Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 9839ecd75c832023d4d13fd2917a8c28261ff668 / . / src / common / wpa_common.c
blob: a87210efbf577c7f973f2460da0380690d79fc9b [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * WPA/RSN - Shared functions for supplicant and authenticator
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]3 * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "includes.h"
10
11#include "common.h"
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]12#include "utils/crc32.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]13#include "crypto/md5.h"
14#include "crypto/sha1.h"
15#include "crypto/sha256.h"
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]16#include "crypto/sha384.h"
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]17#include "crypto/aes_wrap.h"
18#include "crypto/crypto.h"
19#include "ieee802_11_defs.h"
20#include "defs.h"
21#include "wpa_common.h"
22
23
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]24static unsigned int wpa_kck_len(int akmp)
25{
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]26 switch (akmp) {
27 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]28 return 24;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]29 case WPA_KEY_MGMT_FILS_SHA256:
30 case WPA_KEY_MGMT_FT_FILS_SHA256:
31 case WPA_KEY_MGMT_FILS_SHA384:
32 case WPA_KEY_MGMT_FT_FILS_SHA384:
33 return 0;
34 default:
35 return 16;
36 }
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]37}
38
39
40static unsigned int wpa_kek_len(int akmp)
41{
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]42 switch (akmp) {
43 case WPA_KEY_MGMT_FILS_SHA384:
44 case WPA_KEY_MGMT_FT_FILS_SHA384:
45 return 64;
46 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
47 case WPA_KEY_MGMT_FILS_SHA256:
48 case WPA_KEY_MGMT_FT_FILS_SHA256:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]49 return 32;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]50 default:
51 return 16;
52 }
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]53}
54
55
56unsigned int wpa_mic_len(int akmp)
57{
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]58 switch (akmp) {
59 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]60 return 24;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]61 case WPA_KEY_MGMT_FILS_SHA256:
62 case WPA_KEY_MGMT_FILS_SHA384:
63 case WPA_KEY_MGMT_FT_FILS_SHA256:
64 case WPA_KEY_MGMT_FT_FILS_SHA384:
65 return 0;
66 default:
67 return 16;
68 }
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]69}
70
71
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]72/**
73 * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
74 * @key: EAPOL-Key Key Confirmation Key (KCK)
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]75 * @key_len: KCK length in octets
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]76 * @akmp: WPA_KEY_MGMT_* used in key derivation
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]77 * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
78 * @buf: Pointer to the beginning of the EAPOL header (version field)
79 * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
80 * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
81 * Returns: 0 on success, -1 on failure
82 *
83 * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
84 * to be cleared (all zeroes) when calling this function.
85 *
86 * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
87 * description of the Key MIC calculation. It includes packet data from the
88 * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
89 * happened during final editing of the standard and the correct behavior is
90 * defined in the last draft (IEEE 802.11i/D10).
91 */
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]92int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver,
93 const u8 *buf, size_t len, u8 *mic)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]94{
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]95 u8 hash[SHA384_MAC_LEN];
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]96
97 switch (ver) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]98#ifndef CONFIG_FIPS
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]99 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]100 return hmac_md5(key, key_len, buf, len, mic);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]101#endif /* CONFIG_FIPS */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]102 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]103 if (hmac_sha1(key, key_len, buf, len, hash))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]104 return -1;
105 os_memcpy(mic, hash, MD5_MAC_LEN);
106 break;
107#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
108 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
109 return omac1_aes_128(key, buf, len, mic);
110#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]111 case WPA_KEY_INFO_TYPE_AKM_DEFINED:
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]112 switch (akmp) {
113#ifdef CONFIG_HS20
114 case WPA_KEY_MGMT_OSEN:
115 return omac1_aes_128(key, buf, len, mic);
Dmitry Shmidtf21452a2014-02-26 10:55:25 -0800[diff] [blame]116#endif /* CONFIG_HS20 */
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]117#ifdef CONFIG_SUITEB
118 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]119 if (hmac_sha256(key, key_len, buf, len, hash))
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]120 return -1;
121 os_memcpy(mic, hash, MD5_MAC_LEN);
122 break;
123#endif /* CONFIG_SUITEB */
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]124#ifdef CONFIG_SUITEB192
125 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
126 if (hmac_sha384(key, key_len, buf, len, hash))
127 return -1;
128 os_memcpy(mic, hash, 24);
129 break;
130#endif /* CONFIG_SUITEB192 */
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]131 default:
132 return -1;
133 }
134 break;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]135 default:
136 return -1;
137 }
138
139 return 0;
140}
141
142
143/**
144 * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
145 * @pmk: Pairwise master key
146 * @pmk_len: Length of PMK
147 * @label: Label to use in derivation
148 * @addr1: AA or SA
149 * @addr2: SA or AA
150 * @nonce1: ANonce or SNonce
151 * @nonce2: SNonce or ANonce
152 * @ptk: Buffer for pairwise transient key
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]153 * @akmp: Negotiated AKM
154 * @cipher: Negotiated pairwise cipher
155 * Returns: 0 on success, -1 on failure
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]156 *
157 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
158 * PTK = PRF-X(PMK, "Pairwise key expansion",
159 * Min(AA, SA) || Max(AA, SA) ||
160 * Min(ANonce, SNonce) || Max(ANonce, SNonce))
161 *
162 * STK = PRF-X(SMK, "Peer key expansion",
163 * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
164 * Min(INonce, PNonce) || Max(INonce, PNonce))
165 */
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]166int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
167 const u8 *addr1, const u8 *addr2,
168 const u8 *nonce1, const u8 *nonce2,
169 struct wpa_ptk *ptk, int akmp, int cipher)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]170{
171 u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]172 u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
173 size_t ptk_len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]174
175 if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
176 os_memcpy(data, addr1, ETH_ALEN);
177 os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
178 } else {
179 os_memcpy(data, addr2, ETH_ALEN);
180 os_memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
181 }
182
183 if (os_memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
184 os_memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
185 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
186 WPA_NONCE_LEN);
187 } else {
188 os_memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
189 os_memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
190 WPA_NONCE_LEN);
191 }
192
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]193 ptk->kck_len = wpa_kck_len(akmp);
194 ptk->kek_len = wpa_kek_len(akmp);
195 ptk->tk_len = wpa_cipher_key_len(cipher);
196 ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
197
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]198#ifdef CONFIG_SUITEB192
199 if (wpa_key_mgmt_sha384(akmp))
200 sha384_prf(pmk, pmk_len, label, data, sizeof(data),
201 tmp, ptk_len);
202 else
203#endif /* CONFIG_SUITEB192 */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]204#ifdef CONFIG_IEEE80211W
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]205 if (wpa_key_mgmt_sha256(akmp))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]206 sha256_prf(pmk, pmk_len, label, data, sizeof(data),
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]207 tmp, ptk_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]208 else
209#endif /* CONFIG_IEEE80211W */
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]210 sha1_prf(pmk, pmk_len, label, data, sizeof(data), tmp, ptk_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]211
212 wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR,
213 MAC2STR(addr1), MAC2STR(addr2));
214 wpa_hexdump(MSG_DEBUG, "WPA: Nonce1", nonce1, WPA_NONCE_LEN);
215 wpa_hexdump(MSG_DEBUG, "WPA: Nonce2", nonce2, WPA_NONCE_LEN);
216 wpa_hexdump_key(MSG_DEBUG, "WPA: PMK", pmk, pmk_len);
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]217 wpa_hexdump_key(MSG_DEBUG, "WPA: PTK", tmp, ptk_len);
218
219 os_memcpy(ptk->kck, tmp, ptk->kck_len);
220 wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", ptk->kck, ptk->kck_len);
221
222 os_memcpy(ptk->kek, tmp + ptk->kck_len, ptk->kek_len);
223 wpa_hexdump_key(MSG_DEBUG, "WPA: KEK", ptk->kek, ptk->kek_len);
224
225 os_memcpy(ptk->tk, tmp + ptk->kck_len + ptk->kek_len, ptk->tk_len);
226 wpa_hexdump_key(MSG_DEBUG, "WPA: TK", ptk->tk, ptk->tk_len);
227
228 os_memset(tmp, 0, sizeof(tmp));
229 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]230}
231
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]232#ifdef CONFIG_FILS
233
234int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa,
235 const u8 *snonce, const u8 *anonce, struct wpa_ptk *ptk,
236 u8 *ick, size_t *ick_len, int akmp, int cipher)
237{
238 u8 data[2 * ETH_ALEN + 2 * FILS_NONCE_LEN];
239 u8 tmp[FILS_ICK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
240 size_t key_data_len;
241 const char *label = "FILS PTK Derivation";
242
243 /*
244 * FILS-Key-Data = PRF-X(PMK, "FILS PTK Derivation",
245 * SPA || AA || SNonce || ANonce)
246 * ICK = L(FILS-Key-Data, 0, ICK_bits)
247 * KEK = L(FILS-Key-Data, ICK_bits, KEK_bits)
248 * TK = L(FILS-Key-Data, ICK_bits + KEK_bits, TK_bits)
249 * If doing FT initial mobility domain association:
250 * FILS-FT = L(FILS-Key-Data, ICK_bits + KEK_bits + TK_bits,
251 * FILS-FT_bits)
252 */
253 os_memcpy(data, spa, ETH_ALEN);
254 os_memcpy(data + ETH_ALEN, aa, ETH_ALEN);
255 os_memcpy(data + 2 * ETH_ALEN, snonce, FILS_NONCE_LEN);
256 os_memcpy(data + 2 * ETH_ALEN + FILS_NONCE_LEN, anonce, FILS_NONCE_LEN);
257
258 ptk->kck_len = 0;
259 ptk->kek_len = wpa_kek_len(akmp);
260 ptk->tk_len = wpa_cipher_key_len(cipher);
261 if (wpa_key_mgmt_sha384(akmp))
262 *ick_len = 48;
263 else if (wpa_key_mgmt_sha256(akmp))
264 *ick_len = 32;
265 else
266 return -1;
267 key_data_len = *ick_len + ptk->kek_len + ptk->tk_len;
268
269 if (wpa_key_mgmt_sha384(akmp))
270 sha384_prf(pmk, pmk_len, label, data, sizeof(data),
271 tmp, key_data_len);
272 else if (sha256_prf(pmk, pmk_len, label, data, sizeof(data),
273 tmp, key_data_len) < 0)
274 return -1;
275
276 wpa_printf(MSG_DEBUG, "FILS: PTK derivation - SPA=" MACSTR
277 " AA=" MACSTR, MAC2STR(spa), MAC2STR(aa));
278 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", snonce, FILS_NONCE_LEN);
279 wpa_hexdump(MSG_DEBUG, "FILS: ANonce", anonce, FILS_NONCE_LEN);
280 wpa_hexdump_key(MSG_DEBUG, "FILS: PMK", pmk, pmk_len);
281 wpa_hexdump_key(MSG_DEBUG, "FILS: FILS-Key-Data", tmp, key_data_len);
282
283 os_memcpy(ick, tmp, *ick_len);
284 wpa_hexdump_key(MSG_DEBUG, "FILS: ICK", ick, *ick_len);
285
286 os_memcpy(ptk->kek, tmp + *ick_len, ptk->kek_len);
287 wpa_hexdump_key(MSG_DEBUG, "FILS: KEK", ptk->kek, ptk->kek_len);
288
289 os_memcpy(ptk->tk, tmp + *ick_len + ptk->kek_len, ptk->tk_len);
290 wpa_hexdump_key(MSG_DEBUG, "FILS: TK", ptk->tk, ptk->tk_len);
291
292 /* TODO: FILS-FT */
293
294 os_memset(tmp, 0, sizeof(tmp));
295 return 0;
296}
297
298
299int fils_key_auth_sk(const u8 *ick, size_t ick_len, const u8 *snonce,
300 const u8 *anonce, const u8 *sta_addr, const u8 *bssid,
301 const u8 *g_sta, size_t g_sta_len,
302 const u8 *g_ap, size_t g_ap_len,
303 int akmp, u8 *key_auth_sta, u8 *key_auth_ap,
304 size_t *key_auth_len)
305{
306 const u8 *addr[6];
307 size_t len[6];
308 size_t num_elem = 4;
309 int res;
310
311 /*
312 * For (Re)Association Request frame (STA->AP):
313 * Key-Auth = HMAC-Hash(ICK, SNonce || ANonce || STA-MAC || AP-BSSID
314 * [ || gSTA || gAP ])
315 */
316 addr[0] = snonce;
317 len[0] = FILS_NONCE_LEN;
318 addr[1] = anonce;
319 len[1] = FILS_NONCE_LEN;
320 addr[2] = sta_addr;
321 len[2] = ETH_ALEN;
322 addr[3] = bssid;
323 len[3] = ETH_ALEN;
324 if (g_sta && g_ap_len && g_ap && g_ap_len) {
325 addr[4] = g_sta;
326 len[4] = g_sta_len;
327 addr[5] = g_ap;
328 len[5] = g_ap_len;
329 num_elem = 6;
330 }
331
332 if (wpa_key_mgmt_sha384(akmp)) {
333 *key_auth_len = 48;
334 res = hmac_sha384_vector(ick, ick_len, num_elem, addr, len,
335 key_auth_sta);
336 } else if (wpa_key_mgmt_sha256(akmp)) {
337 *key_auth_len = 32;
338 res = hmac_sha256_vector(ick, ick_len, num_elem, addr, len,
339 key_auth_sta);
340 } else {
341 return -1;
342 }
343 if (res < 0)
344 return res;
345
346 /*
347 * For (Re)Association Response frame (AP->STA):
348 * Key-Auth = HMAC-Hash(ICK, ANonce || SNonce || AP-BSSID || STA-MAC
349 * [ || gAP || gSTA ])
350 */
351 addr[0] = anonce;
352 addr[1] = snonce;
353 addr[2] = bssid;
354 addr[3] = sta_addr;
355 if (g_sta && g_ap_len && g_ap && g_ap_len) {
356 addr[4] = g_ap;
357 len[4] = g_ap_len;
358 addr[5] = g_sta;
359 len[5] = g_sta_len;
360 }
361
362 if (wpa_key_mgmt_sha384(akmp))
363 res = hmac_sha384_vector(ick, ick_len, num_elem, addr, len,
364 key_auth_ap);
365 else if (wpa_key_mgmt_sha256(akmp))
366 res = hmac_sha256_vector(ick, ick_len, num_elem, addr, len,
367 key_auth_ap);
368 if (res < 0)
369 return res;
370
371 wpa_hexdump(MSG_DEBUG, "FILS: Key-Auth (STA)",
372 key_auth_sta, *key_auth_len);
373 wpa_hexdump(MSG_DEBUG, "FILS: Key-Auth (AP)",
374 key_auth_ap, *key_auth_len);
375
376 return 0;
377}
378
379#endif /* CONFIG_FILS */
380
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]381
382#ifdef CONFIG_IEEE80211R
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]383int wpa_ft_mic(const u8 *kck, size_t kck_len, const u8 *sta_addr,
384 const u8 *ap_addr, u8 transaction_seqnum,
385 const u8 *mdie, size_t mdie_len,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]386 const u8 *ftie, size_t ftie_len,
387 const u8 *rsnie, size_t rsnie_len,
388 const u8 *ric, size_t ric_len, u8 *mic)
389{
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]390 const u8 *addr[9];
391 size_t len[9];
392 size_t i, num_elem = 0;
393 u8 zero_mic[16];
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]394
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]395 if (kck_len != 16) {
396 wpa_printf(MSG_WARNING, "FT: Unsupported KCK length %u",
397 (unsigned int) kck_len);
398 return -1;
399 }
400
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]401 addr[num_elem] = sta_addr;
402 len[num_elem] = ETH_ALEN;
403 num_elem++;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]404
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]405 addr[num_elem] = ap_addr;
406 len[num_elem] = ETH_ALEN;
407 num_elem++;
408
409 addr[num_elem] = &transaction_seqnum;
410 len[num_elem] = 1;
411 num_elem++;
412
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]413 if (rsnie) {
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]414 addr[num_elem] = rsnie;
415 len[num_elem] = rsnie_len;
416 num_elem++;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]417 }
418 if (mdie) {
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]419 addr[num_elem] = mdie;
420 len[num_elem] = mdie_len;
421 num_elem++;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]422 }
423 if (ftie) {
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]424 if (ftie_len < 2 + sizeof(struct rsn_ftie))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]425 return -1;
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]426
427 /* IE hdr and mic_control */
428 addr[num_elem] = ftie;
429 len[num_elem] = 2 + 2;
430 num_elem++;
431
432 /* MIC field with all zeros */
433 os_memset(zero_mic, 0, sizeof(zero_mic));
434 addr[num_elem] = zero_mic;
435 len[num_elem] = sizeof(zero_mic);
436 num_elem++;
437
438 /* Rest of FTIE */
439 addr[num_elem] = ftie + 2 + 2 + 16;
440 len[num_elem] = ftie_len - (2 + 2 + 16);
441 num_elem++;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]442 }
443 if (ric) {
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]444 addr[num_elem] = ric;
445 len[num_elem] = ric_len;
446 num_elem++;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]447 }
448
Dmitry Shmidtf73259c2015-03-17 11:00:54 -0700[diff] [blame]449 for (i = 0; i < num_elem; i++)
450 wpa_hexdump(MSG_MSGDUMP, "FT: MIC data", addr[i], len[i]);
451 if (omac1_aes_128_vector(kck, num_elem, addr, len, mic))
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]452 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]453
454 return 0;
455}
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]456
457
458static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len,
459 struct wpa_ft_ies *parse)
460{
461 const u8 *end, *pos;
462
463 parse->ftie = ie;
464 parse->ftie_len = ie_len;
465
466 pos = ie + sizeof(struct rsn_ftie);
467 end = ie + ie_len;
468
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]469 while (end - pos >= 2) {
470 u8 id, len;
471
472 id = *pos++;
473 len = *pos++;
474 if (len > end - pos)
475 break;
476
477 switch (id) {
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]478 case FTIE_SUBELEM_R1KH_ID:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]479 if (len != FT_R1KH_ID_LEN) {
480 wpa_printf(MSG_DEBUG,
481 "FT: Invalid R1KH-ID length in FTIE: %d",
482 len);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]483 return -1;
484 }
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]485 parse->r1kh_id = pos;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]486 break;
487 case FTIE_SUBELEM_GTK:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]488 parse->gtk = pos;
489 parse->gtk_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]490 break;
491 case FTIE_SUBELEM_R0KH_ID:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]492 if (len < 1 || len > FT_R0KH_ID_MAX_LEN) {
493 wpa_printf(MSG_DEBUG,
494 "FT: Invalid R0KH-ID length in FTIE: %d",
495 len);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]496 return -1;
497 }
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]498 parse->r0kh_id = pos;
499 parse->r0kh_id_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]500 break;
501#ifdef CONFIG_IEEE80211W
502 case FTIE_SUBELEM_IGTK:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]503 parse->igtk = pos;
504 parse->igtk_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]505 break;
506#endif /* CONFIG_IEEE80211W */
507 }
508
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]509 pos += len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]510 }
511
512 return 0;
513}
514
515
516int wpa_ft_parse_ies(const u8 *ies, size_t ies_len,
517 struct wpa_ft_ies *parse)
518{
519 const u8 *end, *pos;
520 struct wpa_ie_data data;
521 int ret;
522 const struct rsn_ftie *ftie;
523 int prot_ie_count = 0;
524
525 os_memset(parse, 0, sizeof(*parse));
526 if (ies == NULL)
527 return 0;
528
529 pos = ies;
530 end = ies + ies_len;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]531 while (end - pos >= 2) {
532 u8 id, len;
533
534 id = *pos++;
535 len = *pos++;
536 if (len > end - pos)
537 break;
538
539 switch (id) {
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]540 case WLAN_EID_RSN:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]541 parse->rsn = pos;
542 parse->rsn_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]543 ret = wpa_parse_wpa_ie_rsn(parse->rsn - 2,
544 parse->rsn_len + 2,
545 &data);
546 if (ret < 0) {
547 wpa_printf(MSG_DEBUG, "FT: Failed to parse "
548 "RSN IE: %d", ret);
549 return -1;
550 }
551 if (data.num_pmkid == 1 && data.pmkid)
552 parse->rsn_pmkid = data.pmkid;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]553 parse->key_mgmt = data.key_mgmt;
554 parse->pairwise_cipher = data.pairwise_cipher;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]555 break;
556 case WLAN_EID_MOBILITY_DOMAIN:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]557 if (len < sizeof(struct rsn_mdie))
Dmitry Shmidt9d9e6022015-04-23 10:34:55 -0700[diff] [blame]558 return -1;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]559 parse->mdie = pos;
560 parse->mdie_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]561 break;
562 case WLAN_EID_FAST_BSS_TRANSITION:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]563 if (len < sizeof(*ftie))
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]564 return -1;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]565 ftie = (const struct rsn_ftie *) pos;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]566 prot_ie_count = ftie->mic_control[1];
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]567 if (wpa_ft_parse_ftie(pos, len, parse) < 0)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]568 return -1;
569 break;
570 case WLAN_EID_TIMEOUT_INTERVAL:
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]571 if (len != 5)
Dmitry Shmidt9d9e6022015-04-23 10:34:55 -0700[diff] [blame]572 break;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]573 parse->tie = pos;
574 parse->tie_len = len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]575 break;
576 case WLAN_EID_RIC_DATA:
577 if (parse->ric == NULL)
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]578 parse->ric = pos - 2;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]579 break;
580 }
581
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]582 pos += len;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]583 }
584
585 if (prot_ie_count == 0)
586 return 0; /* no MIC */
587
588 /*
589 * Check that the protected IE count matches with IEs included in the
590 * frame.
591 */
592 if (parse->rsn)
593 prot_ie_count--;
594 if (parse->mdie)
595 prot_ie_count--;
596 if (parse->ftie)
597 prot_ie_count--;
598 if (prot_ie_count < 0) {
599 wpa_printf(MSG_DEBUG, "FT: Some required IEs not included in "
600 "the protected IE count");
601 return -1;
602 }
603
604 if (prot_ie_count == 0 && parse->ric) {
605 wpa_printf(MSG_DEBUG, "FT: RIC IE(s) in the frame, but not "
606 "included in protected IE count");
607 return -1;
608 }
609
610 /* Determine the end of the RIC IE(s) */
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]611 if (parse->ric) {
612 pos = parse->ric;
613 while (end - pos >= 2 && 2 + pos[1] <= end - pos &&
614 prot_ie_count) {
615 prot_ie_count--;
616 pos += 2 + pos[1];
617 }
618 parse->ric_len = pos - parse->ric;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]619 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]620 if (prot_ie_count) {
621 wpa_printf(MSG_DEBUG, "FT: %d protected IEs missing from "
622 "frame", (int) prot_ie_count);
623 return -1;
624 }
625
626 return 0;
627}
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]628#endif /* CONFIG_IEEE80211R */
629
630
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]631static int rsn_selector_to_bitfield(const u8 *s)
632{
633 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE)
634 return WPA_CIPHER_NONE;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]635 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP)
636 return WPA_CIPHER_TKIP;
637 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP)
638 return WPA_CIPHER_CCMP;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]639#ifdef CONFIG_IEEE80211W
640 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC)
641 return WPA_CIPHER_AES_128_CMAC;
642#endif /* CONFIG_IEEE80211W */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]643 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP)
644 return WPA_CIPHER_GCMP;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]645 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256)
646 return WPA_CIPHER_CCMP_256;
647 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256)
648 return WPA_CIPHER_GCMP_256;
649 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128)
650 return WPA_CIPHER_BIP_GMAC_128;
651 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256)
652 return WPA_CIPHER_BIP_GMAC_256;
653 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256)
654 return WPA_CIPHER_BIP_CMAC_256;
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]655 if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
656 return WPA_CIPHER_GTK_NOT_USED;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]657 return 0;
658}
659
660
661static int rsn_key_mgmt_to_bitfield(const u8 *s)
662{
663 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X)
664 return WPA_KEY_MGMT_IEEE8021X;
665 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X)
666 return WPA_KEY_MGMT_PSK;
667#ifdef CONFIG_IEEE80211R
668 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X)
669 return WPA_KEY_MGMT_FT_IEEE8021X;
670 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK)
671 return WPA_KEY_MGMT_FT_PSK;
672#endif /* CONFIG_IEEE80211R */
673#ifdef CONFIG_IEEE80211W
674 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
675 return WPA_KEY_MGMT_IEEE8021X_SHA256;
676 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
677 return WPA_KEY_MGMT_PSK_SHA256;
678#endif /* CONFIG_IEEE80211W */
Dmitry Shmidtd5e49232012-12-03 15:08:10 -0800[diff] [blame]679#ifdef CONFIG_SAE
680 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_SAE)
681 return WPA_KEY_MGMT_SAE;
682 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_SAE)
683 return WPA_KEY_MGMT_FT_SAE;
684#endif /* CONFIG_SAE */
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]685 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SUITE_B)
686 return WPA_KEY_MGMT_IEEE8021X_SUITE_B;
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]687 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192)
688 return WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]689 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FILS_SHA256)
690 return WPA_KEY_MGMT_FILS_SHA256;
691 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FILS_SHA384)
692 return WPA_KEY_MGMT_FILS_SHA384;
693 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_FILS_SHA256)
694 return WPA_KEY_MGMT_FT_FILS_SHA256;
695 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_FILS_SHA384)
696 return WPA_KEY_MGMT_FT_FILS_SHA384;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]697 if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_OSEN)
698 return WPA_KEY_MGMT_OSEN;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]699 return 0;
700}
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]701
702
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]703int wpa_cipher_valid_group(int cipher)
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]704{
705 return wpa_cipher_valid_pairwise(cipher) ||
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]706 cipher == WPA_CIPHER_GTK_NOT_USED;
707}
708
709
710#ifdef CONFIG_IEEE80211W
711int wpa_cipher_valid_mgmt_group(int cipher)
712{
713 return cipher == WPA_CIPHER_AES_128_CMAC ||
714 cipher == WPA_CIPHER_BIP_GMAC_128 ||
715 cipher == WPA_CIPHER_BIP_GMAC_256 ||
716 cipher == WPA_CIPHER_BIP_CMAC_256;
717}
718#endif /* CONFIG_IEEE80211W */
719
720
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]721/**
722 * wpa_parse_wpa_ie_rsn - Parse RSN IE
723 * @rsn_ie: Buffer containing RSN IE
724 * @rsn_ie_len: RSN IE buffer length (including IE number and length octets)
725 * @data: Pointer to structure that will be filled in with parsed data
726 * Returns: 0 on success, <0 on failure
727 */
728int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
729 struct wpa_ie_data *data)
730{
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]731 const u8 *pos;
732 int left;
733 int i, count;
734
735 os_memset(data, 0, sizeof(*data));
736 data->proto = WPA_PROTO_RSN;
737 data->pairwise_cipher = WPA_CIPHER_CCMP;
738 data->group_cipher = WPA_CIPHER_CCMP;
739 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
740 data->capabilities = 0;
741 data->pmkid = NULL;
742 data->num_pmkid = 0;
743#ifdef CONFIG_IEEE80211W
744 data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
745#else /* CONFIG_IEEE80211W */
746 data->mgmt_group_cipher = 0;
747#endif /* CONFIG_IEEE80211W */
748
749 if (rsn_ie_len == 0) {
750 /* No RSN IE - fail silently */
751 return -1;
752 }
753
754 if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
755 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
756 __func__, (unsigned long) rsn_ie_len);
757 return -1;
758 }
759
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]760 if (rsn_ie_len >= 6 && rsn_ie[1] >= 4 &&
761 rsn_ie[1] == rsn_ie_len - 2 &&
762 WPA_GET_BE32(&rsn_ie[2]) == OSEN_IE_VENDOR_TYPE) {
763 pos = rsn_ie + 6;
764 left = rsn_ie_len - 6;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]765
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]766 data->proto = WPA_PROTO_OSEN;
767 } else {
768 const struct rsn_ie_hdr *hdr;
769
770 hdr = (const struct rsn_ie_hdr *) rsn_ie;
771
772 if (hdr->elem_id != WLAN_EID_RSN ||
773 hdr->len != rsn_ie_len - 2 ||
774 WPA_GET_LE16(hdr->version) != RSN_VERSION) {
775 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
776 __func__);
777 return -2;
778 }
779
780 pos = (const u8 *) (hdr + 1);
781 left = rsn_ie_len - sizeof(*hdr);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]782 }
783
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]784 if (left >= RSN_SELECTOR_LEN) {
785 data->group_cipher = rsn_selector_to_bitfield(pos);
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]786 if (!wpa_cipher_valid_group(data->group_cipher)) {
Dmitry Shmidtb97e4282016-02-08 10:16:07 -0800[diff] [blame]787 wpa_printf(MSG_DEBUG,
788 "%s: invalid group cipher 0x%x (%08x)",
789 __func__, data->group_cipher,
790 WPA_GET_BE32(pos));
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]791 return -1;
792 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]793 pos += RSN_SELECTOR_LEN;
794 left -= RSN_SELECTOR_LEN;
795 } else if (left > 0) {
796 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
797 __func__, left);
798 return -3;
799 }
800
801 if (left >= 2) {
802 data->pairwise_cipher = 0;
803 count = WPA_GET_LE16(pos);
804 pos += 2;
805 left -= 2;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]806 if (count == 0 || count > left / RSN_SELECTOR_LEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]807 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
808 "count %u left %u", __func__, count, left);
809 return -4;
810 }
811 for (i = 0; i < count; i++) {
812 data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
813 pos += RSN_SELECTOR_LEN;
814 left -= RSN_SELECTOR_LEN;
815 }
816#ifdef CONFIG_IEEE80211W
817 if (data->pairwise_cipher & WPA_CIPHER_AES_128_CMAC) {
818 wpa_printf(MSG_DEBUG, "%s: AES-128-CMAC used as "
819 "pairwise cipher", __func__);
820 return -1;
821 }
822#endif /* CONFIG_IEEE80211W */
823 } else if (left == 1) {
824 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
825 __func__);
826 return -5;
827 }
828
829 if (left >= 2) {
830 data->key_mgmt = 0;
831 count = WPA_GET_LE16(pos);
832 pos += 2;
833 left -= 2;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]834 if (count == 0 || count > left / RSN_SELECTOR_LEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]835 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
836 "count %u left %u", __func__, count, left);
837 return -6;
838 }
839 for (i = 0; i < count; i++) {
840 data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
841 pos += RSN_SELECTOR_LEN;
842 left -= RSN_SELECTOR_LEN;
843 }
844 } else if (left == 1) {
845 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
846 __func__);
847 return -7;
848 }
849
850 if (left >= 2) {
851 data->capabilities = WPA_GET_LE16(pos);
852 pos += 2;
853 left -= 2;
854 }
855
856 if (left >= 2) {
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]857 u16 num_pmkid = WPA_GET_LE16(pos);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]858 pos += 2;
859 left -= 2;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]860 if (num_pmkid > (unsigned int) left / PMKID_LEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]861 wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]862 "(num_pmkid=%u left=%d)",
863 __func__, num_pmkid, left);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]864 data->num_pmkid = 0;
865 return -9;
866 } else {
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]867 data->num_pmkid = num_pmkid;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]868 data->pmkid = pos;
869 pos += data->num_pmkid * PMKID_LEN;
870 left -= data->num_pmkid * PMKID_LEN;
871 }
872 }
873
874#ifdef CONFIG_IEEE80211W
875 if (left >= 4) {
876 data->mgmt_group_cipher = rsn_selector_to_bitfield(pos);
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]877 if (!wpa_cipher_valid_mgmt_group(data->mgmt_group_cipher)) {
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]878 wpa_printf(MSG_DEBUG,
879 "%s: Unsupported management group cipher 0x%x (%08x)",
880 __func__, data->mgmt_group_cipher,
881 WPA_GET_BE32(pos));
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]882 return -10;
883 }
884 pos += RSN_SELECTOR_LEN;
885 left -= RSN_SELECTOR_LEN;
886 }
887#endif /* CONFIG_IEEE80211W */
888
889 if (left > 0) {
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]890 wpa_hexdump(MSG_DEBUG,
891 "wpa_parse_wpa_ie_rsn: ignore trailing bytes",
892 pos, left);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]893 }
894
895 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]896}
897
898
899static int wpa_selector_to_bitfield(const u8 *s)
900{
901 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
902 return WPA_CIPHER_NONE;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]903 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
904 return WPA_CIPHER_TKIP;
905 if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
906 return WPA_CIPHER_CCMP;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]907 return 0;
908}
909
910
911static int wpa_key_mgmt_to_bitfield(const u8 *s)
912{
913 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
914 return WPA_KEY_MGMT_IEEE8021X;
915 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
916 return WPA_KEY_MGMT_PSK;
917 if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
918 return WPA_KEY_MGMT_WPA_NONE;
919 return 0;
920}
921
922
923int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
924 struct wpa_ie_data *data)
925{
926 const struct wpa_ie_hdr *hdr;
927 const u8 *pos;
928 int left;
929 int i, count;
930
931 os_memset(data, 0, sizeof(*data));
932 data->proto = WPA_PROTO_WPA;
933 data->pairwise_cipher = WPA_CIPHER_TKIP;
934 data->group_cipher = WPA_CIPHER_TKIP;
935 data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
936 data->capabilities = 0;
937 data->pmkid = NULL;
938 data->num_pmkid = 0;
939 data->mgmt_group_cipher = 0;
940
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]941 if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
942 wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
943 __func__, (unsigned long) wpa_ie_len);
944 return -1;
945 }
946
947 hdr = (const struct wpa_ie_hdr *) wpa_ie;
948
949 if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
950 hdr->len != wpa_ie_len - 2 ||
951 RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
952 WPA_GET_LE16(hdr->version) != WPA_VERSION) {
953 wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
954 __func__);
955 return -2;
956 }
957
958 pos = (const u8 *) (hdr + 1);
959 left = wpa_ie_len - sizeof(*hdr);
960
961 if (left >= WPA_SELECTOR_LEN) {
962 data->group_cipher = wpa_selector_to_bitfield(pos);
963 pos += WPA_SELECTOR_LEN;
964 left -= WPA_SELECTOR_LEN;
965 } else if (left > 0) {
966 wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
967 __func__, left);
968 return -3;
969 }
970
971 if (left >= 2) {
972 data->pairwise_cipher = 0;
973 count = WPA_GET_LE16(pos);
974 pos += 2;
975 left -= 2;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]976 if (count == 0 || count > left / WPA_SELECTOR_LEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]977 wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
978 "count %u left %u", __func__, count, left);
979 return -4;
980 }
981 for (i = 0; i < count; i++) {
982 data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
983 pos += WPA_SELECTOR_LEN;
984 left -= WPA_SELECTOR_LEN;
985 }
986 } else if (left == 1) {
987 wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
988 __func__);
989 return -5;
990 }
991
992 if (left >= 2) {
993 data->key_mgmt = 0;
994 count = WPA_GET_LE16(pos);
995 pos += 2;
996 left -= 2;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]997 if (count == 0 || count > left / WPA_SELECTOR_LEN) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]998 wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
999 "count %u left %u", __func__, count, left);
1000 return -6;
1001 }
1002 for (i = 0; i < count; i++) {
1003 data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
1004 pos += WPA_SELECTOR_LEN;
1005 left -= WPA_SELECTOR_LEN;
1006 }
1007 } else if (left == 1) {
1008 wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
1009 __func__);
1010 return -7;
1011 }
1012
1013 if (left >= 2) {
1014 data->capabilities = WPA_GET_LE16(pos);
1015 pos += 2;
1016 left -= 2;
1017 }
1018
1019 if (left > 0) {
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1020 wpa_hexdump(MSG_DEBUG,
1021 "wpa_parse_wpa_ie_wpa: ignore trailing bytes",
1022 pos, left);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1023 }
1024
1025 return 0;
1026}
1027
1028
1029#ifdef CONFIG_IEEE80211R
1030
1031/**
1032 * wpa_derive_pmk_r0 - Derive PMK-R0 and PMKR0Name
1033 *
1034 * IEEE Std 802.11r-2008 - 8.5.1.5.3
1035 */
1036void wpa_derive_pmk_r0(const u8 *xxkey, size_t xxkey_len,
1037 const u8 *ssid, size_t ssid_len,
1038 const u8 *mdid, const u8 *r0kh_id, size_t r0kh_id_len,
1039 const u8 *s0kh_id, u8 *pmk_r0, u8 *pmk_r0_name)
1040{
Dmitry Shmidt9d9e6022015-04-23 10:34:55 -0700[diff] [blame]1041 u8 buf[1 + SSID_MAX_LEN + MOBILITY_DOMAIN_ID_LEN + 1 +
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1042 FT_R0KH_ID_MAX_LEN + ETH_ALEN];
1043 u8 *pos, r0_key_data[48], hash[32];
1044 const u8 *addr[2];
1045 size_t len[2];
1046
1047 /*
1048 * R0-Key-Data = KDF-384(XXKey, "FT-R0",
1049 * SSIDlength || SSID || MDID || R0KHlength ||
1050 * R0KH-ID || S0KH-ID)
1051 * XXKey is either the second 256 bits of MSK or PSK.
1052 * PMK-R0 = L(R0-Key-Data, 0, 256)
1053 * PMK-R0Name-Salt = L(R0-Key-Data, 256, 128)
1054 */
Dmitry Shmidt9d9e6022015-04-23 10:34:55 -0700[diff] [blame]1055 if (ssid_len > SSID_MAX_LEN || r0kh_id_len > FT_R0KH_ID_MAX_LEN)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1056 return;
1057 pos = buf;
1058 *pos++ = ssid_len;
1059 os_memcpy(pos, ssid, ssid_len);
1060 pos += ssid_len;
1061 os_memcpy(pos, mdid, MOBILITY_DOMAIN_ID_LEN);
1062 pos += MOBILITY_DOMAIN_ID_LEN;
1063 *pos++ = r0kh_id_len;
1064 os_memcpy(pos, r0kh_id, r0kh_id_len);
1065 pos += r0kh_id_len;
1066 os_memcpy(pos, s0kh_id, ETH_ALEN);
1067 pos += ETH_ALEN;
1068
1069 sha256_prf(xxkey, xxkey_len, "FT-R0", buf, pos - buf,
1070 r0_key_data, sizeof(r0_key_data));
1071 os_memcpy(pmk_r0, r0_key_data, PMK_LEN);
1072
1073 /*
1074 * PMKR0Name = Truncate-128(SHA-256("FT-R0N" || PMK-R0Name-Salt)
1075 */
1076 addr[0] = (const u8 *) "FT-R0N";
1077 len[0] = 6;
1078 addr[1] = r0_key_data + PMK_LEN;
1079 len[1] = 16;
1080
1081 sha256_vector(2, addr, len, hash);
1082 os_memcpy(pmk_r0_name, hash, WPA_PMK_NAME_LEN);
1083}
1084
1085
1086/**
1087 * wpa_derive_pmk_r1_name - Derive PMKR1Name
1088 *
1089 * IEEE Std 802.11r-2008 - 8.5.1.5.4
1090 */
1091void wpa_derive_pmk_r1_name(const u8 *pmk_r0_name, const u8 *r1kh_id,
1092 const u8 *s1kh_id, u8 *pmk_r1_name)
1093{
1094 u8 hash[32];
1095 const u8 *addr[4];
1096 size_t len[4];
1097
1098 /*
1099 * PMKR1Name = Truncate-128(SHA-256("FT-R1N" || PMKR0Name ||
1100 * R1KH-ID || S1KH-ID))
1101 */
1102 addr[0] = (const u8 *) "FT-R1N";
1103 len[0] = 6;
1104 addr[1] = pmk_r0_name;
1105 len[1] = WPA_PMK_NAME_LEN;
1106 addr[2] = r1kh_id;
1107 len[2] = FT_R1KH_ID_LEN;
1108 addr[3] = s1kh_id;
1109 len[3] = ETH_ALEN;
1110
1111 sha256_vector(4, addr, len, hash);
1112 os_memcpy(pmk_r1_name, hash, WPA_PMK_NAME_LEN);
1113}
1114
1115
1116/**
1117 * wpa_derive_pmk_r1 - Derive PMK-R1 and PMKR1Name from PMK-R0
1118 *
1119 * IEEE Std 802.11r-2008 - 8.5.1.5.4
1120 */
1121void wpa_derive_pmk_r1(const u8 *pmk_r0, const u8 *pmk_r0_name,
1122 const u8 *r1kh_id, const u8 *s1kh_id,
1123 u8 *pmk_r1, u8 *pmk_r1_name)
1124{
1125 u8 buf[FT_R1KH_ID_LEN + ETH_ALEN];
1126 u8 *pos;
1127
1128 /* PMK-R1 = KDF-256(PMK-R0, "FT-R1", R1KH-ID || S1KH-ID) */
1129 pos = buf;
1130 os_memcpy(pos, r1kh_id, FT_R1KH_ID_LEN);
1131 pos += FT_R1KH_ID_LEN;
1132 os_memcpy(pos, s1kh_id, ETH_ALEN);
1133 pos += ETH_ALEN;
1134
1135 sha256_prf(pmk_r0, PMK_LEN, "FT-R1", buf, pos - buf, pmk_r1, PMK_LEN);
1136
1137 wpa_derive_pmk_r1_name(pmk_r0_name, r1kh_id, s1kh_id, pmk_r1_name);
1138}
1139
1140
1141/**
1142 * wpa_pmk_r1_to_ptk - Derive PTK and PTKName from PMK-R1
1143 *
1144 * IEEE Std 802.11r-2008 - 8.5.1.5.5
1145 */
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1146int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, const u8 *snonce, const u8 *anonce,
1147 const u8 *sta_addr, const u8 *bssid,
1148 const u8 *pmk_r1_name,
1149 struct wpa_ptk *ptk, u8 *ptk_name, int akmp, int cipher)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1150{
1151 u8 buf[2 * WPA_NONCE_LEN + 2 * ETH_ALEN];
1152 u8 *pos, hash[32];
1153 const u8 *addr[6];
1154 size_t len[6];
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1155 u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
1156 size_t ptk_len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1157
1158 /*
1159 * PTK = KDF-PTKLen(PMK-R1, "FT-PTK", SNonce || ANonce ||
1160 * BSSID || STA-ADDR)
1161 */
1162 pos = buf;
1163 os_memcpy(pos, snonce, WPA_NONCE_LEN);
1164 pos += WPA_NONCE_LEN;
1165 os_memcpy(pos, anonce, WPA_NONCE_LEN);
1166 pos += WPA_NONCE_LEN;
1167 os_memcpy(pos, bssid, ETH_ALEN);
1168 pos += ETH_ALEN;
1169 os_memcpy(pos, sta_addr, ETH_ALEN);
1170 pos += ETH_ALEN;
1171
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1172 ptk->kck_len = wpa_kck_len(akmp);
1173 ptk->kek_len = wpa_kek_len(akmp);
1174 ptk->tk_len = wpa_cipher_key_len(cipher);
1175 ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
1176
1177 sha256_prf(pmk_r1, PMK_LEN, "FT-PTK", buf, pos - buf, tmp, ptk_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1178
1179 /*
1180 * PTKName = Truncate-128(SHA-256(PMKR1Name || "FT-PTKN" || SNonce ||
1181 * ANonce || BSSID || STA-ADDR))
1182 */
1183 addr[0] = pmk_r1_name;
1184 len[0] = WPA_PMK_NAME_LEN;
1185 addr[1] = (const u8 *) "FT-PTKN";
1186 len[1] = 7;
1187 addr[2] = snonce;
1188 len[2] = WPA_NONCE_LEN;
1189 addr[3] = anonce;
1190 len[3] = WPA_NONCE_LEN;
1191 addr[4] = bssid;
1192 len[4] = ETH_ALEN;
1193 addr[5] = sta_addr;
1194 len[5] = ETH_ALEN;
1195
1196 sha256_vector(6, addr, len, hash);
1197 os_memcpy(ptk_name, hash, WPA_PMK_NAME_LEN);
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1198
1199 os_memcpy(ptk->kck, tmp, ptk->kck_len);
1200 os_memcpy(ptk->kek, tmp + ptk->kck_len, ptk->kek_len);
1201 os_memcpy(ptk->tk, tmp + ptk->kck_len + ptk->kek_len, ptk->tk_len);
1202
1203 wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len);
1204 wpa_hexdump_key(MSG_DEBUG, "FT: KEK", ptk->kek, ptk->kek_len);
1205 wpa_hexdump_key(MSG_DEBUG, "FT: TK", ptk->tk, ptk->tk_len);
1206 wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
1207
1208 os_memset(tmp, 0, sizeof(tmp));
1209
1210 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1211}
1212
1213#endif /* CONFIG_IEEE80211R */
1214
1215
1216/**
1217 * rsn_pmkid - Calculate PMK identifier
1218 * @pmk: Pairwise master key
1219 * @pmk_len: Length of pmk in bytes
1220 * @aa: Authenticator address
1221 * @spa: Supplicant address
1222 * @pmkid: Buffer for PMKID
1223 * @use_sha256: Whether to use SHA256-based KDF
1224 *
1225 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
1226 * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
1227 */
1228void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
1229 u8 *pmkid, int use_sha256)
1230{
1231 char *title = "PMK Name";
1232 const u8 *addr[3];
1233 const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
1234 unsigned char hash[SHA256_MAC_LEN];
1235
1236 addr[0] = (u8 *) title;
1237 addr[1] = aa;
1238 addr[2] = spa;
1239
1240#ifdef CONFIG_IEEE80211W
1241 if (use_sha256)
1242 hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
1243 else
1244#endif /* CONFIG_IEEE80211W */
1245 hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
1246 os_memcpy(pmkid, hash, PMKID_LEN);
1247}
1248
1249
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1250#ifdef CONFIG_SUITEB
1251/**
1252 * rsn_pmkid_suite_b - Calculate PMK identifier for Suite B AKM
1253 * @kck: Key confirmation key
1254 * @kck_len: Length of kck in bytes
1255 * @aa: Authenticator address
1256 * @spa: Supplicant address
1257 * @pmkid: Buffer for PMKID
1258 * Returns: 0 on success, -1 on failure
1259 *
1260 * IEEE Std 802.11ac-2013 - 11.6.1.3 Pairwise key hierarchy
1261 * PMKID = Truncate(HMAC-SHA-256(KCK, "PMK Name" || AA || SPA))
1262 */
1263int rsn_pmkid_suite_b(const u8 *kck, size_t kck_len, const u8 *aa,
1264 const u8 *spa, u8 *pmkid)
1265{
1266 char *title = "PMK Name";
1267 const u8 *addr[3];
1268 const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
1269 unsigned char hash[SHA256_MAC_LEN];
1270
1271 addr[0] = (u8 *) title;
1272 addr[1] = aa;
1273 addr[2] = spa;
1274
1275 if (hmac_sha256_vector(kck, kck_len, 3, addr, len, hash) < 0)
1276 return -1;
1277 os_memcpy(pmkid, hash, PMKID_LEN);
1278 return 0;
1279}
1280#endif /* CONFIG_SUITEB */
1281
1282
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1283#ifdef CONFIG_SUITEB192
1284/**
1285 * rsn_pmkid_suite_b_192 - Calculate PMK identifier for Suite B AKM
1286 * @kck: Key confirmation key
1287 * @kck_len: Length of kck in bytes
1288 * @aa: Authenticator address
1289 * @spa: Supplicant address
1290 * @pmkid: Buffer for PMKID
1291 * Returns: 0 on success, -1 on failure
1292 *
1293 * IEEE Std 802.11ac-2013 - 11.6.1.3 Pairwise key hierarchy
1294 * PMKID = Truncate(HMAC-SHA-384(KCK, "PMK Name" || AA || SPA))
1295 */
1296int rsn_pmkid_suite_b_192(const u8 *kck, size_t kck_len, const u8 *aa,
1297 const u8 *spa, u8 *pmkid)
1298{
1299 char *title = "PMK Name";
1300 const u8 *addr[3];
1301 const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
1302 unsigned char hash[SHA384_MAC_LEN];
1303
1304 addr[0] = (u8 *) title;
1305 addr[1] = aa;
1306 addr[2] = spa;
1307
1308 if (hmac_sha384_vector(kck, kck_len, 3, addr, len, hash) < 0)
1309 return -1;
1310 os_memcpy(pmkid, hash, PMKID_LEN);
1311 return 0;
1312}
1313#endif /* CONFIG_SUITEB192 */
1314
1315
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1316/**
1317 * wpa_cipher_txt - Convert cipher suite to a text string
1318 * @cipher: Cipher suite (WPA_CIPHER_* enum)
1319 * Returns: Pointer to a text string of the cipher suite name
1320 */
1321const char * wpa_cipher_txt(int cipher)
1322{
1323 switch (cipher) {
1324 case WPA_CIPHER_NONE:
1325 return "NONE";
1326 case WPA_CIPHER_WEP40:
1327 return "WEP-40";
1328 case WPA_CIPHER_WEP104:
1329 return "WEP-104";
1330 case WPA_CIPHER_TKIP:
1331 return "TKIP";
1332 case WPA_CIPHER_CCMP:
1333 return "CCMP";
1334 case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP:
1335 return "CCMP+TKIP";
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]1336 case WPA_CIPHER_GCMP:
1337 return "GCMP";
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1338 case WPA_CIPHER_GCMP_256:
1339 return "GCMP-256";
1340 case WPA_CIPHER_CCMP_256:
1341 return "CCMP-256";
1342 case WPA_CIPHER_GTK_NOT_USED:
1343 return "GTK_NOT_USED";
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1344 default:
1345 return "UNKNOWN";
1346 }
1347}
1348
1349
1350/**
1351 * wpa_key_mgmt_txt - Convert key management suite to a text string
1352 * @key_mgmt: Key management suite (WPA_KEY_MGMT_* enum)
1353 * @proto: WPA/WPA2 version (WPA_PROTO_*)
1354 * Returns: Pointer to a text string of the key management suite name
1355 */
1356const char * wpa_key_mgmt_txt(int key_mgmt, int proto)
1357{
1358 switch (key_mgmt) {
1359 case WPA_KEY_MGMT_IEEE8021X:
1360 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
1361 return "WPA2+WPA/IEEE 802.1X/EAP";
1362 return proto == WPA_PROTO_RSN ?
1363 "WPA2/IEEE 802.1X/EAP" : "WPA/IEEE 802.1X/EAP";
1364 case WPA_KEY_MGMT_PSK:
1365 if (proto == (WPA_PROTO_RSN | WPA_PROTO_WPA))
1366 return "WPA2-PSK+WPA-PSK";
1367 return proto == WPA_PROTO_RSN ?
1368 "WPA2-PSK" : "WPA-PSK";
1369 case WPA_KEY_MGMT_NONE:
1370 return "NONE";
Dmitry Shmidt58d12ad2016-07-28 10:07:03 -0700[diff] [blame]1371 case WPA_KEY_MGMT_WPA_NONE:
1372 return "WPA-NONE";
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1373 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1374 return "IEEE 802.1X (no WPA)";
1375#ifdef CONFIG_IEEE80211R
1376 case WPA_KEY_MGMT_FT_IEEE8021X:
1377 return "FT-EAP";
1378 case WPA_KEY_MGMT_FT_PSK:
1379 return "FT-PSK";
1380#endif /* CONFIG_IEEE80211R */
1381#ifdef CONFIG_IEEE80211W
1382 case WPA_KEY_MGMT_IEEE8021X_SHA256:
1383 return "WPA2-EAP-SHA256";
1384 case WPA_KEY_MGMT_PSK_SHA256:
1385 return "WPA2-PSK-SHA256";
1386#endif /* CONFIG_IEEE80211W */
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1387 case WPA_KEY_MGMT_WPS:
1388 return "WPS";
1389 case WPA_KEY_MGMT_SAE:
1390 return "SAE";
1391 case WPA_KEY_MGMT_FT_SAE:
1392 return "FT-SAE";
1393 case WPA_KEY_MGMT_OSEN:
1394 return "OSEN";
1395 case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
1396 return "WPA2-EAP-SUITE-B";
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1397 case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
1398 return "WPA2-EAP-SUITE-B-192";
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]1399 case WPA_KEY_MGMT_FILS_SHA256:
1400 return "FILS-SHA256";
1401 case WPA_KEY_MGMT_FILS_SHA384:
1402 return "FILS-SHA384";
1403 case WPA_KEY_MGMT_FT_FILS_SHA256:
1404 return "FT-FILS-SHA256";
1405 case WPA_KEY_MGMT_FT_FILS_SHA384:
1406 return "FT-FILS-SHA384";
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1407 default:
1408 return "UNKNOWN";
1409 }
1410}
1411
1412
Dmitry Shmidt03658832014-08-13 11:03:49 -0700[diff] [blame]1413u32 wpa_akm_to_suite(int akm)
1414{
1415 if (akm & WPA_KEY_MGMT_FT_IEEE8021X)
1416 return WLAN_AKM_SUITE_FT_8021X;
1417 if (akm & WPA_KEY_MGMT_FT_PSK)
1418 return WLAN_AKM_SUITE_FT_PSK;
1419 if (akm & WPA_KEY_MGMT_IEEE8021X)
1420 return WLAN_AKM_SUITE_8021X;
1421 if (akm & WPA_KEY_MGMT_IEEE8021X_SHA256)
1422 return WLAN_AKM_SUITE_8021X_SHA256;
1423 if (akm & WPA_KEY_MGMT_IEEE8021X)
1424 return WLAN_AKM_SUITE_8021X;
1425 if (akm & WPA_KEY_MGMT_PSK_SHA256)
1426 return WLAN_AKM_SUITE_PSK_SHA256;
1427 if (akm & WPA_KEY_MGMT_PSK)
1428 return WLAN_AKM_SUITE_PSK;
1429 if (akm & WPA_KEY_MGMT_CCKM)
1430 return WLAN_AKM_SUITE_CCKM;
1431 if (akm & WPA_KEY_MGMT_OSEN)
1432 return WLAN_AKM_SUITE_OSEN;
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1433 if (akm & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
1434 return WLAN_AKM_SUITE_8021X_SUITE_B;
Dmitry Shmidt807291d2015-01-27 13:40:23 -0800[diff] [blame]1435 if (akm & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
1436 return WLAN_AKM_SUITE_8021X_SUITE_B_192;
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]1437 if (akm & WPA_KEY_MGMT_FILS_SHA256)
1438 return WLAN_AKM_SUITE_FILS_SHA256;
1439 if (akm & WPA_KEY_MGMT_FILS_SHA384)
1440 return WLAN_AKM_SUITE_FILS_SHA384;
1441 if (akm & WPA_KEY_MGMT_FT_FILS_SHA256)
1442 return WLAN_AKM_SUITE_FT_FILS_SHA256;
1443 if (akm & WPA_KEY_MGMT_FT_FILS_SHA384)
1444 return WLAN_AKM_SUITE_FT_FILS_SHA384;
Dmitry Shmidt03658832014-08-13 11:03:49 -0700[diff] [blame]1445 return 0;
1446}
1447
1448
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1449int wpa_compare_rsn_ie(int ft_initial_assoc,
1450 const u8 *ie1, size_t ie1len,
1451 const u8 *ie2, size_t ie2len)
1452{
1453 if (ie1 == NULL || ie2 == NULL)
1454 return -1;
1455
1456 if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0)
1457 return 0; /* identical IEs */
1458
1459#ifdef CONFIG_IEEE80211R
1460 if (ft_initial_assoc) {
1461 struct wpa_ie_data ie1d, ie2d;
1462 /*
1463 * The PMKID-List in RSN IE is different between Beacon/Probe
1464 * Response/(Re)Association Request frames and EAPOL-Key
1465 * messages in FT initial mobility domain association. Allow
1466 * for this, but verify that other parts of the RSN IEs are
1467 * identical.
1468 */
1469 if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 ||
1470 wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0)
1471 return -1;
1472 if (ie1d.proto == ie2d.proto &&
1473 ie1d.pairwise_cipher == ie2d.pairwise_cipher &&
1474 ie1d.group_cipher == ie2d.group_cipher &&
1475 ie1d.key_mgmt == ie2d.key_mgmt &&
1476 ie1d.capabilities == ie2d.capabilities &&
1477 ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher)
1478 return 0;
1479 }
1480#endif /* CONFIG_IEEE80211R */
1481
1482 return -1;
1483}
1484
1485
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]1486#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]1487int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1488{
1489 u8 *start, *end, *rpos, *rend;
1490 int added = 0;
1491
1492 start = ies;
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]1493 end = ies + *ies_len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1494
1495 while (start < end) {
1496 if (*start == WLAN_EID_RSN)
1497 break;
1498 start += 2 + start[1];
1499 }
1500 if (start >= end) {
1501 wpa_printf(MSG_ERROR, "FT: Could not find RSN IE in "
1502 "IEs data");
1503 return -1;
1504 }
1505 wpa_hexdump(MSG_DEBUG, "FT: RSN IE before modification",
1506 start, 2 + start[1]);
1507
1508 /* Find start of PMKID-Count */
1509 rpos = start + 2;
1510 rend = rpos + start[1];
1511
1512 /* Skip Version and Group Data Cipher Suite */
1513 rpos += 2 + 4;
1514 /* Skip Pairwise Cipher Suite Count and List */
1515 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
1516 /* Skip AKM Suite Count and List */
1517 rpos += 2 + WPA_GET_LE16(rpos) * RSN_SELECTOR_LEN;
1518
1519 if (rpos == rend) {
1520 /* Add RSN Capabilities */
1521 os_memmove(rpos + 2, rpos, end - rpos);
1522 *rpos++ = 0;
1523 *rpos++ = 0;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]1524 added += 2;
1525 start[1] += 2;
1526 rend = rpos;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1527 } else {
1528 /* Skip RSN Capabilities */
1529 rpos += 2;
1530 if (rpos > rend) {
1531 wpa_printf(MSG_ERROR, "FT: Could not parse RSN IE in "
1532 "IEs data");
1533 return -1;
1534 }
1535 }
1536
1537 if (rpos == rend) {
1538 /* No PMKID-Count field included; add it */
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]1539 os_memmove(rpos + 2 + PMKID_LEN, rpos, end + added - rpos);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1540 WPA_PUT_LE16(rpos, 1);
1541 rpos += 2;
1542 os_memcpy(rpos, pmkid, PMKID_LEN);
1543 added += 2 + PMKID_LEN;
1544 start[1] += 2 + PMKID_LEN;
1545 } else {
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]1546 u16 num_pmkid;
1547
1548 if (rend - rpos < 2)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1549 return -1;
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]1550 num_pmkid = WPA_GET_LE16(rpos);
1551 /* PMKID-Count was included; use it */
1552 if (num_pmkid != 0) {
1553 u8 *after;
1554
1555 if (num_pmkid * PMKID_LEN > rend - rpos - 2)
1556 return -1;
1557 /*
1558 * PMKID may have been included in RSN IE in
1559 * (Re)Association Request frame, so remove the old
1560 * PMKID(s) first before adding the new one.
1561 */
1562 wpa_printf(MSG_DEBUG,
1563 "FT: Remove %u old PMKID(s) from RSN IE",
1564 num_pmkid);
1565 after = rpos + 2 + num_pmkid * PMKID_LEN;
1566 os_memmove(rpos + 2, after, rend - after);
1567 start[1] -= num_pmkid * PMKID_LEN;
1568 added -= num_pmkid * PMKID_LEN;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1569 }
1570 WPA_PUT_LE16(rpos, 1);
1571 rpos += 2;
Dmitry Shmidtd80a4012015-11-05 16:35:40 -0800[diff] [blame]1572 os_memmove(rpos + PMKID_LEN, rpos, end + added - rpos);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1573 os_memcpy(rpos, pmkid, PMKID_LEN);
1574 added += PMKID_LEN;
1575 start[1] += PMKID_LEN;
1576 }
1577
1578 wpa_hexdump(MSG_DEBUG, "FT: RSN IE after modification "
1579 "(PMKID inserted)", start, 2 + start[1]);
1580
Dmitry Shmidt55840ad2015-12-14 12:45:46 -0800[diff] [blame]1581 *ies_len += added;
1582
1583 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1584}
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]1585#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1586
1587
1588int wpa_cipher_key_len(int cipher)
1589{
1590 switch (cipher) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1591 case WPA_CIPHER_CCMP_256:
1592 case WPA_CIPHER_GCMP_256:
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1593 case WPA_CIPHER_BIP_GMAC_256:
1594 case WPA_CIPHER_BIP_CMAC_256:
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1595 return 32;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1596 case WPA_CIPHER_CCMP:
1597 case WPA_CIPHER_GCMP:
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1598 case WPA_CIPHER_AES_128_CMAC:
1599 case WPA_CIPHER_BIP_GMAC_128:
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1600 return 16;
1601 case WPA_CIPHER_TKIP:
1602 return 32;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1603 }
1604
1605 return 0;
1606}
1607
1608
1609int wpa_cipher_rsc_len(int cipher)
1610{
1611 switch (cipher) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1612 case WPA_CIPHER_CCMP_256:
1613 case WPA_CIPHER_GCMP_256:
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1614 case WPA_CIPHER_CCMP:
1615 case WPA_CIPHER_GCMP:
1616 case WPA_CIPHER_TKIP:
1617 return 6;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1618 }
1619
1620 return 0;
1621}
1622
1623
1624int wpa_cipher_to_alg(int cipher)
1625{
1626 switch (cipher) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1627 case WPA_CIPHER_CCMP_256:
1628 return WPA_ALG_CCMP_256;
1629 case WPA_CIPHER_GCMP_256:
1630 return WPA_ALG_GCMP_256;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1631 case WPA_CIPHER_CCMP:
1632 return WPA_ALG_CCMP;
1633 case WPA_CIPHER_GCMP:
1634 return WPA_ALG_GCMP;
1635 case WPA_CIPHER_TKIP:
1636 return WPA_ALG_TKIP;
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1637 case WPA_CIPHER_AES_128_CMAC:
1638 return WPA_ALG_IGTK;
1639 case WPA_CIPHER_BIP_GMAC_128:
1640 return WPA_ALG_BIP_GMAC_128;
1641 case WPA_CIPHER_BIP_GMAC_256:
1642 return WPA_ALG_BIP_GMAC_256;
1643 case WPA_CIPHER_BIP_CMAC_256:
1644 return WPA_ALG_BIP_CMAC_256;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1645 }
1646 return WPA_ALG_NONE;
1647}
1648
1649
1650int wpa_cipher_valid_pairwise(int cipher)
1651{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1652 return cipher == WPA_CIPHER_CCMP_256 ||
1653 cipher == WPA_CIPHER_GCMP_256 ||
1654 cipher == WPA_CIPHER_CCMP ||
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1655 cipher == WPA_CIPHER_GCMP ||
1656 cipher == WPA_CIPHER_TKIP;
1657}
1658
1659
1660u32 wpa_cipher_to_suite(int proto, int cipher)
1661{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1662 if (cipher & WPA_CIPHER_CCMP_256)
1663 return RSN_CIPHER_SUITE_CCMP_256;
1664 if (cipher & WPA_CIPHER_GCMP_256)
1665 return RSN_CIPHER_SUITE_GCMP_256;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1666 if (cipher & WPA_CIPHER_CCMP)
1667 return (proto == WPA_PROTO_RSN ?
1668 RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
1669 if (cipher & WPA_CIPHER_GCMP)
1670 return RSN_CIPHER_SUITE_GCMP;
1671 if (cipher & WPA_CIPHER_TKIP)
1672 return (proto == WPA_PROTO_RSN ?
1673 RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1674 if (cipher & WPA_CIPHER_NONE)
1675 return (proto == WPA_PROTO_RSN ?
1676 RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1677 if (cipher & WPA_CIPHER_GTK_NOT_USED)
1678 return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1679 if (cipher & WPA_CIPHER_AES_128_CMAC)
1680 return RSN_CIPHER_SUITE_AES_128_CMAC;
1681 if (cipher & WPA_CIPHER_BIP_GMAC_128)
1682 return RSN_CIPHER_SUITE_BIP_GMAC_128;
1683 if (cipher & WPA_CIPHER_BIP_GMAC_256)
1684 return RSN_CIPHER_SUITE_BIP_GMAC_256;
1685 if (cipher & WPA_CIPHER_BIP_CMAC_256)
1686 return RSN_CIPHER_SUITE_BIP_CMAC_256;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1687 return 0;
1688}
1689
1690
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1691int rsn_cipher_put_suites(u8 *start, int ciphers)
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1692{
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1693 u8 *pos = start;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1694
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1695 if (ciphers & WPA_CIPHER_CCMP_256) {
1696 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256);
1697 pos += RSN_SELECTOR_LEN;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1698 }
1699 if (ciphers & WPA_CIPHER_GCMP_256) {
1700 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256);
1701 pos += RSN_SELECTOR_LEN;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1702 }
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1703 if (ciphers & WPA_CIPHER_CCMP) {
1704 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1705 pos += RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1706 }
1707 if (ciphers & WPA_CIPHER_GCMP) {
1708 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP);
1709 pos += RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1710 }
1711 if (ciphers & WPA_CIPHER_TKIP) {
1712 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
1713 pos += RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1714 }
1715 if (ciphers & WPA_CIPHER_NONE) {
1716 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
1717 pos += RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1718 }
1719
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1720 return (pos - start) / RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1721}
1722
1723
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1724int wpa_cipher_put_suites(u8 *start, int ciphers)
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1725{
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1726 u8 *pos = start;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1727
1728 if (ciphers & WPA_CIPHER_CCMP) {
1729 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
1730 pos += WPA_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1731 }
1732 if (ciphers & WPA_CIPHER_TKIP) {
1733 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
1734 pos += WPA_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1735 }
1736 if (ciphers & WPA_CIPHER_NONE) {
1737 RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
1738 pos += WPA_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1739 }
1740
Dmitry Shmidt7d5c8f22014-03-03 13:53:28 -0800[diff] [blame]1741 return (pos - start) / RSN_SELECTOR_LEN;
Dmitry Shmidt4530cfd2012-09-09 15:20:40 -0700[diff] [blame]1742}
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1743
1744
1745int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
1746{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1747 if (ciphers & WPA_CIPHER_CCMP_256)
1748 return WPA_CIPHER_CCMP_256;
1749 if (ciphers & WPA_CIPHER_GCMP_256)
1750 return WPA_CIPHER_GCMP_256;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1751 if (ciphers & WPA_CIPHER_CCMP)
1752 return WPA_CIPHER_CCMP;
1753 if (ciphers & WPA_CIPHER_GCMP)
1754 return WPA_CIPHER_GCMP;
1755 if (ciphers & WPA_CIPHER_TKIP)
1756 return WPA_CIPHER_TKIP;
1757 if (none_allowed && (ciphers & WPA_CIPHER_NONE))
1758 return WPA_CIPHER_NONE;
1759 return -1;
1760}
1761
1762
1763int wpa_pick_group_cipher(int ciphers)
1764{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1765 if (ciphers & WPA_CIPHER_CCMP_256)
1766 return WPA_CIPHER_CCMP_256;
1767 if (ciphers & WPA_CIPHER_GCMP_256)
1768 return WPA_CIPHER_GCMP_256;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1769 if (ciphers & WPA_CIPHER_CCMP)
1770 return WPA_CIPHER_CCMP;
1771 if (ciphers & WPA_CIPHER_GCMP)
1772 return WPA_CIPHER_GCMP;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1773 if (ciphers & WPA_CIPHER_GTK_NOT_USED)
1774 return WPA_CIPHER_GTK_NOT_USED;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1775 if (ciphers & WPA_CIPHER_TKIP)
1776 return WPA_CIPHER_TKIP;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1777 return -1;
1778}
1779
1780
1781int wpa_parse_cipher(const char *value)
1782{
1783 int val = 0, last;
1784 char *start, *end, *buf;
1785
1786 buf = os_strdup(value);
1787 if (buf == NULL)
1788 return -1;
1789 start = buf;
1790
1791 while (*start != '\0') {
1792 while (*start == ' ' || *start == '\t')
1793 start++;
1794 if (*start == '\0')
1795 break;
1796 end = start;
1797 while (*end != ' ' && *end != '\t' && *end != '\0')
1798 end++;
1799 last = *end == '\0';
1800 *end = '\0';
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1801 if (os_strcmp(start, "CCMP-256") == 0)
1802 val |= WPA_CIPHER_CCMP_256;
1803 else if (os_strcmp(start, "GCMP-256") == 0)
1804 val |= WPA_CIPHER_GCMP_256;
1805 else if (os_strcmp(start, "CCMP") == 0)
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1806 val |= WPA_CIPHER_CCMP;
1807 else if (os_strcmp(start, "GCMP") == 0)
1808 val |= WPA_CIPHER_GCMP;
1809 else if (os_strcmp(start, "TKIP") == 0)
1810 val |= WPA_CIPHER_TKIP;
1811 else if (os_strcmp(start, "WEP104") == 0)
1812 val |= WPA_CIPHER_WEP104;
1813 else if (os_strcmp(start, "WEP40") == 0)
1814 val |= WPA_CIPHER_WEP40;
1815 else if (os_strcmp(start, "NONE") == 0)
1816 val |= WPA_CIPHER_NONE;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1817 else if (os_strcmp(start, "GTK_NOT_USED") == 0)
1818 val |= WPA_CIPHER_GTK_NOT_USED;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1819 else {
1820 os_free(buf);
1821 return -1;
1822 }
1823
1824 if (last)
1825 break;
1826 start = end + 1;
1827 }
1828 os_free(buf);
1829
1830 return val;
1831}
1832
1833
1834int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
1835{
1836 char *pos = start;
1837 int ret;
1838
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1839 if (ciphers & WPA_CIPHER_CCMP_256) {
1840 ret = os_snprintf(pos, end - pos, "%sCCMP-256",
1841 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1842 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1843 return -1;
1844 pos += ret;
1845 }
1846 if (ciphers & WPA_CIPHER_GCMP_256) {
1847 ret = os_snprintf(pos, end - pos, "%sGCMP-256",
1848 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1849 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1850 return -1;
1851 pos += ret;
1852 }
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1853 if (ciphers & WPA_CIPHER_CCMP) {
1854 ret = os_snprintf(pos, end - pos, "%sCCMP",
1855 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1856 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1857 return -1;
1858 pos += ret;
1859 }
1860 if (ciphers & WPA_CIPHER_GCMP) {
1861 ret = os_snprintf(pos, end - pos, "%sGCMP",
1862 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1863 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1864 return -1;
1865 pos += ret;
1866 }
1867 if (ciphers & WPA_CIPHER_TKIP) {
1868 ret = os_snprintf(pos, end - pos, "%sTKIP",
1869 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1870 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1871 return -1;
1872 pos += ret;
1873 }
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1874 if (ciphers & WPA_CIPHER_NONE) {
1875 ret = os_snprintf(pos, end - pos, "%sNONE",
1876 pos == start ? "" : delim);
Dmitry Shmidt6c0da2b2015-01-05 13:08:17 -0800[diff] [blame]1877 if (os_snprintf_error(end - pos, ret))
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1878 return -1;
1879 pos += ret;
1880 }
1881
1882 return pos - start;
1883}
1884
1885
1886int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
1887{
1888 int pairwise = 0;
1889
1890 /* Select group cipher based on the enabled pairwise cipher suites */
1891 if (wpa & 1)
1892 pairwise |= wpa_pairwise;
1893 if (wpa & 2)
1894 pairwise |= rsn_pairwise;
1895
1896 if (pairwise & WPA_CIPHER_TKIP)
1897 return WPA_CIPHER_TKIP;
1898 if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
1899 return WPA_CIPHER_GCMP;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]1900 if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP |
1901 WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256)
1902 return WPA_CIPHER_GCMP_256;
1903 if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP |
1904 WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256)
1905 return WPA_CIPHER_CCMP_256;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1906 return WPA_CIPHER_CCMP;
1907}
Dmitry Shmidt9839ecd2016-11-07 11:05:47 -0800[diff] [blame^]1908
1909
1910#ifdef CONFIG_FILS
1911u16 fils_domain_name_hash(const char *domain)
1912{
1913 char buf[255], *wpos = buf;
1914 const char *pos = domain;
1915 size_t len;
1916 u32 crc;
1917
1918 for (len = 0; len < sizeof(buf) && *pos; len++) {
1919 if (isalpha(*pos) && isupper(*pos))
1920 *wpos++ = tolower(*pos);
1921 else
1922 *wpos++ = *pos;
1923 pos++;
1924 }
1925
1926 crc = crc32((const u8 *) buf, len);
1927 return crc & 0xffff;
1928}
1929#endif /* CONFIG_FILS */