 898*4126Szf162725 uint8_t *end = pos + BE_16(key->key_data_length); 899*4126Szf162725 900*4126Szf162725 wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", 901*4126Szf162725 pos, BE_16(key->key_data_length)); 902*4126Szf162725 903*4126Szf162725 while (pos + 1 < end) { 904*4126Szf162725 if (pos + 2 + pos[1] > end) { 905*4126Szf162725 wpa_printf(MSG_DEBUG, "RSN: key data " 906*4126Szf162725 "underflow (ie=%d len=%d)", 907*4126Szf162725 pos[0], pos[1]); 908*4126Szf162725 break; 909*4126Szf162725 } 910*4126Szf162725 if (pos[0] == GENERIC_INFO_ELEM && 911*4126Szf162725 pos + 1 + RSN_SELECTOR_LEN < end && 912*4126Szf162725 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN && 913*4126Szf162725 memcmp(pos + 2, RSN_KEY_DATA_PMKID, 914*4126Szf162725 RSN_SELECTOR_LEN) == 0) { 915*4126Szf162725 pmkid = pos + 2 + RSN_SELECTOR_LEN; 916*4126Szf162725 wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " 917*4126Szf162725 "Authenticator", pmkid, PMKID_LEN); 918*4126Szf162725 break; 919*4126Szf162725 } else if (pos[0] == GENERIC_INFO_ELEM && pos[1] == 0) 920*4126Szf162725 break; 921*4126Szf162725 pos += 2 + pos[1]; 922*4126Szf162725 } 923*4126Szf162725 } 924*4126Szf162725 925*4126Szf162725 wpa_ie = wpa_ie_buf; 926*4126Szf162725 wpa_ie_len = wpa_gen_wpa_ie(wpa_s, wpa_ie); 927*4126Szf162725 if (wpa_ie_len < 0) { 928*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to generate " 929*4126Szf162725 "WPA IE (for msg 2 of 4)."); 930*4126Szf162725 return; 931*4126Szf162725 } 932*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len); 933*4126Szf162725 934*4126Szf162725 rlen = sizeof (*ethhdr) + sizeof (*hdr) + sizeof (*reply) + wpa_ie_len; 935*4126Szf162725 rbuf = malloc(rlen); 936*4126Szf162725 if (rbuf == NULL) 937*4126Szf162725 return; 938*4126Szf162725 939*4126Szf162725 (void) memset(rbuf, 0, rlen); 940*4126Szf162725 ethhdr = (struct l2_ethhdr *)rbuf; 941*4126Szf162725 (void) memcpy(ethhdr->h_dest, src_addr, IEEE80211_ADDR_LEN); 942*4126Szf162725 (void) memcpy(ethhdr->h_source, wpa_s->own_addr, IEEE80211_ADDR_LEN); 943*4126Szf162725 ethhdr->h_proto = htons(ETHERTYPE_EAPOL); 944*4126Szf162725 945*4126Szf162725 hdr = (struct ieee802_1x_hdr *)(ethhdr + 1); 946*4126Szf162725 hdr->version = wpa_s->conf->eapol_version; 947*4126Szf162725 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 948*4126Szf162725 hdr->length = htons(sizeof (*reply) + wpa_ie_len); 949*4126Szf162725 950*4126Szf162725 reply = (struct wpa_eapol_key *)(hdr + 1); 951*4126Szf162725 reply->type = wpa_s->proto == WPA_PROTO_RSN ? 952*4126Szf162725 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 953*4126Szf162725 reply->key_info = BE_16(ver | WPA_KEY_INFO_KEY_TYPE | 954*4126Szf162725 WPA_KEY_INFO_MIC); 955*4126Szf162725 reply->key_length = key->key_length; 956*4126Szf162725 (void) memcpy(reply->replay_counter, key->replay_counter, 957*4126Szf162725 WPA_REPLAY_COUNTER_LEN); 958*4126Szf162725 959*4126Szf162725 reply->key_data_length = BE_16(wpa_ie_len); 960*4126Szf162725 (void) memcpy(reply + 1, wpa_ie, wpa_ie_len); 961*4126Szf162725 962*4126Szf162725 if (wpa_s->renew_snonce) { 963*4126Szf162725 if (random_get_pseudo_bytes(wpa_s->snonce, WPA_NONCE_LEN)) { 964*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to get " 965*4126Szf162725 "random data for SNonce"); 966*4126Szf162725 free(rbuf); 967*4126Szf162725 return; 968*4126Szf162725 } 969*4126Szf162725 970*4126Szf162725 wpa_s->renew_snonce = 0; 971*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", 972*4126Szf162725 wpa_s->snonce, WPA_NONCE_LEN); 973*4126Szf162725 } 974*4126Szf162725 (void) memcpy(reply->key_nonce, wpa_s->snonce, WPA_NONCE_LEN); 975*4126Szf162725 ptk = &wpa_s->tptk; 976*4126Szf162725 (void) memcpy(wpa_s->anonce, key->key_nonce, WPA_NONCE_LEN); 977*4126Szf162725 978*4126Szf162725 wpa_pmk_to_ptk(wpa_s->pmk, wpa_s->own_addr, src_addr, 979*4126Szf162725 wpa_s->snonce, key->key_nonce, (uint8_t *)ptk, sizeof (*ptk)); 980*4126Szf162725 981*4126Szf162725 /* 982*4126Szf162725 * Supplicant: swap tx/rx Mic keys 983*4126Szf162725 */ 984*4126Szf162725 (void) memcpy(buf, ptk->u.auth.tx_mic_key, 8); 985*4126Szf162725 (void) memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8); 986*4126Szf162725 (void) memcpy(ptk->u.auth.rx_mic_key, buf, 8); 987*4126Szf162725 wpa_s->tptk_set = 1; 988*4126Szf162725 wpa_eapol_key_mic(wpa_s->tptk.mic_key, ver, (uint8_t *)hdr, 989*4126Szf162725 rlen - sizeof (*ethhdr), reply->key_mic); 990*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: EAPOL-Key MIC", reply->key_mic, 16); 991*4126Szf162725 992*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4"); 993*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key 2/4", rbuf, rlen); 994*4126Szf162725 (void) l2_packet_send(wpa_s->l2, rbuf, rlen); 995*4126Szf162725 996*4126Szf162725 free(rbuf); 997*4126Szf162725 } 998*4126Szf162725 999*4126Szf162725 static void 1000*4126Szf162725 wpa_supplicant_process_3_of_4_gtk(struct wpa_supplicant *wpa_s, 1001*4126Szf162725 unsigned char *src_addr, struct wpa_eapol_key *key, 1002*4126Szf162725 uint8_t *gtk, int gtk_len) 1003*4126Szf162725 { 1004*4126Szf162725 int keyidx, tx, key_rsc_len = 0, alg; 1005*4126Szf162725 1006*4126Szf162725 wpa_hexdump(MSG_DEBUG, 1007*4126Szf162725 "WPA: received GTK in pairwise handshake", gtk, gtk_len); 1008*4126Szf162725 1009*4126Szf162725 keyidx = gtk[0] & 0x3; 1010*4126Szf162725 tx = !!(gtk[0] & BIT(2)); 1011*4126Szf162725 if (tx && wpa_s->pairwise_cipher != WPA_CIPHER_NONE) { 1012*4126Szf162725 /* 1013*4126Szf162725 * Ignore Tx bit in GTK IE if a pairwise key is used. 1014*4126Szf162725 * One AP seemed to set this bit (incorrectly, since Tx 1015*4126Szf162725 * is only when doing Group Key only APs) and without 1016*4126Szf162725 * this workaround, the data connection does not work 1017*4126Szf162725 * because wpa_supplicant configured non-zero keyidx to 1018*4126Szf162725 * be used for unicast. 1019*4126Szf162725 */ 1020*4126Szf162725 wpa_printf(MSG_INFO, "RSN: Tx bit set for GTK IE, but " 1021*4126Szf162725 "pairwise keys are used - ignore Tx bit"); 1022*4126Szf162725 tx = 0; 1023*4126Szf162725 } 1024*4126Szf162725 1025*4126Szf162725 gtk += 2; 1026*4126Szf162725 gtk_len -= 2; 1027*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gtk, gtk_len); 1028*4126Szf162725 1029*4126Szf162725 switch (wpa_s->group_cipher) { 1030*4126Szf162725 case WPA_CIPHER_CCMP: 1031*4126Szf162725 if (gtk_len != 16) { 1032*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported CCMP" 1033*4126Szf162725 " Group Cipher key length %d.", gtk_len); 1034*4126Szf162725 return; 1035*4126Szf162725 } 1036*4126Szf162725 key_rsc_len = 6; 1037*4126Szf162725 alg = WPA_ALG_CCMP; 1038*4126Szf162725 break; 1039*4126Szf162725 case WPA_CIPHER_TKIP: 1040*4126Szf162725 if (gtk_len != 32) { 1041*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported TKIP" 1042*4126Szf162725 " Group Cipher key length %d.", gtk_len); 1043*4126Szf162725 return; 1044*4126Szf162725 } 1045*4126Szf162725 key_rsc_len = 6; 1046*4126Szf162725 alg = WPA_ALG_TKIP; 1047*4126Szf162725 break; 1048*4126Szf162725 case WPA_CIPHER_WEP104: 1049*4126Szf162725 if (gtk_len != 13) { 1050*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1051*4126Szf162725 "WEP104 Group Cipher key length " "%d.", gtk_len); 1052*4126Szf162725 return; 1053*4126Szf162725 } 1054*4126Szf162725 alg = WPA_ALG_WEP; 1055*4126Szf162725 break; 1056*4126Szf162725 case WPA_CIPHER_WEP40: 1057*4126Szf162725 if (gtk_len != 5) { 1058*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1059*4126Szf162725 "WEP40 Group Cipher key length %d.", gtk_len); 1060*4126Szf162725 return; 1061*4126Szf162725 } 1062*4126Szf162725 alg = WPA_ALG_WEP; 1063*4126Szf162725 break; 1064*4126Szf162725 default: 1065*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupport Group Cipher " 1066*4126Szf162725 "%d", wpa_s->group_cipher); 1067*4126Szf162725 return; 1068*4126Szf162725 } 1069*4126Szf162725 1070*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver " 1071*4126Szf162725 "(keyidx=%d tx=%d).", keyidx, tx); 1072*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key->key_rsc, key_rsc_len); 1073*4126Szf162725 if (wpa_s->group_cipher == WPA_CIPHER_TKIP) { 1074*4126Szf162725 uint8_t tmpbuf[8]; 1075*4126Szf162725 /* 1076*4126Szf162725 * Swap Tx/Rx keys for Michael MIC 1077*4126Szf162725 */ 1078*4126Szf162725 (void) memcpy(tmpbuf, gtk + 16, 8); 1079*4126Szf162725 (void) memcpy(gtk + 16, gtk + 24, 8); 1080*4126Szf162725 (void) memcpy(gtk + 24, tmpbuf, 8); 1081*4126Szf162725 } 1082*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_NONE) { 1083*4126Szf162725 if (wpa_s->driver->set_key(wpa_s->ifname, alg, 1084*4126Szf162725 (uint8_t *)"\xff\xff\xff\xff\xff\xff", 1085*4126Szf162725 keyidx, 1, key->key_rsc, 1086*4126Szf162725 key_rsc_len, gtk, gtk_len) < 0) 1087*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to set " 1088*4126Szf162725 "GTK to the driver (Group only)."); 1089*4126Szf162725 } else if (wpa_s->driver->set_key(wpa_s->ifname, alg, 1090*4126Szf162725 (uint8_t *)"\xff\xff\xff\xff\xff\xff", 1091*4126Szf162725 keyidx, tx, 1092*4126Szf162725 key->key_rsc, key_rsc_len, 1093*4126Szf162725 gtk, gtk_len) < 0) { 1094*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to " 1095*4126Szf162725 "the driver."); 1096*4126Szf162725 } 1097*4126Szf162725 1098*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Key negotiation completed with " 1099*4126Szf162725 MACSTR, MAC2STR(src_addr)); 1100*4126Szf162725 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1101*4126Szf162725 wpa_supplicant_cancel_auth_timeout(wpa_s); 1102*4126Szf162725 wpa_s->wpa_state = WPA_COMPLETED; 1103*4126Szf162725 } 1104*4126Szf162725 1105*4126Szf162725 static void 1106*4126Szf162725 wpa_supplicant_process_3_of_4(struct wpa_supplicant *wpa_s, 1107*4126Szf162725 unsigned char *src_addr, struct wpa_eapol_key *key, 1108*4126Szf162725 int extra_len, int ver) 1109*4126Szf162725 { 1110*4126Szf162725 int rlen; 1111*4126Szf162725 struct ieee802_1x_hdr *hdr; 1112*4126Szf162725 struct wpa_eapol_key *reply; 1113*4126Szf162725 unsigned char *rbuf; 1114*4126Szf162725 struct l2_ethhdr *ethhdr; 1115*4126Szf162725 int key_info, ie_len = 0, keylen, gtk_len = 0; 1116*4126Szf162725 uint8_t *ie = NULL, *gtk = NULL, *key_rsc; 1117*4126Szf162725 uint8_t null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 1118*4126Szf162725 1119*4126Szf162725 wpa_s->wpa_state = WPA_4WAY_HANDSHAKE; 1120*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from " 1121*4126Szf162725 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1122*4126Szf162725 1123*4126Szf162725 key_info = BE_16(key->key_info); 1124*4126Szf162725 1125*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) { 1126*4126Szf162725 uint8_t *pos = (uint8_t *)(key + 1); 1127*4126Szf162725 uint8_t *end = pos + BE_16(key->key_data_length); 1128*4126Szf162725 while (pos + 1 < end) { 1129*4126Szf162725 if (pos + 2 + pos[1] > end) { 1130*4126Szf162725 wpa_printf(MSG_DEBUG, "RSN: key data " 1131*4126Szf162725 "underflow (ie=%d len=%d)", 1132*4126Szf162725 pos[0], pos[1]); 1133*4126Szf162725 break; 1134*4126Szf162725 } 1135*4126Szf162725 if (*pos == RSN_INFO_ELEM) { 1136*4126Szf162725 ie = pos; 1137*4126Szf162725 ie_len = pos[1] + 2; 1138*4126Szf162725 } else if (pos[0] == GENERIC_INFO_ELEM && 1139*4126Szf162725 pos + 1 + RSN_SELECTOR_LEN < end && 1140*4126Szf162725 pos[1] > RSN_SELECTOR_LEN + 2 && 1141*4126Szf162725 memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, 1142*4126Szf162725 RSN_SELECTOR_LEN) == 0) { 1143*4126Szf162725 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1144*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: GTK IE " 1145*4126Szf162725 "in unencrypted key data"); 1146*4126Szf162725 return; 1147*4126Szf162725 } 1148*4126Szf162725 gtk = pos + 2 + RSN_SELECTOR_LEN; 1149*4126Szf162725 gtk_len = pos[1] - RSN_SELECTOR_LEN; 1150*4126Szf162725 } else if (pos[0] == GENERIC_INFO_ELEM && pos[1] == 0) 1151*4126Szf162725 break; 1152*4126Szf162725 1153*4126Szf162725 pos += 2 + pos[1]; 1154*4126Szf162725 } 1155*4126Szf162725 } else { 1156*4126Szf162725 ie = (uint8_t *)(key + 1); 1157*4126Szf162725 ie_len = BE_16(key->key_data_length); 1158*4126Szf162725 if (ie_len > extra_len) { 1159*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:" 1160*4126Szf162725 " ie_len=%d > extra_len=%d", 1161*4126Szf162725 ie_len, extra_len); 1162*4126Szf162725 return; 1163*4126Szf162725 } 1164*4126Szf162725 } 1165*4126Szf162725 1166*4126Szf162725 if (wpa_s->ap_wpa_ie && 1167*4126Szf162725 (wpa_s->ap_wpa_ie_len != ie_len || 1168*4126Szf162725 memcmp(wpa_s->ap_wpa_ie, ie, ie_len) != 0)) { 1169*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: WPA IE in 3/4 msg does not match" 1170*4126Szf162725 " with WPA IE in Beacon/ProbeResp (src=" MACSTR ")", 1171*4126Szf162725 MAC2STR(src_addr)); 1172*4126Szf162725 wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", 1173*4126Szf162725 wpa_s->ap_wpa_ie, wpa_s->ap_wpa_ie_len); 1174*4126Szf162725 wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", ie, ie_len); 1175*4126Szf162725 wpa_supplicant_disassociate(wpa_s, REASON_IE_IN_4WAY_DIFFERS); 1176*4126Szf162725 wpa_supplicant_req_scan(wpa_s, 0, 0); 1177*4126Szf162725 return; 1178*4126Szf162725 } 1179*4126Szf162725 1180*4126Szf162725 if (memcmp(wpa_s->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { 1181*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way " 1182*4126Szf162725 "Handshake differs from 3 of 4-Way Handshake - drop" 1183*4126Szf162725 " packet (src=" MACSTR ")", MAC2STR(src_addr)); 1184*4126Szf162725 return; 1185*4126Szf162725 } 1186*4126Szf162725 1187*4126Szf162725 keylen = BE_16(key->key_length); 1188*4126Szf162725 switch (wpa_s->pairwise_cipher) { 1189*4126Szf162725 case WPA_CIPHER_CCMP: 1190*4126Szf162725 if (keylen != 16) { 1191*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length " 1192*4126Szf162725 "%d (src=" MACSTR ")", 1193*4126Szf162725 keylen, MAC2STR(src_addr)); 1194*4126Szf162725 return; 1195*4126Szf162725 } 1196*4126Szf162725 break; 1197*4126Szf162725 case WPA_CIPHER_TKIP: 1198*4126Szf162725 if (keylen != 32) { 1199*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length " 1200*4126Szf162725 "%d (src=" MACSTR ")", 1201*4126Szf162725 keylen, MAC2STR(src_addr)); 1202*4126Szf162725 return; 1203*4126Szf162725 } 1204*4126Szf162725 break; 1205*4126Szf162725 } 1206*4126Szf162725 1207*4126Szf162725 rlen = sizeof (*ethhdr) + sizeof (*hdr) + sizeof (*reply); 1208*4126Szf162725 rbuf = malloc(rlen); 1209*4126Szf162725 if (rbuf == NULL) 1210*4126Szf162725 return; 1211*4126Szf162725 1212*4126Szf162725 (void) memset(rbuf, 0, rlen); 1213*4126Szf162725 ethhdr = (struct l2_ethhdr *)rbuf; 1214*4126Szf162725 (void) memcpy(ethhdr->h_dest, src_addr, IEEE80211_ADDR_LEN); 1215*4126Szf162725 (void) memcpy(ethhdr->h_source, wpa_s->own_addr, IEEE80211_ADDR_LEN); 1216*4126Szf162725 ethhdr->h_proto = htons(ETHERTYPE_EAPOL); 1217*4126Szf162725 1218*4126Szf162725 hdr = (struct ieee802_1x_hdr *)(ethhdr + 1); 1219*4126Szf162725 hdr->version = wpa_s->conf->eapol_version; 1220*4126Szf162725 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1221*4126Szf162725 hdr->length = htons(sizeof (*reply)); 1222*4126Szf162725 1223*4126Szf162725 reply = (struct wpa_eapol_key *)(hdr + 1); 1224*4126Szf162725 reply->type = wpa_s->proto == WPA_PROTO_RSN ? 1225*4126Szf162725 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1226*4126Szf162725 reply->key_info = BE_16(ver | WPA_KEY_INFO_KEY_TYPE | 1227*4126Szf162725 WPA_KEY_INFO_MIC | 1228*4126Szf162725 (key_info & WPA_KEY_INFO_SECURE)); 1229*4126Szf162725 reply->key_length = key->key_length; 1230*4126Szf162725 (void) memcpy(reply->replay_counter, key->replay_counter, 1231*4126Szf162725 WPA_REPLAY_COUNTER_LEN); 1232*4126Szf162725 1233*4126Szf162725 reply->key_data_length = BE_16(0); 1234*4126Szf162725 1235*4126Szf162725 (void) memcpy(reply->key_nonce, wpa_s->snonce, WPA_NONCE_LEN); 1236*4126Szf162725 wpa_eapol_key_mic(wpa_s->ptk.mic_key, ver, (uint8_t *)hdr, 1237*4126Szf162725 rlen - sizeof (*ethhdr), reply->key_mic); 1238*4126Szf162725 1239*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); 1240*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key 4/4", rbuf, rlen); 1241*4126Szf162725 (void) l2_packet_send(wpa_s->l2, rbuf, rlen); 1242*4126Szf162725 1243*4126Szf162725 free(rbuf); 1244*4126Szf162725 1245*4126Szf162725 /* 1246*4126Szf162725 * SNonce was successfully used in msg 3/4, so mark it to be renewed 1247*4126Szf162725 * for the next 4-Way Handshake. If msg 3 is received again, the old 1248*4126Szf162725 * SNonce will still be used to avoid changing PTK. 1249*4126Szf162725 */ 1250*4126Szf162725 wpa_s->renew_snonce = 1; 1251*4126Szf162725 1252*4126Szf162725 if (key_info & WPA_KEY_INFO_INSTALL) { 1253*4126Szf162725 int alg, keylen, rsclen; 1254*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver."); 1255*4126Szf162725 switch (wpa_s->pairwise_cipher) { 1256*4126Szf162725 case WPA_CIPHER_CCMP: 1257*4126Szf162725 alg = WPA_ALG_CCMP; 1258*4126Szf162725 keylen = 16; 1259*4126Szf162725 rsclen = 6; 1260*4126Szf162725 break; 1261*4126Szf162725 case WPA_CIPHER_TKIP: 1262*4126Szf162725 alg = WPA_ALG_TKIP; 1263*4126Szf162725 keylen = 32; 1264*4126Szf162725 rsclen = 6; 1265*4126Szf162725 break; 1266*4126Szf162725 case WPA_CIPHER_NONE: 1267*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: " 1268*4126Szf162725 "NONE - do not use pairwise keys"); 1269*4126Szf162725 return; 1270*4126Szf162725 default: 1271*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported pairwise " 1272*4126Szf162725 "cipher %d", wpa_s->pairwise_cipher); 1273*4126Szf162725 return; 1274*4126Szf162725 } 1275*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) { 1276*4126Szf162725 key_rsc = null_rsc; 1277*4126Szf162725 } else { 1278*4126Szf162725 key_rsc = key->key_rsc; 1279*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); 1280*4126Szf162725 } 1281*4126Szf162725 1282*4126Szf162725 if (wpa_s->driver->set_key(wpa_s->ifname, alg, src_addr, 1283*4126Szf162725 0, 1, key_rsc, rsclen, 1284*4126Szf162725 (uint8_t *)&wpa_s->ptk.tk1, keylen) < 0) { 1285*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the" 1286*4126Szf162725 " driver."); 1287*4126Szf162725 } 1288*4126Szf162725 } 1289*4126Szf162725 1290*4126Szf162725 wpa_printf(MSG_DEBUG, "%s: key_info=%x gtk=%p\n", 1291*4126Szf162725 "wpa_supplicant_process_3_of_4", key_info, gtk); 1292*4126Szf162725 wpa_s->wpa_state = WPA_GROUP_HANDSHAKE; 1293*4126Szf162725 1294*4126Szf162725 if (gtk) 1295*4126Szf162725 wpa_supplicant_process_3_of_4_gtk(wpa_s, 1296*4126Szf162725 src_addr, key, gtk, gtk_len); 1297*4126Szf162725 } 1298*4126Szf162725 1299*4126Szf162725 static void 1300*4126Szf162725 wpa_supplicant_process_1_of_2(struct wpa_supplicant *wpa_s, 1301*4126Szf162725 unsigned char *src_addr, struct wpa_eapol_key *key, 1302*4126Szf162725 int extra_len, int ver) 1303*4126Szf162725 { 1304*4126Szf162725 int rlen; 1305*4126Szf162725 struct ieee802_1x_hdr *hdr; 1306*4126Szf162725 struct wpa_eapol_key *reply; 1307*4126Szf162725 unsigned char *rbuf; 1308*4126Szf162725 struct l2_ethhdr *ethhdr; 1309*4126Szf162725 int key_info, keylen, keydatalen, maxkeylen, keyidx, key_rsc_len = 0; 1310*4126Szf162725 int alg, tx; 1311*4126Szf162725 uint8_t ek[32], tmpbuf[8], gtk[32]; 1312*4126Szf162725 uint8_t *gtk_ie = NULL; 1313*4126Szf162725 size_t gtk_ie_len = 0; 1314*4126Szf162725 1315*4126Szf162725 wpa_s->wpa_state = WPA_GROUP_HANDSHAKE; 1316*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: RX message 1 of Group Key Handshake from " 1317*4126Szf162725 MACSTR " (ver=%d)", MAC2STR(src_addr), ver); 1318*4126Szf162725 1319*4126Szf162725 key_info = BE_16(key->key_info); 1320*4126Szf162725 keydatalen = BE_16(key->key_data_length); 1321*4126Szf162725 1322*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) { 1323*4126Szf162725 uint8_t *pos = (uint8_t *)(key + 1); 1324*4126Szf162725 uint8_t *end = pos + keydatalen; 1325*4126Szf162725 while (pos + 1 < end) { 1326*4126Szf162725 if (pos + 2 + pos[1] > end) { 1327*4126Szf162725 wpa_printf(MSG_DEBUG, "RSN: key data " 1328*4126Szf162725 "underflow (ie=%d len=%d)", 1329*4126Szf162725 pos[0], pos[1]); 1330*4126Szf162725 break; 1331*4126Szf162725 } 1332*4126Szf162725 if (pos[0] == GENERIC_INFO_ELEM && 1333*4126Szf162725 pos + 1 + RSN_SELECTOR_LEN < end && 1334*4126Szf162725 pos[1] > RSN_SELECTOR_LEN + 2 && 1335*4126Szf162725 memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, 1336*4126Szf162725 RSN_SELECTOR_LEN) == 0) { 1337*4126Szf162725 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { 1338*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: GTK IE " 1339*4126Szf162725 "in unencrypted key data"); 1340*4126Szf162725 return; 1341*4126Szf162725 } 1342*4126Szf162725 gtk_ie = pos + 2 + RSN_SELECTOR_LEN; 1343*4126Szf162725 gtk_ie_len = pos[1] - RSN_SELECTOR_LEN; 1344*4126Szf162725 break; 1345*4126Szf162725 } else if (pos[0] == GENERIC_INFO_ELEM && 1346*4126Szf162725 pos[1] == 0) 1347*4126Szf162725 break; 1348*4126Szf162725 1349*4126Szf162725 pos += 2 + pos[1]; 1350*4126Szf162725 } 1351*4126Szf162725 1352*4126Szf162725 if (gtk_ie == NULL) { 1353*4126Szf162725 wpa_printf(MSG_INFO, "WPA: No GTK IE in Group Key " 1354*4126Szf162725 "message 1/2"); 1355*4126Szf162725 return; 1356*4126Szf162725 } 1357*4126Szf162725 maxkeylen = keylen = gtk_ie_len - 2; 1358*4126Szf162725 } else { 1359*4126Szf162725 keylen = BE_16(key->key_length); 1360*4126Szf162725 maxkeylen = keydatalen; 1361*4126Szf162725 if (keydatalen > extra_len) { 1362*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Truncated EAPOL-Key packet:" 1363*4126Szf162725 " key_data_length=%d > extra_len=%d", 1364*4126Szf162725 keydatalen, extra_len); 1365*4126Szf162725 return; 1366*4126Szf162725 } 1367*4126Szf162725 if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) 1368*4126Szf162725 maxkeylen -= 8; 1369*4126Szf162725 } 1370*4126Szf162725 1371*4126Szf162725 switch (wpa_s->group_cipher) { 1372*4126Szf162725 case WPA_CIPHER_CCMP: 1373*4126Szf162725 if (keylen != 16 || maxkeylen < 16) { 1374*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported CCMP Group " 1375*4126Szf162725 "Cipher key length %d (%d).", keylen, maxkeylen); 1376*4126Szf162725 return; 1377*4126Szf162725 } 1378*4126Szf162725 key_rsc_len = 6; 1379*4126Szf162725 alg = WPA_ALG_CCMP; 1380*4126Szf162725 break; 1381*4126Szf162725 case WPA_CIPHER_TKIP: 1382*4126Szf162725 if (keylen != 32 || maxkeylen < 32) { 1383*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported TKIP Group " 1384*4126Szf162725 "Cipher key length %d (%d).", keylen, maxkeylen); 1385*4126Szf162725 return; 1386*4126Szf162725 } 1387*4126Szf162725 key_rsc_len = 6; /* key->key_data; */ 1388*4126Szf162725 alg = WPA_ALG_TKIP; 1389*4126Szf162725 break; 1390*4126Szf162725 case WPA_CIPHER_WEP104: 1391*4126Szf162725 if (keylen != 13 || maxkeylen < 13) { 1392*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported WEP104 Group" 1393*4126Szf162725 " Cipher key length %d (%d).", keylen, maxkeylen); 1394*4126Szf162725 return; 1395*4126Szf162725 } 1396*4126Szf162725 alg = WPA_ALG_WEP; 1397*4126Szf162725 break; 1398*4126Szf162725 case WPA_CIPHER_WEP40: 1399*4126Szf162725 if (keylen != 5 || maxkeylen < 5) { 1400*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported WEP40 Group " 1401*4126Szf162725 "Cipher key length %d (%d).", keylen, maxkeylen); 1402*4126Szf162725 return; 1403*4126Szf162725 } 1404*4126Szf162725 alg = WPA_ALG_WEP; 1405*4126Szf162725 break; 1406*4126Szf162725 default: 1407*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupport Group Cipher %d", 1408*4126Szf162725 wpa_s->group_cipher); 1409*4126Szf162725 return; 1410*4126Szf162725 } 1411*4126Szf162725 1412*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN) { 1413*4126Szf162725 wpa_hexdump(MSG_DEBUG, 1414*4126Szf162725 "WPA: received GTK in group key handshake", 1415*4126Szf162725 gtk_ie, gtk_ie_len); 1416*4126Szf162725 keyidx = gtk_ie[0] & 0x3; 1417*4126Szf162725 tx = !!(gtk_ie[0] & BIT(2)); 1418*4126Szf162725 if (gtk_ie_len - 2 > sizeof (gtk)) { 1419*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Too long GTK in GTK IE " 1420*4126Szf162725 "(len=%d)", gtk_ie_len - 2); 1421*4126Szf162725 return; 1422*4126Szf162725 } 1423*4126Szf162725 (void) memcpy(gtk, gtk_ie + 2, gtk_ie_len - 2); 1424*4126Szf162725 } else { 1425*4126Szf162725 keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >> 1426*4126Szf162725 WPA_KEY_INFO_KEY_INDEX_SHIFT; 1427*4126Szf162725 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1428*4126Szf162725 (void) memcpy(ek, key->key_iv, 16); 1429*4126Szf162725 (void) memcpy(ek + 16, wpa_s->ptk.encr_key, 16); 1430*4126Szf162725 rc4_skip(ek, 32, 256, (uint8_t *)(key + 1), keydatalen); 1431*4126Szf162725 (void) memcpy(gtk, key + 1, keylen); 1432*4126Szf162725 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1433*4126Szf162725 if (keydatalen % 8) { 1434*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1435*4126Szf162725 "AES-WRAP len %d", keydatalen); 1436*4126Szf162725 return; 1437*4126Szf162725 } 1438*4126Szf162725 if (aes_unwrap(wpa_s->ptk.encr_key, maxkeylen / 8, 1439*4126Szf162725 (uint8_t *)(key + 1), gtk)) { 1440*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: AES unwrap " 1441*4126Szf162725 "failed - could not decrypt GTK"); 1442*4126Szf162725 return; 1443*4126Szf162725 } 1444*4126Szf162725 } 1445*4126Szf162725 tx = !!(key_info & WPA_KEY_INFO_TXRX); 1446*4126Szf162725 if (tx && wpa_s->pairwise_cipher != WPA_CIPHER_NONE) { 1447*4126Szf162725 /* 1448*4126Szf162725 * Ignore Tx bit in Group Key message if a pairwise key 1449*4126Szf162725 * is used. Some APs seem to setting this bit 1450*4126Szf162725 * (incorrectly, since Tx is only when doing Group Key 1451*4126Szf162725 * only APs) and without this workaround, the data 1452*4126Szf162725 * connection does not work because wpa_supplicant 1453*4126Szf162725 * configured non-zero keyidx to be used for unicast. 1454*4126Szf162725 */ 1455*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but " 1456*4126Szf162725 "pairwise keys are used - ignore Tx bit"); 1457*4126Szf162725 tx = 0; 1458*4126Szf162725 } 1459*4126Szf162725 } 1460*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gtk, keylen); 1461*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver (keyidx=%d " 1462*4126Szf162725 "tx=%d).", keyidx, tx); 1463*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key->key_rsc, key_rsc_len); 1464*4126Szf162725 if (wpa_s->group_cipher == WPA_CIPHER_TKIP) { 1465*4126Szf162725 /* 1466*4126Szf162725 * Swap Tx/Rx keys for Michael MIC 1467*4126Szf162725 */ 1468*4126Szf162725 (void) memcpy(tmpbuf, gtk + 16, 8); 1469*4126Szf162725 (void) memcpy(gtk + 16, gtk + 24, 8); 1470*4126Szf162725 (void) memcpy(gtk + 24, tmpbuf, 8); 1471*4126Szf162725 } 1472*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_NONE) { 1473*4126Szf162725 if (wpa_s->driver->set_key(wpa_s->ifname, alg, 1474*4126Szf162725 (uint8_t *)"\xff\xff\xff\xff\xff\xff", 1475*4126Szf162725 keyidx, 1, key->key_rsc, 1476*4126Szf162725 key_rsc_len, gtk, keylen) < 0) 1477*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the" 1478*4126Szf162725 " driver (Group only)."); 1479*4126Szf162725 } else if (wpa_s->driver->set_key(wpa_s->ifname, alg, 1480*4126Szf162725 (uint8_t *)"\xff\xff\xff\xff\xff\xff", 1481*4126Szf162725 keyidx, tx, 1482*4126Szf162725 key->key_rsc, key_rsc_len, 1483*4126Szf162725 gtk, keylen) < 0) { 1484*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the " 1485*4126Szf162725 "driver."); 1486*4126Szf162725 } 1487*4126Szf162725 1488*4126Szf162725 rlen = sizeof (*ethhdr) + sizeof (*hdr) + sizeof (*reply); 1489*4126Szf162725 rbuf = malloc(rlen); 1490*4126Szf162725 if (rbuf == NULL) 1491*4126Szf162725 return; 1492*4126Szf162725 1493*4126Szf162725 (void) memset(rbuf, 0, rlen); 1494*4126Szf162725 ethhdr = (struct l2_ethhdr *)rbuf; 1495*4126Szf162725 (void) memcpy(ethhdr->h_dest, src_addr, IEEE80211_ADDR_LEN); 1496*4126Szf162725 (void) memcpy(ethhdr->h_source, wpa_s->own_addr, IEEE80211_ADDR_LEN); 1497*4126Szf162725 ethhdr->h_proto = htons(ETHERTYPE_EAPOL); 1498*4126Szf162725 1499*4126Szf162725 hdr = (struct ieee802_1x_hdr *)(ethhdr + 1); 1500*4126Szf162725 hdr->version = wpa_s->conf->eapol_version; 1501*4126Szf162725 hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; 1502*4126Szf162725 hdr->length = htons(sizeof (*reply)); 1503*4126Szf162725 1504*4126Szf162725 reply = (struct wpa_eapol_key *)(hdr + 1); 1505*4126Szf162725 reply->type = wpa_s->proto == WPA_PROTO_RSN ? 1506*4126Szf162725 EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; 1507*4126Szf162725 reply->key_info = 1508*4126Szf162725 BE_16(ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE | 1509*4126Szf162725 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK)); 1510*4126Szf162725 reply->key_length = key->key_length; 1511*4126Szf162725 (void) memcpy(reply->replay_counter, key->replay_counter, 1512*4126Szf162725 WPA_REPLAY_COUNTER_LEN); 1513*4126Szf162725 1514*4126Szf162725 reply->key_data_length = BE_16(0); 1515*4126Szf162725 1516*4126Szf162725 wpa_eapol_key_mic(wpa_s->ptk.mic_key, ver, (uint8_t *)hdr, 1517*4126Szf162725 rlen - sizeof (*ethhdr), reply->key_mic); 1518*4126Szf162725 1519*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); 1520*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key 2/2", rbuf, rlen); 1521*4126Szf162725 (void) l2_packet_send(wpa_s->l2, rbuf, rlen); 1522*4126Szf162725 free(rbuf); 1523*4126Szf162725 1524*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Key negotiation completed with " MACSTR, 1525*4126Szf162725 MAC2STR(src_addr)); 1526*4126Szf162725 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1527*4126Szf162725 wpa_supplicant_cancel_auth_timeout(wpa_s); 1528*4126Szf162725 wpa_s->wpa_state = WPA_COMPLETED; 1529*4126Szf162725 wpa_printf(MSG_INFO, "-----------------------------------\n"); 1530*4126Szf162725 } 1531*4126Szf162725 1532*4126Szf162725 static int 1533*4126Szf162725 wpa_supplicant_verify_eapol_key_mic(struct wpa_supplicant *wpa_s, 1534*4126Szf162725 struct wpa_eapol_key *key, int ver, uint8_t *buf, size_t len) 1535*4126Szf162725 { 1536*4126Szf162725 uint8_t mic[16]; 1537*4126Szf162725 int ok = 0; 1538*4126Szf162725 1539*4126Szf162725 (void) memcpy(mic, key->key_mic, 16); 1540*4126Szf162725 if (wpa_s->tptk_set) { 1541*4126Szf162725 (void) memset(key->key_mic, 0, 16); 1542*4126Szf162725 wpa_eapol_key_mic(wpa_s->tptk.mic_key, ver, buf, len, 1543*4126Szf162725 key->key_mic); 1544*4126Szf162725 if (memcmp(mic, key->key_mic, 16) != 0) { 1545*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1546*4126Szf162725 "when using TPTK - ignoring TPTK"); 1547*4126Szf162725 } else { 1548*4126Szf162725 ok = 1; 1549*4126Szf162725 wpa_s->tptk_set = 0; 1550*4126Szf162725 wpa_s->ptk_set = 1; 1551*4126Szf162725 (void) memcpy(&wpa_s->ptk, &wpa_s->tptk, 1552*4126Szf162725 sizeof (wpa_s->ptk)); 1553*4126Szf162725 } 1554*4126Szf162725 } 1555*4126Szf162725 1556*4126Szf162725 if (!ok && wpa_s->ptk_set) { 1557*4126Szf162725 (void) memset(key->key_mic, 0, 16); 1558*4126Szf162725 wpa_eapol_key_mic(wpa_s->ptk.mic_key, ver, buf, len, 1559*4126Szf162725 key->key_mic); 1560*4126Szf162725 if (memcmp(mic, key->key_mic, 16) != 0) { 1561*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Invalid EAPOL-Key MIC " 1562*4126Szf162725 "- dropping packet"); 1563*4126Szf162725 return (-1); 1564*4126Szf162725 } 1565*4126Szf162725 ok = 1; 1566*4126Szf162725 } 1567*4126Szf162725 1568*4126Szf162725 if (!ok) { 1569*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Could not verify EAPOL-Key MIC " 1570*4126Szf162725 "- dropping packet"); 1571*4126Szf162725 return (-1); 1572*4126Szf162725 } 1573*4126Szf162725 1574*4126Szf162725 (void) memcpy(wpa_s->rx_replay_counter, key->replay_counter, 1575*4126Szf162725 WPA_REPLAY_COUNTER_LEN); 1576*4126Szf162725 wpa_s->rx_replay_counter_set = 1; 1577*4126Szf162725 1578*4126Szf162725 return (0); 1579*4126Szf162725 } 1580*4126Szf162725 1581*4126Szf162725 /* Decrypt RSN EAPOL-Key key data (RC4 or AES-WRAP) */ 1582*4126Szf162725 static int 1583*4126Szf162725 wpa_supplicant_decrypt_key_data(struct wpa_supplicant *wpa_s, 1584*4126Szf162725 struct wpa_eapol_key *key, int ver) 1585*4126Szf162725 { 1586*4126Szf162725 int keydatalen = BE_16(key->key_data_length); 1587*4126Szf162725 1588*4126Szf162725 wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", 1589*4126Szf162725 (uint8_t *)(key + 1), keydatalen); 1590*4126Szf162725 if (!wpa_s->ptk_set) { 1591*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: PTK not available, " 1592*4126Szf162725 "cannot decrypt EAPOL-Key key data."); 1593*4126Szf162725 return (-1); 1594*4126Szf162725 } 1595*4126Szf162725 1596*4126Szf162725 /* 1597*4126Szf162725 * Decrypt key data here so that this operation does not need 1598*4126Szf162725 * to be implemented separately for each message type. 1599*4126Szf162725 */ 1600*4126Szf162725 if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { 1601*4126Szf162725 uint8_t ek[32]; 1602*4126Szf162725 (void) memcpy(ek, key->key_iv, 16); 1603*4126Szf162725 (void) memcpy(ek + 16, wpa_s->ptk.encr_key, 16); 1604*4126Szf162725 rc4_skip(ek, 32, 256, (uint8_t *)(key + 1), keydatalen); 1605*4126Szf162725 } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1606*4126Szf162725 uint8_t *buf; 1607*4126Szf162725 if (keydatalen % 8) { 1608*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Unsupported " 1609*4126Szf162725 "AES-WRAP len %d", keydatalen); 1610*4126Szf162725 return (-1); 1611*4126Szf162725 } 1612*4126Szf162725 keydatalen -= 8; /* AES-WRAP adds 8 bytes */ 1613*4126Szf162725 buf = malloc(keydatalen); 1614*4126Szf162725 if (buf == NULL) { 1615*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: No memory for " 1616*4126Szf162725 "AES-UNWRAP buffer"); 1617*4126Szf162725 return (-1); 1618*4126Szf162725 } 1619*4126Szf162725 if (aes_unwrap(wpa_s->ptk.encr_key, keydatalen / 8, 1620*4126Szf162725 (uint8_t *)(key + 1), buf)) { 1621*4126Szf162725 free(buf); 1622*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: AES unwrap failed - " 1623*4126Szf162725 "could not decrypt EAPOL-Key key data"); 1624*4126Szf162725 return (-1); 1625*4126Szf162725 } 1626*4126Szf162725 (void) memcpy(key + 1, buf, keydatalen); 1627*4126Szf162725 free(buf); 1628*4126Szf162725 key->key_data_length = BE_16(keydatalen); 1629*4126Szf162725 } 1630*4126Szf162725 wpa_hexdump(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", 1631*4126Szf162725 (uint8_t *)(key + 1), keydatalen); 1632*4126Szf162725 1633*4126Szf162725 return (0); 1634*4126Szf162725 } 1635*4126Szf162725 1636*4126Szf162725 static void 1637*4126Szf162725 wpa_sm_rx_eapol(struct wpa_supplicant *wpa_s, 1638*4126Szf162725 unsigned char *src_addr, unsigned char *buf, size_t len) 1639*4126Szf162725 { 1640*4126Szf162725 size_t plen, data_len, extra_len; 1641*4126Szf162725 struct ieee802_1x_hdr *hdr; 1642*4126Szf162725 struct wpa_eapol_key *key; 1643*4126Szf162725 int key_info, ver; 1644*4126Szf162725 1645*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame len %u\n ", len); 1646*4126Szf162725 1647*4126Szf162725 hdr = (struct ieee802_1x_hdr *)buf; 1648*4126Szf162725 key = (struct wpa_eapol_key *)(hdr + 1); 1649*4126Szf162725 wpa_printf(MSG_DEBUG, "hdr_len=%u, key_len=%u", 1650*4126Szf162725 sizeof (*hdr), sizeof (*key)); 1651*4126Szf162725 if (len < sizeof (*hdr) + sizeof (*key)) { 1652*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short, len %u, " 1653*4126Szf162725 "expecting at least %u", 1654*4126Szf162725 len, sizeof (*hdr) + sizeof (*key)); 1655*4126Szf162725 return; 1656*4126Szf162725 } 1657*4126Szf162725 plen = ntohs(hdr->length); 1658*4126Szf162725 data_len = plen + sizeof (*hdr); 1659*4126Szf162725 wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d", 1660*4126Szf162725 hdr->version, hdr->type, plen); 1661*4126Szf162725 1662*4126Szf162725 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 1663*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, " 1664*4126Szf162725 "not a Key frame", hdr->type); 1665*4126Szf162725 return; 1666*4126Szf162725 } 1667*4126Szf162725 if (plen > len - sizeof (*hdr) || plen < sizeof (*key)) { 1668*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %u " 1669*4126Szf162725 "invalid (frame size %u)", plen, len); 1670*4126Szf162725 return; 1671*4126Szf162725 } 1672*4126Szf162725 1673*4126Szf162725 wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type); 1674*4126Szf162725 if (key->type != EAPOL_KEY_TYPE_WPA && key->type != 1675*4126Szf162725 EAPOL_KEY_TYPE_RSN) { 1676*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, " 1677*4126Szf162725 "discarded", key->type); 1678*4126Szf162725 return; 1679*4126Szf162725 } 1680*4126Szf162725 1681*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", buf, len); 1682*4126Szf162725 if (data_len < len) { 1683*4126Szf162725 wpa_printf(MSG_DEBUG, "WPA: ignoring %d bytes after the IEEE " 1684*4126Szf162725 "802.1X data", len - data_len); 1685*4126Szf162725 } 1686*4126Szf162725 key_info = BE_16(key->key_info); 1687*4126Szf162725 ver = key_info & WPA_KEY_INFO_TYPE_MASK; 1688*4126Szf162725 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && 1689*4126Szf162725 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1690*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor " 1691*4126Szf162725 "version %d.", ver); 1692*4126Szf162725 return; 1693*4126Szf162725 } 1694*4126Szf162725 1695*4126Szf162725 if (wpa_s->pairwise_cipher == WPA_CIPHER_CCMP && 1696*4126Szf162725 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { 1697*4126Szf162725 wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key " 1698*4126Szf162725 "descriptor version (%d) is not 2.", ver); 1699*4126Szf162725 if (wpa_s->group_cipher != WPA_CIPHER_CCMP && 1700*4126Szf162725 !(key_info & WPA_KEY_INFO_KEY_TYPE)) { 1701*4126Szf162725 /* 1702*4126Szf162725 * Earlier versions of IEEE 802.11i did not explicitly 1703*4126Szf162725 * require version 2 descriptor for all EAPOL-Key 1704*4126Szf162725 * packets, so allow group keys to use version 1 if 1705*4126Szf162725 * CCMP is not used for them. 1706*4126Szf162725 */ 1707*4126Szf162725 wpa_printf(MSG_INFO, "WPA: Backwards compatibility: " 1708*4126Szf162725 "allow invalid version for non-CCMP group keys"); 1709*4126Szf162725 } else 1710*4126Szf162725 return; 1711*4126Szf162725 } 1712*4126Szf162725 1713*4126Szf162725 if (wpa_s->rx_replay_counter_set && 1714*4126Szf162725 memcmp(key->replay_counter, wpa_s->rx_replay_counter, 1715*4126Szf162725 WPA_REPLAY_COUNTER_LEN) <= 0) { 1716*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key Replay Counter did not" 1717*4126Szf162725 " increase - dropping packet"); 1718*4126Szf162725 return; 1719*4126Szf162725 } 1720*4126Szf162725 1721*4126Szf162725 if (!(key_info & WPA_KEY_INFO_ACK)) { 1722*4126Szf162725 wpa_printf(MSG_INFO, "WPA: No Ack bit in key_info"); 1723*4126Szf162725 return; 1724*4126Szf162725 } 1725*4126Szf162725 1726*4126Szf162725 if (key_info & WPA_KEY_INFO_REQUEST) { 1727*4126Szf162725 wpa_printf(MSG_INFO, "WPA: EAPOL-Key with Request bit - " 1728*4126Szf162725 "dropped"); 1729*4126Szf162725 return; 1730*4126Szf162725 } 1731*4126Szf162725 1732*4126Szf162725 if ((key_info & WPA_KEY_INFO_MIC) && 1733*4126Szf162725 wpa_supplicant_verify_eapol_key_mic(wpa_s, key, ver, buf, 1734*4126Szf162725 data_len)) 1735*4126Szf162725 return; 1736*4126Szf162725 1737*4126Szf162725 extra_len = data_len - sizeof (*hdr) - sizeof (*key); 1738*4126Szf162725 1739*4126Szf162725 if (wpa_s->proto == WPA_PROTO_RSN && 1740*4126Szf162725 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && 1741*4126Szf162725 wpa_supplicant_decrypt_key_data(wpa_s, key, ver)) 1742*4126Szf162725 return; 1743*4126Szf162725 1744*4126Szf162725 if (key_info & WPA_KEY_INFO_KEY_TYPE) { 1745*4126Szf162725 if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { 1746*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: Ignored EAPOL-Key " 1747*4126Szf162725 "(Pairwise) with non-zero key index"); 1748*4126Szf162725 return; 1749*4126Szf162725 } 1750*4126Szf162725 if (key_info & WPA_KEY_INFO_MIC) { 1751*4126Szf162725 /* 3/4 4-Way Handshake */ 1752*4126Szf162725 wpa_supplicant_process_3_of_4(wpa_s, src_addr, key, 1753*4126Szf162725 extra_len, ver); 1754*4126Szf162725 } else { 1755*4126Szf162725 /* 1/4 4-Way Handshake */ 1756*4126Szf162725 wpa_supplicant_process_1_of_4(wpa_s, src_addr, key, 1757*4126Szf162725 ver); 1758*4126Szf162725 } 1759*4126Szf162725 } else { 1760*4126Szf162725 if (key_info & WPA_KEY_INFO_MIC) { 1761*4126Szf162725 /* 1/2 Group Key Handshake */ 1762*4126Szf162725 wpa_supplicant_process_1_of_2(wpa_s, src_addr, key, 1763*4126Szf162725 extra_len, ver); 1764*4126Szf162725 } else { 1765*4126Szf162725 wpa_printf(MSG_WARNING, "WPA: EAPOL-Key (Group) " 1766*4126Szf162725 "without Mic bit - dropped"); 1767*4126Szf162725 } 1768*4126Szf162725 } 1769*4126Szf162725 } 1770*4126Szf162725 1771*4126Szf162725 void 1772*4126Szf162725 wpa_supplicant_rx_eapol(void *ctx, unsigned char *src_addr, 1773*4126Szf162725 unsigned char *buf, size_t len) 1774*4126Szf162725 { 1775*4126Szf162725 struct wpa_supplicant *wpa_s = ctx; 1776*4126Szf162725 1777*4126Szf162725 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr)); 1778*4126Szf162725 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len); 1779*4126Szf162725 1780*4126Szf162725 if (wpa_s->eapol_received == 0) { 1781*4126Szf162725 /* Timeout for completing IEEE 802.1X and WPA authentication */ 1782*4126Szf162725 wpa_supplicant_req_auth_timeout( 1783*4126Szf162725 wpa_s, wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ? 1784*4126Szf162725 70 : 10, 0); 1785*4126Szf162725 } 1786*4126Szf162725 wpa_s->eapol_received++; 1787*4126Szf162725 1788*4126Szf162725 /* 1789*4126Szf162725 * Source address of the incoming EAPOL frame could be compared to the 1790*4126Szf162725 * current BSSID. However, it is possible that a centralized 1791*4126Szf162725 * Authenticator could be using another MAC address than the BSSID of 1792*4126Szf162725 * an AP, so just allow any address to be used for now. The replies are 1793*4126Szf162725 * still sent to the current BSSID (if available), though. 1794*4126Szf162725 */ 1795*4126Szf162725 wpa_sm_rx_eapol(wpa_s, src_addr, buf, len); 1796*4126Szf162725 } 1797